1 Topic by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Topic: Mail flow diagnostics

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2 LDAP
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version:  Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I am new to this side of things so I'm hoping for some guidance on troubleshooting mail flow. I know I am missing certain emails to one address but not others. I do get some email but do not receive expected email like password reset links from websites. I have checked the junk mail folder it is not there.

I don't know which component of iRedmail to investigate, thank you for any help.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by dave.opc

  • dave.opc
  • Member
  • Offline
  • Registered: 2019-07-08
  • Posts: 103

Re: Mail flow diagnostics

start with monitoring logs
tail -f /var/log/maillog

3 Reply by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

Thank you. I've tried this and requested another password reset from the website. After 20mins I see  see the last email I sent referenced with mail postfix/smtp, a couple qmgr removed and anvil showing the ip address of the PC with my email client. That's all, no reference to the password reset email after the last sent email from that address.

I can't seem to SSH right now to get the logs easily, I'll fix that and copy them here.

4 Reply by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

This is the log for one of them. I'm trying to get password resets from Steam and Veeam. Veeam doesn't seem to produce any log.

Jul  7 08:03:08 mail postfix/smtpd[49225]: connect from smtp-01-tuk1.steampowered.com[208.64.202.37]
Jul  7 08:03:09 mail postfix/smtpd[49225]: Anonymous TLS connection established from smtp-01-tuk1.steampowered.com[208.64.202.37]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
Jul  7 08:03:09 mail postfix/smtpd[49225]: NOQUEUE: reject: RCPT from smtp-01-tuk1.steampowered.com[208.64.202.37]: 451 4.7.1 <MyEmailAddress>: Recipient address rejected: Intentional policy rejection, please try again later; from=<noreply@steampowered.com> to=<MyEmailAddress> proto=ESMTP helo=<smtp-01-tuk1.steampowered.com>
Jul  7 08:03:09 mail postfix/smtpd[49225]: disconnect from smtp-01-tuk1.steampowered.com[208.64.202.37] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

5 Reply by jsmith (edited by jsmith 2023-07-07 17:47:58)

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

I've done about a dozen steam password resets in the last 24h, strangely one has just come through. Logs below. Also I received a reply from a correspondant I was expecting referenced as IGNORE THIS, but the log seems to suggest this too was blocked at some point even though it was delivered?



root@mail:/home/user#  tail -f /var/log/maillog
Jul  7 07:50:14 mail postfix/smtps/smtpd[48425]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 07:50:18 mail postfix/smtps/smtpd[48425]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 07:50:18 mail postfix/smtps/smtpd[48425]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 07:50:18 mail postfix/smtps/smtpd[48425]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 07:53:38 mail postfix/anvil[48429]: statistics: max connection rate 2/60s for (465:141.98.10.150) at Jul  7 07:49:24
Jul  7 07:53:38 mail postfix/anvil[48429]: statistics: max connection count 1 for (465:141.98.10.150) at Jul  7 07:48:37
Jul  7 07:53:38 mail postfix/anvil[48429]: statistics: max cache size 1 at Jul  7 07:48:37
Jul  7 07:57:34 mail postfix/postscreen[48884]: CONNECT from [58.208.84.245]:51781 to [172.16.200.97]:25
Jul  7 07:57:34 mail postfix/postscreen[48884]: PREGREET 11 after 0.27 from [58.208.84.245]:51781: EHLO User\r\n
Jul  7 07:57:34 mail postfix/postscreen[48884]: DISCONNECT [58.208.84.245]:51781
Jul  7 08:03:01 mail postfix/postscreen[49220]: CONNECT from [208.64.202.37]:39827 to [172.16.200.97]:25
Jul  7 08:03:07 mail postfix/postscreen[49220]: PASS NEW [208.64.202.37]:39827
Jul  7 08:03:08 mail postfix/smtpd[49225]: connect from smtp-01-tuk1.steampowered.com[208.64.202.37]
Jul  7 08:03:09 mail postfix/smtpd[49225]: Anonymous TLS connection established from smtp-01-tuk1.steampowered.com[208.64.202.37]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
Jul  7 08:03:09 mail postfix/smtpd[49225]: NOQUEUE: reject: RCPT from smtp-01-tuk1.steampowered.com[208.64.202.37]: 451 4.7.1 <MyEmailAddress>: Recipient address rejected: Intentional policy rejection, please try again later; from=<noreply@steampowered.com> to=<MyEmailAddress> proto=ESMTP helo=<smtp-01-tuk1.steampowered.com>
Jul  7 08:03:09 mail postfix/smtpd[49225]: disconnect from smtp-01-tuk1.steampowered.com[208.64.202.37] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

Jul  7 08:06:29 mail postfix/anvil[49228]: statistics: max connection rate 1/60s for (smtpd:208.64.202.37) at Jul  7 08:03:08
Jul  7 08:06:29 mail postfix/anvil[49228]: statistics: max connection count 1 for (smtpd:208.64.202.37) at Jul  7 08:03:08
Jul  7 08:06:29 mail postfix/anvil[49228]: statistics: max cache size 1 at Jul  7 08:03:08
Jul  7 08:21:48 mail postfix/postscreen[50147]: CONNECT from [107.170.224.10]:34468 to [172.16.200.97]:25
Jul  7 08:21:48 mail postfix/postscreen[50147]: PREGREET 22 after 0 from [107.170.224.10]:34468: MGLNDD_82.70.63.97_25\n
Jul  7 08:21:48 mail postfix/postscreen[50147]: DISCONNECT [107.170.224.10]:34468
Jul  7 08:28:59 mail postfix/postscreen[50502]: CONNECT from [208.64.202.43]:38404 to [172.16.200.97]:25
Jul  7 08:29:05 mail postfix/postscreen[50502]: PASS NEW [208.64.202.43]:38404
Jul  7 08:29:05 mail postfix/smtpd[50523]: connect from smtp-04-tuk1.steampowered.com[208.64.202.43]
Jul  7 08:29:06 mail postfix/smtpd[50523]: Anonymous TLS connection established from smtp-04-tuk1.steampowered.com[208.64.202.43]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
Jul  7 08:29:06 mail postfix/smtpd[50523]: NOQUEUE: reject: RCPT from smtp-04-tuk1.steampowered.com[208.64.202.43]: 451 4.7.1 <MyEmailAddress>: Recipient address rejected: Intentional policy rejection, please try again later; from=<noreply@steampowered.com> to=<MyEmailAddress> proto=ESMTP helo=<smtp-04-tuk1.steampowered.com>
Jul  7 08:29:06 mail postfix/smtpd[50523]: disconnect from smtp-04-tuk1.steampowered.com[208.64.202.43] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
Jul  7 08:32:27 mail postfix/anvil[50525]: statistics: max connection rate 1/60s for (smtpd:208.64.202.43) at Jul  7 08:29:05
Jul  7 08:32:27 mail postfix/anvil[50525]: statistics: max connection count 1 for (smtpd:208.64.202.43) at Jul  7 08:29:05
Jul  7 08:32:27 mail postfix/anvil[50525]: statistics: max cache size 1 at Jul  7 08:29:05
Jul  7 08:50:23 mail postfix/smtps/smtpd[51609]: connect from unknown[141.98.10.150]
Jul  7 08:50:24 mail postfix/smtps/smtpd[51609]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 08:50:29 mail postfix/smtps/smtpd[51609]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 08:50:29 mail postfix/smtps/smtpd[51609]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 08:50:29 mail postfix/smtps/smtpd[51609]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 08:51:09 mail postfix/smtps/smtpd[51609]: connect from unknown[141.98.10.150]
Jul  7 08:51:09 mail postfix/smtps/smtpd[51609]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 08:51:11 mail postfix/smtps/smtpd[51609]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 08:51:11 mail postfix/smtps/smtpd[51609]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 08:51:11 mail postfix/smtps/smtpd[51609]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 08:54:31 mail postfix/anvil[51613]: statistics: max connection rate 2/60s for (465:141.98.10.150) at Jul  7 08:51:09
Jul  7 08:54:31 mail postfix/anvil[51613]: statistics: max connection count 1 for (465:141.98.10.150) at Jul  7 08:50:24
Jul  7 08:54:31 mail postfix/anvil[51613]: statistics: max cache size 1 at Jul  7 08:50:24
Jul  7 09:00:12 mail postfix/postscreen[52116]: CONNECT from [58.208.84.245]:62898 to [172.16.200.97]:25
Jul  7 09:00:12 mail postfix/postscreen[52116]: PREGREET 11 after 0.27 from [58.208.84.245]:62898: EHLO User\r\n
