Results 1 to 6 of 6

Thread: MTA bouncing valid email addresses as "undeliverable"

  1. #1
    zwvpadmin Guest

    Default MTA bouncing valid email addresses as "undeliverable"

    I was having some bad issues with spam. It was recommended that I check the following boxes in zimbraAdmin:

    reject_unknown_client
    reject_unknown_hostname
    reject_unknown_sender_domain

    I also added RBLs for:

    zen.spamhaus.org
    dnsbl.sorbs.net
    b.barracudacentral.org

    Spam stopped being a problem, BUT now we've little by little started bouncing valid vendors emails as "undeliverable"

    This is a HUGE problem. So far its only about a dozen addresses, but seems to be growing quickly (only 6 last week).

    using one of the problem email addresses ( _@crosbybrownlie.com), I've grep'd through logs and found:

    /var/log/zimbra.log

    Jan 8 09:10:15 mail postfix/smtpd[9804]: NOQUEUE: reject: RCPT from host-69-95-11-35.roc.choiceone.net[69.95.11.35]: 450 4.7.1 <CBSERVER.CBDOMAIN.local>: Helo command rejected: Host not found; from=<_@crosbybrownlie.com> to=<_@vpsupply.com> proto=ESMTP helo=<CBSERVER.CBDOMAIN.local>

    Which appears several times for each attempt they've made to try again.

    I've added the following rule to the /opt/zimbra/conf/salocal.cf.in:

    whitelist_from *@crosbybrownlie.com

    But it did not seem to affect the issue.

    Is there a way to remedy this without turning off the reject rules? Hopefully one that does not require adding each domain to a safe list as I'm sure this problem will be reoccurring as time goes forward.

    I need to get this figured out immediately, very large bids are being held up and we are risking loosing large accounts over it.

    Thanks in advance for any help!

  2. #2
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    8

    Default RFC's

    The bounced message is coming from a server that is not RFC compliant. Either its response to the HELO command is not what their MX record says it should be or reverse DNS is incorrect. Probably the former. Zimbra is doing a DNS check as per the settings and the DNS response from the offending server is incorrect.

    This is a big problem as a lot of mail admins setup their servers without bothering to read to RFC's that are pertinent.

    These DNS checks stop probably 80% of the spam coming to my server since so much spam comes from botnets instead of actual mail servers.

    Our company's CPA's mail was being bounced for this very reason. But his mail admin fixed their issues after I sent him a link from MS regarding this issue as it pertains to Exchange and customizing the HELO response.

    I'm of the belief if their mail server isn't setup properly than their mail gets bounced - PERIOD. This is a decision you will have to make. Either turn of the DNS checks, or try to communicate with the mail admin of the offending server to fix his problem, or continue to have these mails bounce.

  3. #3
    Jbrabander's Avatar
    Jbrabander is offline Elite Member
    Join Date
    May 2008
    Location
    Park City, KS
    Posts
    342
    Rep Power
    6

    Default

    We had to turn off reject_unknown_client and reject_unknown_hostname as it was blocking a lot of mail from legitimate vendors we deal with. (big name companies too!) And who knows how many customer emails we never received.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    You would certainly need to remove them as the sending MTA is using a suffix off .local Adding them into salocal.conf will not make a difference anyway as those reject lines are for Postfix which happens before SA even gets involved. The only way I can think of whitelisting them is to create a Postfix policy map and allow those domains to be received from.

  5. #5
    zwvpadmin Guest

    Default Discouraging

    How would I go about creating said map? This would be cumbersome but perhaps a good compromise.

    Calling a dozen vendors to say "if you want to do business with us you have to let OUR IT guy tell YOUR IT guy he didn't pay attention in class" doesn't sound feasible.

    I did a quick google search but didn't find anything like this.
    Last edited by zwvpadmin; 01-08-2009 at 08:48 AM.

  6. #6
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    8

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 08:57 AM
  2. MTA service stopping and 1m later starting again?
    By ArcaneMagus in forum Administrators
    Replies: 5
    Last Post: 03-23-2010, 08:43 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •