Forwarding of some but not all emails

16 posts / 0 new
Last post
#1 Thu, 05/30/2013 - 10:35
sarbaron

Forwarding of some but not all emails

Hi All,

I have had a quick look through the forums, but can't seem to find anything that is similar to the problem I have at the moment.

In brief - when I receive an email from a "service@" (e.g. service@paypal.co.uk) account, it doesn't forward the mail onto the corresponding email account. The server does not store any email, just forwards them on, so when the mails are not forwarded, then they are getting missed..

I'm sure that there's something in the configs somewhere, but I can't find it at the moment!

Help is appreciated!

Cheers, Adam

Thu, 05/30/2013 - 11:55
Xencored

Howdy

How are you forwarding the emails? what set up do you have?

Thu, 05/30/2013 - 13:25
sarbaron

Hi,

Basically the emails are set to be sent to the mailboxes (all default settings), then the mailbox calls the processing - spam-assassin and clam-AV, then the email is forwarded to a gmail account, not ever hitting the mailbox on the server. The only emails that ever end up in there are the ones that gmail bounce back as spam that's not been picked up by spam-assassin. I did try and set the emails to be forwarded at server level, but then they are not processed by spam/AV, so this is the best way I have found that works.

It's only recently that I have discovered that it is not forwarding on the service@ emails, and they are apparently just dropping straight into the mailbox rather than being forwarded.

Webmin version: 1.630 Virtualmin version: 4.00.gpl GPL

Cheers, Adam

Thu, 05/30/2013 - 13:37
sarbaron

Looking at the logs:

Source email as service@alt.zensupport.co.uk

May 30 16:25:03 debian postfix/smtpd[14518]: connect from smarthost01.mail.zen.net.uk[212.23.1.1]
May 30 16:25:04 debian postfix/smtpd[14518]: F2A8311667: client=smarthost01.mail.zen.net.uk[212.23.1.1]
May 30 16:25:04 debian postfix/cleanup[14521]: F2A8311667: message-id=<testmail22177@zensupport.co.uk>
May 30 16:25:04 debian postfix/qmgr[2636]: F2A8311667: from=<service@alt.zensupport.co.uk>, size=892, nrcpt=1 (queue active)
May 30 16:25:04 debian postfix/smtpd[14518]: disconnect from smarthost01.mail.zen.net.uk[212.23.1.1]
May 30 16:25:04 debian spamd[11425]: spamd: connection from localhost [127.0.0.1] at port 47805
May 30 16:25:04 debian spamd[11425]: spamd: setuid to ads.norab succeeded
May 30 16:25:04 debian spamd[11425]: spamd: processing message <testmail22177@zensupport.co.uk> for ads.norab:1015
May 30 16:25:05 debian spamd[11425]: spamd: clean message (-1.9/5.0) for ads.norab:1015 in 0.5 seconds, 1035 bytes.
May 30 16:25:05 debian spamd[11425]: spamd: result: . -1 - BAYES_00,RCVD_IN_DNSWL_NONE scantime=0.5,size=1035,user=ads.norab,uid=1015,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47805,mid=<testmail22177@zensupport.co.uk>,bayes=0.000000,autolearn=ham
May 30 16:25:05 debian postfix/local[14522]: F2A8311667: to=<ads.norab@debian>, orig_to=<ads@norab.org>, relay=local, delay=1.5, delays=0.03/0.01/0/1.4, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
May 30 16:25:05 debian postfix/qmgr[2636]: F2A8311667: removed

