Back to Community Threads
1
Mail not getting delivered; SMTP good, Delivery bad
Question asked by Steve Guluk - 9/15/2022 at 3:53 PM
Unanswered
Hello,
I have one client that is having problems getting mail. Looking at the logs they pass spam but fail delivery, Really confusing...

Logs for one record:


SMTP Logs:

[2022.09.15] 06:53:27.503 [66.163.188.147][17164661] rsp: 220 mail.sgdesign.net Thu, 15 Sep 2022 13:53:27 +0000 UTC | SmarterMail Enterprise 16.3.0
[2022.09.15] 06:53:27.503 [66.163.188.147][17164661] connected at 9/15/2022 6:53:27 AM
[2022.09.15] 06:53:27.512 [66.163.188.147][17164661] Country code: Unknown
[2022.09.15] 06:53:27.530 [66.163.188.147][17164661] cmd: EHLO sonic303-21.consmr.mail.ne1.yahoo.com
[2022.09.15] 06:53:27.531 [66.163.188.147][17164661] rsp: 250-mail.sgdesign.net Hello [66.163.188.147]250-SIZE 83886080250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250-DSN250 OK
[2022.09.15] 06:53:27.557 [66.163.188.147][17164661] cmd: STARTTLS
[2022.09.15] 06:53:27.557 [66.163.188.147][17164661] rsp: 220 Start TLS negotiation
[2022.09.15] 06:53:27.689 [66.163.188.147][17164661] cmd: EHLO sonic303-21.consmr.mail.ne1.yahoo.com
[2022.09.15] 06:53:27.690 [66.163.188.147][17164661] rsp: 250-mail.sgdesign.net Hello [66.163.188.147]250-SIZE 83886080250-AUTH LOGIN CRAM-MD5250-8BITMIME250-DSN250 OK
[2022.09.15] 06:53:27.716 [66.163.188.147][17164661] cmd: MAIL FROM:<big_wayne80@yahoo.com>
[2022.09.15] 06:53:27.717 [66.163.188.147][17164661] senderEmail(1): big_wayne80@yahoo.com parsed using: <big_wayne80@yahoo.com>
[2022.09.15] 06:53:53.201 [66.163.188.147][17164661] rsp: 250 OK <big_wayne80@yahoo.com> Sender ok
[2022.09.15] 06:53:53.201 [66.163.188.147][17164661] Sender accepted. Weight: 27. Block threshold: 30. Failed checks: SORBS 06 - RECENT (3,failed), SPAMHAUS - ZEN (10,failed), ZEN (15,failed)
[2022.09.15] 06:53:53.223 [66.163.188.147][17164661] cmd: RCPT TO:<ed1@garciadevelopment.com>
[2022.09.15] 06:53:53.223 [66.163.188.147][17164661] rsp: 250 OK <ed1@garciadevelopment.com> Recipient ok
[2022.09.15] 06:53:53.254 [66.163.188.147][17164661] cmd: DATA
[2022.09.15] 06:53:53.254 [66.163.188.147][17164661] Performing PTR host name lookup for 66.163.188.147
[2022.09.15] 06:53:53.254 [66.163.188.147][17164661] PTR host name for 66.163.188.147 resolved as sonic303-21.consmr.mail.ne1.yahoo.com
[2022.09.15] 06:53:53.254 [66.163.188.147][17164661] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2022.09.15] 06:53:53.285 [66.163.188.147][17164661] senderEmail(2): big_wayne80@yahoo.com parsed using: Wayne Hughes <big_wayne80@yahoo.com>
[2022.09.15] 06:53:53.285 [66.163.188.147][17164661] Sender accepted. Weight: 27. Block threshold: 30. Failed checks: SORBS 06 - RECENT (3,failed), SPAMHAUS - ZEN (10,failed), ZEN (15,failed)
[2022.09.15] 06:53:53.285 [66.163.188.147][17164661] rsp: 250 OK
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] Received message size: 5195 bytes
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] Successfully wrote to the HDR file. (c:\SmarterMail\Spool\proc\-668255415856.hdr)
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] Data transfer succeeded, writing mail to -668255415856.eml (MessageID: <2126071475.4159487.1663249956928@mail.yahoo.com>)
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] cmd: QUIT
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] rsp: 221 Service closing transmission channel
[2022.09.15] 06:53:53.301 [66.163.188.147][17164661] disconnected at 9/15/2022 6:53:53 AM



Delivery Logs:

[2022.09.15] 06:54:00.821 [55415856] Delivery started for big_wayne80@yahoo.com at 6:54:00 AM
[2022.09.15] 06:54:03.829 [55415856] Added to SpamCheckQueue (1 queued; 1/30 processing)
[2022.09.15] 06:54:03.829 [55415856] [SpamCheckQueue] Begin Processing.
[2022.09.15] 06:54:03.829 [55415856] Blocked Sender Checks started.
[2022.09.15] 06:54:03.829 [55415856] Blocked Sender Checks completed.
[2022.09.15] 06:54:03.829 [55415856] Windows Defender Checks error: Unknown error (0x800106ba)
[2022.09.15] 06:54:03.829 [55415856] Spam Checks started.
[2022.09.15] 06:54:18.782 [55415856] Spam Check results: [REVERSE DNS LOOKUP: 0,Passed], [_SPF: -1,Pass], [BACKSCATTER: 0,passed], [BARRACUDA - BRBL: 0,passed], [BONDEDSENDER: 0,passed], [CBL - ABUSE SEAT - DO NOT USE FOR OUTGOING: 0,passed], [GBUDB: 0,passed], [HOSTKARMA-BLACK: 0,passed], [HOSTKARMA-YELLOW: 0,passed], [IADB: 0,passed], [IX: 0,passed], [MAILSPIKE-H1: 0,passed], [MAILSPIKE-H2: 0,passed], [MAILSPIKE-H3: 0,passed], [MAILSPIKE-H4: 0,passed], [MAILSPIKE-H5: 0,passed], [MAILSPIKE-L1: 0,passed], [MAILSPIKE-L2: 0,passed], [MAILSPIKE-L3: 0,passed], [MAILSPIKE-L4: 0,passed], [MAILSPIKE-L5: 0,passed], [MCAFEE: 0,passed], [MSRBL: 0,passed], [SEM-BL: 0,passed], [SENDERSCORE: 0,passed], [SORBS 02 - HTTP: 0,passed], [SORBS 03 - SOCKS: 0,passed], [SORBS 04 - MISC: 0,passed], [SORBS 05 - SMTP: 0,passed], [SORBS 06 - RECENT: 3,failed], [SORBS 07 - WEB: 0,passed], [SORBS 08 - BLOCK: 0,passed], [SORBS 09 - ZOMBIE: 0,passed], [SORBS 10 - DYNAMIC IP: 0,passed], [SORBS 11 - BAD CONFIG: 0,passed], [SORBS 12 - NOMAIL: 0,passed], [SORBS 13 - NOSERVER: 0,passed], [SORBS-NEW: 0,passed], [SPAMCOP: 0,passed], [SPAMHAUS - PBL 1: 0,passed], [SPAMHAUS - PBL2: 0,passed], [SPAMHAUS - SBL 1: 0,passed], [SPAMHAUS - SBL 2: 0,passed], [SPAMHAUS - XBL 1: 0,passed], [SPAMHAUS - XBL 2: 0,passed], [SPAMHAUS - XBL 3: 0,passed], [SPAMHAUS - XBL 4: 0,passed], [SPAMHAUS - ZEN: 10,failed], [SPAMRATS: 0,passed], [SURRIEL: 0,passed], [UCEPROTECT LEVEL 1: 0,passed], [UCEPROTECT-2: 0,passed], [UCEPROTECT-3: 0,passed], [VIRUS RBL - MSRBL: 0,passed], [ZEN: 15,failed], [DNSBL: 0,passed], [NOABUSE: 0,passed], [NOPOSTMASTER: 0,passed], [SEM-URIBL: 0,passed], [SEM-URIRED: 0,passed], [SURBL: 0,passed], [URIBL - BLACK: 0,passed], [URIBL - GREY: 0,passed], [URIBL - RED: 0,passed], [URIBL - WHITE: 0,passed], [SPAMEATINGMONKEY: 0,passed]
[2022.09.15] 06:54:18.782 [55415856] Spam Checks completed.
[2022.09.15] 06:54:18.782 [55415856] Removed from SpamCheckQueue (1 queued or processing)
[2022.09.15] 06:54:18.865 [55415856] Added to LocalDeliveryQueue (0 queued; 1/50 processing)
[2022.09.15] 06:54:18.865 [55415856] [LocalDeliveryQueue] Begin Processing.
[2022.09.15] 06:54:18.866 [55415856] Starting local delivery to ed1@garciadevelopment.com
[2022.09.15] 06:54:18.867 [55415856] Process delivery status notification step from local recipient success. Recipient: [ed1@garciadevelopment.com], Notify: [], Delivered: [False], Forwarded: [False], Deleted: True
[2022.09.15] 06:54:18.868 [55415856] Delivery for big_wayne80@yahoo.com to ed1@garciadevelopment.com has completed (Deleted) Filter: Spam (Weight: 23), Action (Domain Level): Delete
[2022.09.15] 06:54:18.868 [55415856] End delivery to ed1@garciadevelopment.com (MessageID: <2126071475.4159487.1663249956928@mail.yahoo.com>)
[2022.09.15] 06:54:18.868 [55415856] Removed from LocalDeliveryQueue (0 queued or processing)
[2022.09.15] 06:54:21.875 [55415856] Removing Spool message: Killed: False, Failed: False, Finished: True
[2022.09.15] 06:54:21.875 [55415856] Delivery finished for big_wayne80@yahoo.com at 6:54:21 AM    [id:x-668255415856]

We've not made any changes to the account.  Any clues or thoughts on this??

4 Replies

Reply to Thread
1
echoDreamz Replied
9/15/2022 at 4:29 PM
ed1@garciadevelopment.com has completed (Deleted) Filter: Spam (Weight: 23), Action (Domain Level): Delete 

As it says, the spam weight is 23, and the domain has its spam weight high enough to trigger an action, in this case, delete.

Check if the domain owner has overridden their spam weights/actions.
1
Steve Guluk Replied
9/15/2022 at 4:43 PM
@echoDreamz, Yes the spam weight was 23 but 30 is the only level we do anything at (which is delete).

But, I did find that they had their own unique spam over-ride value that would delete on Medium (15).
The odd thing is, this client is not savvy enough to make any changes to their account.

SO, I have removed the ability to over-ride the spam settings for ALL users which "should" solve the problem.

I am puzzled by how this Domain had a different spam value. I talked to the individual and they assured me they made no changes and it was just two days ago that they noticed a dramatic reduction of emails.
Our only changes on the top level (2 days ago) was adding a special Gateway for one other client. Could this have randomly changed another accounts Spam settings/over-rides? Who knows, but generally in my programming experience this would be highly unlikely. 

O'well... Thanks for the reply
0
Kyle Kerst Replied
9/15/2022 at 4:52 PM
Employee Post
Hey Steve, sorry you're having trouble with this! Activating a gateway for an unrelated domain shouldn't cause behaviors like this, but I wonder if they had an override in place previously that may not have been applied until you started making changes. Do you have nightly backups setup? If so, you could potentially look at the JSON or XML configuration files for the domain prior to the issue presenting itself to confirm those rules were or were not in place then. 

If these settings were changed recently you should be able to see those changes being made (at least generally) under the Administrative logs as well. 

If you end up needing a hand figuring this one out please don't hesitate to submit a ticket with us so we can help dig in. Have a good one!
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Steve Guluk Replied
9/16/2022 at 9:21 AM
@Kyle
It's all working properly now so I won't do a restore of the prior config files. I will do this if it happens to another client so thanks for the suggestion as it makes perfect sense.

Also "Administration Logs" is another great suggestion. I do not see any references to Spam in those logs but they are a great resource I was unaware of. 

Thanks!
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Cannot Receive Mail MessagesSmarterMail > Troubleshooting
Cannot Send Email MessagesSmarterMail > Troubleshooting
Legal Holds and LitigationSmarterMail > Installation and Configuration
Common Email Delivery ErrorsSmarterMail > Troubleshooting