Can you help me? We received a mail , the person adressed in "to" received it, the persons in cc not. (i replaced the names in the example)
What could be the cause?
Do you need more from the log?
Receipent
- Thread starter ProxUser3000
- Start date
Can you help me? We received a mail , the person adressed in "to" received it, the persons in cc not. (i replaced the names in the example)
What could be the cause?
Do you need more from the log?
* please post the complete mail-log for the timeframe of that mail (anonymize the mails consistently)
* were all mail-addresses of the recepients (to as well as all cc addresses) in the same destination domain (myuser.at)?
else this could point to the downstream server not accepting the mails from PMG..
* were all mail-addresses of the recepients (to as well as all cc addresses) in the same destination domain (myuser.at)?
else this could point to the downstream server not accepting the mails from PMG..
Code:
Oct 3 11:34:14 mail postfix/smtpd[15779]: connect from mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121]
Oct 3 11:34:14 mail postfix/smtpd[15779]: Anonymous TLS connection established from mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Oct 3 11:34:14 mail postfix/smtpd[15779]: D1D8B1026A2: client=mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121]
Oct 3 11:34:14 mail postfix/smtpd[15779]: D1D8B1026A2: reject: RCPT from mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121]: 450 4.7.1 <failedreceiver@mycompany.at>: Recipient address rejected: Service is unavailable (try later); from=<sender@sender.com> to=<failedreceiver@mycompany.at> proto=ESMTP helo=<EUR01-HE1-obe.outbound.protection.outlook.com>
Oct 3 11:34:15 mail postfix/cleanup[15769]: D1D8B1026A2: message-id=<AM0P192MB0338F120BC478F1276374B09D59F0@AM0P192MB0338.EURP192.PROD.OUTLOOK.COM>
Oct 3 11:34:15 mail postfix/qmgr[853]: D1D8B1026A2: from=<sender@sender.com>, size=597235, nrcpt=1 (queue active)
Oct 3 11:34:15 mail pmg-smtp-filter[15818]: 1026D35D95C097E17F2: new mail message-id=<AM0P192MB0338F120BC478F1276374B09D59F0@AM0P192MB0338.EURP192.PROD.OUTLOOK.COM>
Oct 3 11:34:15 mail postfix/smtpd[15779]: disconnect from mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121] ehlo=2 starttls=1 mail=1 rcpt=1/2 data=1 quit=1 commands=7/8
Oct 3 11:34:17 mail pmg-smtp-filter[15818]: 1026D35D95C097E17F2: SA score=0/5 time=1.108 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.427),BAYES_00(-1.9),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),FORGED_SPF_HELO(1),HTML_IMAGE_RATIO_02(0.001),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),T_SPF_PERMERROR(0.01)
Oct 3 11:34:17 mail postfix/smtpd[15774]: connect from localhost.localdomain[127.0.0.1]
Oct 3 11:34:17 mail postfix/smtpd[15774]: 58E4F1026D7: client=localhost.localdomain[127.0.0.1], orig_client=mail-eopbgr130121.outbound.protection.outlook.com[40.107.13.121]
Oct 3 11:34:17 mail postfix/cleanup[15769]: 58E4F1026D7: message-id=<AM0P192MB0338F120BC478F1276374B09D59F0@AM0P192MB0338.EURP192.PROD.OUTLOOK.COM>
Oct 3 11:34:17 mail postfix/qmgr[853]: 58E4F1026D7: from=<sender@sender.com>, size=597439, nrcpt=1 (queue active)
Oct 3 11:34:17 mail pmg-smtp-filter[15818]: 1026D35D95C097E17F2: accept mail to <Johannes.successreceiver@mycompany.at> (58E4F1026D7) (rule: default-accept)
Oct 3 11:34:17 mail postfix/smtpd[15774]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 3 11:34:17 mail pmg-smtp-filter[15818]: 1026D35D95C097E17F2: processing time: 1.479 seconds (1.108, 0.282, 0)
Oct 3 11:34:17 mail postfix/lmtp[15817]: D1D8B1026A2: to=<Johannes.successreceiver@mycompany.at>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=1.1/0/0.04/1.5, dsn=2.5.0, status=sent (250 2.5.0 OK (1026D35D95C097E17F2))
Oct 3 11:34:17 mail postfix/qmgr[853]: D1D8B1026A2: removed
Oct 3 11:34:17 mail postfix/smtp[15783]: 58E4F1026D7: to=<Johannes.successreceiver@mycompany.at>, relay=192.168.222.11[192.168.222.11]:25, delay=0.56, delays=0.06/0/0/0.5, dsn=2.6.0, status=sent (250 2.6.0 <AM0P192MB0338F120BC478F1276374B09D59F0@AM0P192MB0338.EURP192.PROD.OUTLOOK.COM> [InternalId=2276025] Queued mail for delivery)
Oct 3 11:34:17 mail postfix/qmgr[853]: 58E4F1026D7: removedhere it is (could not start a conversation to you)
Hm - that's most likely due to having activated the greylist option for the mailproxy (it saves the tripel senderipnetwork,senderaddress,recepientaddress for whitelisting) - The mails to the other recipients should be delivered soon
I hope this helps
I hope this helps
In the meantime we received the mail.
So it was our greylist? What happens if we disable it? Do we get mor spam i assume?
So it was our greylist? What happens if we disable it? Do we get mor spam i assume?
The concept is quite well explained in wikipedia: https://en.wikipedia.org/wiki/Greylisting
put shortly you might get more spam through this (e.g. those mails sent by hacked webformulars, which sent the mail directly and don't queue it) - to measure the effect in your environment I would suggest that you try to disable it for a while and observe the logs.
The downside of greylisting is of course that quite a few mails get delayed by a noticable amount of time (those from a not yet seen sender).
I hope this helps!