Hi,
There is a message that is in my email queue mail "mailer-daemon" to "info@brochureweeklyj.com" that is failing to send. I am trying to figure out where this email came from.
Here is what the mail.log says:
Dec 7 00:41:13 mail postfix/smtpd[29973]: connect from localhost[127.0.0.1]
Dec 7 00:41:13 mail postfix/smtpd[29973]: 694C62686A9: client=localhost[127.0.0.1]
Dec 7 00:41:13 mail postfix/cleanup[29397]: 694C62686A9: message-id=
Dec 7 00:41:13 mail postfix/smtpd[29973]: disconnect from localhost[127.0.0.1]
Dec 7 00:41:13 mail postfix/qmgr[10668]: 694C62686A9: from=<>, size=1316, nrcpt=1 (queue active)
Dec 7 00:41:15 mail postfix/smtp[29398]: 31F7C26869E: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=48, delays=2.6/0/6.7/39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=11261-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 694C62686A9)
Dec 7 00:41:15 mail postfix/qmgr[10668]: 31F7C26869E: removed
Dec 7 00:41:43 mail postfix/smtp[30008]: connect to smtprcvr.brochureweeklyj.com[208.86.250.82]:25: Connection timed out
Dec 7 00:41:44 mail postfix/smtp[30008]: 694C62686A9: to=, relay=none, delay=30, delays=0.38/0.05/30/0, dsn=4.4.1, status=deferred (connect to smtprcvr.brochureweeklyj.com[208.86.250.82]:25: Connection timed out)
Dec 7 00:41:46 mail postfix/smtpd[29973]: connect from localhost[127.0.0.1]
Is there any way for me to read this message or get any more information about it?
Thanks.
Read Email Queue
-
- Elite member
- Posts: 1138
- Joined: Fri Sep 12, 2014 10:25 pm
Read Email Queue
Well it came from the web client, you might look into /opt/zimbra/log/audit.log, as for the contents if it is still in the queue you should just be able to go to the queue directory and view the contents of the message there...
Read Email Queue
[quote user="ArcaneMagus"]Well it came from the web client, you might look into /opt/zimbra/log/audit.log, as for the contents if it is still in the queue you should just be able to go to the queue directory and view the contents of the message there...[/QUOTE]
Thanks for the response. Do you by chance know where the queue directory is located? I have tried searching, but can't seem to find it.
Thanks.
Thanks for the response. Do you by chance know where the queue directory is located? I have tried searching, but can't seem to find it.
Thanks.
-
- Elite member
- Posts: 1138
- Joined: Fri Sep 12, 2014 10:25 pm
Read Email Queue
/opt/zimbra/data/postfix/spool
Read Email Queue
Thanks for the location. Here is what is contained in the email:
CO 1316 600 1 0 1316T?1260164473 415301A?create_time=1260164473A?rewrite_context=localS
Anyone have any idea what this means?
CO 1316 600 1 0 1316T?1260164473 415301A?create_time=1260164473A?rewrite_context=localS
Anyone have any idea what this means?
Read Email Queue
Just wanted to follow up on this in case anyone else experiences anything similar.
I went to /opt/zimbra/data/postfix/spool/deferred/[beginning number or letter of ID in queue]/[ID NUMBER]
The first time I tried to open the message, I did it in Notepad, and I got the result in the last post. Then I tried in wordpad and I could see the full message.
It turns out the email was a spam email that was received into someone's email and they had a Vacation Auto Responder turned on, so it was trying to send an email back to the spam sender, which obviously failed.
Hope this helps if someone needs it in the future.
I went to /opt/zimbra/data/postfix/spool/deferred/[beginning number or letter of ID in queue]/[ID NUMBER]
The first time I tried to open the message, I did it in Notepad, and I got the result in the last post. Then I tried in wordpad and I could see the full message.
It turns out the email was a spam email that was received into someone's email and they had a Vacation Auto Responder turned on, so it was trying to send an email back to the spam sender, which obviously failed.
Hope this helps if someone needs it in the future.
Re: Read Email Queue
I doubt this is still relevant but wanted to share my experience as I had something similar today (but probably not 100% the same) and this was the first post showing up on google..
My case: I spotted a deferred mail coming from localhost with "mailer-daemon" going to a spammy looking/unusual receipient.
Headers of the mail all point to localhost/127.0.0.1 and no real signs of external access.
Content then gave it away: This was an auto-reply that had been set up. Spammer sent us a mail. Auto reply tried to reply.
So from a security perspective, all is still good.
My case: I spotted a deferred mail coming from localhost with "mailer-daemon" going to a spammy looking/unusual receipient.
Headers of the mail all point to localhost/127.0.0.1 and no real signs of external access.
Content then gave it away: This was an auto-reply that had been set up. Spammer sent us a mail. Auto reply tried to reply.
So from a security perspective, all is still good.