source email as bob@alt.zensupport.co.uk

May 30 16:25:05 debian spamd[24828]: prefork: child states: II
May 30 16:25:38 debian postfix/smtpd[14518]: connect from smarthost02.mail.zen.net.uk[212.23.1.2]
May 30 16:25:38 debian postfix/smtpd[14518]: 69E5011667: client=smarthost02.mail.zen.net.uk[212.23.1.2]
May 30 16:25:38 debian postfix/cleanup[14521]: 69E5011667: message-id=<testmail33031@zensupport.co.uk>
May 30 16:25:38 debian postfix/qmgr[2636]: 69E5011667: from=<bob@alt.zensupport.co.uk>, size=884, nrcpt=1 (queue active)
May 30 16:25:38 debian postfix/smtpd[14518]: disconnect from smarthost02.mail.zen.net.uk[212.23.1.2]
May 30 16:25:40 debian spamd[11425]: spamd: connection from localhost [127.0.0.1] at port 47807
May 30 16:25:40 debian spamd[11425]: spamd: setuid to ads.norab succeeded
May 30 16:25:40 debian spamd[11425]: spamd: processing message <testmail33031@zensupport.co.uk> for ads.norab:1015
May 30 16:25:41 debian spamd[11425]: spamd: clean message (-1.9/5.0) for ads.norab:1015 in 0.4 seconds, 1019 bytes.
May 30 16:25:41 debian spamd[11425]: spamd: result: . -1 - BAYES_00,RCVD_IN_DNSWL_NONE scantime=0.4,size=1019,user=ads.norab,uid=1015,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47807,mid=<testmail33031@zensupport.co.uk>,bayes=0.000000,autolearn=ham
May 30 16:25:41 debian postfix/local[14522]: 69E5011667: to=<ads.norab@debian>, orig_to=<ads@norab.org>, relay=local, delay=3, delays=0.03/0/0/2.9, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
May 30 16:25:41 debian postfix/qmgr[2636]: 69E5011667: removed
May 30 16:25:41 debian spamd[24828]: prefork: child states: II
May 30 16:25:41 debian postfix/pickup[13686]: D04BF116A0: uid=1015 from=<ads.norab>
May 30 16:25:41 debian postfix/cleanup[14521]: D04BF116A0: message-id=<testmail33031@zensupport.co.uk>
May 30 16:25:42 debian postfix/qmgr[2636]: D04BF116A0: from=<ads.norab@debian>, size=1243, nrcpt=1 (queue active)
May 30 16:25:42 debian postfix/smtp[14681]: D04BF116A0: to=<baron.ads@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.78.27]:25, delay=1, delays=0.73/0.01/0.04/0.22, dsn=2.0.0, status=sent (250 2.0.0 OK 1369927135 pd10si1250850wjb.181 - gsmtp)
May 30 16:25:42 debian postfix/qmgr[2636]: D04BF116A0: removed

The second (bob@) email has a second phase (May 30 16:25:41 debian spamd[24828]: prefork: child states: II) which never happens when it's a service@ email...

No idea why - going to guess that there is a generic system wide "service" account that's causing the problem, but I could be way off the mark!

Cheers, Adam

Tue, 06/04/2013 - 03:54
sarbaron

Don't suppose that anyone has any ideas with this do they?

Considering a server rebuild at the moment - which would be a last resort...

Ta

Tue, 06/04/2013 - 22:17
andreychek

Howdy,

Sorry for the delay!

I do see this line here in your logs which shows the service@ email as being delivered to a user:

May 30 16:25:05 debian postfix/local[14522]: F2A8311667: to=<ads.norab@debian>, orig_to=<ads@norab.org>, relay=local, delay=1.5, delays=0.03/0.01/0/1.4, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)

The next step is to figure out where it's going from there.

To do that, take a peek in /var/log/procmail.log, that will show where the email is going.

I do see what you mean about the "Child states" notice -- while I don't entirely know what the difference is there, that's just part of the SpamAssassin processing, and shouldn't affect whether the email is delivered or not.

-Eric

Wed, 06/05/2013 - 09:16
sarbaron

This is what I have from the procmail.log file:

From service@alt.zensupport.co.uk  Wed Jun  5 13:52:51 2013
Subject: Test Email
  Folder: /home/norab/homes/ads/Maildir/new/1370436771.10322_1.debian      1162
Time:1370436772 From:service@alt.zensupport.co.uk To:ads@norab.org User:ads.norab Size:1222 Dest:/home/norab/homes/ads/Maildir/new/1370436771.10322_1.debian Mode:None
procmail: Assigning "TRAP=/etc/webmin/virtual-server/procmail-logger.pl"
procmail: Assigning "VIRTUALMIN="
procmail: Executing "/etc/webmin/virtual-server/lookup-domain.pl,ads.norab"
procmail: [10348] Wed Jun  5 13:52:55 2013
procmail: Assigning "EXITCODE=0"
procmail: Executing "/usr/bin/test,0,=,73"
procmail: Non-zero exitcode (1) from "/usr/bin/test"
procmail: No match on "/usr/bin/test 0 = 73"
procmail: Assigning "EXITCODE=0"
procmail: Executing "/usr/bin/test,131953822923465,!=,"
procmail: Match on "/usr/bin/test 131953822923465 != "
procmail: Assigning "INCLUDERC=/etc/webmin/virtual-server/procmail/131953822923465"
procmail: Assigning "DROPPRIVS=yes"
procmail: Assuming identity of the recipient, VERBOSE=off
Wed, 06/05/2013 - 09:09
andreychek

Okay, so that's showing it being delivered to the account "ads".

