Results 1 to 7 of 7

Thread: ZCS 8.0.3 - Outgoing mail blocked by amavisd

  1. #1
    sathane is offline Member
    Join Date
    Dec 2009
    Posts
    12
    Rep Power
    5

    Default ZCS 8.0.3 - Outgoing mail blocked by amavisd

    Hi,

    I'm having a frustrating issue I've been chasing for over a week now. It appear that amavis is blocking outgoing mail. The entries I'm seeing in the mail log look like this:

    Jul 23 09:59:25 mail postfix/smtpd[11306]: NOQUEUE: filter: RCPT from mail.mobiletechnicalsolutions.com[192.168.19.21]: <sharon@stegg.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<sharon@stegg.com> to=<mpempengco@teleflex.bc.ca> proto=ESMTP helo=<mail.mobiletechnicalsolutions.com>

    The effect is inconsistent. Sometimes mail will be delivered but when the outgoing message has that "Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026" message, it's often blocked. I'm getting this for quite a bit of incoming mail as well but, right now, I'm troubleshooting the outgoing mail as amavis shouldn't even be touching that.

    Any ideas?

    Here is my configuration info:

    OS: Ubuntu Server 12.04 LTS

    zimbra@mail:~$ zmcontrol -v
    Release 8.0.3.GA.5664.UBUNTU12.64 UBUNTU12_64 FOSS edition.


    Split DNS verification:

    root@MTS-ZimbraMX:/var/log # dig mobiletechnicalsolutions.com mx

    ; <<>> DiG 9.8.1-P1 <<>> mobiletechnicalsolutions.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29150
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;mobiletechnicalsolutions.com. IN MX

    ;; ANSWER SECTION:
    mobiletechnicalsolutions.com. 3600 IN MX 10 mail.mobiletechnicalsolutions.com.

    ;; AUTHORITY SECTION:
    mobiletechnicalsolutions.com. 3600 IN NS ns1.local.

    ;; ADDITIONAL SECTION:
    mail.mobiletechnicalsolutions.com. 3600 IN A 192.168.19.21

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 26 11:03:58 2013
    ;; MSG SIZE rcvd: 106

    root@MTS-ZimbraMX:/var/log # dig mobiletechnicalsolutions.com any

    ; <<>> DiG 9.8.1-P1 <<>> mobiletechnicalsolutions.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40935
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;mobiletechnicalsolutions.com. IN ANY

    ;; ANSWER SECTION:
    mobiletechnicalsolutions.com. 3600 IN SOA ns1.local. root.mail. 35 28800 7200 604800 3600
    mobiletechnicalsolutions.com. 3600 IN NS ns1.local.
    mobiletechnicalsolutions.com. 3600 IN A 192.168.19.21
    mobiletechnicalsolutions.com. 3600 IN MX 10 mail.mobiletechnicalsolutions.com.

    ;; ADDITIONAL SECTION:
    mail.mobiletechnicalsolutions.com. 3600 IN A 192.168.19.21

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Jul 26 11:04:45 2013
    ;; MSG SIZE rcvd: 167

    root@MTS-ZimbraMX:/var/log # ping mail.mobiletechnicalsolutions.com
    PING mail.mobiletechnicalsolutions.com (192.168.19.21) 56(84) bytes of data.
    64 bytes from mail.mobiletechnicalsolutions.com (192.168.19.21): icmp_req=1 ttl=64 time=0.036 ms

    zimbra@mail:~$ zmprov gacf|grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    What gives you any indication that email is blocked? I don't see that in what you posted. It is expected to see the amavis filter being triggered. I would note that amavis never discards email, either. The port 10026 amavis simply notes that the email is originating from your server:

    Code:
    $interface_policy{'10026'} = 'ORIGINATING';
    That policy bank does the following:

    Code:
    $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
      originating => 1,  # declare that mail was submitted by our smtp client
      allow_disclaimers => 0,  # enables disclaimer insertion if available
      # notify administrator of locally originating malware
      virus_admin_maps => ['virusadmin@zimbra.com'],
      spam_admin_maps  => ['virusadmin@zimbra.com'],
      warnbadhsender   => 0,
      bypass_spam_checks_maps   => [1], # don't spam-check internal mail
      # forward to a smtpd service providing DKIM signing service
      forward_method => 'smtp:[127.0.0.1]:10030',
      # force MTA conversion to 7-bit (e.g. before DKIM signing)
      smtpd_discard_ehlo_keywords => ['8BITMIME'],
      bypass_banned_checks_maps => [0],  # allow sending any file names and types
      terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
    };
    So any mail originating on your server gets sent to amavis port 10026, and then is pushed on to port 10030 if OpenDKIM is enabled. At which point OpenDKIM sees whether or not it should be signed, and then sends it on its way to postfix for further routing. If OpenDKIM is not enabled, then amavis sends the message back to postfix on port 10025. So far, you have not shown any issue.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    sathane is offline Member
    Join Date
    Dec 2009
    Posts
    12
    Rep Power
    5

    Default

    That's the thing. It's inconsistent but the messages aren't delivered as the recipients say they haven't received it. Also, if I look further in the logs at those specific messages there is no matching 'sent' entry associated with them. It doesn't specifically say they are being 'blocked' either, so maybe that's not the term I'm looking for, but they aren't being sent.

    This happens with some incoming mail as well.

    So, is the "Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026" a normal message to be seeing in the logs? Because it's not shown with all messages either.

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    Yes, it is a normal message. Again, it only will happen for messages that trigger the filter (outgoing). Incoming messages trigger a filter for 10024. There are also multiple postfix smtpds. Only outgoing 465/587 essentially are going to hit 10026 (and all outgoing email via the web client will trigger 10026).

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    sathane is offline Member
    Join Date
    Dec 2009
    Posts
    12
    Rep Power
    5

    Default

    Ah, okay. So a temporary fix for this, as this client is losing some communications with clients and supplier, would be to have them send via port 25? Currently, all clients are configured to send via either port 465 or port 587 but I've just turned off the "TLS only" setting in the MTA Global Settings.

    When I get another report from a user regarding a lost message I will post all relevant log entries for the specific message as there is still something causing messages to be lost.

  6. #6
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    I wouldn't open yourself to hackers, if I were you. I would have end clients check their junk folder, as I'd guess that's where the "lost" emails ended up.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  7. #7
    sathane is offline Member
    Join Date
    Dec 2009
    Posts
    12
    Rep Power
    5

    Default

    For internal users pointing directly at port 25, I think it should be fine. I just won't forward port 25 into the server from the firewall for external connections. The building itself is pretty tightly controller in terms of access. This client just needs to be sure that their clients/suppliers are getting their messages.

    I'll definitely have them check their junk folders.

    Thanks for your help.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Unable to release amavisd blocked SPAM
    By abraxas1894 in forum Administrators
    Replies: 4
    Last Post: 03-31-2010, 06:21 AM
  2. Outgoing mail blocked as spam at receiving server
    By techhelp in forum Installation
    Replies: 4
    Last Post: 03-19-2010, 10:09 PM
  3. user mail is blocked.
    By siomon.liu in forum Administrators
    Replies: 3
    Last Post: 12-15-2009, 07:40 PM
  4. Undeliverable Mail MTA Blocked
    By borngunners in forum Administrators
    Replies: 1
    Last Post: 11-13-2009, 03:50 PM
  5. smtp-amavisd Holds all mail
    By ehab in forum Administrators
    Replies: 7
    Last Post: 02-23-2008, 07:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •