1
SMTP Blocking
Question asked by Gary Pacitti - June 23, 2015 at 7:07 AM
Answered
HI

wonder if anyone could help. We have used Bruce's anti-spam document for years (thank you). We have recently updated and found that mail from gmail accounts were not arriving. 

We are trying to track what the issue could be. We feel its SMTP blocking on one or several of the RBL checks causing a block,  but since these would not enter the spool they don't show in the logs (SMTP). 
 
I there a way to find what emails are being blocked from entering the spool (i.e. a log) or any other suggestions how best to track the issue, apart from not using SMTP blocking.
 
Thanks
 
 

5 Replies

Reply to Thread
1
Bruce Barnes Replied
June 23, 2015 at 7:30 AM
Appreciate the acknowledgement, Gary, thank you.

Have you checked the document for recent updates?  I've made several changes in recent months and you may be being blocked by something that's been modified or is no longer a part of the settings which were in the document you used for your current antispam profile.
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Gary Pacitti Replied
June 23, 2015 at 7:47 AM
Bruce thanks
 
We used the very latest document (again thanks). I am not sure if you misunderstood its incoming email not reaching clients.

So for sake of clarity from xyz@gmail.com sent to a client on our server abc@abc.com. They just don't arrive, so i figure its being blocked before reaching the spool.  So therefore as I understand it they would not show in the logs (SMTP) which makes it difficult to establish what the trigger is, and therefore to remedy.
 
If we look in SMTP log nothing is showing ? So no connection EHLO etc etc 

Does that make sense ?
 
 
Gary

 
0
Bruce Barnes Replied
June 23, 2015 at 8:39 AM
You didn't state when you last updated your settings and I just updated the document a week ago, that's why I asked.   The most recent version of the antispam document is available only via the link in my post above.

Having said that, if your SMTP logs are set to detailed, you would see an entry in the logs because you'd see the connection and negotiation processes between the two servers prior to having any of the tests applied.
 
Here's what you should be seeing if the sender's server is connecting and the messages are being blocked by an RBL:
 
[2015.06.23] 07:48:40 [100.43.150.10][18223516] connected at 6/23/2015 7:48:40 AM
[2015.06.23] 07:48:40 [100.43.150.10][18223516] cmd: EHLO gamescorereview.com
[2015.06.23] 07:48:40 [100.43.150.10][18223516] rsp: 250-securemail.chicagonettech.com Hello [100.43.150.10]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.06.23] 07:48:42 [100.43.150.10][18223516] cmd: MAIL FROM:<noreply@ipuzo.us> BODY=8BITMIME
[2015.06.23] 07:48:44 [100.43.150.10][18223516] rsp: 554 Sending address not accepted due to spam filter
[2015.06.23] 07:48:44 [100.43.150.10][18223516] Mail rejected due to SMTP Spam Blocking: HostKarma - Blacklist, SPAMHAUS - SBL 2
[2015.06.23] 07:48:44 [100.43.150.10][18223516] cmd: QUIT
[2015.06.23] 07:48:44 [100.43.150.10][18223516] rsp: 221 Service closing transmission channel
[2015.06.23] 07:48:44 [100.43.150.10][18223516] disconnected at 6/23/2015 7:48:44 AM
If you never see the connection from the sender, then the problem lies between the sender's network and yours.
 
If you are properly receiving e-mail from other sources, then it's probably not your network.
 
If you post your domain name, we can run external tests.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Gary Pacitti Replied
June 23, 2015 at 8:57 AM
Bruce
 
OK think we have traced the issue and I was 'barking up the wrong tree'. A complete fail on my behalf.

We updated the secure cert on the server. Of course we updated the IIS binding but forgot to export and overwrite the old cert in smarter mail. Therefore this was causing TLS failures, which meant no connection, hence no logs. 

Having updated the anti spam with your settings, just prior, wrongly assumed that the error was there. Oh how wrong could one be.

This would also explain other issues we were having with authentication ! LESSON LEARNED.

Keep up the good work on the SPAM its really appreciated, sent you a small token of thanks via PAYPAL.

Gary



 
0
Bruce Barnes Replied
June 23, 2015 at 9:12 AM
Glad you got that resolved.  It's really unusual to see nothing whatsoever in the SMTP logs when they are set to detailed.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread