Not receiving messages from mail servers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Not receiving messages from mail servers

@lbutlr
I finally managed to isolate this. I have no been receiving mails from some mail servers and there's very little being logged. I obviously set some configuration that mucked things up. Here is the entire mail.log from the first minute after midnight:

Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from [94.237.32.243]:46598 to [65.121.55.42]:25
Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by domain score.senderscore.com as 127.0.4.97
Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by domain list.dnswl.org as 127.0.9.2
Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from wursti.dovecot.fi[94.237.32.243]
Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kreme>, x.x.x.x, PLAIN, TLS
Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kremels>, x.x.x.x, PLAIN, TLS
Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 quit=1 commands=2/6

As you can see, 94.237.32.243 connected and then after 30 seconds disconnected. It says it sent an ehlo, but it is not logged.

This is one of the lists effected, so please include a Cc to me.


Reply | Threaded
Open this post in threaded view
|

Re: Not receiving messages from mail servers

Dominic Raferd
On 17 April 2018 at 13:38, @lbutlr <[hidden email]> wrote:

>
> I finally managed to isolate this. I have no been receiving mails from some mail servers and there's very little being logged. I obviously set some configuration that mucked things up. Here is the entire mail.log from the first minute after midnight:
>
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr
> 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:37 mail
> dovecot: imap-login: Login: user=<kreme>, x.x.x.x, PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kremels>, x.x.x.x, PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
> Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 quit=1 commands=2/6
>
> As you can see, 94.237.32.243 connected and then after 30 seconds disconnected. It says it sent an ehlo, but it is not logged.


What do the 'dovecot: imap-login' messages signify?

Judging from the final smtpd log message, STARTTLS wasn't attempted,
perhaps because your server doesn't offer it? If you don't allow
unencrypted connections for incoming mail (smtpd_tls_security_level =
encrypt instead of may), this could be your problem. See
http://www.postfix.org/TLS_README.html: 'According to RFC 2487 this
MUST NOT be applied in case of a publicly-referenced Postfix SMTP
server. This option is off by default and should only seldom be used.'
Reply | Threaded
Open this post in threaded view
|

Re: Not receiving messages from mail servers

/dev/rob0
In reply to this post by @lbutlr
On Tue, Apr 17, 2018 at 06:38:00AM -0600, @lbutlr wrote:

> I finally managed to isolate this. I have no been receiving mails
> from some mail servers and there's very little being logged. I
> obviously set some configuration that mucked things up. Here is
> the entire mail.log from the first minute after midnight:
>
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from wursti.dovecot.fi[94.237.32.243]

It gets through postscreen, to smtpd ...

> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1
> rset=0/1 quit=1 commands=2/6
>
> As you can see, 94.237.32.243 connected and then after 30 seconds
> disconnected. It says it sent an ehlo, but it is not logged.

[it looks logged, to me]

Unfortunately the SMTP protocol provides no means for a client to
tell a server why it's unable to complete a transaction.

Noting that this is probably from the Dovecot users' mailing list, I
will put forth a WAG: perhaps you are requiring TLS?  That host is
among a small number of hosts in my logs which hit a "warn_if_reject
reject_plaintext_session" restriction.  If you require TLS you can't
receive mail from hosts which do not STARTTLS.

If you can ask Timo or dovecot.fi people directly, they should be
able to help you.

> This is one of the lists effected, so please include a Cc to me.

Sorry, can't; I am a SPF violator.  One Of These Days, I might fix
that.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Not receiving messages from mail servers

Viktor Dukhovni
In reply to this post by @lbutlr


> On Apr 17, 2018, at 8:38 AM, @lbutlr <[hidden email]> wrote:
>
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 quit=1 commands=2/6

The mail/rcpt/data commands were pipelined together, and all three were rejected, then the remote client issued RSET and QUIT, but RSET was also rejected!  The only way that RSET is rejected (barring unlikely syntax errors) is indeed if you're enforcing TLS, which would also explain why mail/rcpt/data were rejected.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Not receiving messages from mail servers

@lbutlr
In reply to this post by Dominic Raferd
On Apr 17, 2018, at 07:58, Dominic Raferd <[hidden email]> wrote:
> What do the 'dovecot: imap-login' messages signify?

That wouldn't be involved. This wasn’t a user logging in, this was mail delivering from the dovecot list

> Judging from the final smtpd log message, STARTTLS wasn't attempted,

Yep, that was the clue.

I seem to have fixed it. I had an errant !TLSv1.1 in the protocols list. I guess I got a little distracted when I was locking down Apache... :/

--
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.
Reply | Threaded
Open this post in threaded view
|

Re: Not receiving messages from mail servers

Wilfried.Essig@Essignetz.de
In reply to this post by @lbutlr
Try

debug_peer_list = 94.237.32.243

in main.cf


Willi

Am 17.04.2018 um 14:38 schrieb @lbutlr:

> I finally managed to isolate this. I have no been receiving mails from some mail servers and there's very little being logged. I obviously set some configuration that mucked things up. Here is the entire mail.log from the first minute after midnight:
>
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kreme>, x.x.x.x, PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kremels>, x.x.x.x, PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
> Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 quit=1 commands=2/6
>
> As you can see, 94.237.32.243 connected and then after 30 seconds disconnected. It says it sent an ehlo, but it is not logged.
>
> This is one of the lists effected, so please include a Cc to me.
>
>