1 Topic by christophk (edited by christophk 2017-01-05 16:50:14)

  • christophk
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 54

Topic: Error 554 5.7.1 - when some people try to send me an Email

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and CentOS 7.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? - no
- Related log if you're reporting an issue:
====

Hi Zhang

I get the error message 554 5.7.1 when from some email accounts I am supposed to receive an email.
I searched the forum bit it seems that usually this error occurs when I am trying to send an email with my server, not to my server?

An example error message that a client of mine gets is:

__________

Your message:
  From:   user@clientserver.com
  Subject: Email

Could not be delivered because of

554 5.7.1 <mail.clientserver.local>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (.local)

The following recipients were affected:
   my@emailaddress.com

__________

This is the corresponding /var/log/maillog:

Jan  5 09:00:24 contabo postfix/postscreen[19964]: CONNECT from [92.64.154.210]:12167 to [213.136.86.149]:25
Jan  5 09:00:24 contabo postfix/postscreen[19964]: PASS OLD [92.64.154.210]:12167
Jan  5 09:00:25 contabo postfix/smtpd[19967]: connect from smtp-out.clientserver.com[xx.xx.xx.xx]
Jan  5 09:00:25 contabo postfix/smtpd[19967]: NOQUEUE: reject: RCPT from smtp-out.clientserver.com[xx.xx.xx.xx]: 554 5.7.1 <DVNABCK01.clientserver.local>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (.local); from=<user@clientserver.com> to=<me@myserver.com> proto=ESMTP helo=<DVNABCK01.clientserver.local>
Jan  5 09:00:25 contabo postfix/smtpd[19967]: disconnect from smtp-out.clientserver.com[xx.xx.xx.xx]



And this is another error message from a different client:

__________

<my@emailaddress.com>: host mail.myserver.com[xxx.xxx.xx.xxx] said: 554 5.7.1
   <my@emailaddress.com>: Recipient address rejected: Policy rejection not logged
   in (in reply to RCPT TO command)
Reporting-MTA: dns; mail3.clientserver.net
X-Postfix-Queue-ID: 08F28448028
X-Postfix-Sender: rfc822; user@gmail.com
Arrival-Date: Wed,  4 Jan 2017 11:28:45 +0000 (GMT)

Final-Recipient: rfc822; my@emailaddress.com
Original-Recipient: rfc822;my@emailaddress.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.myserver.com
Diagnostic-Code: smtp; 554 5.7.1 <my@emailaddress.com>: Recipient address rejected:
   Policy rejection not logged in

__________

And this is the corresponding /var/log/maillog entry:

Jan  4 12:28:44 servername postfix/postscreen[25959]: CONNECT from [xxx.xxx.xxx.xxx]:35936 to [xxx.xxx.xxx.xxx]:25
Jan  4 12:28:50 servername postfix/postscreen[25959]: PASS NEW [xxx.xxx.xxx.xxx]:35936
Jan  4 12:28:51 servername postfix/smtpd[25973]: connect from mail1.clientserver.net[xxx.xxx.xxx.xxx]
Jan  4 12:28:51 servername postfix/smtpd[25973]: NOQUEUE: reject: RCPT from mail1.clientserver.net[xxx.xxx.xxx.xxx]: 554 5.7.1 <my@emailaddress.com>: Recipient address rejected: Policy rejection not logged in; from=<user@clientserver.com> to=<my@emailaddress.com> proto=ESMTP helo=<mail3.clientserver.net>
Jan  4 12:28:51 servername postfix/smtpd[25973]: disconnect from mail1.clientserver.net[xxx.xxx.xxx.xxx]
Jan  4 12:28:51 servername postfix/postscreen[25959]: CONNECT from [xxx.xxx.xxx.xxx]:36348 to [xxx.xxx.xxx.xxx]:25
Jan  4 12:28:51 servername postfix/postscreen[25959]: PASS OLD [xxx.xxx.xxx.xxx]:36348
Jan  4 12:28:51 servername postfix/smtpd[25973]: connect from mail1.clientserver.net[xxx.xxx.xxx.xxx]
Jan  4 12:28:51 servername postfix/smtpd[25973]: 2DF66180F891C5: client=mail1.clientserver.net[xxx.xxx.xxx.xxx]
Jan  4 12:28:51 servername postfix/cleanup[25975]: 2DF66180F891C5: message-id=<20170104112851.5F078A1F07@mail3.clientserver.net>
Jan  4 12:28:51 servername postfix/smtpd[25973]: disconnect from mail1.clientserver.net[xxx.xxx.xxx.xxx]
Jan  4 12:28:51 servername postfix/qmgr[3645]: 2DF66180F891C5: from=<>, size=31211, nrcpt=1 (queue active)
Jan  4 12:28:53 servername postfix/smtpd[25981]: connect from localhost.localdomain[127.0.0.1]
Jan  4 12:28:53 servername postfix/smtpd[25981]: 030B4180F891C6: client=localhost.localdomain[127.0.0.1]
Jan  4 12:28:53 servername postfix/cleanup[25975]: 030B4180F891C6: message-id=<20170104112851.5F078A1F07@mail3.clientserver.net>
Jan  4 12:28:53 servername postfix/smtpd[25981]: disconnect from localhost.localdomain[127.0.0.1]
Jan  4 12:28:53 servername postfix/qmgr[3645]: 030B4180F891C6: from=<>, size=31688, nrcpt=1 (queue active)
Jan  4 12:28:53 servername amavis[22234]: (22234-17) Passed CLEAN {RelayedInbound}, [xxx.xxx.xxx.xxx]:36348 [xxx.xxx.xxx.xxx] <> -> <user@clientserver.com>, Queue-ID: 2DF66180F891C5, Message-ID: <20170104112851.5F078A1F07@mail3.clientserver.net>, mail_id: l4_UuEjuBMGb, Hits: -5.018, size: 31211, queued_as: 030B4180F891C6, 1689 ms, Tests: [HTML_MESSAGE=0.001,RCVD_IN_DNSWL_HI=-5,RCVD_IN_MSPIKE_H3=-0.01,RCVD_IN_MSPIKE_WL=-0.01,URIBL_BLOCKED=0.001]
Jan  4 12:28:53 servername postfix/smtp[25978]: 2DF66180F891C5: to=<user@clientserver.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.9, delays=0.14/0.01/0.01/1.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 030B4180F891C6)
Jan  4 12:28:53 servername postfix/qmgr[3645]: 2DF66180F891C5: removed
Jan  4 12:28:53 servername postfix/pipe[25982]: 030B4180F891C6: to=<user@clientserver.com>, relay=dovecot, delay=0.27, delays=0/0.01/0/0.25, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan  4 12:28:53 servername postfix/qmgr[3645]: 030B4180F891C6: removed



