HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Disappearing emails ispconfig 2 / postfix (http://www.howtoforge.com/forums/showthread.php?t=45786)

DrJohn 12th May 2010 18:22

Disappearing emails ispconfig 2 / postfix
 
Strange problem: forwarding or replying to some (not all) email from an external isp (via that isp's SMTP) to my primary email on the ispconfig-hosted (virtual) server here, the email never makes it to my inbox. Looking at /var/log/mail.log, I see that the mail is relayed internally to admispconfig@localhost.localdomain, which doesn't correspond to any user on the system.

Here's a snippet from mail.log:
Code:

May 12 08:44:53 mailserver postfix/smtpd[23041]: warning: 174.121.77.192: hostname c0.4d.79ae.static.theplanet.com verification failed: Name or service not known
May 12 08:44:54 mailserver postfix/smtpd[23041]: connect from unknown[174.121.77.192]
May 12 08:44:54 mailserver postfix/smtpd[23041]: setting up TLS connection from unknown[174.121.77.192]
May 12 08:44:54 mailserver postfix/smtpd[23041]: Anonymous TLS connection established from unknown[174.121.77.192]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 12 08:44:55 mailserver postgrey: action=pass, reason=triplet found, client_name=unknown, client_address=174.121.77.192, sender=john@sendingsite.com, recipient=john@hostedsite.com
May 12 08:44:55 mailserver postfix/smtpd[23041]: CBE39F47F1: client=unknown[174.121.77.192]
May 12 08:44:56 mailserver postfix/cleanup[23046]: CBE39F47F1: message-id=<4BEACCF3.9090900@sendingsite.com>
May 12 08:44:56 mailserver postfix/qmgr[12971]: CBE39F47F1: from=<john@sendingsite.com>, size=42802, nrcpt=1 (queue active)
May 12 08:44:56 mailserver postfix/smtpd[23041]: disconnect from unknown[174.121.77.192]
May 12 08:44:56 mailserver postfix/pickup[21838]: 80719F481A: uid=10007 from=<site4_myloginid>
May 12 08:44:56 mailserver postfix/cleanup[23046]: 80719F481A: message-id=<20100512154456.80719F481A@mailserver.mydomain.loc>
May 12 08:44:56 mailserver postfix/qmgr[12971]: 80719F481A: from=<site4_myuserid@mailserver.mydomain.loc>, size=436, nrcpt=1 (queue active)
May 12 08:44:56 mailserver postfix/local[23064]: 80719F481A: to=<admispconfig@localhost.localdomain>, relay=local, delay=0.3, delays=0.18/0.02/0/0.11, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
May 12 08:44:56 mailserver postfix/qmgr[12971]: 80719F481A: removed

If I send a new message the same way, on the other hand, it is delivered. Mail.log:
Code:

May 12 09:02:38 mailserver postfix/smtpd[23041]: warning: 174.121.77.192: hostname c0.4d.79ae.static.theplanet.com verification failed: Name or service not known
May 12 09:02:38 mailserver postfix/smtpd[23041]: connect from unknown[174.121.77.192]
May 12 09:02:39 mailserver postfix/smtpd[23041]: setting up TLS connection from unknown[174.121.77.192]
May 12 09:02:39 mailserver postfix/smtpd[23041]: Anonymous TLS connection established from unknown[174.121.77.192]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 12 09:02:39 mailserver postgrey: action=pass, reason=triplet found, client_name=unknown, client_address=174.121.77.192, sender=john@sendingsite.com, recipient=john@hostedsite.com
May 12 09:02:39 mailserver postfix/smtpd[23041]: 83EF6F47F1: client=unknown[174.121.77.192]
May 12 09:02:39 mailserver postfix/cleanup[23453]: 83EF6F47F1: message-id=<4BEAD11D.3060809@sendingsite.com>
May 12 09:02:39 mailserver postfix/qmgr[12971]: 83EF6F47F1: from=<john@sendingsite.com>, size=1353, nrcpt=1 (queue active)
May 12 09:02:39 mailserver postfix/smtpd[23041]: disconnect from unknown[174.121.77.192]
May 12 09:02:39 mailserver postfix/pickup[21838]: D5BD6F481A: uid=10007 from=<myuserid>
May 12 09:02:39 mailserver postfix/cleanup[23453]: D5BD6F481A: message-id=<20100512160239.D5BD6F481A@mailserver.mydomain.loc>
May 12 09:02:39 mailserver postfix/qmgr[12971]: D5BD6F481A: from=<myuserid@mailserver.loc>, size=435, nrcpt=1 (queue active)
May 12 09:02:40 mailserver postfix/local[23472]: D5BD6F481A: to=<admispconfig@localhost.localdomain>, relay=local, delay=0.27, delays=0.14/0.03/0/0.1, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
May 12 09:02:40 mailserver postfix/qmgr[12971]: D5BD6F481A: removed

May 12 09:02:48 mailserver postfix/local[23455]: 83EF6F47F1: to=<myuserid@mailserver.mydomain.loc>, orig_to=<john@hostedsite.com>, relay=local, delay=9.4, delays=0.14/0.03/0/9.3, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
May 12 09:02:48 mailserver postfix/qmgr[12971]: 83EF6F47F1: removed

Does it have anything to do with admispconfig@localhost.localdomain?

I can post main.cf, etc. if needed.

Thanks

falko 14th May 2010 13:44

The admispconfig@localhost.localdomain address is used only for traffic accounting, i.e., whenever a mail is sent, another mail with the size of the previously sent mail is sent to that account. That's why you see all those lines with admispconfig@localhost.localdomain in the logs. I don't think this has anything to do with the fact that emails are disappearing. Are there any other errors in your mail log?

DrJohn 14th May 2010 17:21

OK, I understand about the admispconfig user. There are no other apparent errors in mail.log.

An associate uses an external virus / spam scanning service for his company (same one I used to use until I made the postfix rules stronger and installed postgrey here), and he asked about a particular trojan in a zip attachment that kept getting into his employees' inboxes. After looking at the situation, it appears that the trojan was being sent directly to his hosted server, bypassing the external scans, and that the host company had weak incoming detection capabilities.

Anyway, the subject issue arose when I tested the setup here by sending the trojan email with attachment in to my system from his. Sure enough, it never made it through to the inbox. But, when I sent the email in without the attachment (using 'reply' instead of 'forward') the same happened -- no receipt.

Perhaps clam sees the message as a threat, even without the 'live' attachment, because the message body contains the original email?

Thanks,

JH


All times are GMT +2. The time now is 14:27.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.