Serious Issue with Sending Email

This is the Mailtraq Peer Support forum. Get assistance using and managing Mailtraq, and help others solve problems too.

Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 8:21am

We are having very sporadic issues with emails unable to be sent. All the connections appear OK, and mail can make it out to recipients periodically. I cannot adequately decipher the logs to see exactly what is causing this issue. I have attached the LOG file from this morning, this issue started yesterday afternoon. Any insight would be greatly appreciated. Thanks!

Mailtraq Version: 2.xx.x.xxxx
You do not have the required permissions to view the files attached to this post.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Thu Jun 06th, 2013 10:55am

Here's something interesting I found in your log:

Code: Select all
00000002 00001143 06/06/2013 00:58:39 M020F95E7 Starting connection to alvarocarneiroarquitecto.com (130.185.81.67)
00000002 00001143 06/06/2013 00:58:39 M020F9767 Establishing protocol with alvarocarneiroarquitecto.com
00000002 00001143 06/06/2013 00:58:40 M02101BC7 220 secure.lusomega.com ESMTP Service ready
00000002 00001143 06/06/2013 00:58:41 M02101DB7 EHLO ms1.corpay.com    --->  250-Requested mail action okay, completed
00000002 00001143 06/06/2013 00:58:41 M02101DB7 EHLO ms1.corpay.com    --->  250-SIZE 32000000
00000002 00001143 06/06/2013 00:58:41 M02101DB7 EHLO ms1.corpay.com    --->  250-8BITMIME
00000002 00001143 06/06/2013 00:58:41 M02101DB7 EHLO ms1.corpay.com    --->  250-AUTH PLAIN LOGIN
00000002 00001143 06/06/2013 00:58:41 M02101D77 EHLO ms1.corpay.com    --->  250 OK
00000002 00001143 06/06/2013 00:58:41 M0210D1B7 Starting delivery of CRPY2C282BF2
00000002 00001143 06/06/2013 00:58:41 M0210D407 MAIL FROM:<>  --->   250 Requested mail action okay, completed
+ 00001144 aspmx.l.google.com [06/06/2013 00:58:41]
00000002 00001143 06/06/2013 00:58:41 M021125C7 RCPT TO:<pqwrijxvy505@alvarocarneiroarquitecto.com>  --->   451 Requested action aborted: local error in processing
00000002 00001143 06/06/2013 00:58:41 M02118707 Tagging message CRPY2C2722D9~alvarocarneiroarquitecto_com for failure/later retry
00000002 00001143 06/06/2013 00:58:41 M02112787 RSET  --->   


Code: Select all
00000002 00000F8D 06/06/2013 00:06:57 M022AEB97 Starting connection to gmail-smtp-in.l.google.com (173.194.68.27)
00000002 00000F8D 06/06/2013 00:06:57 M022AECF7 Establishing protocol with gmail-smtp-in.l.google.com
00000002 00000F8D 06/06/2013 00:06:57 M022AECF7 220 mx.google.com ESMTP Service ready
00000002 00000F8D 06/06/2013 00:06:58 M022AFE67 EHLO ms1.corpay.com    --->  250-Requested mail action okay, completed
00000002 00000F8D 06/06/2013 00:06:58 M022AFE47 EHLO ms1.corpay.com    --->  250-SIZE 32000000
00000002 00000F8D 06/06/2013 00:06:58 M022AFE27 EHLO ms1.corpay.com    --->  250-8BITMIME
00000002 00000F8D 06/06/2013 00:06:58 M022AFDA7 EHLO ms1.corpay.com    --->  250 OK
00000002 00000F8D 06/06/2013 00:06:58 M022C08B7 Starting delivery of CRPY2C28284E
00000002 00000F8D 06/06/2013 00:06:58 M022C0CA7 MAIL FROM:<s-qjtrdaj-gr8e75wo-b29xg0quumip1mobmprgf0spfzmwyxofso_yg@bounce.linkedin.com>  --->   250 Requested mail action okay, completed
00000002 00000F8D 06/06/2013 00:06:58 M022C0CE7 RCPT TO:<meenamehta@gmail.com>  --->   250 Requested mail action okay, completed
00000002 00000F8D 06/06/2013 00:06:58 M022C0DD7 DATA  --->   354 Start mail input; end with <CRLF>.<CRLF>
00000002 00000F8D 06/06/2013 00:06:59 M022C17A7 .  --->   451 Requested action aborted: local error in processing
00000002 00000F8D 06/06/2013 00:06:59 M022C8307 Tagging message CRPY2BF8B77E~gmail-smtp-in_l_google_com for failure/later retry
00000002 00000F8D 06/06/2013 00:06:59 M022C17F7 RSET  --->   


