SpamExperts KnowledgebaseOther

Problematic externals

Cisco intrusion detection issues

Sometimes there may be delivery issues resulting in messages getting queued with the following reason:

Connection timed out: SMTP timeout while connected to destinationserver.example [] after sending data block (49135 bytes written)

This issue only seems to affect emails with a certain message size, and can be caused by a Cisco Firewall at the recipient side with Intrusion Detection enabled. Disabling Intrusion Detection solves the issue.

ASA 5505 ESMTP inspection problems

The ASA 5505 has an ESMTP inspection rule that may wrongly block certain emails from being delivered. Please ensure to disable this rule and/or to update the firmware.

Outdated Zyxel firmware issues

Sometimes there may be issues delivering emails to a destination server using a Zyxel router. A telnet to the destination server from a Linux machine shows no 220 greeting is returned.
A telnet to the destination from a Windows machine does show the greeting. This is a known bug in the Zyxel firmware and updating the Zyxel router resolves the issue,

Exchange 2003 Small Business NAT problems

There appears to be a bug in the Exchange 2003 Small Business local NAT setup when redirecting traffic to an alternative SMTP port. Random timeouts after RCPT TO: may occur which is not reproducible from Telnet. Changing Exchange to listen directly on the alternate port, bypassing the NAT port forwarding resolves this.

Exchange 2007 and missing SpamExperts X-Headers

If when looking at the source of your message you do not see our 'X-Headers', then this could be an issue with the default HeaderPromotionModeSetting settings that Microsoft Exchange has in place. By default Microsoft Exchange 2007 sets these to 'NoCreate'. To see our X-Headers when using IMAP and POP then you should change this to 'MayCreate'.  This can be achieved from the Microsoft Exchange Shell by typing:

set-transportconfig -HeaderPromotionModeSetting MayCreate

Lotus Domino Notes outbound SSL issue

Older versions of Lotus Notes maybe be wrongly configured to send outbound mail by default to port 465 instead of port 25. This is a severe security issue since port 465 has never been defined as an official port for incoming email delivery. Instead, email uses STARTTLS to handle encryption. To avoid email getting rejected from Lotus Notes servers, it's important to configure Lotus Notes to correctly deliver outbound mail to port 25 directly instead.

The SSL port status should be set to "Disabled" (default).

Please ensure the outbound port is set to port 25 and negotiated SSL.

More information is also available in the official documentation.

Hotmail rejects with bad nameserver setup

Hotmail may bounce delivery attempts with the following unclear message:

Reporting-MTA: dns;
Received-From-MTA: dns;SNT402-EAS413
Arrival-Date: Wed,
17 Oct 2012 13:40:58 -0700

Final-Recipient: rfc822;
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 authentication"

This is NOT a rejection from the SpamExperts system. Hotmail has the unusual behavior of delivering to the A-record instead of the MX-records if the nameservers are not set up 100% correctly. Please check your nameservers to determine if there are wrong settings and to verify once that has been resolved.

OpenDNS Nameservers

Due to some lookup issues we do not recommend using OpenDNS nameservers in your setup (resolv.conf). We would recommend either using your own nameservers or Google's namerservers as backup. If you are in doubt, please contact

CloudFlare (DNS and HTTP proxy)

When a CNAME for the login link is created in CloudFlare and the DNS and HTTP proxy is enabled for this CNAME, the interface usage is affected. Certain areas or the interface will become unavailable, unless the DNS and HTTP proxy feature is turned off for that CNAME. 

Resolving SRS issue with Direct admin Exim - SpamBlocker 4.4*

In the newer versions of Exim SpamBlocker (4.4*) for Direct Admin, there are some issues with SRS, when using sender verification on outbound emails with SpamExperts. To resolve this, simply move the srs_router above the virtual_aliases router. Once you do this, you will be able to enable SRS on the sending mail-server and continue to use sender verification on the SpamExperts side. So the config should then look like this:

srs_router: driver = redirect srs = reverseandforward data = ${srs_recipient}
virtual_aliases: driver = redirect .include_if_exists /etc/exim.srs.forward.conf allow_defer allow_fail condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}} data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true

Resolving SRS issue with cPanel Exim

In the older versions of WHM/cPanel, there are some issues with their SRS implementation, when using sender verification on outbound emails with SpamExperts. We currently have an open bug ticket with cPanel on this to have this resolved, however in the meantime it's possible to adjust your config directly to allow SRS to work, and continue to use sender verification on the SpamExperts system.  Simply add the following in the PREVALIASSTAR box in the advanced exim config


In the newer versions of cPanel this was resolved. So to have sender rewrite you need to:

  1. Go to Exim Configuration Manager
  2. In Basic Editor Find: Enable Sender Rewriting Scheme (SRS) Support and Enable it
  3. In Advance Editor, POSTMAILCOUNT section add the following condition in both Smarthost_dkim and smarthost_regular:
condition = ${if or{{match_domain{$parent_domain}{lsearch;/etc/spamexperts_domains}}{match_domain{$domain}{lsearch;/etc/spamexperts_domains}}}}

Save and restart

Resolving SRS issue with Plesk/Postfix

Details on this can be found here

Was this article helpful?

Related articles

Search result for :