Are there any filters setup for that account that may be causing certain emails to be delivered to that account?

-Eric

Wed, 06/05/2013 - 10:15
sarbaron

Here's the rules that I have...

jsut check for spam, if it's spam, ditch it, and then always forward....

Always Perform spam classification Email is spam Save in folder null Always Forward to baron.ads@gmail.com

Thu, 06/06/2013 - 06:07
sarbaron

Sorry - the rules I have are simple - deliver all mail to the mailboxes - this way everything passes through the spam and antivirus filters, once the mail hits the mailbox, it is forwarded to the destination address and never stays in the mailbox.

all I use the server for is to pass on mail to gmail accounts, nothing more.

Thu, 07/25/2013 - 16:27
sarbaron

I think that I have fixed the problem....

there is a .procmailrc rule in every home directory and that has the following line in: * !^FROM_MAILER

Basically this has a default rule that doesn't allow things to be forwarded on: '(^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )([^>][^(.%@a-z0-9])?(Post(ma(st(er)?|n)|office)|(send)?Mail(er)? |daemon|mmdf|n?uucp|ops|r(esponse|oot)|(bbs.)?smtp(error)?|s(erv(ices? |er)|ystem)|A(dmin(istrator)?|MMGR))(([^).!:a-z0-9][-_a-z0-9])?[%@>\t ][^<)]((.).*)?)?$([^>]|$))'

So I changed it to this: * !(^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )([^>][^(.%@a-z0-9])?(Mail(er)? |daemon|mmdf|n?uucp|ops|r(esponse|oot)|(bbs.)?smtp(error)?)).$)

this hopefully will stop a loop... but still testing at the moment....

Fri, 05/01/2015 - 15:11 (Reply to #11)
bjb

Sorry if this has been a long while, but I have also been bitten by this, primarily with senders named admin@domain.com, but also things like response@domain.com.

How did your testing go?

Although modifying the .procmailrc works on a user by user basis (as long as they don't change their settings of course), did you make a global change to procmail? (change the FROM_MAILER macro somehow), since I really don't know how many accounts have forwards on, and I don't want to hear from other users (I have over 4000 users).

I think it would be nice to somehow change how the forward is configured in usermin (personally I like the X-Loop method).

Thanks!

Mon, 06/26/2017 - 02:02
Dim Git

As usual I am late to the party.

"BJB" said "Although modifying the .procmailrc works on a user by user basis".

OK I am happy to do that on a user by user basis but I have been unable to find out what and where that is done. Can someone please enlighten me? (Centos 5.11)

Of course, a global solution would also be good.

Thanks

Wed, 06/28/2017 - 09:19
Diabolico
Diabolico's picture

Centos 5 hit EOL so no more updates or security patches and you should really move to something newer, e.g. Centos 7 would be good choice.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 06/28/2017 - 22:06
Dim Git

Thanks for your input Diabolico, unfortunately upgrading is not currently an option.

For those who might come here looking, here is what I found.

Scenario :-
Some users have mail forwarded to remote services like - fred@LocalDomain.com is forwarded to fred@RemoteDomain.com via their Usermin interface. Has to be done in Usermin otherwise the email is not scanned by Spamassassin.

Problem :-
Email from some addresses like postmaster@... or service@... or admin@... does not get forwarded but simply stays in the users mailbox.

Solution:-
When mail forwarding is set up in Usermin a .procmailrc file is created in the users home directory, Mine looked like :-

:0
* !^FROM_MAILER
! fred@RemoteDomain.com

Edit the file and remove the line "* !^FROM_MAILER".

Seems to work for me and the email is still scanned by spamassassin.

Wed, 07/03/2019 - 05:46
amityweb

6 years later from the OP and I have discovered this. My customers are not getting all emails, specifically service@paypal.com.

how can we change it globally, not a per user basis, as I have hundreds of users.

Thanks!