Troubleshoot sudden emails returns on Webmail

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
Hello,

I'm running a Linux VPS server hosting many accounts, suddenly all the users started reporting undelivered emails. I called the hosting company but they couldn't help.
I have received different reports from different users :


Code:
554 Connection refused from (IP)

550 , 550-"JunkMail rejected - (sxb1nlsmtp02.prod.sxb1.secureserver.net) 550-[92.204.71.188]:59664 is in an RBL on
550-csi.cloudmark.com/reset-request/?ip=92.204.71.188 , see Poor Reputation
550 Sender"

554 , 554 5.7.1 Delivery not authorized

550 - 550 Junkmail rejected
I received may undelivered email reports from different users hosted on my server, started all together in the same day. I think the problem is either from my server or from my hosting company.

How can I track this issue ??

Thanks
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
583
54
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! There is a wide range of different problems that could be causing your server's IP to get blacklisted for poor reputation. This includes, but is not limited to the following:

-Lack of SPF/DKIM records
-Improperly configured rDNS/PTR
-Lack of DMARC record
-Sending bulk email
-Sending mail with a lot of forwarders
-Sending mail that contains text receiving MTAs determines is "spam-like"
-Using an IP that was previously used by a different server and has already developed a poor reputation

One thing I would recommend is checking to confirm whether your server is sending out spam that you are not aware of. You can use the following command to check how many emails are in the queue.

exim -bpc

You can also get more information on the queued emails via "Mail Queue Manager" in WHM.


Finally, the following article may help in making sure your email doesn't get flagged as spam-like.


Don't hesitate to reach out if you have questions.
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
Hi,

I have only 9 emails queued, I checked that hours ago and now again.
SPF and DMARC records exist.
I have been using the same IP for years.
My IP is not blacklisted on any mail server.
I checked my domain on MX tool box, no errors at all.

What's my next step ? and I'm still unable to determine if my IP or hosting provider IP is the problem.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Thanks for the additional details. It would seem your server's IP address has been added to that specific blacklist since you are not listed on any of the major ones that MXToolbox checks. You'd want to fill out the reset request from the link provided in the bounceback, but it's definitely something you'd want to bring up with the host since you're not finding much in the public tools.
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
How can I make sure if the problem is my server (IP) or Godaddy relay ? Still not able to send emails to some addresses ? How can I troubleshoot / diagnose this issue ?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Since GoDaddy typically blocks port 25 for outbound connections, it's almost certainly the relay.

One test would be to run this command from your server (you may need to install telnet with "yum install telnet" if you don't have that command available)

Code:
telnet gmail-smtp-in.l.google.com 25
If that times out, port 25 is blocked from your system, meaning all your messages are going through the relay.
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
Since GoDaddy typically blocks port 25 for outbound connections, it's almost certainly the relay.

One test would be to run this command from your server (you may need to install telnet with "yum install telnet" if you don't have that command available)

Code:
telnet gmail-smtp-in.l.google.com 25
If that times out, port 25 is blocked from your system, meaning all your messages are going through the relay.
This is the output
Code:
Trying 108.177.127.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP p18si12269413ejr.517 - gsmtp
Note that some emails are delivered while other do not.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
The IP provided in your first message is one of Google's SMTP relay IPs, so in that case that is the IP being blocked. Each bounceback or failure would need to be evaluated individually to see which IP is being reported as malicious.
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
I don't know what I can do now, its been 3 days, 63 accounts partially blocked from sending emails. Do I wait weeks or months ? When are we going to get out of this hassle ?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
It's important to note that there isn't anything you can do in cPanel to resolve this issue, as the block is happening outside of your server. While that is frustrating, contacting the mail provider reporting the block is likely the best way to get it resolved. Do all the bounceback mention the cloudmark blacklist, or do you get others as well?
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
But cPanel should develop a modern and smart anti spam, just like Google and Microsoft did. Anyway, yes almost all the bounce back have this URL. For e.g.

Code:
Reason: There was an error while attempting to deliver your message with [Subject: "RE: COTATION unite centrale"] to [email protected] MTA sxb1nlsmtp03.prod.sxb1.secureserver.net received this response from the destination host IP - 50.87.161.202 -  550 , 550-"JunkMail rejected - (sxb1nlsmtp03.prod.sxb1.secureserver.net)
550-[92.204.71.214]:50266 is in an RBL on
550-csi.cloudmark.com/reset-request/?ip=92.204.71.214 , see Poor Reputation
550 Sender"
I submitted a form at csi.cloudmark.com/reset-request/?ip=92.204.71.214 yesterday, and nothing changed.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Submitting the form with those providers doesn't usually mean it will be instantly fixed. For this issue I would reach out to Google directly since that is the IP they are blocking, but sending a message directly to Cloudmark wouldn't be a bad idea either.
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
Submitting the form with those providers doesn't usually mean it will be instantly fixed. For this issue I would reach out to Google directly since that is the IP they are blocking, but sending a message directly to Cloudmark wouldn't be a bad idea either.
You mean Godaddy or Google ?
 

psytanium

Well-Known Member
Jun 6, 2014
297
16
68
Lebanon
cPanel Access Level
Root Administrator
If I migrate to a new hosting provider, what guarantee I will not face the same issues ? I'm afraid I waste 2 days moving all my accounts and configure new server for nothing.
Is there a way to add a second relay in case of problems like this ?

Thanks for the support, always the best professional help i get from these forums here
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
We're actually having a very similar discussion here, so you may want to look through that as well as there were some alternative suggestions mentioned there:


As far as the new server not having the same issues, you could ask the provider beforehand if they allow outbound email on port 25. If so, that would eliminate the need for a relay server. While you wouldn't want to add a secondary relay, you could switch to a different mail provider, although that would need to be a paid service from that mail provider.
 
  • Like
Reactions: psytanium