On a 1&1 shared hosting, I'm using mail(...); from a PHP script (which itself calls /usr/sbin/sendmail -t -i) and finally I get an error message (see below).
More or less my mail (I send less than 5 mails per day) is considered as spam by SORBS. It's not spam (it is usually an important mail to a customer with their download link after a purchase) nor a virus.
I'm having a nightmare since days to solve this problem.
Questions:
- what is the flow diagram of my email ?
local PHP ==> local sendmail ==> ... ? SORBS ? ==> recipient server ? => error message? (who sends it? sorbs or recipient or local sendmail?)
where is SORBS working in this story ? By my shared hosting (1&1)? Somewhere in the middle? By who is this service called? By the recipient's server?
how to typically solve such problems? SORBS seems to be difficult to reach (no phone, difficult to contact support via email, etc.) and very opaque
Note: I've asked SORBS for delisting, but the problem continues.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]: SMTP error from remote server for RCPT TO command, host: mail.forwarder.lexsynergy.com (212.20.251.xx) reason: 550-212.227.126.xx is listed at dnsbl.sorbs.net (127.0.0.xx, 127.0.0.xx: 550 Virus Transmitting Server See: http://www.sorbs.net/lookup.shtml?212.227.126.xx)
--- The header of the original message is following. ---
Received: from xx.kundenserver.de (infong1124.kundenserver.de [212.227.18.xx]) by mrelayeu.kundenserver.de (node=mreue006) with ESMTP (Nemesis) id 0LzUX8-1b2ynI3IFW-014gcV; Tue, 06 Sep 2016 14:34:58 +0200 Received: from 173.0.81.1 (IP may be forged by CGI script) by icpu2490.kundenserver.de with HTTP id 4AibFb-1bfKiR2kcj-002Zae; Tue, 06 Sep 2016 14:34:58 +0200 X-Sender-Info: xxx
What is the flow diagram of my email?
PHP -> local MTA (sendmail) -> remote server
Error message? (who sends it? sorbs or recipient or local sendmail?)
The error line (550-[IP] is listed...) is generated by the remote server when you try and send mail to them. Your MTA then sends the message (known as a Non-delivery report) back to you indicating that it was unable to deliver the message.
Where is SORBS working in this story?
SORBS is a list of IP addresses that fall into various categories. They don't check the content of your email at all. The remote MTA is checking for your IP address in that list and rejecting your connection based on the results. In your case they show that your IP address was sending out viruses at one point in time. You can follow the link in the rejection for more details on exactly when and why your host was listed.
How to typically solve such problems?
First, make sure you are not configured as an open relay. Check your mail logs and config to make sure you are only sending out messages that you expect to be. You can use the mxtoolbox diagnostic tool to test if your server is an open relay. Also you should check that you aren't running a vulnerable PHP application that is sending out messages. Fix these issues if they exist before requesting a de-listing.
If your server is clean and you've started the de-listing process and are still on the list after 24 hours it is likely that the address given to you by your ISP was used by a spammer at one point in time and has a bad reputation. The SORBS de-listing process takes longer each time you have to request de-listing.
where is SORBS working in this story ? By my shared hosting (1&1)? Somewhere in the middle? By who is this service called? By the recipient's server?
Email blocklists such as SORBS are typically operated by the recipient organisation (e.g. the company not the individual) or whoever they've subcontracted their email gateway services to (e.g. systems like mimecast or barracuda's email filters). Your customer has decided that a clean email feed is more important than your emails (though they probably didn't quite understand the implications of the choices they made in their email filter settings, so good luck explaining that to them).
This is explained reasonably well at the SORBS website (http://www.sorbs.net/listing/aboutlistings.shtml). Your address is listed as part of a block on virus sites, so you should also read http://www.sorbs.net/delisting/virus.shtml if you have not done so already.
Simply put, you will need to ensure the problems are fixed in order to be considered for de-listing. This may require the co-operation of your webhost provider, it may be a simple matter to clear up (e.g. your IP address was previously used by a malicious or dumb customer and now you've taken it over it can reasonably be demonstrated to be clean), or it may not be so easy.
To a large degree, if this is nothing you've done, then I do strongly suggest you enlist the help of your webhost as they've effectively sold you damaged goods. If it is something you've done, e.g. your site is or has been compromised, they may still be best placed to help you resolve your issues as this will probably be neither the first or last time they've had to deal with this kind of thing.
Another alternative for you would be to smarthost your emails for this kind of thing through another service. There are some out there who specialise in being "clean" for this kind of thing.