[ZendTo] {SPAM?} Re: Issues with sending to external users
Jules
Jules at Zend.To
Fri Jan 13 16:24:11 GMT 2017
And as you were sending via IPv6, and utoronto.ca's SPF record does not
contain *any* IPv6 statements at all, then Google will block all IPv6
mail traffic from utoronto.ca (regardless of whether it comes from your
ZendTo server or your university's central outgoing mail servers).
If utoronto.ca has any IPv6 network in place (which they appear to, as
you could get to Google via IPv6), then they really should add an IPv6
statement to their SPF record. Or else no-one is going to want to
receive any IPv6 mail they send.
Cheers,
Jules.
On 13/01/2017 16:14, Mike Brudenell wrote:
> As Jules says, this error implies that your server is trying to send
> the message direct to Google. But there are (at least) two issues with
> this:
>
> 1. It looks to be that your server can talk IPv6 and is doing so
> direct to Google's mail servers, but that these are detecting a
> problem with your DNS records as they describe in the error response.
>
> 2. If you're sending from an "@utoronto.ca <http://utoronto.ca>"
> email address then there is an SPF record published in the DNS for
> the utoronto.ca <http://utoronto.ca> domain saying that servers
> with IP addresses in the netblocks ip4:*MailScanner has detected a
> possible fraud attempt from "128.100.132.0" claiming to be*
> 128.100.132.0/24 <http://128.100.132.0/24> and ip4:*MailScanner
> has detected a possible fraud attempt from "128.100.46.0" claiming
> to be* 128.100.46.0/24 <http://128.100.46.0/24> should be sending
> out messages from "@utoronto.ca <http://utoronto.ca>" addresses
> and others shouldn't really be.
>
> As Jules says, the best thing is to get the emails sent from your
> server to be relayed out through your organisation's central mail
> gateways/smarthosts.
>
> Cheers,
> Mike B-)
>
> PS. Have just read your latest message: glad you've spotted the issue.
>
> On 13 January 2017 at 15:37, Brian Novogradac
> <Brian.Novogradac at utoronto.ca <mailto:Brian.Novogradac at utoronto.ca>>
> wrote:
>
> Here is the error from my root mailbox
>
> ----- The following addresses had permanent fatal errors -----
>
> <user at gmail.com <mailto:user at gmail.com>>
>
> (reason: 550-5.7.1 [2606:fa00:400:2006:250:56ff:fe92:282a] Our
> system has detected that)
>
> ----- Transcript of session follows -----
>
> ... while talking to gmail-smtp-in.l.google.com
> <http://gmail-smtp-in.l.google.com>.:
>
> >>> DATA
>
> <<< 550-5.7.1 [2606:fa00:400:2006:250:56ff:fe92:282a] Our system
> has detected that
>
> <<< 550-5.7.1 this message does not meet IPv6 sending guidelines
> regarding PTR
>
> <<< 550-5.7.1 records and authentication. Please review
>
> <<< 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError
> <https://support.google.com/mail/?p=IPv6AuthError> for more
> information
>
> <<< 550 5.7.1 . u130si1909083iod.170 - gsmtp
>
> 554 5.0.0 Service unavailable
>
> --v0DDJKOE005944.1484313560/send.utoronto.ca <http://send.utoronto.ca>
>
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; send.utoronto.ca <http://send.utoronto.ca>
>
> Received-From-MTA: DNS; localhost.localdomain
>
> Arrival-Date: Fri, 13 Jan 2017 08:19:19 -0500
>
> Final-Recipient: RFC822; user at gmail.com <mailto:user at gmail.com>
>
> Action: failed
>
> Status: 5.7.1
>
> Remote-MTA: DNS; gmail-smtp-in.l.google.com
> <http://gmail-smtp-in.l.google.com>
>
> Diagnostic-Code: SMTP; 550-5.7.1
> [2606:fa00:400:2006:250:56ff:fe92:282a] Our system has detected that
>
> Last-Attempt-Date: Fri, 13 Jan 2017 08:19:20 -0500
>
> --v0DDJKOE005944.1484313560/zendto.XXX.ca <http://zendto.XXX.ca>
>
> *From:*zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>
> [mailto:zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>]
> *On Behalf Of *Mike Brudenell
> *Sent:* Friday, January 13, 2017 9:40 AM
> *To:* ZendTo Users <zendto at zend.to <mailto:zendto at zend.to>>
> *Subject:* Re: [ZendTo] Issues with sending to external users
>
> Hi, Brian -
>
> Firstly note that I've not touched Sendmail since 2008 (we use
> Exim now) so my memory/interpretation might be hazy in places in
> my comments below…
>
> On 13 January 2017 at 13:31, Brian Novogradac
> <Brian.Novogradac at utoronto.ca
> <mailto:Brian.Novogradac at utoronto.ca>> wrote:
>
> Thanks for helping me out here here is some more information.
