Email Send Error Research
-
@wrcombs said in Email Send error;:
@scottalanmiller said in Email Send error;:
@wrcombs said in Email Send error;:
So I told him to reach out to his Email Admin and have them make the required changes in outlook..
Outlook is a desktop client. Seems unlikely their email admin would have access. Their desktop admin would normally do it.
this is the same person at this location. . .
@scottalanmiller is being a @scottalanmiller ...
The rest of us understand that.
The rest of us also understand that you are not talking about the email server for sending and receiving and we are not trying to confuse you by bringing in more information than you can understand.
-
@wrcombs said in Email Send error;:
@scottalanmiller said in Email Send error;:
@wrcombs said in Email Send error;:
@pete-s said in Email Send error;:
@wrcombs said in Email Send error;:
@pete-s said in Email Send error;:
@wrcombs said in Email Send error;:
@jaredbusch said in Email Send error;:
@wrcombs said in Email Send error;:
I couldn't find any of the settings, using the latest version of outlook..
What is the email server? Gmail? Outlook.com? O365? GSuite? ZoHo? You have to know this.
I don't have that information.. and I have no way of finding that out..
Well shit.
If you ever received an email from this person, you already have that information.
is that right?
can you explain what you mean, please ?
Take the email you received and look for "Show Original" or something similar in your mail client.
It will show all the headers and information that the mail servers have sent between them. There you can see what provider someone is using. Often also what mail client.
this?
spf=pass (google.com: domain
Don't trim it out.
I dont know what I'm looking for, Google wasn't much help but i'll figure it out
You're not just looking for one string. You need to look at the whole thing.
I suggest you copy the headers from the start until you reach the line starting with
From:
Paste it into this page: https://mxtoolbox.com/EmailHeaders.aspxIt should tell you what servers are in use for sending and receiving.
-
@pete-s said in Email Send error;:
@wrcombs said in Email Send error;:
@scottalanmiller said in Email Send error;:
@wrcombs said in Email Send error;:
@pete-s said in Email Send error;:
@wrcombs said in Email Send error;:
@pete-s said in Email Send error;:
@wrcombs said in Email Send error;:
@jaredbusch said in Email Send error;:
@wrcombs said in Email Send error;:
I couldn't find any of the settings, using the latest version of outlook..
What is the email server? Gmail? Outlook.com? O365? GSuite? ZoHo? You have to know this.
I don't have that information.. and I have no way of finding that out..
Well shit.
If you ever received an email from this person, you already have that information.
is that right?
can you explain what you mean, please ?
Take the email you received and look for "Show Original" or something similar in your mail client.
It will show all the headers and information that the mail servers have sent between them. There you can see what provider someone is using. Often also what mail client.
this?
spf=pass (google.com: domain
Don't trim it out.
I dont know what I'm looking for, Google wasn't much help but i'll figure it out
You're not just looking for one string. You need to look at the whole thing.
I suggest you copy the headers from the start until you reach the line starting with
From:
Paste it into this page: https://mxtoolbox.com/EmailHeaders.aspxIt should tell you what servers are in use for sending and receiving.
So I did that this morning - and I'm not sure what I'm looking at.
-
-
@jasgot said in Email Send error;:
@wrcombs said in Email Send error;:
0x800CCC7D
What version of Windows and What version of Outlook?
Windows 10
I didn't look - we dont support email so this is mostly just a way of wondering what I should be looking for in the future.
