Re: Crazy retries for bounced (and a small number of successful) emails

Viktor Dukhovni Tue, 12 Jan 2021 15:10:07 -0800

On Tue, Jan 12, 2021 at 02:28:44PM -0800, sckall...@yahoo.com wrote:

> > There are no "Received:" headers here, are you sure you've posted *all* the
> > headers?  All messages received by Postfix get a "Received" header
> > prepended.  Where are they?  However, we do see that the message went
> > through Amavis, so ypu should have logs for that... and ideally for how it
> > got into Amavis as well.
> 
> There is a Received header in the NDR email headers, look for it in the
> paste above the one you looked at.


That's not the Received header of interest, it traces the hops the
*bounce* went through, I am looking for the hops the original message
went through.  Where are *its* Received headers?

> Here is where I see the first send of this message (based on the message id):
> 
> -----------------------------------------------------------------
> Jan  7 02:03:25 mail postfix/submission/smtpd[23109]: connect from
>   c-11-22-33-44.hsd1.ca.comcast.net[11.22.33.44]
> Jan  7 02:03:26 mail postfix/submission/smtpd[23109]: 09E898DFA2:
>   client=c-11-22-33-44.hsd1.ca.comcast.net[11.22.33.44], sasl_method=LOGIN,
>   sasl_username=yyy@xxx
> Jan  7 02:03:26 mail postfix/cleanup[23314]: 09E898DFA2:
>   message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:04:17 mail postfix/qmgr[1576]: 09E898DFA2: from=<yyy@xxx>,
>   size=35378641, nrcpt=1 (queue active)
> Jan  7 02:04:19 mail postfix/submission/smtpd[23109]: disconnect from
>   c-11-22-33-44.hsd1.ca.comcast.net[11.22.33.44]
> Jan  7 02:04:56 mail postfix/smtp[23322]: 09E898DFA2: to=<x...@icloud.com>,
>   relay=127.0.0.1[127.0.0.1]:10024, delay=91, delays=52/0.03/0.01/39,
>   dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
>   2.0.0 Ok: queued as 9AE9C281)
> Jan  7 02:04:56 mail postfix/qmgr[1576]: 09E898DFA2: removed

Ah, finally, we see it arrive from outside your system, via
authenticated SMTP submission and get forwarded to Amavis on port 10024
(just a single recipient message).

> Jan  7 02:04:32 mail postfix/smtpd[23324]: connect from mail.xxx[127.0.0.1]
> Jan  7 02:04:32 mail postfix/smtpd[23324]: 9AE9C281:
>   client=mail.xxx[127.0.0.1], orig_queue_id=09E898DFA2,
>   orig_client=c-11-22-33-44.hsd1.ca.comcast.net[11.22.33.44]
> Jan  7 02:04:32 mail postfix/cleanup[23229]: 9AE9C281:
>   message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:04:56 mail postfix/qmgr[1576]: 9AE9C281: from=<yyy@xxx>,
>   size=35378688, nrcpt=1 (queue active)
> Jan  7 02:04:56 mail postfix/smtpd[23324]: disconnect from
>   mail.xxx[127.0.0.1]
> Jan  7 02:04:58 mail postfix/smtp[23331]: 9AE9C281: to=<x...@icloud.com>,
>   relay=127.0.0.1[127.0.0.1]:10026, delay=26, delays=24/0.13/0/1.6, dsn=2.0.0,
>   status=sent (250 OK Message /var/spool/pykolab/wallace/tmpLo9c_K queued)
> Jan  7 02:04:58 mail postfix/qmgr[1576]: 9AE9C281: removed

The message received from Amavis is sent to port 10026, where something
perhaps called "pykolab" accepted it into some sort of queue.

> Jan  7 02:05:05 mail postfix/smtpd[23332]: connect from mail.xxx[127.0.0.1]
> Jan  7 02:05:05 mail postfix/smtpd[23332]: EE2D1281:
>   client=mail.xxx[127.0.0.1]
> Jan  7 02:05:07 mail postfix/cleanup[23229]: EE2D1281:
>   message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:05:30 mail postfix/qmgr[1576]: EE2D1281: from=<yyy@xxx>,
>   size=35379321, nrcpt=1 (queue active)
> Jan  7 02:05:30 mail postfix/smtpd[23332]: disconnect from
>   mail.xxx[127.0.0.1]
> Jan  7 02:05:31 mail postfix/smtp[23334]: EE2D1281: to=<x...@icloud.com>,
>   relay=mx02.mail.icloud.com[17.57.152.14]:25, delay=25,
>   delays=25/0.03/0.45/0, dsn=5.3.4, status=bounced (message size 35379321
>   exceeds size limit 28311552 of server mx02.mail.icloud.com[17.57.152.14])
> Jan  7 02:05:31 mail postfix/qmgr[1576]: EE2D1281: removed

Seven minutes later, the message appears again, from 127.0.0.1, so
either from Amavis or "pykolab", this time it fails an attempt to send
it to icloud.com.

