Page 1 of 1

Need help getting server configured; stop blacklist

Posted: Mon Dec 18, 2006 1:30 pm
by srcfoo
So I have an almost default install of Scalix CE 10.0.1. I followed all the install docs and also setup amavisd-new. Everything is working very well.

My only problem is that my server keeps being listed on http://cbl.abuseat.org. I've checked that I don't have an open relay using ORDB.org and my helo responds with the proper domain. So I'm a little confused why I keep getting blacklisted by them, but it prevents a large percentage of our email from being delivered..

The only problems I can see are in the headers of email we send. Here's an example after sending to my gmail account:

Delivered-To: null@gmail.com
Received: by 10.100.109.11 with SMTP id h11cs24117anc;
Mon, 18 Dec 2006 09:15:12 -0800 (PST)
Received: by 10.35.134.19 with SMTP id l19mr8237926pyn.1166462112395;
Mon, 18 Dec 2006 09:15:12 -0800 (PST)
Return-Path: <nulluser@mydomain.com>
Received: from mail.mydomain.com (mail.mydomain.com [xxx.xxx.xxx.xxxxx.xxx.xxx.xxx])
by mx.google.com with ESMTP id f45si8783240pyh.2006.12.18.09.15.12;
Mon, 18 Dec 2006 09:15:12 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of nulluser@mydomain.com designates xxx.xxx.xxx.xxx as permitted sender)
X-Virus-Scanned: amavisd-new at mydomain.com
Received: from mail.mydomain.com (localhost.localdomain [127.0.0.1])
by mail.mydomain.com (8.13.1/8.13.1) with ESMTP id kBIHFBZl015953
for <null@gmail.com>; Mon, 18 Dec 2006 11:15:11 -0600
Received: from mail.mydomain.com (root@localhost)
by mail.mydomain.com (8.13.1/8.13.1/Submit) with ESMTP id kBIHFBTd015951
for <null@gmail.com>; Mon, 18 Dec 2006 11:15:11 -0600
Received: from mail.mydomain.com (mail.mydomain.com [192.168.1.13])
by mail.mydomain.com (Scalix SMTP Relay 10.0.5.3)
via ESMTP; Mon, 18 Dec 2006 11:15:11 -0600 (CST)


The domain I'm sending from (obfuscated of course) is mydomain.com and my server is at mail.mydomain.com. The reverse DNS and A records are all correct for this server.

The part that worries me is the last three "Received:" lines. They have "localhost.localdomain", my nat-ed ip, and root@localhost. Should these lines be there? Should they be using localhost and nat ips? How do I fix this in Scalix?

Thanks,
Eric

Posted: Mon Dec 18, 2006 5:37 pm
by srcfoo
Wow, I can't believe no one else has had this problem.

I am a beginner when it comes to the world of email, but I didn't think I was the only one.

I talked with the Ray at cbl.abuseat.org and he has removed our server. But when my scalix server issues a HELO to another server it is doing it from localhost.localdomain.

I've grep-ed for localhost.localdomain and the only place I could find it other than the top line in my /etc/hosts file was in /opt/scalix/newconfig/om_sendmail.cf. I updated the following lines (not sure if I should have):

Old:

Code: Select all

Cwlocalhost
C{w}localhost.localdomain

New:

Code: Select all

Cwmail.mydomain.com
C{w}mail.mydomain.com


I ran sm.update, but it doesn't seem to have helped at all.

Can anyone make any suggestions on where else to look? There are a number of problems in the forums that are similar, but there are either no answers to the problems or they are too different to really help me.

Also, the three received: lines at towards the end of the email header I'm guessing are the result of the different daemons passing the email around. Is this the case? Should those lines be in the header and are they in the right format? It would seem like a bad idea to let your nat-ed IP get sent out in an email header, but maybe I'm just paranoid.

Thanks,
Eric

Posted: Tue Dec 19, 2006 12:15 am
by dresdn
You piqued my curiousity with this one and I had to just see what my headers were. When comparing them to yours, I saw a few differences and I may have an idea what is going on.

