1 Topic by bnobre

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Topic: Client host rejected: Access denied

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Ubuntu 20.04.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I'm trying to send emails via SMTP, but I get the error: Client host rejected: Access denied

This error started after I got hundreds of error return messages as if I tried to send multiple emails to Germany. Is attached.

What information do I have to display so they can try to help me? I thank the attention

Post's attachments

part1.png
part1.png 43.93 kb, file has never been downloaded. 

part2.png
part2.png 29.18 kb, file has never been downloaded. 

part3.png
part3.png 21.54 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Jochy

  • Jochy
  • Member
  • Offline
  • Registered: 2022-03-17
  • Posts: 13

Re: Client host rejected: Access denied

Well, the original message is SPAM / SCAM. These are typical fraud mails, pretending to originate from Volksbank. Probably, somebody sends them on your behalf? This is possible because your domain is not set up correctly. Use SPF to protect your domain from being abused?

3 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 888

Re: Client host rejected: Access denied

Either your mail account has been hacked and was used to send bulk unsolicited mails, or the sender was forged.

do you have spf/dkim/dmarc records for your domain?

4 Reply by bnobre

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Re: Client host rejected: Access denied

Hi my friend... How can I check this?
My knowledge is basic... I used this tutorial to create this server: https://www.linuxbabe.com/mail-server/u … ail-server

Cthulhu wrote:

Either your mail account has been hacked and was used to send bulk unsolicited mails, or the sender was forged.

do you have spf/dkim/dmarc records for your domain?

5 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 888

Re: Client host rejected: Access denied

you should not operate a mail server without knowledge in my opinion hmm

6 Reply by bnobre

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Re: Client host rejected: Access denied

I created the SPF/DKIM/DMARC recordings as per the tutorial.

It's been working great until now... since last year. I configured correctly following the tutorial. Can you help me? I pay for the coffee

Cthulhu wrote:

you should not operate a mail server without knowledge in my opinion hmm

7 Reply by bnobre

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Re: Client host rejected: Access denied

Yes... I used, as per the tutorial: https://www.linuxbabe.com/mail-server/u … ail-server

Jochy wrote:

Well, the original message is SPAM / SCAM. These are typical fraud mails, pretending to originate from Volksbank. Probably, somebody sends them on your behalf? This is possible because your domain is not set up correctly. Use SPF to protect your domain from being abused?

8 Reply by Jochy

  • Jochy
  • Member
  • Offline
  • Registered: 2022-03-17
  • Posts: 13

Re: Client host rejected: Access denied

I guess, it's not your server guilty. Somebody is using your mail address as a sender address, so non-delivery reports go to you. This can be done for 2 reasons: a) to piss you (so it's a kind of DOS attack), or b) to send SPAM.

If you look at the headers of the original mail: It will show the IP address of a server. You posted some headers. The IP there is 45.173.152.228, it's a Brazilian one. So your server is not involved at all.

You coulöd also check with tools like https://mxtoolbox.com/blacklists.aspx. It will tell you if your server is a well-known SPAM sender. I guess, it's not. If you use SPF/DKIM/DMARC, no properly set up server will accept mails from a fraud server pretending it's yours.

SPF/DKIM/DMARC is DNS-based information. A server receiving mail should check if the sending server is the one this very domain uses for sending. It will stop communication (without sending non-delivery reports) if these checks fail.

9 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 888

Re: Client host rejected: Access denied

you trying to send as a nullsender which aswell causes a rejection

10 Reply by bnobre (edited by bnobre 2022-03-22 03:57:19)

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Re: Client host rejected: Access denied

Sorry guys... It was an error in the client's SMTP configuration that generated the rejection... The most incredible thing is that this started happening right AFTER SPAM, so I associated and didn't see that it was a failure in the client's SMTP configuration. Excuse

Regarding SPAM, I believe there was an account hack. I changed the password, but it looks like the emails were in the Postfix queue trying to be sent, so I cleared the Postfix queue with the command postsuper -d ALL.
Now I'm going to follow to see if the SPAM continues and let you know. Thanks everyone for your help

11 Reply by bnobre

  • bnobre
  • Member
  • Offline
  • Registered: 2021-08-18
  • Posts: 24

Re: Client host rejected: Access denied

I also enabled a SMTP Rate Limiting.

This will help if another account is hacked.

Font: https://www.linuxbabe.com/mail-server/h … ed-as-spam

bnobre wrote:

Sorry guys... It was an error in the client's SMTP configuration that generated the rejection... The most incredible thing is that this started happening right AFTER SPAM, so I associated and didn't see that it was a failure in the client's SMTP configuration. Excuse

Regarding SPAM, I believe there was an account hack. I changed the password, but it looks like the emails were in the Postfix queue trying to be sent, so I cleared the Postfix queue with the command postsuper -d ALL.
Now I'm going to follow to see if the SPAM continues and let you know. Thanks everyone for your help