[SOLVED] forward email problem

[Jacky Li]

Hi,

Proxmox mail sits on the front end to fight spams. It then sends the "clean" email to the internal server. Some of users has .forward to save a copy on the internal email server and sends it to another email such as their gmail account. The internal server sends the forward email back to proxmox on port 26 for checking again and sends it out to the forwaded email address. However, I noticed that some of the suppose "clean" emails are deferred due to sender's domain's low reputation or fails to pass authentication checks and bounced. This is especially true for google.com emails. The deferred emails then tried to notified the sender that their emails bounced.

Basically I have two problems here, proxmox said it is clean and delivered to the internal email server but the forward email address server said it is not. May I know what I can do here to address this problem? The second problem is how to I handle bounced emails from the forward email address server? I don't want to notify the sender that their "spam" emails got bounced.

Hope I explain the problems in a clear manner. Thank you.

Jacky

 

[Stoiko Ivanov]

Hmm - please share the anonymized logs of such a delivery chain (external -> PMG (25) -> internal -> (forwarded via .forward) -> PMG (26) -> gmail/otherprovider which rejects it).

My guess is that by simply forwarding the mail the original envelope sender is used and thus the final receiving server (gmail) detects this as potential fake e-mail - In that case you could try to reconfigure your internal mailserver to resend the e-mail instead of bouncing it (i.e. using the original envelope-sender)

I hope this helps!

 

[Jacky Li]

Hi,

How do anonymized logs? Thank you.

Jacky

 

[Stoiko Ivanov]

Change each e-mail address to some placeholder string (e.g. 'sender@senderdomain.com' for the sender, 'receiver@receiverdomain.com' for the receiver...), replace all occuring public ip-addresses by placeholder IPs.
Make sure to use the same placeholder for each occurence (otherwise it's not possible to understand how the mail gets sent)

 

[Jacky Li]

Hi,

Here is the log of the delivery chain. From the logs, it seems that the the original envelope-sender is using on outgoing emails?

External -> PMG:

Oct 16 07:41:30 pmg-external postfix/smtpd[9998]: connect from listsrv2.nasaprs.com[209.190.239.79]
Oct 16 07:41:31 pmg-external postfix/smtpd[9998]: 35C8920972: client=listsrv2.nasaprs.com[209.190.239.79]
Oct 16 07:41:31 pmg-external postfix/cleanup[10002]: 35C8920972: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:31 pmg-external opendkim[677]: 35C8920972: listsrv2.nasaprs.com [209.190.239.79] not internal
Oct 16 07:41:31 pmg-external opendkim[677]: 35C8920972: not authenticated
Oct 16 07:41:31 pmg-external opendmarc[21922]: implicit authentication service: pmg-external.physics.hi.edu
Oct 16 07:41:31 pmg-external opendmarc[21922]: 35C8920972: listsrv2.nasaprs.com none
Oct 16 07:41:31 pmg-external postfix/qmgr[20834]: 35C8920972: from=<smd-bounces@listsrv2.nasaprs.com>, size=13933, nrcpt=1 (queue active)
Oct 16 07:41:31 pmg-external pmg-smtp-filter[9658]: 2019/10/16-07:41:31 CONNECT TCP Peer: "[127.0.0.1]:37056" Local: "[127.0.0.1]:10024"
Oct 16 07:41:31 pmg-external pmg-smtp-filter[9658]: 414A85DA7564BDDDE3: new mail message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:33 pmg-external postfix/smtpd[9998]: disconnect from listsrv2.nasaprs.com[209.190.239.79] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9658]: 414A85DA7564BDDDE3: SA score=1/5 time=5.417 bayes=undefined autolearn=no autolearn_force=no hits=AWL(-0.370),DCC_CHECK(1.1),DCC_REPUT_90_94(0.4),HTML_MESSAGE(0.001),KAM_LAZY_DOMAIN_SECURITY(1),MAILING_LIST_MULTI(-1),RCVD_IN_DNSWL_NONE(-0.0001),SPF_HELO_NONE(0.001),SPF_NONE(0.001)
Oct 16 07:41:37 pmg-external postfix/smtpd[10009]: connect from localhost.localdomain[127.0.0.1]
Oct 16 07:41:37 pmg-external postfix/smtpd[10009]: 60A6A20CB9: client=localhost.localdomain[127.0.0.1], orig_client=listsrv2.nasaprs.com[209.190.239.79]
Oct 16 07:41:37 pmg-external postfix/cleanup[10002]: 60A6A20CB9: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: 60A6A20CB9: from=<smd-bounces@listsrv2.nasaprs.com>, size=15034, nrcpt=1 (queue active)
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9658]: 414A85DA7564BDDDE3: accept mail to <receiver@physics.hi.edu> (60A6A20CB9) (rule: default-accept)
Oct 16 07:41:37 pmg-external postfix/smtpd[10009]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9658]: 414A85DA7564BDDDE3: processing time: 5.535 seconds (5.417, 0.039, 0)
Oct 16 07:41:37 pmg-external postfix/lmtp[10003]: 35C8920972: to=<receiver@physics.hi.edu>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.4, delays=0.78/0.01/0.04/5.5, dsn=2.5.0, status=sent (250 2.5.0 OK (414A85DA7564BDDDE3))
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: 35C8920972: removed
Oct 16 07:41:37 pmg-external postfix/smtp[10010]: 60A6A20CB9: to=<receiver@physics.hi.edu>, relay=10.10.30.202[10.10.30.202]:25, delay=0.15, delays=0.05/0.02/0.04/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8218820030)
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: 60A6A20CB9: removed

