Announcement

**sky-knight** · 11-25-2019, 10:42 PM

You need to check your Exchange SMTP logs and figure out WTF it's doing with it. Because if the test messages work, the problem is on the mail server.

**iandrews** · 11-26-2019, 07:00 AM

I have turned on SMTP logging on the exchange server. I had about 8 emails in Quarantine, so (one at a time) I released them. About 3 or 4 did get through, and I can see the connections in the SMTP log on the exchange server. For the others, there isn't anything in the logs to show that a connection was made (attempted). Think I will try a packet capture on the untangle box to see what (if anything) goes out when one fails.

**sky-knight** · 11-26-2019, 07:09 AM

If you want to see the log from Untangle's perspective, it's /var/log/exim/mainlog

**iandrews** · 11-26-2019, 07:41 AM

That's the log I mentioned in the 1st post (well /var/log/exim4/mainlog).

When it "fails" that log shows:

2019-11-26 14:31:39 1iZbsR-000XaY-Kp H=localhost [127.0.0.1] F=<[email protected]> rejected after DATA: maximum allowed line length is 998 octets, got 1262

when it works it shows:

2019-11-26 14:08:36 1iZbW8-000W4d-OG <= [email protected] H=localhost [127.0.0.1] P=esmtp S=5747 id=CX-hCMj9OAXU3mrkoPGWHboJuwp1V4aFztik1UqN6AE.3sERYqmIQndfSDCwwxCR2YlcAqliQZ02Of76NcltxZc@sing
legloom.icu
2019-11-26 14:08:37 1iZbW8-000W4d-OG => [email protected] R=smarthost T=remote_smtp_smarthost H=10.10.10.10 [10.10.10.10] X=TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256 CV=no DN="CN=server.mydomain.local
" C="250 2.6.0 <CX-hCMj9OAXU3mrkoPGWHboJuwp1V4aFztik1UqN6AE.3sERYqmIQndfSDCwwxCR2YlcAqliQZ02Of76NcltxZc@singlegloom.icu> [InternalId=5140] Queued mail for delivery"
2019-11-26 14:08:37 1iZbW8-000W4d-OG Completed

**sky-knight** · 11-26-2019, 08:03 AM

The relevant bit is: rejected after DATA: maximum allowed line length is 998 octets, got 1262

Your Exchange server is booting the message because it's too big. So yes, you should have a matching event on the Exchange side that shows this.

**iandrews** · 11-26-2019, 08:13 AM

Yes, that's my thinking, but there doesn't seem to be a matching event, hence why I thought I would do a packet trace to see if anything is leaving the untangle server.

**iandrews** · 11-26-2019, 08:15 AM

(by the way, this is only a home setup, so not critical, I was just putting it out there in case anyone had seen this before / had any ideas).

**sky-knight** · 11-26-2019, 08:23 AM

Back when I had my own mail server, Untangle had its own connector so I could avoid stuff like this.

But I can't tell you where the settings are anymore, because I've long since Office 365'd all the things. I have no interest in going back to an internal Exchange deployment.

**iandrews** · 11-26-2019, 12:28 PM

Waited severial hours, and a load more messages in the Quarantine area. Released messages while doing a packet capture (looking at port 25). The first few I released did get sent ok, and packets were captured. Then one didn't get sent (with the mainlog having the "rejected after DATA:" bit ) and no packets were captured.

So, strange as it may seem, it seems that when a message fails to send, it's not even going out from the Untangle server. Wonder if the Quarantine area is trying to submit it to a SMTP queue within Untangle for it to be sent, and it's this that's causing the "rejected after DATA:" error.

**sky-knight** · 11-26-2019, 12:31 PM

Well, I'm not a dev but that's probably true. Exim is the SMTP queue for Untangle. And if it's trying to move too many mails at once, it will throttle itself.

I'd open a ticket and let support poke at it, might be a bug, might be a load issue. No way we're going to solve it here either way.

**iandrews** · 11-27-2019, 09:50 AM

Heard back from untangle support, seems that this is occurring because the message(s) that have been released (and failed) are actual spam.

As I said, after setting up Quarantine for the first time, I tried to release a message (that was probably spam) and got this error, and because of that I was releasing more messages than usual to test, and most of these messages have probably been real spam, hence why seeing the error more.

From now on I would expect to only release “true” messages, and as such this error should hopefully not occur.

Below is some information regarding why this is occurring:

Exim limiting number of emails and cc

https://serverfault.com/questions/842176/exim-limiting-number-of-emails-and-cc

550 maximum allowed line length is 998 octets, got 1014 Getting this error in emails bouncing back. Is there a setting in exim to solve this problem? Tried to google it up but cannot find any sol...

This is due to the released email being actual spam, and Exim is denying the send due to RFC standards of size.

**sky-knight** · 11-27-2019, 10:15 AM

I wouldn't say that's spam, I mean it is... but the real problem here is an envelope that isn't formed correctly. Fascinating...

And yes, Exim wouldn't like that. So you can't release malformed junk mail, even when you want to! That's kind of cool, if you're expecting the behavior. Thanks for reporting back.

Announcement

Release to inbox - emails don't arrive

Release to inbox - emails don't arrive

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment