Using Plesk’s SMTP Server: DNS Blacklist Prevents Sending

Mattias Geniar, Wednesday, January 14, 2009

If you're trying to use your Plesk's SMTP service to allow sending e-mail, you might run into the following error: rblsmtpd: <IP ADDRESS>: 451 http://www.spamhaus.org/query/bl?ip=<IP ADDRESS>.

The cause of this error, is the enabled option to check for DNS blacklists. It'll find that the user's (often dynamic) IP address isn't allowed to send e-mail to the Plesk's SMTP service. A common cause for this, is the use of the "zen.spamhaus.org", which is a combination of SBL, XBL and PBL blacklists.

And the PBL blacklist, has the following warning-message in the FAQ.

Caution: Because the PBL lists normal customer IP space, do not use PBL on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers if their dynamic IPs are in the PBL). Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.

Disabling the zen.spamhaus.org will cure this issue. You can enable the xbl.spamhaus.org;sbl.spamhaus.org DNS blackhole list to get a combination of XBL and SBL blacklists, without PBL.

This does, however, have another drawback. Enabling the remaining DNS blackhole lists, will prevent (authenticated) e-mail communication over port 25. Meaning you still can't send e-mail.

Bummer. But fixeable.

Enable the Message Submission option, on the Plesk page Server > Mail.

This will make the SMTP service also available on port 587, configured to allow Authenticated SMTP connections with disregard of the DNS Blackhole list. The only drawback is it can't be used in combination with the zen.spamhaus.org (which is why we changed it in the first place).

Outlook should then be configured to send e-mail over port 587, instead of the default port 25.

Go to Tools > Account Options and doubleclick the account you're using. Go to More Settings and proceed to the tab "Advanced". There, you can change the Outgoing mailserver (SMTP) port to 587.

Seems like a lot of work, but it appears to be the only way to use the SMTP service in Plesk, in combination with a DNS Blackhole list and dynamic IP ranges.



Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Comments

Nate Tuesday, February 3, 2009 at 06:50 - Reply

Thanks for this. I have one quick question. If I check “Enable message submission” will this open smtp on 587 and 25 or just 587? Thanks, Nate


Matti Tuesday, February 3, 2009 at 07:54 - Reply

It will open both, so normal SMTP traffic on port 25 is still possible, port 587 is just enabled with a less strict filter.


Roberto Friday, February 13, 2009 at 10:00 - Reply

Great article. Thank you. Greetings from Germany. :o)


Andrew Roberts Friday, October 16, 2009 at 03:22 - Reply

Nice article in plain English! Unfortunately my PLESK does not have the “enable message submission” option (Plesk 8.01) and hence even using sbl.spamhaus.org results in no SMTP ability at all. Further to that is seems as if email does not get delivered either. I know this may be an upgrade issue, what version of plesk should I upgrade to? Is this a difficult process? Many thanks!


Matti Sunday, October 18, 2009 at 12:15 - Reply

@Andrew: if you’re still using the 8.x branch of Plesk, it’s safe to upgrade to the latest 9.2 release, your license will automatically upgrade – there’s no harm. There are quite a few UI changes that will be confusing, and the update can take up to 5 hours if you’re on a slow server (but the sites + e-mail remain operational). You can update through Plesk, using the “updater” button.

This was originally written for Plesk 8.6, I’m not entirely sure how this suites the 9.2 branch.


ostrov Wednesday, December 2, 2009 at 15:23 - Reply

Thank you,
very interesting article


gosain Thursday, January 20, 2011 at 11:28 - Reply

I am triying MailEnable Standard on Windows Server 2008 with Plesk 9.

In MailEnable, under “Inbound” I have checked the box “Also listen on alternate port” and typed 587, restarted the SMTP Connector but still Outbound emails are not leaving. 587 is open in my ISP.

“Enable Message Submission” option is disabled with the message adjascent to it “mail server deoes not support”.

Any idea why emails are being stuck and not leaving out or how to make outbound emails work?

Thanks.


Matti Thursday, January 20, 2011 at 11:46 - Reply

@Gosain: Opening port 587 is for incoming mail only, it does not help for outgoing e-mail. It can be used so your server can receive mail on alternate ports, beside port 25.

I would check with your hosting provider or ISP, to determine of port 25 (SMTP) is opened in their firewall.


Karl Dyson Tuesday, January 25, 2011 at 20:47 - Reply

Many thanks for that, was doing my head in!

Cheers

Karl


Leave a Reply

Your email address will not be published. Required fields are marked *

Inbound links