The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange SMTP issue

Discussion in 'E-mail Discussions' started by gilman01, Sep 20, 2007.

  1. gilman01

    gilman01 Member

    Joined:
    Jun 13, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Glen Rock, PA
    I have a client who is having problems sending email. They have an exchange server setup. Some users are able to send email while others are not. Everyone can recieve email without any problems.

    I had her attempt to send an email while I watched the exim mainlog and this is what appeared:

    2007-09-19 16:14:33 H=([xxx.xxx.xx.10]) [xxx.xx.xxx.78] F=[myclient@theirdomain.org] rejected RCPT [legitimate-email@theirdomain.org]: Connection denied from xxx.xx.xxx.78 after dictionary attack
    2007-09-19 16:15:00 H=([xxx.xxx.xx.10]) [xxx.xx.xxx.78] F=[myclient@theirdomain.org] rejected RCPT [myemail@mydomain.com]: Connection denied from xxx.xx.xxx.78 after dictionary attack

    This morning she is able to send email without any issues. Yet there are still other users in her office that are not able to send email.

    I've looked and I don't see where our server is blocking their IP address (and logically it wouldn't if others from within her organization are able to send email).

    I'm running WHM 11.2.0 cPanel 11.11.0-R16983. There have been no other reported issues from others on the server.

    Can I pretty much eliminate the issue being on my end and tell her that her network people need to look at thier end? Or am I overlooking something???

    Any feedback would be appreciated.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Jeff,

    If they are using Exchange locally at their location and all of their people are relaying mail through their Exchange server and then their Exchange is forwarding it on to the Cpanel server for further delivery, make sure that they have their Exchange configured to SMTP Authenticate as some user when it forwards mail to your server for further delivery.

    1. Is _your_ server _receiving_ mail for their domain? Or, is their Exchange server receiving mail for their domain directly?

    If their Exchange server is receiving mail for thier domain locally, then make sure that your server is configured to NOT manage mail for their domain (Im assuming their website is probably on your cpanel server) - make sure their domain is not in /etc/localdomains and IS in /etc/remotedomains IF their Exchange server is the MX that accepts mail for their domain directly. If _your_ server is responsible for reception of _their_ mail, do NOT do what i listed above.

    But what it sounds like is that their Exchange server is perhaps set up to forward outbound mail to your server for further delivery - and your server would only let them do that if:
    (a) their Exchange server would SMTP Authenticate as a valid user in order to relay mail through your server or

    (b) you have set up Exim to allow their server to relay mail through yours without SMTP Authentication.

    Do this by setting your server up to be their Exchange's smarthost - add their Exchange IP (or at least the IP it connects to your server as) to /etc/alwaysrelay and then run /scripts/restartsrv_exim

    I guess we'd need to know if your Cpanel server is actually responsible for their incoming mail or not, and whether or not your Cpanel is being used by them to relay their Outbound mail.

    Mike


     
  3. gilman01

    gilman01 Member

    Joined:
    Jun 13, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Glen Rock, PA
    Thanks for the reply Mike.

    I'm not sure what they are doing with that Exchange Server. They are getting their email directly from our server and sending from our server (so I'm not sure what the sever on their end is for).

    At the moment the issue has somehow resolved itself and everyone is back to sending email. We didn't do anything on our end so I have to assume something changed on their end.

    I did notice they must have their server setup using the domain name as I am getting zone refused notices in my logwatch reports.

    This one has me stumped...
     
Loading...

Share This Page