• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Incoming mails rejected when anti-spam in ON

Jean-Luc GARNIER

Basic Pleskian
Hi Community,

I'm using the mail server which comes bundled with Plesk (roundcube 1.2.7) and have received some complaints from customers who saw their messages rejected by the server, with the following error:

This is the mail system at host ns3027372.ip-188-165-227.eu.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.


The mail system

<valid_address>: host mail.bcasmart.com[213.32.23.101] said: 550 5.7.1

Command rejected (in reply to DATA command)

Both DKIM (outgoing) and Greylisting (incoming) protection were ON (Plesk > Mail > domain > Settings) and I had to deactivate both to receive messages again from those users. This issue doesn't impact all users, only a few.

Can anyone please help troubleshooting this issue? How can I setup Greylisting to authorize some particular customers' domains?

Thanks in advance for any help!
 
Thanks OverWolf, this is what I did. However, I'd like to understand why Greylisting, also bundled with Plesk, may rise this issue? Did anyone manage to use it properly and how?

By the way, I'd like to add some anti-spam capability to the mail server, what do you advise? Trying to fix the issue by carefully configuring Greylisting or install some other tool?

Thanks in advance for your feedback!
 
Use multi DNSBL like spamhaus. I suggest to use uceprotect too because I find it more useful (but configure ONLY level 1 because level 2 and 3 are too much restrictive). And then try to configure Fail2Ban rules that helps a lot more to block clien/server that send spam.

You can also mod your postfix configuration like as reported in some thread to be more secured and so to accept "good" connection from mail servers.
 
Last edited:
Hi there,

I'd like to understand why Greylisting, ..., may rise this issue

makes it sound like - sorry - you don't quite understand how greylisting works. Please have a look at Grey listing question for just one example. In particular UFHH01 his explanation highlights one of the drawbacks.
Lots other articles on the Internet too.
How does greylisting work?
Greylisting Explained
Greylisting - Wikipedia

Greylisting has its advantages, but also quite some disadvantages - which is why many server admins choose not to use it anymore.

Cheers, Tom
 
Last edited:
A bit more on that, as it rings a bell with me, had a similar issue some years back...

if you want to keep greylisting on, my notes mention:
-------------------------------------------------------------------------

To stop certain servers getting blocked through greylisting: [GREYLISTING SHOULD BE DISABLED]

/usr/local/psa/bin/grey_listing --update-server -domains-blacklist del:"dsl|pool|broadband|hsd"
/usr/local/psa/bin/grey_listing --info-server
/usr/local/psa/bin/grey_listing --update-server -domains-whitelist "add:*messaging.microsoft.com"

-------------------------------------------------------------------------

but it could also be a bug in plesk:
Mail rejected when greylisting is turned on: 550 5.7.1 Command rejected

Hope some of it helps :)
Tom
 
Hi,
# plesk bin grey_listing --info-server
Grey listing configuration.

[...]

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dsl|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up

SUCCESS: Gathering of server wide information complete.

You wrote "This is the mail system at host ns3027372.ip-188-165-227.eu.", so this match with blacklist's pattern "*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*".
 
Hi all!

Thanks for all your answers, I really appreciate! Now, I'll try to summarize ;-) :
  • AYamshanov highlighted that the sender address could match the blacklist's pattern. This rises 2 questions: 1) is it safe to modify this pattern and 2) is there any way to add the sender server domain in the whitelist?
  • Tom seems to provide an answer to question 2 above; I'll try and get back to the forum. By the way, you're right: I don't understand how Greylisting works! :)
  • OverWolf brings so much information to me that it raises additional questions! :oops:
    • spamhaus: not proposed in Plesk extension. Can you confirm it doesn't create any mess with Plesk?
    • uceprotect: looks a bit "radical"? How does it behave for you?
    • Fail2Ban rules: I think this useful when spammed by "genuine mail servers", that have been hacked to send spam. Do you think it's usable with common incoming spam (i.e. look at the mail header, copy the sending server IP address and add it to the blacklist)?
    • postfix: will read the threads you mention and get back if any additional question...
Thanks again to all for your help!
 
AYamshanov highlighted that the sender address could match the blacklist's pattern. This rises 2 questions: 1) is it safe to modify this pattern and 2) is there any way to add the sender server domain in the whitelist?

Documentation and How-to:

Code:
# /usr/local/psa/bin/grey_listing --update-server -domains-blacklist del:*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
SUCCESS: Update of server-wide settings complete.
#

But anyway I suggest do not delete default patterns. Try to contact with the postmaster of ns3027372.ip-188-165-227.eu if you can. Not good practice to use a domain like "host.ip.address.XX" for mail-server. Other foreign mail-servers may also block email based on such hostname.
 
Thanks AYamshanov! I'm afraid this mail server is part of a shared hosting at OVH (www.ovh.com), so 1) I won't be able to ask the postmaster to change its name :) and 2) there's probably hundreds of domains using the same mail server...

Question: how can I add this mail server to the whitelist? OK, I've read the documentation at the URL you provided, but I'm still not sure of the command syntax:
  • using # /usr/local/psa/bin/grey_listing --update-mailname [email protected] -whitelist add:*@example.com
  • should I type:
    • # /usr/local/psa/bin/grey_listing --update-mailname [email protected] -whitelist add:*@customerdomainname.fr (seems it doesn't work)
    • or # /usr/local/psa/bin/grey_listing --update-mailname [email protected] -whitelist add:*ns3027372.ip-188-165-227.eu?
I'm asking the question because I've already bothered the customer with so many "please, answer this message" that I'm afraid to lose him as a customer... ;) Just want to be sure before switching Greylisting ON again...

Thanks in advance for your advice!
 
You can add this host to white domains patterns list (without "asterisk" because of this setting for domain name, not for email address). As an example:
Code:
/usr/local/psa/bin/grey_listing --update-server -domains-whitelist add:ns3027372.ip-188-165-227.eu

Then check settings with `/usr/local/psa/bin/grey_listing --info-server`.
 
Back
Top