That's what's odd. We're on the same ISP. See my notes below:
At 04:44 PM 3/15/2007, you wrote:
Chris:
A number of IP address related issues can cause this, particularly
if the mail server has been moved to another subnet or moved behind a router.
Could be:
* No or incorrect PTR record at the ISP level pointing back to
your mail server domain
Our mail server is not 69.74.100.2 - it is .88, which tests OK:
http://www.dnsstuff.com/tools/ptr.ch?ip=69.74.100.88
* The PTR record is identifying an incorrect (internet) domain
name for your server
There is nothing configured for the .2 because we do not use it per
se. It is the primary external IP
of the firewall, but is not NAT'd to anything
* Your DNS Host is listening on incorrect IP addresses (maybe
they changed and the Listen IP address was not also changed)
We do our own DNS using MS Bind. Nothing has changed here.
* Your relay settings may need to change include the IP subnet
where the sender is located - this can happen if the mail server is
moved behind a router onto an internal address compared with being
on a public IP address
We only relay for auth users, not by IP, and all users with the
problem are external to us
* The Domain Name Server address in the I-Mail SMTP Service is wrong
This is already correct
The one thing I did change (just now, not prior) is that under SMTP
security we were
relaying mail for our c class; I'm suspecting it was done for a
formmail type app somewhere
on a client website. I've changed that to "NO MAIL RELAY" and
already have "DISABLE SMTP AUTH" unchecked
Again, in case some script somewhere is open and being abused to relay.
First go to <http://www.dnsstuff.com>www.dnsstuff.com and enter the
IP address of the mail server, or the router in front of it in the
Reverse DNS Lookup, click the button and check the results. The next
to last line should say Answer.... and should list the A records and
addresses from the DNS server.
The .2 answers the ISP (lightpath) but the .88 answers our mail
server. Nothing is configured on our end to run as the .2 - that is
what has me confused. Even if it was a relay off of a website script
through our mail server, it would go out over .88
The only thing I can think of is whether there could be an SMTP
process running on a server pushing out and for some reason is not
getting NAT'd. But I haven't been able to find one...
That'll confirm if the ISP PTR record is correct, and if your DNS is
pointing back to the right IP address - if not you'll get an error.
Make sure the ISP has the right domain name set in the PTR record.
The email report came back with "italy101" as the FQDN which is the
name of a server here, it is not in DNS, and leads me to believe an
SMTP process is running somewhere... but telnets to that address on
ports 25 and 110 should show something, no?
Then give some thought if you need to be allowing Relay for some
address ranges, like if the sender who has problems is behind a
router, give the IP address for the outside of the router, and the
appropriate Subnet Mask (be careful to give the real IP address for
the beginning of a block, which should be an even number, then make
sure the subnet mask is correct.
As indicated above, this is now totally disabled
Then do a bit of experimenting. I would suggest you get two
computers on different networks and e-mail between the two to check
out the results
Unfortunately it is an intermittent problem. And, strangely, it is
some people here who have sent emails, had them rejected, indicating
it is coming from the .2 but they are config'd in Outlook to use the
mail server, again, .88
Thanks
I just went thru all this when I changed my Mail server from one
TimeWarner account to another. It was on a public IP address, but is
now behind a router and has an internal address.
Cheers
Ted Daniels
----- Original Message -----
From: "Chris Ulrich" <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
To: <<mailto:[email protected]>[email protected]>
Sent: Thursday, March 15, 2007 3:51 PM
Subject: Re: [IMail Forum] Strange Problem occurring with Code 553
> The problem is, this is not spam.
>
> This is a legitimate client sending an email to someone and getting
> this as a bounce-back.
>
>
>
> At 01:39 PM 3/15/2007, you wrote:
> >We've seen a lot of forging spam lately with headers forged like
> >
> >Received from xxx.xxx.xxx.xxx (HELO mail.example.com)
> >
> >These have typically used an IP that we have associated with a mail server
> >hostname, but are not currently using. Unfortunately the receiving server
> >is not using REVDNS or they would have seen it wasn't actually sent from
> >that IP.
> >
> >Perhaps you're seeing a problem resulting from something similar?
> >
> >Darin.
> >
> >
> >----- Original Message -----
> >From: "Christopher Checca"
<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
> >To: <<mailto:[email protected]>[email protected]>
> >Sent: Thursday, March 15, 2007 11:28 AM
> >Subject: RE: [IMail Forum] Strange Problem occurring with Code 553
> >
> >
> >I'm having the same problem with a godaddy hosted account we send to ...
> >they claim we are using an IP address that we don't use and have
us blocked.
> >No answer yet ... we've been working with them for over a month now.
> >
> >Christopher Checca
> >Packard Transport, Inc.
> >IT Department
> >24021 South Municipal Dr
> >PO Box 380
> >Channahon, IL. 60410
> >815 467 9260
> >815 467 6939 Fax
> >[EMAIL PROTECTED]
> >www.packardtransport.com
> >
> >-----Original Message-----
> >From:
<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich
> >Sent: Thursday, March 15, 2007 11:18 AM
> >To: <mailto:[email protected]>[email protected]
> >Subject: [IMail Forum] Strange Problem occurring with Code 553
> >
> >For the last week we've had a big problem with complaints that some
> >messages are being returned indicating:
> >
> >553 Bogus Helo italy101. <
<http://unblock.secureserver.net/?ip=69.74.100.2>http://unblock.secureserver.net/?ip=69.74.100.2
> > >
> >
> >Our mail server isn't 69.74.100.2, it is 69.74.100.88
> >
> >We've gone in and tightened up MS SMTP service (which one client was
> >using for a form-mail like app)
> >which *may* have been NAT'd to that IP address (still not sure).
> >
> >If I telnet to that .2 address on ports 25 or 110 nothing appears to be
> >there
> >
> >Any suggestions on why this might be occuring, what it means and what
> >I should look at to address it?
> >
> >Thanks !!!
> >
> >To Unsubscribe:
<http://www.ipswitch.com/support/mailing-lists.html>http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
<http://www.mail-archive.com/imail_forum%40list.ipswitch.com/>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ:
<http://www.ipswitch.com/support/IMail/>http://www.ipswitch.com/support/IMail/
> >
> >
> >To Unsubscribe:
<http://www.ipswitch.com/support/mailing-lists.html>http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
<http://www.mail-archive.com/imail_forum%40list.ipswitch.com/>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ:
<http://www.ipswitch.com/support/IMail/>http://www.ipswitch.com/support/IMail/
> >
> >To Unsubscribe:
<http://www.ipswitch.com/support/mailing-lists.html>http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
<http://www.mail-archive.com/imail_forum%40list.ipswitch.com/>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ:
<http://www.ipswitch.com/support/IMail/>http://www.ipswitch.com/support/IMail/
>
> To Unsubscribe:
<http://www.ipswitch.com/support/mailing-lists.html>http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
<http://www.mail-archive.com/imail_forum%40list.ipswitch.com/>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ:
<http://www.ipswitch.com/support/IMail/>http://www.ipswitch.com/support/IMail/
>