Internal -> PMG:

Oct 16 07:41:37 mail-internal postfix/smtpd[24384]: connect from pmg-external.physics.hi.edu[10.10.30.242]
Oct 16 07:41:37 mail-internal postfix/smtpd[24384]: 8218820030: client=pmg-external.physics.hi.edu[10.10.30.242]
Oct 16 07:41:37 mail-internal postfix/cleanup[24390]: 8218820030: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 mail-internal postfix/smtpd[24384]: disconnect from pmg-external.physics.hi.edu[10.10.30.242]
Oct 16 07:41:37 mail-internal postfix/qmgr[6591]: 8218820030: from=<smd-bounces@listsrv2.nasaprs.com>, size=15250, nrcpt=1 (queue active)
Oct 16 07:41:37 mail-internal postfix/local[24392]: 8218820030: to=<receiver@mail-internal.physics.hi.edu>, orig_to=<receiver@physics.hi.edu>, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Oct 16 07:41:37 mail-internal postfix/cleanup[24390]: 887B92028F: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 mail-internal postfix/local[24392]: 8218820030: to=<receiver@physics.hi.edu>, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 887B92028F)
Oct 16 07:41:37 mail-internal postfix/qmgr[6591]: 887B92028F: from=<smd-bounces@listsrv2.nasaprs.com>, size=15390, nrcpt=1 (queue active)
Oct 16 07:41:37 mail-internal postfix/qmgr[6591]: 8218820030: removed
Oct 16 07:41:37 mail-internal postfix/smtp[24394]: 887B92028F: to=<receiver3690@gmail.com>, orig_to=<receiver@physics.hi.edu>, relay=pmg-external.physics.hi.edu[10.10.30.242]:26, delay=0.04, delays=0/0.02/0.01/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9058A20972)
Oct 16 07:41:37 mail-internal postfix/qmgr[6591]: 887B92028F: removed

PMG -> Outside:

