The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rejecting smtp connections (451) from Appriver

Discussion in 'E-mail Discussions' started by gkgcpanel, Jul 7, 2011.

  1. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Referring to an old thread from here:

    http://forums.cpanel.net/f43/email-appriver-rejecting-too-many-connections-73786.html

    We too have customers using Appriver. One in particular has been using it without any problems for several years.
    Within the last 4 days however, they started complaining of not receiving their emails, and contacted Appriver. Appriver is
    blaming us, saying we are rejecting their SMTP connections...

    I tested it with a telnet to port 25 and it worked perfectly. I have the smtp_accept_max line set to 100 (which it has been for the past 4 years at least)... Nothing has changed on our side, yet the problem still exists for them (and only for them)... No other customers are complaining that they can't connect, only this one using Appriver. Other Appriver customers are working fine too.

    So, does anyone know (cPanel included) know if setting the smtp_accept_max configuration higher than 100 will solve the problem? What kind of load will that put on the server?

    Thanks in advance.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Can you have them provide the IP they are connecting from or check one of the email addresses using Appriver in exim_mainlog to see what the entries show there?

    Code:
    exigrep IP# /var/log/exim_mainlog
    exigrep emailuser@domain.com /var/log/exim_mainlog
    Please replace IP# with the IP number for the Appriver connection or emailuser@domain.com with the email account that is sending and getting rejected.
     
  3. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Hi Tristan,

    Here you go:

    2011-07-08 04:10:15 H=server75.appriver.com [207.97.224.142] temporarily rejected connection in "connect" ACL: "Host is ratelimited (1.4/1h max:1.2)"

    2011-07-08 04:15:17 H=server75.appriver.com [207.97.224.142] temporarily rejected connection in "connect" ACL: "Host is ratelimited (1.4/1h max:1.2)"

    2011-07-08 04:30:23 H=server75.appriver.com [207.97.224.142] Warning: Sender rate 9.9 / 1h

    2011-07-08 04:30:28 H=server75.appriver.com [207.97.224.142] Warning: Sender rate 10.9 / 1h

    2011-07-08 04:30:32 1Qf7OG-0002Ep-Tr H=server75.appriver.com [207.97.224.142] Warning: "SpamAssassin as username detected message as spam (18.6)"
    2011-07-08 04:30:32 1Qf7OG-0002Ep-Tr <= user@domain.com H=server75.appriver.com [207.97.224.142] P=esmtp S=4392 id=4e1
    user@domain.com T="NEW! Best HERBAL SEX PILL - 17 X POTENT HERBS ALL IN 1 PILL!" for user@domainname.tld
    2011-07-08 04:30:33 1Qf7OG-0002Ep-Tr => user <user@domainname.tld> R=virtual_user T=virtual_userdelivery
    2011-07-08 04:30:33 1Qf7OG-0002Ep-Tr Completed

    +++ 1Qf92I-0003XP-4K has not completed +++
    2011-07-08 06:15:54 1Qf92I-0003XP-4K H=server75.appriver.com [207.97.224.142] Warning: "SpamAssassin as username detected message as spam (6.6)"
    2011-07-08 06:15:54 1Qf92I-0003XP-4K <= notice@appriver.com H=server75.appriver.com [207.97.224.142] P=esmtp S=18837 id=auto-00022
    user@outbound.appriver.com T="Held Spam Report for 7/7/2011" for shana@domainname.tld
    2011-07-08 06:15:54 1Qf92I-0003XP-4K no immediate delivery: more than 10 messages received in one connection
     
    #3 gkgcpanel, Jul 8, 2011
    Last edited by a moderator: Jul 8, 2011
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I would suggest adding the 207.97.224.142 IP for appriver to the following in WHM > Exim Configuration Editor area:

    Of note, several of those messages appear to be spam emails, so you are basically whitelisting an IP that is sending incoming spam emails for many of the messages. You can go through the ones hitting a spam score in your output that you provided and see the subject titles are clearly spam.
     
  5. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider

    Hi Tristan,

    That thought had occurred to me, but AppRiver claims they have hundreds of IP addresses that they would then need to have whitelisted. As a security measure, we will not be doing that. Plus the fact that I have asked for a list of IP addresses from them no less than 3 times and they have not provided that.

    As for the spam filtering, that's what AppRiver is supposed to be doing. Filtering out spam and potential viruses *BEFORE* they get to our server. I also saw all those spam messages, and that would make it appear that spam isn't being filtered...

    I have now opened a support ticket # 1727293 with cPanel.

    Thanks.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You may want to open up a support ticket with Appriver because it appears to be ratelimited due to the spam messages from a cursory analysis. You either would need to disable ratelimiting or whitelist their IPs. Alternatively, they may want to being filtering the spam before sending it to your machine.
     
  7. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Thanks Tristan,

    That is exactly what I told them already. We will not be disabling ratelimiting, and we might consider whitelisting IP addresses, but they have to provide them first.

    I'll close the ticket now, since no one has actually responded to it.

    Regards,
    Peter
     
Loading...

Share This Page