>>>>> "John" == John Stoffel <j...@stoffel.org> writes:
>>>>> "Noel" == Noel Jones <njo...@megan.vbhcs.org> writes:
Noel> On 3/30/2017 9:26 AM, John Stoffel wrote:
>>>
>>> Hi all,
>>>
>>> We're running postfix-2.6.6-6.el6_5.x86_64 on RHEL 6.6 and running
>>> into a problem where emails that have been released from our outside
>>> spam protection company, *.protection.outlook.com, are getting
>>> rejected with messages like this:
>>>
>>> Mar 26 06:00:56 mailhost postfix/smtpd[2270]: connect from
>>> mail-sn1nam01lp0113.outbound.protection.outlook.com[207.46.163.113]
>>> Mar 26 06:00:56 mailhost postfix/smtpd[2270]: 51235A07D1:
>>> client=mail-sn1nam01lp0113.outbound.protection.outlook.com[207.46.163.113]
>>> Mar 26 06:00:56 mailhost postfix/cleanup[2279]: 51235A07D1:
>>> message-id=<1490445496218.20153408.25880761.5137938...@backend.ttktravelinsider.com>
>>> Mar 26 06:00:56 mailhost postfix/qmgr[27442]: 51235A07D1:
>>> from=<ttkpub.nore...@ttktravelinsider.com>, size=40439, nrcpt=1 (queue
>>> active)
>>> Mar 26 06:00:56 mailhost postfix/local[2278]: 51235A07D1:
>>> to=<saba.shar...@sub.com>, relay=local, delay=0.29, delays=0.28/0/0/0.01,
>>> dsn=5.4.6, status=bounced (mail forwarding loop for saba.shar...@sub.com)
>>> Mar 26 06:00:56 mailhost postfix/bounce[2273]: 51235A07D1: sender
>>> non-delivery notification: 97DF2A080B
>>> Mar 26 06:00:56 mailhost postfix/qmgr[27442]: 51235A07D1: removed
>>>
>>> These emails are released by the end user and should be delivered, but are
>>> getting bounced back.
>>>
>>> How would I go about figuring out if it's really a bogus "Delivered-To: "
>>> header that's causing this rejection?
>>>
Noel> Some things you can do...
Noel> - search your logs for the message-id recorded above to see if this
Noel> message has been here before. Maybe this mail arrived before, was
Noel> forwarded off-site, then came back; don't do that.
John> So I looked back through my logs until early February and I didn't see
John> it. So it's not that sort of loop as far as I can tell.
Noel> - You can use the HOLD action to freeze an incoming message in the
Noel> queue before the local delivery agent has a chance to bounce it.
Noel> Then you can examine the message. To HOLD the message, you can use
Noel> a check_recipient_access map, or a check_client_access map, or a
Noel> header_checks rule.
John> Ok, thanks for the hints! I'll have to read up on how to do a
John> header_checks rule and implement it so that I can see what's going on
John> here.
Noel> (NOTE: don't be tempted to use header_checks IGNORE to remove a
Noel> bogus Delivered-To header! The internet will thank you.)
John> I know, but ... I might be forced to, since my users are bitching
John> about losing email they release from spam. But! I can also take this
John> to the vendor as proof they are doing something wrong as well. But
John> first I need to get some messages and headers to look at first.
So I created the following entry in my header_checks file:
/^Delivered-To:/ WARN Found email with Delivered-To: header already in it!
And while it did correctly warn on a bogus email that matched with
looping, it also matched on a bunch of other emails, which didn't get
rejected for looping.
So I'm wondering if the problem is that I'm not accepting email for my
legacy "foo.com" domain properly, while I am accepting email for my
"foo.bar.com" domain that we're now supposed to be using for all
email.
I'm glad I just did a warning match at first, instead of holding all
these emails, because it would have been a disaster for a bit until I
figured it out. Is there anyway, besides the hold queue to just log
all the headers of these messages so I can try to understand the issue
in more detail? I suspect that part of the problem is that we use
this server for outgoing emails, but all incoming from the internet
arrives through *.outbound.protection.outlook.com, so maybe they do
something to the headers?
My logs show the following:
Mar 31 09:34:10 mailhost postfix/smtpd[28317]: connect from
mail-sn1nam01lp0113.outbound.protection.
outlook.com[207.46.163.113]
Mar 31 09:34:10 mailhost postfix/smtpd[28317]: 7B6D1A05FE:
client=mail-sn1nam01lp0113.outbound.prote
ction.outlook.com[207.46.163.113]
Mar 31 09:34:10 mailhost postfix/cleanup[28211]: 7B6D1A05FE: warning: header
Delivered-To: j...@foo.com from
mail-sn1nam01lp0113.outbound.protection.outlook.com[207.46.163.113];
from=<ebayde...@e.deals.ebay.com> to=<j...@foo.com> proto=ESMTP
helo=<NAM01-SN1-obe.outbound.protection.outlook.com>: Found email with
Delivered-To: header already in it!
Mar 31 09:34:10 mailhost postfix/cleanup[28211]: 7B6D1A05FE:
message-id=<ebaydeals.6k01g03n-r.f...@e.deals.ebay.com>
Mar 31 09:34:10 mailhost postfix/qmgr[27314]: 7B6D1A05FE:
from=<ebayde...@e.deals.ebay.com>, size=62180, nrcpt=1 (queue active)
Mar 31 09:34:10 mailhost postfix/local[28017]: 7B6D1A05FE: to=<j...@foo.com>,
relay=local, delay=0.33, delays=0.28/0/0/0.05, dsn=5.4.6, status=bounced (mail
forwarding loop for j...@foo.com)
Mar 31 09:34:10 mailhost postfix/bounce[28363]: 7B6D1A05FE: sender
non-delivery notification: CCEC5A074E
Mar 31 09:34:10 mailhost postfix/qmgr[27314]: 7B6D1A05FE: removed
So I'm matching things... but I'm also matching on alot of other emails which
the logs look like this:
Mar 31 09:36:21 mailhost postfix/smtpd[28317]: connect from
hdqmta.foo.com[192.168.172.13]
Mar 31 09:36:21 mailhost postfix/smtpd[28317]: E08F2A07A4:
client=hdqmta.foo.com[192.168.172.13]
Mar 31 09:36:21 mailhost postfix/cleanup[28191]: E08F2A07A4: warning:
header Delivered-To: foo...@foo.bar.com from hdqmta.foo.com[192.168.172.13];
from=<ftp...@fovm0026.iss.bar.co.jp> to=<foo-erpsupp...@bar.com> proto=ESMTP
helo=<hdqmta.foo.bar.com>: Found email with Delivered-To: header already in it!
Mar 31 09:36:21 mailhost postfix/cleanup[28191]: E08F2A07A4:
message-id=<201703311636.v2vgahrb028...@fovm0026.iss.bar.co.jp>
Mar 31 09:36:21 mailhost postfix/qmgr[27314]: E08F2A07A4:
from=<ftp...@fovm0026.iss.bar.co.jp>, size=7014, nrcpt=1 (queue active)
Mar 31 09:36:21 mailhost postfix/smtpd[28317]: disconnect from
hdqmta.foo.com[192.168.172.13]
Mar 31 09:36:22 mailhost postfix/smtp[28312]: E08F2A07A4:
to=<foo-erpsupp...@bar.com>, relay=smtp.na.bar.local[192.168.64.152]:25,
delay=0.19, delays=0.01/0/0/0.18, dsn=2.6.0, status=sent (250 2.6.0
<201703311636.v2vgahrb028...@fovm0026.iss.bar.co.jp>
[InternalId=91027536871548, Hostname=NA-EXMB-P20.NA.BAR.LOCAL] Queued mail for
delivery)
Mar 31 09:36:22 mailhost postfix/qmgr[27314]: E08F2A07A4: removed
