0

In the past couple days, some emails from my server have been bouncing with this error. Nothing has changed on my end that I'm aware of. It doesn't seem to matter where the email is going-- they bounce whether the destination is Gmail, Hotmail, or other smaller domains.

As far as I can tell my server is not any spam blacklists like this one. It's a dedicated server that I control completely. I don't think there is any anti-spam software running on it except fail2ban, which shouldn't affect email.

The drops seem to be caused by the content of the emails. This answer suggests a man in the middle attack, probably my own hosting provider stopping the emails. But they are encrypted, so I thought this shouldn't be possible.

Here is my main.cf file:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server1.myserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, server1.myserver.com, localhost.myserver.com, myserver.com, mail.myserver.com, localhost
virtual_alias_domains = domain1.com, domain2.com.com
virtual_alias_maps = regexp:/etc/postfix/virtuala-regex, hash:/etc/postfix/virtualalias
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# The following line isn't in the Ubuntu example file
inet_protocols = all

# TLS
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/ssl.key/myserver.com.key
smtpd_tls_cert_file = /etc/ssl/ssl.crt/myserver.com.crt
smtpd_tls_CAfile = /etc/ssl/ssl.crt/myserver.com.ca-bundle
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12999
non_smtpd_milters = inet:localhost:12999

message_size_limit = 52428800

Am I accidentally giving my hosting provider permission to snoop on emails with one of my postfix settings?

felwithe
  • 856
  • 1
  • 9
  • 16
  • You should look for a system between you and the remote host intercepting your outgoing mail, either on premise or at your ISP. If you don't find one, keep looking. It is there. – Michael Hampton Aug 17 '18 at 22:43
  • @MichaelHampton Thank you-- what do you mean "on premise"? And assuming I find it, what do you suggest? I've updated the question-- I am now nearly positive it's because of the content of these emails. But I thought encryption would prevent anyone from seeing the content. – felwithe Aug 17 '18 at 22:48
  • On premise means wherever your mail server is. Your post has so few relevant details that it is only possible to give the most generic advice. – Michael Hampton Aug 17 '18 at 22:50
  • @MichaelHampton What details should I include? – felwithe Aug 17 '18 at 22:54
  • The most important thing is, Where/how are you hosting this mail server? Who are the service providers involved? How is it connected to the Internet? – Michael Hampton Aug 17 '18 at 22:55
  • @MichaelHampton It's a dedicated server. Emails are being sent by postfix – felwithe Aug 18 '18 at 01:50
  • You didn't answer several of the questions I asked. Please do so. – Michael Hampton Aug 18 '18 at 13:04
  • @MichaelHampton My hosting provider isn't relevant. – felwithe Aug 18 '18 at 13:33
  • 1
    If it wasn't relevant, I wouldn't have asked for it. The hosting provider is very often relevant. And it's best to identify your service providers in your question if there's even a slight chance of it being relevant. As we've previously discussed, it is likely your hosting provider causing this. – Michael Hampton Aug 18 '18 at 13:39
  • I'm asking about the mechanics of the problem and how to fix it. Naming my hosting provider won't help that. Even if it did, are we going to have a different answer for every hosting provider? A list that will change from year to year as some go out of business and new ones start and others change their practices? – felwithe Aug 18 '18 at 14:47
  • OK, you fix it by contacting your hosting provider and asking them to kindly stop intercepting your mail. And yes, it is quite possible we could have a different answer for different providers. – Michael Hampton Aug 18 '18 at 14:48
  • @MichaelHampton Should not encryption be blocking them from seeing the content of the emails? – felwithe Aug 18 '18 at 18:02
  • No, because it's STARTTLS. They can intercept the connection, pretend to be the remote server, and then lie and say STARTTLS is not available. The poor mail server then delivers mail to the intercepting machine unencrypted instead of the actual destination. – Michael Hampton Aug 19 '18 at 21:48

0 Answers0