0

Up to yesterday, my mail server (at mail.simunomics.com) was functioning properly with regards to my mail clients - sending and receiving. However, it was not authenticating properly with recipient servers because it hadn't been configured yet. (Resulting in automatic filtering to spam/junk folders.) So today I improved the authentication by adding spf, dkim, and dmarc as well as creating an rDNS record.

But now using the same settings on my mail client that were working yesterday I can't connect for SMTP. Incoming mail is fine. And if I attempt to send via the server directly, either either through cPanel webmail or (say) automated via the phpmailer script, that's fine. It's only remotely connecting to the SMTP that's an issue.

I tested on https://www.smtper.net/ and it appears that if I use a secured connection on port 465, the operation times out. And if I use an unsecured connection no port 587 I quickly get the error "Access denied - Invalid HELO name (See RFC2821 4.1.1.1)". So I have no idea what's disallowing that since it's not the actual credentials.

Any ideas what I might have messed up or where to look? Thanks.

Infinitive
  • 3
  • 2

2 Answers2

0

Port 587 is not necessarily unsecured: it may expect the client to explicitly request the use of encryption using the STARTTLS command. If STARTTLS is not used, the server might accept unsecured connections only from trusted networks, or possibly only from localhost.

Also, the SMTP servers traditionally perform a reverse DNS lookup on the source IP address of the incoming connection in order to get the fully-qualified domain name of the client. The client is supposed to use that FQDN (or possibly a raw IP address if it's not capable of knowing its own FQDN) in its initial HELO/EHLO command.

If the name/address used by the client in its HELO/EHLO command won't match the source IP address of the connection or the FQDN available by the reverse DNS lookup, the server may reject the connection, as this is one of the older anti-spam tests.

A well-maintained mail server has a static public IP address and a DNS registration that is consistent with the server's configuration and both forward and reverse lookups; a spammer (or a random computer with email-sending malware) might be behind an ISP's NAT and unable to satisfy this requirement.

telcoM
  • 4,153
  • 12
  • 23
0

This should be a comment, but is too long. Have you considered using raw telnet (or ncat) to test/debug? Here's what I got:

# telnet mail.simunomics.com 587
Trying 173.249.157.178...
Connected to mail.simunomics.com.
Escape character is '^]'.
220-server.simunomics.com ESMTP Exim 4.89_1 #1 Fri, 29 Dec 2017 13:55:38 +0000 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.
HELO is.it.me.your.looking.for.com
250 server.simunomics.com Hello is.it.me.your.looking.for.com [193.183.99.226]
MAIL FROM: <smtptest@barrycarter.info>
250 OK
RCPT TO: <carter.barry@gmail.com>
550 SMTP AUTH is required for message submission on port 587
Connection closed by foreign host.