On 12/19/2019 3:54 PM, Bob Proulx wrote:
I have a case that is odd to me and I can't figure it out. Hopefully
someone here will be able to set me straight. This is on a friend's
system that I am helping to maintain.
My friend somewhat out of the blue decided to start sending mail from
a rented VM server. I hadn't expected and don't think it is really
set up as it should for it. But people do what people do. It is not
set up with DKIM. "inet_interfaces = loopback-only" so it cannot
receive mail and therefore cannot possibly be relaying spam. This was
a clean IP as far as I could tell and my friend has used it for the
last few years. Therefore I know that it has not generated any email
at all other than what my friend has recently decided to send out
personally.
root@ergo:~$ grep 4E7541E092 /var/log/mail.log
Dec 19 13:11:55 ergo postfix/qmgr[2592]: 4E7541E092: from=<[[redacted]]>,
size=4861, nrcpt=2 (queue active)
Dec 19 13:11:55 ergo postfix/smtp[7858]: 4E7541E092:
to=<[[redacted]]@fortboise.org>,
relay=mx.fortboise.org.cust.a.hostedemail.com[216.40.42.4]:25, delay=315407,
delays=315407/0.02/0.14/0, dsn=4.7.1, status=deferred (host
mx.fortboise.org.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1
Service unavailable; Client host [93.184.216.34] blocked using urbl.hostedemail.com;
Your IP has been manually blacklisted)
Dec 19 14:21:55 ergo postfix/qmgr[2592]: 4E7541E092: from=<[[redacted]]>,
size=4861, nrcpt=2 (queue active)
Dec 19 14:21:55 ergo postfix/smtp[19888]: 4E7541E092:
to=<[[redacted]]@fortboise.org>,
relay=mx.fortboise.org.cust.a.hostedemail.com[216.40.42.4]:25, delay=319607,
delays=319607/0.02/0.18/0, dsn=4.7.1, status=deferred (host
mx.fortboise.org.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 554 5.7.1
Service unavailable; Client host [93.184.216.34] blocked using urbl.hostedemail.com;
Your IP has been manually blacklisted)
And the above repeats. I made some obvious redactions and
93.184.216.34 is actually example.com but you can understand me
keeping my friend's information out of my email here. The IP listed
was the IP of my friend's VM originating the mail.
There are currently 15 requests in the queue. Which all appear to be
personal correspondence that my friend typed in. Prolific! They
eventually timeout after, I think, bounce_queue_lifetime as expected.
Here is a sample of the bounce message generated. Which is why I am
involved trying to help.
<[[redacted]]@fortboise.org>: host
mx.fortboise.org.cust.a.hostedemail.com[216.40.42.4]
refused to talk to me: 554 5.7.1 Service unavailable; Client host
[93.184.216.34] blocked using urbl.hostedemail.com; Your IP has been
manually blacklisted
But this confuses me. It appears to me that the message was rejected
at SMTP time with a 554 code. Therefore shouldn't that generate a
bounce message immediately? Why is dsn=4.7.1 being logged there?
Was the actual SMTP rejecting a 554? Or was it a 471? I feel it must
have been a 471 because it is retrying instead of immediately
bouncing. Yet here it is saying it was a 554. In which case why
isn't it bouncing immediately?
The remote server greeted postfix with a 554 code. By default,
postfix defers mail when the remote server does this. If you would
rather have postfix immediately bounce the mail, see:
http://www.postfix.org/postconf.5.html#smtp_skip_5xx_greeting
As for why it's being rejected, you'll need to contact the relay
postmaster. Looks like the IP has been "manually blacklisted," so
one would presume it will need to be manually whitelisted.
-- Noel Jones