Jul  7 09:00:12 mail postfix/postscreen[52116]: DISCONNECT [58.208.84.245]:62898
Jul  7 09:23:06 mail postfix/postscreen[53286]: CONNECT from [3.216.99.55]:55111 to [172.16.200.97]:25
Jul  7 09:23:12 mail postfix/postscreen[53286]: PASS NEW [3.216.99.55]:55111
Jul  7 09:23:13 mail postfix/smtpd[53292]: connect from mail75.out.titan.email[3.216.99.55]
Jul  7 09:23:13 mail postfix/smtpd[53292]: Anonymous TLS connection established from mail75.out.titan.email[3.216.99.55]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 09:23:14 mail postfix/smtpd[53292]: NOQUEUE: reject: RCPT from mail75.out.titan.email[3.216.99.55]: 451 4.7.1 <MyEmailAddress>: Recipient address rejected: Intentional policy rejection, please try again later; from=<IGNORE THIS> to=<MyEmailAddress> proto=ESMTP helo=<mail75.out.titan.email>
Jul  7 09:23:14 mail postfix/smtpd[53292]: disconnect from mail75.out.titan.email[3.216.99.55] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Jul  7 09:26:34 mail postfix/anvil[53294]: statistics: max connection rate 1/60s for (smtpd:3.216.99.55) at Jul  7 09:23:13
Jul  7 09:26:34 mail postfix/anvil[53294]: statistics: max connection count 1 for (smtpd:3.216.99.55) at Jul  7 09:23:13
Jul  7 09:26:34 mail postfix/anvil[53294]: statistics: max cache size 1 at Jul  7 09:23:13
Jul  7 09:28:59 mail postfix/postscreen[53563]: CONNECT from [3.226.109.223]:42605 to [172.16.200.97]:25
Jul  7 09:29:05 mail postfix/postscreen[53563]: PASS NEW [3.226.109.223]:42605
Jul  7 09:29:05 mail postfix/smtpd[53584]: connect from mail6.out.titan.email[3.226.109.223]
Jul  7 09:29:06 mail postfix/smtpd[53584]: Anonymous TLS connection established from mail6.out.titan.email[3.226.109.223]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 09:29:11 mail postfix/postscreen[53563]: CONNECT from [208.64.202.37]:45315 to [172.16.200.97]:25
Jul  7 09:29:11 mail postfix/postscreen[53563]: PASS OLD [208.64.202.37]:45315
Jul  7 09:29:12 mail postfix/smtpd[53592]: connect from smtp-01-tuk1.steampowered.com[208.64.202.37]
Jul  7 09:29:13 mail postfix/smtpd[53592]: Anonymous TLS connection established from smtp-01-tuk1.steampowered.com[208.64.202.37]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
Jul  7 09:29:24 mail postfix/smtpd[53592]: warning: 37.202.64.208.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=37.202.64.208.list.dsbl.org type=A: Host not found, try again
Jul  7 09:29:27 mail postfix/smtpd[53584]: warning: 223.109.226.3.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=223.109.226.3.list.dsbl.org type=A: Host not found, try again
Jul  7 09:29:29 mail postfix/smtpd[53592]: 4Qy65510ggz3y6p: client=smtp-01-tuk1.steampowered.com[208.64.202.37]
Jul  7 09:29:29 mail postfix/cleanup[53607]: 4Qy65510ggz3y6p: message-id=<E1qHfUb-002qCF-Ax@smtp-01-tuk1.steampowered.com>
Jul  7 09:29:29 mail postfix/qmgr[1772]: 4Qy65510ggz3y6p: from=<noreply@steampowered.com>, size=32278, nrcpt=1 (queue active)
Jul  7 09:29:29 mail postfix/smtpd[53592]: disconnect from smtp-01-tuk1.steampowered.com[208.64.202.37] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul  7 09:29:32 mail postfix/smtpd[53584]: 4Qy6583TJjz3yWW: client=mail6.out.titan.email[3.226.109.223]
Jul  7 09:29:32 mail postfix/cleanup[53607]: 4Qy6583TJjz3yWW: message-id=<116267546148901888.0.v2@titan.email>
