Heroku Intercepting Some Gmail Incoming Messages - ruby-on-rails-3

I am serving my Rails 3 app on Heroku, my mail through Google, and the domain through Enom. This is for www.challengage.com
This works 95% of the time, however, once in a while, when someone tries to reply to an email I send them, it fails with the below error message because my email, josh#challengage.com, somehow got replaced with josh#herokuapp.challengage.com when they recieved it. I think it has something to do with Mail Delivery Subsystems, but I'm not sure. It also only seems to happen when emailing University professionals.
Error Message:
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON#smtp2.syr.edu]
Sent: Monday, July 15, 2013 2:08 PM
To: David DiMaggio
Subject: Undeliverable: FW: Challengage - Work Team Simulation product for interviewing evaluations
Delivery has failed to these recipients or groups:
paul#challengage.herokuapp.com
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
The following organization rejected your message: challengage.herokuapp.com.
Any ideas?
Thanks everyone.

This is almost certainly because you're using a CNAME for your email records.
Although most email servers will reflect the original domain when sending a message, others will replace it with the domain that's at the end of the CNAME.
This means that instead of sending to someone#challengage.com they send to someone#challengage.herokuapp.com instead.
The mail server sees the request to send to someone#challengage.herokuapp.com and decides that it doesn't look after challengage.herokuapp.com and so from it's perspective the message is rejected.
We used to see this issue with CloudMailin customers and started to recommend that they don't use CNAMES where email is involved and just make use of adding MX records direct to the Apex domain.
With Heroku this poses a problem though as you don't have a single IP that you can use to access their servers. We eventually ended up using Route 53 to host our domain, then adding an SSL endpoint (to get load balancer details) and then adding that load balancer to Route 53's Alias command so that it automatically always gave the correct results. Alternatively you can setup some sort of static IP based system on your apex domain to redirect.

Related

Getting MTA blocked from zen.spamhaus.org but the website check shows IP is OK

I'm using zen.spamhaus.org in my sendmail config.
FEATURE(dnsbl',zen.spamhaus.org')dnl
I'm using AWS SES to send email and when I try to relay an email I get:
Nov 9 09:01:00 Web-Mail sendmail[12751]: ruleset=check_relay, arg1=e226-2.smtp-out.us-east-2.amazonses.com, arg2=127.255.255.254, relay=e226-2.smtp-out.us-east-2.amazonses.com [23.251.226.2], reject=550 5.7.1 Rejected: 23.251.226.2 listed at zen.spamhaus.org
But if I go to the the spamhaus website and check the IP it says there are no issues.
https://check.spamhaus.org/not_listed/?searchterm=23.251.226.2
23.251.226.2 has no issues
This has just started happening recently. I tried white listing the SES server in my access.db to no avail.
Any help would be appreciated.
I tried white listing the SES server in my access.db to no avail.
Also tried sbl.spamhaus.org with the same results.
Turns out it's also blocking other valid MTA's
Nov 9 09:43:26 Web-Mail sendmail[12990]: ruleset=check_relay, arg1=mail-dm6nam10olkn2106.outbound.protection.outlook.com, arg2=127.255.255.254, relay=mail-dm6nam10olkn2106.outbound.protection.outlook.com [40.92.41.106], reject=550 5.7.1 Rejected: 40.92.41.106 listed at zen.spamhaus.org
Which explains why I'm getting reports from other people saying their emails are being returned.
I am experiencing a similar issue, lots of people receiving rejected email notices because of zen.spamhaus.org wrongly sending blocked responses.
As you have found going to the spamhaus website indicates no issues with the ips.
But this is the only mention of the issue that I can find!
I am using postfix
I ahve removed zen.spamhause.org from my smtpd_recipient_restrictions config for now and things are returning to normal.
Looks like the DNS for zen.spamhaus.org isn't resolving. Could be the issue
Ok looks like I was rate limited - I am working on a project that sent my 203 emails in error. I think I fell foul of samhaus's rate limiter for too many queries in a short time.

