Mail being rejected to one recipient

[ryand]

I am new to running Direct admin but I know how to go and find errors in the mail log. My question for this issue is why is this mail being rejected?

The mail client I am using just comes back like the IMAP server failed to send the message but on the server I see this in the log.

2011-12-07 06:44:41 H=(ryans-imac.dhn.local) [x.x.x.x] F=<ryan@####.net> rejected RCPT <jake@####.com>:

2011-12-07 06:44:41 H=(ryans-imac.dhn.local) [x.x.x.x] incomplete transaction (QUIT) from <ryan@####.net>

I tried looking the recipient up in all known blacklists via mxtoolbox and they are not listed. I tried sending a test message via Gmail and it works fine... I am stumped!

 

[zEitEr]

No reason is specified here, try

exigrep ryan@####.net /var/log/exim/mainlog

to collect together all lines in logs for the message, and see

/var/log/exim/rejectlog

 

[ryand]

No reason is specified here, try

exigrep ryan@####.net /var/log/exim/mainlog

to collect together all lines in logs for the message, and see

/var/log/exim/rejectlog

Thats how I found the rejects in the first place via the DA gui. There is no explanation just the rejects over and over.


2011-12-07 04:24:41 H=(ridleyexch.Ridleyhall.local) [62.133.19.170] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:40:24 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:40:28 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:40:43 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:41:11 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:42:52 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:43:02 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:47:51 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:48:34 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:51:44 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:51:47 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:52:07 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:54:04 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 05:54:29 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 06:44:11 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 06:44:41 H=(ryans-imac.dhn.local) [192.168.1.125] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-07 09:03:11 H=mail.wellan.com.tw (exch2003.wellan.com.tw) [60.250.167.163] F=<[email protected]> rejected RCPT <[email protected]>:

 

[scsi]

Try smtp raw commands to see if you can figure out why its being blocked.

 

[ryand]

How do I do that? Is that a log or do you mean try and send an email via command prompt?

 

[ryand]

I am now starting to see it for more than just on recipient... being that I just migrated all of my customers over to this server Sunday.. I expect to start seeing this a lot more often. Has no one seen this before?

2011-12-06 15:26:48 H=mxo4f.craigslist.org [208.82.238.99] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-06 16:01:29 H=mxo11f.craigslist.org [208.82.238.106] F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-06 16:03:04 H=mxo15f.craigslist.org [208.82.238.110] F=<[email protected]> rejected RCPT <[email protected]>:

 

[zEitEr]

You might need enable full-logging in exim.conf and see what will be shown in logs.

Update temporary /etc/exim.conf from

# EDIT AS REQUIRED TO FIT YOUR ENVIRONMENT
log_selector = \
#  +all
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery \
  +arguments
syslog_duplication = false

to

log_selector = \
  +all \
  -pid
#  +delivery_size \
#  +sender_on_delivery \
#  +received_recipients \
#  +received_sender \
#  +smtp_confirmation \
#  +subject \
#  +smtp_incomplete_transaction \
#  -dnslist_defer \
#  -host_lookup_failed \
#  -queue_run \
#  -rejected_header \
#  -retry_defer \
#  -skip_delivery \
#  +arguments
syslog_duplication = false

restart exim and read logs.

 

[ryand]

You might need enable full-logging in exim.conf and see what will be shown in logs.

Update temporary /etc/exim.conf from

# EDIT AS REQUIRED TO FIT YOUR ENVIRONMENT
log_selector = \
#  +all
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery \
  +arguments
syslog_duplication = false

to

log_selector = \
  +all \
  -pid
#  +delivery_size \
#  +sender_on_delivery \
#  +received_recipients \
#  +received_sender \
#  +smtp_confirmation \
#  +subject \
#  +smtp_incomplete_transaction \
#  -dnslist_defer \
#  -host_lookup_failed \
#  -queue_run \
#  -rejected_header \
#  -retry_defer \
#  -skip_delivery \
#  +arguments
syslog_duplication = false

restart exim and read logs.

I enabled the all logging option and it gives me a little more information but still no indication as to why the recipient has been rejected... I am wondering if there is a local reject list hidden somewhere, or if its pulling it from am RBL somewhere and just not stating which one?

011-12-08 05:31:02 SMTP connection from [192.168.1.125]:62653 I=[208.86.44.188]:25 (TCP/IP connection count = 3)
2011-12-08 05:31:02 no host name found for IP address 192.168.1.125
2011-12-08 05:31:02 H=(ryans-imac.dhn.local) [192.168.1.125]:62653 I=[208.86.44.188]:25 F=<[email protected]> rejected RCPT <[email protected]>:
2011-12-08 05:31:02 H=(ryans-imac.dhn.local) [192.168.1.125]:62653 I=[208.86.44.188]:25 incomplete transaction (QUIT) from <[email protected]>
2011-12-08 05:31:02 SMTP connection from (ryans-imac.dhn.local) [192.168.1.125]:62653 I=[208.86.44.188]:25 closed by QUIT

 

[ryand]

could it be something the the spam blocker 4.1 config file? That thing is massive so I wouldn't even know where to start looking for something like that...

 

[zEitEr]

Try to update exim.conf and exim.pl to the actual versions and try smtp raw commands as it was suggested by user scsi. If you do not know how to do it, use Google to find a HowTo

 

[scsi]

http://community.spiceworks.com/how_to/show/11

Basically you are just sending raw commands to the mail server to see why its failing. Sometimes you can get more information then what your mail server logs are catching.

This url will show you what all the edit sections are in spamblocker 4.1

http://www.nobaloney.net/downloads/...1/ReadMe-SpamBlockerVersion-4.1.exim.conf.txt

Here is what I see when I run the raw commands:

Trying 208.86.44.188...
Connected to da1.intelehosting.net.
Escape character is '^]'.
220 da1.intelehosting.net ESMTP Exim 4.72 Thu, 08 Dec 2011 11:38:43 -0800
helo bob.com
250 da1.intelehosting.net Hello mx1.kdatasystems.net [72.55.92.18]
mail from: <[email protected]>
250 OK
rcpt to: <[email protected]>
[COLOR="Red"]550 No such recipient here[/COLOR]

This error means the da server thinks domain intelecommunications.com is local to itself. So you must have it setup as a domain somewhere on that server. It also means that the email address [email protected] does not exist on the server.

You could test if the domain is on the server by doing:

grep -ic 'intelecommunications.com' /etc/virtual/domains

If it replies with anything but 0 then the domain is setup on exim.

Mail servers will always deliver mail locally before looking at the mx records.

I do not see your server listed on this domains mx records.

Either delete the domain from directadmin or go into dns settings and find the "modify mx records" way at the bottom and uncheck the box that says "Use this server to handle my emails."