Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default Release to inbox - emails don't arrive

    I have untangle 14.2.2 in bridge mode. I was getting a lot (more) spam on my exchange server recently, so I installed / switched on the Spam module. I had it running for a week set to mark, and (as expected) messages started to appear with SPAM in the subject.

    I changed from Mark to Quarantine today, and again, all seems ok and emails go into quarantine. However, the issue is, if from within quarantine I select Release to inbox (or Release to inbox & add sender to safe list) the emails never arrive on the exchange server (well, I think maybe 1 out of about 10 did). I have looked at the logs on the exchange server, and there doesn't seem to be any sign of the message trying to get delivered. I then looked at the /var/log/exim4/mainlog log on the unable server, and at the time I did the release of one of them I see the following (I have replaced my domain name with my.domain):


    2019-11-25 20:34:19 1iZL3r-000V6F-ET <= untangle@my.domain H=localhost [127.0.0.1] P=esmtp S=655 id=1893413205.3011574714059454.JavaMail.untangle@my.domain
    2019-11-25 20:34:20 1iZL3r-000V6F-ET => ian@my.domain R=dnslookup T=remote_smtp H=my.domain [ipaddressremoved] X=TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256 CV=no DN="CN=server.my.domain" C="250 2.6.0 <1893413205.3011574714059454.JavaMail.untangle@my.domain> [In
    ternalId=5047] Queued mail for delivery"
    2019-11-25 20:34:20 1iZL3r-000V6F-ET Completed
    2019-11-25 20:34:40 1iZL3r-000V6F-ET Spool file 1iZL3r-000V6F-ET-D not found
    2019-11-25 20:35:55 1iZL5P-000VHC-CS H=localhost [127.0.0.1] F=<untangle@my.domain> rejected after DATA: maximum allowed line length is 998 octets, got 3887

    I have untangle set to "Send email using the specified SMTP Server" (but the same happens with it set to "Send email directly").

    Clicking the Test email button works, and also getting the daily reports email works ok, so it seems something specific to releasing quarantine emails.

    Anyone seen this before / have any ideas?

    Thanks,
    Ian.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    You need to check your Exchange SMTP logs and figure out WTF it's doing with it. Because if the test messages work, the problem is on the mail server.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default

    I have turned on SMTP logging on the exchange server. I had about 8 emails in Quarantine, so (one at a time) I released them. About 3 or 4 did get through, and I can see the connections in the SMTP log on the exchange server. For the others, there isn't anything in the logs to show that a connection was made (attempted). Think I will try a packet capture on the untangle box to see what (if anything) goes out when one fails.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    If you want to see the log from Untangle's perspective, it's /var/log/exim/mainlog
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default

    That's the log I mentioned in the 1st post (well /var/log/exim4/mainlog).

    When it "fails" that log shows:

    2019-11-26 14:31:39 1iZbsR-000XaY-Kp H=localhost [127.0.0.1] F=<untangle@mydomain.com> rejected after DATA: maximum allowed line length is 998 octets, got 1262

    when it works it shows:

    2019-11-26 14:08:36 1iZbW8-000W4d-OG <= untangle@mydomain.com H=localhost [127.0.0.1] P=esmtp S=5747 id=CX-hCMj9OAXU3mrkoPGWHboJuwp1V4aFztik1UqN6AE.3sERYqmIQndfSDCwwxCR2YlcAqliQZ02Of76NcltxZc@sing
    legloom.icu
    2019-11-26 14:08:37 1iZbW8-000W4d-OG => ian@mydomain.com R=smarthost T=remote_smtp_smarthost H=10.10.10.10 [10.10.10.10] X=TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256 CV=no DN="CN=server.mydomain.local
    " C="250 2.6.0 <CX-hCMj9OAXU3mrkoPGWHboJuwp1V4aFztik1UqN6AE.3sERYqmIQndfSDCwwxCR2YlcAqliQZ02Of76NcltxZc@singlegloom.icu> [InternalId=5140] Queued mail for delivery"
    2019-11-26 14:08:37 1iZbW8-000W4d-OG Completed

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    The relevant bit is: rejected after DATA: maximum allowed line length is 998 octets, got 1262

    Your Exchange server is booting the message because it's too big. So yes, you should have a matching event on the Exchange side that shows this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default

    Yes, that's my thinking, but there doesn't seem to be a matching event, hence why I thought I would do a packet trace to see if anything is leaving the untangle server.

  8. #8
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default

    (by the way, this is only a home setup, so not critical, I was just putting it out there in case anyone had seen this before / had any ideas).

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    Back when I had my own mail server, Untangle had its own connector so I could avoid stuff like this.

    But I can't tell you where the settings are anymore, because I've long since Office 365'd all the things. I have no interest in going back to an internal Exchange deployment.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Mar 2016
    Posts
    31

    Default

    Waited severial hours, and a load more messages in the Quarantine area. Released messages while doing a packet capture (looking at port 25). The first few I released did get sent ok, and packets were captured. Then one didn't get sent (with the mainlog having the "rejected after DATA:" bit ) and no packets were captured.

    So, strange as it may seem, it seems that when a message fails to send, it's not even going out from the Untangle server. Wonder if the Quarantine area is trying to submit it to a SMTP queue within Untangle for it to be sent, and it's this that's causing the "rejected after DATA:" error.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2