Blocked SMTP Port

xervers antispam service

Since 01 November 2021 we implemented a antispam service that filters all outgoing mail on our network. This filter acts on port 25 and it’s not possible to disable it.

If your email is not reaching destination, it’s because one or all of the following reasons:

  • Your IP is blocked on some SPAM lists.
    • Check the usual spam lists (barracuda, spamhous, etc…) and confirm that the IP or domain that is sending the email is not blocked.
  • Your server doesn’t have a reverse dns configured.
    • In order to be able to send an email successfully, the reverse dns (PTR record) needs to be configured. This can be done on the client area (for the VPS Servers) or on the IPAM portal (for the dedicated servers).
  • You don’t have a SPF record configured.
    • Like most of the email servers, our antispam service checks that you have a correct SPF record configured. If that is not the case, you have to configure it.
      Note: When configuring the SPF, add the IPv4: 185.219.130.2 and IPv6: 2a0e:bc00:0:2:0:0:4d7:5959 to the allowed IPs.
  • The DKIM Signature of the email being sent doesn’t match with the key configured on the domain.
    • If you have set a DKIM pair keys, check that both are correctly configured (on the domain and on the email server).
  • The email isn’t correctly formatted:
    • The email header is bogus.
    • The sender domain/mail doesn’t exist.
    • The destination’s domain/mail doesn’t exist.
    • The header contains 2 “From” emails from different domains.
    • The header’s date is invalid (check RFC 2822).
    • Has mixed cases in center or HREF tags.
    • The sender domain doesn’t have a MX or A records.

These are just a few checks our antispam service does before allowing your message to the outside world. The SPAM score is calculated with the above checks and if it is over 3 (minimum is 0 and max is 15), the message is blocked.

To know what mails are being blocked, you can configure a catch-all address and whitelist all emails coming from [email protected]. When an email is blocked, you’ll receive a notification with a link to access directly the portal. You can then verify the reasons why the email is being blocked.

Apendix:

Test Performed

Test Description

AWL

Standard description: "From:" of the address is auto-whitelisted

Explanation:

Automatic Whitelisting (AWL) keeps track of the scores associated with known senders and pushes the total score of the mail to the sender's average. Thus, mail from a previous sender that has a higher-than-average score may receive a negative score; mail with a lower-than-average score may receive a positive score.

BAYES_99

Standard description: Bayes spam probability is 99 to 100% (or 99.00 to 100.00% for BAYES_999).

Explanation:

The SpamAssassin includes a Bayesian filter that assigns scores based on the user's previous email history. This can assign both positive and negative scores. For example, a user might receive a given spam message multiple times through a relay identified in a DNSBL, so that the SpamAssassin correctly identifies it as spam. If the user receives the same message through a new unlisted relay, the Bayesian algorithm will assign him a high score based on previous experience.

Conversely, if a user receives a regular newsletter from a fitness club, and one issue references diet and weight loss pills (which normally flage the message as spam), the Bayesian algorithm will assign it a lower score.

BAYES_999

DKIM_SIGNED

Standard description: Identified mail domain keys: the message has a signature

Explanation:

The message is signed using DKIM (http://www.dkim.org/)

DKIM_VALID

Standard description: Domain keys Identified mail: verification of signature passes

Explanation:

The message is signed using DKIM (http://www.dkim.org/) and the signature has been verified

DKIM_VALID_AU

Standard description: The message has a valid DKIM or DK signature from the originator's domain

Explanation:

The emails contain a DKIM signature validated to the author's domain, which essentially means that the email comes from where it says it is.

HTML_IMAGE_ONLY_20

Standard description: HTML: images with 1600-2000 bytes of words

Explanation:

This can indicate a message using an image instead of words in order to bypass text-based filtering.

HTML_MESSAGE

Standard description: HTML included in the message

Explanation:

HTML messages are more visually appealing than plain text.

HTML_SHORT_LINK_IMG_3

Standard description: HTML is too short with an image attached

Explanation:

The message is HTML with only one link to an external image. This may indicate an attempt to avoid text-based filters.

HTML_TITLE_SUBJ_DIFF

-

MIME_HTML_ONLY

Standard description: The message has only text/html MIME parts

Explanation:

Indicates that the message lacks the alternative plain text part.

MIME_HTML_ONLY_MULTI

Standard description: Multipart message has only text/html MIME parts

Explanation:

A multi-part message usually has HTML and plain text alternatives with the same content. One with only HTML parts may indicate an attempt to avoid text-based filters.

MPART_ALT_DIFF

Standard description: HTML and text parts are different

Explanation:

The mail contains content in both HTML and plain text format, but its content is (most likely) different. This suggests that the sender is not using a normal mail client, and is trying to evade filtering by using a message that looks different to humans and mail filters.

RCVD_IN_DNSWL_BLOCKED

Standard description: The DNSWL query was blocked.

Explanation:

DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs".

SPF_HELO_PASS

Standard description: SPF: HELO corresponds to the SPF register

Explanation:

SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The domain in the HELO command is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come through mail.example.com and not mail.badguys.info.

In a normal mail client, the HELO command uses the Internet name of the computer sending the mail, so someone can use your 1-2-3-dyn.bigisp.com computer to send mail through the bigisp.com mail relay, which has an SPF record indicating that this is allowed.

Passe

A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity.

ð  From RFC 4408

SPF_PASS

Standard description: SPF: sender corresponds to the SPF record

Explanation:

SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The sender domain is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come from mail.example.com and not mail.badguys.info.

This often happens when users forward their mail to another domain, but the forwarding mechanism is not SPF-sensitive. Such a user would see SPF_FAIL tags in some of their incoming mail.

Passe

A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity.

ð  From RFC 4408

T_REMOTE_IMAGE

Standard description: The message contains an external image

Explanation:

The message contains an image that is not attached but is uploaded from an external server.

URIBL_BLOCKED

Standard description: Consultation of the URIBL was blocked.

Explanation:

DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs".

 

 

Spamscore

Sum of the total points of the tests performed

This is a non-exhaustive list and tests may change in the future. Therefore it is to be considered as a basis and not as a reference.


Was this answer helpful?