LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-19-2008, 10:38 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
Gmail Rejects Email From My Server - Why?


I have Postfix 2.3.8 installed on my email server. I am just using postfix right now. Nothing but the MTA has been minimally configured at this point. I am able to get local email back and fourth no problem (Maildir style) but when I tried to send email from my local user account to my gmail account, I received the following delivery failure...

When I do a dig on my domain name / mx record, it comes back to my ISP provided IP no problem. What can I do to resolve this?



From: Mail Delivery System <MAILER-DAEMON@carlwill.com>
Subject: Undelivered Mail Returned to Sender
To: carlos@carlwill.com
Auto-Submitted: auto-replied

[-- Attachment #1: Notification --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.7K --]

This is the mail system at host swordfish.carlwill.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<carloswill@gmail.com>: host gmail-smtp-in.l.google.com[209.85.133.27] said:
550-5.7.1 [67.8.168.254] The IP you're using to send email is not
authorized 550-5.7.1 to send email directly to our servers. Please use
550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27 (in reply to end of DATA command)

[-- Attachment #2: Delivery report --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.5K --]

Reporting-MTA: dns; swordfish.carlwill.com
X-Postfix-Queue-ID: 77E6116B022D
X-Postfix-Sender: rfc822; carlos@carlwill.com
Arrival-Date: Sat, 19 Jan 2008 22:16:42 -0500 (EST)

Final-Recipient: rfc822; carloswill@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send
email is not authorized 550-5.7.1 to send email directly to our servers.
Please use 550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27

[-- Attachment #3: Undelivered Message --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 0.4K --]

To: carloswill@gmail.com
Subject: Email Server Is Online!
From: Carlos Williams <carlos@carlwill.com>

Hello!!!
 
Old 01-19-2008, 11:03 PM   #2
docalton
Member
 
Registered: Dec 2002
Location: St Louis, MO
Distribution: Arch Linux
Posts: 99

Rep: Reputation: 15
Do you have your mail system reverse dns'ed? A lot of mail systems do a reverse dns check before accepting email. If the host name it finds for the ip address doesn't match what your system claims to be, it will generally bounce you.

Good luck

Hope this helps.
 
Old 01-19-2008, 11:04 PM   #3
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 79
Quote:
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send email is not authorized 550-5.7.1 to send email directly to our servers. Please use 550 5.7.1 the SMTP relay at your service provider instead.
Unless I'm reading this wrong, your IP address 67.8.168.254 is a number assigned to rr.com (Road Runner) domain and according to a nslookup resolves to 254.168.8.67.cfl.res.rr.com. The MX mail records for rr.com are lamx02.mgw.rr.com and vamx02.mgw.rr.com. It looks like Google email server will only receive mail on port 25 from the rr.com smarthost email server.

But I did find this from Google:

Configuring other mail clients
http://mail.google.com/support/bin/a...87&topic=12810

Please note that if your client does not support SMTP authentication, you won't be able to send mail through your client using your Gmail address.
 
Old 01-19-2008, 11:09 PM   #4
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
OK - that makes sense. My ISP is rr.com (Road Runner / Brighthouse Networks) and I have a basic broadband dynamic IP with them but it never changes.

I am not sure I understand why you added a link on how to configure a mail client to pop mail from a gmail server.

Thanks for your info!

Last edited by carlosinfl; 01-19-2008 at 11:11 PM.
 
Old 01-20-2008, 10:18 AM   #5
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 79
Quote:
I have a basic broadband dynamic IP with them but it never changes.
That dosen't matter. The reciving SMTP server is doing a reverse DNS lookup of your IP.

PTR/Reverse DNS checks
To check the domain names in the rDNS to see if they are likely from dial-up users, dynamically assigned addresses, or home-based broadband customers. Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many mail servers also refuse e-mail with missing or "generic" rDNS names.

http://en.wikipedia.org/wiki/Anti-sp...rse_DNS_checks

Quote:
I am not sure I understand why you added a link on how to configure a mail client to pop mail from a gmail server.
Unless your MTA supports authentication when sending mail, you'll have to use a mail client that supports authentication to send mail directly to the smtp.gmail.com server. No authentication, you'll keep getting the 550-5.7.1 error.