Code: Select all
00000002 00000FBB 06/06/2013 00:10:22 M0203D10F Starting connection to mx00.gmx.com (74.208.5.4)
00000002 00000FBB 06/06/2013 00:10:22 M0203D27F Establishing protocol with mx00.gmx.com
00000002 00000FBB 06/06/2013 00:10:22 M0203D37F 451 Requested action aborted: local error in processing
00000002 00000FBB 06/06/2013 00:10:22 M0204328F Tagging message CRPY2C262134~mx00_gmx_com for failure/later retry


Code: Select all
00000002 00001034 06/06/2013 00:26:27 M01FD8017 Starting connection to aek365.gr (5.10.66.226)
00000002 00001034 06/06/2013 00:26:27 M01FD8267 220 s3.hostup.gr ESMTP Service ready
00000002 00001034 06/06/2013 00:26:28 M01FD8497 EHLO ms1.corpay.com    --->  250-Requested mail action okay, completed
00000002 00001034 06/06/2013 00:26:28 M01FD8497 EHLO ms1.corpay.com    --->  250-SIZE 32000000
00000002 00001034 06/06/2013 00:26:28 M01FD8477 EHLO ms1.corpay.com    --->  250-8BITMIME
00000002 00001034 06/06/2013 00:26:28 M01FD8477 EHLO ms1.corpay.com    --->  250-AUTH PLAIN LOGIN
00000002 00001034 06/06/2013 00:26:28 M01FD8417 EHLO ms1.corpay.com    --->  250 OK
00000002 00001034 06/06/2013 00:26:28 M01FE3A97 Starting delivery of CRPY2C2829AF
00000002 00001034 06/06/2013 00:26:29 M01FE3CE7 MAIL FROM:<>  --->   250 Requested mail action okay, completed
00000002 00001034 06/06/2013 00:26:29 M01FE3DC7 RCPT TO:<ogcgubghv271@aek365.gr>  --->   451 Requested action aborted: local error in processing
00000002 00001034 06/06/2013 00:26:29 M01FE9EA7 Tagging message CRPY2C251D7B_1~aek365_gr for failure/later retry
00000002 00001034 06/06/2013 00:26:29 M01FE3F07 RSET  --->   


Code: Select all
00000002 0000115C 06/06/2013 01:02:27 M02174747 Starting connection to anutra.com (216.97.225.196)
00000002 0000115C 06/06/2013 01:02:27 M021748C7 Establishing protocol with anutra.com
00000002 0000115C 06/06/2013 01:02:27 M021749E7 451 Requested action aborted: local error in processing
00000002 0000115C 06/06/2013 01:02:27 M0217A847 Tagging message CRPY2C282B90~anutra_com for failure/later retry


These are all different transactions but notice 451 Requested action aborted: local error in processing is present in each, in response to different commands. I find that a bit suspicious. GMail indicates this is is not one of there errors and while it is quite generic I found a hit for a product called Symantec WebWasher. Do you have some sort of local firewall that fiddles with SMTP?
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 11:10am

We do. We have a WatchGuard x550e with Gateway A/V, Intrusion Prevention, and spamBlocker. All the preventative services are disabled. Some mail is going through, but some is not. I';ve verified ability to send to Yahoo!, Gmail, Hotmail, local ISP's, AOL. However, some users get bounceback failure notifications with a variety of errors, 553 being the most prevelant:

While talking to [igprinting.com] your message:

Subject: INTGRA 6/7/13
Date: Thu, 6 Jun 2013 11:15:23 -0400
Message-ID: <001301ce62c8$abe6e460$03b4ad20$@com>

couldn't be delivered to the following recipient(s):

iqbal@igprinting.com

for the following reason(s):

553 Requested action not taken: mailbox name not allowed

If you have any queries regarding this notification, please
write to postmaster@corpay.com

Your message is quoted below:


I have also noticed some of the messages are being delivered, yet failure notifications are still being delivered to the sender. I cleared the host assignments from the outgoing mail object, and reset the outbound router. Restarted all Mailtraq services, rebooted the server, and most entries in the log show the same '451 Requested action aborted: local error in processing.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Thu Jun 06th, 2013 11:15am

Yes I see a lot of "553 Requested action not taken: mailbox name not allowed" in completely inappropriate places. My guess is there is something wrong with WatchGuard. Is there any way to find out? Neither that error nor the other one are related to Mailtraq and indicate something is interfering with the SMTP connection.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 12:53pm

I have disabled everything in the firewall regarding spam blocking, or anything that affects SMTP or ports 25 or 443.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Thu Jun 06th, 2013 2:06pm

Looking around on Google it seems that "553 Requested action not taken: mailbox name not allowed" is returned by WatchGuard. There are several conversations regarding this that suggest it might be a bug or fault of some sort and that you should disable the SMTP scanner. You've already tried that so I don't really know what to suggest. Can you be sure it isn't intercepting the traffic? Is there any way to try with WatchGuard entirely powered off?

I could be wrong and it could be something else but the pattern matches third-party proxy behaviour and the fact that a very similar string is reported as part of a WatchGuard problem.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 2:40pm

WIth the Failure messages being returned by Spitfire (Mailtraq server name), wouldn't that indicate that the failure is occuring within Mailtraq?
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 2:42pm

Also, nothing has been changed in regard to the firewall, SMTP settings, spamBlocker, etc.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Thu Jun 06th, 2013 2:43pm

dfelmly wrote:WIth the Failure messages being returned by Spitfire (Mailtraq server name), wouldn't that indicate that the failure is occuring within Mailtraq?

Not at all. Mailtraq is issuing the report which indicates that it was unable to send the message to the destination MTA. In this case while attempting to communicate with downstream MTAs it is receiving permanent error messages, which (as required by the protocol) results in Mailtraq issuing the DSN. Mailtraq thinks it is communicating with the destination MTA but my opinion is that a transparent proxy is intercepting the communication and is itself issuing the failure response.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 3:21pm

Thanks, Elric. I've opened a support ticket with WatchGuard, I'll post the results once we get this back running. Hopefully someone in the future can find it useful.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby dfelmly » Thu Jun 06th, 2013 3:36pm

I just noticed the SMTP-Mail Server Service within Mailtraq says 'NO' for 'Active'. How can I make this active? I've attempted to 'start' to no avail?
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Thu Jun 06th, 2013 4:22pm

Does it say "starting" and then "closing" in the logs? If so, the port is being locked and you would need to see who is listening on that port with netstat.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Serious Issue with Sending Email

Postby dfelmly » Fri Jun 07th, 2013 7:54am

We've gotten the sending taken care of, it turned out to be an existing SMTP proxy in the firewall stripping the outbound messages.

Unfortunately, this morning, we have a new issue. We are no longer able to recieve mail. Below is a snippet of the log from this morning.

+ 000003C8 70.88.181.51 [6/7/2013 8:03 AM]
00001000 000001C8 07/06/2013 08:03:22 M02151E57 IMAP: (Accept) Receiving connection from 70.88.181.51
00040000 000003C8 07/06/2013 08:03:22 M021BAB17 Loaded aneill from cache
00001000 00000F94 07/06/2013 08:03:24 M021C7AE7 SMTP: (Accept) Receiving connection from 66.186.127.189
00000001 000006E8 07/06/2013 08:03:27 M022090F7 DBL: IP address 94.242.222.18 scored 0 point(s)
00000001 000006E8 07/06/2013 08:03:27 M02209157 Disconnected before HELO (94.242.222.18)
00000001 000006E8 07/06/2013 08:03:27 M022090C7 SMTP Client Disconnected (94.242.222.18): No HELO
00000001 00000BFC 07/06/2013 08:03:28 M02205E27 DBL: IP address 199.101.162.92 scored 0 point(s)
00000001 00000BFC 07/06/2013 08:03:28 M02205E87 Disconnected before HELO (199.101.162.92)
00000001 00000BFC 07/06/2013 08:03:28 M02205E07 SMTP Client Disconnected (199.101.162.92): No HELO
00000001 00000C48 07/06/2013 08:03:29 M02202C47 DBL: IP address 216.185.73.106 scored 0 point(s)
00000001 00000C48 07/06/2013 08:03:29 M02202CA7 Disconnected before HELO (216.185.73.106)
00000001 00000C48 07/06/2013 08:03:29 M02202C17 SMTP Client Disconnected (216.185.73.106): No HELO
00000001 00000428 07/06/2013 08:03:32 M021BB9E7 DBL: IP address 178.63.110.44 scored 0 point(s)
00000001 00000428 07/06/2013 08:03:32 M021BBA47 Disconnected before HELO (178.63.110.44)
00000001 00000428 07/06/2013 08:03:32 M021BB997 SMTP Client Disconnected (178.63.110.44): No HELO
+ 000003C9 10.10.0.134 [6/7/2013 8:03 AM]
00001000 000001C8 07/06/2013 08:03:34 M0217A3A7 IMAP: (Accept) Receiving connection from 10.10.0.134
+ 000003CA 10.10.0.134 [6/7/2013 8:03 AM]
00001000 000001C8 07/06/2013 08:03:34 M021C21E7 IMAP: (Accept) Receiving connection from 10.10.0.134
00040000 000003C9 07/06/2013 08:03:35 M021EB167 Loading OPS_ATL from database
00040000 000003CA 07/06/2013 08:03:35 M0220EA47 Loading kayh from database
+ 000003CB 10.10.0.134 [6/7/2013 8:03 AM]
00001000 000001C8 07/06/2013 08:03:36 M022666E7 IMAP: (Accept) Receiving connection from 10.10.0.134
+ 000003CC 10.10.0.134 [6/7/2013 8:03 AM]
00001000 000001C8 07/06/2013 08:03:37 M022B0497 IMAP: (Accept) Receiving connection from 10.10.0.134
00040000 000003CB 07/06/2013 08:03:37 M022C9E07 Loaded kayh from cache
00000001 000003EC 07/06/2013 08:03:38 M022B8AC7 Disconnected before HELO (209.85.223.169)
00000001 000003EC 07/06/2013 08:03:38 M022B8BF7 ---> 220 corpay.com Ready for action (Mailtraq 2.17.4.3278/ESMTP)
00000001 000003EC 07/06/2013 08:03:38 M022B8AF7 SMTP Client Disconnected (209.85.223.169): No HELO
00040000 000003CC 07/06/2013 08:03:38 M022C2F37 Loaded OPS_ATL from cache
00001000 00000F94 07/06/2013 08:03:48 M02286527 SMTP: (Accept) Receiving connection from 98.139.44.141
00000001 000006D8 07/06/2013 08:03:51 M022C7B57 DBL: IP address 70.62.99.52 scored 0 point(s)
00001000 00000F94 07/06/2013 08:03:52 M022CD847 SMTP: (Accept) Receiving connection from 72.30.238.77
00001000 00000F94 07/06/2013 08:03:53 M02314AF7 SMTP: (Accept) Receiving connection from 207.46.163.150
00001000 00000F94 07/06/2013 08:03:58 M0235BE27 SMTP: (Accept) Receiving connection from 134.29.1.204
00001000 00000F94 07/06/2013 08:04:00 M023A30D7 SMTP: (Accept) Receiving connection from 207.46.163.238
00001000 00000F94 07/06/2013 08:04:02 M023EA387 SMTP: (Accept) Receiving connection from 65.55.111.94
+ 000003CD 10.10.0.141 [6/7/2013 8:04 AM]
00001000 000001C8 07/06/2013 08:04:03 M024315E7 IMAP: (Accept) Receiving connection from 10.10.0.141
00040000 000003CD 07/06/2013 08:04:04 M023E2247 Loading ssantoro from database


Any insight??
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby dfelmly » Fri Jun 07th, 2013 8:54am

SMTP - Mail Server listening on 25 shows 52 connections, and shows as active, but we have no mail coming in, local mail is working ok.
dfelmly
 
Posts: 21
Joined: Tue Nov 27th, 2012 11:45am

Re: Serious Issue with Sending Email

Postby Elric Pedder » Fri Jun 07th, 2013 9:28am

What happens after completely restarting Mailtraq? Perhaps Mailtraq is having some issue listening on that socket.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Next

Return to Mailtraq Support

Who is online

Users browsing this forum: No registered users and 3 guests

cron