Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Rejected relay attempt

Discussion in 'E-mail Discussion' started by cuzzmunger, Jun 29, 2017.

  1. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Hi Everyone, I've been having an issue with a customer relaying through optusnet in Australia.
    This has been going on for some time. I originally had spf & dkim running fine for a long time until a few updates ago.

    I've turned off SPF now but I had added many of the optusnet ip address's and to no avail.

    The error is:
    Code:
    Delivery Event Details
    Event: rejected
    Sender User: -remote-
    Sender Domain:
    Sender: trent@domain-name.com.au
    Sent Time: Jun 29, 2017 5:34:17 PM
    Sender Host: pa49-180-135-47.pa.nsw.optusnet.com.au
    Sender IP: 49.180.135.47
    Authentication: unauthorized
    Spam Score: 0
    Recipient: person@hotmail.com
    Delivered To:
    Delivery User:
    Delivery Domain: hotmail.com
    Router: reject
    Transport: **rejected**
    Out Time: Jun 29, 2017 5:34:17 PM
    ID: 1dQTy1-0008gO-sT
    Delivery Host: pa49-180-135-47.pa.nsw.optusnet.com.au
    Delivery IP: 49.180.135.47
    Size: 0 bytes
    Result: Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com'
    
    I would really like to work this out.

    CENTOS 6.9 x86_64 standard
    cPanel & WHM 64.0 (build 29)


    How can I allow optusnet to relay through the server?

    Any help appreciated
    Thanks
    Kim.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,793
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the output from /var/log/exim_mainlog for that message ID? EX:

    Code:
    exigrep 1dQTy1-0008gO-sT /var/log/exim_mainlog
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Thanks for the reply Michael,
    I got no data back from that command.
    I did find it manually in the log.

    Code:
    2017-06-29 17:34:21 SMTP connection identification H=pa49-180-135-47.pa.nsw.optusnet.com.au A=49.180.135.47 P=33380 U=trent ID=508 S=trent@domain-name.com.au B=get_recent_authed_mail_ips_entry
    2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<trent@domain-name.com.au> rejected RCPT <person@hotmail.com>: Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com'
    2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 Warning: Sender rate 1.0 / 1h
    2017-06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,793
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Do you notice any corresponding entries in /var/log/maillog that appear at the same time as the error messages referenced above? Also, do you have Greylisting enabled via "WHM >> Home » Email » Greylisting" on this server?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Hi Michael, We don't have Greylisting on.
    Here is the mail log from about the same time.
    I have placed xxx for other customers and domain-name for the person in question. I hope this helps

    Code:
    Jun 29 17:33:35 vr4 dovecot: imap(__cpanel__service__auth__imap__h6b5wwyol0adxlqvfmukgbpyh5yxb1lykgjjglnhrlfxm_4l5znyhxrhwkixbyjz): Logged out in=11, out=462, bytes=11/462
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=144.132.209.27, lip=184.168.72.117, mpid=13839, TLS, session=<GG7zURRTOd2QhNEb>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<production@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13841, TLS, session=<zPj3URRTWIIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<trent@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13843, TLS, session=<s7b4URRTWYIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<president@domain-name.org.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13846, TLS, session=<1o/5URRTXIIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<production@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13849, TLS, session=<Lbn5URRTW4IxtIcv>
    Jun 29 17:33:44 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13856, secured, session=<uWASUhRTotV/AAAB>
    Jun 29 17:33:44 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031
    Jun 29 17:33:46 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13860, secured, session=<IxkmUhRTpNV/AAAB>
    Jun 29 17:33:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1022, bytes=93/1022
    Jun 29 17:33:50 vr4 dovecot: imap-login: Login: user=<trent@domain-name>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13862, TLS, session=<GA1kUhRTYYIxtIcv>
    Jun 29 17:33:53 vr4 dovecot: imap-login: Login: user=<president@domain-name.org.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13872, TLS, session=<gU+RUhRTYoIxtIcv>
    Jun 29 17:33:59 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=144.132.209.27, lip=184.168.74.116, mpid=13883, TLS, session=<HAfxUhRTO92QhNEb>
    Jun 29 17:34:09 vr4 dovecot: pop3-login: Login: user=<trent@domain-name.com.au>, method=PLAIN, rip=14.200.38.147, lip=184.168.72.117, mpid=13899, TLS, session=<zQuAUxRTn9YOyCaT>
    Jun 29 17:34:12 vr4 dovecot: pop3(trent@domain-name.com.au): Disconnected: Logged out top=0/0, retr=0/0, del=0/14093, size=5224633864, bytes=24/543263
    Jun 29 17:34:24 vr4 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=80.82.77.139, lip=184.168.72.64, session=<batuVBRTQMVQUk2L>
    Jun 29 17:34:45 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13948, secured, session=<e9a0VRRTKNZ/AAAB>
    Jun 29 17:34:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031
    Jun 29 17:34:47 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13953, secured, session=<68LFVRRTLNZ/AAAB>
    Jun 29 17:34:47 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1030, bytes=93/1030
    Jun 29 17:34:57 vr4 dovecot: pop3-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=184.168.72.117, lip=184.168.72.117, mpid=13978, secured, session=<ZN5hVhRTYrm4qEh1>
    Jun 29 17:34:57 vr4 dovecot: pop3(xxx@xxx.xxx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0, bytes=12/43
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,793
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Thanks Michael, I have submitted a ticket. Thanks again.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,793
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, it appears the affected user needed to enable "SMTP Authentication" in their email client.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice