[qmailtoaster] dropped mails..
Hey there, I cannot seem to remember how to do this, but perhaps someone can remind me? From smtp log (/var/log/qmail/smtpd/current), I have mails from a recipient that get just dropped after determining that the sender is valid. e.g. i have lines such as: @40004e6ba8531a65aae4 tcpserver: ok 4396 krabat.waschbuesch.de:80.254.129.249:25 mx.someserver.org:123.123.123.123::36787 @40004e6ba8542f1fe954 CHKUSER accepted sender: from i...@somedomain.org:: remote :mx.someserver.org:123.123.123.123 rcpt : sender accepted But there it just drops. The next line will only be: @40004e6ba8562398a9cc tcpserver: end 4396 status 0 Since I cannot seem to find any additional info on why this mail was dropped, how can I enable additional debugging? E.g. for simscan or chkuser? If anyone has any pointers on how to debug this one... Thanks, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: dropped mails..
On 09/15/2011 10:03 AM, Martin Waschbüsch IT-Dienstleistungen wrote: Hey there, I cannot seem to remember how to do this, but perhaps someone can remind me? From smtp log (/var/log/qmail/smtpd/current), I have mails from a recipient that get just dropped after determining that the sender is valid. e.g. i have lines such as: @40004e6ba8531a65aae4 tcpserver: ok 4396 krabat.waschbuesch.de:80.254.129.249:25 mx.someserver.org:123.123.123.123::36787 @40004e6ba8542f1fe954 CHKUSER accepted sender: fromi...@somedomain.org:: remote:mx.someserver.org:123.123.123.123 rcpt : sender accepted But there it just drops. The next line will only be: @40004e6ba8562398a9cc tcpserver: end 4396 status 0 Since I cannot seem to find any additional info on why this mail was dropped, how can I enable additional debugging? E.g. for simscan or chkuser? If anyone has any pointers on how to debug this one... Thanks, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - That sounds familiar to me too, but I don't recall what was going on. Something TLS related perhaps. I'd use spamdyke's detailed logging to see what's happening. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dropped mails..
Hi Eric, - That sounds familiar to me too, but I don't recall what was going on. Something TLS related perhaps. I'd use spamdyke's detailed logging to see what's happening. -- -Eric 'shubes' Thanks for the quick reply, I think I isolated the issue (and to me, it looks like a bug!) I got to testing this thoroughly when I noticed that all amazon.de notifications were dropped for some time now. What I found is this: Disabling spf-checking by setting /var/qmail/control/spfbehaviour to 0 all emails pass. When left on the default (3) I have the problem. Now, amazon plays by the rules: checking amazon.de (! important that this is the German one!) for SPF records yields: v=spf1 include:amazon.com ~all spf2.0/pra include:amazon.com ~all And this is where I think the problem lies. The system is able to interpret the SPF policy, but does not seem to look up the 'include' part... For in amazon.com records, I found The TXT records found for your domain are: v=spf1 ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all spf2.0/pra ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all and the matching IP address is part of the ones listed above. So, where would I look for the SPF-related code in qmail? Or should I disable it and enable in spamassassin instead? (which could be an interim work-around, I guess).. What do you think? Martin - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: dropped mails..
On 09/15/2011 10:57 AM, Martin Waschbüsch IT-Dienstleistungen wrote: Hi Eric, - That sounds familiar to me too, but I don't recall what was going on. Something TLS related perhaps. I'd use spamdyke's detailed logging to see what's happening. -- -Eric 'shubes' Thanks for the quick reply, I think I isolated the issue (and to me, it looks like a bug!) I got to testing this thoroughly when I noticed that all amazon.de notifications were dropped for some time now. What I found is this: Disabling spf-checking by setting /var/qmail/control/spfbehaviour to 0 all emails pass. When left on the default (3) I have the problem. Now, amazon plays by the rules: checking amazon.de (! important that this is the German one!) for SPF records yields: v=spf1 include:amazon.com ~all spf2.0/pra include:amazon.com ~all And this is where I think the problem lies. The system is able to interpret the SPF policy, but does not seem to look up the 'include' part... For in amazon.com records, I found The TXT records found for your domain are: v=spf1 ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all spf2.0/pra ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all and the matching IP address is part of the ones listed above. So, where would I look for the SPF-related code in qmail? Or should I disable it and enable in spamassassin instead? (which could be an interim work-around, I guess).. What do you think? Martin - Nice going. I had a problem with SPF some time ago, and backed it off to 1 at the time. Since then I'm back to 3 with no apparent problem (meaning no one's complaining). I never dug into what the problem was. SPF processing in QMT (qmail-toaster package) is handled by a patch: Chris christo...@saout.de - qmail-spf.rc5 http://www.saout.de/misc/spf/ If you can track down the bug, that'd be great. In the meantime, backing off spfbehavior should remedy your situation. While I like the idea of SPF in theory, I'm not sure how often it actually blocks anything, given the effetiveness of spamdyke. Of course, at some point in time, spammers will likely figure out how to get through spamdyke's filters, at which point SPF may become more relevant. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