Jul  7 09:29:32 mail postfix/qmgr[1772]: 4Qy6583TJjz3yWW: from=<IGNORE THIS>, size=27495, nrcpt=1 (queue active)
Jul  7 09:29:32 mail postfix/smtpd[53584]: disconnect from mail6.out.titan.email[3.226.109.223] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul  7 09:29:33 mail postfix/10025/smtpd[53615]: connect from MyEmailServer[127.0.0.1]
Jul  7 09:29:33 mail postfix/10025/smtpd[53615]: 4Qy6595TbBz3yv0: client=MyEmailServer[127.0.0.1]
Jul  7 09:29:33 mail postfix/cleanup[53607]: 4Qy6595TbBz3yv0: message-id=<E1qHfUb-002qCF-Ax@smtp-01-tuk1.steampowered.com>
Jul  7 09:29:33 mail postfix/qmgr[1772]: 4Qy6595TbBz3yv0: from=<noreply@steampowered.com>, size=32894, nrcpt=1 (queue active)
Jul  7 09:29:33 mail postfix/10025/smtpd[53615]: disconnect from MyEmailServer[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul  7 09:29:33 mail amavis[47173]: (47173-01) Passed CLEAN {RelayedInbound}, [208.64.202.37]:45315 [208.78.165.137] ESMTP/ESMTP <noreply@steampowered.com> -> <MyEmailAddress>, (ESMTPS://[208.64.202.37]:45315 < smtp://208.78.165.137), Queue-ID: 4Qy65510ggz3y6p, Message-ID: <E1qHfUb-002qCF-Ax@smtp-01-tuk1.steampowered.com>, mail_id: aclPJHLVV72K, b: Ngzf-v-qL, Hits: -0.208, size: 32278, queued_as: 4Qy6595TbBz3yv0, Subject: "Your Steam account: Email address change request", From: <noreply@steampowered.com> (dkim:AUTHOR), helo=smtp-01-tuk1.steampowered.com, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,T_SCC_BODY_TEXT_LINE=-0.01], autolearn=ham autolearn_force=no, autolearnscore=-0.207, dkim_i=@steampowered.com, dkim_sd=smtp:steampowered.com, 4162 ms
Jul  7 09:29:33 mail postfix/amavis/smtp[53608]: 4Qy65510ggz3y6p: to=<MyEmailAddress>, relay=127.0.0.1[127.0.0.1]:10024, delay=20, delays=16/0.02/0.04/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Qy6595TbBz3yv0)
Jul  7 09:29:33 mail postfix/qmgr[1772]: 4Qy65510ggz3y6p: removed
Jul  7 09:29:33 mail postfix/pipe[53616]: 4Qy6595TbBz3yv0: to=<MyEmailAddress>, relay=dovecot, delay=0.18, delays=0.02/0.03/0/0.13, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  7 09:29:33 mail postfix/qmgr[1772]: 4Qy6595TbBz3yv0: removed
Jul  7 09:29:34 mail postfix/10025/smtpd[53615]: connect from MyEmailServer[127.0.0.1]
Jul  7 09:29:34 mail postfix/10025/smtpd[53615]: 4Qy65B0qMqz3yWX: client=MyEmailServer[127.0.0.1]
Jul  7 09:29:34 mail postfix/cleanup[53607]: 4Qy65B0qMqz3yWX: message-id=<116267546148901888.0.v2@titan.email>
Jul  7 09:29:34 mail postfix/qmgr[1772]: 4Qy65B0qMqz3yWX: from=<IGNORE THIS>, size=28116, nrcpt=1 (queue active)
Jul  7 09:29:34 mail postfix/10025/smtpd[53615]: disconnect from MyEmailServer[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul  7 09:29:34 mail amavis[47172]: (47172-01) Passed CLEAN {RelayedInbound}, [3.226.109.223]:42605 [3.226.109.223] ESMTP/ESMTP <IGNORE THIS> -> <MyEmailAddress>, (ESMTPS://[3.226.109.223]:42605), Queue-ID: 4Qy6583TJjz3yWW, Message-ID: <116267546148901888.0.v2@titan.email>, mail_id: 1vP04R33bRwy, b: 8L_h6k5xH, Hits: 0.726, size: 27495, queued_as: 4Qy65B0qMqz3yWX, Subject: "Re: Link For Friday", From: <IGNORE THIS>, helo=mail6.out.titan.email, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=0.1,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,T_SCC_BODY_TEXT_LINE=-0.01], autolearn=no autolearn_force=no, autolearnscore=0.727, dkim_i=@t12smtp-sign001.email, dkim_sd=titan1:t12smtp-sign001.email, 1300 ms
Jul  7 09:29:34 mail postfix/amavis/smtp[53612]: 4Qy6583TJjz3yWW: to=<MyEmailAddress>, relay=127.0.0.1[127.0.0.1]:10024, delay=28, delays=26/0.03/0.01/1.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Qy65B0qMqz3yWX)
Jul  7 09:29:34 mail postfix/qmgr[1772]: 4Qy6583TJjz3yWW: removed
Jul  7 09:29:34 mail postfix/pipe[53616]: 4Qy65B0qMqz3yWX: to=<MyEmailAddress>, relay=dovecot, delay=0.12, delays=0.01/0/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  7 09:29:34 mail postfix/qmgr[1772]: 4Qy65B0qMqz3yWX: removed
Jul  7 09:32:52 mail postfix/anvil[53586]: statistics: max connection rate 1/60s for (smtpd:3.226.109.223) at Jul  7 09:29:05
Jul  7 09:32:52 mail postfix/anvil[53586]: statistics: max connection count 1 for (smtpd:3.226.109.223) at Jul  7 09:29:05
Jul  7 09:32:52 mail postfix/anvil[53586]: statistics: max cache size 2 at Jul  7 09:29:12
Jul  7 09:51:17 mail postfix/smtps/smtpd[54699]: connect from unknown[141.98.10.150]
Jul  7 09:51:17 mail postfix/smtps/smtpd[54699]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 09:51:20 mail postfix/smtps/smtpd[54699]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 09:51:20 mail postfix/smtps/smtpd[54699]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 09:51:20 mail postfix/smtps/smtpd[54699]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 09:52:02 mail postfix/smtps/smtpd[54699]: connect from unknown[141.98.10.150]
Jul  7 09:52:04 mail postfix/smtps/smtpd[54699]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 09:52:08 mail postfix/smtps/smtpd[54699]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 09:52:08 mail postfix/smtps/smtpd[54699]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 09:52:08 mail postfix/smtps/smtpd[54699]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 09:52:52 mail postfix/smtps/smtpd[54699]: connect from unknown[141.98.10.150]
Jul  7 09:52:55 mail postfix/smtps/smtpd[54699]: Anonymous TLS connection established from unknown[141.98.10.150]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul  7 09:52:59 mail postfix/smtps/smtpd[54699]: warning: unknown[141.98.10.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul  7 09:52:59 mail postfix/smtps/smtpd[54699]: lost connection after AUTH from unknown[141.98.10.150]
Jul  7 09:52:59 mail postfix/smtps/smtpd[54699]: disconnect from unknown[141.98.10.150] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul  7 09:56:19 mail postfix/anvil[54703]: statistics: max connection rate 2/60s for (465:141.98.10.150) at Jul  7 09:52:04
Jul  7 09:56:19 mail postfix/anvil[54703]: statistics: max connection count 1 for (465:141.98.10.150) at Jul  7 09:51:17
Jul  7 09:56:19 mail postfix/anvil[54703]: statistics: max cache size 1 at Jul  7 09:51:17
Jul  7 10:00:17 mail postfix/postscreen[55164]: CONNECT from [58.208.84.245]:64821 to [172.16.200.97]:25
Jul  7 10:00:18 mail postfix/postscreen[55164]: PREGREET 11 after 0.26 from [58.208.84.245]:64821: EHLO User\r\n
Jul  7 10:00:18 mail postfix/postscreen[55164]: DISCONNECT [58.208.84.245]:64821
Jul  7 10:18:29 mail postfix/postscreen[56115]: CONNECT from [87.236.176.90]:33599 to [172.16.200.97]:25
Jul  7 10:18:31 mail postfix/postscreen[56115]: HANGUP after 2 from [87.236.176.90]:33599 in tests before SMTP handshake
Jul  7 10:18:31 mail postfix/postscreen[56115]: DISCONNECT [87.236.176.90]:33599

