efa-project.org

Posted: **04 Nov 2020 12:00**

Hi @all,

since this morning i cannot forwarding mails from my exchange 2016. We dont make any updates or changes, but when i configure a forwarding rule in my exchange server, have i the follow issue.

The Efa 4 Server is my Smarthost.

Remote Server returned '554 5.4.0 <192.168.4.26 #5.4.12 smtp; 554 5.4.12 SMTP; Hop count exceeded - possible mail loop detected on message

Code: Select all

Final-Recipient: rfc822; xxxx@xxx
Original-Recipient: rfc822;xxxx@xxx
Action: failed
Status: 5.4.12
Remote-MTA: dns; 192.168.4.26
Diagnostic-Code: smtp; 554 5.4.12 SMTP; Hop count exceeded - possible mail
loop
    detected on message id <c822d840dede4397a09c541c36c13e4f@xxxx>

it does not deliver the message externally, but appears to be sending it straight back to the exchange.
Normal messages work without errors.

What can i do to find the issue?

Regards
Stefan

Posted: **04 Nov 2020 14:17**

Can you get me the contents of /var/log/maillog from the eFa at the time this is happening (sanitized)?

Posted: **04 Nov 2020 14:34**

Hello Shawwniverson,

it does not deliver the message externally, but appears to be sending it straight back to the exchange. Normal messages work without errors. Apparently he tries to forward to the mailaddress, in which the forwarding is configured.

Code: Select all

Nov  4 12:23:55 mailgw MailScanner[2890]: <A> tag found in message 4CR46H10C8zB0FMD from NAME@domäne
Nov  4 12:23:55 mailgw MailScanner[2890]: HTML Img tag found in message 4CR46H10C8zB0FMD from NAME@domäne
Nov  4 12:23:55 mailgw postfix/qmgr[2074]: 4CR46M6YvjzB0FM9: from=<NAME@domäne>, size=15184, nrcpt=1 (queue active)
Nov  4 12:24:01 mailgw postfix/smtp[20933]: 4CR46M6YvjzB0FM9: to=<NAME@domäne>, relay=192.168.4.26[192.168.4.26]:25, delay=5.1, delays=0.05/0/0.01/5, dsn=5.4.12, status=bounced (host 192.168.4.26[192.168.4.26] said: 554 5.4.12 SMTP; Hop count exceeded - possible mail loop detected on message id <c822d840dede4397a09c541c36c13e4f@domäne> (in reply to end of DATA command))

the forwarding address should be here, but here is the address from which the forwarding line is set up

Code: Select all

Nov  4 12:24:01 mailgw postfix/smtp[20933]: 4CR46M6YvjzB0FM9: to=<[b]NAME@domäne[/b]>,

Regards
Stefan

Posted: **04 Nov 2020 14:44**

Can you capture one of these message headers and preheader in the /var/spool/mailscanner/milterin directory, sanitize it, and share with me?

Posted: **04 Nov 2020 14:48**

i send from user@mydomain to user@mydomain, this user has a forwarding rule to an external ip address. But the messages goes back to the exchange server.

i doesn´t change anything last time...

I have a Backup "Efa with Version 3.0" that works...

Posted: **04 Nov 2020 14:50**

I understand, I am trying to troubleshoot it with you so we can fix the problem without having to roll back.

Posted: **04 Nov 2020 14:55**

Actually, I think I understand the problem.

Let's roll back MailScanner please.

Code: Select all

sudo yum downgrade MailScanner

Posted: **04 Nov 2020 15:10**

i have do the rollback... but now no messages delivered, i restart the server an hops he works

Posted: **04 Nov 2020 15:12**

oh?

Code: Select all

Nov  4 16:11:35 mailgw MailScanner[3340]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:38 mailgw MailScanner[3333]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:38 mailgw MailScanner[3345]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:38 mailgw MailScanner[3345]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:38 mailgw MailScanner[3345]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:38 mailgw MailScanner[3345]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:38 mailgw MailScanner[3345]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:38 mailgw MailScanner[3345]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:39 mailgw MailScanner[3345]: Using SpamAssassin results cache
Nov  4 16:11:39 mailgw MailScanner[3345]: Connected to SpamAssassin cache database
Nov  4 16:11:39 mailgw MailScanner[3345]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:46 mailgw MailScanner[3340]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:46 mailgw MailScanner[3352]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:46 mailgw MailScanner[3352]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:46 mailgw MailScanner[3352]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:46 mailgw MailScanner[3352]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:46 mailgw MailScanner[3352]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:46 mailgw MailScanner[3352]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:46 mailgw MailScanner[3352]: Using SpamAssassin results cache
Nov  4 16:11:46 mailgw MailScanner[3352]: Connected to SpamAssassin cache database
Nov  4 16:11:46 mailgw MailScanner[3352]: Enabling SpamAssassin auto-whitelist functionality...
Nov  4 16:11:49 mailgw MailScanner[3345]: /var/spool/MailScanner/milterout is not owned by user 89 !
Nov  4 16:11:49 mailgw MailScanner[3357]: MailScanner Email Processor version 5.3.3 starting...
Nov  4 16:11:49 mailgw MailScanner[3357]: Reading configuration file /etc/MailScanner/MailScanner.conf
Nov  4 16:11:49 mailgw MailScanner[3357]: Reading configuration file /etc/MailScanner/conf.d/README
Nov  4 16:11:49 mailgw MailScanner[3357]: Read 868 hostnames from the phishing whitelist
Nov  4 16:11:49 mailgw MailScanner[3357]: Read 5807 hostnames from the phishing blacklists
Nov  4 16:11:49 mailgw MailScanner[3357]: Config: calling custom init function SQLBlacklist
Nov  4 16:11:49 mailgw MailScanner[3357]: MailWatch: Starting up MailWatch SQL Blacklist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Read 0 blacklist entries
Nov  4 16:11:50 mailgw MailScanner[3357]: Config: calling custom init function MailWatchLogging
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Started MailWatch SQL Logging child
Nov  4 16:11:50 mailgw MailScanner[3357]: Config: calling custom init function SQLWhitelist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Starting up MailWatch SQL Whitelist
Nov  4 16:11:50 mailgw MailScanner[3357]: MailWatch: Read 34 whitelist entries
Nov  4 16:11:50 mailgw MailScanner[3357]: Using SpamAssassin results cache
Nov  4 16:11:50 mailgw MailScanner[3357]: Connected to SpamAssassin cache database
Nov  4 16:11:50 mailgw MailScanner[3357]: Enabling SpamAssassin auto-whitelist functionality...

Posted: **04 Nov 2020 15:14**

Code: Select all

sudo chown postfix:mtagroup /var/spool/MailScanner/milterin
sudo chown postfix:mtagroup /var/spool/MailScanner/milterout

Posted: **04 Nov 2020 15:16**

I don't even have the directory any more

Posted: **04 Nov 2020 15:17**

Sorry, got the case wrong...

Code: Select all

sudo chown postfix:mtagroup /var/spool/MailScanner/milterin
sudo chown postfix:mtagroup /var/spool/MailScanner/milterout

Posted: **04 Nov 2020 15:29**

thanks,

now he sends the mail, but it is not accepted by the domain.

Code: Select all

emote Server returned '554 5.0.0 <email-teams-microsoft-com.mail.protection.outlook.com #5.0.0 smtp; 554 Transaction failed

Code: Select all

Remote Server returned '554 5.0.0 <mx-aol.mail.gm0.yahoodns.net #5.0.0 smtp; 554 Transaction failed>'

Posted: **04 Nov 2020 15:40**

now it works...

strange that the first test mail were not received

Many Many THANKS.

No i have rollbacked Mailscanner, I have to deactivate the updates now??

Posted: **04 Nov 2020 15:42**

No, I pulled it from the repositories. Sorry for the trouble. I will fix upstream.

Posted: **06 Nov 2020 10:59**

huh. I just dealt with this problem 2 days ago.

I have an exchange user who forwards mail automatically to gmail. The user@gmail address would be converted to user@exchange and sent back - which would then forward a copy to user@gmail - which would then send it back...

I changed how the message was being forwarded on my exchange server and I was able to pass the messages through.

Very weird.

The problem appears to have been happening in the postfix/cleanup stage, but I was unable to figure out why.

Would you like a log file?

Posted: **09 Nov 2020 17:21**

The issue seems to be related to this:
https://github.com/MailScanner/v5/pull/ ... 3c1ce825b4

i deleted
if ($_ =~ /^ORCPT=rfc822;/)
{
MailScanner::Log::DebugLog("envrcpt_callback: ORCPT argument found: " . $_);
s/^ORCPT=rfc822;//;
if ($rcptto !~ /$_/) {
$rcptto = '<' . $_ . '>';
}
}

from
/usr/sbin/MSMilter

and forwarding revert to normal

Posted: **12 Nov 2020 18:21**

shawniverson wrote: 04 Nov 2020 15:42 No, I pulled it from the repositories. Sorry for the trouble. I will fix upstream.

Im having the same issue on a fresh install 4.x with exchange. Its not clear what the fix is if any?

192.168.2.210 is my exchange server.

Nov 12 12:41:52 exchedge postfix/smtpd[164445]: Anonymous TLS connection established from unknown[192.168.2.210]: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)
Nov 12 12:41:52 exchedge postfix/smtpd[164445]: NOQUEUE: reject: RCPT from unknown[192.168.2.210]: 554 5.7.1 <xxxxxx@gmail.com>: Relay access denied; from=<> to=<xxxxxx@gmail.com> proto=ESMTP helo=<exch.xxxxxx.com>
Nov 12 12:41:52 exchedge postfix/smtpd[164445]: disconnect from unknown[192.168.2.210] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Posted: **12 Nov 2020 21:21**

pdwalker wrote: 06 Nov 2020 10:59 huh. I just dealt with this problem 2 days ago.

I have an exchange user who forwards mail automatically to gmail. The user@gmail address would be converted to user@exchange and sent back - which would then forward a copy to user@gmail - which would then send it back...

I changed how the message was being forwarded on my exchange server and I was able to pass the messages through.

Very weird.

The problem appears to have been happening in the postfix/cleanup stage, but I was unable to figure out why.

Would you like a log file?

So what was your fix / workaround I dont understand?

Posted: **13 Nov 2020 06:55**

In my case, since I wasn't aware of the mailscanner bug, I changed how my exchange server forwarded messages - basically from changing it from a user level forward to a system transport level forward.

I have absolutely no idea why it worked, only that it did, and I guess I am still using the buggy version of mailscanner; either that, or the fix came in as I was trying to debug the problem.

No idea, and I'm not going to investigate it further.

Posted: **13 Nov 2020 10:21**

eFa 4.0.3-13 released to resolve this problem.

viewtopic.php?f=8&p=16901

efa-project.org

Mail fowarding 5.5.40

Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40

Re: Mail fowarding 5.5.40