Setting up so email runs on secure ports only

nealdxmhost

nealdxmhost

Verified User
Joined
Jan 1, 2009
Messages
232
Location
Los Angeles CA
I am trying to get my server configured so that when clients want to connect their phones or local email clients (ex, Outlook, Thunderbird, Apple mail etc) that they can do so as my upstream provider closes port 25 on the network in order to curtail spammers.

So far any attempts I have attempted to get these ports to work fail even after going through the instructions. Not sure what it is that I am missing. Basically looking to set it up like the way cPanel is coming right out of the box. Any help or ideas would be appreciated.
 
To make sure we're on the same page, I'm reading two things from this:

1. You want to disable insecure authentication.
2. You are having trouble authenticating securely as a whole.

The second one, which my interpretation of your post implies to be your most significant issue, shouldn't require any configuration at all on the server. Just use port 465 for direct SSL or 587 for STARTTLS, those are the commonly accepted standards. So if that's failing to authenticate as a whole, it would be good to pull the matching error from /var/log/exim/mainlog and see where to go from there. I could make a lot of guesses but it's better to start from the right place. If you have no error, are you certain your upstream isn't blocking all of these ports?

If you want to disable insecure authentication that's a bit more interesting. Definitely don't close port 25 or you won't receive email. If your upstream won't open port 25 then you basically can't run a working mail server on their network. Good tip on limiting auth here: https://askubuntu.com/questions/1085186/how-to-deny-authentication-on-port-25-in-exim-mail-server
 
That would be correct as it seems more and more email clients are demanding secure connections. Incidentally I have a reseller who uses Reflexion for spam filtering before it even hits the server and messages are getting bounced.

Here are the last 200 lines of the exim/mainlog file

2022-07-06 13:34:23 TLS error on connection from scanner-07.ch1.censys-scanner.com [167.94.138.60] SSL_accept: TCP connection closed by peer
2022-07-06 13:34:36 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:36 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:36 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?\b?\035?\027?\030?\031?\v?\002\001??#???\020?<?:\bhttp/0.9\bhttp/1.0\bhttp/1.1\006spdy/1\006spdy/2\006spdy/3\002h2\003h2c\002hq?\r?\024?\022\004\003\b\004\004\001\005\003\b\005\005\001\b\006\006\001\002\001?3?&?$?\035? µ&~7÷‡Ü¢}G¹á¢ŽšR\022µ@æØ÷", NULL)
2022-07-06 13:34:37 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:37 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:37 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:37 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:37 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:38 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "À$ÀÀ¯À,ÀrÀsÌ©Ì\024À\007À\022À\023À'À/À\024À(À0À`ÀaÀvÀw̨Ì\023À\021?", NULL)
2022-07-06 13:34:38 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:38 SMTP call from scanner-05.ch1.censys-scanner.com [162.142.125.212] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "?", NULL)
2022-07-06 13:34:39 SMTP call from scanner-07.ch1.censys-scanner.com [167.94.138.60] dropped: too many syntax or protocol errors (last command was "\023\004À+\023\003À®Ì\023À¬À\021À#?", NULL)
2022-07-06 13:34:53 TLS error on connection from scanner-09.ch1.censys-scanner.com [167.248.133.63] SSL_accept: TCP connection closed by peer
2022-07-06 13:35:51 TLS error on connection from scanner-06.ch1.censys-scanner.com [167.94.138.47] SSL_accept: TCP connection closed by peer
2022-07-06 13:35:58 TLS error on connection from scanner-25.ch1.censys-scanner.com [162.142.125.222] SSL_accept: TCP connection closed by peer
2022-07-06 13:36:08 login authenticator failed for wsip-70-174-245-6.sd.sd.cox.net ([127.0.0.1]) [70.174.245.6]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:36:16 H=outbound-mail-208-176.reflexion.net (portal.reflexion.net) [208.70.208.176] incomplete transaction (QUIT) from <[email protected]> for [email protected]
2022-07-06 13:36:19 1o9Bkw-0004UT-2G <= [email protected] H=outbound-mail-208-179.reflexion.net (portal.reflexion.net) [208.70.208.179] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=671057 DKIM=redbarnacademy.org id=CAE47CnYxd5reHhQTtGa2wFbC8kxsVoJ-dVnLDRJ=[email protected] T="Red Barn Fall Harvest Graduation & Car Show" from <[email protected]> for [email protected]
2022-07-06 13:36:19 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9Bkw-0004UT-2G
2022-07-06 13:36:19 1o9Bkw-0004UT-2G => max <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=679976 C="250 2.0.0 <[email protected]> UDBuEUPyxWLNJQAAZUPHNA Saved"
2022-07-06 13:36:19 1o9Bkw-0004UT-2G -> brandon <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=679976 C="250 2.0.0 <[email protected]> UDBuEUPyxWLNJQAAZUPHNA:R2 Saved"
2022-07-06 13:36:19 1o9Bkw-0004UT-2G -> jason <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=679976 C="250 2.0.0 <[email protected]> UDBuEUPyxWLNJQAAZUPHNA:R3 Saved"
2022-07-06 13:36:19 1o9Bkw-0004UT-2G Completed
2022-07-06 13:36:21 TLS error on connection from scanner-04.ch1.censys-scanner.com [162.142.125.9] SSL_accept: TCP connection closed by peer
2022-07-06 13:36:24 SMTP command timeout on TLS connection from ([127.0.0.1]) [195.13.236.46]
2022-07-06 13:36:25 login authenticator failed for ([127.0.0.1]) [61.247.228.131]: 535 Incorrect authentication data (set_id=megan_anderson)
2022-07-06 13:36:28 TLS error on connection from scanner-27.ch1.censys-scanner.com [167.94.138.119] SSL_accept: TCP connection closed by peer
2022-07-06 13:36:42 login authenticator failed for (znyb) [188.162.43.221]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:36:43 SMTP command timeout on TLS connection from ([127.0.0.1]) [14.161.18.249]
2022-07-06 13:36:44 SMTP command timeout on connection from ([127.0.0.1]) [122.160.64.66]
2022-07-06 13:37:00 TLS error on connection from scanner-27.ch1.censys-scanner.com [167.94.138.117] SSL_accept: TCP connection closed by peer
2022-07-06 13:37:09 SMTP command timeout on connection from 177-74-66-121.ateky.net.br ([127.0.0.1]) [177.74.66.121]
2022-07-06 13:37:27 SMTP command timeout on connection from ([127.0.0.1]) [173.169.207.233]
2022-07-06 13:38:14 login authenticator failed for c-71-228-15-119.hsd1.il.comcast.net ([127.0.0.1]) [71.228.15.119]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:38:31 login authenticator failed for ([127.0.0.1]) [61.19.145.34]: 535 Incorrect authentication data (set_id=josh)
2022-07-06 13:38:32 login authenticator failed for ([61.247.237.43]) [61.247.237.43]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:38:38 login authenticator failed for ([46.101.191.76]) [46.101.191.76]: 535 Incorrect authentication data (set_id=sales)