6 Reply by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

I'm not certain now, but it appears the first working steam email came through around 08:40 but I didn't notice it in my email client until around 10:00.

I tried again and it came through within a minute or so.

So what is happening to make it intermittent? If it's performance related this VM has 4GB RAM. If it is the source address/server why one but not another? I still have nothing at all from Veeam. Thanks for any suggestions.






Jul  7 10:40:59 mail postfix/postscreen[57217]: CONNECT from [208.64.202.47]:48595 to [172.16.200.97]:25
Jul  7 10:40:59 mail postfix/postscreen[57217]: PASS OLD [208.64.202.47]:48595
Jul  7 10:41:00 mail postfix/smtpd[57220]: connect from smtp-02-tuk1.steampowered.com[208.64.202.47]
Jul  7 10:41:00 mail postfix/smtpd[57220]: Anonymous TLS connection established from smtp-02-tuk1.steampowered.com[208.64.202.47]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
Jul  7 10:41:06 mail postfix/smtpd[57220]: warning: 47.202.64.208.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=47.202.64.208.list.dsbl.org type=A: Host not found, try again
Jul  7 10:41:09 mail postfix/smtpd[57220]: 4Qy7gn3c1nz3yWY: client=smtp-02-tuk1.steampowered.com[208.64.202.47]
Jul  7 10:41:09 mail postfix/cleanup[57251]: 4Qy7gn3c1nz3yWY: message-id=<E1qHhxS-004J8c-Gl@smtp-02-tuk1.steampowered.com>
Jul  7 10:41:09 mail postfix/qmgr[1772]: 4Qy7gn3c1nz3yWY: from=<noreply@steampowered.com>, size=32278, nrcpt=1 (queue active)
Jul  7 10:41:09 mail postfix/smtpd[57220]: disconnect from smtp-02-tuk1.steampowered.com[208.64.202.47] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul  7 10:41:14 mail postfix/10025/smtpd[57256]: connect from MyEmailServer[127.0.0.1]
Jul  7 10:41:14 mail postfix/10025/smtpd[57256]: 4Qy7gt04scz3yv2: client=MyEmailServer[127.0.0.1]
Jul  7 10:41:14 mail postfix/cleanup[57251]: 4Qy7gt04scz3yv2: message-id=<E1qHhxS-004J8c-Gl@smtp-02-tuk1.steampowered.com>
Jul  7 10:41:14 mail postfix/qmgr[1772]: 4Qy7gt04scz3yv2: from=<noreply@steampowered.com>, size=32894, nrcpt=1 (queue active)
Jul  7 10:41:14 mail postfix/10025/smtpd[57256]: disconnect from MyEmailServer[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul  7 10:41:14 mail amavis[47172]: (47172-02) Passed CLEAN {RelayedInbound}, [208.64.202.47]:48595 [208.78.165.137] ESMTP/ESMTP <noreply@steampowered.com> -> <MyEmailAddress>, (ESMTPS://[208.64.202.47]:48595 < smtp://208.78.165.137), Queue-ID: 4Qy7gn3c1nz3yWY, Message-ID: <E1qHhxS-004J8c-Gl@smtp-02-tuk1.steampowered.com>, mail_id: fDul_VBqGVcu, b: l93kxeZXr, Hits: -0.208, size: 32278, queued_as: 4Qy7gt04scz3yv2, Subject: "Your Steam account: Email address change request", From: <noreply@steampowered.com> (dkim:AUTHOR), helo=smtp-02-tuk1.steampowered.com, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,T_SCC_BODY_TEXT_LINE=-0.01], autolearn=ham autolearn_force=no, autolearnscore=-0.207, dkim_i=@steampowered.com, dkim_sd=smtp:steampowered.com, 4223 ms
Jul  7 10:41:14 mail postfix/amavis/smtp[57252]: 4Qy7gn3c1nz3yWY: to=<MyEmailAddress>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.6/0.02/0/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4Qy7gt04scz3yv2)
Jul  7 10:41:14 mail postfix/qmgr[1772]: 4Qy7gn3c1nz3yWY: removed
Jul  7 10:41:14 mail postfix/pipe[57257]: 4Qy7gt04scz3yv2: to=<MyEmailAddress>, relay=dovecot, delay=0.14, delays=0.02/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  7 10:41:14 mail postfix/qmgr[1772]: 4Qy7gt04scz3yv2: removed

7 Reply by chris.23lo

  • chris.23lo
  • Member
  • Offline
  • Registered: 2022-06-30
  • Posts: 44

Re: Mail flow diagnostics

Intentional policy rejection indicate some greylisting.
Take a glance at that.

https://forum.iredmail.org/post64580.html#p64580

May or may not be related. worth a try. Do make backup of config.

8 Reply by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

Thank you very much! So is this the correct format? 

python spf_to_greylist_whitelists.py --submit steampowered.com
python spf_to_greylist_whitelists.py
python /opt/iredapd/tools/greylisting_admin.py --disable --from '@steampowered.com'

If I want to soft disable greylisting, are these the best way to go? Preferably directing to junk mail?

https://docs.iredmail.org/manage.iredap … reylisting - GREYLISTING_TRAINING_MODE


Veeam still isn't showing up at all in maillog. I'm watching my network firewall and see no blocks at all for port 25. If mail was hitting the iRedMail server at all, would it definitely show in that particular log? Thanks again.

9 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: Mail flow diagnostics

maybe postscreen is blocking it due to SBL spamlist lookup

10 Reply by jsmith

  • jsmith
  • Member
  • Offline
  • Registered: 2015-04-11
  • Posts: 32

Re: Mail flow diagnostics

Would that show in /var/log/maillog ? Is there somewhere else I should be looking?