2

I have a weird issue wherein an email is received to my mail server running Postfix with multiple recipients on the same domain and only one of the recipients will receive the message.

An example from the email headers of the delivered email (addresses changed to protect the innocent):

From: Ryan Hood <ryan@customer.example.net>
To: Jeff Bridges <jeff@example.com>
CC: 'Rhonda White' <ronda@example.com>, 'Joe'
    <joe@example.com>

In this scenario Rhonda receives the email, but neither of the other recipients do. In the logs on my edge server (the server accepting the mail from the internet) I see this:

Jan  9 14:31:58 edge postfix/smtpd[1470]: 60C31CF435: client=smtp629.remoteserver.net[x.x.x.x]
Jan  9 14:31:58 edge postfix/cleanup[6125]: 60C31CF435: message-id=<BLUPR08MB0085EF631200B8DBC8951C7A5440@BLUPR08MB008.namprd08.prod.outlook.com>
Jan  9 14:31:58 edge postfix/qmgr[3170]: 60C31CF435: from=<ryan@customer.example.net>, size=279996, nrcpt=2 (queue active)
Jan  9 14:31:58 edge postfix/smtp[7186]: 60C31CF435: to=<archive@example.com>, relay=mail-store01.domain.int[10.101.2.6]:25, delay=0.51, delays=0.45/0/0.04/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BFE4D7F9F6)
Jan  9 14:31:58 edge postfix/smtp[7186]: 60C31CF435: to=<rhonda@example.com>, relay=mail-store01.domain.int[10.101.2.6]:25, delay=0.51, delays=0.45/0/0.04/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BFE4D7F9F6)
Jan  9 14:31:58 edge postfix/qmgr[3170]: 60C31CF435: removed

The mail is delivered to our mail store (also running postfix), but only for two recipients (rhonda@example.com and archive@example.com, which is used to archive email). Neither other recipient is listed.

The log from our mail store doesn't show them either.

Jan  9 14:40:48 mail-store01 postfix/smtpd[24566]: BFE4D7F9F6: client=edge.domain.int[10.101.2.2]
Jan  9 14:40:48 mail-store01 postfix/cleanup[24551]: BFE4D7F9F6: message-id=<BLUPR08MB0085EF631200B8DBC8951C7A5440@BLUPR08MB008.namprd08.prod.outlook.com>
Jan  9 14:40:48 mail-store01 postfix/smtpd[24566]: disconnect from edge.domain.int[10.101.2.2]
Jan  9 14:40:48 mail-store01 postfix/qmgr[1441]: BFE4D7F9F6: from=<ryan@customer.example.net>, size=280277, nrcpt=2 (queue active)
Jan  9 14:40:48 mail-store01 dovecot: lda(rhonda@example.com): sieve: msgid=<BLUPR08MB0085EF631200B8DBC8951C7A5440@BLUPR08MB008.namprd08.prod.outlook.com>: stored mail into mailbox 'INBOX'
Jan  9 14:40:48 mail-store01 postfix/pipe[24365]: BFE4D7F9F6: to=<rhonda@example.com>, relay=dovecot, delay=0.07, delays=0.02/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan  9 14:40:48 mail-store01 dovecot: lda(archive@example.com): sieve: msgid=<BLUPR08MB0085EF631200B8DBC8951C7A5440@BLUPR08MB008.namprd08.prod.outlook.com>: stored mail into mailbox 'INBOX.2015.01.09'
Jan  9 14:40:48 mail-store01 postfix/pipe[24371]: BFE4D7F9F6: to=<archive@example.com>, relay=dovecot, delay=0.13, delays=0.02/0/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan  9 14:40:48 mail-store01 postfix/qmgr[1441]: BFE4D7F9F6: removed

The strange thing is this happens extraordinarily rarely. I have plenty of mail which is delivered correctly to these recipients from this outside email address, as well as from other addresses. I'm at a loss as to why this happens sometimes.

Server Details:

  • Ubuntu 12.04
  • Postfix 2.9.6-1~12.04.1

In case it's helpful here's my main.cf on my edge server.

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# enable soft bounces for now
#soft_bounce = yes

# TLS parameters
#smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
#smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.crt
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = edge.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = edge.example.com, edge, localhost.localdomain, localhost
relay_domains = /etc/postfix/domains,
                /etc/postfix/configs/mail-store01/domains
relayhost = mail-gateway01.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_recipient_restrictions = permit_sasl_authenticated
                               check_recipient_access hash:/etc/postfix/clients,
                                                      hash:/etc/postfix/configs/mail-store01/clients
                               permit_mynetworks
                               reject_unauth_destination
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_end_of_data_restrictions =

Let me know if there's extra information that someone might find helpful in solving this.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Jeremy Driscoll
  • 21
  • 3
  • 3
    Welcome to Server Fault! If you want to obfuscate the domain, don't just pick a random domain name that belongs to someone else - use **example.(com|net|org)** which is meant for this. – masegaloeh Jan 22 '15 at 00:03
  • Thanks for modifying my question. I had tried obfuscating the sender and the receiver using different domains, but didn't think to put them both in example.com or even use example.com and example.net. Thanks for the heads up. I'll use those exclusively in the future. – Jeremy Driscoll Jan 22 '15 at 15:07

1 Answers1

1

Here I give you one fact: Recipient in header section has nothing to do for email delivery system.

Postfix and other MTA using envelope recipient to routing email through internet. Of course you can spoof the header so looks like you send to one recipient but actually in the envelope you send to thousands of recipients (like spammer doing :)).

But why this is happen? Well, the problem isn't your server. Postfix never silently dropped message without telling you in logs. Even if you discarded the message, maillog has all the story about it, for example

Jan 22 07:24:34 mailx postfix-2nd/smtpd[15167]: NOQUEUE: discard: RCPT from unknown[192.168.235.100]: : Recipient address triggers DISCARD action; from= to= proto=ESMTP helo=

To do further troubleshooting, you need to talk the adminstrator of server where the email coming from. If the sender server doesn't send it, then your server doesn't receive it too.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
  • Thanks for the reply. So if a remote server sends an email to three different addresses on the same domain it will send the mail three times and my server would receive it three times? I would think the remote server would add all addresses to the envelope recipient knowing they are from the same domain. Is that not the case? – Jeremy Driscoll Jan 22 '15 at 15:11
  • In normal case: yes, it is. But unless you can prove the remote sender send it to three recipients, there is nothing to do here except try to confirm this to admin of remote sender. – masegaloeh Jan 22 '15 at 20:37