PDA

View Full Version : SMTP problems



FZ
03-23-2004, 02:21 PM
I can't seem to send any mail through today (tried at various times of the day):

Tried 2 different mail programs, both say that either the connection was terminated/timed out, the SMTP server is not working or is refusing to accept connections.

I've also tried re-dialling into my ISP (thereby changing my IP address), and it is registered correctly in /etc/mail/relay-domains. Sending mail via SSH and Pine also works. Anyone have any ideas (or is experiencing this too) before I send in a support ticket?

It seems to only have started after I added an IP range to the IP Filter (a spammer's IP address). I definitely added it correctly, only putting a wildcard in the last "subset"/box (and the IP address is nothing like mine). I have since removed the filter but the problem has not gone away.

FZ
03-23-2004, 02:25 PM
Interesting, I just saw this in my relay-domains:


# Do not edit this line and next line (ServerDirector output). 1080073445
140.174.9.10

This IP belongs (http://www.samspade.org/t/lookat?a=140.174.9.108) to "Mailblocks" (http://www.mailblocks.com) - which I have never heard of! Is WestHost trying something new to stop Spam? Anyone else have this entry in their file?

FZ
03-23-2004, 02:32 PM
Asked and answered:

Clearing out the relay-domains file (with all but the top 3/default/WestHost entries) seems to have fixed the problem. I did this because I noticed it contained some of my older IP addresses in it too...

firebirdfan
03-23-2004, 11:51 PM
I think WH is trying some spam filtering for the benefit of their clients, but I'm not sure if they might accidentally filter some those harmless souls out there.

As posted by you Fayeez, coz I've got a client that said she sent to me the email numerous times but I did not receive even one.
With regards to the IP mentioned - I have none in my vps, but I don't understand why are there so many repetition of my own IP in the relay domain file ?

Funny thing when I check my sendmail log, I see that westhost is using relay from a brazillian domain belement.com.br ( this mail may be forged )
what does that imply ?

FZ
03-27-2004, 07:33 AM
Sorry, but I have no idea, firebirdfan!

Hmm, I checked my relay-domains file again today, and apart from 5 "copies" of the same (my) IP address, there are also two "copies" of 140.174.9.82 - back in by itself. It's part of that whole "Mailblocks" thing I discovered earlier. Is anyone else seeing this IP (or another one in the same IP block) in their relay-domains file too?

adpwl1
03-27-2004, 07:58 AM
FZ, I didn't have the 140.x.x.x address anywhere in my file, but I did have about 50 of the same IP address. It looked to be one of my email users.

FZ
03-27-2004, 08:11 AM
Thanks for checking adpwl1 :)

wildjokerdesign
03-27-2004, 10:09 AM
Same here did not find the 140... IP but did find IP's that seem to match those of ISP of the client. This was not real consistant in all accounts but there did seem to be pattern for amount listings in coralation to how many users where on each account. There where some accounts that did not have the IP's listed Like I say it was hard to see a pattern plus the accounts I checked (about 5) are all set up a bit different. I'll try to look at the accounts closer to see if I can find a pattern. One of the accounts that had no IP's uses only email accounts and no alias accounts. Perhaps that has something to do with it.

Could your ISP be routing something through the mailblocks IP somehow?

FZ
03-27-2004, 02:00 PM
Thanks for responding, Shawn. Yeah, it looks like everyone sees the "IP is repeated several times" phenomenon, but nobody else is seeing the Mailblocks thing. It's really strange. Good point with the ISP thing, it is possible, but unlikely (my ISP is generally very informative when it comes to making mail server changes, etc. like that).