Solved

Google tried to deliver your message, but it was rejected by the server for the recipient

Posted on 2014-01-26
24
6,405 Views
Last Modified: 2014-11-12
Dear expert,

My Linux sever doesn't send emails out, the error message I am getting from gmail is:

Google tried to deliver your message, but it was rejected by the server for the recipient domain outbounds10.obsmtp.com by outbounds10.obsmtp.com. [74.125.244.12].

After checking Linux maillog, I sofrom email is @localhost.localdomain.  before it was the machine name with the domain which was Linux.mydomain.com.  but it is changed to default.  see attachment.

How can I solve this please
maillog.txt
0
Comment
Question by:uknet80
  • 10
  • 10
  • 3
  • +1
24 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 39810064
Do you have a Reverse Lookup for your server?  When you send mail, the recipient will often look back to see if you are alive and proper (Reverse Lookup). If it cannot find you, it considers the mail to be spam and does not deliver.

Ask your ISP to implement Reverse Lookup. They have to do it.

... Thinkpads_User
0
 

Author Comment

by:uknet80
ID: 39811110
I have never had this before, that is for almost a year, and never had problem.
as I mentioned above.  something changed within the server.
"After checking Linux maillog, the @Linux.mydomain.com has changed to @localhost.localdomain.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39811315
First off... this is not the exact issue due to which your message was might rejected by google. .

Can you please paste the bounce back message or the mail headers from google so i can see and suggest something here...

To change this domain name you can simply configure MASQUERADE domain name in sendmail.

TY/SA
0
 

Author Comment

by:uknet80
ID: 39811715
please check the attachment, I am using SMTP Relay.  which authenticate a single user google account.

please ignore the log I sent previously and look at the attachment document.
maillog.txt
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39811771
STARTTLS=client: file /etc/mail/certs/sendmail.pem unsafe: Group readable file

check the permission of this file must be 400


TY/SA
0
 

Author Comment

by:uknet80
ID: 39811846
the file wasn't even available, it is now
-rw-r--r-- 1 root root 2144 Jan 27 15:40 sendmail.pem

still having same issue.  check updated attachment
maillog.txt
0
 

Author Comment

by:uknet80
ID: 39811883
this was solved,

check this link:

http://alexcline.net/2011/03/22/fix-from-address-rootlocalhost-localdomain-in-sendmail/

the error message changed to

return to sender: Service unavailable


Jan 27 15:55:59 abc-koha sendmail[13636]: STARTTLS=client, relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=OK, cipher=RC4-SHA, bits=128/128
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCtrao013634: to=<user1@abc.edu.iq>, delay=00:00:07, xdelay=00:00:07, mailer=relay, pri=120306, relay=smtp.gmail.com [74.125.25.108], dsn=5.0.0, [b]stat=Service unavailable[/b]
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCtrao013634: s0RCu0ao013636: DSN: Service unavailable
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCu0ao013636: to=<root@abc-koha.abc.local>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31532, relay=smtp.gmail.com, dsn=5.0.0, [b]stat=Service unavailable[/b]
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCu0ao013636: s0RCu0ap013636: return to sender: Service unavailable

Open in new window



?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39811901
but this will not cause any issue
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39811909
either remove TLS or configure correct cacert.

TY/SA
0
 

Author Comment

by:uknet80
ID: 39811984
have a look at the log message for the latest error message I am getting
maillog.txt
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39812051
telnet 74.125.244.12 25

HELO localhost

mail from:a@a.com
rcpt to:b@b.com


paste the output here from your linux machine pls

TY/SA
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39812370
>>>>telnet 74.125.244.12 25
It should be

telnet smtp.gmail.com 587

SMTP to gmail would not work on port 25.

Further don't mentioned the IP, it might change when you try to email at your time and location.

Also your logs suggests "DSN: Service unavailable" which means that your server is unable to reach smtp.gmail.com or even smtp.gmail.com is rejecting your server's public IP address.