>
> -Running Centos 6.8
>
> -Yes the zendto is sending messages to sendmail on the machine
>
> -I have all hostname information set correctly in hosts file
>
> -In sendmail.mc <http://sendmail.mc> I have added the
> domainname in define(`confDOMAIN_NAME', `zendto.host.ca
> <http://zendto.host.ca>')dnl
>
> I seem to remember that you set confDOMAIN_NAME to the domain name
> you want adding to unqualified addresses — ie, those that are only
> a username. If you have _really_ set this to "zendto.host.ca
> <http://zendto.host.ca>" then a message from/to the plain username
> address
>
> apache
>
> say, becomes
>
> apache at zendto.host.ca <mailto:apache at zendto.host.ca>
>
> I've used dig to look up data for the domain "host.ca
> <http://host.ca>" and to be honest I'm not convinced you've really
> set it to that as it seems to be something to do with
> domainsatcost.ca <http://domainsatcost.ca>.
>
> Maillog:
>
> Jan 13 08:19:19 zendto sendmail[5941]: v0DDJILc005941:
> from=apache, size=1517, class=0, nrcpts=1,
> msgid=<201701131319.v0DDJILc005941 at zendto.XXXXX
> <mailto:201701131319.v0DDJILc005941 at zendto.XXXXX>>,
> relay=apache at localhost
>
> The above will be the locally generated message your apache
> username is creating and handing to Sendmail.
>
> Jan 13 08:19:19 zendto sendmail[5942]: v0DDJJOE005942:
> from=<apache@ zendto.XXXXX >, size=1744, class=0, nrcpts=1,
> msgid=<201701131319.v0DDJILc005941@ zendto.XXXXX >,
> proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
>
> Then sendmail qualifies the plain sender address "apache" with a
> domain name, making it <apache.zendto.XXXXX> — hmm, if that's the
> case then that won't be a valid email address.
>
> I seem to recall that "relay=" identifies the server the message
> is transmitted onward to: in this case to the SMTP server running
> on the same machine — localhost.localdomain [127.0.0.1]
>
> Jan 13 08:19:19 zendto sendmail[5941]: v0DDJILc005941:
> to=userXXX at gmail.com <mailto:userXXX at gmail.com>,
> ctladdr=apache (48/48), delay=00:00:01, xdelay=00:00:00,
> mailer=relay, pri=31517, relay=[127.0.0.1] [127.0.0.1],
> dsn=2.0.0, stat=Sent (v0DDJJOE005942 Message accepted for
> delivery)
>
> I think the above is Sendmail logging it has successfully
> transmitted your message to the SMTP listener running on your host.
>
> Jan 13 08:19:20 zendto sendmail[5944]: STARTTLS=client,
> relay=gmail-smtp-in.l.google.com
> <http://gmail-smtp-in.l.google.com>., version=TLSv1/SSLv3,
> verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
>
> Your Sendmail then decides it needs to transmit the message to the
> server gmail-smtp-in.l.google.com <http://gmail-smtp-in.l.google.com>
>
> Which tallies with the MX records for gmail.com <http://gmail.com>
> — these have the most preferred one being
> gmail-smtp-in.l.google.com <http://gmail-smtp-in.l.google.com>
>
> Jan 13 08:19:20 zendto sendmail[5944]: v0DDJJOE005942: to=<
> userXXX at gmail.com <mailto:userXXX at gmail.com> >,
> ctladdr=<apache@ zendto.XXXXX > (48/48), delay=00:00:01,
> xdelay=00:00:01, mailer=esmtp, pri=121744,
> relay=gmail-smtp-in.l.google.com
> <http://gmail-smtp-in.l.google.com>.
> [IPv6:2607:f8b0:4001:c01::1b], dsn=5.0.0, stat=Service unavailable
>
> The above line is Gmail's SMTP server refusing to accept your
> message, returning a 5xx permanent failure response code, with the
> rather unhelpful explanatory text "Service unavailable".
>
> The 5xx response code tells your Sendmail to abandon any further
> attempts to send the message and to generate a Non-Delivery Report
> to return to the sender.
>
> Jan 13 08:19:20 zendto sendmail[5944]: v0DDJJOE005942:
> v0DDJKOE005944: DSN: Service unavailable
>
> Jan 13 08:19:20 zendto sendmail[5944]: v0DDJKOE005944:
> to=root, delay=00:00:00, xdelay=00:00:00, mailer=local,
> pri=32992, dsn=2.0.0, stat=Sent
>
> This shows a message being delivered to the local mailbox
> belonging to the root username on your server — ie, the Zendto
> box. Check in that mailbox and you'll likely find the Non-Delivery
> Report, hopefully with some information about why the message was
> rejected by Gmail.
>
> Things that trouble me are the stray spaces everywhere. For
> example the sender address seems to be <apache@ zendto.XXXXX > and
> the recipient address < userXXX at gmail.com
> <mailto:userXXX at gmail.com> >. But a quick test suggests Gmail
> would reject these with a "555 5.5.2 Syntax error." response
> rather than "Service unavailable".
>
> Email Header:
>
> Received: from zendto.XXXXX (localhost.localdomain [127.0.0.1]) by
> zendto.XXXXX t(8.14.4/8.14.4) with ESMTP id v0CJ8WAd001980;
> Thu, 12 Jan
> 2017 14:08:32 -0500
> Received: (from apache at localhost <mailto:apache at localhost>) by
> zendto.XXXXX (8.14.4/8.14.4/Submit)
> id v0CJ8Wm9001976; Thu, 12 Jan 2017 14:08:32 -0500
> Date: Thu, 12 Jan 2017 14:08:32 -0500
> Message-ID: <201701121908.v0CJ8Wm9001976 at zendto.XXXXX
> <mailto:201701121908.v0CJ8Wm9001976 at send.utoronto.ca>>
> To: < userXXX at gmail.com <mailto:userXXX at gmail.com> >
> Subject: User has dropped off a file for you
> X-PHP-Originating-Script: 0:NSSDropbox.php
> From: Zendto <no-reply at zendto.XXXXX <mailto:no-reply at utoronto.ca>>
>
>
> Basically there's still a lot of obfuscation, possibly along with
> some typos (the stray spaces) introduced whilst obfuscating, for
> anyone else to be sure what's going on. You'll need to discuss
> your pristine logs with a local Sendmail support guru at your site.
>
> Cheers,
>
> Mike B.
>
> --
>
> Systems Administrator & Change Manager
>
> IT Services, University of York, Heslington, York YO10 5DD, UK
>
> Tel: +44-(0)1904-323811 <tel:01904%20323811>
>
> Web: www.york.ac.uk/it-services <http://www.york.ac.uk/it-services>
>
> Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
> <http://www.york.ac.uk/docs/disclaimer/email.htm>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to <mailto:ZendTo at zend.to>
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
> <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
>
>
> --
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811
>
> Web:www.york.ac.uk/it-services <http://www.york.ac.uk/it-services>
> Disclaimer:www.york.ac.uk/docs/disclaimer/email.htm
> <http://www.york.ac.uk/docs/disclaimer/email.htm>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng MBCS CITP CEng
'Learn from yesterday, live for today,
look to tomorrow, rest this afternoon.' - Charles M Schulz
www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20170113/a10bfd6d/attachment-0001.html
More information about the ZendTo
mailing list