Problem receiving email verification links

tblancher

After migrating my dad’s private email domains, including our family domain which host my main personal email account, my dad has reported over the last couple of weeks that he’s not receiving all of his email verication emails from various organizations, usually in an effort to reset or update the password, MFA, and other profile related operations.

He’s checking his email in GMail, but we also have SOGo and rspamd running on the mailcow-dockerized server. I’ve had him check both spam/junk folders (GMail and SOGo), and he’s not finding them there, even after 30 minutes to an hour. Most mail from these organizations is arriving in his GMail inbox, but he suspects the verification emails are somehow getting lost, and coming from a different email domain.

Since I’m fairly new to mailcow-dockerized, I’m not sure where to begin troubleshooting. I also check my main email account on this domain in GMail, and I haven’t noticed similar behavior. I have noticed several of my expected emails land in SOGo Junk, but that seems to be training out as I mark them as Not Junk.

I’ve set up mailcow-dockerized on a VPS with 12 vCPUs/48GiB RAM, and 720GiB SSD disk space, running Debian 12.7, using Docker CE from the official Docker Debian repos. At first I was having system stability issues because clamd was not resource limited, but once I limited its CPU and memory resources in the override file it has been MUCH more stable.

DocFraggle

tblancher GMail

What exactly do you mean by “GMail”? The app with the connected mailcow mailbox or the actual GMail mailbox?

Did you check your RSpamd log for greylisting?

ETNyx

You need to examine you logs, thousand last logs in time are available thought UI, otherwise you can examine log via docker docs here and here

Other than you find some related logs, we can only guess.

tblancher

DocFraggle

When I said “GMail” I meant setting up an account in GMail for it to download and delete mail via POP3 (POPS) from my and my father’s surname.tld email addresses. We also have GMail configured to send mail as our surname.tld email addresses through mail.surname.tld SMTPS/Submission (I think I set helped my dad set up 465/tcp, and I later set my surname.tld email address to send through 587/tcp).

I’ll also need to check RSpamd for greylisting. I assume @ETNyx ’s suggestion to read the logging documentation will help guide me here. Can you suggest what log lines I might be looking for?

One thing to note which I forgot to mention, MAILCOW_HOSTNAME is set to mail.business4dad.tld, and our mail.surname.tld is a domain underneath the main server. So, there is a PTR record for mail.business4dad.tld, but not mail.surname.tld. If that makes any difference.

tblancher

I do see several entries in docker compose logs rspamd-mailcow matching the domains my father cited (except for one, couldn’t find that one in the logs), as well as a password reset I tried this afternoon:

rspamd-mailcow-1  | 2024-09-30 20:02:22 #38(normal) <ebe596>; task; rspamd_task_write_log: id: <vHtIj0LadJnXaoFRnOElXmJKFW0l3Go75dKZZO4Gd0@www.energyorganization.tld>, qid: <924B2D2D1E>, ip: 0.0.0.0, from: <energyso@box5409.hosting.provider.tld>, (default: F (no action): [4.15/15.00] [FORGED_W_BAD_POLICY(3.00){},SUBJ_EXCESS_QP(1.20){},MID_RHS_WWW(0.50){},IP_REPUTATION_HAM(-0.23){asn: 14618(-0.24), country: US(-0.00), ip: 0.0.0.0(0.00);},R_SPF_ALLOW(-0.20){+ip4:0.0.0.0/29;},DMARC_POLICY_SOFTFAIL(0.10){energyorganization.tld : SPF not aligned (relaxed);none;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},RWL_MAILSPIKE_GOOD(-0.10){0.0.0.0:from;},MX_IMPLICIT(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=1;},ASN(0.00){asn:14618, ipnet:0.0.0.0/11, country:US;},BCC(0.00){},DKIM_TRACE(0.00){energyorganization.tld:~;},FORGED_SENDER(0.00){info@energyorganization.tld;energyso@box5409.hosting.provider.tld;},FREEMAIL_TO(0.00){professionalorg.tld;business4dad.tld;popularprovider.tld;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){info@energyorganization.tld;energyso@box5409.hosting.provider.tld;},HAS_PHPMAILER_SIG(0.00){},HAS_REPLYTO(0.00){someone.else@stu.cu.tld.ng;},HAS_X_ANTIABUSE(0.00){},HAS_X_PHP_SCRIPT(0.00){},HAS_X_POS(0.00){},HAS_X_SOURCE(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_THREE(0.00){3;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_COUNT_THREE(0.00){3;},RCVD_TLS_LAST(0.00){},REPLYTO_DOM_NEQ_FROM_DOM(0.00){},REPLYTO_DOM_NEQ_TO_DOM(0.00){},TAGGED_RCPT(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){},BAYES_HAM(-0.00){13.88%;},R_DKIM_PERMFAIL(0.00){energyorganization.tld:s=default;}]), len: 12633, time: 7756.031ms, dns req: 68, digest: <d5dd2ce88dd4d17d29b0b379616633c9>, rcpts: <surname@business4dad.tld>, mime_rcpts: <admin@professionalorg.tld,surname@business4dad.tld,someone.else@popularprovider.tld,>
rspamd-mailcow-1  | 2024-10-03 11:49:57 #38(normal) <b4a4bf>; task; rspamd_task_write_log: id: <1681041756.12849266.1727974114952@mail.anotherprovider.tld>, qid: <014ACD721F>, ip: 0.0.0.0, from: <someone.else@anotherprovider.tld>, (default: F (no action): [0.47/15.00] [SUSPICIOUS_RECIPS(1.50){},DMARC_POLICY_ALLOW(-0.50){anotherprovider.tld;reject;},R_DKIM_ALLOW(-0.20){anotherprovider.tld:s=s2048;},R_SPF_ALLOW(-0.20){+ptr:anotherprovider.tld;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},BAYES_HAM(-0.01){48.02%;},MX_GOOD(-0.01){},IP_REPUTATION_HAM(-0.00){asn: 36647(0.00), country: US(-0.00), ip: 0.0.0.0(0.00);},ARC_NA(0.00){},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=1;},ASN(0.00){asn:36647, ipnet:0.0.0.0/20, country:US;},BCC(0.00){},DKIM_TRACE(0.00){anotherprovider.tld:+;},DWL_DNSWL_NONE(0.00){anotherprovider.tld:dkim;},FREEMAIL_CC(0.00){univ.tld;univ.it;popularprovider.tld;fed.tld;professionalorg.tld;unip.br;unive.it;unal.tld.tld;},FREEMAIL_ENVFROM(0.00){anotherprovider.tld;},FREEMAIL_FROM(0.00){anotherprovider.tld;},FREEMAIL_REPLYTO(0.00){anotherprovider.tld;},FREEMAIL_TO(0.00){employer4dad.tld;business4dad.tld;popularprovider.tld;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_REPLYTO(0.00){someone.else@anotherprovider.tld;},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_SEVEN(0.00){11;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_COUNT_ONE(0.00){1;},RCVD_IN_DNSWL_NONE(0.00){0.0.0.0:from;},RCVD_TLS_LAST(0.00){},REPLYTO_EQ_FROM(0.00){},RWL_MAILSPIKE_POSSIBLE(0.00){0.0.0.0:from;},TAGGED_RCPT(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 9201, time: 1012.747ms, dns req: 49, digest: <84c04bbc490d654109ac016e3cdd054a>, rcpts: <surname@business4dad.tld>, mime_rcpts: <dsurname@employer4dad.tld,surname@business4dad.tld,someone.else@popularprovider.tld,someone.else@univ.tld,someone.elseo@univ.it,...>
rspamd-mailcow-1  | 2024-10-03 11:55:05 #38(normal) <ba2f76>; task; rspamd_task_write_log: id: <BN7PR03MB3857BA602050EAA2A2760BC8A0712@BN7PR03MB3857.namprd03.prod.anotherprovider.tld>, qid: <65465D723D>, ip: 0.0.0.0, from: <dsurname@employer4dad.tld>, (default: F (no action): [-4.84/15.00] [BAYES_HAM(-4.40){97.27%;},SUSPICIOUS_RECIPS(1.50){},ARC_ALLOW(-1.00){bigsoftware.tld:s=arcselector10001:i=2;},DMARC_POLICY_ALLOW(-0.50){employer4dad.tld;none;},IP_REPUTATION_HAM(-0.22){asn: 8075(-0.22), country: US(-0.00), ip: 0.0.0.0(0.00);},MANY_INVISIBLE_PARTS(0.20){3;},R_DKIM_ALLOW(-0.20){employer4dad.tld:s=selector1;},R_SPF_ALLOW(-0.20){+ip4:0.0.0.0/16;},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=3;},ASN(0.00){asn:8075, ipnet:0.0.0.0/14, country:US;},BCC(0.00){},DKIM_TRACE(0.00){employer4dad.tld:+;},FREEMAIL_CC(0.00){univ.tld;univ.it;popularprovider.tld;fed.tld;professionalorg.tld;unip.br;unive.it;unal.tld.tld;},FREEMAIL_TO(0.00){anotherprovider.tld;business4dad.tld;popularprovider.tld;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_SEVEN(0.00){11;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_COUNT_FIVE(0.00){6;},RCVD_IN_DNSWL_NONE(0.00){0.0.0.0:received;0.0.0.0:received;},RCVD_TLS_LAST(0.00){},RWL_MAILSPIKE_POSSIBLE(0.00){0.0.0.0:from;},TAGGED_RCPT(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 34498, time: 1905.630ms, dns req: 77, digest: <5c1cfb4fef60efe0937a74a377e5f7b6>, rcpts: <surname@business4dad.tld>, mime_rcpts: <someone.else@anotherprovider.tld,surname@business4dad.tld,someone.else@popularprovider.tld,someone.else@univ.tld,someone.elseo@univ.it,...>
rspamd-mailcow-1  | 2024-10-03 12:30:16 #38(normal) <b5d962>; task; rspamd_task_write_log: id: <CADt6xyrTseQM_vZ3gkxACh-VfpJuhz8Se0XEChwR9X8b=WthHQ@mail.popularprovider.tld>, qid: <34193D7345>, ip: 2a00:1450:4864:20::130, from: <someone.else@popularprovider.tld>, (default: F (no action): [-0.19/15.00] [SUSPICIOUS_RECIPS(1.50){},IP_REPUTATION_HAM(-0.68){asn: 15169(-0.15), country: US(-0.00), ip: 2a00:1450:4864:20::(-0.53);},DMARC_POLICY_ALLOW(-0.50){popularprovider.tld;none;},R_DKIM_ALLOW(-0.20){popularprovider.tld:s=20230601;},R_SPF_ALLOW(-0.20){+ip6:2a00:1450:4000::/36;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=1;},ASN(0.00){asn:15169, ipnet:2a00:1450::/32, country:US;},DKIM_TRACE(0.00){popularprovider.tld:+;},FREEMAIL_CC(0.00){employer4dad.tld;business4dad.tld;univ.tld;univ.it;popularprovider.tld;fed.tld;professionalorg.tld;unip.br;...;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MISSING_XM_UA(0.00){},PREVIOUSLY_DELIVERED(0.00){surname@business4dad.tld;},RCPT_COUNT_SEVEN(0.00){11;},RCVD_COUNT_ONE(0.00){1;},TAGGED_RCPT(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){},BAYES_HAM(-0.00){32.55%;},ARC_NA(0.00){},BCC(0.00){},DWL_DNSWL_NONE(0.00){popularprovider.tld:dkim;},FREEMAIL_ENVFROM(0.00){popularprovider.tld;},FREEMAIL_FROM(0.00){popularprovider.tld;},FREEMAIL_TO(0.00){anotherprovider.tld;},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_IN_DNSWL_NONE(0.00){2a00:1450:4864:20::130:from;},RCVD_TLS_LAST(0.00){},TAGGED_FROM(0.00){},TO_DN_ALL(0.00){}]), len: 12837, time: 2140.154ms, dns req: 71, digest: <e6f219740590268cc2dc0f57be362c73>, rcpts: <surname@business4dad.tld>, mime_rcpts: <someone.else@anotherprovider.tld,dsurname@employer4dad.tld,surname@business4dad.tld,someone.else@univ.tld,someone.elseo@univ.it,...>
rspamd-mailcow-1  | 2024-10-05 06:30:41 #38(normal) <1e9556>; task; rspamd_task_write_log: id: <SCZPR80MB86082959DB5ADDFCDD1348BFCB732@SCZPR80MB8608.lamprd80.prod.anotherprovider.tld>, qid: <78D8BD9E58>, ip: 0.0.0.0, from: <someone.else@unip.br>, (default: F (no action): [3.16/15.00] [BAD_REP_POLICIES(2.00){},SUSPICIOUS_RECIPS(1.50){},IP_REPUTATION_HAM(-0.22){asn: 8075(-0.22), country: US(-0.00), ip: 0.0.0.0(0.00);},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},BAYES_SPAM(0.00){36.12%;},ARC_ALLOW(0.00){bigsoftware.tld:s=arcselector10001:i=1;},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=2;},ASN(0.00){asn:8075, ipnet:0.0.0.0/14, country:US;},BCC(0.00){},DKIM_TRACE(0.00){unipbr.onbigsoftware.tld:+;},DMARC_POLICY_ALLOW(0.00){unip.br;none;},FREEMAIL_CC(0.00){univ.tld;univ.it;popularprovider.tld;fed.tld;professionalorg.tld;unive.it;unal.tld.tld;},FREEMAIL_TO(0.00){employer4dad.tld;business4dad.tld;popularprovider.tld;anotherprovider.tld;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_DATA_URI(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_SEVEN(0.00){11;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},RWL_MAILSPIKE_POSSIBLE(0.00){0.0.0.0:from;},R_DKIM_ALLOW(0.00){unipbr.onbigsoftware.tld:s=selector1-unipbr-onbigsoftware.tld;},R_SPF_ALLOW(0.00){+ip4:0.0.0.0/16;},TAGGED_RCPT(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 21987, time: 5530.897ms, dns req: 83, digest: <610857fab7d941799320fa4abbf454d2>, rcpts: <surname@business4dad.tld>, mime_rcpts: <dsurname@employer4dad.tld,surname@business4dad.tld,someone.else@popularprovider.tld,someone.else@anotherprovider.tld,someone.else@univ.tld,...>
rspamd-mailcow-1  | 2024-10-08 18:02:11 #39(normal) <9f4b5b>; task; rspamd_task_write_log: id: <wBu9LuB5YAtbcsd3EViJT5WJM4O3tLib73tfHreI@www.energyorganization.tld>, qid: <2F67FDF87F>, ip: 0.0.0.0, from: <energyso@box5409.hosting.provider.tld>, (default: F (no action): [4.39/15.00] [FORGED_W_BAD_POLICY(3.00){},SUSPICIOUS_RECIPS(1.50){},MID_RHS_WWW(0.50){},IP_REPUTATION_HAM(-0.29){asn: 16509(-0.29), country: US(-0.00), ip: 0.0.0.0(0.00);},R_SPF_ALLOW(-0.20){+ip4:0.0.0.0/29;},DMARC_POLICY_SOFTFAIL(0.10){energyorganization.tld : SPF not aligned (relaxed);none;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},RWL_MAILSPIKE_GOOD(-0.10){0.0.0.0:from;},MX_IMPLICIT(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){business4dad.tld:s=dkim:i=1;},ASN(0.00){asn:16509, ipnet:0.0.0.0/12, country:US;},BCC(0.00){},DKIM_TRACE(0.00){energyorganization.tld:~;},FORGED_SENDER(0.00){info@energyorganization.tld;energyso@box5409.hosting.provider.tld;},FREEMAIL_TO(0.00){professionalorg.tld;business4dad.tld;popularprovider.tld;energyorganization.tld;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){info@energyorganization.tld;energyso@box5409.hosting.provider.tld;},HAS_PHPMAILER_SIG(0.00){},HAS_REPLYTO(0.00){110527101@gms.univ.tld.tw;},HAS_X_ANTIABUSE(0.00){},HAS_X_PHP_SCRIPT(0.00){},HAS_X_POS(0.00){},HAS_X_SOURCE(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_THREE(0.00){4;},RCPT_MAILCOW_DOMAIN(0.00){business4dad.tld;},RCVD_COUNT_THREE(0.00){3;},RCVD_TLS_LAST(0.00){},REPLYTO_DOM_NEQ_FROM_DOM(0.00){},REPLYTO_DOM_NEQ_TO_DOM(0.00){},R_DKIM_PERMFAIL(0.00){energyorganization.tld:s=default;},TAGGED_RCPT(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_SOME(0.00){}]), len: 8403, time: 8420.794ms, dns req: 68, digest: <66b519ede141c34633e2b8fdcbd6adf5>, rcpts: <surname@business4dad.tld>, mime_rcpts: <admin@professionalorg.tld,surname@business4dad.tld,someone.else@popularprovider.tld,info@energyorganization.tld,>
rspamd-mailcow-1  | 2024-10-12 12:03:05 #39(normal) <e06c05>; task; rspamd_task_write_log: id: <0100019281aef6c0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@email.bigprovider.tld>, qid: <A49FDE560F>, ip: 0.0.0.0, from: <0100019281aef6c0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@verified.pg.us.bigmanufacturer.tld>, (default: T (reject): [15.61/15.00] [R_SPF_FAIL(8.00){-all;},VIOLATED_DIRECT_SPF(3.50){},BAD_REP_POLICIES(2.00){},SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE(1.00){},URI_COUNT_ODD(1.00){27;},MV_CASE(0.50){},RWL_MAILSPIKE_EXCELLENT(-0.40){0.0.0.0:from;},FORGED_SENDER(0.30){bigmanufacturer-reply@pg.us.bigmanufacturer.tld;0100019281aef6c0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@verified.pg.us.bigmanufacturer.tld;},IP_REPUTATION_HAM(-0.23){asn: 14618(-0.23), country: US(-0.00), ip: 0.0.0.0(0.00);},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MANY_INVISIBLE_PARTS(0.05){1;},MX_GOOD(-0.01){},BAYES_SPAM(0.01){46.65%;},ARC_NA(0.00){},ARC_SIGNED(0.00){surname.tld:s=dkim:i=1;},ASN(0.00){asn:14618, ipnet:0.0.0.0/21, country:US;},BCC(0.00){},DKIM_TRACE(0.00){pg.us.bigmanufacturer.tld:+;bigprovider.tld:+;},DMARC_POLICY_ALLOW(0.00){pg.us.bigmanufacturer.tld;quarantine;},DMARC_POLICY_ALLOW_WITH_FAILURES(0.00){},DWL_DNSWL_NONE(0.00){bigprovider.tld:dkim;},FROM_NEQ_ENVFROM(0.00){bigmanufacturer-reply@pg.us.bigmanufacturer.tld;0100019281aef6c0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@verified.pg.us.bigmanufacturer.tld;},FROM_NO_DN(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){surname.tld;},RCVD_COUNT_ZERO(0.00){0;},RCVD_IN_DNSWL_NONE(0.00){0.0.0.0:from;},REDIRECTOR_URL(0.00){mimecast.tld;twitter.tld;},R_DKIM_ALLOW(0.00){pg.us.bigmanufacturer.tld:s=3mgjmqipnieipaz4dzh53ggvpadyufqj;bigprovider.tld:s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 47305, time: 1291.517ms, dns req: 69, digest: <dbb78c231409edc69b87e02e990dea4a>, rcpts: <fname@surname.tld>, mime_rcpts: <fname@surname.tld>