-
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
-
@dashrender said in Email Send error;:
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
Delivered-To: XXXXXXXXXXXXXX Received: by 2002:a05:6830:319b:0:0:0:0 with SMTP id p27csp165790ots; Wed, 9 Jun 2021 15:47:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/sNc2TPrI5ipWcQK3cbAFhs19oUYuPX9foV/mFqOqPBAovXmKBs8xjw+zyJKjNNxI728X X-Received: by 2002:a4a:be86:: with SMTP id o6mr1857338oop.67.1623278826653; Wed, 09 Jun 2021 15:47:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623278826; cv=none; d=google.com; s=arc-20160816; b=M8FFBcGifjCQFjstZhbk3RHRufue28cmQwTteQnN5nKpLXEHJX+899bBzhT0CTiDX4 /+MUfqy0oF30khO2+3J8lwWrqT2iUzi6oAUegn33oGdAaSUMFy13OYW/uosrBr3aNUxB 1T+Z8x6iNHF6Wr1KGJy7Xdfw0NJPjjoPy7cZA+CD/1cMaSw0vr3vw308sf9UoQdXrIO6 a0EGWHEddgIE/vLnWqdnhoEqEnumALd9g/J47OjI7GTQo5R4bG1Du7eNTERX/8nh+3Nl iVAetsU7PrfLKFkIrSpWasTEBxSsd/l9uYMfULWgy2cHL0qlXBe98TEXxDk9+GLCYw88 qWNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:references:message-id:in-reply-to:thread-topic:subject:from:date :mime-version:dkim-signature; bh=359hOSgFVIyouoKXJjcrY15MgMQrI1lSw8u4akJ8Hgg=; b=dJv8SkgV1XvraGCosxXttUPoDwpWeSJ/ufjQ3nEmf8zf7pogH6SfiXH2I8vvPfOSQ+ qxH3w1mOm2X+nlShqNpbSDy1vVzYDQwV2CrrWVdnuzKvhC1wSJxS1LojmQev71SMTylJ 7ELX6N5CsnF7mXrid3d/xk1d4xrJnZGvJ+F9o6SpqLCOrxu34fPVEdnC09k0ETXThL/N ++46c9/3AxrYHahUlaILoXJ2mD2EIBSZe34wI5ScoD91y59TnE6EpOfDmfz+nECQP2G2 v0AJCazoKXVEIds95f9r0WyiEsS8rSNmIxiAcAY6Vf6MUb9vNR3B32eK2vxC8buBobCm HVLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass [email protected] header.s=modoboa header.b=a9kvuLKl; spf=pass (google.com: domain of XXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) smtp.mailfrom=XXXXXXXXXXXXXX; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=XXXXXXXX Return-Path: <XXXXXXXXXX> Received: fromXXXX.XXXXXX.com (XXXXXXXXXX [XXX.XXX.XXX.XXX]) by mx.google.com with ESMTPS id h18si1327216otk.177.2021.06.09.15.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 15:47:06 -0700 (PDT) Received-SPF: pass (google.com: domain of XXXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX; Authentication-Results: mx.google.com; dkim=pass [email protected] header.s=modoboa header.b=a9kvuLKl; spf=pass (google.com: domain of XXXXXXXXXX.com designates XXX.XXX.XXX.XXX as permitted sender) smtp.mailfrom=XXXXXXXXX.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=XXXXXX.com Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prlwm.com; s=modoboa; t=1623278826; bh=359hOSgFVIyouoKXJjcrY15MgMQrI1lSw8u4akJ8Hgg=; h=Date:From:Subject:In-Reply-To:References:To:From; b=a9kvuLKlssqgoFBtbdLpAmaqAryNVeCxp3U8ZK3ghO/IgPrgc8hZqZOdtV4MRXDoO rr46IQn8KpdI9AADOrRWCtMHys2bzlG3sHsUxGzyivm89BhCNVji4HElpxkApGbRe3 /Y/+XXHAtIJwMHCtnEJtKIjzZQglj5Y+3a2wnmzVtqp4mfeMLageTggGXnmVxnOtyo NMFGnYJPOXQ5q9iprRGgLDpdXpdz1AaAT8eai+Gzoj1iH9KLKSmDTtuDpJJsHEya8W 6HwgZrDUndamHVnju6xXdJly2sNHjp+jtH7Dm779w+HESzsRc5n6n5nYpikW8rdeHq 4FPbve1Zz6waw== MIME-Version: 1.0 Date: Wed, 9 Jun 2021 17:47:04 -0500 From: XXXXXXXXXXXXXXXX Subject: Re: XXXXXXXXXXXXXXXX Thread-Topic: Re: XXXXXXXXXXXXX In-Reply-To: <CANZe-Sm6+Ois=T+b+UgCMfXg9xaOLKqyp=dKt=OQR279ynVB4A@mail.gmail.com> Message-ID: <[email protected]> References: <DM6PR15MB4089CE7329169D4C0A2834B4BE379@DM6PR15MB4089.namprd15.prod.outlook.com> <CANZe-Sk_T77wtN5vhe6j2TMKNFYpdEpEDNHN-OSEEWMYo3a+qg@mail.gmail.com> <DM6PR15MB4089DFBF7550A4FA6032E634BE369@DM6PR15MB4089.namprd15.prod.outlook.com>,<CANZe-
-
@wrcombs said in Email Send error;:
@dashrender said in Email Send error;:
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
You have three
Received:
sections.The bottom one is the first one that happened. That's the sender connecting to something. You can see the ISP he's using, his local IP usually and what SMTP server he connects to.
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
The middle one is the next. The mail is now sent from something to mx.google.com. That's a google mail server.
Received: fromXXXX.XXXXXX.com (XXXXXXXXXX [XXX.XXX.XXX.XXX]) by mx.google.com with ESMTPS id h18si1327216otk.177.2021.06.09.15.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 15:47:06 -0700 (PDT)
The top one is the last transfer. There's missing "from" but judging from the IPv6 address this is likely internal google mail server to google mail server.
Received: by 2002:a05:6830:319b:0:0:0:0 with SMTP id p27csp165790ots; Wed, 9 Jun 2021 15:47:06 -0700 (PDT)
You can also get information from the
Received-SPF:
section.Received-SPF: pass (google.com: domain of XXXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX;
It's google mail server telling you that the domain XXXXXXXXXX says that XXX.XXX.XXX.XXX is allowed to send emails.
-
@pete-s said in Email Send Error Research:
@wrcombs said in Email Send error;:
@dashrender said in Email Send error;:
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
You have three
Received:
sections.The bottom one is the first one that happened. That's the sender connecting to something. You can see the ISP he's using, his local IP usually and what SMTP server he connects to.
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
The middle one is the next. The mail is now sent from something to mx.google.com. That's a google mail server.
Received: fromXXXX.XXXXXX.com (XXXXXXXXXX [XXX.XXX.XXX.XXX]) by mx.google.com with ESMTPS id h18si1327216otk.177.2021.06.09.15.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 15:47:06 -0700 (PDT)
The top one is the last transfer. There's missing "from" but judging from the IPv6 address this is likely internal google mail server to google mail server.
Received: by 2002:a05:6830:319b:0:0:0:0 with SMTP id p27csp165790ots; Wed, 9 Jun 2021 15:47:06 -0700 (PDT)
You can also get information from the
Received-SPF:
section.Received-SPF: pass (google.com: domain of XXXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX;
It's google mail server telling you that the domain XXXXXXXXXX says that XXX.XXX.XXX.XXX is allowed to send emails.
But it doesn't tell me which Email server they're using on Outlook.. I thought that was the question
-
@wrcombs said in Email Send Error Research:
@pete-s said in Email Send Error Research:
@wrcombs said in Email Send error;:
@dashrender said in Email Send error;:
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
You have three
Received:
sections.The bottom one is the first one that happened. That's the sender connecting to something. You can see the ISP he's using, his local IP usually and what SMTP server he connects to.
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
The middle one is the next. The mail is now sent from something to mx.google.com. That's a google mail server.
Received: fromXXXX.XXXXXX.com (XXXXXXXXXX [XXX.XXX.XXX.XXX]) by mx.google.com with ESMTPS id h18si1327216otk.177.2021.06.09.15.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 15:47:06 -0700 (PDT)
The top one is the last transfer. There's missing "from" but judging from the IPv6 address this is likely internal google mail server to google mail server.
Received: by 2002:a05:6830:319b:0:0:0:0 with SMTP id p27csp165790ots; Wed, 9 Jun 2021 15:47:06 -0700 (PDT)
You can also get information from the
Received-SPF:
section.Received-SPF: pass (google.com: domain of XXXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX;
It's google mail server telling you that the domain XXXXXXXXXX says that XXX.XXX.XXX.XXX is allowed to send emails.
But it doesn't tell me which Email server they're using on Outlook.. I thought that was the question
Yes, it does:
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
by XXXX.XXXXXX.com (Postfix)
That's the SMTP server they connect to. It's running Postfix software.
They have mobile.uscc.net as ISP. -
@pete-s said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
@pete-s said in Email Send Error Research:
@wrcombs said in Email Send error;:
@dashrender said in Email Send error;:
@wrcombs Post the entire header - look it over for any private information and XXXX that out...
You have three
Received:
sections.The bottom one is the first one that happened. That's the sender connecting to something. You can see the ISP he's using, his local IP usually and what SMTP server he connects to.
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
The middle one is the next. The mail is now sent from something to mx.google.com. That's a google mail server.
Received: fromXXXX.XXXXXX.com (XXXXXXXXXX [XXX.XXX.XXX.XXX]) by mx.google.com with ESMTPS id h18si1327216otk.177.2021.06.09.15.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 15:47:06 -0700 (PDT)
The top one is the last transfer. There's missing "from" but judging from the IPv6 address this is likely internal google mail server to google mail server.
Received: by 2002:a05:6830:319b:0:0:0:0 with SMTP id p27csp165790ots; Wed, 9 Jun 2021 15:47:06 -0700 (PDT)
You can also get information from the
Received-SPF:
section.Received-SPF: pass (google.com: domain of XXXXXXXXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXX.XXX.XXX.XXX;
It's google mail server telling you that the domain XXXXXXXXXX says that XXX.XXX.XXX.XXX is allowed to send emails.
But it doesn't tell me which Email server they're using on Outlook.. I thought that was the question
Yes, it does:
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
by XXXX.XXXXXX.com (Postfix)
That's the SMTP server they connect to. It's running Postfix software.
They have mobile.uscc.net as ISP.Ah, missed that.
SO they're running Postfix as a mail server?
-
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
-
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
Okay great ..
@JaredBusch They're running Postfix mail Server on outlook.
-
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
No, they are not. Their mail provider is running Postfix.
Their provider is their ISP.
-
@wrcombs said in Email Send Error Research:
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
Okay great ..
@JaredBusch They're running Postfix mail Server on outlook.
No. They user is running outlook.
They are connecting to their
ISP’sdomain email server, likely "free email" with domain purchase bullshit, which is running postfixOutlook connects to this type of server with SMTP
-
@wrcombs said in Email Send Error Research:
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by XXXX.XXXXXX.com (Postfix) with ESMTPSA id 80B013EC2E; Wed, 9 Jun 2021 22:47:05 +0000 (UTC)
Let's break this down. This is the one that concerns you.
The mail hit the email system from this IP address
Received: from localhost XXX-XX-XXX-XXXX.mobile.uscc.net [XXX.XXX.XXX.XXX])
The email was TLS encrypted
(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
The mail was recevied by this server running postfix.
by XXXX.XXXXXX.com (Postfix)
We can assume that this is showing his domain since you redacted it.
Because it is his domain, this is likely shit "free email" from a cpanel webhost.
Finally, this tell us that he authenticates to send SMTP to his host.
with ESMTPSA
-
@jaredbusch Good information to know.. Thank you.
-
@wrcombs said in Email Send Error Research:
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
Okay great ..
@JaredBusch They're running Postfix mail Server on outlook.
Outlook is an email client. It runs on your desktop. It's not a server or anything like that. Nothing runs "on it."
-
Now that we know all of that, you can make some assumptions about the connection in Outlook.
SMTP can use any port.
Port 25 is the original, standard, unauthenticated port. But also blocked on most end user connections.Typcially CPanel hosts use the standardized port 587 for inbound TLS connections.
So his Outlook is most likely configured to point to
mail.domain.com:587
or simplydomain.com:587
to send SMTP.Adding in authentication means it is sent with a username and password. Username is typically the full email address.
-
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
@scottalanmiller said in Email Send Error Research:
@wrcombs said in Email Send Error Research:
SO they're running Postfix as a mail server?
Yes, which most people do. Postfix powers the vast majority of non-Exchange email. It's the big leader.
Okay great ..
@JaredBusch They're running Postfix mail Server on outlook.
Outlook is an email client. It runs on your desktop. It's not a server or anything like that. Nothing runs "on it."
This entire discussion is about Outlook.