2022-07-06 13:38:42 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:38:42 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:38:42 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:38:43 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:38:44 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:38:58 H=(aznavrchol.cz) [185.173.178.91] Warning: ACL "warn" statement skipped: condition test deferred: host lookup deferred for reverse lookup check
2022-07-06 13:38:58 1o9BnW-0004bl-0J H=(aznavrchol.cz) [185.173.178.91] Warning: DKIM: Failed. reason='bodyhash_mismatch'
2022-07-06 13:38:58 1o9BnW-0004bl-0J ESF score is 61 / 150
2022-07-06 13:38:58 1o9BnW-0004bl-0J H=(aznavrchol.cz) [185.173.178.91] F=<> rejected after DATA: Your message to <[email protected]> was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF, DKIM, and is not on any black lists. Your score: 120
2022-07-06 13:39:03 SPFCheck: 208.70.208.118 is not allowed to send mail from e.dcsg.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:39:03 H=outbound-mail-208-118.reflexion.net (portal.reflexion.net) [208.70.208.118] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: SPF: 208.70.208.118 is not allowed to send mail from e.dcsg.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:39:27 SPFCheck: 208.70.208.111 is not allowed to send mail from robinsonwasteservices.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:39:27 H=outbound-mail-208-111.reflexion.net (portal.reflexion.net) [208.70.208.111] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: SPF: 208.70.208.111 is not allowed to send mail from robinsonwasteservices.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:39:41 login authenticator failed for svr.cmetrika.space [128.199.237.105]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:39:45 1o9BoH-0004e5-2s <= [email protected] H=66-220-144-150.mail-mail.facebook.com [66.220.144.150] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=27252 DKIM=facebookmail.com id=[email protected] T="You have 18 notifications about Amy and others" from <[email protected]> for [email protected]
2022-07-06 13:39:45 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9BoH-0004e5-2s
2022-07-06 13:39:46 1o9BoH-0004e5-2s => hilary <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=27848 C="250 2.0.0 <[email protected]> o5WsABLzxWKfJQAAZUPHNA Saved"
2022-07-06 13:39:46 1o9BoH-0004e5-2s Completed
2022-07-06 13:39:49 login authenticator failed for ([125.139.240.54]) [125.139.240.54]: 535 Incorrect authentication data (set_id=larry)
2022-07-06 13:39:51 TLS error on connection from (edyth) [103.74.69.134] (SSL_accept): (TLSv1.2)
2022-07-06 13:40:20 login authenticator failed for (ADMIN) [20.216.45.28]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:40:30 TLS error on connection from scanner-09.ch1.censys-scanner.com [167.248.133.60] (SSL_accept): timed out
2022-07-06 13:41:05 SPFCheck: Soft Fail 89.252.145.183
2022-07-06 13:41:06 login authenticator failed for ([201.172.82.36]) [201.172.82.36]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:41:07 1o9Bpb-0004j1-1d <= [email protected] H=kalebs.siberation.us (my-hammer.de) [89.252.145.183] P=esmtp S=27272 T="Could This Be The Cure For Tinnitus?" from <[email protected]> for [email protected]
2022-07-06 13:41:07 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9Bpb-0004j1-1d
2022-07-06 13:41:07 1o9Bpb-0004j1-1d => info <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=27701 C="250 2.0.0 <[email protected]> G/X7NmPzxWJnNAAAZUPHNA Saved"
2022-07-06 13:41:07 1o9Bpb-0004j1-1d Completed
2022-07-06 13:41:13 login authenticator failed for 111-67-50-227.veetime.com [111.67.50.227]: 535 Incorrect authentication data (set_id=info)
2022-07-06 13:41:18 H=(sicomponents.ru) [124.222.157.60] rejected EHLO or HELO sicomponents.ru: Bad HELO - Host impersonating domain name [sicomponents.ru]
2022-07-06 13:41:24 1o9Bps-0004l6-0x <= [email protected] H=([IPv6:2607:fb91:3f09:4abe:988:9cb8:ee2:87c5]) [172.58.72.38] P=esmtpsa X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no A=plain:[email protected] S=145179 T="FW: Vonage Visual Voicemail from 18014582936 - New Voicemail\n Received" from <[email protected]> for [email protected]
2022-07-06 13:41:24 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9Bps-0004l6-0x
2022-07-06 13:41:24 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2022-07-06 13:41:25 1o9Bps-0004lB-1x <= [email protected] U=mail P=spam-scanned S=145649 id=[email protected] T="FW: Vonage Visual Voicemail from 18014582936 - New Voicemail\n Received" from <[email protected]> for [email protected]
2022-07-06 13:41:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9Bps-0004lB-1x
2022-07-06 13:41:25 1o9Bps-0004lB-1x => reed <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=147706 C="250 2.0.0 <[email protected]> ADbqFnXzxWLOJQAAZUPHNA Saved"
2022-07-06 13:41:25 1o9Bps-0004lB-1x Completed
