seeking logs for blocked emails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
beetlebolt
Posts: 4
Joined: Tue May 28, 2019 5:57 pm

seeking logs for blocked emails

Post by beetlebolt »

We have a local zimbra server version 7.1.4 and split delivery setup (setup in gsuite) to smtp-relay to zimbra if gsuite fails to find the user.
But one particular type of email is failing to be delivered.

When I email a user that exists only on the zimbra server (and not in gsuite) from my gsuite account (a user on the same domain), the email is successfully received.
But when I put a url in the body of that same email (I've been using an amazon product link) that email will be bounced. The return email doesn't seem to contain any useful details (it shows the email passed spf, dkim and dmarc tests). And google hasn't been able to help me thus far.

What logs can I watch to figure out what is happening? Or where should I increase the verbosity of the logs?
I've already grep'd for "block" and "reject" in /var/log/zimbra and /opt/zimbra/log.
thx,
-peter
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: seeking logs for blocked emails

Post by DualBoot »

Hello,

posting the bounce may be help to understand your problem. And for log you have the mail report each night at 23H30 and /var/log/zimbra.log

Regards,
beetlebolt
Posts: 4
Joined: Tue May 28, 2019 5:57 pm

Re: seeking logs for blocked emails

Post by beetlebolt »

Delivered-To: beetlebolt@example.com
Received: by 2002:a7b:cbda:0:0:0:0:0 with SMTP id n26csp838663wmi;
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
X-Received: by 2002:adf:fb81:: with SMTP id a1mr12272699wrr.329.1561132339362;
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561132339; cv=none;
d=google.com; s=arc-20160816;
b=UKJO1JvSR4o6m5Rp2CVnmoUsGqeO7v5uGwDVvv5cVpM0cuN2w0yFxvu4u016C4YTn8
GUz1OhmU1dDx45kuN5ezhPI+SwLTtiFH9PyfKuwlfL9CiI+YQ4+GaWiYY23X+6wq2Pej
h9FLsotcqmymUAPoVeVgg9Ub9yCLUl2+1c1M2iAqqP2dE3MArdbdrl4gViKiWcou929i
33sOAEiToq88K0Pf25llLQgKmlsZjztdRyai5RAlg/9eSJaJlUKjAitkOpxVyQqj7iCP
teFk2+DfK7VrZsaqcufo3ODl0BMhYSqINqD5RyKJ3jYLkWH0oNsMHYyFJ+rPKXMwiVOl
aBBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:in-reply-to:references:subject:auto-submitted:to
:from:dkim-signature;
bh=5ILnrKqTZLhG2v7+gEUzmexPAcf245XKLybvp3Wx97Q=;
b=tM+LRPRdBP6hfkY0qaJ5jg3DzIypgK/CGD0a3NHD6QrSV2mjSoG2PE7hs4dTopXMY2
MdqtseKaPlM68vJ12vZWQQ0DEiis7um3+b5dvw9tzkn/WEqlaCi6BBxIZZl+JmAxRROc
93jjTh0ltMhUp4G8O6DsihnPyrb38UVzs2GbKgYlZJjwckBvKg3ZTkg3LifkBavdm7hF
lmyILMiHViw4JVUZfYb01eQFwh57bUSFXse5MUb+X/53paIOV4rhmJMQUjeGRklIxEeM
eoEKb/Y6SFN7JNuTuaZZ7lYuXgD4PxaBZB5+xCBzV0lZPwjBiRhOtCxEcRVmWy31XClY
gJaQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20161025 header.b=ACDTDZgj;
spf=pass (google.com: best guess record for domain of postmaster@mail-sor-f65.google.com designates 209.85.220.65 as permitted sender) smtp.helo=mail-sor-f65.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Return-Path: <>
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])
by mx.google.com with SMTPS id s18sor773496wmc.28.2019.06.21.08.52.19
for <beetlebolt@example.com>
(Google Transport Security);
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of postmaster@mail-sor-f65.google.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65;
Authentication-Results: mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20161025 header.b=ACDTDZgj;
spf=pass (google.com: best guess record for domain of postmaster@mail-sor-f65.google.com designates 209.85.220.65 as permitted sender) smtp.helo=mail-sor-f65.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20161025;
h=from:to:auto-submitted:subject:references:in-reply-to:message-id
:date;
bh=5ILnrKqTZLhG2v7+gEUzmexPAcf245XKLybvp3Wx97Q=;
b=ACDTDZgj+QPzCl5vabB/0qHnXSPbcGAqOgk7e4Ohx/HvQrNoXCvhf7IWy+OJPPmoQ6
LWNwuTCjQrniE4qIWw0WkpzZY7g0vm6xjpC1ccWQfe5wKQOgeknItwM1dAgnpfsGkECh
ZTX/Q/J1Ed0CbWy7hybYnBrtDGGHzzh+haXSos0J1JFHihx6QtvPiNa6cWreakNWdJ9R
fsOfoUbDAMvqM5lPu7hMW15P0eCrJKJxEd5e72ZjuSb3s7J8oPL6uMHYWEQfJgTYDXjo
OUZF4HmqWatOPyHLcatK0Qh90pUxWZZWoqzErYGBKg0uE9xcnSpPbSvDnsySsbyX7MrL
N6Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:auto-submitted:subject:references
:in-reply-to:message-id:date;
bh=5ILnrKqTZLhG2v7+gEUzmexPAcf245XKLybvp3Wx97Q=;
b=VL1qxDoor0F8zdD++YnkYWlp1q3tY8Gy3XIuMTjcl4TrzLPrk23C7tlD+irumI7X9q
iazOzBcC00z4RZwVW6MDWO9FsRfL/wv5X8U5/rMX0haN7W8Bevr+qhfN57hWBTFBv8uU
Op2fDoQRWaASqNJq0KZ1eJ03dIhV+krdH7a+CG464OwZW8/HntW6Fp9gQBdYrhODkhO2
nzO125Pus4j9sb0h9BZaX048q4BEv8iUnWlZCtCNpVeNUrFY8PV79PGt4RF1/5Xk3sEw
iuxlATukekqs3jot4yyKIlV9JkVklGDDasS93l9CBSoew8X1TRDGzizU1p+nd/d0cC/t
Ts5g==
X-Gm-Message-State: APjAAAUCLMi2WxnMKJaPPeKtcMmpZE33P3gz7UkcdvPGf45TTARpu5fn zDhytttmWnFvylI7dSSLe6vtgnyhvkvXD1zoWzMJng==
X-Google-Smtp-Source: APXvYqzs2Rr6HhzzN5ivwHWxJsbz1i2jFGFYNxemyDRVsOhn5yDyfRG8UTHInboFre79WRB8p+uC5o2qxNr3fvCZjk3n+5LwlfPCCCE=
X-Received: by 2002:a1c:9e90:: with SMTP id h138mr4814176wme.67.1561132339296;
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
Content-Type: multipart/report; boundary="00000000000087f62c058bd7729e"; report-type=delivery-status
Return-Path: <>
Received: by 2002:a1c:9e90:: with SMTP id h138mr4341670wme.67; Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
To: beetlebolt@example.com
Auto-Submitted: auto-replied
Subject: Delivery Status Notification (Failure)
References: <CA+5i-PQS+rBxh05KMKdbKbyaT6P94HgXkfjzHwmmDTmyC96bWQ@mail.gmail.com>
In-Reply-To: <CA+5i-PQS+rBxh05KMKdbKbyaT6P94HgXkfjzHwmmDTmyC96bWQ@mail.gmail.com>
X-Failed-Recipients: georgina@example.com
Message-ID: <5d0cfd33.1c69fb81.5d639.6664.GMR@mx.google.com>
Date: Fri, 21 Jun 2019 08:52:19 -0700 (PDT)

--00000000000087f62c058bd7729e
Content-Type: multipart/related; boundary="00000000000087f658058bd7729f"

--00000000000087f658058bd7729f
Content-Type: multipart/alternative; boundary="00000000000087f65b058bd772a0"

--00000000000087f65b058bd772a0
Content-Type: text/plain; charset="UTF-8"


** Message not delivered **

There was a problem delivering your message to georgina@example.com. See the technical details below.




--00000000000087f65b058bd772a0
Content-Type: text/html; charset="UTF-8"


<html>
<head>
<style>
* {
font-family:Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif;
}
</style>
</head>
<body>
<table cellpadding="0" cellspacing="0" class="email-wrapper" style="padding-top:32px;background-color:#ffffff;"><tbody>
<tr><td>
<table cellpadding=0 cellspacing=0><tbody>
<tr><td style="max-width:560px;padding:24px 24px 32px;background-color:#fafafa;border:1px solid #e0e0e0;border-radius:2px">
<img style="padding:0 24px 16px 0;float:left" width=72 height=72 alt="Error Icon" src="cid:icon.png">
<table style="min-width:272px;padding-top:8px"><tbody>
<tr><td><h2 style="font-size:20px;color:#212121;font-weight:bold;margin:0">
Message not delivered
</h2></td></tr>
<tr><td style="padding-top:20px;color:#757575;font-size:16px;font-weight:normal;text-align:left">
There was a problem delivering your message to <a style='color:#212121;text-decoration:none'><b>georgina@example.com</b></a>. See the technical details below.
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</td></tr>
<tr style="border:none;background-color:#fff;font-size:12.8px;width:90%">
<td align="left" style="padding:48px 10px">
</td>
</tr>
</tbody></table>
</body>
</html>

--00000000000087f65b058bd772a0--
--00000000000087f658058bd7729f
Content-Type: image/png; name="icon.png"
Content-Disposition: attachment; filename="icon.png"
Content-Transfer-Encoding: base64
Content-ID: <icon.png>


--00000000000087f658058bd7729f--
--00000000000087f62c058bd7729e
Content-Type: message/delivery-status


--00000000000087f62c058bd7729e
Content-Type: message/rfc822

X-Received: by 2002:a1c:9e90:: with SMTP id h138mr4814168wme.67.1561132339088;
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561132339; cv=none;
d=google.com; s=arc-20160816;
b=HMv7HE9iOyM8DunFpi4u+UE4cD0RrNaHiGZQ3lFNPvSt7D35z9kRg67/WiVhYojbV9
rxyS8i6Z0clqR+RNfVRn5V6BY8ooUotv+ID6LMI0Gi7USQz7WeK7GaS46O1is/eOMSUl
sqkNWshHqc0M1wSahjmKUuv/I9yMFQ4C6M8mrtp3cd81Q2H80pNw/ADJ+7DsrXWZajNF
lfr2TS8b439z9cKukWR9hGImb1/yB8+n5qQIMoHRICyBehCU8WXuh6T0cuy3uaRbC5Zf
u7GIOqEumlIA9szWd1rxORAjNzPVXobsz1oxo567ouUDShJJqsAW2MzAdEgSmWHqH6GJ
eCdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=to:subject:message-id:date:from:mime-version:dkim-signature;
bh=VT7fE3CLSP7phhY5Av1pAHuyg63r2oI51LQH5HaJJLY=;
b=eMd2THBt2NDojpmrI0CuMFKqPVOK8whsiiA7Q0gSegUf92BjLng7nfKo2wRyQUydo+
nZJXW17tbANBMt4VAv6QA1cK8aXn6izOvmsvsHwJIRYdi8oYsYbHp3BVhiLMbdtbpruf
ZnDDoxsSFnUG10fLE8/XiTp0StGLWq3l9xwH1WyzIjJyFYcD1VyGJTrVqnyYo+urWZMu
OK2pLEf8mYcTWNeSKNda3cR3Aig8ub+LvN8pYYcXOryV4ECv9zUOYf+Hsc9K6Yo7gwBQ
8U0JQRsy9ES67QV6IAEN+L2e9/AIu4v2V15MMYRoRka/6cGzCIZCJIhRHbmcQfBbTil5
HF2A==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@example.com.20150623.gappssmtp.com header.s=20150623 header.b=imgjfWS0;
spf=pass (google.com: domain of beetlebolt@example.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=beetlebolt@example.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example.com
Return-Path: <beetlebolt@example.com>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
by mx.google.com with SMTPS id j197sor1780168wmj.27.2019.06.21.08.52.19
for <georgina@example.com>
(Google Transport Security);
Fri, 21 Jun 2019 08:52:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of beetlebolt@example.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
dkim=pass header.i=@example.com.20150623.gappssmtp.com header.s=20150623 header.b=imgjfWS0;
spf=pass (google.com: domain of beetlebolt@example.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=beetlebolt@example.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=example.com.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=VT7fE3CLSP7phhY5Av1pAHuyg63r2oI51LQH5HaJJLY=;
b=imgjfWS0QChSCtyw3x+vkgMwRpBUZjGbxh0P3JxHL7hmhRdDa0PWzUnHFGt+Ndgl0n
FKlAyWngcW8a7rgju1AfTfKg9Q1hbBDas5xotdt5R1MiefRx7B4aNa/9UpqEEqFtr5xU
rj7dBDxKEVfwK/cVF/hqKwydqeuH8xQqfsQqd+YAGiVM4jh1zBpPn28P1zKVv46+kNwT
MgoutQ/ugPQEcDW+K4xZOmyeN0pKahQ63mt+c0AERz780Dh1Djq8s2FzqPweRHDkN6VU
1TClAaVQ3x/ga7J3on3TV4Zs+NnlMcg3PruvU/3UJocc+yTMBfxpD4tLxOcmKrc9b4t3
MjNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=VT7fE3CLSP7phhY5Av1pAHuyg63r2oI51LQH5HaJJLY=;
b=jVLlJVEf2AbkzD0Q+ducOkcr/PHNNIuNnanpOweRK/16bu0qF+hk7eXjUWSpEzXzP0
X2Norrp0NLaVb9GdmvkFSmEKlOpnlDjdHuD+of0QABnnFQ/yShl/YZx/7HcgnkkJrGL4
eegcZpLWO5eDvR10C1RS64TxN0qvyXuRWUkDe3JRcL8eRMSPeGLYrTobpzg/rzg3wSCp
sFzX+UMkbNfmSOwhvgnCx1a/MZr1gqdN+GJZyhzvHTYaOvkSZ3eetlJAJxBC+6rsVPd7
yVwUO4zA5D0xUvs9kVjgeorFErM40hZX/Sj9fttVOj4eLKBpwgVzh+oQWUqCs4xIRHXQ
WuFQ==
X-Gm-Message-State: APjAAAXg/nBhwa2rvh2w4foogtBkUcA/Ewcih7iNIIyH44bEvbUbHJf5 yoFzXSiLHgbAd00bB/QNbo6GvrYAS44zuyL1qfaHj3nr6yVoIigI
X-Google-Smtp-Source: APXvYqz0D1+S/iX45fO8wUwOGqlSUGgYmBwFCK3Ho+EqJAod3WSQvs23/lK7B2dO9++FSSqtig4iT/HsBVfOheEz7gk=
X-Received: by 2002:a1c:f205:: with SMTP id s5mr4890686wmc.14.1561132338360; Fri, 21 Jun 2019 08:52:18 -0700 (PDT)
MIME-Version: 1.0
From: Peter Beetlebolt <beetlebolt@example.com>
Date: Fri, 21 Jun 2019 11:52:06 -0400
Message-ID: <CA+5i-PQS+rBxh05KMKdbKbyaT6P94HgXkfjzHwmmDTmyC96bWQ@mail.gmail.com>
Subject: test1152 from gsuite to zimbra
To: Georgina Dinner <georgina@example.com>
Content-Type: multipart/alternative; boundary="00000000000079d8a8058bd772ab"

--00000000000079d8a8058bd772ab
Content-Type: text/plain; charset="UTF-8"

url in test email
https://www.amazon.com/Licensed-Ill-LP- ... B01I23QZ7I

--00000000000079d8a8058bd772ab
Content-Type: text/html; charset="UTF-8"

<div dir="ltr">url in test email<div><a href="https://www.amazon.com/Licensed-Ill-LP- ... B01I23QZ7I" target="_blank">https://www.amazon.com/Licensed-Ill-LP- ... /div></div>

--00000000000079d8a8058bd772ab--

--00000000000087f62c058bd7729e--
beetlebolt
Posts: 4
Joined: Tue May 28, 2019 5:57 pm

Re: seeking logs for blocked emails

Post by beetlebolt »

I've submitted the bounce-back email. (it's getting moderated). The zimbra.log contains emails that were successfully received, but not the ones that contain the url that bounces. And we're looking at the daily mail report. We don't see any reference to them. It's like they're bounced or filtered out before they reach the logs.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: seeking logs for blocked emails

Post by DualBoot »

Well nothing really relevant. As usual Google/Gmail do what they want with mail :(
Need to ask loudly to them.
beetlebolt
Posts: 4
Joined: Tue May 28, 2019 5:57 pm

Re: seeking logs for blocked emails

Post by beetlebolt »

Thanks DualBoot for your help. I'll get after google.
-peter
Post Reply