Can an SMTP server respond with a failure such as 552? - smtp

We use Mandrill to send emails and we are wondering about SMTP responses with respect to messages that cannot be delivered. For example, 552 occurs when the recipient's mailbox is full.
It only takes a few seconds for the SMTP server to respond. Within that time, does the message get to the recipient's mailbox?
If so, what happens if the mail cannot be delivered immediately? Is there a timeout such that the SMTP server responds even when the email is not delivered?

It only takes a few seconds for the SMTP server to respond. Within
that time, does the message get to the recipient's mailbox?
If the server sends an error because the mailbox is full, that is a good indication that the message did not get to the recipient's mailbox.
If so, what happens if the mail cannot be delivered immediately? Is
there a timeout such that the SMTP server responds even when the email
is not delivered?
It depends on what server you are connecting to. If you are connecting directly to the destination server (e.g. an Exchange server), it will often know whether it can accept the email or not (e.g. because the the mailbox is full), and can respond immediately by refusing delivery.
If you are connecting to an MTA which routes the email to another mail server, then it will not know whether the recipient's mailbox is full when you connect to it. However, it may reject the email for other reasons (like if your IP address has a reputation for sending spam). The MTA will usually accept the entire message before attempting to pass the email message to another mail server.
If the MTA attempts to deliver the email and receives a permanent (5xx) error, then the MTA will not try to deliver the email again. If the error is a transient (4xx) error, then the MTA usually waits a little while and then tries to deliver the mail again. Most MTAs will have a timeout set, after which they stop trying to deliver mail.
Most modern MTAs support DSN as an SMTP extension. (DSN stands for Delivery Status Notification: see https://www.rfc-editor.org/rfc/rfc3461 for details.) When an MTA that supports DSN cannot deliver an email to a recipient, it sends a DSN message to the sender indicating that it could not deliver the email.

AFAIK for authenticated/trusted senders most SMTP server deploy "accept and store in queue before any forward attempt".
If you want more detailed info the name SMTP server soft you use.

Related

Remote Server returned '550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup'

I have an exchange server 2016 and I've created a user, say testuser1#exchangedomain.com
I followed the steps as told in this video:
https://www.youtube.com/watch?v=GN2mZ6qOWf8
I'm trying to send a mail from testuser1#exchangedomain.com in the exchange server to any outlook account in the outside world, for example, username#outlookdomain.com
But I'm unable to send a mail from testuser1 and I'm receiving this error on the exchange server
Remote Server returned '550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup'
Is it even possible to do so because both the domains are completely different or am I missing something here?
The recipient email account is not found or doesnot exist. Even sending an email from Gmail gives "Address not found
Your message wasn't delivered to username#outlookdomain.com because the domain outlookdomain.com couldn't be found. Check for typos or unnecessary spaces and try again".

how to determine who sent request to my smtp server: mail-client (such as outlook) or other smtp servers

I am developing smtp server and there is a question i don't understand about smtp handshake.
#1. mail client (outlook) -> My SMTP Server
EHLO - AUTH - FROM - TO - DATA - QUIT
It is smtp relay request. My smtp server takes the request and delivers the mail to other mail server.
#2. Other SMTP Server -> My SMTP Server
EHLO - FROM - TO - DATA - QUIT
I understood smtp flow between SMTP servers as follows. AUTH command is not necessary in this case, because AUTH command is for authentication for client to send request relay to smtp server.
#1, #2 are the flow of SMTP that i understand. What I'm curious about is how does my smtp server determine whether this request is from a client or a server. I want to decide whether to do the AUTH command through it.
If my thoughts are wrong, don't laugh too much and i ask for a kind explanation.
Thank you.
The usual modern solution is to separate SMTP submission from regular SMTP transmission traffic, and require authentication for the former, but not the latter.
The latter should only accept inbound traffic for domains you are MXing for, and run on port 25.
Regular users should be blocked from using port 25 (your ISP or corporate firewall probably already does this) and use port 587 for message submission. (Some legacy systems still use 465, but you should not.)
In actual practice, you would check at MAIL FROM whether the sender is internal, in which case reject if they are not authenticated; and otherwise, check in RCPT TO if all recipients are internal, and reject the ones which are not.
See RFC 6409 for the SMTP submission spec, and RFC 8314 for related security recommendations.

Implementing an intelligent relay with an SMTP server/client

I need to implement an intelligent mailing list/relay (on Linux). The idea is that:
The server receives emails to a list address
It parses the mail, and confirms that it's from a trusted source
It looks up a list of recipients in a local database
It does some minor processing on the incoming mail, and sends it out to the list
It returns any bounce messages to the original sender
The server already has sendmail installed, but I can use another MTA if necessary.
This sounds straightforward, and sendmail already has a database look-up capability. However, I don't think this is particularly flexible, and I don't want to give sendmail independent access to my database.
The closest I've come to an existing solution is E-MailRelay, which looks good, but I don't want the overhead of integrating it if I can avoid it.
I'd appreciate a sanity check on my Plan B before starting it, or alternative suggestions. I haven't found any useful docs on this and the Sendmail book doesn't seem to have anything relevant in it.
What I'm thinking about is:
Implement an SMTP delivery agent for sendmail, and have sendmail and the DA running on the same server, with the DA listening on some unspecified port (which?)
Sendmail presumably acts as an SMTP client when connecting to the DA, and my DA will respond to MAIL/RCPT/DATA commands
The DA processes the received mail, which will be either a message out to the mailing list, or a bounce, or possibly a response
The DA then switches to client mode, connects to sendmail, and issues MAIL/RCT/DATA commands to return the response to the original sender
Does this make sense? Thanks.
This turned out to be pretty straightforward, although I didn't use a sendmail delivery agent - I just did everthing in SMTP. The server has two IP addresses, and sendmail is already listening on port 25 on IP#1.
I wrote an SMTP proxy which listens on port 25 on IP#2. This runs an SMTP server, which accepts incoming messages, and re-writes them. It then connects (as a client) to port 25 on IP#1, sending the re-written message to sendmail. sendmail then handles transmission to the re-written destination addresses. This is all transparent to the original mail client.
Not sure how I'd do this if the server only had one IP address, though.

