1

Topic: One domain cannot send to ours

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.1
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 18.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I opened a ticket with our spam filter vendor, and we were able to find the issue for ourDomain.com is on their side. Their IT will need to investigate. Here is info to provide their IT department:
From: k****z@theirDomain.com Time: 2021-02-04 10:50:25
To: v***i@ourDomain.com Action: Whitelisted
Subject: TEST Reason: Client
Size: 15387 Delivery Status: Deferred
Source IP: spfaus-b.zixsmbhosted.com[74.203.184.41] Delivery Detail: connect to mail.ourDomain.com[ourSide IP Address]:25: Connection refused
ID: 1612457425-04ff3d3e181dac60001-34UB0x Delivery Time: 2021-02-04 11:09:37
Score: Destination Server: none

The most important part of this log is: Delivery Detail: connect to mail.ourDomain.com[ourSide IP Address]:25: Connection refused


Good day,

We have been using the iRedMail system for about a year and it has been great. Very reliable, stable, easy to add accounts. Just great.

One domain cannot send to us. The bit above this is what they sent to troubleshoot. The "spfaus-b.zixsmbhosted.com" is who they use for their mail protection. "theirDomain.com" is where they are sending from. "ourDomain.com" is where they are sending to us. "ourSideIP Address" is the outside IP address of our connection to the internet.

Everyone else can send to us without difficulty. Just this one place cannot. How can I fix this?

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: One domain cannot send to ours

Is the server IP address banned by Fail2ban on your server?

3

Re: One domain cannot send to ours

ZhangHuangbin wrote:

Is the server IP address banned by Fail2ban on your server?

I edited the jail.conf file to add all the addresses that zixcorp gave me to the ignoreip ine and I still cannot get their emails to come through. Are there any other files that I need to modify?

I'm trying to get an email account so that I can do some real-time testing but that might not happen.

Thanks

4

Re: One domain cannot send to ours

ZhangHuangbin wrote:

Is the server IP address banned by Fail2ban on your server?


This may be at least part of the problem. I ran this command and got the following output:

root@mx:/var/log# tail -1000 syslog | grep theirDomain
Feb 11 13:42:57 mx postfix/smtpd[9086]: connect from mail.theirDomain.com[theirIPAddress]
Feb 11 13:42:57 mx postfix/smtpd[9086]: Anonymous TLS connection established from mail.theirDomain.com[theirIPAddress]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 11 13:42:57 mx postfix/smtpd[9086]: NOQUEUE: reject: RCPT from mail.theirDomain.com[theirIPAddress]: 450 4.7.1 <whsspamfilter.theirDomain.com>: Helo command rejected: Host not found; from=<them@theirDomain.com> to=<me@myDomain.com> proto=ESMTP helo=<whsspamfilter.theirDomain.com>
Feb 11 13:42:57 mx postfix/smtpd[9086]: disconnect from mail.theirDomain.com[theirIPAddress] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

I'm looking in /etc/postfix/main.cf to see if there is a way to not reject messages from theirDomain. Maybe I can find a file to list exceptions or something. Or does the "Host not found; from <them@theirDomain.com>" mean that their server cannot find any information on myDomain? Or, finally, does this mean that another of the installed filters, maybe not something in postfix, need to be edited?

Thanks again

5

Re: One domain cannot send to ours

It's rejected due to their HELO hostname "whsspamfilter.theirDomain.com" not resolvable by DNS query.

You can whitelist it in file /etc/postfix/helo_access.pcre, PREpend this line:

/^whsspamfilter\.theirDomain\.com$/ OK

6

Re: One domain cannot send to ours

ZhangHuangbin wrote:

It's rejected due to their HELO hostname "whsspamfilter.theirDomain.com" not resolvable by DNS query.

You can whitelist it in file /etc/postfix/helo_access.pcre, PREpend this line:

/^whsspamfilter\.theirDomain\.com$/ OK

That was it!!! Thank you very much. I added the line and tested successfully. 2 cups of coffee headed your way!

7

Re: One domain cannot send to ours

Thanks for the coffee. smile