Adjustments to outbound rejections

Three email rejection messages were reported to us several times recently:

"Your access to submit messages to this e-mail system has been rejected"

"You are not allowed to connect"

"Recipient address rejected"

These seem to have a correlation with Microsoft/Exchange recipients. We determined that the first two are likely issues of IP reputation, and so we've put in place rules to ensure that we retry delivery from several IPs before bouncing those back to the sender.

The third case (Recipient address rejected) had been tested under the same conditions for several hours and found to not be related to IP reputation at all, but to be an issue with Office 365/Exchange servers. It may be as simple as the recipient no longer existing at that domain, or as complex as an unknown misconfiguration by the recipient party (or their IT department). For the time being, we're considering that to be a legitimate bounce error that we cannot assist with. You can read more about that here: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-4-1-in-exchange-online

Fixed login issue for new users on Arrow

New users on the Arrow server may have been unable to log in to Crossbox. This was caused by a failure to create symlinks at /home to the /home2 partition after user creation. This should now be resolved.

DirectAdmin servers moved from rspamd to SpamAssassin

While rspamd is objectively more efficient, we've reverted our DirectAdmin servers to use SpamAssassin. The most significant reason being that the SpamAssassin user configuration in the DA panel would not work fully as expected (ex. no wildcards on white/blacklist), and this led to us spending too much time trying to work with users to achieve their goals here (or to explain why they couldn't and were better off than if they were able to). The most wise decision appears to be to restore that page to work as users expect.

We expect a very functional configuration that helps reduce spam to look something like this: https://www.dropbox.com/s/5mmd017tfvvzw2b/Screen-Shot-2020-01-22-11-05-52.59.png?dl=0

If you see false positives to any excessive degree, maybe try "Medium Threshold" instead.

No you do not have the ability to train the filters, bayesian learning is not effective or efficient and we're not using it to train when you move email to/from the junk/spam folder.

More clear message for rejected forwarded email

When recipient services are guaranteed to reject a forwarded email based on the sender (sender domains that specify "reject" in their DMARC record), we block the sender's email from being forwarded as the only possible impact of sending an email that is guaranteed to be rejected would be negative IP reputation (you wouldn't receive the forwarded email anyway, no benefit, only harm to be done).

Previously we've relied on a default rspamd message "554 5.7.1 Matched map: SENDERFROMBLACKLIST" which was returned to the sender. This message has been adjusted to:

"Your recipient is forwarding email and the domain you are sending from forbids it by DMARC"

DirectAdmin Backups Resolved

Since deployment of the DirectAdmin servers we've been trying to work with a third party plugin that would allow us to perform incremental backups over the S3 protocol to ensure the best performance. While working toward that effort, we opted for rsync with the --delete flag to hold us over. The --delete flag, if you're unfamiliar, simply means that if files are removed on the primary server, rsync would remove them from the backup server as well (ensuring that old and deleted data did not stay in the backups).

As of today we've begun using DirectAdmin's built-in backup system, and while not ideal, will mean that we will more consistently have backups for accidentally deleted data, which is of value. Backups will, for the moment, be consistent and plentiful.

This is not likely the final backup system that we will use on the DA servers, given that full backups eventually cause a heavy hit to system performance as usage on the servers grow. We will continue to work toward the secondary goal of strong incremental backups (which only backup new changes each time).

AutoSSL not renewing custom SSL on cPanel servers

cPanel has acknowledged an issue that needs to be fixed in a future version, that is currently causing AutoSSL to fail to automatically renew custom hostname certificates on cPanel servers (mail.yourdomain.tld, webmail.yourdomain.tld). The temporary workaround for this is to log in to cPanel, click Custom SSL, and click Run AutoSSL.

DA Roundcube Update

DirectAdmin servers have seen an update to Roundcube 1.4. This includes their new beautiful and responsive skin, and marks the removal of the third party skins that played this role in the interim.

London Server Migration

The London server has been migrated from cPanel to DirectAdmin. This aims to correct performance and stability issues over the past months, as well as solve the problems caused by cPanel licensing changes. You need to know some details if you are on this server:

  • The control panel is now at https://london.mxroute.com:2222
  • You can find some tutorials here: https://mxroutehelp.com
  • Email filters are created under Settings in Roundcube.
  • We are working to get Crossbox back online for London, a location where it has previously been unstable.
  • The server is not physically in London, but is close enough to still have very low latency to locals (NL).

London Server Migration

We are attempting to kill two birds with one stone on London and resolve issues caused by performance as well as cPanel licensing. This server is well positioned for a migration to DirectAdmin, and we are working toward that end. It is not yet known if this will will be a flawless transition, and as such we cannot yet be certain that we will carry it through. If it is successful, we will move ahead. If it isn't, we will abandon this plan.

We're expecting only one thing to change, and that to be your control panel login URL. We will email customers on this server to notify them of the change, should this migration be successful.

Outbound Filter Updated Again

In a previous update we added that an invalid MX record would not pass outbound filters. This has been dialed back for certain conditions where rspamd was found to be returning the error for no valid reason.