The IP you're using to send mail is not authorized to send email directly to our servers

hi i wanted to send mail via smtp protocol to one of my
gmail's accounts...
i tried but finally it occurred and error :
telnet> open alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.131.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP b4si2095585vdw.57 - gsmtp
HELO stackoverflow.com
250 mx.google.com at your service
MAIL FROM: <test#stackoverflow.com>
250 2.1.0 OK b4si2095585vdw.57 - gsmtp
RCPT TO: <■■■■#gmail.com> // filtered ;)
250 2.1.5 OK b4si2095585vdw.57 - gsmtp
DATA
354 Go ahead b4si2095585vdw.57 - gsmtp
test
ok
it done
.
550-5.7.1 [5.22.81.102] The IP you're using to send mail is not authorized to
550-5.7.1 send email directly to our servers. Please use the SMTP relay at your
550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://support.google.com/mail/bin/answer.py?answer=10336 b4si2095585vdw.57 - gsmtp
Connection closed by foreign host.
so now how can i send mail without having this problem ?
This is because Google will reject any emails sent from IP in the spamhaus database.
What you need to do is go to http://www.spamhaus.org/lookup/ and follow the instruction there to remove your server ip from spamhaus database.
Please also follow this guide: Prevent mail to Gmail users from being blocked or sent to spam
You can find the answer at the link in the last line of the Google mail served response:
'The IP you're using to send email is not authorized...'
In order to prevent spam, Gmail refuses mail from IP addresses that are not authorized to send mail. The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address. This list typically contains consumer IP ranges offered for dialup, DSL, or other broadband access.
What can I do to fix this?
Your ISP may provide SMTP relays which will accept mail from your IP, and these servers should be authorized to send mail. Some ISPs may provide a way to get an IP that is authorized, either by upgrading to business class service or static IP service. You should reach out to your ISP to see what options are available.
Another alternative is to send mail through your own domain’s servers, either by configuring them to allow relay from your IP address, or by using MSA (mail submission agent). Learn how to use Gmail to send mail from a different address.
Please note that we are unable to whitelist IP addresses or otherwise make exceptions.
In other words, if your IP address is not authorized by your ISP to send mail, you should send your mail through:
Your provider mail server (SMTP relay)
Your own domain mail server.
Mail servers must meet a number of requirements to prevent their messages from being blocked, e.g. have a PTR record. The use of authentication methods such as SPF, DKIM or DMARC minimize the chance that messages are marked as spam.
I had this problem with one of my hotmail addresses, using Thunderbird on Kubuntu. Tried changing sever settings, passwords etc to no avail. In desperation, I deleted the offending email address through "account settings" "account actions" (bottom left of window). If you are on POP3 you will loose all your emails, so make sure you're on IMAP.
You then just select "add email" in Thunderbird and the email is put back as it should be and works perfectly.

can php send email without mail server installed in server?

I know we can send email from php using smtp servers on different hosts or if there is local smtp server installed. What I want to know is can php send email without any local or remote smtp servers? I have heard about sendmail program but can it function without any mail server installed in the server?
At some point you have to talk to a SMTP server. Sending via a SMTP server on the local host is the cleanest option and the most likely to succeed at getting through spam filters.
What a mail server does is quite complex. Let's take your average e-mail as it arrives from your e-mail client to your e-mail server with an outbound host as the destination:
The server checks your user account and makes sure it is valid.
The e-mail goes into a queue either separately for each recipient or as one message (depends on the server).
The server finds the e-mail in the queue and processes each recipient address. This requires a DNS lookup for a MX record for each target domain.
The e-mail server connects to the address specified by the MX record and delivers the e-mail to it as one does over SMTP.
On success, the e-mail is removed from the queue. On failure, the e-mail may remain in the queue and the server will try again later (exponential backoff - see greylisting) or be put in the mail queue to be returned to you when you check your e-mail via POP3 later.
The next e-mail server in the queue then repeats the above until the final server receives the e-mail and sits in the recipient's mailbox.
Doing that within PHP is possible, but I don't recommend it. MX record lookup can be tricky because people do all sorts of non-compliant things that mail servers tolerate. Plus, your script might time out while attempting to connect directly to the target SMTP server. Some servers are also configured to "greylist" e-mail, which means the e-mail will initially be rejected but would be accepted later (e.g. 30 minutes is not unusual). The average PHP script won't be able to handle that scenario.