I am concerned a configuration that has been unchanged for a few years may
have an error that is now showing up as a problem.
I received this email that is a non-delivery notice sent to us (
postmas...@cnm.edu) that a non-delivery notice our gateway sent could not
be delivered:
From: postmas...@ors-cpa.com
To: postmas...@cnm.edu
Subject: Undeliverable: lech
Sent: Thu 4/11/2013 5:18 AM
Generating server: orscpa.local
smashab...@ors-cpa.com
#< #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found> #SMTP#
Original message headers:
Received: from server45.appriver.com (69.20.58.226) by rm.ors-cpa.com
(10.10.10.2) with Microsoft SMTP Server id 14.2.342.3; Thu, 11 Apr 2013
07:15:26 -0400
Received: from [10.238.9.54] (HELO inbound.appriver.com) by
server45.appriver.com (CommuniGate Pro SMTP 5.3.12) with ESMTP id
2123501502
for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:26 -0400
X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:26 AM
X-Note-AR-Scan: None - PIPE
Received: by inbound.appriver.com (CommuniGate Pro PIPE 5.4.1) with PIPE id
412972783; Thu, 11 Apr 2013 07:15:26 -0400
Received: from mg04.cnm.edu ([198.133.182.64] verified) by
inbound.appriver.com (CommuniGate Pro SMTP 5.4.1) with ESMTP id 412972755
for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:24 -0400
Received: by mg04.cnm.edu (Postfix) id 08002661BF9; Thu, 11 Apr 2013
05:15:24
-0600 (MDT)
Date: Thu, 11 Apr 2013 05:15:24 -0600
From: Mail Delivery System <mailer-dae...@cnm.edu>
Subject: Undelivered Mail Returned to Sender
To: <smashab...@ors-cpa.com>
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="152B0661BC5.1365678924/mg04.cnm.edu"
Message-ID: <20130411111524.08002661...@mg04.cnm.edu>
X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:24 AM
X-Policy: ors-cpa.com
X-Primary: smashab...@ors-cpa.com
X-Note: This Email was scanned by AppRiver SecureTide
X-Virus-Scan: V-X0M0
X-Note-SnifferID: 0
X-Note: TCH-CT/SI:0-132/SG:6 4/11/2013 7:15:00 AM
X-GBUdb-Analysis: 0, 198.133.182.64, Ugly c=0 p=0 Source New
X-Signature-Violations: 0-0-0-6732-c
X-Note-419: 31.2498 ms. Fail:0 Chk:1344 of 1344 total
X-Note: SCH-CT/SI:0-1344/SG:1 4/11/2013 7:15:22 AM
X-Warn: BOUNCEBLOCK Contains questionable phrase
X-Warn: RETURNPATH No Return Path Listed.
X-Warn: WEIGHT10
X-Warn: WEIGHT15
X-Note: Spam Tests Failed: BOUNCEBLOCK, RETURNPATH, WEIGHT10, WEIGHT15
X-Country-Path: ->UNITED STATES->UNITED STATES
X-Note-Sending-IP: 198.133.182.64
X-Note-Reverse-DNS: mail.cnm.edu
X-Note-Return-Path:
X-Note: User Rule Hits:
X-Note: Global Rule Hits: G319 G320 G321 G322 G326 G327 G373 G415 G426 G427
G434
X-Note: Encrypt Rule Hits:
X-Note: Mail Class: VALID
Return-Path: mailer-dae...@cnm.edu
These are the logfile lines for the email we initially could not deliver:
Apr 11 05:15:11 mg04 postfix/smtpd[29756]: connect from
adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]
Apr 11 05:15:11 mg04 postfix/smtpd[29756]: 701E1661BFF: client=
adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]
Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: hold: header
Received: from adsl-070-154-182-039.sip.msy.bellsouth.net (
adsl-070-154-182-039.sip.msy.bellsouth.net [70.154.182.39])??by
mg04.cnm.edu(Postfix) with ESMTP id 701E1661BFF??for <
mmoo...@cnm.edu>; Thu, from
adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39];
from=<smashab...@ors-cpa.com> to=<mmoo...@cnm.edu> proto=ESMTP helo=<
adsl-070-154-182-039.sip.msy.bellsouth.net>
Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF:
message-id=<D1C2B329466F437A91BBF89D82BB759E@postmail2>
Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: warning: header
Subject: lech from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39];
from=<smashab...@ors-cpa.com> to=<mmoo...@cnm.edu> proto=ESMTP helo=<
adsl-070-154-182-039.sip.msy.bellsouth.net>
Apr 11 05:15:11 mg04 postfix/smtpd[29756]: disconnect from
adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]
Apr 11 05:15:12 mg04 MailScanner[16316]: Message 701E1661BFF.5998D from
70.154.182.39 (smashab...@ors-cpa.com) to cnm.edu is spam, SpamAssassin
(not cached, score=9.628, required 6, autolearn=disabled,
DATE_IN_PAST_06_12 1.85, FH_HELO_EQ_D_D_D_D 0.50, HELO_DYNAMIC_DHCP 1.52,
HELO_DYNAMIC_IPADDR 2.94, RDNS_DYNAMIC 0.10, STOX_REPLY_TYPE 0.00,
TVD_FINGER_02 2.72)
Apr 11 05:15:15 mg04 MailScanner[16316]: Spam Actions: message
701E1661BFF.5998D actions are deliver,header
Apr 11 05:15:20 mg04 MailScanner[16316]: Requeue: 701E1661BFF.5998D to
152B0661BC5
Apr 11 05:15:20 mg04 postfix/qmgr[25178]: 152B0661BC5: from=<
smashab...@ors-cpa.com>, size=1112, nrcpt=1 (queue active)
Apr 11 05:15:23 mg04 postfix/smtp[28222]: 152B0661BC5: to=<
mmoo...@cnm.edu.test-google-a.com>, orig_to=<mmoo...@cnm.edu>, relay=
gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13,
delays=9.3/0/0.22/3.2, dsn=5.1.1, status=bounced (host
gmail-smtp-in.l.google.com[173.194.76.26] said: 550-5.1.1 The email account
that you tried to reach does not exist. Please try 550-5.1.1
double-checking the recipient's email address for typos or 550-5.1.1
unnecessary spaces. Learn more at 550 5.1.1
http://support.google.com/mail/bin/answer.py?answer=6596 j8si3846254qaz.28
- gsmtp (in reply to RCPT TO command))
Apr 11 05:15:24 mg04 postfix/bounce[30245]: 152B0661BC5: sender
non-delivery notification: 08002661BF9
Apr 11 05:15:24 mg04 postfix/qmgr[25178]: 152B0661BC5: removed
And these are the logfile lines for our sending of the non-delivery notice
we sent. One item in these log lines I do not understand at all is "relay=
server50.appriver.com[204.232.236.138]:25". I do not understand where were
that information is sourced. It looks to me that we sent the non-delivery
to a wrong location.
Apr 11 05:15:24 mg04 postfix/cleanup[28971]: 08002661BF9: message-id=<
20130411111524.08002661...@mg04.cnm.edu>
Apr 11 05:15:24 mg04 postfix/bounce[30245]: 152B0661BC5: sender
non-delivery notification: 08002661BF9
Apr 11 05:15:24 mg04 postfix/qmgr[25178]: 08002661BF9: from=<>, size=3678,
nrcpt=1 (queue active)
Apr 11 05:15:24 mg04 postfix/smtp[29118]: 08002661BF9: to=<
smashab...@ors-cpa.com>, relay=server50.appriver.com[204.232.236.138]:25,
delay=0.37, delays=0.02/0/0.25/0.11, dsn=2.0.0, status=sent (250 412972755
message accepted for delivery)
Apr 11 05:15:24 mg04 postfix/qmgr[25178]: 08002661BF9: removed
I have looked to see if there was any relationship between the two other
servers involved in this situation and I do not see any connection between
204.232.236.138, server50.appriver.com and 70.154.182.39
adsl-070-154-182-039.sip.msy.bellsouth.net.
Does anyone see anything below that is misconfigured that could explain
this problem?
Here is the output from postconf -n (an access key is changed to PASSKEY:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
biff = no
bounce_size_limit = 1
config_directory = /etc/postfix
default_process_limit = 400
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org
max_use = 100
message_size_limit = 26214400
mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu,
mail.cnm.edu
myhostname = mg04.cnm.edu
mynetworks = 198.133.178.0/23, 198.133.182.0/24, 198.133.181.0/24,
198.133.180.0/24, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8,
127.0.0.0/8[::ffff:127.0.0.0]/104 [::1]/128
notify_classes = resource, software
readme_directory = no
recipient_delimiter = +
relay_domains = mg04.cnm.edu, mg05.cnm.edu, mg06.cnm.edu, nmvc.org,
mail.nmvc.org, mg04.nmvc.org, mg05.nmvc.org, mg06.nmvc.org,
nmvirtualcollege.org, mail.nmvirtualcollege.org,
mg04.nmvirtualcollege.org,mg05.
nmvirtualcollege.org, mg05.nmvirtualcollege.org, nmln.net,
ideal-nm.org, ideal-nm.net, idealnm.org, idealnm.net
relayhost =
smtp_host_lookup = dns, native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = reject_unauth_pipelining
check_client_access hash:/etc/postfix/whitelist check_client_access
cidr:/etc/postfix/cidr-ip check_client_access hash:/etc/postfix/access
permit_mynetworks reject_rbl_client PASSKEY.zen.dq.spamhaus.net
reject_rbl_client bl.spamcop.net reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.4 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.5 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.6 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.7 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.8 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.9 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.10 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.11 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.13
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks check_helo_access
hash:/etc/postfix/helo-ip reject_invalid_hostname
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/whitelist
check_sender_access hash:/etc/postfix/greylist check_sender_access
hash:/etc/postfix/access permit_mynetworks reject_non_fqdn_sender
reject_unknown_sender_domain permit_mynetworks
reject_unauth_destination reject_unknown_recipient_domain
reject_unlisted_recipient check_recipient_access
hash:/etc/postfix/overquota reject_non_fqdn_recipient
reject_unknown_recipient_domain
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
