Blog

Dedicated Servers

Dedicated Servers (5)

Symptoms

Plesk server has IPv6 address. When an email message is sent from the server to a Gmail account it fails to deliver.

In /usr/local/psa/var/log/maillog on Linux or in C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Logging\SMTP\SMTP-Debug.log on Windows the following error appears:

ipv6_failed_after_I_sent_the_message./Remote_host_said:_550-5.7.1_[ipv6______16]_Our_system_has_detected_that_this/550-5.7.1_message_does_not_meet_IPv6_sending_guidelines_regarding_PTR_records/550-5.7.1_and_authentication._Please_review/550-5.7.1_https://support.google.com/mail/?p=ipv6_authentication_error_for_more/550_5.7.1_information._hg7si388602wjb.61_-_gsmtp/

Wednesday, 10 January 2018 21:39

SPF record, preventing mailing spam

Written by

What is a SPF record?

The Sender Policy Framework (SPF) is an anti-spam system built on top of the existing DNS and Email Internet Infrastructure.

Spammers were impersonating domains to make offers look like they were coming from Amazon or other reputable places, but when you would click through they’d steal your credit card and run up a bill at the local Chuck E Cheese (which is where I presume mob members go to eat).

What does a SPF record do?

An SPF record defines which IP addresses are allowed to send email on behalf of a particular domain. This is tricker than it sounds as many companies have multiple different Email Service Providers for different purposes.

Common different uses:

Transactional emails from mailing systems

Internal notifications

Internal email

External email

PR/Marketing emails

Further complicating the situation is that while a company might have a name like SafeEmailSender, there is nothing stopping them from having an email sending domain like wookie-fighter.com.

What does a SPF record prevent?

Having strict SPF rules allows you to control who can send email on behalf of your domain. A good way to think of this is the reverse: who would gain by sending email on behalf of your domain.

See SPF record examples

http://www.openspf.org/SPF_Record_Syntax

On Linux mailboxes are stored in directory specified in value to parameter PLESK_MAILNAMES_D in configuration file /etc/psa/psa.conf. By default the path is /var/qmail/mailnames (for both Qmail and Postfix). 

Tuesday, 15 November 2016 23:50

How to disable SSH timeout?

Written by

SSH clients will automatically be disconnected from the server and prompt the below message after being idle or inactive for a while.

This is due to the SSH servers' configuration (often by default) to avoid hanging sessions and free up resources. These are the related options in the SSH server configuration;

TCPKeepAlive

Whether or not to send TCP “alive” message to the connecting clients to test for connection issues. Defaults to yes.

ClientAliveInterval

A timeout interval to send encrypted alive message to clients if no data has been received from connection. Defaults to 0 (not sending any message).

ClientAliveCountMax

Number of times to send the encrypted alive message before disconnecting clients if no response are received. Defaults to 3.

If you have administrative access to the SSH servers, you can change the options so that you will not easily be disconnected. Edit the SSH server configuration file (normally in /etc/ssh/sshd_config for Unix based operating systems) and set the related options as the followings (uncomment or add if necessary);

TCPKeepAlive no 

ClientAliveInterval 30

ClientAliveCountMax 100

What it basically means is that the server will not send the TCP alive packet to check if the client's connection is working, yet will still send the encrypted alive message every 30 seconds but will only disconnect after 24 hours of inactivity. Be sure to restart the SSH service after the reconfiguration. The following command would work for most Unix based servers;

sudo service sshd restart

If you don't have administrative access to the server, you can configure the SSH client to send the alive message to the server instead. The key here is the ServerAliveInterval option for the SSH client.

You can do this by updating /etc/ssh/ssh_config (applying the setting to every user in the system) or in ~/.ssh/config (single user). Set the following option to have the client send the alive packet every 30 seconds to the server;

 

ServerAliveInterval 30

When the mails sent by my domain are rejected by Microsoft accounts...

 

Error Codes:

# 550 SC-001 Mail rejected by Microsoft  for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

550 SC-002 Mail rejected by Microsoft  for policy reasons. The mail server IP connecting to Hotmail has exhibited namespace mining behavior. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

550 SC-003 Mail rejected by Microsoft  for policy reasons. Your IP address appears to be an open proxy/relay. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

550 SC-004 Mail rejected by Microsoft for policy reasons. A block has been placed against your IP address because we have received complaints concerning mail coming from that IP address. We recommend enrolling in our Junk E-Mail Reporting Program (JMRP), a free program intended to help senders remove unwanted recipients from their e-mail list. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

# 550 DY-001 Mail rejected by Microsoft  for policy reasons. We generally do not accept email from dynamic IP's as they are not typically used to deliver unauthenticated SMTP e-mail to an Internet mail server. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help. http://www.spamhaus.org maintains lists of dynamic and residential IP addresses.

550 DY-002 Mail rejected by Microsoft  for policy reasons. The likely cause is a compromised or virus infected server/personal computer. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

550 OU-001 Mail rejected by Microsoft  for policy reasons. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help. For more information about this block and to request removal please go to: http://www.spamhaus.org.

550 OU-002 Mail rejected by Microsoft for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

421 RP-001 The mail server IP connecting to Microsoft  server has exceeded the rate limit allowed. 
Reason for rate limitation is related to IP/domain reputation problems.  
If you are not an email/network admin please contact your E-mail/Internet Service Provider for help.
Email/network admins, please visit http://postmaster.live.com for email delivery information and support (state 13). 

220 SNT0-MC3-F28.Snt0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited.

Other restrictions are found at http://privacy.msn.com/Anti-spam/.
Violations will result in use of equipment located in California and other states.

 

If you are a customer using the 3rd party email service or a Microsoft Account user who is unable to receive emails from a particular 3rd party domain:

Contact your domain administrator and ask them to get in touch with the Microsoft Sender Support Team. They have to fill out the e-form that can be found on the following link:

https://support.live.com/eform.aspx?productKey=edfsmsbl3&ct=eformts&wa

If you do not know how you can get in touch with your domain admin, you can use WHOIS tools to search for your contact e-mail address of your domain admin.

If you are the 3rd party Domain Administrator:

Please review our policies and guidelines at http://postmaster.live.com.

If you are in compliance, submit a support request to our Email and Delivery Filtering Services team by clicking on the link to the e-form under the troubleshooting section in the postmaster site mentioned above.