Troubleshoot sudden emails returns on Webmail

[psytanium]

Hello,

I'm running a Linux VPS server hosting many accounts, suddenly all the users started reporting undelivered emails. I called the hosting company but they couldn't help.
I have received different reports from different users :

554 Connection refused from (IP)

550 , 550-"JunkMail rejected - (sxb1nlsmtp02.prod.sxb1.secureserver.net) 550-[92.204.71.188]:59664 is in an RBL on
550-csi.cloudmark.com/reset-request/?ip=92.204.71.188 , see Poor Reputation
550 Sender"

554 , 554 5.7.1 Delivery not authorized

550 - 550 Junkmail rejected

I received may undelivered email reports from different users hosted on my server, started all together in the same day. I think the problem is either from my server or from my hosting company.

How can I track this issue ??

Thanks

 

[cPanelAnthony]

Hello! There is a wide range of different problems that could be causing your server's IP to get blacklisted for poor reputation. This includes, but is not limited to the following:

-Lack of SPF/DKIM records
-Improperly configured rDNS/PTR
-Lack of DMARC record
-Sending bulk email
-Sending mail with a lot of forwarders
-Sending mail that contains text receiving MTAs determines is "spam-like"
-Using an IP that was previously used by a different server and has already developed a poor reputation

One thing I would recommend is checking to confirm whether your server is sending out spam that you are not aware of. You can use the following command to check how many emails are in the queue.

exim -bpc

You can also get more information on the queued emails via "Mail Queue Manager" in WHM.

Mail Queue Manager | cPanel & WHM Documentation

The Mail Queue Manager allows you to view, delete, and attempt to deliver queued messages that the system has not yet delivered to their destinations.

docs.cpanel.net

Finally, the following article may help in making sure your email doesn't get flagged as spam-like.

Checklist for Emails going to Spam

Introduction When it comes to emails, everyone wants to have their emails reach their recipient's mailbox, but sometimes they go to the spam box instead. There are serval factors that can impac...

support.cpanel.net

Don't hesitate to reach out if you have questions.

 

[psytanium]

Hi,

I have only 9 emails queued, I checked that hours ago and now again.
SPF and DMARC records exist.
I have been using the same IP for years.
My IP is not blacklisted on any mail server.
I checked my domain on MX tool box, no errors at all.

What's my next step ? and I'm still unable to determine if my IP or hosting provider IP is the problem.

 

[cPRex]

Thanks for the additional details. It would seem your server's IP address has been added to that specific blacklist since you are not listed on any of the major ones that MXToolbox checks. You'd want to fill out the reset request from the link provided in the bounceback, but it's definitely something you'd want to bring up with the host since you're not finding much in the public tools.

 

[psytanium]

How can I make sure if the problem is my server (IP) or Godaddy relay ? Still not able to send emails to some addresses ? How can I troubleshoot / diagnose this issue ?

 

[cPRex]

Since GoDaddy typically blocks port 25 for outbound connections, it's almost certainly the relay.

One test would be to run this command from your server (you may need to install telnet with "yum install telnet" if you don't have that command available)

telnet gmail-smtp-in.l.google.com 25

If that times out, port 25 is blocked from your system, meaning all your messages are going through the relay.

 

[psytanium]

Since GoDaddy typically blocks port 25 for outbound connections, it's almost certainly the relay.

One test would be to run this command from your server (you may need to install telnet with "yum install telnet" if you don't have that command available)

telnet gmail-smtp-in.l.google.com 25

If that times out, port 25 is blocked from your system, meaning all your messages are going through the relay.

This is the output

Trying 108.177.127.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP p18si12269413ejr.517 - gsmtp

Note that some emails are delivered while other do not.

 

[cPRex]

The IP provided in your first message is one of Google's SMTP relay IPs, so in that case that is the IP being blocked. Each bounceback or failure would need to be evaluated individually to see which IP is being reported as malicious.

 

[psytanium]

I don't know what I can do now, its been 3 days, 63 accounts partially blocked from sending emails. Do I wait weeks or months ? When are we going to get out of this hassle ?

 

[cPRex]

It's important to note that there isn't anything you can do in cPanel to resolve this issue, as the block is happening outside of your server. While that is frustrating, contacting the mail provider reporting the block is likely the best way to get it resolved. Do all the bounceback mention the cloudmark blacklist, or do you get others as well?

 

[psytanium]

But cPanel should develop a modern and smart anti spam, just like Google and Microsoft did. Anyway, yes almost all the bounce back have this URL. For e.g.

Reason: There was an error while attempting to deliver your message with [Subject: "RE: COTATION unite centrale"] to [email protected] MTA sxb1nlsmtp03.prod.sxb1.secureserver.net received this response from the destination host IP - 50.87.161.202 -  550 , 550-"JunkMail rejected - (sxb1nlsmtp03.prod.sxb1.secureserver.net)
550-[92.204.71.214]:50266 is in an RBL on
550-csi.cloudmark.com/reset-request/?ip=92.204.71.214 , see Poor Reputation
550 Sender"

I submitted a form at csi.cloudmark.com/reset-request/?ip=92.204.71.214 yesterday, and nothing changed.

 

[cPRex]

Submitting the form with those providers doesn't usually mean it will be instantly fixed. For this issue I would reach out to Google directly since that is the IP they are blocking, but sending a message directly to Cloudmark wouldn't be a bad idea either.

 

[psytanium]

Submitting the form with those providers doesn't usually mean it will be instantly fixed. For this issue I would reach out to Google directly since that is the IP they are blocking, but sending a message directly to Cloudmark wouldn't be a bad idea either.

You mean Godaddy or Google ?

 

[cPRex]

Ah, too many things with G going on - I did mean GoDaddy!

 

[psytanium]

If I migrate to a new hosting provider, what guarantee I will not face the same issues ? I'm afraid I waste 2 days moving all my accounts and configure new server for nothing.
Is there a way to add a second relay in case of problems like this ?

Thanks for the support, always the best professional help i get from these forums here

 

[cPRex]

We're actually having a very similar discussion here, so you may want to look through that as well as there were some alternative suggestions mentioned there:

SPF, DKIM and DMARC all set but dmarc-reports keep saying the opposite

hello recently i started receiving these reports once a day from google and in some cases it says the check for dkim and spf fail, even tho dmarcian, dkimvalidator and any other such tools says everything is set up correctly google.com [email protected]

forums.cpanel.net

As far as the new server not having the same issues, you could ask the provider beforehand if they allow outbound email on port 25. If so, that would eliminate the need for a relay server. While you wouldn't want to add a secondary relay, you could switch to a different mail provider, although that would need to be a paid service from that mail provider.