Lots of important dropped emails

General eFa discussion
Post Reply
SharazJek
Posts: 61
Joined: 01 Sep 2016 05:15
Location: Dallas, TX

Lots of important dropped emails

Post by SharazJek » 15 Mar 2019 13:35

I am getting actual letters in the mail from more than one banking or govt institution saying that my email address on file is being returned to them undelivered. Or, when i log onto several of my banking websites, they keep making me verify my email address. of course ebay, paypal, amazon all use this same email, and i get email from those, so its clearly not a problem with the account itself but a problem with the SMTP conversation between the sending server and my own EFA.

what debugging can i turn on to troubleshoot this?

is EFA being too selective with TLS ciphers?

User avatar
shawniverson
Posts: 2754
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Lots of important dropped emails

Post by shawniverson » 15 Mar 2019 14:19

Can you get your hands on an NDR from one of those folks?
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

SharazJek
Posts: 61
Joined: 01 Sep 2016 05:15
Location: Dallas, TX

Re: Lots of important dropped emails

Post by SharazJek » 15 Mar 2019 14:24

unlikely, its Bank Of America and Chase, And Texas Department of Public Safety.

so verbose debugging on my end is probably what it is going to have to be.

User avatar
shawniverson
Posts: 2754
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Lots of important dropped emails

Post by shawniverson » 17 Mar 2019 11:52

Just a thought, disable the following in /etc/postfix/main.cf and reload postfix.

Code: Select all

#smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
#smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
#smtpd_tls_protocols = !SSLv2,!SSLv3
#smtp_tls_protocols = !SSLv2,!SSLv3
#tls_preempt_cipherlist = yes
#tls_medium_cipherlist = ECDSA+AESGCM:ECDH+AESGCM:DH+AESGCM:ECDSA+AES:ECDH+AES:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
#smtpd_tls_ciphers = medium
I'm considering removing these anyway since the postfix community advises against modifying the protocols and cipherlists except in very specialized cases (such as mandatory encryption between two parties).
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

phideauxx
Posts: 13
Joined: 26 Feb 2015 18:21

Re: Lots of important dropped emails

Post by phideauxx » 20 Mar 2019 19:50

I am having this same problem that started just in the last couple of months with emails from ringcentral.com. But only the notification emails not the marketing stuff. Here are some logs after enabling debugging for ringcentral.com. I tried disabling the entries in main.cf as described with no change. Any other ideas?

Non-working version

Code: Select all

Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: connect from sjc01-c01-mrf02.ringcentral.com[199.255.122.183]
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: match_hostname: smtpd_client_event_limit_exceptions: sjc01-c01-mrf02.ringcentral.com ~? 127.0.0.0/8
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: match_list_match: sjc01-c01-mrf02.ringcentral.com: no match
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: milter8_conn_event: milter inet:localhost:8891: connect sjc01-c01-mrf02.ringcentral.com/199.255.122.183
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: milter8_conn_event: milter inet:localhost:8893: connect sjc01-c01-mrf02.ringcentral.com/199.255.122.183
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 220 mailfilter1.mycompany.com ESMTP Postfix
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: < sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: EHLO sjc01-c01-mrf02.ringcentral.com
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: milter8_helo_event: milter inet:localhost:8891: helo sjc01-c01-mrf02.ringcentral.com
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: milter8_helo_event: milter inet:localhost:8893: helo sjc01-c01-mrf02.ringcentral.com
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: match_list_match: sjc01-c01-mrf02.ringcentral.com: no match
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-mailfilter1.mycompany.com
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-PIPELINING
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-SIZE 1024000000
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-ETRN
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-STARTTLS
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-AUTH CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-AUTH=CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-ENHANCEDSTATUSCODES
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250-8BITMIME
Mar 20 13:25:34 mailfilter1 postfix/smtpd[3630]: > sjc01-c01-mrf02.ringcentral.com[199.255.122.183]: 250 DSN
...that's the last entry for this series

Working Received email

Code: Select all

Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: connect from cm.ringcentral.com[192.28.151.214]
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: match_hostname: smtpd_client_event_limit_exceptions: cm.ringcentral.com ~? 127.0.0.0/8
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: match_list_match: cm.ringcentral.com: no match
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_conn_event: milter inet:localhost:8891: connect cm.ringcentral.com/192.28.151.214
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_conn_event: milter inet:localhost:8893: connect cm.ringcentral.com/192.28.151.214
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 220 mailfilter1.mycompany.com ESMTP Postfix
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: < cm.ringcentral.com[192.28.151.214]: EHLO cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_helo_event: milter inet:localhost:8891: helo cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_helo_event: milter inet:localhost:8893: helo cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: match_list_match: cm.ringcentral.com: no match
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-mailfilter1.mycompany.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-PIPELINING
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-SIZE 1024000000
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-ETRN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-STARTTLS
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-AUTH CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-AUTH=CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-ENHANCEDSTATUSCODES
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-8BITMIME
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250 DSN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: < cm.ringcentral.com[192.28.151.214]: STARTTLS
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 220 2.0.0 Ready to start TLS
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: Anonymous TLS connection established from cm.ringcentral.com[192.28.151.214]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: < cm.ringcentral.com[192.28.151.214]: EHLO cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_helo_event: milter inet:localhost:8891: helo cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: milter8_helo_event: milter inet:localhost:8893: helo cm.ringcentral.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: match_list_match: cm.ringcentral.com: no match
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-mailfilter1.mycompany.com
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-PIPELINING
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-SIZE 1024000000
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-ETRN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-AUTH CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-AUTH=CRAM-MD5 PLAIN DIGEST-MD5 LOGIN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-ENHANCEDSTATUSCODES
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250-8BITMIME
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 250 DSN
Mar 20 13:26:59 mailfilter1 postfix/smtpd[5069]: < cm.ringcentral.com[192.28.151.214]: MAIL FROM:<075-DTB-715.0.471503.0.0.103480.9.20821956@cm.ringcentral.com>
... Get mail stuff
Mar 20 13:27:05 mailfilter1 postfix/smtpd[5069]: < cm.ringcentral.com[192.28.151.214]: QUIT
Mar 20 13:27:05 mailfilter1 postfix/smtpd[5069]: > cm.ringcentral.com[192.28.151.214]: 221 2.0.0 Bye
Mar 20 13:27:05 mailfilter1 postfix/smtpd[5069]: match_hostname: smtpd_client_event_limit_exceptions: cm.ringcentral.com ~? 127.0.0.0/8
Mar 20 13:27:05 mailfilter1 postfix/smtpd[5069]: match_list_match: cm.ringcentral.com: no match
Mar 20 13:27:05 mailfilter1 postfix/smtpd[5069]: disconnect from cm.ringcentral.com[192.28.151.214] ehlo=2 starttls=1 mail=2 rcpt=2 data=2 quit=1 commands=10

SharazJek
Posts: 61
Joined: 01 Sep 2016 05:15
Location: Dallas, TX

Re: Lots of important dropped emails

Post by SharazJek » 21 Mar 2019 12:25

i made the changes too, with no change. TXDPS emails still not getting thru, et al.

Post Reply