Mail fowarding 5.5.40

Bugs in eFa 4
Post Reply
samrein
Posts: 28
Joined: 04 May 2018 08:41

Mail fowarding 5.5.40

Post by samrein »

Hi @all,

since this morning i cannot forwarding mails from my exchange 2016. We dont make any updates or changes, but when i configure a forwarding rule in my exchange server, have i the follow issue.

The Efa 4 Server is my Smarthost.

Remote Server returned '554 5.4.0 <192.168.4.26 #5.4.12 smtp; 554 5.4.12 SMTP; Hop count exceeded - possible mail loop detected on message

Code: Select all

Final-Recipient: rfc822; xxxx@xxx
Original-Recipient: rfc822;xxxx@xxx
Action: failed
Status: 5.4.12
Remote-MTA: dns; 192.168.4.26
Diagnostic-Code: smtp; 554 5.4.12 SMTP; Hop count exceeded - possible mail
loop
    detected on message id <c822d840dede4397a09c541c36c13e4f@xxxx>
it does not deliver the message externally, but appears to be sending it straight back to the exchange.
Normal messages work without errors.

What can i do to find the issue?

Regards
Stefan
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

Can you get me the contents of /var/log/maillog from the eFa at the time this is happening (sanitized)?
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

Hello Shawwniverson,

it does not deliver the message externally, but appears to be sending it straight back to the exchange. Normal messages work without errors. Apparently he tries to forward to the mailaddress, in which the forwarding is configured.

Code: Select all

Nov  4 12:23:55 mailgw MailScanner[2890]: <A> tag found in message 4CR46H10C8zB0FMD from NAME@domäne
Nov  4 12:23:55 mailgw MailScanner[2890]: HTML Img tag found in message 4CR46H10C8zB0FMD from NAME@domäne
Nov  4 12:23:55 mailgw postfix/qmgr[2074]: 4CR46M6YvjzB0FM9: from=<NAME@domäne>, size=15184, nrcpt=1 (queue active)
Nov  4 12:24:01 mailgw postfix/smtp[20933]: 4CR46M6YvjzB0FM9: to=<NAME@domäne>, relay=192.168.4.26[192.168.4.26]:25, delay=5.1, delays=0.05/0/0.01/5, dsn=5.4.12, status=bounced (host 192.168.4.26[192.168.4.26] said: 554 5.4.12 SMTP; Hop count exceeded - possible mail loop detected on message id <c822d840dede4397a09c541c36c13e4f@domäne> (in reply to end of DATA command))
the forwarding address should be here, but here is the address from which the forwarding line is set up

Code: Select all

Nov  4 12:24:01 mailgw postfix/smtp[20933]: 4CR46M6YvjzB0FM9: to=<[b]NAME@domäne[/b]>,
Regards
Stefan
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

Can you capture one of these message headers and preheader in the /var/spool/mailscanner/milterin directory, sanitize it, and share with me?
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

i send from user@mydomain to user@mydomain, this user has a forwarding rule to an external ip address. But the messages goes back to the exchange server.

i doesn´t change anything last time...

I have a Backup "Efa with Version 3.0" that works...
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

I understand, I am trying to troubleshoot it with you so we can fix the problem without having to roll back.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

Actually, I think I understand the problem.

Let's roll back MailScanner please.

Code: Select all

sudo yum downgrade MailScanner
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

i have do the rollback... but now no messages delivered, i restart the server an hops he works
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

oh?

Code: Select all

Nov  4 16:11:35 mailgw MailScanner[3340]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:38 mailgw MailScanner[3333]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:38 mailgw MailScanner[3345]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:38 mailgw MailScanner[3345]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:38 mailgw MailScanner[3345]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:38 mailgw MailScanner[3345]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:39 mailgw MailScanner[3345]: Using SpamAssassin results cache
Nov  4 16:11:39 mailgw MailScanner[3345]: Connected to SpamAssassin cache database
Nov  4 16:11:39 mailgw MailScanner[3345]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:46 mailgw MailScanner[3340]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:46 mailgw MailScanner[3352]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:46 mailgw MailScanner[3352]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:46 mailgw MailScanner[3352]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:46 mailgw MailScanner[3352]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:46 mailgw MailScanner[3352]: Using SpamAssassin results cache
Nov  4 16:11:46 mailgw MailScanner[3352]: Connected to SpamAssassin cache database
Nov  4 16:11:46 mailgw MailScanner[3352]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:49 mailgw MailScanner[3345]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:49 mailgw MailScanner[3357]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:49 mailgw MailScanner[3357]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:49 mailgw MailScanner[3357]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:49 mailgw MailScanner[3357]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:49 mailgw MailScanner[3357]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:49 mailgw MailScanner[3357]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:49 mailgw MailScanner[3357]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:50 mailgw MailScanner[3357]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:50 mailgw MailScanner[3357]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:50 mailgw MailScanner[3357]: Using SpamAssassin results cache
Nov  4 16:11:50 mailgw MailScanner[3357]: Connected to SpamAssassin cache database
Nov  4 16:11:50 mailgw MailScanner[3357]: Enabling SpamAssassin auto-whitelist functionality...
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

Code: Select all

sudo chown postfix:mtagroup /var/spool/MailScanner/milterin
sudo chown postfix:mtagroup /var/spool/MailScanner/milterout
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

I don't even have the directory any more
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

Sorry, got the case wrong...

Code: Select all

sudo chown postfix:mtagroup /var/spool/MailScanner/milterin
sudo chown postfix:mtagroup /var/spool/MailScanner/milterout
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

thanks,

now he sends the mail, but it is not accepted by the domain.

Code: Select all

emote Server returned '554 5.0.0 <email-teams-microsoft-com.mail.protection.outlook.com #5.0.0 smtp; 554 Transaction failed

Code: Select all

Remote Server returned '554 5.0.0 <mx-aol.mail.gm0.yahoodns.net #5.0.0 smtp; 554 Transaction failed>'
samrein
Posts: 28
Joined: 04 May 2018 08:41

Re: Mail fowarding 5.5.40

Post by samrein »

now it works...

strange that the first test mail were not received

Many Many THANKS.

No i have rollbacked Mailscanner, I have to deactivate the updates now??
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

No, I pulled it from the repositories. Sorry for the trouble. I will fix upstream.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Mail fowarding 5.5.40

Post by pdwalker »

huh. I just dealt with this problem 2 days ago.

I have an exchange user who forwards mail automatically to gmail. The user@gmail address would be converted to user@exchange and sent back - which would then forward a copy to user@gmail - which would then send it back...

I changed how the message was being forwarded on my exchange server and I was able to pass the messages through.

Very weird.

The problem appears to have been happening in the postfix/cleanup stage, but I was unable to figure out why.

Would you like a log file?
davemx
Posts: 1
Joined: 09 Nov 2020 17:17

Re: Mail fowarding 5.5.40

Post by davemx »

The issue seems to be related to this:
https://github.com/MailScanner/v5/pull/ ... 3c1ce825b4

i deleted
if ($_ =~ /^ORCPT=rfc822;/)
{
MailScanner::Log::DebugLog("envrcpt_callback: ORCPT argument found: " . $_);
s/^ORCPT=rfc822;//;
if ($rcptto !~ /$_/) {
$rcptto = '<' . $_ . '>';
}
}

from
/usr/sbin/MSMilter

and forwarding revert to normal
zane93
Posts: 44
Joined: 08 Mar 2016 22:08

Re: Mail fowarding 5.5.40

Post by zane93 »

shawniverson wrote: 04 Nov 2020 15:42 No, I pulled it from the repositories. Sorry for the trouble. I will fix upstream.
Im having the same issue on a fresh install 4.x with exchange. Its not clear what the fix is if any?

192.168.2.210 is my exchange server.

Nov 12 12:41:52 exchedge postfix/smtpd[164445]: Anonymous TLS connection established from unknown[192.168.2.210]: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)
Nov 12 12:41:52 exchedge postfix/smtpd[164445]: NOQUEUE: reject: RCPT from unknown[192.168.2.210]: 554 5.7.1 <xxxxxx@gmail.com>: Relay access denied; from=<> to=<xxxxxx@gmail.com> proto=ESMTP helo=<exch.xxxxxx.com>
Nov 12 12:41:52 exchedge postfix/smtpd[164445]: disconnect from unknown[192.168.2.210] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
zane93
Posts: 44
Joined: 08 Mar 2016 22:08

Re: Mail fowarding 5.5.40

Post by zane93 »

pdwalker wrote: 06 Nov 2020 10:59 huh. I just dealt with this problem 2 days ago.

I have an exchange user who forwards mail automatically to gmail. The user@gmail address would be converted to user@exchange and sent back - which would then forward a copy to user@gmail - which would then send it back...

I changed how the message was being forwarded on my exchange server and I was able to pass the messages through.

Very weird.

The problem appears to have been happening in the postfix/cleanup stage, but I was unable to figure out why.

Would you like a log file?
So what was your fix / workaround I dont understand?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Mail fowarding 5.5.40

Post by pdwalker »

In my case, since I wasn't aware of the mailscanner bug, I changed how my exchange server forwarded messages - basically from changing it from a user level forward to a system transport level forward.

I have absolutely no idea why it worked, only that it did, and I guess I am still using the buggy version of mailscanner; either that, or the fix came in as I was trying to debug the problem.

No idea, and I'm not going to investigate it further.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail fowarding 5.5.40

Post by shawniverson »

eFa 4.0.3-13 released to resolve this problem.

viewtopic.php?f=8&p=16901
Post Reply