LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Exim SMTP problem delivering mail to gmail. (http://www.linuxquestions.org/questions/linux-server-73/exim-smtp-problem-delivering-mail-to-gmail-862049/)

dracuss 02-11-2011 08:04 AM

Exim SMTP problem delivering mail to gmail.
 
We have a server, that works at the same time as a internet gateway and also is our mail server. Recently, we have some very strange problems with Gmail and other popular local mail service, mail.ru. We keep receiving these errors:
Code:

2011-02-11 11:17:28 Received from mail1@domen1.com H=(336GCurmei) [192.168.235.57] P=esmtpa A=login:mail1@domen1.com S=41752
2011-02-11 11:17:38 SMTP error from remote mail server after initial connection: host gmail-smtp-in.l.google.com [74.125.79.27]: 451 too many connection attempts
2011-02-11 11:17:38 SMTP error from remote mail server after initial connection: host alt1.gmail-smtp-in.l.google.com [74.125.53.27]: 451 too many connection attempts
2011-02-11 11:20:47 alt2.gmail-smtp-in.l.google.com [209.85.225.27] Connection timed out
2011-02-11 11:20:47 SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 11:20:47 SMTP error from remote mail server after initial connection: host alt4.gmail-smtp-in.l.google.com [74.125.91.27]: 451 too many connection attempts
2011-02-11 11:20:47 mail2@gmail.com R=dnslookup T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host alt4.gmail-smtp-in.l.google.com [74.125.91.27]: 451 too many connection attempts
2011-02-11 11:40:31 SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 11:40:31 mail2@gmail.com R=dnslookup T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 12:37:22 SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 12:37:22 mail2@gmail.com R=dnslookup T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 14:37:22 SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts
2011-02-11 14:37:22 mail2@gmail.com R=dnslookup T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host alt3.gmail-smtp-in.l.google.com [74.125.159.27]: 451 too many connection attempts

I googled for any possible ways to solve this problem, but could find no satisfying answer. Any help would be appreciated. Thank you for your attention.

jcalzare 02-11-2011 08:17 AM

It means that google has throttled you for attempting to connect to their servers too many times. You should probably make it a priority to locate the source of the emails that you are flooding gmail with.

http://www.google.com/support/appsec...&answer=134416

They are not accepting mail from your server. Are you spamming?

dracuss 02-12-2011 12:50 AM

jcalzare, no I don't. But there is certainly a possibility that any of approximatively 150 Pc's in there have a spambot installed. Thanks for your help.

wetech3 02-13-2011 12:44 AM

Google refuses the connction from your IP, becase of spamming or too many connection requestes ggole may consider this IP as a spammer and they tag mails as SPAM. Tis error also happen if you are using some mail scripts with out authentication. So check any spamming from your server.

dracuss 02-21-2011 04:53 AM

I scanned the gateway traffic with tcpdump, both on the Internet interface eth0, and from the "inside" interface eth1, but couldn't find any suspect activity. As a measure of precaution I disabled masquerading and redirected all the Internet traffic through squid, but anyway these messages didn't disappear. Are there any other reasons why such kind of messages are received? Thank you very much for your help.

dracuss 02-22-2011 08:43 AM

Marking problem as solved. There was a rootkit on the machine. We disabled it, blocked the 465 port (which was the cause of the messages) an everything now works just fine. Thank you very much for your help


All times are GMT -5. The time now is 07:54 PM.