If that dosen't make sense, then maybe someone else will chime in and explain it better than me.

Last edited by bsdunix; 01-20-2008 at 10:49 AM.
 
Old 01-20-2008, 11:07 AM   #6
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
The way a lot of ISPs work is to block outgoing traffic on port 25 from all of their clients, in a (largely unsuccessful) attempt to cut down on spam. It should work in theory, but the devious folks writing trojans/viruses have found ways around it. The problem with an ISP that blocks access to port 25 is that they also set up quasi-open relays. What they do is put up a large mail server that takes any traffic from their clients and relays it. I call it quasi-open because it isn't open to the world at large, but it is to any client of the ISP. The problem is, they consequently relay any and all mail sent by any customer out to the net, and they do it without password authentication. While this means that my boss who lives in Jersey has to use his ISPs outgoing relay to send mail because he can't have SMTP communications with my mail server, it also means anybody on his ISP with a trojan/virus that sends out mail will get it relayed to the public at large.

The message from gmail seems to indicate that they want you to use your ISPs relay, which should be fine, as long as it is quasi-open, and will relay the message without changing the user/domain name on the message.

I also don't see what help the link bsdunix provided is. That is how to configure a client to pop/smtp mail for a gmail account. You aren't trying to send out mail as you@gmail.com, you are trying to use your personal domain, so the client setup doesn't apply, it would have to be a server setup page.

Peace,
JimBass
 
Old 01-20-2008, 11:08 AM   #7
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 79
Quote:
I have a basic broadband dynamic IP with them but it never changes.
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value 
carlwill.com. SOA primary ns ns57.1and1.com. 

Host Type Value 
carlwill.com. A 67.8.168.254

Host Type Value 
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
 
Old 01-20-2008, 10:41 PM   #8
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by bsdunix View Post
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value 
carlwill.com. SOA primary ns ns57.1and1.com. 

Host Type Value 
carlwill.com. A 67.8.168.254

Host Type Value 
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
Yup - thats exactly what I did. I hope they let me do that. If not I could be in some kind of trouble
 
Old 01-20-2008, 10:47 PM   #9
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Quote:
Originally Posted by bsdunix View Post
Oh, I see now you registered carwill.com domain with 1and1.com domain registration using your dymamic assigned IP from Road Runner. I didn't think you could that. No wonder the reverse DNS lookup is resolving to rr.com. Road Runner lets you do that? If they do, more power to you.
Code:
Host Type Value 
carlwill.com. SOA primary ns ns57.1and1.com. 

Host Type Value 
carlwill.com. A 67.8.168.254

Host Type Value 
254.168.8.67.in-addr.arpa PTR 254.168.8.67.cfl.res.rr.com.
I have A records pointed to my own rr.com IP address at home, anyone can do such things with their DNS server and if they have their own domain name.. Setting up a reverse that works for residential service is impossible though.
 
Old 01-20-2008, 10:53 PM   #10
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by trickykid View Post
I have A records pointed to my own rr.com IP address at home, anyone can do such things with their DNS server and if they have their own domain name.. Setting up a reverse that works for residential service is impossible though.
So I am basically out of luck unless I have a static IP, right?
 
Old 01-20-2008, 11:00 PM   #11
finegan
Guru
 
Registered: Aug 2001
Location: Dublin, Ireland
Distribution: Slackware
Posts: 5,700

Rep: Reputation: 57
At first I was thinking revers-dns as well, but I've run mail-servers on plenty of stuff that has a mis-matching PTR or no PTR, so I was thinking possibly SBL, but if there's no SBL, gmail usually just dumps it into the spam folder, but lets it get through.

Bit of a mystery,

Can you provide more mail header from the bounce?

