[pfx] Re: Troubleshooting mail loop issue

[Victoriano Giralt via Postfix-users]

16 ago 2023 6:50:27 Bill Cole via Postfix-users :

> "Should" they? Of course. They didn't. Whatever is broken in this case is 
> broken inside Microsoft.

As usual... ;-)

My excuses for the noise, but I couldn't resist :-D

-- 
Victoriano Giralt
Sent from a hand held device


signature.asc
Description: PGP signature
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[raf via Postfix-users]

On Tue, Aug 15, 2023 at 08:48:35AM -0400, Bill Cole via Postfix-users 
 wrote:

> Your task is to fix Microsoft's mishandling of email. (giggles insanely...)

:-)

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Bill Cole via Postfix-users]

On 2023-08-15 at 21:52:52 UTC-0400 (Tue, 15 Aug 2023 21:52:52 -0400)
Alex via Postfix-users 
is rumored to have said:

[...]

Yes, it is a loop. The loop occurs inside MS365. Apparently Microsoft
does not understand how to get mail from CompanyA to CompanyB
internally, so they follow the DNS.



but it should then send it to another tenant, correct?


You are asking a MS365 question on a Postfix mailing list.

"Should" they? Of course. They didn't. Whatever is broken in this case 
is broken inside Microsoft.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Alex via Postfix-users]

Hi,

On Tue, Aug 15, 2023 at 8:49 AM Bill Cole via Postfix-users <
postfix-users@postfix.org> wrote:

> On 2023-08-14 at 17:23:34 UTC-0400 (Mon, 14 Aug 2023 17:23:34 -0400)
> Alex via Postfix-users 
> is rumored to have said:
>
> > Hi,
> > I have what appears to be a complicated mail loop problem that I can't
> > figure out. I suspect that their receiving system (M365) is somehow
> > reinjecting the message back to our mail server after it's been
> > successfully delivered to them.
>
> For loose values of "success"...
>
>
> > We are acting as MX for two small companies, and occasionally, when
> > companyA emails companyB, it is first received by raven.example.com,
> > 209.216.111.115,
> > which is the MX we have created for them, processed by amavisd, then
> > routed
> > to the destination through our postfix-out instance
> > xavier.example.com,
> > 209.216.111.114. The companyB server accepts the message, but then
> > somehow
> > companyA appears to connect to our server again and send the same
> > message
> > again.
>
> Yes, it is a loop. The loop occurs inside MS365. Apparently Microsoft
> does not understand how to get mail from CompanyA to CompanyB
> internally, so they follow the DNS.
>

but it should then send it to another tenant, correct?

The sending M365 server ultimately gets a "too many hops" error, reportedly
by our xavier server, but we don't always have a record of that.


Diagnostic information for administrators:
Generating server: PH0PR02MB7736.namprd02.prod.outlook.com

r...@companyb.com
xavier.example.com
Remote server returned '554 5.4.0 Error: too many hops'

Here's one reported today:

Aug 15 12:32:15 xavier postfix-out/smtp[223443]: 549A0305F4A07:
to=,
relay=companyB-com.mail.protection.outlook.com[52.101.40.2]:25,
delay=2.1, delays=0.01/0/0.45/1.7, dsn=2.6.0, status=sent (250 2.6.0 <
mw4pr02mb74739e55fd642380cc07b22ec2...@mw4pr02mb7473.namprd02.prod.outlook.com>
[InternalId=154820686141293, Hostname=
CH2PR02MB6806.namprd02.prod.outlook.com] 189859 bytes in 0.317, 583.850
KB/sec Queued mail for delivery)

I can trace the queue ID here back to find the other four successful
deliveries of this same message, as well as find it in my always_bcc user
mbox.

Thanks,
Alex
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Alex via Postfix-users]

Hi,

On Tue, Aug 15, 2023 at 11:53 AM Paul Enlund via Postfix-users <
postfix-users@postfix.org> wrote:

> Hi
>
> One thing to check is that your MX server allowed recipients is in sync
> with M365 allowed recipients.
>
Can you explain more of what you mean here? In this case, the recipient
does exist. I don't believe it's ever happened with a non-existent
recipient.

We aren't pulling the list of valid recipients, but instead just letting
their system send us the reject for non-existent recipients.

