Singapore Web Hosting Blog

Very often, we receive support tickets or emails from clients saying that they cannot receive any email while they can send emails with no problem.

95% of such cases are due to email account is full, or sometimes, the whole hosting account is full/over quota.

Sometimes, clients even mention that they received bounced back error message saying mailbox is full, but failed to see why their mailbox is full as there’s no email in inbox.

Well, chances are, if the bounced back message says mailbox is full, it IS full. software won’t lie.

Whenver you fell there should be emails coming in but you do not receive any new email, check your account space quota and disk usage first.

Here’s how.

1)Login to cPanel at http://www.yourdomain:2082 (replace “yourdomain” with your real domain name), you will see disk usage summary right on homepage of cPanel:

You can find on the left menu how much space you are using and how much space available. If it’s using 100% disk space, new incoming emails cannot come in. If it’s nearly 100% full but not yet, you may experiece the same problem as one or 2 emails will make it full, and larger emails cannot come in.

2)Now click on the “mail” icon to find out individual email account disk usage. Click on the “mail” icon, click on “Add/Remove/Manage Accounts” link, then click on “Show Disk Space Used”, you will find out which email account is using how much space:

Any email account using full quota? Ask the user to clear their mailboxes.

3)Besides emails, all your web pages and scripts take space of course. You can find where are all the files in disk usage section of cPanel. On homepage of cPanel, click on “Disk Space Usage” icon, you will find all your folders, files, emails, listed showing how much space they take:

There are menus on the top so that you can browser around and find which folder or file is taking most space.

Particuarly, to view detailed space usage of email accounts, look for your mail folder in the disk usage chart above:

You can see our mail folder is using 34.22 MB space. Click on the folder name, you will find more details:

As you can see clearly, each email account and its folder are listed with space used. 

Please note, emails might be in “sent” folder, Trash folder, or any other folders you created in webmail as shown in image above. It does not mean you do not have emails simply because you do not see emails in inbox.

4)So now you know how much space your account is using, whether it’s full or not, and where are all your files.

If it’s full, go clear them to allow emails to come in. If it’s your web pages or scripts taking lots of space, remove those files not in use via FTP. If it’s emails, ask your users to download emails to their own computer.

It’s not advisable to use webmail to check emails, webmail is just for urgent use for example while traveling. But if your users insist to use webmail, there might be many emails left on server. Please ask your users to check all folders in webmail, delete emails not in use anymore and empty trash.

Or, if you feel all the files/emails are so important that you cannot clear them, you may open support ticket and request to upgrade your account.

Whenever you cannot receive emails, please check your disk usage and remove files/emails if it’s full, before contacting us, it will be much faster.

If you are now having problem sending and receiving emails from/to China, you are not alone.

China is an isolated island when email is concerned at this moment. Apparently someone “up there” behind the routers/switches is tweaking something and GFW has gone wild.

We have customers in China reporting that they have been facing difficulties accessing emails hosted on our servers from yesterday. No issue found on our servers. No client from other countries is having any problem.

We thought, well, this is just another temporary connection issue in China, caused by GFW as usual. Then I found stunning news from most of the major hosting providers in China and realized it’s totally screwed up, big time.

Here’s announcement from the biggest host in China, xinnet.com:

Translation:

Drea Email Users,

We have detected unknown technical problems with international gateway which may cause these problems:

xinnet email users receive bounced back error emails while sending emails to overseas domains, bounced back email could indicate:

1)Connected to xxx.xxx.xxx.xxx but connection died. (#4.4.2)
I’m not going to try again; this message has been in the queue too long.

2)xxx.xxx.xxx.xxx does not like recipient.
Remote host said: 551 User not local; please try <forward-path>
Giving up on xxx.xxx.xxx.xxx

We’re actively reporting the issue to related Internet organizations and authorities, and will inform you once it’s solved.

We aplogize for inconvenience caused, thank you for understanding.

Now, annoucement from 2nd largest host of China, net.cn:

This one is more entertaining:

Dear net.cn Email Users,

Starting from July 16th, we have received reports from corporate mail users that large amount of emails sent to overseas are bounced back, with error messages:

1）I’m not going to try again; this message has been in the queue too long.

2）<xxx@xxx.com>: 551 User not local; please try <forward-path>

After caredul investigation, we found this in our logfile:

Connected to remote host, but connection died. (#4.4.2)

which means, the remote server disconnected without giving a reason.

Currently we are not able to know the exact reason, but we suspect that emails are blocked by unknown technism on top of SMTP protocol, because many hosting providers are having the same problem. Together with other providers, we have reported the issue to related Internet organizations and authorities, and will inform you once it’s solved. Thank you for you patience.

The most entertaining announcement is from 35.com:

I translate part of it here:

3)While sending email to overseas, the other party receives text “aaazzzaaazzz” only in email content. —– isn’t it funny? no, this is not in their announcement.

5)When someone overseas sends you email, you receive text “aaazzzaaazzz” only in email content. —– hey, at least it’s fair huh?

6)When you send email to overseas or someone overseas sends you email, the email received is blank.

