Emails are not sending due to MTA poor reputation
Problem reported by North Pro - 7/31/2019 at 2:08 PM
Resolved
We are having an issue where some emails that are sent are getting a bounce back with several different errors. Two of those include

"Your access to this mail system has been rejected due to the sending MTA's poor reputation", and
"temporarily deferred due to user complaints"

I have verified on MXtoolbox that we are not blacklisted.  We did have two blacklists but I have already removed us from these lists so as of right now we are not listed on any blacklists, however emails are still not going through.  

Inside smartermail I see under the admin management >spool > a list of the number of emails sent per user/ip and number of emails received per user/ip.  The server ip looks like it has sent almost 10,000 emails in the last 24 hours.  However, if I add how many emails each user has sent in the last 24 hours its only about 600 or so.  The numbers dont add up and I am not sure if I am on a wild goose chase or if I am near the problem.  

On a side note, I have limited experience with smarter mail but one of our clients uses it.  Any help is appreciated!

4 Replies

Reply to Thread
0
Linda Pagillo Replied
Hello. Which version of SmarterMail are you using? Also, you may want to check your server IP reputation here: https://talosintelligence.com/reputation_center. and you may want to check to see if your server IP is on any widely used RBLs here: http://multirbl.valli.org/. I have a suspicion that you have a compromised account on your server. If that is the case, I can help you. I will just need to know the version of SM that you are using. If you are using version 17x, did you upgrade to it from a prior version? I'm asking because depending on your answer, I may be able to provide you with a free program to find out what account is compromised. Thanks!
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
North Pro Replied
We use SmarterMail version 16.x. During further troubleshooting, I have found something else. In different logs and also in the virus quarantine, there is an email address that keeps popping up. It is the sender in almost all scenarios. Similar to this: 3vrgfqblaepzfoieznbfntmrpqyix@ourdomain.com, but with "Our domain" being our actual domain. This account is not a user or an alias on our server. If this is the source of the problem, how do we stop it? Thanks!
1
Kyle Kerst Replied
Employee Post Marked As Resolution
To stop that you'll want to enable the SMTP authentication requirement for local deliveries under Settings>Protocols>SMTP IN. This will require users authenticate before sending from your domain.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Linda Pagillo Replied
North, I agree with Kyle on the resolution. Now that you provided further details, it looks like you may have an open relay, not a compromised account.

However, if you would like to protect your server in the event of a compromised account, SM's throttling and internal spammer notification features work well for that along with the free program that I was telling you about. The program is called Declude and the feature within it that you would use is Declude Hijack. If you would like to learn more about how it works, Please check out the following KB articles and user's manual...

Also, if you would like to download and try Declude, you can do so from the following link:http://mailsbestfriend.com/downloads/

Please let me know if you have any questions. Thanks!
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 

Reply to Thread