Thanks,
Alex






> Regards Paul
> On 14/08/2023 22:23, Alex via Postfix-users wrote:
>
> Hi,
> I have what appears to be a complicated mail loop problem that I can't
> figure out. I suspect that their receiving system (M365) is somehow
> reinjecting the message back to our mail server after it's been
> successfully delivered to them.
>
> We are acting as MX for two small companies, and occasionally, when
> companyA emails companyB, it is first received by raven.example.com, 
> 209.216.111.115,
> which is the MX we have created for them, processed by amavisd, then routed
> to the destination through our postfix-out instance xavier.example.com,
> 209.216.111.114. The companyB server accepts the message, but then somehow
> companyA appears to connect to our server again and send the same message
> again.
>
> It's very difficult to trace what's happening, so I hoped someone could
> help. I think the sending server is somehow reconnecting to our server and
> resending the same message, but it eventually dies with the sending server
> saying "Error: too many hops". Our server never sees that message. They
> have forwarded the bounce to me and I've pasted it here:
> https://pastebin.com/ChcnDwjK
>
> It appears like it delivers five different copies, but each version has
> all the received headers of the previous version.
>
> I'm sorry if this is confusing. I've spent probably six hours or more
> reading through this one email trying to trace the problem and correlate it
> with the postfix/amavis logs. I believe it's only happened a few times - I
> don't quite understand all the circumstances under which it happens. We
> also don't always see the reject/too many hops message. Here is a recent
> one:
>
> Aug  4 09:01:13 xavier postfix-115/smtp[125455]: 88D5F246: to=
>  ,
> relay=127.0.0.1[127.0.0.1]:11024, delay=0.67, delays=0.21/0/0/0.45,
> dsn=5.4.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.4.0
> id=136757-17 - Rejected by next-hop MTA on relaying, from
> MTA(smtp:[127.0.0.1]:11025): 554 5.4.0 Error: too many hops (in reply to
> end of DATA command))
>
> Any ideas for either what's going on with this email or what I can do to
> troubleshoot this further would really be appreciated.
>
> Thanks,
> Alex
>
>
>
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Alex via Postfix-users]

Hi,

On Tue, Aug 15, 2023 at 11:02 AM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:

> Your loop, based on Received: headers, newer at the top, older at
> the bottom:
>
> Received: from xavier.example.com (209.216.111.114) by
> CO1PEPF44F7.mail.protection.outlook.com (10.167.241.197) with
> Microsoft S
> Received: from localhost by xavier.example.com (Postfix) with ESMTP id
> 30B17305F4A07;Fri, 11 Aug 2023 11:57:49 -0400 (EDT)
> Received: from xavier.example.com ([209.216.111.115]) by localhost
> (amavis, port 11024) with ESMTP id HL0GE5Q4v_xp; Fri, 11 Aug 2023
> Received: from NAM11-BN8-obe.outbound.protection.outlook.com (using
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> Received: from CY5PR04CA0018.namprd04.prod.outlook.com by
> SA1PR02MB9916.namprd02.prod.outlook.com (2603:10b6:
> Received: from CY4PEPFEE3E.namprd03.prod.outlook.com by
> CY5PR04CA0018.outlook.office365.com (2603:10
> Received: from xavier.example.com (209.216.111.114) by
> CY4PEPFEE3E.mail.protection.outlook.com (10.167.242.18) with
> Microsoft SM
>
> In summary:
>
> 1 xavier.example.com ([209.216.111.114]) sends a message to Microsoft
>
> 2 After some internal hops, Microsoft sends the message to the
> inbound MX xavier.example.com (209.216.111.115) for company A, B,
> which filters it with amavis.
>
> 3 GOTO 1.
>
> Which step is in error?
>

We are relay for both companyA and companyB. Both are also on M365, so mail
originates from M365 at companyA, goes through our xavier, then out to M365
at companyB.

I also see five relay=companyB entries in the logs, but companyB doesn't
report ever receiving five copies.

Thanks so much,
Alex
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Paul Enlund via Postfix-users]

Hi

One thing to check is that your MX server allowed recipients is in sync 
with M365 allowed recipients.


Regards Paul

On 14/08/2023 22:23, Alex via Postfix-users wrote:

Hi,
I have what appears to be a complicated mail loop problem that I can't 
figure out. I suspect that their receiving system (M365) is somehow 
reinjecting the message back to our mail server after it's been 
successfully delivered to them.


We are acting as MX for two small companies, and occasionally, when 
companyA emails companyB, it is first received by raven.example.com 
, 209.216.111.115, which is the MX we have 
created for them, processed by amavisd, then routed to the destination 
through our postfix-out instance xavier.example.com 
, 209.216.111.114. The companyB server 
accepts the message, but then somehow companyA appears to connect to 
our server again and send the same message again.


It's very difficult to trace what's happening, so I hoped someone 
could help. I think the sending server is somehow reconnecting to our 
server and resending the same message, but it eventually dies with the 
sending server saying "Error: too many hops". Our server never sees 
that message. They have forwarded the bounce to me and I've pasted it 
here:

https://pastebin.com/ChcnDwjK

It appears like it delivers five different copies, but each version 
has all the received headers of the previous version.


I'm sorry if this is confusing. I've spent probably six hours or more 
reading through this one email trying to trace the problem and 
correlate it with the postfix/amavis logs. I believe it's only 
happened a few times - I don't quite understand all the circumstances 
under which it happens. We also don't always see the reject/too many 
hops message. Here is a recent one:


Aug  4 09:01:13 xavier postfix-115/smtp[125455]: 88D5F246: 
to=, relay=127.0.0.1[127.0.0.1]:11024, delay=0.67, 
delays=0.21/0/0/0.45, dsn=5.4.0, status=bounced (host 
127.0.0.1[127.0.0.1] said: 554 5.4.0 id=136757-17 - Rejected by 
next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:11025): 554 5.4.0 
Error: too many hops (in reply to end of DATA command))


Any ideas for either what's going on with this email or what I can do 
to troubleshoot this further would really be appreciated.


Thanks,
Alex



___
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Wietse Venema via Postfix-users]

Your loop, based on Received: headers, newer at the top, older at
the bottom:

Received: from xavier.example.com (209.216.111.114) by 
CO1PEPF44F7.mail.protection.outlook.com (10.167.241.197) with Microsoft S
Received: from localhost by xavier.example.com (Postfix) with ESMTP id 
30B17305F4A07;Fri, 11 Aug 2023 11:57:49 -0400 (EDT)
Received: from xavier.example.com ([209.216.111.115]) by localhost (amavis, 
port 11024) with ESMTP id HL0GE5Q4v_xp; Fri, 11 Aug 2023
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (using TLSv1.2 
with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) 
Received: from CY5PR04CA0018.namprd04.prod.outlook.com by 
SA1PR02MB9916.namprd02.prod.outlook.com (2603:10b6:
Received: from CY4PEPFEE3E.namprd03.prod.outlook.com by 
CY5PR04CA0018.outlook.office365.com (2603:10
Received: from xavier.example.com (209.216.111.114) by 
CY4PEPFEE3E.mail.protection.outlook.com (10.167.242.18) with Microsoft SM

In summary:

1 xavier.example.com ([209.216.111.114]) sends a message to Microsoft

2 After some internal hops, Microsoft sends the message to the
inbound MX xavier.example.com (209.216.111.115) for company A, B,
which filters it with amavis.

3 GOTO 1.

Which step is in error?

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

[Bill Cole via Postfix-users]

On 2023-08-14 at 17:23:34 UTC-0400 (Mon, 14 Aug 2023 17:23:34 -0400)
Alex via Postfix-users 
is rumored to have said:


Hi,
I have what appears to be a complicated mail loop problem that I can't
figure out. I suspect that their receiving system (M365) is somehow
reinjecting the message back to our mail server after it's been
successfully delivered to them.


For loose values of "success"...



We are acting as MX for two small companies, and occasionally, when
companyA emails companyB, it is first received by raven.example.com,
209.216.111.115,
which is the MX we have created for them, processed by amavisd, then 
routed
to the destination through our postfix-out instance 
xavier.example.com,
209.216.111.114. The companyB server accepts the message, but then 
somehow
companyA appears to connect to our server again and send the same 
message

again.


Yes, it is a loop. The loop occurs inside MS365. Apparently Microsoft 
does not understand how to get mail from CompanyA to CompanyB 
internally, so they follow the DNS.




It's very difficult to trace what's happening,


Not really, just strip out everything but the Received headers and 
unfold them. The path is clear.




so I hoped someone could
help. I think the sending server is somehow reconnecting to our server 
and
resending the same message, but it eventually dies with the sending 
server
saying "Error: too many hops". Our server never sees that message. 
They

have forwarded the bounce to me and I've pasted it here:
https://pastebin.com/ChcnDwjK

It appears like it delivers five different copies, but each version 
has all

the received headers of the previous version.


It is odd to call these "copies" since the Received headers clearly 
prove that the message has gone around the loop 4 times.




I'm sorry if this is confusing. I've spent probably six hours or more
reading through this one email trying to trace the problem and 
correlate it
with the postfix/amavis logs. I believe it's only happened a few times 
- I
don't quite understand all the circumstances under which it happens. 
We
also don't always see the reject/too many hops message. Here is a 
recent

one:

Aug  4 09:01:13 xavier postfix-115/smtp[125455]: 88D5F246:
to=, relay=127.0.0.1[127.0.0.1]:11024, delay=0.67,
delays=0.21/0/0/0.45, dsn=5.4.0, status=bounced (host 
127.0.0.1[127.0.0.1]
said: 554 5.4.0 id=136757-17 - Rejected by next-hop MTA on relaying, 
from
MTA(smtp:[127.0.0.1]:11025): 554 5.4.0 Error: too many hops (in reply 
to

end of DATA command))

Any ideas for either what's going on with this email or what I can do 
to

troubleshoot this further would really be appreciated.


Your task is to fix Microsoft's mishandling of email. (giggles 
insanely...)


But seriously, you cannot fix this problem by reconfiguring Postfix or 
DNS, the changes must be done in MS365 mail routing.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org