Cheers,

Finegan
 
Old 01-20-2008, 11:02 PM   #12
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
This is the entire message:

This is the mail system at host swordfish.carlwill.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<carloswill@gmail.com>: host gmail-smtp-in.l.google.com[209.85.133.27] said:
550-5.7.1 [67.8.168.254] The IP you're using to send email is not
authorized 550-5.7.1 to send email directly to our servers. Please use
550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27 (in reply to end of DATA command)



Reporting-MTA: dns; swordfish.carlwill.com
X-Postfix-Queue-ID: 77E6116B022D
X-Postfix-Sender: rfc822; carlos@carlwill.com
Arrival-Date: Sat, 19 Jan 2008 22:16:42 -0500 (EST)

Final-Recipient: rfc822; carloswill@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [67.8.168.254] The IP you're using to send
email is not authorized 550-5.7.1 to send email directly to our servers.
Please use 550 5.7.1 the SMTP relay at your service provider instead.
c27si9474770ana.27



Subject:
Email Server Is Online!
From:
carlos@carlwill.com (Carlos Williams)
Date:
Sat, 19 Jan 2008 22:16:42 -0500 (EST)
To:
carloswill@gmail.com

Carlwill.com is online!
 
Old 01-20-2008, 11:34 PM   #13
finegan
Guru
 
Registered: Aug 2001
Location: Dublin, Ireland
Distribution: Slackware
Posts: 5,700

Rep: Reputation: 57
swordfish.carlwill.com doesn't actually have a DNS record, although that isn't the problem at all.

This one seems specific to gmail. It bugs me that the error code is 550-5.7.1 which is generic relaying denied. I don't know if there's a way around it, it doesn't seem to be roadrunner's fault at all. The ways around it would be ugly:

1. set up postfix transport to actually go through rr's mailserver, although that's almost invariably going to require authentication and I've never had to set up postfix to do an authenticated relay.

2. get someone who's on an ip-block that isn't getting the stinky finger from gmail to relay just for your IP. I had to do this once before when my old mailserver was on a block that was on SPEWS.

3. setting up SBL might actually take care of it. Since Gmail's checks are a total mystery it might give the okay once it sees a valid SBL reverse? That's if the SBL check fires off before whatever nameless relay check its running that's causing the 550.

Word,

Finegan
 
Old 01-21-2008, 11:33 AM   #14
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Thanks all! I am going to relay all outbound email through rr.com's email server which I discovered does not require authentication...
 
Old 01-21-2008, 12:33 PM   #15
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
I'll note that you shouldn't probably be using dynamic IP with any server if you like it to work tomorrow too, because the fact that your ISP usually assigns you the same IP doesn't mean they do it always. If it happens that they assign it to somebody else, you're out of luck - you will get on the net with another IP too, but any services that would point to the old IP address didn't function all right. In a bad case it could be a security risk.

Another thing is running a server on a normal broadband connection, if it's meant for "clients" only (not "servers"). It depends on the ISP and country, but I'll mention that here if you get caught running a (public, which they can find) server of your own, you can get into trouble - trouble that costs you money, your broadband connection and in a bad case your server equipment. Sounds unfair maybe, but that's the way. They even mention it in the deal, so if you haven't read it thoroughly yet, you should do it. Some ISPs are rather nasty about these things.

I agree that ISPs can generally make your life difficult, even though you wouldn't be doing anything illegal. Mostly they have a reason for every act that says "we're just trying to decrease spam/misuse/security risks/crackers/etc., you must understand it". And in many cases it's mostly their own good they're after, or so it seems because their actions aren't as effective as one could imagine they were in a "really interesting" case. In some cases, though, they're absolutely right and you should know that
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
email client with gmail conversations el_pajaro! Linux - Software 1 08-01-2007 03:01 PM
syslog to email at @ yahoo or gmail serabut Linux - Software 2 12-13-2006 11:43 PM
postfix rejects mail from other local server Sigkill(9) Linux - Software 4 04-10-2006 12:42 PM
Email Program 4 Gmail signature16 Linux - Software 2 03-31-2006 08:31 PM
VNC server rejects connections TommyB Linux - Networking 6 11-23-2005 04:41 PM


All times are GMT -5. The time now is 11:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration