This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help on Log SMTP-Proxy

Hi,

i need some help on some log entries of our SMTP-Proxy.

One of our users (tried ?) to send a mail to a couple of recipients (same mail-domain).

I'm not sure though (according to the log) if the mail was delivered to the recipients mail server.

As far as i understand the log:
- mail got accepted by and delivered to the recipients mail server (to both recipients)
- _afterwards_ the recipients mail server connected to our astaro to deny the correct transmission (falsely in SMTP-terms)

Can anyone confirm or correct me in this matter.

Thanks in advance and regards

The corresponding log-entries:

2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="our_sender" to="recipient_1" subject="Subject" queueid="0yvRAf-0008Iu-1t" size="10697"

2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="our_sender" to="Recipient_2" subject="Subject" queueid="0yvRAg-0008Iu-1t" size="10697"

2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t => recipient_1 R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25

2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t Completed

2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t => Recipient_2 R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25

2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t Completed

2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46493 (TCP/IP connection count = 1)

2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46494 (TCP/IP connection count = 2)

2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="our_sender" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"

2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46493 F=<> rejected RCPT : Missing, invalid or expired BATV signature

2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46493 closed by DROP in ACL

2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="our_sender" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"

2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46494 F=<> rejected RCPT : Missing, invalid or expired BATV signature

2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46494 closed by DROP in ACL

This thread was automatically locked due to age.

Parents

0 tom_01 over 16 years ago

It looks like the remote site accepts the messages. It looks like it sends back OOO messages or similar a few seconds later, but uses the header sender for that, so those run into the BATV filter. You can turn off BATV or make an exception for their domain.
Cancel
Vote Up 0 Vote Down

Cancel

0 MichaelSieben over 16 years ago in reply to tom_01

thanks for your answer.

What do you mean by "OOO messages"?

And to my "problem":

Are the following assumptions correct?
(i'm "not really" a smtp specialist, just read a little about bounces, BATV, etc. a minute ago)

in the quoted log the following happened:
- mail got delivered to recipients mail server (correct and complete)
- the recipients mail server sends a (incorrect?) bounce-message
- our ASG doesn't accept the bounce, caused by an invalid BATV signature (*1)

*1
probably because of some encoding problems

What parts of a mail is the BATV-signature created from?

log quote again with some (important?) detail:
the @s in at timestamp "2008:10:22-12:35:14" are replaced by %40 in the ASG-log

2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="sender@our.domain" to="rcp1@target.domain" subject="Subject" queueid="0yvRAf-0008Iu-1t" size="10697"
2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="sender@our.domain" to="rcp2@target.domain" subject="Subject" queueid="0yvRAg-0008Iu-1t" size="10697"
2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t => rcp1@target.domain R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25
2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t Completed
2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t => rcp2@target.domain R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25
2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t Completed
2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46493 (TCP/IP connection count = 1)
2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46494 (TCP/IP connection count = 2)
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="sender%40our.domain" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46493 F=<> rejected RCPT : Missing, invalid or expired BATV signature
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46493 closed by DROP in ACL
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="sender%40our.domain" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46494 F=<> rejected RCPT : Missing, invalid or expired BATV signature
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46494 closed by DROP in ACL

Reply

0 MichaelSieben over 16 years ago in reply to tom_01

2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="sender@our.domain" to="rcp1@target.domain" subject="Subject" queueid="0yvRAf-0008Iu-1t" size="10697"
2008:10:22-12:35:10 (none) smtpd[31872]: SCANNER[31872]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="ip_internal_Mailserver" from="sender@our.domain" to="rcp2@target.domain" subject="Subject" queueid="0yvRAg-0008Iu-1t" size="10697"
2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t => rcp1@target.domain R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25
2008:10:22-12:35:10 (none) exim[31926]: 2008-10-22 12:35:10 0yvRAf-0008Iu-1t Completed
2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t => rcp2@target.domain R=dnslookup T=remote_smtp H=recipient_mx [recipient_Mailserver_IP]:25
2008:10:22-12:35:11 (none) exim[31927]: 2008-10-22 12:35:11 0yvRAg-0008Iu-1t Completed
2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46493 (TCP/IP connection count = 1)
2008:10:22-12:35:13 (none) exim[5680]: 2008-10-22 12:35:13 SMTP connection from [recipient_Mailserver_IP]:46494 (TCP/IP connection count = 2)
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="sender%40our.domain" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46493 F=<> rejected RCPT : Missing, invalid or expired BATV signature
2008:10:22-12:35:14 (none) exim[31930]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46493 closed by DROP in ACL
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="recipient_Mailserver_IP" from="" to="sender%40our.domain" size="-1" reason="batv" extra="Missing, invalid or expired BATV signature"
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 H=recipient_mx [recipient_Mailserver_IP]:46494 F=<> rejected RCPT : Missing, invalid or expired BATV signature
2008:10:22-12:35:14 (none) exim[31931]: 2008-10-22 12:35:14 SMTP connection from recipient_mx [recipient_Mailserver_IP]:46494 closed by DROP in ACL

Children

0 Jack Daniel over 16 years ago in reply to MichaelSieben

OOO- Out Of Office (or possibly another autoresponse message).

Does the recipient get the message? It could be one of those anti-spam challenge/response emails.
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelSieben over 16 years ago in reply to Jack Daniel

The recipient didn't receive the messages.

As those were answers of our support-team, they wanted to check me if we caused those undelivered mails.
Cancel
Vote Up 0 Vote Down

Cancel