I obsfuscated this a bit to protect the innocent; all of the domains, email usernames, and IP addresses have been replaced with dummy values to protect these organizations’ and users’ privacy.

Since all of this mail is going through GMail anyway, does it actually make sense for me to run RSpamd? Some guidance on disabling it would be helpful, if that is recommended.

ETNyx

@DocFraggle, did you get answer? Not sure if I understand explanation of what Gmail is for you. I believe what Doc is asking is: For simplification we can split Gmail into 2 basic roles:

1) Cilent (for example app in phone) than you configure your mailcow account as POP/IMAP/SMTP account, in this case we can strike Gmail from our conservation. (Except some antispam feature of your phone, this often occurs on iPhone)

2) Server you are using Google’s server to resend your messages, something like this “diagram”
sender -> gmail.com -> mail.business4dad.tld,

To logs now:
Rspamd is not only antispam “helper” in mailcow. For example Postfix as a server in mailcow use Postscreen daemon. This daemon (program) can refuse incoming e-mail even before Rspamd. So I would suggest to examine all log you have in your disposal and start whit Postfix.

For better tracking, mails are marked by ID, in your rspamd log, you can find it as qid so A49FDE560F (from your last log-line). It’s possible that this ID could be change through some action, but log shows in-coming ID and new out-coming ID, if this occurs.

tblancher

ETNyx

GMail (the web portal at https://mail.google.com) can also act as a client to check other email accounts, under Setttings/Accounts & Import. You can add IMAP(S)/POP3(S) accounts, and they can land in your GMail Inbox (or wherever you want them to arrive). You can also have GMail leave the mail on the server so it can then be downloaded from yet another client; I have GMail delete them from my POP3 account when it checks my user@surname.tld (about every 10-15 minutes), I think my father might have his GMail account set to do the same for his surname.tld and business4dad.tld accounts as well. This is the way I check all my mailcow-dockerized accounts from my GMail Inbox(and use a combination of isync/mbsync, imapfilter, and notmuch to check my GMail Inbox in mutt on my local laptop, my preferred email client).

I don’t believe this is part of the problem, as I have my mobile GMail client set up to check my user@surname.tld IMAPS (993/tcp) directly as the mobile GMail app cannot be forced to have GMail pull mail from its other IMAP/POP3 accounts immediately. You can definitely do this in main desktop/web interface of GMail, again under Accounts & Import/Check Now; but it is not available on the mobile GMail app for GMail accounts. When GMail does check the user@surname.tld account, the user@surname.tld Inbox becomes empty.