Sonos API subscription callbacks stopped

I have perl on apache http service that's been working fine for several years to issue sonos cmds and receive callbacks. About two weeks ago, I stopped receiving any callbacks.
I subscribed successfully (response={}) for groupVolume, playbackMetadata, and playback events.
I am successfully getting webhook messages from other services (e.g., Vonage) using https, so it seems the port is open to my server, and apache is successfully processing these requests. I see no trace of any messages from the sonos api in my apache logs.
I have no trouble issuing commands (setMute, getFavorites, getPlaybackMetadata, etc.). Only the callbacks are a problem.
I ran the ssltools checker from digicert but found no issues.
I can't recall making any changes to the home router config.
Does anyone else have a problem like this or know how to diagnose what's happening?
I installed WireShark but am overwhelmed with the functionality and don't know how to narrow down what I should be looking for to see if the messages are being received and blocked somehow.
it may be unlikely, but is it possible that there isn't any usage of your integration that would result in callbacks being sent to your service? For example - if volume isn't being changed, or playback isn't happening, you won't receive events.
If that's not the case, additional information is required to debug this issue. Could you please email developer-feedback#sonos.com with the following information:
The name of your service/application
The date/time your service stopped receiving callback events. You said about two weeks ago, but could you be more specific?
The clientId used by your code. This is the UUID you generated when you initially created the "API Key" on developer.sonos.com. Format is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (note - we do not need the secret associated with this key).
With that information we should be able to determine the cause of your missing callbacks.

Postfix configuration when using 2 servers behind a load balancer (failover)

In my company we are facing the following issue. Can you help me to guess what is causing it? Thanks for your help :)
We have a Load Balancer: lbname.glb.itcs.companyname.net
which balances traffic in FAILOVER mode to:
servername1.itcs.companyname.net
servername2.itcs.companyname.net
Our problem is regarding email redirection. We intend to receive email from partners (external company) in our load balancer, but this fails (relay access denied). However, if we send email directly to any of the two servers, it works. Let me explain in more detail.
Case 1: email to the load balancer
The load balancer redirects correctly to the primary server (servername1), but this one rejects and we get back an email with the following content:
servername1.itcs.companyname.net rejected your message to the following e-mail addresses:
account#imspro.glb.itcs.hpecorp.net (account#imspro.glb.itcs.hpecorp.net)
servername1.itcs.companyname.net gave this error:
<account#imspro.glb.itcs.hpecorp.net>: Relay access denied
Case 2: email directly to servername1
It works with no issue and we are able to see the mail in our mailbox at linux level.
We have the following postfix configuration:
existing files in /etc/postfix
main.cf file
We solved this issue just adding the Load Balancer to the destinations file, so that the file looks now like this:
lbname.glb.itcs.companyname.net
It was empty before.
We also needed to restart postfix service.

Emails sent through our application are going to spam or not comming at all

When sending emails through our rails app they are going to spam in some email accounts(hotmail) and not coming at all in others.
We are using sendmail to send the emails. The sender email id is no-reply#xyz.com. What could be the possible reasons for this. Where do we check the logs for the sendmail(ubuntu).
Regards,
Pankaj
I think its with your SMTP mail server. if you can send the mail using like Gmail SMTP server you will overcome this prob !
check this list and see if your ip is in the list. Replace your 1.2.3.4 with your ip.
http://bgp.he.net/ip/1.2.3.4#_rbl
Check the full headers of the messages that are ending up in spam folders. The sendmail logs on your end won't tell you anything, unless the recipient's server is refusing your traffic at the SMTP level. Anti-spam software will often add header lines showing which tests failed -- maybe the IP address you're sending from is blacklisted or has a poor reputation; maybe there's something about the content that looks spammy.

Where is the IIS 6 SMTP badmailfrom list?

One of our applications started erroring out and a result was that hundreds of error emails were being sent in matter of seconds. This got the email sender (seems to be just the from address, not the IP) banned. We use the IIS 6 SMTP server. This is the entry from the bad mail file:
Diagnostic-Code: smtp;553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)
I would like to remove the email sender from the list, but I cannot find it. I search the web for the location, but I didn't turn up anything.
Any help on this would be appreciated.
Thanks,
Darren
The error although recorded on the server hosting IIS actually originated from our 3rd Party email host. The email address being used to send the email was actually blocked from the email host. Calling them and getting them to remove the email address from their block list resolved this issue.