Oct 16 07:41:37 pmg-external postfix/smtpd[10011]: connect from mail-internal.physics.hi.edu[10.10.30.202]
Oct 16 07:41:37 pmg-external postfix/smtpd[10011]: 9058A20972: client=mail-internal.physics.hi.edu[10.10.30.202]
Oct 16 07:41:37 pmg-external postfix/cleanup[10002]: 9058A20972: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 pmg-external opendkim[702]: 9058A20972: no signing table match for 'smd@listsrv2.nasaprs.com'
Oct 16 07:41:37 pmg-external postfix/smtpd[10011]: disconnect from mail-internal.physics.hi.edu[10.10.30.202] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: 9058A20972: from=<smd-bounces@listsrv2.nasaprs.com>, size=15634, nrcpt=1 (queue active)
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9651]: 2019/10/16-07:41:37 CONNECT TCP Peer: "[127.0.0.1]:56510" Local: "[127.0.0.1]:10023"
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9651]: 414A85DA756519D653: new mail message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 pmg-external postfix/smtpd[10009]: connect from localhost.localdomain[127.0.0.1]
Oct 17 07:41:37 pmg-external postfix/smtpd[10009]: A809520CB9: client=localhost.localdomain[127.0.0.1], orig_client=mail-internal.physics.hi.edu[10.10.30.202]
Oct 16 07:41:37 pmg-external postfix/cleanup[10002]: A809520CB9: message-id=<4ef79d82943f41dfa8b08045ce329200@vm-ex2mail-2d.nress.local>
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: A809520CB9: from=<smd-bounces@listsrv2.nasaprs.com>, size=14102, nrcpt=1 (queue active)
Oct 16 07:41:37 pmg-external postfix/smtpd[10009]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9651]: 414A85DA756519D653: accept mail to <receiver3690@gmail.com> (A809520CB9) (rule: default-accept)
Oct 16 07:41:37 pmg-external pmg-smtp-filter[9651]: 414A85DA756519D653: processing time: 0.091 seconds (0, 0.029, 0)
Oct 16 07:41:37 pmg-external postfix/lmtp[10003]: 9058A20972: to=<receiver3690@gmail.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.15, delays=0.01/0/0.05/0.1, dsn=2.5.0, status=sent (250 2.5.0 OK (414A85DA756519D653))
Oct 16 07:41:37 pmg-external postfix/qmgr[20834]: 9058A20972: removed
Oct 16 07:41:37 pmg-external postfix/smtp[10010]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1b]:25: Network is unreachable
Oct 16 07:41:38 pmg-external postfix/smtp[10010]: Trusted TLS connection established to gmail-smtp-in.l.google.com[74.125.142.27]:25: TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
Oct 16 07:41:38 pmg-external postfix/smtp[10010]: A809520CB9: host gmail-smtp-in.l.google.com[74.125.142.27] said: 421-4.7.0 This message does not have authentication information or fails to pass 421-4.7.0 authentication checks. To best protect our users from spam, the 421-4.7.0 message has been blocked. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more 421 4.7.0 information. 194si27779366pgf.195 - gsmtp (in reply to end of DATA command)
Oct 16 07:41:39 pmg-external postfix/smtp[10010]: Trusted TLS connection established to alt1.gmail-smtp-in.l.google.com[209.85.146.27]:25: TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
Oct 16 07:41:39 pmg-external postfix/smtp[10010]: A809520CB9: to=<receiver3690@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.146.27]:25, delay=2.3, delays=0.05/0/1.8/0.44, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.146.27] said: 421-4.7.0 This message does not have authentication information or fails to pass 421-4.7.0 authentication checks. To best protect our users from spam, the 421-4.7.0 message has been blocked. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more 421 4.7.0 information. z12si36437836iop.117 - gsmtp (in reply to end of DATA command))

 

[Stoiko Ivanov]

My guess is that the mail is rejected because the sender-domain (listsrv2.nasaprs.com) does not have a spf or dkim record (and because the mail is received by google not from the ip-address of the host (but from your PMG))

You could ask your users to change their procmail-recipe to send the mails 'from' their local account (which would probably lead to problems when displaying those mails in their gmail-inbox)

However the following link might help you: https://support.google.com/a/answer/175365?hl=en

I hope this helps!

 

[Jacky Li]

Hi,

Thank you. The queue got cleared at a later time with the email delivered. I won't worry about it for now. SPF is probably the minimum authentication setup nowadays.

Jacky