Solved Email delivery problem

Here is from postfix log, our emails were blocked, I asked masked@ptero-byte.com to contact his ISP to unblock us, his ISP replied: "we didn't block any emails, the email didn't reach our server". So, how does smtp1d.netintelligence.com get involved here? Please help me understand this, thanks!

Code:
Jul  9 04:20:51 mail postfix/smtp[37086]: 8CF5F1D64152: to=<masked@ptero-byte.com>, relay=smtp1d.netintelligence.com[62.128.193.14]:25, delay=3.2, delays=0.02/0.01/3/0.18, dsn=5.7.1, status=bounced (host smtp1d.netintelligence.com[62.128.193.14] said: 550 5.7.1 <masked@ptero-byte.com>... Mail from <1.2.3.4> blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=<1.2.3.4> (in reply to RCPT TO command))
 
It was blocked at the receiving end due to a RBL by smtp1d, which is one of the MX servers of the ptero-byte.com domain. I'm guessing their mail passes their hosting provider's mailservers before it's passed on to their own mailserver. That's a common setup. So technically they (ptero-byte) didn't block it, their hosting provider did.

I would also suggest checking the reason why Trend Micro put your mailserver on their RBL.
 
After you clear all infected computer register your MX ip address in Global Approved List
outgoing mailservers don't require an MX record. MX records are for incoming mailservers only. With larger mail setups it's common to split ingress and egress mail.
 
SirDice Thank you very much for the detailed explanations, they cleared all my doubt and confusion. :beer:

The block happened many years ago (2011 :rolleyes:), I just started using this IP on a new server. I have used the URL in the error message to request the removal, just got a conformation that the block will be removed within 24 hours.

The request form on the request page has two buttons, I clicked the wrong button in my two previous attempts, nothing happened. This time, it's fast.
 
Useful command:
drill ptero-byte.com MX
This fetches the MX records for that domain. Any mail sent to that domain is always sent to one of the servers with an MX record (lowest number is tried first). If you look at those MX records you'll notice the same server name that blocked your email.

Small setups often use a provider's mail servers as an intermediate. The provider can guarantee uptimes so mail is always able to be delivered. The provider's mail servers know where to pass the mail along to the company. If their upsteam connection, or their own receiving mail server, is down the mail could get held at the provider for a few days until the issue is resolved. Mail sent in the mean time will still get delivered instead of getting bounced right away.
 
Useful command:
drill ptero-byte.com MX
This fetches the MX records for that domain. Any mail sent to that domain is always sent to one of the servers with an MX record (lowest number is tried first). If you look at those MX records you'll notice the same server name that blocked your email.

Small setups often use a provider's mail servers as an intermediate. The provider can guarantee uptimes so mail is always able to be delivered. The provider's mail servers know where to pass the mail along to the company. If their upsteam connection, or their own receiving mail server, is down the mail could get held at the provider for a few days until the issue is resolved. Mail sent in the mean time will still get delivered instead of getting bounced right away.
Very interesting, I should have thought of checking MX to see the connection, thought it's something more mysterious. :oops:

Glad I don't have to receive emails, that would be a nightmare, I always find email related stuff very complicated...
 
outgoing mailservers don't require an MX record. MX records are for incoming mailservers only. With larger mail setups it's common to split ingress and egress mail.
Sorry for the confusion i was not clear enough by MX i mean Mail Exchange (MDA Postfix server address 1.2.3.4 from the quoted log) not the actual MX record in the DNS.

You can check against if your Postfix IP address is listed in any other Blacklist on the following address:
 
MXToolbox is very useful indeed. I also use them to check my mail server for open relay issues.
 
Back
Top