Solved

add a 1000 ms delay after each sending email operation

Posted on 2016-10-25
12
52 Views
Last Modified: 2016-11-09
Dears,

My Sendmail SMTP-relay experiencing problem as user sends email to over 70 users.  the error message on sendmail log is (Sending error 421 4.7.0 Temporary System Problem), however the return fail message is (reason: 530 5.7.0 Must issue a STARTTLS command first).  

About 60 users get the email out of 70,  I don't know what is the problem.   I browsed internet, some peole suggest to delay sending emails by 1000ms between each email.  some other indcates the problem is with (using plain autentication).  I basically don't know how to fix this:

Using following services:
SMTP-relay: installed on Linux system
user send email through SMTP-relay installed on the same server.

if you require other information please let me know.

your help is highly appreciated

thanks,




Thanks
0
Comment
Question by:Rawand Amin
  • 3
  • 3
  • 3
  • +2
12 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 41859794
From which system are you getting this error?
When do you get this message?
If this is within PHP, why are you using the SMTP method within PHP versus using the direct injection method?
Do not define SMTP within php.ini but use sendmail_path=/usr/sbin/sendmail -oi -t?

This will have PHP submitting the message to sendmail without the SMTP interaction.

This is similar to
echo "To: <emailaddress>
From: <sender>
Subject: direct injection message

This is the message Body(message)
" | /usr/sbin/sendmail -oi -t

the -t tells sendmail to look for the destination of the message within the data TO, Cc and Bcc (Bcc will be stripped after processing.

If the error is within the sendmail log, a 4xx error means that sendmail will retry sending this message at a later time.
Double check what your queue lifetime is within sendmail, to make sure it is at least one day which means it will attempt to transmit messages to which it gets 4xx (temporary error) for the queue lifetime before giving up and treating the temporary error as a permanent one.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41859917
Are you using PHP for this?  If so, please show us the PHP scripts that are in play.  The SSCCE is an incredibly important concept when you're trying to get help with any problem.

If you want to make a PHP script pause for 1000ms, run this instruction: sleep(1);
0
 

Author Comment

by:Rawand Amin
ID: 41860071
First of all, I would like to thank you for your help.

Attached is the php file that i believe the system uses to send email.

Allow me to provide you with more information about what I am using:
Moodle service used in our university to support students and facutlies.  Moodle uses its own PHP file to send email through Sendmail (SMTP-Rela) hosted on the same network but different server.  therefore we do not touch the php.ini file.

the only configuration i make on Moodle side is to tell moodle to send email through our SMTP-Relay.
There are other files named as follow:
class.smtp.php
moodle_phpmailer.php

Error message appear on Linux SMTP-relay server (Sending error 421 4.7.0 Temporary System Problem),

Sent to web administrator automatically from Gmail (no-reply@ourdomain.) (reason: 530 5.7.0 Must issue a STARTTLS command first).
full detail:
From: Mail Delivery Subsystem <no-reply@ourdomain> [u]Gmail server[/u]
Date: Sun, Oct 16, 2016 at 9:02 PM
Subject: Returned mail: see transcript for details
To: webadmin@gmaildomain

The original message was received at Sun, 16 Oct 2016 13:30:06 +0300
from moodle.ourdomain [SERVERIP]

   ----- The following addresses had permanent fatal errors -----
<user@ourdomain>
    (reason: 530 5.7.0 Must issue a STARTTLS command first. qq7sm4465619wjc.30 - gsmtp)

Open in new window


eventually the message has not received to end user.
class.phpmailer.php
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41860131
STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.

http://en.wikipedia.org/wiki/STARTTLS

You may need to add ssl:// as the protocol

Even if you're not using GroupMail, this link may show us a good idea.
http://group-mail.com/email-error-codes/server-says-530-5-7-0-must-issue-starttls-command-first/

This also looks like something easy to try:
https://forums.zoho.com/topic/sending-failed%3B-reason%3A530-5-7-0-must-issue-a-starttls-command-first-6-12-2009
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41860461
If you use sleep() also look at set_time_limit() to avoid your script timing out.

The rationale behind the 1000ms delay is that some ISP's have a throttle on how many emails you can send in a time period - if you exceed that they block you.