Sudeep
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 13

Expert Comment

by:Sandy
ID: 39812418
Not abt google..... I was trying to see whether remote server accept the helo or not..
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39812583
Well if you look at the question again you would realize that the user is actually using gmail as smarthost to send the emails out.
Secondly the IP that you have mentioned belongs to the Postini. Which would though offer the port 25, but user is actually not sending the emails directly to it. So checking whether it is accepting connection or not would not resolve the issue which user is facing.

Sudeep
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39812642
Agree with what you say Genuis ;) .. i wanted to see whether user is getting any error msg while checking the connection without STARTTLS hence asked to check once.

And yes, he wanted to use SMART_RELAY FOR that i mentioned earlier to configure TLS properly.

TY/SA
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39812722
Agree with you too AgarwalJI,

But what TLS has to do with the error which user was getting "Google tried to deliver your message, but it was rejected by the server for the recipient domain outbounds10.obsmtp.com by outbounds10.obsmtp.com."

It is simply because Postini is rejecting the emails from the User. Most likely user's email address. In this case what user is using for connecting to the gmail.com.

User must need to speak with the recipient of the mail as in Postini User's also have ability to have there own whitelist and black list of email addresses.

Thanks,
Sudeep
0
 

Author Comment

by:uknet80
ID: 39814161
because I am using SMTP relay, I assume there is no need to TLS, because through the relay I use gmail account to authenticate.  and I have other servers that uses SMTP relay without an issue.

her is the log of the command you sent me:
[root@library auth]# telnet smtp.gmail.com 587
Trying 74.125.129.108...
Connected to smtp.gmail.com (74.125.129.108).
Escape character is '^]'.
220 mx.google.com ESMTP qf7sm101559551pac.14 - gsmtp
HELO localhost
250 mx.google.com at your service
mail from:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp
rcpt to:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp

Open in new window

0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814191
See google requires TLS authentication to be enabled to relay your mails.

250 mx.google.com at your service
mail from:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp
rcpt to:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp

TY/SA
0
 

Author Comment

by:uknet80
ID: 39814220
Even from the server that already work, after issuing that command, I get same message.

because I use SMTP relay I don't think TLS to be required
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814255
then remove use TLS from email client and use simple plain text auth to relay the mails.

TY/SA
0
 

Author Comment

by:uknet80
ID: 39820154
would you tell me how to do that, I don't have much experience with Sendmail.

I will provide you with the changes I have done under sendmail:

Following command added to sendmail.mc

FEATURE(`authinfo', `hash /etc/mail/auth/client-info.db')dnl
define(`SMART_HOST', `smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/ca-bundle.crt')dnl
define(`confCRL', `CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Open in new window


under /etc/mail/auth/ path there is the authentication gmail username and password:
uthInfo:smtp.gmail.com "U:no-reply" "I:no-reply@abc.com" "P:XXXXXX" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:no-reply" "I:no-reply@abc.com" "XXXXXX" "M:PLAIN"

Open in new window


under /etc/mail/certs there is Generate SSL certificate


what do I need to change?
0
 

Author Comment

by:uknet80
ID: 39827562
any update on this please?
0
 
LVL 13

Accepted Solution

by:
Sandy earned 500 total points
ID: 39828846
under /etc/mail/auth/ path there is the authentication gmail username and password:

uthInfo:smtp.gmail.com "U:no-reply" "I:no-reply@abc.com" "P:XXXXXX" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:no-reply" "I:no-reply@abc.com" "XXXXXX" "M:PLAI


here is the mistake

uthInfo:smtp.gmail.com  ==> AuthInfo

TY/SA
0
 

Author Closing Comment

by:uknet80
ID: 39838505
Thanks for your support, the issue was permission on the files under /etc/mail/auth/,

chmod 600 filename

thanks
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Whether you’re looking to gather data for research or gather feedback on an idea, being able to build and distribute your own online survey is not only cost-effective, but allows you to reach a larger audience and receive results in real-time. Googl…
Easy CSR creation in Exchange 2007,2010 and 2013
This Micro Tutorial demonstrates in Google Sheets how to use the HYPERLINK function to create live links inside your spreadsheet.
This Micro Tutorial will demonstrate Google Calendar to monitor updates with top sites, such as Facebook, Google, Twitter, etc. with Marketing News. Each update of Google Calendar can be monitored, correlate dips and spikes in your website traffic, …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now