1

Topic: cannot receive mail from amazonses.com

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 22.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
Nothing appears in the logs!

====
Hello,
I have an issue with a new installation of iRedMail. A client sends me messages from @hisdomain.eu, but I don't receive anything. And I can find nothing in the logs. If the message is sent to some Gmail account, it arrives properly and the header looks like this:



Delivered-To: xxxxxx@gmail.com
Received: by 2002:a05:6214:4257:b0:534:9005:7b28 with SMTP id ne23csp2407471qvb;
        Tue, 17 Jan 2023 11:48:13 -0800 (PST)
X-Google-Smtp-Source: AMrXdXuKMxJYx4FpYOBT9JNIEh2OROO1VAM1mR1RjURiVjbWXULcRr7I4Urlow/f0j677M7OSOJL
X-Received: by 2002:a05:600c:1695:b0:3da:f651:8ccc with SMTP id k21-20020a05600c169500b003daf6518cccmr4442514wmn.4.1673984892677;
        Tue, 17 Jan 2023 11:48:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673984892; cv=none;
        d=google.com; s=arc-20160816;
        b=Wb5mzOnTZzJmipFzvgx8oYLr6JcDXHEqaGBgi0L67sTWLbkyGtwnmxA2sDbGHz7+08
         pCpXh4eEXzxRDuVc+YRMEQ0jFZ7x94PZtv1ruZYhj8Ex+PP3zCi4TEah9mYKzbYA/6Uu
         aFMfKWENk0qnlBQO1Rl41uFnXluZm7KJ5Lcl/VrsS5H7t0klimj3kVrJHnsKs1SPfu/m
         HOfQNc2GFgMEYHERjyquSkqFgwxIbGXYFKSYWhPTIeFq7w72Vcbdr3ov8KLbzdF1T0sw
         fyBYUhh4HSIz/oDreDllfRARe3PlJvgk0qQ4zBnA3rXFPt192AR6/RumHkw5LoHFmOGk
         KQPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:mime-version:to:from:subject:date:message-id
         :dkim-signature:dkim-signature;
        bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
        b=Gk8LEX08xWEsN68spsY/SpMVj8gGkYCf68rjbTS5p9O0rLAE6rw8zuHsNTX95RfbEn
         v5wUy3mUNhPwPv+Jz/GzirxbWQB7+bptLEe+PjtqvG9YCbLgvF7YQw0Nq9uQtfss8qtF
         pngFFtJ7WEa5v6jctJKi957Ki2JDSEp1mnku2NhkX9lFStBtwi4IutrR3RyCQUV39oYi
         A2iUdw0xpLVUcqP85heWAtSBzle8jxmtAKvuPrNrt4ql9TzvNRHgjC+sxBOgvNS+Oak6
         p90K0YXm83qTSugJfNCBCTeDC2vJeDdSUo/c7BrtiY4n2TgkH+xV+cwjqkwXG7ieORA2
         uhMQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@hisdomain.eu header.s=zjxkydiccxyrtse4zc4rnfjetczvwrq2 header.b=Cj8u8Yzu;
       dkim=pass header.i=@amazonses.com header.s=sokbgaaqhfgd6qjht2wmdajpuuanpimv header.b=YoeykBkC;
       spf=pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) smtp.mailfrom=01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu
Return-Path: <01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu>
Received: from b224-56.smtp-out.eu-central-1.amazonses.com (b224-56.smtp-out.eu-central-1.amazonses.com. [69.169.224.56])
        by mx.google.com with ESMTPS id s2-20020a7bc382000000b003d0607d68e5si27732333wmj.229.2023.01.17.11.48.12
        for <xxxxxx@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 17 Jan 2023 11:48:12 -0800 (PST)
Received-SPF: pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) client-ip=69.169.224.56;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hisdomain.eu header.s=zjxkydiccxyrtse4zc4rnfjetczvwrq2 header.b=Cj8u8Yzu;
       dkim=pass header.i=@amazonses.com header.s=sokbgaaqhfgd6qjht2wmdajpuuanpimv header.b=YoeykBkC;
       spf=pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) smtp.mailfrom=01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=zjxkydiccxyrtse4zc4rnfjetczvwrq2; d=hisdomain.eu; t=1673984892;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type;
    bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
    b=Cj8u8YzuHMfZUPgQ/xsNkR8pmXKjWlNeK0ureCkBzhTJbQxDjoQUw9EzJXOtSmWd
    +jx/CBvW+XRWIEboG3s03Z7ja/EulBMHDgGhM6LtH5O1wQrwC/0Yof44AVQDeAqPltS
    oGDiAIrYX5U3W4SHKUpu2Kft3qlbOg9qwFnvFBhc=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=sokbgaaqhfgd6qjht2wmdajpuuanpimv; d=amazonses.com; t=1673984892;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Feedback-ID;
    bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
    b=YoeykBkC1BE7/qSzTy4Fw+LpreWZpvFmc2kJ8NUAUtBPtgsckX6CPq/okMvyu9Ka
    uTM6I7SVw9ezJV3I68TixVst8fpepUGd6NdvCzwilGZgfgQThy1voOGZ1Nkuk/gZYRv
    R10UrtXfKsY+aa8JXCtxw0sf91lce/qK9wGvsZ0s=
Message-ID: <01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@eu-central-1.amazonses.com>

The postfix config is the one that came with the installer, except for the certificates path (using Letsencrypt).

What baffles me is that I can't find any trace of hisdomain.eu or amazonzes.com in the logs, so it's hard to trace and pinpoint the error.

Do you have any idea?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: cannot receive mail from amazonses.com

Any related log lines in Postfix log file (/var/log/maillog)?

3 (edited by haveagoodtime 2023-01-21 14:18:58)

Re: cannot receive mail from amazonses.com

Very similar issue on my server. Receiving mail from amazonses causes amavis to crash and I have to restart it. Mail from other domains arrives no problem. Same setup as OP minus I'm on Debian 11. For now I set the amavis service to automatically restart. I can see the emails in my log. When the amazonses server disconnects after the email is placed in the postfix queue, amavis crashes. Issue started January 17 in my timezone so same day as OP. What could be going on? My mail server is functioning totally normally and 0 changes have been made to it prior to this issue starting, no configuration changes or package upgrades. I received daily emails from an email using amazonses for 2 years with no issues before this started on Jan 17 in my timezone (EST).

postfix/amavis/smtp[3031]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused

4

Re: cannot receive mail from amazonses.com

The thing is I cannot find any entry in any of the logs!

5

Re: cannot receive mail from amazonses.com

tzobor wrote:

The thing is I cannot find any entry in any of the logs!

nothing in your postfix queue either?

6

Re: cannot receive mail from amazonses.com

haveagoodtime wrote:
tzobor wrote:

The thing is I cannot find any entry in any of the logs!

nothing in your postfix queue either?

absolutely nothing!
all other mail arrives as expected.

7

Re: cannot receive mail from amazonses.com

haveagoodtime wrote:

Very similar issue on my server. Receiving mail from amazonses causes amavis to crash and I have to restart it. Mail from other domains arrives no problem. Same setup as OP minus I'm on Debian 11. For now I set the amavis service to automatically restart. I can see the emails in my log. When the amazonses server disconnects after the email is placed in the postfix queue, amavis crashes. Issue started January 17 in my timezone so same day as OP. What could be going on? My mail server is functioning totally normally and 0 changes have been made to it prior to this issue starting, no configuration changes or package upgrades. I received daily emails from an email using amazonses for 2 years with no issues before this started on Jan 17 in my timezone (EST).

postfix/amavis/smtp[3031]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused

I fixed it I commented out the .F and .zoo decoders in amavis' config file. Unsure why this happened, no packages besides older versions of the kernel have been removed anywhere near this issue beginning.

8 (edited by Cthulhu 2023-01-25 09:59:46)

Re: cannot receive mail from amazonses.com

This is not a fix... amavis ignores encoders that are not found, so this didn't change anything at all, and you never had an encoder installed for this before, that is very common and not a bug


If a mail cant't be delivered, there is a bounce, and i am pretty sure you either have messed up a blacklist or anything else

9 (edited by jackb 2023-01-25 20:45:30)

Re: cannot receive mail from amazonses.com

tzobor wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 22.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
Nothing appears in the logs!

====
Hello,
I have an issue with a new installation of iRedMail. A client sends me messages from @hisdomain.eu, but I don't receive anything. And I can find nothing in the logs. If the message is sent to some Gmail account, it arrives properly and the header looks like this:



Delivered-To: xxxxxx@gmail.com
Received: by 2002:a05:6214:4257:b0:534:9005:7b28 with SMTP id ne23csp2407471qvb;
        Tue, 17 Jan 2023 11:48:13 -0800 (PST)
X-Google-Smtp-Source: AMrXdXuKMxJYx4FpYOBT9JNIEh2OROO1VAM1mR1RjURiVjbWXULcRr7I4Urlow/f0j677M7OSOJL
X-Received: by 2002:a05:600c:1695:b0:3da:f651:8ccc with SMTP id k21-20020a05600c169500b003daf6518cccmr4442514wmn.4.1673984892677;
        Tue, 17 Jan 2023 11:48:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673984892; cv=none;
        d=google.com; s=arc-20160816;
        b=Wb5mzOnTZzJmipFzvgx8oYLr6JcDXHEqaGBgi0L67sTWLbkyGtwnmxA2sDbGHz7+08
         pCpXh4eEXzxRDuVc+YRMEQ0jFZ7x94PZtv1ruZYhj8Ex+PP3zCi4TEah9mYKzbYA/6Uu
         aFMfKWENk0qnlBQO1Rl41uFnXluZm7KJ5Lcl/VrsS5H7t0klimj3kVrJHnsKs1SPfu/m
         HOfQNc2GFgMEYHERjyquSkqFgwxIbGXYFKSYWhPTIeFq7w72Vcbdr3ov8KLbzdF1T0sw
         fyBYUhh4HSIz/oDreDllfRARe3PlJvgk0qQ4zBnA3rXFPt192AR6/RumHkw5LoHFmOGk
         KQPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:mime-version:to:from:subject:date:message-id
         :dkim-signature:dkim-signature;
        bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
        b=Gk8LEX08xWEsN68spsY/SpMVj8gGkYCf68rjbTS5p9O0rLAE6rw8zuHsNTX95RfbEn
         v5wUy3mUNhPwPv+Jz/GzirxbWQB7+bptLEe+PjtqvG9YCbLgvF7YQw0Nq9uQtfss8qtF
         pngFFtJ7WEa5v6jctJKi957Ki2JDSEp1mnku2NhkX9lFStBtwi4IutrR3RyCQUV39oYi
         A2iUdw0xpLVUcqP85heWAtSBzle8jxmtAKvuPrNrt4ql9TzvNRHgjC+sxBOgvNS+Oak6
         p90K0YXm83qTSugJfNCBCTeDC2vJeDdSUo/c7BrtiY4n2TgkH+xV+cwjqkwXG7ieORA2
         uhMQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@hisdomain.eu header.s=zjxkydiccxyrtse4zc4rnfjetczvwrq2 header.b=Cj8u8Yzu;
       dkim=pass header.i=@amazonses.com header.s=sokbgaaqhfgd6qjht2wmdajpuuanpimv header.b=YoeykBkC;
       spf=pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) smtp.mailfrom=01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu
Return-Path: <01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu>
Received: from b224-56.smtp-out.eu-central-1.amazonses.com (b224-56.smtp-out.eu-central-1.amazonses.com. [69.169.224.56])
        by mx.google.com with ESMTPS id s2-20020a7bc382000000b003d0607d68e5si27732333wmj.229.2023.01.17.11.48.12
        for <xxxxxx@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 17 Jan 2023 11:48:12 -0800 (PST)
Received-SPF: pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) client-ip=69.169.224.56;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hisdomain.eu header.s=zjxkydiccxyrtse4zc4rnfjetczvwrq2 header.b=Cj8u8Yzu;
       dkim=pass header.i=@amazonses.com header.s=sokbgaaqhfgd6qjht2wmdajpuuanpimv header.b=YoeykBkC;
       spf=pass (google.com: domain of 01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu designates 69.169.224.56 as permitted sender) smtp.mailfrom=01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@returns.hisdomain.eu
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=zjxkydiccxyrtse4zc4rnfjetczvwrq2; d=hisdomain.eu; t=1673984892;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type;
    bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
    b=Cj8u8YzuHMfZUPgQ/xsNkR8pmXKjWlNeK0ureCkBzhTJbQxDjoQUw9EzJXOtSmWd
    +jx/CBvW+XRWIEboG3s03Z7ja/EulBMHDgGhM6LtH5O1wQrwC/0Yof44AVQDeAqPltS
    oGDiAIrYX5U3W4SHKUpu2Kft3qlbOg9qwFnvFBhc=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=sokbgaaqhfgd6qjht2wmdajpuuanpimv; d=amazonses.com; t=1673984892;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Feedback-ID;
    bh=2agubO+UK5AzxtUXsDT09UKMBEZM/bverLQ/3ozF/iI=;
    b=YoeykBkC1BE7/qSzTy4Fw+LpreWZpvFmc2kJ8NUAUtBPtgsckX6CPq/okMvyu9Ka
    uTM6I7SVw9ezJV3I68TixVst8fpepUGd6NdvCzwilGZgfgQThy1voOGZ1Nkuk/gZYRv
    R10UrtXfKsY+aa8JXCtxw0sf91lce/qK9wGvsZ0s=
Message-ID: <01070185c1465cc7-206980c8-6719-4316-9704-e121e236580b-000000@eu-central-1.amazonses.com>

The postfix config is the one that came with the installer, except for the certificates path (using Letsencrypt).

What baffles me is that I can't find any trace of hisdomain.eu or amazonzes.com in the logs, so it's hard to trace and pinpoint the error.

Do you have any idea?

Could be DNS related, but first AmazonAWS IP Address's are on a lot of SPAM Filter databases, Here what I recommend doing first, check the domain.tld on mxtoolbox.com and verify that the domain is not on blacklists if so then will require contacting the Blacklist company to remove it. Issue with this is that it will most likely be flagged again.

How is DNS being handled to the SMTP Server ? are you using local DNS something like BIND9 or are you using Split-DNS ?

I would highly suggest running tail -f mail.log in CLI watch the log and send the mail from AWS see if it the logs mention anything about blacklists.

10

Re: cannot receive mail from amazonses.com

jackb wrote:

Could be DNS related, but first AmazonAWS IP Address's are on a lot of SPAM Filter databases, Here what I recommend doing first, check the domain.tld on mxtoolbox.com and verify that the domain is not on blacklists if so then will require contacting the Blacklist company to remove it. Issue with this is that it will most likely be flagged again.

How is DNS being handled to the SMTP Server ? are you using local DNS something like BIND9 or are you using Split-DNS ?

I would highly suggest running tail -f mail.log in CLI watch the log and send the mail from AWS see if it the logs mention anything about blacklists.

The DNS is handled by the ISP through CPanel, I can't really tell you more. Our domain is definitely not blacklisted and all checks on mxtoolbox are green.
I have no control over the client's mail server, these are automated messages that get sent when there is an order from them.
On my side, I've taken all the steps (I think) to whitelist the client's domain and amazonses' IP's.
Maybe this is something that has to do with the ISP?

11

Re: cannot receive mail from amazonses.com

tzobor wrote:
jackb wrote:

Could be DNS related, but first AmazonAWS IP Address's are on a lot of SPAM Filter databases, Here what I recommend doing first, check the domain.tld on mxtoolbox.com and verify that the domain is not on blacklists if so then will require contacting the Blacklist company to remove it. Issue with this is that it will most likely be flagged again.

How is DNS being handled to the SMTP Server ? are you using local DNS something like BIND9 or are you using Split-DNS ?

I would highly suggest running tail -f mail.log in CLI watch the log and send the mail from AWS see if it the logs mention anything about blacklists.

The DNS is handled by the ISP through CPanel, I can't really tell you more. Our domain is definitely not blacklisted and all checks on mxtoolbox are green.
I have no control over the client's mail server, these are automated messages that get sent when there is an order from them.
On my side, I've taken all the steps (I think) to whitelist the client's domain and amazonses' IP's.
Maybe this is something that has to do with the ISP?

Are you testing the Domain you are trying to receive mail from? or the domain you are using?

12

Re: cannot receive mail from amazonses.com

jackb wrote:

Are you testing the Domain you are trying to receive mail from? or the domain you are using?

I'm testing both, actually.

13

Re: cannot receive mail from amazonses.com

haveagoodtime wrote:
haveagoodtime wrote:

Very similar issue on my server. Receiving mail from amazonses causes amavis to crash and I have to restart it. Mail from other domains arrives no problem. Same setup as OP minus I'm on Debian 11. For now I set the amavis service to automatically restart. I can see the emails in my log. When the amazonses server disconnects after the email is placed in the postfix queue, amavis crashes. Issue started January 17 in my timezone so same day as OP. What could be going on? My mail server is functioning totally normally and 0 changes have been made to it prior to this issue starting, no configuration changes or package upgrades. I received daily emails from an email using amazonses for 2 years with no issues before this started on Jan 17 in my timezone (EST).

postfix/amavis/smtp[3031]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused

I fixed it I commented out the .F and .zoo decoders in amavis' config file. Unsure why this happened, no packages besides older versions of the kernel have been removed anywhere near this issue beginning.

Sorry for offtop. Topic: amavis exits with code 13. did you upgrade to debian 11 with amavisd-new running well? i have the same issue like you. thx

14 (edited by jackb 2023-03-28 05:10:46)

Re: cannot receive mail from amazonses.com

Something that's been missed out here, How much RAM does this SRV have ? do you have 8GB or more? if you only have 4GB then that is a problem, SPAM Filtering requires a lot of more.

I would check the AWS IP Address against blacklist databases because these servers in AWS could be spamming more than sending genuine Mail meaning AWS Servers could be exhausting so much RAM and the process is crashing, /var/log/mail.log will show amavis-new and everything else related to SMTP and IMAP logs.

Is this a shared SRV ? in all the years of using amavis-new I have never encountered this problem, I have migrated from various Servers for both myself and clients. I recommend not hosting Mail Servers in the Cloud these days due to the Cloud being a dumping ground so all Mail Servers I run and deploy are on Prem or off-site / another location.

15

Re: cannot receive mail from amazonses.com

boris90 wrote:

Sorry for offtop. Topic: amavis exits with code 13. did you upgrade to debian 11 with amavisd-new running well? i have the same issue like you. thx

Run "amavisd debug" or "amavisd-new debug", it will print detailed error on console. Please paste the error here for troubleshooting.