remote site email being rejected as spoofing.

Problems/questions regarding the MailCleaner configuration

Moderators: Pascal, mentor, FlorianB, bourgeois

fastrax
Posts: 8
Joined: Wed Feb 18, 2015 2:23 am
How did you hear about Mailcleaner: google

remote site email being rejected as spoofing.

Postby fastrax » Thu Aug 24, 2017 8:38 pm

at a remote site i have a server that sells tickets. it uses the internet providers SMTP server to send email confirmations. we run into trouble when the confirmation is being sent to one of our domain email address. it goes out and then comes back in. the Mail cleaner box gives it an error of spoofing and rejects it. like it really should. haha. but i need to figure out a way of either having it not filter the emails from the one email address or less desirable the external SMTP server.
Here is the log for that email address. Slightly altered to protect the email.
Incoming MTA stage: 2017-08-23 16:01:04 H=smtp-out-no.shaw.ca [64.59.134.12] F=<tickets@theatre.ca> rejected RCPT <astar@theatre.ca>: This domain does not accept mail from itself (spoofing)
any suggestions on a work around would be greatly appreciated.
FlorianB
Posts: 296
Joined: Wed Apr 01, 2015 2:27 pm
How did you hear about Mailcleaner: job

Re: remote site email being rejected as spoofing.

Postby FlorianB » Fri Aug 25, 2017 2:17 pm

Hello,
If i remember well you could use some tricks to by pass it:
1) SMTP authentication should be enough
2) The Mail From spoofing (spoofing v2, added last year) at least is bypassed if the sender SPF is validated so add this server in your SPF. Not sure about the first spoofing test to be honest (In vacation, no way my wife let me connect to a MC to check lol).
3) Possible that "Don't check this host is used too as a whitelist for this, don't remember exactly too....
Regards,
Florian
fastrax
Posts: 8
Joined: Wed Feb 18, 2015 2:23 am
How did you hear about Mailcleaner: google

Re: remote site email being rejected as spoofing.

Postby fastrax » Fri Aug 25, 2017 6:09 pm

1) smtp authentication with the mailcleaner? or with my exchange server? or what?
2) i tried turning off the SPF in SMTP checks. (we are also getting SPF false positives because of invalid configurations from outlook.com of all places... probably hosted.)
3)I did add a wild card shaw.ca but after reading more i am wondering if i should use the full address and ditch the wild card.
Anyway, it's still blocking. haha
fastrax
Posts: 8
Joined: Wed Feb 18, 2015 2:23 am
How did you hear about Mailcleaner: google

Re: remote site email being rejected as spoofing.

Postby fastrax » Fri Sep 01, 2017 7:44 pm

so to catch up everyone. it is finally working properly. in the end i found an article about DNS lookup causing problems if to slow. i have been using forwarders on my internal DNS to google and internet provider. Since going back to DNS look up to root hints the problems with SPF false positives seem to have gone away and the do no check these hosts works properly. though now i wonder if i even need that. It's shocking how slow DNS can cause so much problems. :)
Thanks for the help
Fastrax
uncltom
Posts: 525
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: remote site email being rejected as spoofing.

Postby uncltom » Sat Sep 02, 2017 7:31 am

fastrax wrote:so to catch up everyone. it is finally working properly. in the end i found an article about DNS lookup causing problems if to slow. i have been using forwarders on my internal DNS to google and internet provider. Since going back to DNS look up to root hints the problems with SPF false positives seem to have gone away and the do no check these hosts works properly. though now i wonder if i even need that. It's shocking how slow DNS can cause so much problems. :)
Thanks for the help
Fastrax


Using public DNS is an absolute NO in mailcleaner. You probably noticed that most of your RBL lists were not working either. They ban DNS servers that request large numbers of queries (abusing the RBL list) so things like google DNS and ISP DNS are routinely blocked. Root hints are the way to go. I submitted a GitHub request to add a root hint updater to mailcleaner because, on occasion, the root servers themselves change IP addresses.

Return to “Configuration”

Who is online

Users browsing this forum: No registered users and 1 guest