Re: Not receiving messages from mail servers

[wilfried.es...@essignetz.de]

Try

debug_peer_list = 94.237.32.243

in main.cf


Willi

Am 17.04.2018 um 14:38 schrieb @lbutlr:
> I finally managed to isolate this. I have no been receiving mails from some 
> mail servers and there's very little being logged. I obviously set some 
> configuration that mucked things up. Here is the entire mail.log from the 
> first minute after midnight:
> 
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
> [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
> domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
> domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
> wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
> PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
> PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
> Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 
> quit=1 commands=2/6
> 
> As you can see, 94.237.32.243 connected and then after 30 seconds 
> disconnected. It says it sent an ehlo, but it is not logged.
> 
> This is one of the lists effected, so please include a Cc to me. 
> 
> 

Re: Not receiving messages from mail servers

[LuKreme]

On Apr 17, 2018, at 07:58, Dominic Raferd  wrote:
> What do the 'dovecot: imap-login' messages signify?

That wouldn't be involved. This wasn’t a user logging in, this was mail 
delivering from the dovecot list

> Judging from the final smtpd log message, STARTTLS wasn't attempted,

Yep, that was the clue.

I seem to have fixed it. I had an errant !TLSv1.1 in the protocols list. I 
guess I got a little distracted when I was locking down Apache... :/

-- 
My main job is trying to come up with new and innovative and effective ways to 
reject even more mail. I'm up to about 97% now.

Re: Not receiving messages from mail servers

[Viktor Dukhovni]

> On Apr 17, 2018, at 8:38 AM, @lbutlr  wrote:
> 
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
> [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
> domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
> domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
> wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 
> quit=1 commands=2/6

The mail/rcpt/data commands were pipelined together, and all three were 
rejected, then the remote client issued RSET and QUIT, but RSET was also 
rejected!  The only way that RSET is rejected (barring unlikely syntax errors) 
is indeed if you're enforcing TLS, which would also explain why mail/rcpt/data 
were rejected.

-- 
Viktor.

Re: Not receiving messages from mail servers

[/dev/rob0]

On Tue, Apr 17, 2018 at 06:38:00AM -0600, @lbutlr wrote:
> I finally managed to isolate this. I have no been receiving mails
> from some mail servers and there's very little being logged. I
> obviously set some configuration that mucked things up. Here is
> the entire mail.log from the first minute after midnight:
> 
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
> [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
> domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
> domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
> wursti.dovecot.fi[94.237.32.243]

It gets through postscreen, to smtpd ...

> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 
> rset=0/1 quit=1 commands=2/6
> 
> As you can see, 94.237.32.243 connected and then after 30 seconds 
> disconnected. It says it sent an ehlo, but it is not logged.

[it looks logged, to me]

Unfortunately the SMTP protocol provides no means for a client to 
tell a server why it's unable to complete a transaction.

Noting that this is probably from the Dovecot users' mailing list, I 
will put forth a WAG: perhaps you are requiring TLS?  That host is 
among a small number of hosts in my logs which hit a "warn_if_reject 
reject_plaintext_session" restriction.  If you require TLS you can't 
receive mail from hosts which do not STARTTLS.

If you can ask Timo or dovecot.fi people directly, they should be 
able to help you.

> This is one of the lists effected, so please include a Cc to me. 

Sorry, can't; I am a SPF violator.  One Of These Days, I might fix 
that.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Not receiving messages from mail servers

[Dominic Raferd]

On 17 April 2018 at 13:38, @lbutlr  wrote:
>
> I finally managed to isolate this. I have no been receiving mails from some 
> mail servers and there's very little being logged. I obviously set some 
> configuration that mucked things up. Here is the entire mail.log from the 
> first minute after midnight:
>
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
> [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr
> 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
> domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
> domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
> wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:37 mail
> dovecot: imap-login: Login: user=, x.x.x.x, PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
> PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
> Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 
> quit=1 commands=2/6
>
> As you can see, 94.237.32.243 connected and then after 30 seconds 
> disconnected. It says it sent an ehlo, but it is not logged.


What do the 'dovecot: imap-login' messages signify?

Judging from the final smtpd log message, STARTTLS wasn't attempted,
perhaps because your server doesn't offer it? If you don't allow
unencrypted connections for incoming mail (smtpd_tls_security_level =
encrypt instead of may), this could be your problem. See
http://www.postfix.org/TLS_README.html: 'According to RFC 2487 this
MUST NOT be applied in case of a publicly-referenced Postfix SMTP
server. This option is off by default and should only seldom be used.'

Not receiving messages from mail servers

[@lbutlr]

I finally managed to isolate this. I have no been receiving mails from some 
mail servers and there's very little being logged. I obviously set some 
configuration that mucked things up. Here is the entire mail.log from the first 
minute after midnight:

Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
[94.237.32.243]:46598 to [65.121.55.42]:25
Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
domain hostkarma.junkemailfilter.com as 127.0.0.1
Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
domain hostkarma.junkemailfilter.com as 127.0.1.1
Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
domain score.senderscore.com as 127.0.4.97
Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
domain list.dnswl.org as 127.0.9.2
Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
wursti.dovecot.fi[94.237.32.243]
Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, PLAIN, 
TLS
Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
PLAIN, TLS
Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 
quit=1 commands=2/6

As you can see, 94.237.32.243 connected and then after 30 seconds disconnected. 
It says it sent an ehlo, but it is not logged.

This is one of the lists effected, so please include a Cc to me.