Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have Postfix 2.3.8 installed on my email server. I am just using postfix right now. Nothing but the MTA has been minimally configured at this point. I am able to get local email back and fourth no problem (Maildir style) but when I tried to send email from my local user account to my gmail account, I received the following delivery failure...
When I do a dig on my domain name / mx record, it comes back to my ISP provided IP no problem. What can I do to resolve this?
From: Mail Delivery System <MAILER-DAEMON@carlwill.com>
Subject: Undelivered Mail Returned to Sender
To: carlos@carlwill.com
Auto-Submitted: auto-replied
This is the mail system at host swordfish.carlwill.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<carloswill@gmail.com>: host gmail-smtp-in.l.google.com[209.85.133.27] said:
550-5.7.1 [67.8.168.254] The IP you're using to send email is not
authorized 550-5.7.1 to send email directly to our servers. Please use
550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27 (in reply to end of DATA command)
Final-Recipient: rfc822; carloswill@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send
email is not authorized 550-5.7.1 to send email directly to our servers.
Please use 550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27
Do you have your mail system reverse dns'ed? A lot of mail systems do a reverse dns check before accepting email. If the host name it finds for the ip address doesn't match what your system claims to be, it will generally bounce you.
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761
Rep:
Quote:
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send email is not authorized 550-5.7.1 to send email directly to our servers. Please use 550 5.7.1 the SMTP relay at your service provider instead.
Unless I'm reading this wrong, your IP address 67.8.168.254 is a number assigned to rr.com (Road Runner) domain and according to a nslookup resolves to 254.168.8.67.cfl.res.rr.com. The MX mail records for rr.com are lamx02.mgw.rr.com and vamx02.mgw.rr.com. It looks like Google email server will only receive mail on port 25 from the rr.com smarthost email server.
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761
Rep:
Quote:
I have a basic broadband dynamic IP with them but it never changes.
That dosen't matter. The reciving SMTP server is doing a reverse DNS lookup of your IP.
PTR/Reverse DNS checks To check the domain names in the rDNS to see if they are likely from dial-up users, dynamically assigned addresses, or home-based broadband customers. Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many mail servers also refuse e-mail with missing or "generic" rDNS names.
I am not sure I understand why you added a link on how to configure a mail client to pop mail from a gmail server.
Unless your MTA supports authentication when sending mail, you'll have to use a mail client that supports authentication to send mail directly to the smtp.gmail.com server. No authentication, you'll keep getting the 550-5.7.1 error.
If that dosen't make sense, then maybe someone else will chime in and explain it better than me.
The way a lot of ISPs work is to block outgoing traffic on port 25 from all of their clients, in a (largely unsuccessful) attempt to cut down on spam. It should work in theory, but the devious folks writing trojans/viruses have found ways around it. The problem with an ISP that blocks access to port 25 is that they also set up quasi-open relays. What they do is put up a large mail server that takes any traffic from their clients and relays it. I call it quasi-open because it isn't open to the world at large, but it is to any client of the ISP. The problem is, they consequently relay any and all mail sent by any customer out to the net, and they do it without password authentication. While this means that my boss who lives in Jersey has to use his ISPs outgoing relay to send mail because he can't have SMTP communications with my mail server, it also means anybody on his ISP with a trojan/virus that sends out mail will get it relayed to the public at large.
The message from gmail seems to indicate that they want you to use your ISPs relay, which should be fine, as long as it is quasi-open, and will relay the message without changing the user/domain name on the message.
I also don't see what help the link bsdunix provided is. That is how to configure a client to pop/smtp mail for a gmail account. You aren't trying to send out mail as you@gmail.com, you are trying to use your personal domain, so the client setup doesn't apply, it would have to be a server setup page.
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761
Rep:
Quote:
I have a basic broadband dynamic IP with them but it never changes.
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value
carlwill.com. SOA primary ns ns57.1and1.com.
Host Type Value
carlwill.com. A 67.8.168.254
Host Type Value
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value
carlwill.com. SOA primary ns ns57.1and1.com.
Host Type Value
carlwill.com. A 67.8.168.254
Host Type Value
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
Yup - thats exactly what I did. I hope they let me do that. If not I could be in some kind of trouble
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value
carlwill.com. SOA primary ns ns57.1and1.com.
Host Type Value
carlwill.com. A 67.8.168.254
Host Type Value
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
I have A records pointed to my own rr.com IP address at home, anyone can do such things with their DNS server and if they have their own domain name.. Setting up a reverse that works for residential service is impossible though.
I have A records pointed to my own rr.com IP address at home, anyone can do such things with their DNS server and if they have their own domain name.. Setting up a reverse that works for residential service is impossible though.
So I am basically out of luck unless I have a static IP, right?
At first I was thinking revers-dns as well, but I've run mail-servers on plenty of stuff that has a mis-matching PTR or no PTR, so I was thinking possibly SBL, but if there's no SBL, gmail usually just dumps it into the spam folder, but lets it get through.
This is the mail system at host swordfish.carlwill.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<carloswill@gmail.com>: host gmail-smtp-in.l.google.com[209.85.133.27] said:
550-5.7.1 [67.8.168.254] The IP you're using to send email is not
authorized 550-5.7.1 to send email directly to our servers. Please use
550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27 (in reply to end of DATA command)
Final-Recipient: rfc822; carloswill@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send
email is not authorized 550-5.7.1 to send email directly to our servers.
Please use 550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27
swordfish.carlwill.com doesn't actually have a DNS record, although that isn't the problem at all.
This one seems specific to gmail. It bugs me that the error code is 550-5.7.1 which is generic relaying denied. I don't know if there's a way around it, it doesn't seem to be roadrunner's fault at all. The ways around it would be ugly:
1. set up postfix transport to actually go through rr's mailserver, although that's almost invariably going to require authentication and I've never had to set up postfix to do an authenticated relay.
2. get someone who's on an ip-block that isn't getting the stinky finger from gmail to relay just for your IP. I had to do this once before when my old mailserver was on a block that was on SPEWS.
3. setting up SBL might actually take care of it. Since Gmail's checks are a total mystery it might give the okay once it sees a valid SBL reverse? That's if the SBL check fires off before whatever nameless relay check its running that's causing the 550.
I'll note that you shouldn't probably be using dynamic IP with any server if you like it to work tomorrow too, because the fact that your ISP usually assigns you the same IP doesn't mean they do it always. If it happens that they assign it to somebody else, you're out of luck - you will get on the net with another IP too, but any services that would point to the old IP address didn't function all right. In a bad case it could be a security risk.
Another thing is running a server on a normal broadband connection, if it's meant for "clients" only (not "servers"). It depends on the ISP and country, but I'll mention that here if you get caught running a (public, which they can find) server of your own, you can get into trouble - trouble that costs you money, your broadband connection and in a bad case your server equipment. Sounds unfair maybe, but that's the way. They even mention it in the deal, so if you haven't read it thoroughly yet, you should do it. Some ISPs are rather nasty about these things.
I agree that ISPs can generally make your life difficult, even though you wouldn't be doing anything illegal. Mostly they have a reason for every act that says "we're just trying to decrease spam/misuse/security risks/crackers/etc., you must understand it". And in many cases it's mostly their own good they're after, or so it seems because their actions aren't as effective as one could imagine they were in a "really interesting" case. In some cases, though, they're absolutely right and you should know that
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.