Have you considered outsourcing sending of emails to a bulk email provider. They handle all of this for you.
0
 
LVL 76

Expert Comment

by:arnold
ID: 41860572
The confusing thing you say you have an SMTP-relay, to which server is this SMTP-RELAY, relays?
The error you have deals with an expected mechanism.
Often, smtp-relay means that your server handles the message and then sends it through to you ISP to handle the disposition.

Your relay might be misconfigured to direct the email to a server that is not the public destination of .... and thus requires additional security features such that you would need to configure your SMTP server, sendmail to handle outgoing message.
i.e. you configured your smtp-relay to go through a specific server including an off port (not 25).......
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41860696
I think the whole sleep() thing is a red herring.  My guess is the problem lies elsewhere, maybe in the permanent fatal error from StartTLS.  And besides, sleep() time is not added to execution time, as this script demonstrates.
<?php // sleeper.php
/**
 * https://www.experts-exchange.com/questions/28978924/add-a-1000-ms-delay-after-each-sending-email-operation.html#a41860461
 *
 * http://php.net/manual/en/function.sleep.php#33732
 * http://php.net/manual/en/function.set-time-limit.php
 * http://php.net/manual/en/function.getrusage.php
 */
error_reporting(E_ALL);

function resource_usage_time($ru_alpha, $ru_omega, $index="utime")
{
    $a = $ru_alpha["ru_$index.tv_sec"]*1000 + round($ru_alpha["ru_$index.tv_usec"]/1000);
    $z = $ru_omega["ru_$index.tv_sec"]*1000 + round($ru_omega["ru_$index.tv_usec"]/1000);
    return $z - $a;
}

echo '<pre>';

// SET SOME LIMITS
$counter = 60;
set_time_limit(1);
$seconds = ini_get('max_execution_time');

// STARTING RESOURCES
$ru_alpha = getrusage();

// LOOP WITH SLEEP
while($counter > 0)
{
    echo PHP_EOL . "$counter iterations left";
    sleep(1);
    flush();
    $counter--;
}
$ru_omega = getrusage();

// COMPUTE RESOURCE USAGE
$ms = resource_usage_time($ru_alpha, $ru_omega) ;
echo PHP_EOL . "This process used {$ms}ms out of its limit of $seconds seconds for its computations";

Open in new window

0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 41861991
i don't believe the sleep would help with these errors.

actually having these errors is inconsistent with the fact that some of the email manages through, except if you're doing some weird stuff such as manually relaying to gmail's submission servers rather than the regular smtp...

if you're relaying through sendmail/postfix/exim or whatever relay you installed locally, it's logs would be welcome
1
 

Author Comment

by:Rawand Amin
ID: 41862335
I have taken Ray Paseur into concentration, and re-configure SSL certification on the same server, as highlighted below.  I am waiting for someone to send bunch of and have a result.

I you know any command in linux sendmail that would enable me to send a big number of email to test the system please let me know.

define(`SMART_HOST', `smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/ca-bundle.crt')dnl
define(`confCRL', `CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl
dnl #define(`confAUTH_OPTIONS', `A p')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Open in new window





Thanks all for your help
0
 
LVL 76

Expert Comment

by:arnold
ID: 41862386
Sendmail need not be enable to send massive amount of emails. You are configuring your sendmail as to relay through port 587 which is configured with different requirements. The additions you made enable features on your site, it does not force your sendmail client side interaction with gmail to STARTTLS during the connection as the error clearly states is the reason for the message exchange failure.

Do you have your outgoing port 25 blocked? If so, check with your ISP as to their Mail server through which you would configure your sendmail server to relay.
instead of smtp.gmail.com you would have smtp.myispprovider.com .......
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 41862563
seems good. if you don't see errors any more, we can probably assume that the previous config led to errors but sendmail was able to interpret them and send the mail nevertheless. ddoes not matter anyway if you don't have them.

beware that gmail as most smtp providers applies rather strict policies regarding outgoing email and may decide to reject or discard yours very soon if you send more than a few dozens a day, no mentioning content filtering. you may consider other setups. if port 25 is not blocked and your ip range belongs to you or is configured with proper ptrs, you can use direct delivery.

as far as gmail goes, you can throttle delivery in sendmail. use rules such as do not send more than 1 mail per minute and no more than 20 per hour... note that i used arbitrary values that should work with gmail ( or would recently ) but i don't know ( and gmail does not communicate them ) the actual rules in use ; and they are subject to change without warning.
0
 

Author Closing Comment

by:Rawand Amin
ID: 41880116
Thanks
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now