[SOLVED] detected undelivered mail to

[lilydawson]

The 'detected undelivered mail' message is usually the result of the new security checks on malformed MIME parts. If you see 'message has ambiguous content' or 'unable to parse message' in your logs, that is the culprit. You can get these moving again by following the documentation to allow broken messages for specific rules. It is a common pain point right now for anyone receiving automated reports or legacy system emails that do not strictly follow MIME standards.

 

[laurensb]

an e-mail (putting the .eml and logs in a zip-file so they don't get rejected by our PMG) to s.ivanov _at_ proxmox.com would work

Done.

Anyways - enabling the 'Allow Broken MIME Structure' checkbox should bring back the behavior before the patch (only adding the X-Proxmox-Broken-Message header) - it's just nothing we'd recommend in general - if mail in your environment are vastly affected by this I think it can be ok, else if you can identify which senders/content of a mail cause this - adding rules to your rule-system to only accept those mail, and reject all other broken mime mails would be better.

I hope this helps!

The 'detected undelivered mail' message is usually the result of the new security checks on malformed MIME parts. If you see 'message has ambiguous content' or 'unable to parse message' in your logs, that is the culprit. You can get these moving again by following the documentation to allow broken messages for specific rules. It is a common pain point right now for anyone receiving automated reports or legacy system emails that do not strictly follow MIME standards.

Already allowed it. Things are working now, but as Stoiko Ivanov said, better to use fine-grained rules.

 

[Stoiko Ivanov]

Done.

Thanks ! As a summary for the public:
* Issue with the mails was that the pdf-attachments have technically 2 'filename' parameters in their content-disposition headers - one as 'filename', the other as RFC2231 (https://datatracker.ietf.org/doc/html/rfc2231) encoded 'filename*0*' - as both of these are present the parser (arguably so) says it's ambiguous.

This is the same issue that @sterzy addressed in: https://lore.proxmox.com/pbs-devel/20260225112107.99905-1-s.sterz@proxmox.com/T/#u - see the commit message for further details.

 

[andres-asm]

Hi, I have applied the fix, but the emails are still stuck in queue, si there anyway we can get these emails to deliver?

 

[andres-asm]

I am still in proxmox 8, would rolling back to 8.1.3 from 8.1.4 work like on the other person's case?

 

[Stoiko Ivanov]

I am still in proxmox 8, would rolling back to 8.1.3 from 8.1.4 work like on the other person's case?

installing the update, and allowing broken mime should work - the mails should either be resent by the sending server (before-queue-filtering) - or by postfix on PMG (after-queue-filtering) eventually (can take up to a few hours depending on how long they have been queued) - and with accept broken mime enabled they should be processed successfully.

I hope this helps!

 

[andres-asm]

thank you, no way to force them to requeue with postqueue?

 

[Stoiko Ivanov]

if they are queued on your PMG - you can try with `postqueue -i <queue-id>`

 

[andres-asm]

there is no update for PMG 8 atm though!

 

[Stoiko Ivanov]

there is no update for PMG 8 atm though!

see: https://forum.proxmox.com/threads/proxmox-mail-gateway-security-advisories.149333/post-838667:

Fixed:
- Proxmox Mail Gateway 8: pmg-api >= 8.2.10, libmime-tools-perl >= 5.515-1+pmg1~bpo12+1

 

[hawkeye]

* please run `pmgconfig sync -restart 1` - then check the main.cf again.
* do you have any overrides in /etc/pmg/templates?

if this does not help, please do share the contents of /etc/resolv.conf, /etc/hosts, and the rendered /etc/postfix/main.cf

no more localdomain reports into the log files. Problem should be solved. Thanks for you fast help.

 

[andres-asm]

in PMG 8 the issue remains... I was having login issues due to the downgraded PMG API (I resorted to that the other day).
I updated again this week and the issue came back:



This is enabled but the issue still happens

 

[andres-asm]

and I updated to PMG9 and the issue is still there for me with Accept Broken MIME Structure enabled

8A9C4181F9C 367715 Thu Mar 5 15:53:23 carla.flores@qsi.ec
(host 127.0.0.1[127.0.0.1] said: 451 4.4.0 detected undelivered mail to <ana@redacted.com> (in reply to end of DATA command))
ana@redacted.com
(host 127.0.0.1[127.0.0.1] said: 451 4.4.0 detected undelivered mail to <info@redacted.com> (in reply to end of DATA command))
info@redacted.com
(host 127.0.0.1[127.0.0.1] said: 451 4.4.0 detected undelivered mail to <rober@redacted.com> (in reply to end of DATA command))
rober@redacted.com

 

[Stoiko Ivanov]

please share the complete journal around that time - this is not the only cause of "detected undelivered mail to"... - maybe pmg-smtp-filter had another issue, or postfix is not running properly...