Thanks Noel. This sounds like a good clue.... the gmail app is used with a custom SMTP server, which would be our mail relay... I will try and reproduce this. I would expect the source IP address of the SMTP traffic to be the client's device though, not Google's.
On Tue, Apr 30, 2019, 2:18 PM Noel Jones <[email protected]> wrote: > https://support.google.com/mail/answer/6078445 > > > > > On 4/30/2019 10:54 AM, Mohamed Lrhazi wrote: > > I hope you guys don't mind me asking here about a non Postfix issue. > > > > I find this in the logs of our mail relay server. We are using > > google's GSuite, but have a relay for some use cases... > > > > > > Apr 30 09:03:59 idp-prod-2 postfix/qmgr[5631]: 02EBF3A402: removed > > Apr 30 09:03:59 idp-prod-2 postfix/smtp[2920]: 02EBF3A402: > > to=<[email protected] <mailto:[email protected]>>, > > relay=aspmx.l.google.com > > <http://aspmx.l.google.com>[173.194.207.27]:25, delay=0.71, > > delays=0.08/0.03/0.19/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK > > 1556629439 r127si3887981qkb.206 - gsmtp) > > Apr 30 09:03:59 idp-prod-2 postfix/qmgr[5631]: 02EBF3A402: > > from=<[email protected] <mailto:[email protected]>>, size=2370, > > nrcpt=1 (queue active) > > Apr 30 09:03:59 idp-prod-2 postfix/cleanup[2919]: 02EBF3A402: > > message-id=< > cajgw3yovgh6fto9somazqewk2nd+lwv9zr7ejqojlbo-2nk...@mail.gmail.com > > <mailto: > cajgw3yovgh6fto9somazqewk2nd%[email protected]>> > > Apr 30 09:03:59 idp-prod-2 postfix/smtpd[2847]: 02EBF3A402: > > client=mail-ot1-f43.google.com > > <http://mail-ot1-f43.google.com>[209.85.210.43], sasl_method=PLAIN, > > sasl_username=user1 > > > > > > example.com <http://example.com> is our domain, and user1 and 2 our > > valid users.I cannot figure out why and how our users would be > > sending mail via our mail relay, with the source IP address coming > > up as google's? > > > > Am I misunderstanding the log lines? > > > > Thanks a lot! > > Mohamed. > >
