t/s missing inbound mails with limited info

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

t/s missing inbound mails with limited info

Voytek
I've noticed I'm missing certain inbound emails addressed to me, the IT
support of sender is of limited help, as when I've asked for any rejection
notice or IP of sending server I was told "Please be informed that we
couldn't see failure/rejection notice from our end as we have received the
response from our transactional email provider which we are using in the
system."

I was told 'we rectified the error', but, I don't think I'm getting these
emails, and, the sender is of no help with any info

looking at header of one email that I have received, they are using
amazonses.com. I'm concerned maybe I've misconfigured either postscreen or
something else ?

using this limited information, what's best way to search for refused
mails ? connections ? what else ? from amazonses.com ?

thnks, Voytek

---------------
Return-Path:
<[hidden email]>
Delivered-To: [hidden email]
Received: from localhost (localhost [127.0.0.1])
    by geko.sbt.net.au (Postfix) with ESMTP id EEEEC6192BD2
    for <[hidden email]>; Wed, 7 Feb 2018 13:21:44 +1100 (AEDT)
X-Virus-Scanned: amavisd-new at sbt.net.au
Authentication-Results: geko.sbt.net.au (amavisd-new);
    dkim=pass (1024-bit key) header.d=tld.com
    header.b=lPEA8Keb; dkim=pass (1024-bit key) header.d=amazonses.com
    header.b=Ne9DWFQa
Received: from geko.sbt.net.au ([127.0.0.1])
    by localhost (geko.sbt.net.au [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 8OqIEEMfvr5y for <[hidden email]>;
    Wed, 7 Feb 2018 13:21:36 +1100 (AEDT)
Received: from a7-33.smtp-out.eu-west-1.amazonses.com
(a7-33.smtp-out.eu-west-1.amazonses.com [54.240.7.33])
    by geko.sbt.net.au (Postfix) with ESMTPS id 9D9F3619414E
    for <[hidden email]>; Wed, 7 Feb 2018 13:21:10 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=ykufs3ex764clpjp2v6rdbaehvvvtnnq; d=tld.com;
    t=1517970059;
    h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;
    bh=gHoanBCvA+6AuQ/rufwuSaiw/2eXtcpClbISvhAuudY=;
    b=lPEA8Keb/QJbAy8ujhZjO/9vj9WdXT6zBRITwwZcoAGjzE2RWHVhlpFf04762JrT
    MXKGEQe50ZcuDqTc1hO/0U9ZZQdImJUutqlp9o8NgI4QxHu1WEoJkg0PyXlGBqo0OlX
    EN9WyK7esJCjTeQfXthh3GnizyOPcNw02BySPb5g=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; t=1517970059;
    h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID:Feedback-ID;
    bh=gHoanBCvA+6AuQ/rufwuSaiw/2eXtcpClbISvhAuudY=;
    b=Ne9DWFQa7JIjtQrQ2iimMkE9fuGced4KVhAOoO2CL7FdB9eJm3zuNdiune6SLhOK
    AJPaS0Y0G7lY/WH0QXaKJP3fghW8p9+Fbnfrn9NhRzobTl6Xf4aKUNfU4MuRoYxGaxR
    FJ3wN5ltsy1Upz/C1t/OdDIvl8Cr92sEdaNMdKfE=
X-Sender: [hidden email]
X-Receiver: [hidden email]
MIME-Version: 1.0
From: [hidden email]
To: [hidden email]
Date: Wed, 7 Feb 2018 02:20:58 +0000
Subject: xxxxx
Content-Type: multipart/related;
     boundary=--boundary_5457_8c307e39-3af1-4980-8791-94d7f0f2d61b;
     type="text/html"
Message-ID:
<[hidden email]>
X-SES-Outgoing: 2018.02.07-54.240.7.33
Feedback-ID:
1.eu-west-1.yIdVeqhWS8exXf6j6uOE/Ytk2lwqPmD2TrerUvM18cU=:AmazonSES

Reply | Threaded
Open this post in threaded view
|

Re: t/s missing inbound mails with limited info

Dominic Raferd
On 10 February 2018 at 05:22, Voytek <[hidden email]> wrote:

> I've noticed I'm missing certain inbound emails addressed to me, the IT
> support of sender is of limited help, as when I've asked for any rejection
> notice or IP of sending server I was told "Please be informed that we
> couldn't see failure/rejection notice from our end as we have received the
> response from our transactional email provider which we are using in the
> system."
>
> I was told 'we rectified the error', but, I don't think I'm getting these
> emails, and, the sender is of no help with any info
>
> looking at header of one email that I have received, they are using
> amazonses.com. I'm concerned maybe I've misconfigured either postscreen or
> something else ?
>
> using this limited information, what's best way to search for refused
> mails ? connections ? what else ? from amazonses.com ?
>
> thnks, Voytek
>
> ---------------
> Return-Path:
> <[hidden email]>
> Delivered-To: [hidden email]
> Received: from localhost (localhost [127.0.0.1])
>         by geko.sbt.net.au (Postfix) with ESMTP id EEEEC6192BD2
>         for <[hidden email]>; Wed, 7 Feb 2018 13:21:44 +1100 (AEDT)
> X-Virus-Scanned: amavisd-new at sbt.net.au
> Authentication-Results: geko.sbt.net.au (amavisd-new);
>         dkim=pass (1024-bit key) header.d=tld.com
>         header.b=lPEA8Keb; dkim=pass (1024-bit key) header.d=amazonses.com
>         header.b=Ne9DWFQa
> Received: from geko.sbt.net.au ([127.0.0.1])
>         by localhost (geko.sbt.net.au [127.0.0.1]) (amavisd-new, port 10024)
>         with ESMTP id 8OqIEEMfvr5y for <[hidden email]>;
>         Wed, 7 Feb 2018 13:21:36 +1100 (AEDT)
> Received: from a7-33.smtp-out.eu-west-1.amazonses.com
> (a7-33.smtp-out.eu-west-1.amazonses.com [54.240.7.33])
>         by geko.sbt.net.au (Postfix) with ESMTPS id 9D9F3619414E
>         for <[hidden email]>; Wed, 7 Feb 2018 13:21:10 +1100 (AEDT)
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
>         s=ykufs3ex764clpjp2v6rdbaehvvvtnnq; d=tld.com;
>         t=1517970059;
>         h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID;
>         bh=gHoanBCvA+6AuQ/rufwuSaiw/2eXtcpClbISvhAuudY=;
>         b=lPEA8Keb/QJbAy8ujhZjO/9vj9WdXT6zBRITwwZcoAGjzE2RWHVhlpFf04762JrT
>         MXKGEQe50ZcuDqTc1hO/0U9ZZQdImJUutqlp9o8NgI4QxHu1WEoJkg0PyXlGBqo0OlX
>         EN9WyK7esJCjTeQfXthh3GnizyOPcNw02BySPb5g=
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
>         s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; t=1517970059;
>         h=MIME-Version:From:To:Date:Subject:Content-Type:Message-ID:Feedback-ID;
>         bh=gHoanBCvA+6AuQ/rufwuSaiw/2eXtcpClbISvhAuudY=;
>         b=Ne9DWFQa7JIjtQrQ2iimMkE9fuGced4KVhAOoO2CL7FdB9eJm3zuNdiune6SLhOK
>         AJPaS0Y0G7lY/WH0QXaKJP3fghW8p9+Fbnfrn9NhRzobTl6Xf4aKUNfU4MuRoYxGaxR
>         FJ3wN5ltsy1Upz/C1t/OdDIvl8Cr92sEdaNMdKfE=
> X-Sender: [hidden email]
> X-Receiver: [hidden email]
> MIME-Version: 1.0
> From: [hidden email]
> To: [hidden email]
> Date: Wed, 7 Feb 2018 02:20:58 +0000
> Subject: xxxxx
> Content-Type: multipart/related;
>      boundary=--boundary_5457_8c307e39-3af1-4980-8791-94d7f0f2d61b;
>      type="text/html"
> Message-ID:
> <[hidden email]>
> X-SES-Outgoing: 2018.02.07-54.240.7.33
> Feedback-ID:
> 1.eu-west-1.yIdVeqhWS8exXf6j6uOE/Ytk2lwqPmD2TrerUvM18cU=:AmazonSES

This works for me - sed extracts messages relating to emails that we
rejected (including amavis blocks), then grep filters it for
amazonses:

# sed -n '/: reject: /p;/authentication failed/p;/TLS library
problem/{N;p};/) Blocked /p' /var/log/mail.log|grep amazonses
2018-02-03 15:15:07 timedicer postfix/cleanup[32600]: 03A9760425:
reject: header From: Jean Scene <[hidden email]> from
a6-128.smtp-out.eu-west-1.amazonses.com[54.240.6.128];
from=<[hidden email]>
to=<[hidden email]> proto=ESMTP
helo=<a6-128.smtp-out.eu-west-1.amazonses.com>: 5.7.1 message content
rejected
2018-02-05 16:20:35 timedicer amavis[27957]: (27957-02) Blocked SPAM
{DiscardedInbound,Quarantined}, [54.240.3.10]:56466 [54.240.3.10]
<[hidden email]>
-> <[hidden email]>, quarantine: spam-o_5QepgzL-9l,
Queue-ID: 925DE603C7, Message-ID:
<[hidden email]>,
mail_id: o_5QepgzL-9l, Hits: 5.505, size: 31884, 1592 ms