2022-07-06 13:41:25 1o9Bps-0004l6-0x => reed <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=145522
2022-07-06 13:41:25 1o9Bps-0004l6-0x Completed
2022-07-06 13:42:01 H=(184.105.199.2) [60.2.215.90] rejected EHLO or HELO 184.105.199.2: HELO is an IP address (See RFC2821 4.1.3)
2022-07-06 13:42:06 H=(184.105.199.2) [60.2.215.90] rejected EHLO or HELO 184.105.199.2: HELO is an IP address (See RFC2821 4.1.3)
2022-07-06 13:42:09 H=(184.105.199.2) [60.2.215.90] rejected EHLO or HELO 184.105.199.2: HELO is an IP address (See RFC2821 4.1.3)
2022-07-06 13:42:10 H=(184.105.199.2) [60.2.215.90] rejected EHLO or HELO 184.105.199.2: HELO is an IP address (See RFC2821 4.1.3)
2022-07-06 13:42:21 H=hassasses.com (pelicanparts.com) [209.160.97.75] F=<[email protected]> rejected RCPT <[email protected]>: Email blocked by b.barracudacentral.org
2022-07-06 13:42:21 H=hassasses.com (pelicanparts.com) [209.160.97.75] incomplete transaction (QUIT) from <[email protected]>
2022-07-06 13:42:53 login authenticator failed for ([127.0.0.16]) [188.240.236.5]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:42:53 H=(184.105.199.2) [60.2.215.90] rejected EHLO or HELO 184.105.199.2: HELO is an IP address (See RFC2821 4.1.3)
2022-07-06 13:42:57 login authenticator failed for ([127.0.0.17]) [122.166.249.226]: 535 Incorrect authentication data (set_id=ogden)
2022-07-06 13:43:09 H=hassasses.com (pelicanparts.com) [209.160.97.75] F=<[email protected]> rejected RCPT <[email protected]>: Email blocked by b.barracudacentral.org
2022-07-06 13:43:09 H=hassasses.com (pelicanparts.com) [209.160.97.75] incomplete transaction (QUIT) from <[email protected]>
2022-07-06 13:43:14 SMTP command timeout on TLS connection from c-71-228-15-119.hsd1.il.comcast.net ([127.0.0.1]) [71.228.15.119]
2022-07-06 13:43:20 login authenticator failed for ([190.185.163.144]) [190.185.163.144]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:43:22 login authenticator failed for ([121.141.215.36]) [121.141.215.36]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:43:27 login authenticator failed for ([222.128.28.131]) [222.128.28.51]: 535 Incorrect authentication data (set_id=webmaster)
2022-07-06 13:43:32 login authenticator failed for ([45.221.11.70]) [45.221.11.70]: 535 Incorrect authentication data (set_id=sales)
2022-07-06 13:43:36 SPFCheck: 208.70.208.176 is not allowed to send mail from bf10x.hubspotemail.net: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:43:36 H=outbound-mail-208-176.reflexion.net (portal.reflexion.net) [208.70.208.176] F=<[email protected]> rejected RCPT <[email protected]>: SPF: 208.70.208.176 is not allowed to send mail from bf10x.hubspotemail.net: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:43:40 SPFCheck: Soft Fail 208.70.208.111
2022-07-06 13:43:43 1o9Bs6-0004th-25 <= [email protected] H=outbound-mail-208-111.reflexion.net (portal.reflexion.net) [208.70.208.111] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=42218 DKIM=i.drop.com id=[email protected] T="The Drop + NZXT Giveaway Starts Now" from <[email protected]> for [email protected]
2022-07-06 13:43:43 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9Bs6-0004th-25
2022-07-06 13:43:43 1o9Bs6-0004th-25 => jason <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=42921 C="250 2.0.0 <[email protected]> gFQNGf/zxWJVOgAAZUPHNA Saved"
2022-07-06 13:43:43 1o9Bs6-0004th-25 Completed
2022-07-06 13:43:45 SMTP command timeout on connection from (User) [27.128.159.101]
2022-07-06 13:43:45 SMTP command timeout on connection from [27.128.159.101]
2022-07-06 13:45:23 login authenticator failed for ([122.160.140.145]) [122.160.140.145]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:45:35 login authenticator failed for ([190.138.240.232]) [190.138.240.232]: 535 Incorrect authentication data (set_id=postmaster)
2022-07-06 13:45:36 H=(mail.zolhe.com) [203.28.246.240] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{false}{true}}": lookup of "ptr=203.28.246.240" gave DEFER:
2022-07-06 13:45:36 H=(mail.zolhe.com) [203.28.246.240] Warning: ACL "warn" statement skipped: condition test deferred: host lookup deferred for reverse lookup check
2022-07-06 13:46:08 SMTP call from [159.223.99.173] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2022-07-06 13:46:10 SMTP call from [159.223.99.173] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2022-07-06 13:46:11 SMTP call from [159.223.99.173] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2022-07-06 13:46:22 login authenticator failed for 111-70-20-11.emome-ip.hinet.net [111.70.20.11]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:46:24 SMTP command timeout on TLS connection from ([IPv6:2607:fb91:3f09:4abe:988:9cb8:ee2:87c5]) [172.58.72.38]
2022-07-06 13:46:30 login authenticator failed for ([122.166.158.56]) [122.166.158.56]: 535 Incorrect authentication data (set_id=sales)
2022-07-06 13:47:31 login authenticator failed for ([201.173.97.118]) [201.173.97.118]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:47:42 login authenticator failed for ([92.115.98.63]) [92.115.98.63]: 535 Incorrect authentication data (set_id=megan)
2022-07-06 13:47:45 H=(aznavrchol.cz) [185.173.178.91] Warning: ACL "warn" statement skipped: condition test deferred: host lookup deferred for reverse lookup check
2022-07-06 13:47:45 1o9Bw1-00055h-1j H=(aznavrchol.cz) [185.173.178.91] Warning: DKIM: Failed. reason='bodyhash_mismatch'
2022-07-06 13:47:46 1o9Bw1-00055h-1j ESF score is 43 / 150
2022-07-06 13:47:46 1o9Bw1-00055h-1j H=(aznavrchol.cz) [185.173.178.91] F=<> rejected after DATA: Your message to <[email protected]> was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF, DKIM, and is not on any black lists. Your score: 120
2022-07-06 13:48:11 1o9BwQ-00056x-2c <= bounces+1584542-fd5c-dh=[email protected] H=o8.mailings.actionnetwork.org [167.89.57.73] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=33569 DKIM=takeitback.org id=[email protected] T="Forced to stay pregnant and give birth no matter what the emotional,\n financial or physical cost" from <bounces+1584542-fd5c-dh=[email protected]> for [email protected]
2022-07-06 13:48:11 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9BwQ-00056x-2c
2022-07-06 13:48:11 1o9BwQ-00056x-2c ** [email protected] F=<bounces+1584542-fd5c-dh=[email protected]> R=virtual_user_unseen T=dovecot_lmtp_udp: LMTP error after RCPT TO:<[email protected]>: 552 5.2.2 <[email protected]> Quota exceeded (mailbox for user is full)
2022-07-06 13:48:12 1o9BwQ-00056x-2c => [email protected] <[email protected]> F=<bounces+1584542-fd5c-dh=[email protected]> R=lookuphost_forward_router T=remote_smtp_forward_transport S=34322 H=gmail-smtp-in.l.google.com [142.250.102.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK 1657140492 nb7-20020a1709071c8700b0072636d48d28si13561205ejc.453 - gsmtp"
2022-07-06 13:48:12 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1o9BwQ-00056x-2c
2022-07-06 13:48:13 1o9BwS-000579-3D <= <> R=1o9BwQ-00056x-2c U=mail P=local S=35099 T="Mail delivery failed: returning message to sender" from <> for bounces+1584542-fd5c-dh=[email protected]
2022-07-06 13:48:13 1o9BwQ-00056x-2c Completed
2022-07-06 13:48:13 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9BwS-000579-3D
2022-07-06 13:48:13 1o9BwS-000579-3D => bounces+1584542-fd5c-dh=[email protected] F=<> R=lookuphost T=remote_smtp S=35894 H=mx.sendgrid.net [167.89.123.50] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes C="250 2.0.0 Ok: queued as 64EE5408AF"
2022-07-06 13:48:13 1o9BwS-000579-3D Completed
2022-07-06 13:48:20 SMTP command timeout on connection from ([190.185.163.144]) [190.185.163.144]
2022-07-06 13:48:25 SMTP call from [172.58.46.183] dropped: too many syntax or protocol errors (last command was "\001?\001???\037?\035??\032mail.invisioncomputers.com?\027??ÿ\001?\001??", NULL)
2022-07-06 13:48:51 login authenticator failed for ([127.0.0.1]) [165.232.181.137]: 535 Incorrect authentication data
2022-07-06 13:49:12 login authenticator failed for ([127.0.0.1]) [121.144.244.142]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:49:16 1o9BxT-0005aN-21 <= [email protected] H=([IPv6:2607:fb90:8281:bd15:a04d:4e55:c376:466e]) [172.58.46.183] P=esmtpsa X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no A=plain:[email protected] S=1662 T="Test new setup" from <[email protected]> for [email protected]
2022-07-06 13:49:16 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9BxT-0005aN-21
2022-07-06 13:49:16 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2022-07-06 13:49:16 1o9BxU-0005aS-0D <= [email protected] U=mail P=spam-scanned S=2117 id=[email protected] T="Test new setup" from <[email protected]> for [email protected]
2022-07-06 13:49:16 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9BxU-0005aS-0D
2022-07-06 13:49:16 1o9BxU-0005aS-0D => jason <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=2301 C="250 2.0.0 <[email protected]> klmMEUz1xWKeJQAAZUPHNA Saved"
2022-07-06 13:49:16 1o9BxU-0005aS-0D Completed
2022-07-06 13:49:16 1o9BxT-0005aN-21 => jason <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=1990
2022-07-06 13:49:16 1o9BxT-0005aN-21 Completed
2022-07-06 13:49:26 login authenticator failed for ([127.0.0.1]) [45.125.59.80]: 535 Incorrect authentication data (set_id=peter)
2022-07-06 13:49:42 login authenticator failed for ([127.0.0.1]) [88.148.122.86]: 535 Incorrect authentication data (set_id=peter)
2022-07-06 13:49:47 login authenticator failed for 227.sub-166-253-218.myvzw.com [166.253.218.227]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:49:54 login authenticator failed for ([122.160.5.156]) [122.160.5.156]: 535 Incorrect authentication data (set_id=jason)
2022-07-06 13:49:58 login authenticator failed for ([127.0.0.1]) [122.180.144.243]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:50:06 1o9Btx-0004yV-33 DKIM: validation error: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2022-07-06 13:50:06 1o9Btx-0004yV-33 H=(mail.zolhe.com) [203.28.246.240] Warning: DKIM: Failed. reason='signature_incorrect'
