Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Unable to relay messages in mail log (Is another server trying to use me as a relay for spam?)
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Hi all,

I'm suddenly getting Gigabytes of mail log entries in the following format:

[23/Jun/2010 08:56:22] Sent: Queue-ID: 4c1cbcd3-000000a6, Recipient: <servizio<_at_>bademailserver.it>, Result: delayed, Status: 4.1.1 440 4.0.2 Unable to relay. <> is not configured
[23/Jun/2010 08:56:22] Sent: Queue-ID: 4c20a50c-0000041a, Recipient: <servizio<_at_>bademailserver.it>, Result: delayed, Status: 4.1.1 440 4.0.2 Unable to relay. <> is not configured
[23/Jun/2010 08:56:22] Sent: Queue-ID: 4c20a086-00000408, Recipient: <paolalmi<_at_>donnmpia.it>, Result: delayed, Status: 4.1.1 440 4.0.2 Unable to relay. bademailserver.it is not configured
[23/Jun/2010 08:56:22] Sent: Queue-ID: 4c20a086-00000408, Recipient: <paolali<_at_>azznica.it>, Result: delayed, Status: 4.1.1 440 4.0.2 Unable to relay. bademailserver.it is not configured

It looks like another mail server is trying to use me as a relay for spamming ... how can I stop this?

In the SMTP Relays settings I have the four private address spaces plus one other host.

All the email clients are working fine - mostly IMAP.

I'm running Kerio 7.1.0 beta 3 build 1472 on Win 2003 with a max of 15 users so it's a small server.

Thanks
Simon
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
What are your relay options? Are the users forced to do an SMTP Authentication? If so, a weak password could have been hacked, but then you would see who has authenticated and change the password.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Hi freakinvibe,

I saw these questions on another post you made recently.

Relay - 4 private IP ranges plus one other host IP address and yes, users require SMTP auth.

My first advice was for everyone to change their passwords.

I also noticed the Debug log which has entries like the following filling it up:
[23/Jun/2010 09:27:48][5444] {smtpc} Got reply: 440 4.0.2 Unable to relay. bademailserver.it is not configured
[23/Jun/2010 09:27:48][304] {smtpc} Got reply: 440 4.0.2 Unable to relay. bademailserver.it is not configured
[23/Jun/2010 09:27:48][1304] {smtpc} Sent RCPT TO: <servizio<_at_>bademailserver.it>
[23/Jun/2010 09:27:48][5444] {smtpc} Recipient <sree5<_at_>lero.it> not accepted: 440 4.0.2 Unable to relay. bademailserver.it is not configured
[23/Jun/2010 09:27:48][304] {smtpc} Recipient <inzo<_at_>lero.it> not accepted: 440 4.0.2 Unable to relay. bademailserver.it is not configured

.. which looks like we are sending out hundreds of Receipts - so I need to stop this somehow.

Any more help would be appreciated.

  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
The error message
Quote:
440 4.0.2 Unable to relay. bademailserver.it is not configured

seems to come from the recipient's mail server, not yours.

I think you have to clear the mail queue completely and also turn on SMTP Server in the debug log to find out how those messages get into your queue.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Exactly. freakinvibe is right.

I can't understand why are you looking at the outgoing messages. You have to check your mail log for incoming messages and find out who is generating the emails and if they are legitimate. And then try to solve the problem with your provider (or whatever SMTP relay you use).
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Thanks again.

I have cleared the queue and the log entries seem to have stopped now. I think it was retrying the same messages over and over.
I've got debug on so I'll monitor the server for a while and see what happens.

Cheers

  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Hi Kerio-pdobry,

Am I mistaken about what was happening from what you can see from the log entries?

Now I have cleared the Message Queue, all the errors have stopped.

Does the Mail Log record ALL incoming and outgoing messages?

Cheers
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
simonw wrote on Wed, 23 June 2010 14:39

Does the Mail Log record ALL incoming and outgoing messages?
Cheers


Yes, of course! That's why the lines have "Recv" and "Sent" prefix. The log shows the information about incoming messages and where the message was sent to.
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Hi,
Thanks, I didn't see any RECV entries as there were so many SENT/Delayed entries for my bad entries. Now I can.
So it seems my Message Queue was full of 800+ messages that have been added to my server at some point, but now I have cleared them there is no further problem .. except how they got there in the first place.
As there was so much data I've had to delete all the logs so there is not much evidence left.
Is there anywhere else I can look for clues as to how these messages got onto the Queue?

Thanks
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Hi again,

I have another message appeared overnight that is queued to be sent which has the following entry in the mail log:

[24/Jun/2010 01:08:30] Recv: Queue-ID: 4c22a1fe-00000838, Service: Backup, From: <>, To: <andrew<_at_>corde.com>, Size: 802, Report: backup
[24/Jun/2010 01:08:30] Sent: Queue-ID: 4c22a1fe-00000838, Recipient: <andrew<_at_>corde.com>, Result: delayed, Status: 4.1.1 440 4.0.2 Unable to relay. <> is not configured

[NOTE I have changed the target email address/domain for privacy]

I can see this is the automatic mail sent after a Kerio Backup but I don't know why it cannot send it. It has a similar status to the other mails but this mail has a known source - Kerio itself!