I have not altered anything to the original iRedmail settings in postfix

Can you help me with this?

Chris

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by christophk (edited by christophk 2017-01-05 18:00:43)

  • christophk
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 54

Re: Error 554 5.7.1 - when some people try to send me an Email

Hi Zhang

Finally found this: http://www.iredmail.org/forum/topic8309 … eport.html

"The sender server is using a improper HELO identity during SMTP session, ".local" is not a valid top domain name.
You have two solutions:
1) Comment out this HELO restriction rule in /etc/postfix/helo_access.pcre. (search '.local' in this file)
2) Contact sender server administrator, and tell them they're using an improper HELO identity, ask them to use a proper one.
I suggest you choose 1) as temporary solution, solution 2) is the ideal one."


I already did 2).

I will also do 1) as a preliminary solution but I have one question:

Could I not get all of the emails with a bad helo into my junk folder instead of fully rejecting them and then whitelist them through my OSX client "Mark as not junk"?

That would be a convenient way forward, no?

In general it would be intersting to receive junk emails in my junk folder instead of blocking them completely. I only received 2 junk mail in the last month, which means my server basically blocks all of them. But I guess that needs to be another topic. let's solve the helo thing first ;-)

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Error 554 5.7.1 - when some people try to send me an Email

christophk wrote:

Could I not get all of the emails with a bad helo into my junk folder instead of fully rejecting them and then whitelist them through my OSX client "Mark as not junk"?
That would be a convenient way forward, no?

FQDN HELO identity is the basic requirement for a mail server, I think you're too kind to those spammers, or mail server administrators. let them die...

4 Reply by christophk

  • christophk
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 54

Re: Error 554 5.7.1 - when some people try to send me an Email

ZhangHuangbin wrote:

FQDN HELO identity is the basic requirement for a mail server, I think you're too kind to those spammers, or mail server administrators. let them die...

Hehe ;-)

Instead of 1) I tried the following, which I found on a previous thread:

Add this to helo_access.pcre as a whitelist for a specific server:
/^.*(mail\.clientserver\.local)/ OK Whitelisted

(from: http://www.iredmail.org/forum/topic6428 … tion.html)

I am not sure if this will work. My client has not sent a test email yet.
I wonder if it should be

/^.*(mail\.clientserver\.local)/ OK Whitelisted

or

/^(mail\.clientserver\.local)/ OK Whitelisted

actually.

Do you know?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Error 554 5.7.1 - when some people try to send me an Email

christophk wrote:

/^(mail\.clientserver\.local)/ OK Whitelisted

This one should work, but do NOT use "OK" here, please use 'DUNNO' instead, so that the email will go through other restrictions. "OK" will bypass further restrictions.

6 Reply by christophk (edited by christophk 2017-01-07 17:30:44)

  • christophk
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 54

Re: Error 554 5.7.1 - when some people try to send me an Email

Thanks a lot and understood.

Todays coffee is on me ;-)

(Actually on my wife, because I don't habe a paypal account ;-) )

Chris

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Error 554 5.7.1 - when some people try to send me an Email

Thanks for the coffee, to your wife. big_smile