mail recipient suddenly refused (exim)

[harro]

Hi all,

starting this morning I have an odd mail problem - some of my domains on the server are not recognised / accepted. This problem manifests itself in various ways:

1) if someone tries to email to any account on one of the affected domains they receive an error message:

<info@ sengerema.nl>: host mail. sengerema.nl[81.171.86.43] said: 550 to unblock
    mailservice.home.nl see http://www.ref.com/unblock (in reply to
    RCPT TO command)

This suggests something is blocked, but this message appears when sending an email from various accounts not on the server (and nothing in de blacklist_ files)

2) when I send from a domain on the server, to a domain on the server using Outlook Express:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'Info@ sengerema.nl'. Subject 'testing', Account: '01. IMAP', Server: '81.171.86.43', Protocol: SMTP, Server Response: '550 to unblock home.home.nl see http://www.ref.com/unblock', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

So either this is a new error or Outlook Express interprets the error code 550 as a different error.

3) when I send an email using webmail (squirrel) from the server to an account on the server:

Requested action not taken: mailbox unavailable
Server replied: 550 to unblock localhost see http://www.ref.com/unblock

4) when I do a mailtest with dnsreport.com on info@ sengerema.nl I get the following message:

mail. sengerema.nl. - 81.171.86.43  [Could not connect: Could not receive data: Operation timed out.] 
  [Note that if your mailserver takes over 30 seconds to respond, our test will timeout, even though real mailservers will wait longer]

So in short, suddenly two domains fail. I am not sure whether it affects more domains yet... The mailserver is slow to respond (from home it does respond but is slow indeed). I get an error that either a user is not accepted or a mailbox is non-existent. The mailboxes do exist.

I restarted named, exim, mailscanner, dovecot and even the whole server, but no change.

Last few days nothing has been altered except that yesterdam I mounted a dir in var from the home partition (but nothing to do with any of the running programs) and 10 days ago I installed extra memory. Today, after the errors refused to go away, I updated DA to the latest version (no change).

Thoughts on how / why / what are very welcome!

Thank you,

Harro

 

[harro]

It becomes stranger still...

- I CAN email to and from my domain with Roundcubemail on my server, I CAN email to domains on my server from de shell

- I cannot mail to users on my server using Squirrelmail on my server and I cannot send mail from outside the server to accounts on my server using Outlook express at home.

When I telnet to my mailserver and enter the RCPT TO: email address (any on my server) manually, it takes about 25 seconds before the server reacts with an Error 550

 

[harro]

The saga continues...

After a night of leaving my emails in the mail queue they seem to have been sent out!

However, trying to send new mails fails again...

it seems like either there is something that seriously slows down exim in accepting mails (recognising that the account DOES actually exist) , or it intermittently works and then quits again in between.

I'm in kind of a bind here... not being able to receive mails is a killer

Any thoughts?

Harro

 

[nobaloney]

Without knowing a lot more it appears that your mailserver isn't responding properly in realtime, or users connecting to you aren't waiting long enough for a response.

At this moment the mailserver responds promptly, but reports itself as bitmap.aethertree.com, and not as mail.sengerema.nl:

$ telnet 81.171.86.43 25
Trying 81.171.86.43...
Connected to 81.171.86.43 (81.171.86.43).
Escape character is '^]'.
220 bitmap.aethertree.com ESMTP Exim 4.67 Tue, 08 May 2007 02:53:41 +0200
quit
221 bitmap.aethertree.com closing connection
Connection closed by foreign host.
[root@da12 data]# nslookup mail.sengerema.nl
Server:         65.58.240.224
Address:        65.58.240.224#53

Non-authoritative answer:
Name:   mail.sengerema.nl
Address: 81.171.86.43

[root@da12 data]# telnet 81.171.86.43 25
Trying 81.171.86.43...
Connected to 81.171.86.43 (81.171.86.43).
Escape character is '^]'.
220 bitmap.aethertree.com ESMTP Exim 4.67 Tue, 08 May 2007 02:54:09 +0200

But you've got missing reverse DNS, which could be responsible for at least part of the delays.

Jeff

 

[harro]

Hi Jeff,

thank you for your reply. Yesterday I updated Exim, MailScanner, Spamassassin and Dovecot, trying to combat the problem and it did indeed go away. But as it turns out the problem is not related to (the version) of these programs. Yesterday was a problem-free day. However, this morning (or actually half an hour after midnight), the issue has returned.

Again, all email to accounts on the server are initially not accepted (refused). Relaying is not problem (if you authenticate). The odd thing is that the server does not structurally refuse the mails, repeated attempts in the end lead to succes.

I just did some tests trying to send mail to my own account using my server for smtp, and it took 5 attempts (about 10 mins) before the mail was accepted. After I restarted named and MailScanner it now seems to be working again.

Since it started again around midnight AND I now realise that my logwatch emails have been empty last night and night before, I suspect it has something to do with the logrotation or an action that takes place around that time. Strangely enough I did not alter anything on the server around the time that this issue started.

Long story... the reason I put this outcry for help and information in this thread is because the problem only manifests itself in the email-services. Why would exim time-out, trying to check whether an email address is in the domains / aliases files? (and sometimes not time-out)



Thoughts:

- logrotate is possibly broken, does Exim stop working if there is something wrong with its log file? (it is there though, and activities are logged)

- mailscanner downloaded a corrupt update, messing things up (but I presume there is first a check whether the email account exists on the server before spam rules are read? Error number is 550)

- something running through cron messes up the communication with exim / the aliases list.

- I could be wrong and the whole logwatch / midnight-issue is a coincidence


When the problem returns I will use: exim -bh <myip> to see what is going on (I 'restored' email functionality before trying this..)

Once again thank you for thoughts and suggestions!
Harro



p.s. as to the reverseDNS, I thought it was only possible to have one reverse DNS per ip? This is a different discussion and it has been 'missing' for all but my main domain since day one, so not likely to be the root of this problem. But I'll definitely look into that, thanks for the hint.