The only clue I can see is that the domain of this recipient is listed as the only other host on my SMTP allowed relay server list, apart from the private IP network addresses.

Could a problem with this external mail server as a relay be preventing it sending?

What I am trying to understand is exactly what this means :"Unable to relay. <> is not configured"


Thanks again


[Updated on: Thu, 24 June 2010 13:14]

  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
To pinpoint this problem, you should enable "SMTP client" in the debug log to see the exact SMTP exchange between your server and the receiving mail server (or the relay, if you have configured one).

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Another update.

I have SMTP Client on in the debug log.

This morning I have another email created by the Kerio backup process overnight that cannot be delivered to our relay (MXSweep).

Can anyone tell me why it won't go? What's the "<>" that is not configured?
If it does this every night, the queue (and the log files) will slowly fill up again.

Here is the full attempt at sending:

[25/Jun/2010 12:00:10][7704] {qproc} The mail queue processing started.
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Sending queued messages...
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Starting transaction
[25/Jun/2010 12:00:10][7704] {smtpc} Received greeting: 220 IX-MTA-11.mxsweep.com mail170.emailantidote.com Fri, 25 Jun 2010 12:02:15 +0100
[25/Jun/2010 12:00:10][7704] {smtpc} Sending EHLO
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Processing message no. 1, queue-id=4c23f3b4-00000910, size=802 bytes
[25/Jun/2010 12:00:10][7704] {smtpc} Sent MAIL command
[25/Jun/2010 12:00:10][7704] {smtpc} Got reply: 250 2.1.0 <>....Sender OK
[25/Jun/2010 12:00:10][7704] {smtpc} Sent RCPT TO: <andrew<_at_>coree.com>
[25/Jun/2010 12:00:10][7704] {smtpc} Got reply: 440 4.0.2 Unable to relay. <> is not configured
[25/Jun/2010 12:00:10][7704] {smtpc} Recipient <andrew<_at_>coree.com> not accepted: 440 4.0.2 Unable to relay. <> is not configured
[25/Jun/2010 12:00:10][7704] {smtpc} No recipient succeeded
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Result for recipient andrew<_at_>coree.com: failed, Status: 5.1.1 No recipient accepted
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Processing message no. 1, queue-id=4c22a1fe-00000838, size=802 bytes
[25/Jun/2010 12:00:10][7704] {smtpc} Sent RSET command
[25/Jun/2010 12:00:10][7704] {smtpc} Got reply: 250 2.0.0 Resetting
[25/Jun/2010 12:00:10][7704] {smtpc} Sent MAIL command
[25/Jun/2010 12:00:10][7704] {smtpc} Got reply: 250 2.1.0 <>....Sender OK
[25/Jun/2010 12:00:10][7704] {smtpc} Sent RCPT TO: <andrew<_at_>coree.com>
[25/Jun/2010 12:00:10][7704] {smtpc} Got reply: 440 4.0.2 Unable to relay. <> is not configured
[25/Jun/2010 12:00:10][7704] {smtpc} Recipient <andrew<_at_>coree.com> not accepted: 440 4.0.2 Unable to relay. <> is not configured
[25/Jun/2010 12:00:10][7704] {smtpc} No recipient succeeded
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Result for recipient andrew<_at_>coree.com: failed, Status: 5.1.1 No recipient accepted
[25/Jun/2010 12:00:10][7704] {smtpc} QUIT sent, got reply: 221 2.0.0 IX-MTA-11.mxsweep.com Service closing transmission channel
[25/Jun/2010 12:00:10][7704] {qproc} SEND_RELAY: Transaction finished
[25/Jun/2010 12:00:10][7704] {qproc} SEND_FWD: No outgoing messages in queue
[25/Jun/2010 12:00:10][7704] {qproc} The mail queue processing finished.


BTW I tried to delete this single message from the queue ... and got a Kerio exception.

Many thanks
Simon

[Updated on: Fri, 25 June 2010 13:15]

  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
It is normal for non-delivery reports, delivery notifications and also backup notifications to have <> as a Return Path, for example the header of a recent backup notification of mine looks like
Return-Path: <>
Received: from localhost
	by mail.example.org; Sun, 20 Jun 2010 03:38:50 +0200
Date: Sun, 20 Jun 2010 03:38:50 +0200

So the problem lies with your relay host (mxseep.com). It should accept <> as a sender for DSNs and NDRs.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
simonw

Messages: 18
Karma: 0
Send a private message to this user
Thanks for your time freakinvibe.

Are you saying that this particular email address ('andrew<_at_>coree.com') is being rejected by the relay at MXSWEEP? Any idea why that should be? It's just an email address.
What is the subject of the '<> is not configured' message - are you saying it's the email address? Or that domain?

Sounds like I should contact the relay people next.

Thanks for your help,
Simon

PS That is not the true email address.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Quote:
Are you saying that this particular email address ('andrew<_at_>coree.com') is being rejected by the relay at MXSWEEP? Any idea why that should be?

No, I am saying <> is rejected as sender address. But as NDRs and DSNs have this, you should contact Mxsweep or who ever hosts your relay, to not do this check.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Why Kerio Connect Messages Store not encrypted ?
Next Topic: Run rules manually on existing messages?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 01:02:57 CET 2017

Total time taken to generate the page: 0.00500 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.