> On Apr 15, 2020, at 6:18 PM, Vieri Di Paola <vieridipa...@gmail.com> wrote:
>
> tail -n 10000000 custom_email.log | grep "^Apr 15" | grep "3B4F21240B1"
> postfix/smtpd[13316]: 3B4F21240B1: client=unknown[10.1.1.1]
> postfix/cleanup[13083]: 3B4F21240B1:
> message-id=<1586931633.63377.9971225...@external.org>
> mimedefang.pl[7901]: 3B4F21240B1: Fake sender check: From
> supp...@external2.org - Sender <syst...@external2.org> - Relay Address
> 10.1.1.1
> postfix/qmgr[12956]: 3B4F21240B1: from=<syst...@external2.org>,
> size=8322, nrcpt=1 (queue active)
> postfix/smtp[13093]: 3B4F21240B1: to=<m...@mydomain.org>, relay=none,
> delay=0.12, delays=0.12/0/0/0, dsn=5.4.6, status=bounced (mail for
> 10.0.0.10 loops back to myself)
> postfix/bounce[13228]: 3B4F21240B1: sender non-delivery notification:
> 586D11240B3
> postfix/qmgr[12956]: 3B4F21240B1: removed
Not all log messages carry the queue-id. Use the collate.pl script
to find any other pertinent log messages from 'smtp[13093]'.
Similary, you post "grep ... main.cf" output rather than
"postconf -n | grep ...", thereby potentially returning incomplete
info.
Note also, that 10.0.0.2 and 10.0.0.10 differ in only 1 bit. If you
had an uncorrected single-bit memory error somewhere along the path
from the DNS server to your server, there could be a transient false
positive.
--
Viktor.