First of all, here are my headers:

Code: Select all

Delivered-To: myemail@gmail.com
Received: by 10.78.106.2 with SMTP id e2cs234695huc;
        Mon, 18 Dec 2006 19:58:46 -0800 (PST)
Received: by 10.66.243.2 with SMTP id q2mr7736309ugh.1166500726347;
        Mon, 18 Dec 2006 19:58:46 -0800 (PST)
Return-Path: <myuser@domain.com>
Received: from mail.domain.com (ipxxx-xxx-xxx-227.zxxx-xxx-xxx.customer.isp.net [xxx.xxx.xxx.227])
        by mx.google.com with ESMTP id 54si10166340ugp.2006.12.18.19.58.44;
        Mon, 18 Dec 2006 19:58:46 -0800 (PST)
Received-SPF: neutral (google.com: xxx.xxx.xxx.227 is neither permitted nor denied by best guess record for domain of myuser@domain.com)
Received: from mail.domain.com (root@localhost)
   by mail.domain.com (8.13.1/8.13.1) with ESMTP id kBJ3whx0012859
   for <myemail@gmail.com>; Mon, 18 Dec 2006 20:58:43 -0700
Received: from mail.domain.com (mail.domain.com [10.0.0.5])
    by mail.domain.com (Scalix SMTP Relay 10.0.5.3)
    via ESMTP; Mon, 18 Dec 2006 20:58:43 -0700 (MST)
Date: Mon, 18 Dec 2006 20:58:43 -0700
From: "Mike" <myuser@domain.com>
To: myemail@gmail.com
Message-ID: <32110675.1166500723369.JavaMail.root@mail.domain.com>
Subject: Headers Testing
X-MSMail-Priority:
x-scalix-Hops: 1
X-Mailer: Scalix 10.0.5.1
Mime-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_Part_12_17886161.1166500723368"domain.com


The one thing I noticed is that you have an X-Virus-Scanned which means all your outgoing is passing through amavisd, which I think is giving you those extra headers. If you think about the way amavisd is setup, it makes sense that you'll have those headers. I may have a few things mixed up since I'm still learning the "guts" of Scalix myself, but here goes.

Basically, the SMTP relay is used in 2 ways: mail destined internally, and mail destined externally, and by default, they both use the same sendmail.cf file. When you send mail out, Scalix hands it off to Sendmail, then it passes it to Amavisd if it doesn't have the headers. Then Amavisd processes it, then hands it back to Scalix which hands that to Sendmail. The headers are found, so the scanning is skipped and then it sends it over to the remote server. I could be wrong in that Amavisd finds the headers, and not Sendmail, but I digress.

I bet if you check your headers of mail sent to you, you'll find those same localhost.localdomain headers, which is put there by amavisd. Since I don't run any Windows computers, I wasn't really concerned about spending the CPU cycles scanning outgoing mail (since I block 25 from anywhere *but* my mail server, and we don't send spam). The solution is to tell the Scalix daemon to use a different sendmail.cf for internet mail as opposed to delivering Scalix mail. Search around as I think I've asked about it before actually.

Anyways, that's my 2c, and as always, correct me if I'm wrong regarding the actual processes. Plus it's late and I'm watching MNF ;)

-Mike

Posted: Wed Dec 20, 2006 12:11 am
by roopesh
This may have other issues, but I was able to get the HELO response to be "mail.domain.com" by changing /etc/hosts from

Code: Select all

127.0.0.1 localhost localhost.localdomain

Code: Select all

127.0.0.1 mail.domain.com localhost localhost.localdomain


I wonder what i broke by doing this...

Posted: Wed Dec 20, 2006 12:18 am
by kanderson
What you should have in /etc/hosts is:

127.0.0.1 localhost
192.168.1.5 scalix.server.com scalix


There should be a localhost line pointing to 127.0.0.1

There should also be a line with the IP address of your server, followed by the FQDN and the hostname.

If both of those lines do not exist, you WILL have problems.

You shouldn't have to change things in the sendmail.cf file.

Posted: Wed Dec 20, 2006 9:49 am
by roopesh
I had both those lines. Unfortunately, my HELO response always came back with localhost.localdomain, which is unacceptable to the CBL (http://cbl.abuseat.org/).

Posted: Wed Dec 27, 2006 10:56 am
by srcfoo
The problem was not with my scalix server. The problem had to do with other servers behind my firewall sending email to accounts outside of our network and they were issueing HELO with localhost.localdomain.

If you find yourself in this situation, check other servers/workstations on your network and make sure they aren't sending out email with the wrong host info.

Problem solved, thanks for your help.

Eric