I manage a Linux server that functions as an email server using the free and open source software (FOSS) package sendmail. I provide a mechanism through the server for someone who has Verizon as his Internet Service Provider (ISP) to send monthly newsletters by email to an organization that has about thirteen hundred members on its email distribution list, since he can't send to that number of people through his ISP-provided email service. I do so by providing an email alias on my server, e.g., thelist@example.com that he puts in the BCC line of his email. The alias is stored in /etc/aliases and points to a text file containing the list of all members' email addresses. So his ISP-provided SMTP server sees only the one address, thelist@example.com, which results in an email message to the server I manage that then translates that address into the approximately 1,300 email addresses of members and sends the newsletter to all members.

But this month the user reported he had sent the message, but it had not been delivered to recipients. I first checked the server's mail log, /var/log/maillog, for any occurrences of his email address for the day he reported the problem. I use several free DNS-based Blackhole List (DNSBL) services to reduce the amount of spam that reaches user's inboxes, so I suspected that one of those services had blocked email from the SMTP server through which he was sending his message, even though I had whitelisted his email address quite some time ago by adding a line like the following one to /etc/mail/access and then running the command makemap hash /etc/mail/access </etc/mail/access.

slartibartfast123987@verizon.net	OK

I didn't find any references to his email address in the /var/log/mail file, so I asked him to resend the message. I still didn't see any references to his email address in the /var/log/maillog file, but I did see that SORBS had blocked email from an America Online (AOL) server at the time he sent the message.

[ More Info ]

[/network/email/spam/sorbs] permanent link

I was notified by someone today that yesterday he had sent an email to a mailing list on an email server I maintain, but the email had not been delivered to recipients. When I checked yesterday's email log, I didn't see any email from his email address, so I asked him to resend the message. He did so, but that email message was also not delivered and I didn't see any log entry for his email address in today's email log, /var/log/maillog. He has a verzion.net email address and Verizon recently transitioned its email service to AOL. I remembered helping him make that transition last month, so I looked for any aol.com entries in the log file and found the entry below for an attempt by an AOL email server to deliver a message that was rejected at the time he told me he had sent the email today.

# grep aol /var/log/maillog
Jun  2 10:50:16 moonpoint sendmail[23955]: ruleset=check_relay, arg1=omr-a006e.m
x.aol.com, arg2=127.0.0.6, relay=omr-a006e.mx.aol.com [204.29.186.55], reject=55
0 5.7.1 Spam Block:mail from 204.29.186.55 refused - see http://dnsbl.sorbs.net/

[ More Info ]

[/network/email/spam/sorbs] permanent link

A family member reported that she hadn't received an email message sent to her today by a Gmail user who had sent her message in reply to the family member's email to her. Since I administer the Sendmail email server she uses, I checked the Sendmail log file at /var/log/maillog. I saw the outgoing email sent to the Gmail address, but no incoming email from that address. So I sent email messages from a Gmail account I have as well as email messages from other external addresses to the root account on the server. The other email messages arrived, but none I sent from the Gmail account arrived. So I ran tcpdump on the server to capture data to/from port 25 on the system, which is the well-known port for Simple Mail Transfer Protocol (SMTP) traffic. I then sent another email message to the root account on the Sendmail server from my Gmail account. After allowing several minutes for an attempted delivery from the Gmail server to occur, I stopped the packet capture with Ctrl-C.

# tcpdump -i enp1s4 port 25 -w smtp_2017-04-30.pcap
tcpdump: listening on enp1s4, link-type EN10MB (Ethernet), capture size 65535 bytes
^C225 packets captured
225 packets received by filter
0 packets dropped by kernel
# ls -lh smtp_2017-04-30.pcap 
-rw-r--r--. 1 tcpdump tcpdump 33K Apr 30 12:33 smtp_2017-04-30.pcap
#

[ More Info ]

[/network/email/spam/sorbs] permanent link