While out and about this evening, I attempted to have a login link emailed to user@surname.tld from the restaurant I was trying to make a mobile order from. While I did see plenty of email for this account in my mobile GMail client, indicating GMail had not checked or fully downloaded and deleted anything yet since it last did so, the email never arrived, and I had to make my mobile order as a guest.

When I got back home, after I had eaten and put the family to bed, I saw this in docker compose logs rspamd-mailcow:

rspamd-mailcow-1  | 2024-10-13 19:44:27 #141(normal) <3a8a0e>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <72572E6477>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (soft reject): [7.06/15.00] [BAD_REP_POLICIES(2.00){},URIBL_GREY(1.50){sendgrid.tld:url;},IP_REPUTATION_SPAM(1.32){asn: 11377(0.33), country: US(-0.00), ip: 0.0.0.0(0.00);},SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE(1.00){},MID_RHS_NOT_FQDN(0.50){},MV_CASE(0.50){},FORGED_SENDER(0.30){hello@my.restaurant.tld;bounces@em5301.my.restaurant.tld;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MANY_INVISIBLE_PARTS(0.05){1;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){surname.tld:s=dkim:i=1;},ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},DKIM_TRACE(0.00){my.restaurant.tld:+;},DMARC_POLICY_ALLOW(0.00){my.restaurant.tld;reject;},FROM_NEQ_ENVFROM(0.00){hello@my.restaurant.tld;bounces@em5301.my.restaurant.tld;},FROM_NO_DN(0.00){},GREYLIST(0.00){greylisted;Mon, 14 Oct 2024 00:49:27 GMT;new record;},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){surname.tld;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},REDIRECTOR_URL(0.00){sendgrid.tld;},RWL_MAILSPIKE_POSSIBLE(0.00){0.0.0.0:from;},R_DKIM_ALLOW(0.00){my.restaurant.tld:s=s1;},R_SPF_ALLOW(0.00){+ip4:0.0.0.0;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 28809, time: 3367.624ms, dns req: 57, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
rspamd-mailcow-1  | 2024-10-13 19:44:57 #141(normal) <8d1e02>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <CF662E6483>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (soft reject): [0.00/15.00] [ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},GREYLIST(0.00){greylisted;Mon, 14 Oct 2024 00:49:27 GMT;too early;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;}]), len: 28809, time: 60.858ms, dns req: 1, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
rspamd-mailcow-1  | 2024-10-13 19:46:01 #141(normal) <b95786>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <CF58EE6486>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (soft reject): [0.00/15.00] [ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},GREYLIST(0.00){greylisted;Mon, 14 Oct 2024 00:49:27 GMT;too early;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;}]), len: 28809, time: 93.981ms, dns req: 1, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
rspamd-mailcow-1  | 2024-10-13 19:47:29 #141(normal) <5ae628>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <0D622E649E>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (soft reject): [0.00/15.00] [ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},GREYLIST(0.00){greylisted;Mon, 14 Oct 2024 00:49:27 GMT;too early;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;}]), len: 28809, time: 9.305ms, dns req: 1, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
rspamd-mailcow-1  | 2024-10-13 19:49:21 #141(normal) <1c8668>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <3B89AE64A4>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (soft reject): [0.00/15.00] [ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},GREYLIST(0.00){greylisted;Mon, 14 Oct 2024 00:49:27 GMT;too early;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;}]), len: 28809, time: 198.813ms, dns req: 1, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
rspamd-mailcow-1  | 2024-10-13 19:53:23 #141(normal) <29201d>; task; rspamd_task_write_log: id: <rSzYtwJdSZ--VSqxxzFEjg@geopod-ismtpd-35>, qid: <277A5E64B8>, ip: 0.0.0.0, from: <bounces@em5301.my.restaurant.tld>, (default: F (no action): [7.06/15.00] [BAD_REP_POLICIES(2.00){},URIBL_GREY(1.50){sendgrid.tld:url;},IP_REPUTATION_SPAM(1.32){asn: 11377(0.33), country: US(-0.00), ip: 0.0.0.0(0.00);},SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE(1.00){},MID_RHS_NOT_FQDN(0.50){},MV_CASE(0.50){},FORGED_SENDER(0.30){hello@my.restaurant.tld;bounces@em5301.my.restaurant.tld;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MANY_INVISIBLE_PARTS(0.05){1;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){surname.tld:s=dkim:i=1;},ASN(0.00){asn:11377, i.tld:0.0.0.0/18, country:US;},BCC(0.00){},DKIM_TRACE(0.00){my.restaurant.tld:+;},DMARC_POLICY_ALLOW(0.00){my.restaurant.tld;reject;},FROM_NEQ_ENVFROM(0.00){hello@my.restaurant.tld;bounces@em5301.my.restaurant.tld;},FROM_NO_DN(0.00){},GREYLIST(0.00){pass;body;},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){surname.tld;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},REDIRECTOR_URL(0.00){sendgrid.tld;},RWL_MAILSPIKE_POSSIBLE(0.00){0.0.0.0:from;},R_DKIM_ALLOW(0.00){my.restaurant.tld:s=s1;},R_SPF_ALLOW(0.00){+ip4:0.0.0.0:c;},TAGGED_FROM(0.00){2111007-708e-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 28809, time: 1328.403ms, dns req: 59, digest: <03715e3f67f6c7576e0e32dd5c4c7188>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>
rspamd-mailcow-1  | 2024-10-13 19:54:27 #141(normal) <8e5af7>; task; rspamd_task_write_log: id: <58f0dm2BSgq8jzSRG8pKJQ@geopod-ismtpd-18>, qid: <6886BE64CD>, ip: 0.0.0.0, from: <bounces@em1842.orders.restaurant.tld>, (default: F (no action): [4.86/15.00] [BAD_REP_POLICIES(2.00){},IP_REPUTATION_SPAM(1.32){asn: 11377(0.33), country: US(-0.00), ip: 0.0.0.0(0.00);},MID_RHS_NOT_FQDN(0.50){},MV_CASE(0.50){},FORGED_SENDER(0.30){noreply@orders.restaurant.tld;bounces@em1842.orders.restaurant.tld;},MIME_HTML_ONLY(0.20){},MANY_INVISIBLE_PARTS(0.05){1;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){surname.tld:s=dkim:i=1;},ASN(0.00){asn:11377, i.tld:0.0.0.0/19, country:US;},BCC(0.00){},DKIM_TRACE(0.00){orders.restaurant.tld:+;},DMARC_POLICY_ALLOW(0.00){orders.restaurant.tld;reject;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){noreply@orders.restaurant.tld;bounces@em1842.orders.restaurant.tld;},MIME_TRACE(0.00){0:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){surname.tld;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},R_DKIM_ALLOW(0.00){orders.restaurant.tld:s=s1;},R_SPF_ALLOW(0.00){+ip4:0.0.0.0/16;},TAGGED_FROM(0.00){57117-111f-user;restaurant=surname.tld;},TAGGED_RCPT(0.00){restaurant;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){},BAYES_SPAM(0.00){19.97%;}]), len: 7564, time: 3991.633ms, dns req: 61, digest: <ae7044718913ca0203180e7e5d4e31f8>, rcpts: <user+restaurant@surname.tld,user@surname.tld>, mime_rcpts: <user+restaurant@surname.tld,>

I see this for the same message in docker compose logs postfix-mailcow:

postfix-mailcow-1  | Oct 13 19:44:21 5de8bc033eef postfix/smtpd[776]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:44:22 5de8bc033eef postfix/smtpd[776]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:44:22 5de8bc033eef postfix/smtpd[776]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:44:23 5de8bc033eef postfix/smtpd[776]: 72572E6477: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:44:27 5de8bc033eef postfix/cleanup[777]: 72572E6477: milter-reject: END-OF-MESSAGE from o1.ptr3320.restaurant.tld[0.0.0.0]: 4.7.1 Greylisted, please try again later; from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<o1.ptr3320.restaurant.tld>
postfix-mailcow-1  | Oct 13 19:44:27 5de8bc033eef postfix/smtpd[776]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1.tldmands=6/7
postfix-mailcow-1  | Oct 13 19:44:55 5de8bc033eef postfix/smtpd[776]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:44:56 5de8bc033eef postfix/smtpd[776]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:44:56 5de8bc033eef postfix/smtpd[776]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:44:56 5de8bc033eef postfix/smtpd[776]: CF662E6483: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:44:57 5de8bc033eef postfix/cleanup[777]: CF662E6483: milter-reject: END-OF-MESSAGE from o1.ptr3320.restaurant.tld[0.0.0.0]: 4.7.1 Greylisted, please try again later; from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<o1.ptr3320.restaurant.tld>
postfix-mailcow-1  | Oct 13 19:44:57 5de8bc033eef postfix/smtpd[776]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1.tldmands=6/7
postfix-mailcow-1  | Oct 13 19:45:59 5de8bc033eef postfix/smtpd[776]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:46:00 5de8bc033eef postfix/smtpd[776]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:46:00 5de8bc033eef postfix/smtpd[776]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:46:00 5de8bc033eef postfix/smtpd[776]: CF58EE6486: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:46:01 5de8bc033eef postfix/cleanup[777]: CF58EE6486: milter-reject: END-OF-MESSAGE from o1.ptr3320.restaurant.tld[0.0.0.0]: 4.7.1 Greylisted, please try again later; from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<o1.ptr3320.restaurant.tld>
postfix-mailcow-1  | Oct 13 19:46:01 5de8bc033eef postfix/smtpd[776]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1.tldmands=6/7
postfix-mailcow-1  | Oct 13 19:47:28 5de8bc033eef postfix/smtpd[776]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:47:28 5de8bc033eef postfix/smtpd[776]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:47:28 5de8bc033eef postfix/smtpd[776]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:47:29 5de8bc033eef postfix/smtpd[776]: 0D622E649E: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:47:29 5de8bc033eef postfix/cleanup[777]: 0D622E649E: milter-reject: END-OF-MESSAGE from o1.ptr3320.restaurant.tld[0.0.0.0]: 4.7.1 Greylisted, please try again later; from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<o1.ptr3320.restaurant.tld>
postfix-mailcow-1  | Oct 13 19:47:29 5de8bc033eef postfix/smtpd[776]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1.tldmands=6/7
postfix-mailcow-1  | Oct 13 19:49:20 5de8bc033eef postfix/smtpd[823]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:49:20 5de8bc033eef postfix/smtpd[823]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:49:20 5de8bc033eef postfix/smtpd[823]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:49:21 5de8bc033eef postfix/smtpd[823]: 3B89AE64A4: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:49:21 5de8bc033eef postfix/cleanup[825]: 3B89AE64A4: milter-reject: END-OF-MESSAGE from o1.ptr3320.restaurant.tld[0.0.0.0]: 4.7.1 Greylisted, please try again later; from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<o1.ptr3320.restaurant.tld>
postfix-mailcow-1  | Oct 13 19:49:21 5de8bc033eef postfix/smtpd[823]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1.tldmands=6/7
postfix-mailcow-1  | Oct 13 19:53:21 5de8bc033eef postfix/smtpd[858]: connect from o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:53:21 5de8bc033eef postfix/smtpd[858]: TLS SNI surname.tld from o1.ptr3320.restaurant.tld[0.0.0.0] not matched, using default chain
postfix-mailcow-1  | Oct 13 19:53:21 5de8bc033eef postfix/smtpd[858]: Anonymous TLS connection established from o1.ptr3320.restaurant.tld[0.0.0.0]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
postfix-mailcow-1  | Oct 13 19:53:22 5de8bc033eef postfix/smtpd[858]: 277A5E64B8: client=o1.ptr3320.restaurant.tld[0.0.0.0]
postfix-mailcow-1  | Oct 13 19:53:23 5de8bc033eef postfix/qmgr[374]: 277A5E64B8: from=<bounces+2111007-708e-user+restaurant=surname.tld@em5301.my.restaurant.tld>, size=29285, nrcpt=1 (queue active)
postfix-mailcow-1  | Oct 13 19:53:23 5de8bc033eef postfix/smtpd[858]: disconnect from o1.ptr3320.restaurant.tld[0.0.0.0] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1.tldmands=7
postfix-mailcow-1  | Oct 13 19:53:26 5de8bc033eef postfix/lmtp[860]: 277A5E64B8: to=<user+restaurant@surname.tld>, relay=dovecot[fd4d:6169:6c63:6f77::b]:24, delay=4.4, delays=2/0.1/0.1/2.3, dsn=2.0.0, status=sent (250 2.0.0 <user+restaurant@surname.tld> wPstAoRrDGcjBwAAEUArLQ Saved)
postfix-mailcow-1  | Oct 13 19:54:27 5de8bc033eef postfix/qmgr[374]: 6886BE64CD: from=<bounces+57117-111f-user+restaurant=surname.tld@em1842.orders.restaurant.tld>, size=8019, nrcpt=1 (queue active)
postfix-mailcow-1  | Oct 13 19:54:28 5de8bc033eef postfix/lmtp[860]: 6886BE64CD: to=<user+restaurant@surname.tld>, relay=dovecot[fd4d:6169:6c63:6f77::b]:24, delay=9.7, delays=8.8/0.29/0.01/0.58, dsn=2.0.0, status=sent (250 2.0.0 <user+restaurant@surname.tld> qP76DcRrDGcjBwAAEUArLQ Saved)
postfix-mailcow-1  | Oct 13 20:30:27 5de8bc033eef postfix/smtpd[1156]: NOQUEUE: reject: RCPT from vmta226.84.lstrk.tld[0.0.0.0]: 550 5.7.1 Session encryption is required; from=<QHF8NRCI0R9Q0I1QQTKV9D8HQ0RSVFQIRD409KFFK9N@b.lt02.tld> to=<user+restaurant@surname.tld> proto=ESMTP helo=<vmta226.84.lstrk.tld>

