Postfix problem does not accept email

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.2 REQUIRED
Virtualmin version 7.7 Pro REQUIRED
postfix version 3.6.4

I have this problem with a certain email which is not getting to my users mailbox. It seems that most of the mail if not all of it is delivered properly. This is the only email that I am aware is not getting where it supposed to. It happens to be from a bank–it is a link to a docusign document. I had the same behavior for two email users in my system. The email was delivered sucessfully to another system that I have an email account to–microsoft outlook.

I have looked at the mail logs and I cannot make any sense out of it except that the email that was not delivered did not have the sections SPAMD in it but skipped that. The email that was delivered had the spamd section in it. I see no error message that I understand. Hopefully someone who knows more about Postfix can steer me in the right direction. Below find the relevant mail log sections showing email that was not delivered and email that was delivered.

Any help would be appreciated. Thanks
Michael

Log:
Mail log:

Unsucessful messages:

15:09:10 mrxxxxtl postfix/qmgr[423532]: CECB92341FEF: removed
15:09:10 mrxxxxtl postfix/local[1887976]: CECB92341 FEF: to=<“rozzzze@rxxxxt.com”@mrxxxxt1.com>, orig_to=rozzzze@rxxxxt.com, relay=local, delay=2, delays=1.8/0/0/0.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $D0MAIN -d $L0GNAME)
15:09:10 mrxxxxtl postfix/smtpd[1885215]: disconnect from mxdalpx06.wellsfargo.com[159.45.87.82] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
15:09:10 mrxxxxtl postfix/trivial-rewrite[1887937]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
15:09:10 mrxxxxtl postfix/qmgr[423532]: CECB92341FEF: from=alerts@notify.wellsfargo.com, size=7058, nrcpt=1 (queue active)
15:09:10 mrxxxxtl opendkim[414077]: CECB92341FEF: s=2011-05-wfb d=notify.wellsfargo.com a=rsa-sha256 SSL
15:09:10 mrxxxxtl opendkim[414077]: CECB92341FEF: DKIM verification successful
15:09:08 mrxxxxtl postfix/cleanup[1887938]: CECB92341FEF: message-id=1065534975.9753805.1689102547680@mn2-162a-ixb-al.wellsfargo.com
15:09:08 mrxxxxtl postfix/smtpd[1885215]: CECB92341FEF: client=mxdalpx06.wellsfargo.com[159.45.87.82]
15:09:08 mrxxxxtl postfix/smtpd[1885215]: connect from mxdalpx06.wellsfargo.com[159.45.87.82]

06:21:55 mrxxxxtl postfix/qmgr[423532]: 3CFBF2342001: removed
06:21:55 mrxxxxtl postfix/localf1994919]: 3CFBF2342001: to=<“rozzzze@rxxxxt.com”@mrxxxxt1.com>, orig_to=rrxxxxt@rxxxxt.net, relay=local, delay=2.8, delays=2.6/0/0/0.21, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $D0MAIN -d $L0GNAME)
06:21:55 mrxxxxtl postfix/smtpd[1994903]: disconnect from mta2.mail1.wf.com[13.111.189.30] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
06:21:55 mrxxxxtl postfix/trivial-rewrite[1994110]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
06:21:55 mrxxxxtl postfix/trivial-rewrite[1994110]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
06:21:55 mrxxxxtl postfix/qmgr[423532]: 3CFBF2342001: from=bounce-28_HTML-54464560-197392-518005185-78409@bounce.maill.wellsfargo.com, size=47322, nrcpt=1 (queue active)
06:21:55 mrxxxxtl opendkim[414077]: 3CFBF2342001: s=200608 d=mail1.wellsfargo.com a=rsa-sha256 SSL
06:21:55 mrxxxxtl opendkim[414077]: 3CFBF2342001: DKIM verification successful
06:21:53 mrxxxxtl postfix/cleanup[1994917]: 3CFBF2342001: message-id=2e5e15c4-3768-4703-b262-54fcd9ae517e@atl1s07mta3200.xt.local
06:21:53 mrxxxxtl postfix/smtpd[1994903]: 3CFBF2342001: client=mta2.maill.wf.com[13.111.189.30]
06:21:52 mrxxxxtl postfix/smtpd[1994903]: connect from mta2.maill.wf.com[13.111.189.30]

Sucessful Messages:

16:01:40 mrxxxxtl postfix/qmgr[423532]: ABA8C2341FFB: removed
16:01:40 mrxxxxtl postfix/local[1711210]: ABA8C2341FFB: to=<“rozzzze@rxxxxt.com”@mrxxxxt1.com>, orig_to=rozzzze@rxxxxt.C0M, relay=local, delay=2.7, delays=2/0/0/0.73, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $D0MAIN -d $L0GNAME)
16:01:40 mrxxxxtl spamd[1659938]: spamd: result: . -15 - DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HEL0_N0NE,SPF_PASS,TRACKER_ID,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL scantime=0.6,size=6436,user=rozzzze@rxxxxt.com,uid=1008,required_score=5.0,rhost=::1,raddr=::1,rport=38514,mid=790020297.8574833.1689019297052@mn2-125a-ixb-al.wellsfargo.com,autolearn=no autolearn_force=no
16:01:40 mrxxxxtl spamd[1659938]: spamd: clean message (-15.4/5.0) for rozzzze@rxxxxt.com:1008 in 0.6 seconds, 6436 bytes.
16:01:39 mrxxxxtl spamd[1659938]: spamd: processing message 790020297.8574833.1689019297052@mn2-125a-ixb-al.wellsfargo.com for rozzzze@rxxxxt.com :1008
16:01:39 mrxxxxtl spamd[1659938]: spamd: setuid to rozzzze@rxxxxt.com succeeded
16:01:39 mrxxxxtl spamd[1659938]: spamd: connection from ::1 [: :1]:38514 to port 783, fd 5
16:01:39 mrxxxxtl postfix/smtpd[1712909]: disconnect from mxdalpv07.wellsfargo.com[159.45.16.112] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
16:01:39 mrxxxxtl postfix/trivial-rewrite[1711167]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
16:01:39 mrxxxxtl postfix/qmgr[423532]: ABA8C2341FFB: from=alerts@notify.wellsfargo.com, size=6177, nrcpt=1 (queue active)
16:01:39 mrxxxxtl opendkim[414077]: ABA8C2341FFB: s=2011-05-wfb d=notify.wellsfargo.com a=rsa-sha256 SSL
16:01:39 mrxxxxtl opendkim[414077]: ABA8C2341FFB: DKIM verification successful
16:01:37 mrxxxxtl postfix/cleanup[1711168]: ABA8C2341 FFB: message-id=790020297.8574833.1689019297052@mn2-125a-ixb-al.wellsfargo.com
16:01:37 mrxxxxtl postfix/smtpd[1712909]: ABA8C2341FFB: client=mxdalpv07.wellsfargo.com[159.45.16.112]
16:01:37 mrxxxxtl postfix/smtpd[1712909]: connect from mxdalpv07.wellsfargo.com[159.45.16.112]

6:48:10 mrxxxxtl postfix/qmgr[423532]: AE4622340FFB: removed
16:48:10 mrxxxxtl postfix/local[1913508]: AE4622340FFB: to=<“rozzzze@rxxxxt.com”@mrxxxxt1.com>, orig_to=rrxxxxt@rxxxxt.net, relay=local, delay=0.84, delays=0.24/0/0/0.6, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $D0MAIN -d $L0GNAME)
16:48:10 mrxxxxtl spamdf1814388]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_BLOCKED,SPF_HEL0_N0NE, SPF_PASS, T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED scantime=0.4,size=81801,user=rozzzze@rxxxxt.com,uid=1008,required_score=5.0,rhost=::1,raddr=::1,rport=33006,mid=<f9f50bfa-ad94-424a-9e9e-07587a09cdcd@ind1 S01mta61 5.xt.local>, autolearn=ham autolearn_force=no
16:48:10 mrxxxxtl spamd[1814388]: spamd: clean message (-0.1/5.0) for rozzzze@rxxxxt.com:1008 in 0.4 seconds, 81801 bytes.
16:48:10 mrxxxxtl spamd[1814388]: spamd: processing message f9f50bfa-ad94-424a-9e9e-07587a09cdcd@ind1s01mta615.xt.local for rozzzze@rxxxxt.com:1008
16:48:10 mrxxxxtl spamd[1814388]: spamd: setuid to rozzzze@rxxxxt.com succeeded
16:48:10 mrxxxxtl spamd[1814388]: spamd: connection from ::1 [: :1]:33006 to port 783, fd 5
16:48:09 mrxxxxtl postfix/smtpd[1913484]: disconnect from mta2.belkemail.com[207.67.38.193] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
16:48:09 mrxxxxtl postfix/trivial-rewrite[1913493]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
16:48:09 mrxxxxtl postfix/trivial-rewrite[1913493]: warning: do not list domain mrxxxxt1.com in BOTH mydestination and virtual_alias_domains
16:48:09 mrxxxxtl postfix/qmgr[423532]: AE4622340FFB: from=bounce-39604976_HTML-872007314-81019673-10972016-19746@bounce.belkemail.com, size=82639, nrcpt=1 (queue active)
16:48:09 mrxxxxtl opendkim[414077]: AE4622340FFB: s=200608 d=belkemail.com a=rsa-sha256 SSL
16:48:09 mrxxxxtl opendkim[414077]: AE4622340FFB: DKIM verification successful
16:48:09 mrxxxxtl postfix/cleanup[1913506]: AE4622340FFB: message-id=f9f50bfa-ad94-424a-9e9e-07587a09cdcd@ind1s01mta615.xt.local
16:48:09 mrxxxxtl postfix/smtpd[1913484]: AE4622340FFB: client=mta2.belkemail.com[207.67.38.193]
16:48:09 mrxxxxtl postfix/smtpd[1913484]: connect from mta2.belkemail.com[207.67.38.193]

2

This may not be the problem, but it is a problem. You named your system the same name as the name of a domain you’re hosting in Virtualmin. You shouldn’t do that (and the docs tell you not to do that).

From the download page: “The name of the system can be anything you want, but it must be fully qualified and should not match a name you’ll be hosting mail for. For example, if you have domain virtualmin.com you might name the server srv1.virtualmin.com or ns1.virtualmin.com. What name you choose is unimportant, but it must be fully qualified, it must not match a domain you’ll be managing in Virtualmin, and it must resolve, for several mail operations to work correctly.”

That’s recommended for the very reason you’re seeing this error.

3

I renamed my sever a different name and it did get rid of the “do not list error” but I have not seen that error was of any consequence.

I don’t believe it will fix the error of why this email is not being received. I have a copy of the email that I received in my other outlook account, and I sent it to my postfix account again and once again it accepted the message but did not deliver it anywhere. It did not appear to run the spamd component. There must be something with this message that is causing a problem. I forwarded another message from wells fargo and I did not have this problem.

Once again, any guidance would be greatly appreciated.

Thanks.
Michael

4

What appears in the maillog when the message that isn’t delivered arrives? Does it make it to procmail? If so, check the procmail log for clues.

5

Thanks Joe for getting me on the right track.
Looking at the procmail.log indeed these messages from Wells Fargo Bank that I know are legit were identified as Virus containing. Indeed this same message when sent to my google account also did not get delivered. Shame on Wells Fargo.

Looking at the Procmail log for the most recent message:

Time:1689533086 From:MRIVNER@augusta.edu To:Michael@rivner.com User:michael@rivner.com Size:24775 Dest:/dev/null Mode:Virus
Folder: /dev/null 24774
Subject: Action required: Sign your Wells Fargo Advisors document(s)
From MRIVNER@augusta.edu Sun Jul 16 14:44:45 2023
procmail: Program failure (1) of “/etc/webmin/virtual-server/clam-wrapper.pl”

The mail.log:

ul 16 14:44:46 server postfix/qmgr[142096]: 888C923420D4: removed
Jul 16 14:44:46 server postfix/local[162178]: 888C923420D4: to=<“michael@rivner.com”@server.mrivner1.com>, orig_to=michael@rivner.com, relay=local, delay=1.6, delays=1.4/0/0/0.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Jul 16 14:44:46 server postfix/smtpd[161815]: disconnect from mail-sn1nam02on2128.outbound.protection.outlook.com[40.107.96.128] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 rset=1 quit=1 commands=8
Jul 16 14:44:45 server postfix/qmgr[142096]: 888C923420D4: from=MRIVNER@augusta.edu, size=24945, nrcpt=1 (queue active)
Jul 16 14:44:45 server opendkim[137905]: 888C923420D4: s=selector1 d=augusta.edu a=rsa-sha256 SSL
Jul 16 14:44:45 server opendkim[137905]: 888C923420D4: DKIM verification successful
Jul 16 14:44:45 server opendkim[137905]: 888C923420D4: failed to parse authentication-results: header field
Jul 16 14:44:44 server postfix/cleanup[162161]: 888C923420D4: message-id=BN7PR03MB37476F91ECD01379F4062F71B93AA@BN7PR03MB3747.namprd03.prod.outlook.com
Jul 16 14:44:44 server postfix/smtpd[161815]: 888C923420D4: client=mail-sn1nam02on2128.outbound.protection.outlook.com[40.107.96.128]
Jul 16 14:44:44 server postfix/smtpd[161815]: TLS SNI rivner.com from mail-sn1nam02on2128.outbound.protection.outlook.com[40.107.96.128] not matched, using default chain
Jul 16 14:44:44 server postfix/smtpd[161815]: connect from mail-sn1nam02on2128.outbound.protection.outlook.com[40.107.96.128]

I tracked down the procmail log entries for the other unsucessful emails that I included above and also in these instances a virus was identified.

This does make sense and most likely is the reason these messages were not delivered. I guess these messages are not quarantined somewhere on the system.

Thanks.
Michael

6

I’m not sure that’s actually ClamAV detecting a virus. It may be a size restriction. Which is probably a bug on our part, somewhere. We should probably fail open on viruses (because throwing away big mail rather than bouncing it is a terrible user experience).

That’s up to you. How spam and viruses are handled is configurable.

7

Thanks Joe.

I looked but I can’t find the configuration options for handling viruses. Obviously I want to exclude viruses but would like to get important email from my bank.

Michael

8

Virtualmin Configuration->Spam filtering options

Screenshot from 2023-07-16 19-52-45
Screenshot from 2023-07-16 19-52-451962×945 146 KB

9

Thanks.

Michael

10

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.