2022-07-06 13:50:06 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
2022-07-06 13:50:06 1o9ByI-0005hW-2V <= [email protected] U=root P=local S=27290 T="lfd on da201.directsecured.net: Suspicious process running under user alias" from <[email protected]> for root
2022-07-06 13:50:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9ByI-0005hW-2V
2022-07-06 13:50:06 1o9ByI-0005hW-2V User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hW-2V == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hW-2V ** [email protected]: retry timeout exceeded
2022-07-06 13:50:06 1o9Btx-0004yV-33 H=(mail.zolhe.com) [203.28.246.240] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<newsletter-richard.gotomypc=[email protected]> rejected after DATA: Your message to <[email protected]> was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF, DKIM, and is not on any black lists. Your score: 170
2022-07-06 13:50:06 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1o9ByI-0005hW-2V
2022-07-06 13:50:06 1o9ByI-0005hb-2a <= <> R=1o9ByI-0005hW-2V U=mail P=local S=28636 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2022-07-06 13:50:06 1o9ByI-0005hW-2V Completed
2022-07-06 13:50:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9ByI-0005hb-2a
2022-07-06 13:50:06 1o9ByI-0005hb-2a User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hb-2a == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hb-2a ** [email protected]: retry timeout exceeded
2022-07-06 13:50:06 1o9ByI-0005hb-2a [email protected]: error ignored
2022-07-06 13:50:06 1o9ByI-0005hb-2a Completed
2022-07-06 13:50:06 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
2022-07-06 13:50:06 1o9ByI-0005hg-2h <= [email protected] U=root P=local S=712 T="lfd on da201.directsecured.net: Excessive resource usage: alias (14261 (Parent PID:14248))" from <[email protected]> for root
2022-07-06 13:50:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9ByI-0005hg-2h
2022-07-06 13:50:06 1o9ByI-0005hg-2h User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hg-2h == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hg-2h ** [email protected]: retry timeout exceeded
2022-07-06 13:50:06 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1o9ByI-0005hg-2h
2022-07-06 13:50:06 1o9ByI-0005hl-2m <= <> R=1o9ByI-0005hg-2h U=mail P=local S=2063 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2022-07-06 13:50:06 1o9ByI-0005hg-2h Completed
2022-07-06 13:50:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1o9ByI-0005hl-2m
2022-07-06 13:50:06 1o9ByI-0005hl-2m User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hl-2m == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2022-07-06 13:50:06 1o9ByI-0005hl-2m ** [email protected]: retry timeout exceeded
2022-07-06 13:50:06 1o9ByI-0005hl-2m [email protected]: error ignored
2022-07-06 13:50:06 1o9ByI-0005hl-2m Completed
2022-07-06 13:50:10 login authenticator failed for v163-44-197-175.a002.g.bkk1.static.cnode.io ([127.0.0.1]) [163.44.197.175]: 535 Incorrect authentication data (set_id=tucker)
2022-07-06 13:50:20 login authenticator failed for ([177.103.230.172]) [177.103.230.172]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:50:22 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:23 SPFCheck: 208.70.208.118 is not allowed to send mail from amazonses.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:50:23 H=outbound-mail-208-118.reflexion.net (portal.reflexion.net) [208.70.208.118] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<01000181d54731a1-307c52ef-8ea3-4fbf-9568-b910e5f7648b-000000@amazonses.com> rejected RCPT <[email protected]>: SPF: 208.70.208.118 is not allowed to send mail from amazonses.com: Please see http://www.open-spf.org/Why : Reason: mechanism
2022-07-06 13:50:23 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:24 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:50:24 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data (set_id=[email protected])
2022-07-06 13:50:25 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:25 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:25 H=(mail.zolhe.com) [203.28.246.240] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{false}{true}}": lookup of "ptr=203.28.246.240" gave DEFER:
2022-07-06 13:50:25 H=(mail.zolhe.com) [203.28.246.240] Warning: ACL "warn" statement skipped: condition test deferred: host lookup deferred for reverse lookup check
2022-07-06 13:50:26 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:26 login authenticator failed for (User) [27.128.159.101]: 535 Incorrect authentication data ([email protected])
2022-07-06 13:50:28 login authenticator failed for ([220.90.20.36]) [220.90.20.37]: 535 Incorrect authentication data (set_id=marko)
2022-07-06 13:50:35 SMTP command timeout on connection from ([190.138.240.232]) [190.138.240.232]
 
Thanks for that. The only thing I'm seeing that is both an error and something I think might be your customer is this:

2022-07-06 13:39:51 TLS error on connection from (edyth) [103.74.69.134] (SSL_accept): (TLSv1.2)

If that is indeed a customer, of course. This is what I expect to see when an SSL version is attempted by the client that isn't supported by the server. For example, from my server just moments ago, someone attempted TLSv1:

2022-07-06 21:07:30 TLS error on connection from censoredhostname [censoredIP] (SSL_accept): NULL (TLSv1)

Which I obviously don't accept and a default DA installation won't either. Seeing that, in your shoes, I'd probably run this and make sure TLSv1.2 is listed:

openssl ciphers -v | awk '{print $2}' | sort | uniq

If it isn't, an upgrade of OpenSSL should be necessary. Perhaps an old OS version?

If it is, then I'd check that it's not forbidden in the exim config. Here's what I'd expect to see:

root@arrow:~# grep openssl_options /etc/exim*
Code: 
/etc/exim.variables.conf:openssl_options=+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 +cipher_server_preference

If it isn't specifically forbidden there and your OpenSSL version supports it, it should be functional so maybe it means there's an unusual client-side problem.

If that isn't even a customer at all, we may have to move to client side errors and see what clients are seeing specifically when they try the connection. A second measure may be to take the client's IP address at the time of their test and grep the exim log for it to see if that shakes loose any more data.
 
You must log in or register to reply here.
Back
Top