Spamfilter don't forward some email |
Post Reply 
|
| Author | |
vbourbeau 
Newbie 
Joined: 14 April 2010 Status: Offline Points: 19 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Spamfilter don't forward some emailPosted: 06 July 2011 at 10:56am |
|
Spamfilter don't forward some email to my smtp server. As you can see in the log the email is accept but never send to the server. No more entry after. The email in question seems to have image in attachment. But it's not all the email with image just some of it.
07/06/11 10:27:21:129 -- (3376) Received MAIL FROM: <mfaucher@xxx.com>
07/06/11 10:27:21:160 -- (3376) Received RCPT TO: dgrenier@ddd.com 07/06/11 10:27:21:535 -- (3376) - SPF analysis for mbiplastic.com done: - none 07/06/11 10:27:21:535 -- (3376) Mail from: mfaucher@xxx.com 07/06/11 10:27:21:848 -- (3376) - MAPS search done... 07/06/11 10:27:21:848 -- (3376) RCPT TO: dgrenier@ddd.com accepted 07/06/11 10:27:21:848 -- (3376) Bypassed all rules for: dgrenier@ddd.com from mfaucher@xxx.com ( Whitelisted EmailTO) |
|
 |
|
|
vbourbeau
Newbie
Joined: 14 April 2010 Status: Offline Points: 19 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 July 2011 at 11:02am |
|
other one 07/06/11 10:19:16:889 -- (35768) Detected TCP Connection: 69.70.131.114 07/06/11 10:19:16:889 -- (35768) Connection from: 69.70.131.114 - Originating country : Canada 07/06/11 10:19:16:920 -- (35768) Received MAIL FROM: <benoit.charpentier@fff.com> 07/06/11 10:19:17:045 -- (35768) Received RCPT TO: mtheberge@ddd.com 07/06/11 10:19:17:639 -- (35768) found SPF record for polyalto.com: v=spf1 a mx ptr include:videotron.com ~all 07/06/11 10:19:17:889 -- (35768) SPF query result: pass 07/06/11 10:19:17:889 -- (35768) - SPF analysis for polyalto.com done: - pass 07/06/11 10:19:17:889 -- (35768) SPF query result: pass07/06/11 10:19:17:889 -- (35768) Mail from: benoit.charpentier@fff.com 07/06/11 10:19:17:889 -- (35768) - SPF analysis for polyalto.com done: - pass 07/06/11 10:19:17:889 -- (35768) Mail from: benoit.charpentier@fff.com 07/06/11 10:19:18:218 -- (35768) - MAPS search done... 07/06/11 10:19:18:218 -- (35768) RCPT TO: mtheberge@ddd.com accepted
|
|
|
|
|
dotme
Newbie
Joined: 27 October 2008 Status: Offline Points: 20 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 July 2011 at 1:41pm |
|
The forwarding happens under a different ID number, so search your logs for the next instance of the receipent email address and you should see what's going on with forwarding.
|
|
|
|
|
vbourbeau
Newbie
Joined: 14 April 2010 Status: Offline Points: 19 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 July 2011 at 1:47pm |
|
I post the id 2792 and few other line... I don't find anything after that
07/06/11 11:02:54:104 -- (2792) Detected TCP Connection: 69.70.131.114 07/06/11 11:02:54:104 -- (2792) Connection from: 69.70.131.114 - Originating country : Canada 07/06/11 11:02:54:135 -- (2792) Received MAIL FROM: <benoit.charpentier@polyalto.com> 07/06/11 11:02:54:182 -- (2792) Received RCPT TO: mtheberge@bainultra.com 07/06/11 11:02:55:745 -- (2792) found SPF record for polyalto.com: v=spf1 a mx ptr include:videotron.com ~all 07/06/11 11:02:55:823 -- (2792) SPF query result: pass 07/06/11 11:02:55:823 -- (2792) - SPF analysis for polyalto.com done: - pass 07/06/11 11:02:55:823 -- (2792) Mail from: benoit.charpentier@polyalto.com 07/06/11 11:02:56:104 -- (2792) - MAPS search done... 07/06/11 11:02:56:104 -- (2792) RCPT TO: mtheberge@bainultra.com accepted 07/06/11 11:03:18:196 -- (2276) Detected TCP Connection: 89.122.118.72 07/06/11 11:03:18:212 -- (2276) Connection from: 89.122.118.72 - Originating country : Romania 07/06/11 11:03:18:540 -- (2276) Received MAIL FROM: <palmer@bainsultra.com> 07/06/11 11:03:18:712 -- (2276) Received RCPT TO: palmer@bainsultra.com 07/06/11 11:03:18:712 -- (2276) - IP address is from a blacklisted country... 07/06/11 11:03:18:712 -- (2276) 89.122.118.72 - Mail from: palmer@bainsultra.com To: palmer@bainsultra.com will be rejected 07/06/11 11:03:19:290 -- (2276) Starting quarantine procedures 07/06/11 11:03:19:337 -- (2276) Created thread (832) to add email to quarantine 07/06/11 11:03:19:337 -- (832) Adding to Quarantine file:Qrtn30C5675B-8C9E-4914-A21A-75A0F3A425C0.tmp 07/06/11 11:03:19:368 -- (832) EMail from palmer@bainsultra.com to palmer@bainsultra.com was received and quarantined. Size: 2 KB, 2048 bytes 07/06/11 11:03:19:509 -- (2276) Blacklist cache - Added 89.122.118.72 to limbo 07/06/11 11:03:19:681 -- (2276) SFDB - Added 89.122.118.72 - Response: Error=0 07/06/11 11:03:19:681 -- (2276) Disconnect 07/06/11 11:03:34:852 -- (1496) Starting to process queue directory... 07/06/11 11:03:34:867 -- (760) Running TTerminateIdleThreads - SFTC=4 - SFFC=4 07/06/11 11:03:34:867 -- (760) Running TTerminateIdleThreads SSL - SFTC=0 - SFFC=4 07/06/11 11:03:34:899 -- (4008) Saved GreyListAllowed.txt 07/06/11 11:03:34:899 -- (3700) Blacklist cache - starting cleanup 07/06/11 11:03:34:899 -- (2244) Starting to process quarantine directory... 07/06/11 11:03:35:008 -- (3700) IPcache Limbo - removed 6 entries during cleanup 07/06/11 11:03:54:960 -- (424) No Data Received 07/06/11 11:03:54:960 -- (424) Disconnect 07/06/11 11:03:57:475 -- (3516) Detected TCP Connection: 85.101.21.154 07/06/11 11:03:57:475 -- (3516) Connection from: 85.101.21.154 - Originating country : Turkey 07/06/11 11:04:00:194 -- (2264) Detected TCP Connection: 220.232.206.9 07/06/11 11:04:00:194 -- (2264) Connection from: 220.232.206.9 - Originating country : Hong Kong |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 July 2011 at 5:40pm |
|
vbourbeau,
The three log snippets are all for 3 different times and different connections. The first recipient in the first snippet - dgrenier@ddd.com - does not appear in the other two. We can't follow what happens unless you have the full log entries relative to an email attempt. FYI a typical email sequence will begin with a line similar to the following (all sharing the same thread id - 2792 in this case): 07/06/11 11:02:54:104 -- (2792) Detected TCP Connection: 69.70.131.114 and will finish with: 07/06/11 11:04:51:204 -- (2792) Disconnect After that, if the email is accepted, there will be more entries showing the email being delivered: 07/06/11 11:04:50:044 -- (796) Sending email from ...userA... to ..userB... -- 07/06/11 11:04:51:14 -- (796) EMail from ..userA... to ..userB... -- was forwarded to mail2.netwide.net:587 |
|
|
|
|
vbourbeau
Newbie
Joined: 14 April 2010 Status: Offline Points: 19 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 July 2011 at 8:17am |
|
If you give me your email I can send you the log file.
|
|
|
|
|
vbourbeau
Newbie
Joined: 14 April 2010 Status: Offline Points: 19 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 July 2011 at 11:01am |
|
I found the problem... It was a IDS firewall policy who is close the connection. I don't know why because I found nothing in the firewall log. But disactivate this policy let the email enter.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.152 seconds.