So at 35.com, we suggest that you write email in simplified Chinese and simplify your email content, put body content in Word or PDF format, zip it using winrar and send it as attachment.

Ouch! Let’s shoot some videos and upload to youtube, you can communicate that way as well…

More announcements:

163：http://vip.163.com/vip/notice.html

sina：http://mail.sina.net/notice/050701.html

TOM：http://vip.tom.com/popup/070717.html

21CN：http://mail.21cn.com/banner/popunder_20070717_corp.html

263： http://gmail.263.net/news1-0.html

recently there’re more and more reports and complaints similar to this:

I have been receiving bounced back messages from email addresses I never sent to. When I look at the bounced back message, it mentions failed delivery of emails I didn’t send in the first place.

And the bounced back message says the original email was sent from my domain:

somebullshitnamehere[at]xxxxx.com

xxxxx.com being my domain name. That’s why I received the bounced back.

The original messages are pure spam.

Looks like someone is using my domain/email address to send out spam emails? How can I stop it?

the bad news is, you can do nothing about it. neither can we do anything. in fact, nobody can stop that, except the spammers themselves.

the good news is, the spams were NOT sent from your domain/email account, therefore you do not need to worry.

then why the spam emails look like from your domain and why you receive those bounces?

simply put, spammers forged the email header data. yes spammers can forge, or spoof, email header to make the email look like from your domain while actually it’s not.

i would not go into details on how to forge email header, for obvious reason :-), just let you know that email header forgery is very easy. i could easily send an email that looks like from bill.gates@microsoft.com, while of course i do not have access to bill.gates@microsoft.com email address. the best part is, Bill Gates has no way to stop me doing this.

most email client software allow you to view full email header.

in Outlook Express, right-click on the email, select “properties”, a new window would pop up, click on “details” tab, then you will see the full header data, which should include these typical fields:

From: who the message is from. this is the easiest to forge. email client shows this field as sender.

Reply-To: the address to which reply should be sent. often absent from the message as it is the same as Form: field most of the time. easily forgeable as well.

Return-Path: the email address for return mail. same as Reply-To:.

Message-ID: a unique string assigned by the mail system when the message is first created. also forgeable in most cases, but requires a little more knowledge.

Received: these are the most reliable lines in the header. they form a list of all nodes through which the message have to travel in order to reach destination. they are unforgeable after the point where it was injected. but up to that point, they may be forgeries.

Received: lines are read from bottom to top, the last non-forged Received: line is where the mail originated.

below is such a bounced back message i just received 5 minutes ago, which includes the header of original spam email:

Hi. This is the qmail-send program at mail.strathcom.com.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.

<dewhcgme@kingswaylexustoyota.com>:
Sorry, no mailbox here by that name. (#5.1.1)

— Below this line is a copy of the message.

Return-Path: <ubkpng@singaporewebhosting.com>
Received: (qmail 1194 invoked from network); 22 Feb 2007 18:18:15 -0000
Received: from 80.192.76.241 by mail.strathcom.com (envelope-from <ubkpng@singaporewebhosting.com>, uid 502) with qmail-scanner-2.01
(clamdscan: 0.88.5/2081.
Clear:RC:0(80.192.76.241):.
Processed in 0.05686 secs); 22 Feb 2007 18:18:15 -0000
Received: from unknown (HELO 80-192-76-241.cable.ubr13.edin.blueyonder.co.uk) (80.192.76.241)
by mail.strathcom.com with SMTP; 22 Feb 2007 18:18:12 -0000
Received: (qmail 18642 invoked from network); Thu, 22 Feb 2007 18:18:20 +0000
Received: from unknown (HELO tawfij) (124.193.41.128)
by 80-192-76-241.cable.ubr13.edin.blueyonder.co.uk with SMTP; Thu, 22 Feb 2007 18:18:20 +0000
Message-ID: <45DDDE6C.7000802@singaporewebhosting.com>
Date: Thu, 22 Feb 2007 18:18:20 +0000
From: Matty <ubkpng@singaporewebhosting.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: dewhcgme@kingswaylexustoyota.com
Subject: secession mantel

so, the From: and Return-Path: fields are forged. a spammer, pretending to be Matty using ubkpng@singaporewebhosting.com, sent an spam email to dewhcgme@kingswaylexustoyota.com.

domain kingswaylexustoyota.com is hosted by strathcom.com:

Received: (qmail 1194 invoked from network); 22 Feb 2007 18:18:15 -0000
Received: from 80.192.76.241 by mail.strathcom.com

at least these two lines are real. a server at strathcom.com received the email and bounced it back as dewhcgme@kingswaylexustoyota.com does not exist.

there’re a few other Received: lines, none of which has anything to do with our domain or IP address.

this line is interesting:

Received: from unknown (HELO tawfij) (124.193.41.128)

IP 124.193.41.128 may reveal where the spamer is.

Message-ID: is also forged/fake.

we do not have a Matty here and ubkpng@singaporewebhosting.com does not exist. since we enabled catch-all account, we received the bounced back message sent to ubkpng@singaporewebhosting.com.

spammers are bad and they lie…