Multi domain. send Emails hang as spam v4

Questions and answers about how to do stuff
Post Reply
dukse
Posts: 7
Joined: 05 Jul 2020 09:28

Multi domain. send Emails hang as spam v4

Post by dukse »

Hi

I'm quit new but love the product.

I have resantly added 2 other domains to my exchange 2016.

Domain 1 ( pri ) is sending mails just fine
Domain 2 got stuck as spam, but send it if I release it.

For me it looks like EFA think it's an incomming mail.

Can anyone help me ????

Regards Anders
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Multi domain. send Emails hang as spam v4

Post by pdwalker »

We need much more information.

Can you show us a spam report for the stuck domain?
dukse
Posts: 7
Joined: 05 Jul 2020 09:28

Re: Multi domain. send Emails hang as spam v4

Post by dukse »

Yes Offcause. Sorry

This is a mail send from Pri. Domain

6/07/20 10:08:10
Received by: EFA-01.dukse.dk
Received from:
192.168.99.8 [Add to Whitelist | Add to Blacklist]
Received Via:
IP Address Hostname Country RBL Spam Virus All
192.168.99.8 (Private Network) (Private Network) [ ] [ ] [ ] [ ]
::1 (Localhost) (Localhost) [ ] [ ] [ ] [ ]
ID: 4B0dV3015wz5jMF
Message Headers: Received: from static-5-103-128-179.ip.fibianet.dk ([192.168.99.8] [192.168.99.8])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
(no client certificate requested)
by EFA-01.dukse.dk (MailScanner Milter) with SMTP id 4B0dV3015wz5jMF
for <info@provib.dk>; Mon, 6 Jul 2020 10:07:55 +0200 (CEST)
DMARC-Filter: OpenDMARC Filter v1.3.2 EFA-01.dukse.dk 4B0dV3015wz5jMF
Authentication-Results: EFA-01.dukse.dk; dmarc=fail (p=quarantine dis=none) header.from=dukse.dk
Authentication-Results: EFA-01.dukse.dk; spf=fail smtp.mailfrom=anders@dukse.dk
DKIM-Filter: OpenDKIM Filter v2.11.0 EFA-01.dukse.dk 4B0dV3015wz5jMF
DMARC-Filter: OpenDMARC Filter v1.3.2 EFA-01.dukse.dk 4B0dV3015wz5jMF
Authentication-Results: EFA-01.dukse.dk; dmarc=fail (p=quarantine dis=none) header.from=dukse.dk
Authentication-Results: EFA-01.dukse.dk; spf=fail smtp.mailfrom=anders@dukse.dk
DKIM-Filter: OpenDKIM Filter v2.11.0 EFA-01.dukse.dk 4B0dV3015wz5jMF
Received: from EXC-01.dukse.local (192.168.99.8) by EXC-01.dukse.local
(192.168.99.8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Mon, 6 Jul
2020 10:07:42 +0200
Received: from EXC-01.dukse.local ([::1]) by EXC-01.dukse.local ([::1]) with
mapi id 15.01.1979.003; Mon, 6 Jul 2020 10:07:42 +0200
From: Anders Rasmussen <anders@dukse.dk>
To: Michael Hornskov <info@provib.dk>
Subject: Rykker
Thread-Topic: Rykker
Thread-Index: AdZTarvMEpoOaS32RlCRFLVmApUBZQ==
Date: Mon, 6 Jul 2020 08:07:41 +0000
Message-ID: <c5fd1c95b8ca4e08834c8096dd0a749e@dukse.dk>
Accept-Language: da-DK, en-US
Content-Language: da-DK
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.99.86]
Content-Type: multipart/alternative;
boundary="_000_c5fd1c95b8ca4e08834c8096dd0a749eduksedk_"
MIME-Version: 1.0
From:
anders@dukse.dk [Add to Whitelist | Add to Blacklist]
To: info@provib.dk
Subject: Rykker
Size: 5.73kB
Anti-Virus/Dangerous Content Protection
Virus: N
Blocked File: N
Other Infection: N
SpamAssassin
Spam: N Action(s): store, deliver, header, "X-Spam-Status:No"
High Score Spam: N
SpamAssassin Spam: N
Listed in RBL: N
SPAM Whitelisted: N
SPAM Blacklisted: N
SpamAssassin Autolearn: N
SpamAssassin Score: -0.06
Spam Report:
Score Matching Rule Description
-1.00 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.00 HTML_MESSAGE HTML included in message
0.92 SPF_FAIL SPF: sender does not match SPF record (fail)
0.02 TXREP Score normalizing based on sender's reputation
Relay Information:
Date/Time Relayed by Relayed to Delay Status
06/07/20 10:08:13 EFA-01 mx3.pub.mailpod4-cph3.one.com 00:00:02 sent (250 2.0.0 Ok: queued as d5235711-bf5f-11ea-92cf-ec0d9a6ed226)

This is from Domain 2

06/07/20 11:16:32
Received by: EFA-01.dukse.dk
Received from:
192.168.99.8 [Add to Whitelist | Add to Blacklist]
Received Via:
IP Address Hostname Country RBL Spam Virus All
192.168.99.8 (Private Network) (Private Network) [ ] [ ] [ ] [ ]
::1 (Localhost) (Localhost) [ ] [ ] [ ] [ ]
ID: 4B0g0L0nyFz5jMF
Message Headers: Received: from static-5-103-128-179.ip.fibianet.dk ([192.168.99.8] [192.168.99.8])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
(no client certificate requested)
by EFA-01.dukse.dk (MailScanner Milter) with SMTP id 4B0g0L0nyFz5jMF
for <duksemail@gmail.com>; Mon, 6 Jul 2020 11:15:46 +0200 (CEST)
DMARC-Filter: OpenDMARC Filter v1.3.2 EFA-01.dukse.dk 4B0g0L0nyFz5jMF
Authentication-Results: EFA-01.dukse.dk; dmarc=fail (p=quarantine dis=none) header.from=ravnholt-hytten.dk
Authentication-Results: EFA-01.dukse.dk; spf=fail smtp.mailfrom=info@ravnholt-hytten.dk
DKIM-Filter: OpenDKIM Filter v2.11.0 EFA-01.dukse.dk 4B0g0L0nyFz5jMF
DMARC-Filter: OpenDMARC Filter v1.3.2 EFA-01.dukse.dk 4B0g0L0nyFz5jMF
Authentication-Results: EFA-01.dukse.dk; dmarc=fail (p=quarantine dis=none) header.from=ravnholt-hytten.dk
Authentication-Results: EFA-01.dukse.dk; spf=fail smtp.mailfrom=info@ravnholt-hytten.dk
DKIM-Filter: OpenDKIM Filter v2.11.0 EFA-01.dukse.dk 4B0g0L0nyFz5jMF
Received: from EXC-01.dukse.local (192.168.99.8) by EXC-01.dukse.local
(192.168.99.8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Mon, 6 Jul
2020 11:15:33 +0200
Received: from EXC-01.dukse.local ([::1]) by EXC-01.dukse.local ([::1]) with
mapi id 15.01.1979.003; Mon, 6 Jul 2020 11:15:33 +0200
From: Ravnholt <info@ravnholt-hytten.dk>
To: Anders Rasmussen <duksemail@gmail.com>
Subject: test
Thread-Topic: test
Thread-Index: AdZTdfvO6kxoz4FWSkmjcfrgf5tvbw==
Date: Mon, 6 Jul 2020 09:15:33 +0000
Message-ID: <a2c329e7ed5e45af8990391b92efe0e1@ravnholt-hytten.dk>
Accept-Language: da-DK, en-US
Content-Language: da-DK
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.99.86]
Content-Type: multipart/alternative;
boundary="_000_a2c329e7ed5e45af8990391b92efe0e1ravnholthyttendk_"
MIME-Version: 1.0
From:
info@ravnholt-hytten.dk [Add to Whitelist | Add to Blacklist]
To: duksemail@gmail.com
Subject: test
Size: 5.68kB
Anti-Virus/Dangerous Content Protection
Virus: N
Blocked File: N
Other Infection: N
SpamAssassin
Spam: N Action(s): store, deliver, header, "X-Spam-Status:No"
High Score Spam: N
SpamAssassin Spam: N
Listed in RBL: N
SPAM Whitelisted: N
SPAM Blacklisted: N
SpamAssassin Autolearn: N
SpamAssassin Score: -0.07
Spam Report:
Score Matching Rule Description
-1.00 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.00 HTML_MESSAGE HTML included in message
0.92 SPF_FAIL SPF: sender does not match SPF record (fail)
0.01 TXREP Score normalizing based on sender's reputation
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Multi domain. send Emails hang as spam v4

Post by pdwalker »

Two things:

1/ Your DMARC and SPF checks are showing as failing, but that is not stopping your mail. You might want to find out why and then correct the problem.

2/ The only difference I can see between the two headers (other than the recipient email address) is the following line at the end of hte first delivery:
Relay Information:
Date/Time Relayed by Relayed to Delay Status
06/07/20 10:08:13 EFA-01 mx3.pub.mailpod4-cph3.one.com 00:00:02 sent (250 2.0.0 Ok: queued as d5235711-bf5f-11ea-92cf-ec0d9a6ed226)
What is mx3.pub.mailpod4-cph3.one.com? Is that your destination mail server? Is EFA configured to deliver mail to this server for both domains?

What is the contents of your /etc/postfix/transport file?
dukse
Posts: 7
Joined: 05 Jul 2020 09:28

Re: Multi domain. send Emails hang as spam v4

Post by dukse »

my transport file : ( is only incomming domains )

###### START eFa ADDED DOMAINS ######
dukse.local smtp:[x.x.x.x]
ravnholt-hytten.dk smtp:[x.x.x.x]
ravnholthytten.dk smtp:[x.x.x.x]
rmp-art.dk smtp:[1x.x.x.x]
tier1consulting.dk smtp:[x.x.x.x]
tier1.dk smtp:[x.x.x.x]
tier1-consulting.dk smtp:[x.x.x.x]
dukse.dk smtp:[x.x.x.x]

As I read, its like when you use EFA as smtp gateway then it sends directly to the "world" ?????

my main.cf :

meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
mynetworks = 127.0.0.0/8 [::1]/128 x.x.x.0/24 x.x.x.0/24
header_checks = regexp:/etc/postfix/header_checks
myorigin = $mydomain
relay_domains = hash:/etc/postfix/transport
transport_maps = hash:/etc/postfix/transport
local_recipient_maps =
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
virtual_alias_maps = hash:/etc/postfix/virtual
default_destination_recipient_limit = 1
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
tls_preempt_cipherlist = yes
tls_medium_cipherlist = ECDSA+AESGCM:ECDH+AESGCM:DH+AESGCM:ECDSA+AES:ECDH+AES:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
smtpd_tls_ciphers = medium
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname
smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501
unverified_recipient_reject_reason = No user at this address
unverified_recipient_reject_code = 550
masquerade_domains = $mydomain
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893, inet:localhost:8891, inet:localhost:8893, inet:127.0.0.1:33333
non_smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893, inet:localhost:8891, inet:localhost:8893
milter_default_action = tempfail
milter_protocol = 2
message_size_limit = 133169152
mailbox_size_limit = 133169152
qmqpd_authorized_clients = 127.0.0.1 [::1]
enable_long_queue_ids = yes
error_notice_recipient = root@$myhostname
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
relayhost =
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Multi domain. send Emails hang as spam v4

Post by shawniverson »

If your emails are getting stuck as spam on outbound, you probably need to add your internal mail hosts as trusted hosts.

You can whitelist your hosts, or if you still want some scanning (like I do), use SpamAssassin's Shortcircuit plugin to skip spam scanning of outbound email.
dukse
Posts: 7
Joined: 05 Jul 2020 09:28

Re: Multi domain. send Emails hang as spam v4

Post by dukse »

I Just found out what the problem was. So problem solved.

I have resently set my system up for DMARC - DKIM etc. and something whent wrong for my second domain ( did I test it correct ? )

So alle the mails godt stuck because of that. Damn

Everything looks fine, but deep down in the logs I could see that it could not find the dkim foulder for that domain etc. ( wrong security setting :-/ )

I deleted the dkim - dmarc settings and WOLA Everything was working again

My BAD :oops:
Post Reply