Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sender can't send emails and getting bounced 550: not permitted errors (On KC security logs: SMTP connection rejection, closing connection etc)
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
Hi,

I have got a weird problem. I am not sure if i am right in thinking what i am or i am still in hangover from last night..

well one of our suppliers used to send us emails but today they are getting bounced back messages saying:

550 Not permitted
some header:
Tue 2012-12-11 10:20:03: Attempting SMTP connection to [xx.com]
Tue 2012-12-11 10:20:04: Resolving MX records for [xx.com] (DNS
Server: xx.6.xx.162)... Tue 2012-12-11 10:20:04: * P=010 S=000
D=xx.com TTL=(5) MX=[mail.xx.com] Tue 2012-12-11 10:20:04: *
P=020 S=001 D=xx.com TTL=(5) MX=[mx2.mailhop.org] Tue 2012-12-11
10:20:04: Attempting SMTP connection to [mail.xx.com:25] Tue
2012-12-11 10:20:04: Resolving A record for [mail.xx.com] (DNS
Server: xx.6.xx.162)... Tue 2012-12-11 10:20:04: * D=mail.xx.com
TTL=(5) A=[xx.157.xx.58] Tue 2012-12-11 10:20:04: Attempting SMTP
connection to [xx.157.xx.xx:25] Tue 2012-12-11 10:20:04: Waiting for
socket connection... 


I am not sure why they getting it.. but some emails are coming tho.

On our KC security logs i have noticed alot of logs from their (suppliers) mail server IP address attempts. 3 of the examples are:


[11/Dec/2012 10:47:08] SMTP Spam attack detected from xx.xx.xx.xx, client closed connection before SMTP greeting
[11/Dec/2012 13:12:55] Too many simultaneous SMTP connections from xx.xx.xx.xx
[11/Dec/2012 13:14:55] SMTP connection from xx.xx.xx.xx rejected: too many messages last hour


Now am I right in thinking that they should not be making any smtp connections to our server? right? smtp should be used on their server right?

am i missing something here?

We have mx record pointing to our server here, and we also have dyndns backup mx which u can see in header up there.

Could it be that our doesnt respond in timely fashion and it is going to backup mx and they are rejecting it?

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
puretech wrote on Tue, 11 December 2012 17:00

some header:


This looks like a log snippet from some kind of debugging log to me, not email headers. Where is it from? Your server or the sender's?


puretech wrote on Tue, 11 December 2012 17:00

[11/Dec/2012 10:47:08] SMTP Spam attack detected from xx.xx.xx.xx, client closed connection before SMTP greeting
[11/Dec/2012 13:12:55] Too many simultaneous SMTP connections from xx.xx.xx.xx
[11/Dec/2012 13:14:55] SMTP connection from xx.xx.xx.xx rejected: too many messages last hour


It says what it says. Looks like the sender is an "early talker", so you may want to whitelist it.

puretech wrote on Tue, 11 December 2012 17:00

Now am I right in thinking that they should not be making any smtp connections to our server? right? smtp should be used on their server right?

Nope, you are not right in thinking that. Your hangover must be really, really bad Cool

puretech wrote on Tue, 11 December 2012 17:00
We have mx record pointing to our server here, and we also have dyndns backup mx which u can see in header up there.

I probably could, if I were a psychic. If you can't or won't disclose what's already public information, open a support ticket with Kerio or your reseller.

Also see the link in my signature.
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
The header bit was from the bounced back email they received which forwarded me on my hotmail account.

I have put them to a whitelist, but the log about too many messages in last hour still comes sometimes.

Just to double check: Whitelist is under content filter >spam filter and then blacklist, right?

I remember seeing somewhere the setting for increasing how many messages per hour from one IP address, if i increase it (currently 100) will that solve the error about too many messages in an hour?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I'm sorry, but I don't think I can help you. Your problem can probably be solved by basic mail, DNS and network troubleshooting, but your original problem description does not provide any useful info. There are no clear symptoms, no logs and no real problem as far as I can see. I can only guess at so many things ...
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Not to be an asshat or anything, but try reading this. It is as useful now as it was 15 years ago:
How To Ask Questions The Smart Way
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
With all due respect Mr TorW, if you cannot help, no need to post. That is all i can say in a very polite way.

That 'more useful info' you are talking about, i have hidden it in the logs and header so it doesnt come under search for spammers to use.

Now the question i asked in the second post was quite simple - about the right place for the whitelist on KC.

  •  
freakinvibe

Messages: 1508
Karma: 58
Send a private message to this user
Quote:
Now am I right in thinking that they should not be making any smtp connections to our server? right? smtp should be used on their server right?

SMTP is used on both sides, the sender is the "SMTP Client" and the recipient is the "SMTP Server".

Quote:
[11/Dec/2012 10:47:08] SMTP Spam attack detected from xx.xx.xx.xx, client closed connection before SMTP greeting

That means you have Spam Repellent enabled and the sender doesn't wait for your servers response. If you are sure you never get spam from the IP address you can put it in the white list and it will not have to wait the 25 seconds (or whatever you have Spam Repellent set to).

Quote:
[11/Dec/2012 13:12:55] Too many simultaneous SMTP connections from xx.xx.xx.xx

This is due to the following setting:
- Max. number of concurrent SMTP connections from one IP address = 30 (or whatever you have set)

Quote:
[11/Dec/2012 13:14:55] SMTP connection from xx.xx.xx.xx rejected: too many messages last hour

This is due to the following setting:
- Max. number of messages per hour from one IP address = 100 (or whatever you have set)

I would use the option
- Do not apply those limits to IP address group: Trusted hosts (or whatever you have called the group)

This should solve all the issues.

Quote:
Just to double check: Whitelist is under content filter >spam filter and then blacklist, right?

No, the whitelist you are referring to does not help as it only kicks in later. As I have written above you must create an IP address group you trust and then add them to

- Do not apply those limits to IP address group: Trusted hosts (or whatever you have called the group)

This can be found under

Configuration > SMTP Server > Security options

[Updated on: Thu, 13 December 2012 16:02]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
Thanks freakinvibe.

I had bumped up message per hour from one IP address yesterday so it seems ok now.

I am trying not to put then in any trusted hosts yet, but lets see if this sorts out the problem.

Thanks for the useful reply again.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
puretech wrote on Thu, 13 December 2012 10:38
With all due respect Mr TorW, if you cannot help, no need to post. That is all i can say in a very polite way.

Sorry about that. Been taken hostage by hopeless threads one too many times, I guess.
Previous Topic: Kerio 8 fonts
Next Topic: KOC (not offline) + Outlook 2010 - installation fail - error 28104
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 03:35:04 CEST 2017

Total time taken to generate the page: 0.00470 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.