> Jan  7 02:05:33 mail postfix/smtpd[23332]: connect from mail.xxx[127.0.0.1]
> Jan  7 02:05:33 mail postfix/smtpd[23332]: 102A0281: 
> client=mail.xxx[127.0.0.1]
> Jan  7 02:05:34 mail postfix/cleanup[23229]: 102A0281:
> message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:05:57 mail postfix/qmgr[1576]: 102A0281: from=<yyy@xxx>,
> size=35379321, nrcpt=1 (queue active)
> Jan  7 02:05:57 mail postfix/smtpd[23332]: disconnect from
> mail.xxx[127.0.0.1]
> Jan  7 02:05:57 mail postfix/smtp[23334]: 102A0281: to=<x...@icloud.com>,
> relay=mx02.mail.icloud.com[17.56.9.19]:25, delay=25, delays=24/0/0.28/0,
> dsn=5.3.4, status=bounced (message size 35379321 exceeds size limit 28311552
> of server mx02.mail.icloud.com[17.56.9.19])
> Jan  7 02:05:57 mail postfix/qmgr[1576]: 102A0281: removed

And again, ~30 seconds later.

> Jan  7 02:06:00 mail postfix/smtpd[23332]: connect from mail.xxx[127.0.0.1]
> Jan  7 02:06:00 mail postfix/smtpd[23332]: 0CEF9281:
> client=mail.xxx[127.0.0.1]
> Jan  7 02:06:01 mail postfix/cleanup[23229]: 0CEF9281:
> message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:06:25 mail postfix/smtpd[23332]: disconnect from
> mail.xxx[127.0.0.1]
> Jan  7 02:06:25 mail postfix/qmgr[1576]: 0CEF9281: from=<yyy@xxx>,
> size=35379321, nrcpt=1 (queue active)
> Jan  7 02:06:25 mail postfix/smtp[23334]: 0CEF9281: to=<x...@icloud.com>,
> relay=mx01.mail.icloud.com[17.57.154.23]:25, delay=26,
> delays=25/0.01/0.33/0, dsn=5.3.4, status=bounced (message size 35379321
> exceeds size limit 28311552 of server mx01.mail.icloud.com[17.57.154.23])
> Jan  7 02:06:25 mail postfix/qmgr[1576]: 0CEF9281: removed

And again, ...

> Jan  7 02:06:27 mail postfix/smtpd[23332]: connect from mail.xxx[127.0.0.1]
> Jan  7 02:06:27 mail postfix/smtpd[23332]: 152C88DFA2:
> client=mail.xxx[127.0.0.1]
> Jan  7 02:06:28 mail postfix/cleanup[23229]: 152C88DFA2:
> message-id=<2f18001d6e499$48eeff40$daccfdc0$@xxx>
> Jan  7 02:06:51 mail postfix/qmgr[1576]: 152C88DFA2: from=<yyy@xxx>,
> size=35379321, nrcpt=1 (queue active)
> Jan  7 02:06:51 mail postfix/smtpd[23332]: disconnect from
> mail.xxx[127.0.0.1]
> Jan  7 02:06:53 mail postfix/smtp[23347]: 152C88DFA2: to=<x...@icloud.com>,
> relay=mx02.mail.icloud.com[17.57.152.14]:25, delay=26, delays=25/0.04/1.1/0,
> dsn=5.3.4, status=bounced (message size 35379321 exceeds size limit 28311552
> of server mx02.mail.icloud.com[17.57.152.14])
> Jan  7 02:06:53 mail postfix/qmgr[1576]: 152C88DFA2: removed

Are we bored yet...  It looks like the software that's sending
it into Postfix over and over again is likely the "pykolab"
thing on port 10026.

-- 
    Viktor.

Re: Crazy retries for bounced (and a small number of successful) emails

Reply via email to