-1

I'm facing a strange problem. I'm getting a recipient rejected on a SMTP server only from inside an OpenVZ container, while from the physical server everything works fine.

Here's an example of a telnet test connection while inside a routed Vz container:

telnet mx.adomain.com 25
[...]
rcpt to: username@adomain.com
550 5.1.1 <username@adomain.com> recipient rejected
Connection closed by foreign host.

While the same telnet connection from a physical server works as expected. The problem arises only with the mx.adomain.com server, on other SMTP servers like for example gmail.com everything works fine even inside the virtual container.

I've checked and the IPs of the Vz containers don't belong to any blacklist. More strange is that until 3 days ago everything worked fine.

Any ideas?

Atropo
  • 145
  • 6
  • If you don't tell us how the MTA (postfix, qmail, sendmail) are configured on the involved machines, there's no answering this. I see no way in which OpenVz can be involved in it. – Alien Life Form May 13 '13 at 16:46
  • I don't know the MTA configuration on the `mx.adomain.com`, on the virtual machines the MTA is `exim4` but I don't think is meaningful while testing an `SMTP` connection with telnet. – Atropo May 13 '13 at 16:48
  • possible duplicate of [Email bounce back 550 5.1.1 recipient rejected](http://serverfault.com/questions/457612/email-bounce-back-550-5-1-1-recipient-rejected) – Michael Hampton May 13 '13 at 16:51
  • Is `mx.adomain.com` resolving to the same IP from the container and the physical server? – etagenklo May 13 '13 at 17:13
  • Yes mx.domain.com resolves the same IP in both the servers – Atropo May 14 '13 at 07:10
  • Sorry - I misread the question. You are right,configurations on your machines do not matter. – Alien Life Form May 14 '13 at 07:16
  • Do you have SPF or DKIM set up for the sending domain? If so, is that virtual server on it? Are you using the correct and resolvable server name in your HELO? (Also, there shouldn't be a space after the `:` in the RCPT TO, MAIL FROM or other SMTP commands; see http://tools.ietf.org/html/rfc5321#page-32). – Jenny D May 14 '13 at 08:30
  • Still, the only person who can give you the real answer is the administrator of the remote server. They **should** be reachable at the address postmaster@adomainn.com. – Jenny D May 14 '13 at 08:32

1 Answers1

2

Because you get delivery from one machine but not the other, I'd assume that the remote MTA is being reticent or lying outright on the 'recipient rejected' bit - qmail, for instance, does it all the time. So possible causes would be:

  1. One client is on a BL, the other is not.
  2. One client not in the SPF record for the domain
  3. Something fishy in the smtp chat "[...]" (e.g. wrong helo line)
  4. Container has "wrong" reverse resolution or no reverse resolution
  5. Assorted local policies at the receiving end

NOte that points 1 and 2 assume the host and the container talk from different IPs (no NAT).

Best bet would be asking to the postmaster at the receiving end - assuming he/she's listening.

Cheers,

Alien Life Form
  • 2,279
  • 2
  • 21
  • 31
  • I've followed your checklist. The problem was in "point 4" the VPS machines got a wrong DNS reverse, I've fixed it on some test machines and it works now. Seems that some SMTP servers are more sensitive to it than others. Now I'm gonna fix the reverse on every VPS. Thanks for your suggestions! – Atropo May 14 '13 at 08:12
  • I'm surprised their server works - reverse resolution is flaky (o nonexistent) even for important mail senders. When I tried to enforce reverse resolution for senders on my servers (about three years ago) I had to remove it pronto. – Alien Life Form May 14 '13 at 13:23