Emails getting bounced - help interpret error

N

naguibihelek

Verified User
Joined
Aug 7, 2022
Messages
6
I see these error in my log when incoming email are attempted to be delivered to users on our server.
Why are these getting blocked and how do I fix that.
Here are two separate logs:

Log 1:

Code: 
2024-10-24 09:45:34 1t401m-00000000ACn-1BmX <= [email protected] H=m249-147.rdns-1.mailgun.net [159.112.249.147] P=esmtps X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no S=9411 DKIM=replies.acct-mgmt.com [email protected] T="Reset password" from <[email protected]> for [email protected]
2024-10-24 09:45:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1t401m-00000000ACn-1BmX
2024-10-24 09:45:34 1t401m-00000000ACn-1BmX => nagui <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=9778 C="250 2.0.0 <[email protected]> +MEyGZ5rGmehmQAAzitcUw Saved"
2024-10-24 09:45:34 1t401m-00000000ACn-1BmX Completed

Log 2:

Code: 
2024-10-24 09:20:27 H=m249-7.rdns-1.mailgun.net [159.112.249.7] sender verify fail for <[email protected]>:
2024-10-24 09:20:27 H=m249-7.rdns-1.mailgun.net [159.112.249.7] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2024-10-24 09:20:27 H=m249-7.rdns-1.mailgun.net [159.112.249.7] incomplete transaction (QUIT) from <[email protected]>
2024-10-24 09:22:29 H=m249-19.rdns-1.mailgun.net [159.112.249.19] sender verify fail for <[email protected]>:
2024-10-24 09:22:29 H=m249-19.rdns-1.mailgun.net [159.112.249.19] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2024-10-24 09:22:29 H=m249-19.rdns-1.mailgun.net [159.112.249.19] incomplete transaction (QUIT) from <[email protected]>
2024-10-24 09:22:53 H=m249-19.rdns-1.mailgun.net [159.112.249.19] sender verify fail for <[email protected]>:
2024-10-24 09:22:53 H=m249-19.rdns-1.mailgun.net [159.112.249.19] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2024-10-24 09:22:53 H=m249-19.rdns-1.mailgun.net [159.112.249.19] incomplete transaction (QUIT) from <[email protected]>

Any help would be greatly appreciated.
Thanks.
 
I don't see anything big that quickly on the first log, but I do on the second log.

Code: 
sender verify fail for &lt;[email protected]&gt;
Is biqcoach.com your domain or dmp.biqcoach.com? Because it seems SPF records are blocking delivery.
I do see an include for mailgun.org but looks like mailgun.net is used.

Still a bit odd, because that domain uses the ~all and not -all so should not be failed. If you use mailgun, then try to add mailgun.net to your SPF record and see if that helps.

If the biqcoache.com is not your domain, not on your server and it's only incoming mail, then it looks as they have the SPF issue.
 
Richard G said:
I don't see anything big that quickly on the first log, but I do on the second log.

Code: 
sender verify fail for &lt;[email protected]&gt;
Is biqcoach.com your domain or dmp.biqcoach.com? Because it seems SPF records are blocking delivery.
I do see an include for mailgun.org but looks like mailgun.net is used.

Still a bit odd, because that domain uses the ~all and not -all so should not be failed. If you use mailgun, then try to add mailgun.net to your SPF record and see if that helps.

If the biqcoache.com is not your domain, not on your server and it's only incoming mail, then it looks as they have the SPF issue.
Click to expand...
Thanks Richard.
We own both domains.

I tried adding the SPF record. It is happening on all our domains.

Here is another error example:
2024-10-25 10:49:37 H=m225-169.mailgun.net [159.135.225.169] sender verify fail for <bounce+81c7ca.6e507-nagui=[email protected]>:
2024-10-25 10:49:37 H=m225-169.mailgun.net [159.135.225.169] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<bounce+81c7ca.6e507-nagui=[email protected]> rejected RCPT <[email protected]>: Sender verify failed

Appreciate the suggestions.

Nagui
 
Ah that sounds like what i was wanting to write. If you see somewhere "impersonating hostname" in your reject logs. As it looks like you want to send from and to the same domain with different servers

Or you could had have enabled sender verify. But looks like you already fixed it now :)
 
Stije said:
Ah that sounds like what i was wanting to write. If you see somewhere "impersonating hostname" in your reject logs. As it looks like you want to send from and to the same domain with different servers

Or you could had have enabled sender verify. But looks like you already fixed it now :)
Click to expand...
It's interesting, I never had to do that in the past and it was working fine until last month.
It only gave an error when sending to an email account on our server, within the same server.
 
naguibihelek said:
It only gave an error when sending to an email account on our server, within the same server.
Click to expand...
Ah that can explain things. I've checked the record for the lc.accumatchbi.com and it was shown with errors.

Might be you still don't need one of the mailgun records, possible one points to the other or something. I've read for mailgun normally mailgun.org seems to be used.
The second one is the PTR record in SPF, they are discouraged to use, better remove it.

It might be SPF on mailgun too. However, if everything works now as expected (to other servers) with mailgun in the whitelist, then you can also leave it like it is now.
 
You must log in or register to reply here.
Back
Top