[BlueOnyx:11597] Re: Sendmail Authentication errors

Tue Oct 23 11:55:57 -05 2012

On 10/23/2012 9:56 AM, Will Nordmeyer wrote:
> On Mon, 22 Oct 2012 07:38:00 -0500, Gerald Waugh
> <gwaugh at frontstreetnetworks.com> wrote:
>> On 10/22/2012 06:49 AM, Larry Smith wrote:
>>> On Mon October 22 2012 05:56, Will Nordmeyer wrote:
>>>> Thanks
>>>> for the idea. I checked poprelayd (it is running) and it has no data
>>>> when I do a poprelayd -p. I'll contact her to shift to port 587... I
>>>> still wish I could figure out why this suddenly started. And why it is
>>>> only really affecting one or two users.
>>> Hmmm, if poprelayd -p has no data, then it may be running but does
>>> not appear to be parsing the maillog correctly.  If running you should
>>> be able to see a person check mail (in the maillog) then within seconds
>>> see that IP (the IP they checked mail from) show up in the poprelayd -p
>>> output.
>>>
>>> As for why only affecting a few, try doing an RBL check against their
>>> IP addresses, it may be those are listed somewhere and causing sendmail
>>> to block the send.
>>>
>> Also some ISPs including comcast do block port 25, so use 587
>> I believe someone suggested the same. so I second that.
> OK...  had the user change to port 587.  The problem still occurs.
> What is particularly confusing is that it is **ONLY** one or two users
> of several hundred on my server.
>
> In this particular case, I have 2 users on the same domain (husband &
> wife), traveling, using a Verizon mifi.  SHE is getting these errors...
> HE is not.  She is using either an iphone or her laptop with Outlook
> 2010.  He is using his netbook with (as I recall) Outlook 2003.  (or
> Outlook Express).
>
> I had her change her SMTP port to 587 and also turn on "my server
> requires authentication."  But it still happens from her outlook
> account.
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
Ive seen this before as well. It sounds like part of the block of IPs 
her carrier assigns to the data devices is on an RBL somewhere. We had a 
customer trying to send us emails and whenever he was mobile his mail 
would be blocked.

After looking up the various IPs, they were all resolving to a netblock 
in Kansas that had seen spam/viruses originating from them.  Probably 
some sucker out there with an infected laptop and and aircard, and my 
customer was the unfortunate soul to be assigned those IP addresses 
after the infected guy moved on.

Its especially telling if they can send mail from a public hotspot, but 
not the MiFi.

I'd check your logs and run their IPs through the RBL checkers just for 
sanity's sake.