Postfix error

xy16644 · May 19, 2015

When I try to send an email to someone I have emailed multiple times in the past I now get this error after a few hours:

Code:

Action: failed
Status: 4.4.2
Diagnostic-Code: X-mail-domain-com-Daemon; lost connection with
cluster8.eu.messagelabs.com[xx.xxx.xxx.xx] while performing the EHLO
handshake

The strange thing is, I can receive emails from this person! My config for Postfix hasn't changed in months.

Can anyone help please?

SirDice · May 19, 2015

'Lost connection' indicates either you, the other side or the internet killed the connection. But as it happens during the EHLO phase it might be due to a spam filter on the receiving end. Some filters look at your source IP and will kill the connection right away when the IP shows up on some RBL.

xy16644 · May 19, 2015

I can understand it losing the connection maybe once but this has happened over and over again after sending multiple emails in the last week or so. I don't have any other connection issues when sending email to anyone else.

My IP isn't blacklisted and I have it listed on a whitelist.

Remington · May 19, 2015

Its more likely the problem is on the receiving and its not likely RBL. If your IP address is not blacklisted then they probably have other tools that blocked your email. Not much you can do except contact the administrator on the receiving end.

phoenix · May 19, 2015

If you do a manual sending of an e-mail, how far does it get, and what are the error messages that you see?

Code:

# telnet ip.of.mail.server 25
ehlo name.of.your.mail.server
mail from:<your.email.address@your.mail.server>
rcpt to:<destination.email@destination.host>
data
Subject:  Test message
From: "Your Name" <your.email.address@your.mail.server>
To: "Destination Name" your.email.address@your.mail.server>
This is a test message.
.
quit

gkontos · May 20, 2015

messagelabs.com appears to be a hosted symantec cloud antispam, antivirus service. I doubt that a manual telnet will get through and from what I see your connection is lost during EHLO.

Your best choice is to monitor the /var/log/maillog file when you try to send an email there.

xy16644 · May 20, 2015

If I send an email to the address where it bounces back this is what appears in /var/log/maillog:

Code:

May 20 12:40:40 mail postfix/smtp[87683]: Trusted TLS connection established to cluster8.eu.messagelabs.com[85.158.137.3]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 20 12:40:40 mail postfix/smtp[87683]: 0537DB15: lost connection with cluster8.eu.messagelabs.com[85.158.137.3] while performing the EHLO handshake
May 20 12:40:41 mail postfix/smtp[87683]: Trusted TLS connection established to cluster8.eu.messagelabs.com[85.158.140.195]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 20 12:40:41 mail postfix/smtp[87683]: 0537DB15: lost connection with cluster8.eu.messagelabs.com[85.158.140.195] while performing the EHLO handshake
May 20 12:40:42 mail postfix/smtp[87683]: Trusted TLS connection established to cluster8.eu.messagelabs.com[85.158.137.19]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 20 12:40:42 mail postfix/smtp[87683]: 0537DB15: lost connection with cluster8.eu.messagelabs.com[85.158.137.19] while performing the EHLO handshake
May 20 12:40:42 mail postfix/smtp[87683]: Trusted TLS connection established to cluster8.eu.messagelabs.com[85.158.140.211]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 20 12:40:42 mail postfix/smtp[87683]: 0537DB15: lost connection with cluster8.eu.messagelabs.com[85.158.140.211] while performing the EHLO handshake
May 20 12:40:43 mail postfix/smtp[87683]: Trusted TLS connection established to cluster8.eu.messagelabs.com[85.158.139.19]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 20 12:40:43 mail postfix/smtp[87683]: 0537DB15: to=<person@domain.co.uk>, relay=cluster8.eu.messagelabs.com[85.158.139.19]:25, delay=3.6, delays=0.03/0.02/3.5/0, dsn=4.4.2, status=deferred (lost connection with cluster8.eu.messagelabs.com[85.158.139.19] while performing the EHLO handshake)

After a few hours I then receive an email saying:

Code:

<person@domain.co.uk>: lost connection with
cluster8.eu.messagelabs.com[85.158.139.51] while performing the EHLO
handshake

Is there anything else I can try? Keep in mind I have sent numberous emails to this person over the years and have only experienced this issue in the last few weeks.

Remington · May 20, 2015

It's their receiving end and their administrator may have changed some settings or performed software updates. Did you try sending email to that person from your alternate email address such as Gmail or Yahoo?

kpa · May 20, 2015

I'd guess messagelabs.com is using an RBL that overenthusiasticly blacklists IP addresses based on user reports and other data that I would call "rumours" and not solid evidence and you're now a victim of that. I would contact messagelabs.com admins and ask them directly why your IP address is being blocked, the lost connection during EHLO handshake can not really be anything else but a spam/virus filter kicking in during the negotiation.

gkontos · May 20, 2015

The logs don't help much! Can you send them an email from gmail to see if it gets through? My guess is that they are doing something stupid on their end. If they reject you during EHLO it means that for some reason the are blacklisting you. In any case, when a message is being rejected due to blacklisting the mail server should reply back at least in the logs, the reason and a link for you to contact.

xy16644 · May 20, 2015

I have sent a test email from my Gmail address successfully. I know for a fact that I am not on any RBLs as I monitor my mail quite closely and do regular blacklist checks.

The questions is, will they troubleshoot this issue or even speak to me as I am not a customer of theirs?

Remington · May 20, 2015

It won't hurt to ask them to put you on the whitelist. They could be using a different RBLs that you're not aware of.

xy16644 · May 20, 2015

Argh, I'm trying! Busy registering on the Symantec website to be able to log a call. I'm pretty sure they'll tell me to go away since I am not a customer!

ShelLuser · May 21, 2015

xy16644 said:
Is there anything else I can try?

Yes, follow up on Phoenix' previous suggestion, do this on the same computer where Postfix is running on. That's the best way to find out what is going on here. Make sure to use the same HELO address which your MTA is using.

This will show you right away what's going on here.

xy16644 · May 21, 2015

Ok, so I tried sending a test email using telnet:

Code:

$ telnet 85.158.137.3 25
Trying 85.158.137.3...
Connected to mail38.messagelabs.com.
Escape character is '^]'.
220 server-12.tower-38.messagelabs.com ESMTP
ehlo mail.domain.com
250-server-12.tower-38.messagelabs.com
250-STARTTLS
250-PIPELINING
250 8BITMIME
mail from:user@domain.com
250 OK
rcpt to:user@remote.co.uk
250 OK
data
354 go ahead
Subject:  Test message 8:18
From: "Me" user@domain.com
To: "Recipient" user@remote.co.uk
This is a test message.
.
250 ok 1432192831 qp 29685 server-12.tower-38.messagelabs.com!1432192670!3793015!1
quit
221 server-12.tower-38.messagelabs.com
Connection closed by foreign host.

Now I wait!

Even thought I telnetted to the correct IP I still see that aonther host name appeared above (server-12.tower-38.messagelabs.com). In all my error emails it was trying to connect to:

cluster8.eu.messagelabs.com[85.158.137.3]

I guess this has something to do with the clustering....

Postfix error

Administrator