>The logs are rather a jumble, please collate the logs by queue-id, avoiding
mixing different messages together, and show all logs for any queue-id
that's relevant.
Here is the collated output from the script:
Jan 12 17:56:26 mail postfix/smtpd[17788]: connect from xxx[127.0.0.1]
Jan 12 17:56:26 mail postfix/smtpd[17788]: AED108DFA2: client=xxx[127.0.0.1]
Jan 12 17:56:28 mail postfix/cleanup[17791]: AED108DFA2:
message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
Jan 12 17:56:51 mail postfix/qmgr[4667]: AED108DFA2: from=<xxx>,
size=35379321, nrcpt=1 (queue active)
Jan 12 17:56:51 mail postfix/smtpd[17788]: disconnect from xxx[127.0.0.1]
Jan 12 17:56:51 mail postfix/smtp[18159]: AED108DFA2: to=<x...@icloud.com>,
relay=mx02.mail.icloud.com[17.57.152.14]:25, delay=25, delays=25/0.01/0.4/0,
dsn=5.3.4, status=bounced (message size 35379321 exceeds size limit 28311552
of server mx02.mail.icloud.com[17.57.152.14])
Jan 12 17:56:51 mail postfix/bounce[18161]: AED108DFA2: sender non-delivery
notification: A0E418DFA4
Jan 12 17:56:51 mail postfix/qmgr[4667]: AED108DFA2: removed
Jan 12 17:56:51 mail postfix/bounce[18161]: AED108DFA2: sender non-delivery
notification: A0E418DFA4
Jan 12 17:56:51 mail postfix/cleanup[17853]: A0E418DFA4:
message-id=<20210112175651.A0E418DFA4@xxx>
Jan 12 17:56:51 mail postfix/qmgr[4667]: A0E418DFA4: from=<>, size=3867,
nrcpt=1 (queue active)
Jan 12 17:56:51 mail postfix/lmtp[17867]: A0E418DFA4: to=<xxx>,
orig_to=<xxx>, relay=xxx[/var/lib/imap/socket/lmtp], delay=0.05,
delays=0.01/0.02/0/0.02, dsn=2.1.5, status=sent (250 2.1.5 Ok
SESSIONID=<xxx-17946-1610474211-1-15717393109624973811>)
Jan 12 17:56:51 mail postfix/qmgr[4667]: A0E418DFA4: removed
>Where did this message come from? The message-id is not generated by
Postfix (different format), and yet you're reporting 127.0.0.1 as the
source. So >where did this message originate? This message bounced, with
the non-delivery queued as:
> AED108DFA2: sender non-delivery notification: A0E418DFA4
I guess this the big question. The source is reported as 127.0.0.1 for these
messages. For regular outgoing mail, I see an additional orig_client for
this line showing the ip of the client. But these emails do not have that.
>They are not "the same". Is there a mail loop somewhere? Are the bounces
delivered? Do they elicit new responses? The logs posted are far from
>complete. They don't even consistently show the message-ids.
They are the same in the sense that the content of the email is exactly
same. I understand what you mean by not the same, because it looks like
somehow another email of the same content is being submitted.
> The clients are clearly not sending these.
>I don't see how you reached that conclusion.
I know the clients are not doing this because these emails are not in client
outboxes nor do they show up with the client ip address when submitted to
server. I have also shut down the client that was the original sender of
this email weeks back with no effect.
> So, not sure what to look for. Please note that all other emails are
> fine (incoming and outgoing). It is just these emails that bounce that
> keep on getting resent. (there are also a couple of internal emails
> being resent, as far as I can tell from the logs, but those sends are
> successful yet keeps repeating)
>Nothing is "resent", new messages are showing up, bouncing and ...
>(you don't show what happens with the bounces).
The bounces are ordinary. Here is one seen on the client:
------------------------------
This is the mail system at host xxx.
I'm sorry to have to inform you that your message could not be delivered to
one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own
text from the attached returned message.
The mail system
<x...@icloud.com>: message size 35379321 exceeds size limit 28311552 of
server mx01.mail.icloud.com[17.56.9.17]
-----------------------------------
The details.txt attachment in the bounce shows the following:
-----------------------------------------------------
Reporting-MTA: dns; xxx
X-Postfix-Queue-ID: 528F8C5AC4
X-Postfix-Sender: rfc822; xxx
Arrival-Date: Tue, 12 Jan 2021 19:58:22 +0000 (UTC)
Final-Recipient: rfc822; x...@icloud.com
Original-Recipient: rfc822;x...@icloud.com
Action: failed
Status: 5.3.4
Diagnostic-Code: X-Postfix; message size 35379321 exceeds size limit
28311552
of server mx01.mail.icloud.com[17.56.9.17]
-----------------------------------------------------------
It appears to be a loop somewhere. One bit I have since discovered is that
each of these emails (that are either succeeding in delivering to
destination address or bouncing from the destination) had bounced at some
point in the past. If this is the basis for the behavior, I would like to
think that perhaps a loop of some sort occurs on the first bounce of any
outgoing/internal email.