So it does look like it is Greylisted, judging by the Postfix logs. I had to reboot and restart mailcow-dockerized on this host earlier this evening. It looks like I lost all the service logs from yesterday and before, either when the VPS rebooted, or I restarted mailcow-dockerized on the host. I can’t see for the logs I reported yesterday anymore (at least in docker compose logs; the logs still seem to be in the systemd journal, the way I have Docker set up to log).

I’ll do some research on Greylisting, but not now, it’s too late for me to dig into it.

I also forgot to mention the login link from this restaurant was not found in my user@surname.tld Junk folder (visible in SOGo).

DocFraggle

Ok, as I wrote above I already suspected greylisting. But the mail should have arrived at some point?

tblancher

DocFraggle

For the ones my father has reported, in some cases yes, the password reset link (or whatever) that was greylisted did arrive some time after it was expected, but usually 30 minutes to an hour later. That is only if the message finally arrived at all. For a couple examples he gave me, I couldn’t find record of those domains in the RSpamd logs at all. I hadn’t checked those in the Postfix logs, and the docker compose logs appear to have been lost. However, I have also been logging docker to the systemd journal, and I haven’t done a deep dive into those since I started looking into this.

The problem with many of these is the organization sending the link only allows it to be active for 10-15 minutes in some instances, so by the time we actually do receive it (if it arrives at all) it has expired and it’s too late to use it.

Is there a way to disable this behavior? I’ll be looking up greylisting in later this evening, but I won’t have time to do any research until much later this evening (if I can get to it at all tonight).

For the ones I’ve experienced, like the one last night, I haven’t yet seen the message arrive (but honestly haven’t checked my personal email since late last night).

ETNyx

Greylisting is only applied when message has bad score. So you have several options, listed by me by best to worst

1) Contact sender, fix their crappy IT, and help to make internet better place for all.
2) Use whitelisting
3) Change threshold when grelisting is activated
4) Disable Greylisting for whole server

tblancher

ETNyx

Option 1, contacting the organization who is sending messages with a bad score is a bit fantastic; assuming you could get your message to the right group within that organization, whether they have the power, resources, or inclination to fix things properly based on your single report. Their most likely response is for it to be a problem with your email provider. Especially when it works for most other users of their services. That assumes you know who to contact, and whether you can guide the first responder to send the message to the right team. Do you do this with any organization’s emails that get greylisted this way? Have you been effective in getting them to remedy the situation to your satisfaction?

Option 2, allow listing the sender, assumes I know the domain, and the complete chain of subdomains used in these email messages. Since most of these don’t appear to be coming from the domain where the password confirmation or password reset link is initiated, knowing this ahead of time is a stretch, even in the best of circumstances. How do you determine the best way to allow such messages, before you request one of these ephemeral links?

Option 3, changing the threshold when greylisting applies, requires me to understand greylisting in general. I also need to see the greylisting score for these messages that never arrived. I admit I need to do more research, but lately work has been excessively busy, working after hours most days of the week. In my off time I’m taking care of a toddler, or helping my wife. Very little time to attend to this.

Option 4, disabling greylisting altogether, seems like the most straightforward, if not the easiest approach. I’ll need to learn more about greylisting in mailcow-dockerized to fully understand, and whether I should go with option 3 or 4.

tblancher

So, it looks like the thresholds for rspamd are pretty tight; my password reset link from a popular diaper manufacturer had this line in the rspamd logs I posted above in this thread:

rspamd-mailcow-1  | 2024-10-12 12:03:05 #39(normal) <e06c05>; task; rspamd_task_write_log: id: <0100019281aef6c    0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@email.bigprovider.tld>, qid: <A49FDE560F>, ip: 0.0.0.0, from: <01    00019281aef6c0-6ffa79c3-7190-4f90-a8d1-d8a764ce0ed4-000000@verified.pg.us.bigmanufacturer.tld>, (default: T (reject): [15.61/15.00]

I created a grep filter to find anything that was rejected or soft rejected:

docker compose logs rspamd-mailcow | grep -Po '^rspamd-mailcow-1\s+\|.*\(default: \w \((soft )?reject\): \[\d+\.\d+/15.00\]'

I see stuff soft rejected even when the score is below the greylist threshold (default of 7 is set right now). I see a bunch of stuff that is getting soft rejected that maybe should not be.

I find a lot information about RSpamd, but nothing describing the theory of its purpose, or an overview of how it works. I’d like to set the thresholds properly, but it seems I need to understand a lot about RSpamd to be able to set the threshold’s appropriately.

For instance, why is the default reject threshold set at 15? What is that a measure of? I see a lot of modules contribute to the score, but why was 15 selected as the spam threshold? Wouldn’t it be better for such messages to land in the Junk folder so the user can at least find them?

I can disable greylisting, but that won’t solve my problem of legitimate email being rejected outright. I did some searching, and I found a Google Group thread asking whether to lower the score was warranted because they hadn’t seen a legitimate email scoring above 10. I cited a specific example where a legitimate email got rejected because it had a score of above 15, so I’m inclined to increase that score considerably.

Also coupled with my use case that all users of this mailcow-dockerized server are ultimately pulling their mail into GMail, with its own anti-spam filtering. If I set the reject and greylist thresholds higher, that might resolve my problem of these legitimate emails getting (soft) rejected.

tblancher

So, I set the thresholds for reject and greylist much higher. My test was the password reset link I tried earlier. This time the the score for this message was lower, but it still would have been above the greylist threshold. It did not arrive in my inbox; I had to go to my Junk folder to find it. I also had to have the reset link sent twice, since I was running an errand before I saw the message in my Junk/Spam folder, and by the time I tried to use the first link it had already expired.

We’ll see how my father fares when he tries again next. I’m not sure what to do if this continues to be a problem.

I still think asking a large, soulless corporation to change their behavior is impractical, to say the least. How anyone expects the threshold to be set at 15, or 12 for that matter, is beyond me. Since these messages were rejected outright, I have no way to train RSpamd that those messages were ham, and not spam.

I just wish I could find a primer on how RSpamd works. Reading the documentation on the RSpamd wiki was of no help, it gets too deep into the technical minutiae without explaining the overall design.

I decided to read the RSpamd Quick Start Guide. It gives a bit gentler overview, and I have a bit better understanding, but by no means do I feel I’m any closer to being proficient.

I did notice this when they mention these thresholds:

# local.d/actions.conf

 reject = 150; # Reject when reaching this score
 add_header = 6; # Add header when reaching this score
 greylist = 4; # Apply greylisting when reaching this score (will emit `soft reject action`)

It seems the RSpamd wiki editors select a much higher threshold for spam than mailcow-dockerized does by default. Its greylist threshold suggested here is lower than the mailcow-dockerized default (many of the messages my father was looking for were ever so slightly above the mailcow default of 7).

So, I set the reject threshold to 30, and the greylist threshold to 20. We’ll see how that goes.

ETNyx

Hello, for 1) Yes, I do this, Yes it works for me in more than dozen of cases . But your situation can be different.

About thresholds, what you notice is most likely just some docs example. Default settings shipped in rspamd are reject=15; add_header=6; greylist=4; found in git. So Mailcow is even softer than Rspamd default,.. Those numbers are most-likely set by experience of running Rspamd. Anyway you can always override it to your need. But you must be aware that you are changing this for whole server. So for you, you will be able to get your message, but another user can be flood by spam,..

Anyway from what you are writing, did you consider to switch to some commercial provider like GMail, if you are using it in some capacity? When you are overload by work and got baby, congratulation!!, it can be better solution.

Just note: About your GMail, you are using it as client, so are you sure GMail’s anti-spam is applied when you are using GMail this way? I do not think so,…

tblancher

@ETNyx So you’re discouraging me from using mailcow? That doesn’t sound like a welcoming community to me. Last I looked, Google Workspace charges $5 per mailbox per month, which is a bit steep since we’d been hosting our own mail server for over two decades. I migrated to mailcow-dockerized so I’d have more control, have a more modern mail server, and it’s on a much larger VPS than before so we should be able to handle potentially more users.

A lot of this is just a learning curve; my dad managed the mail server through cPanel before, and it didn’t have nearly as many options or features. I mainly had him allow me to take over off of CentOS 7, and he managed to break it by trying to upgrade to Alma in place.

As for experience running RSpamd, I couldn’t find any documentation on how to set these thresholds, so I’m going with this as a first stab. If it ends up having more spam than desired, I can always reduce them.

Another thing that I didn’t notice until today: one of my dad’s messages didn’t arrive since he had Enforce TLS incoming enabled on his mailbox. I’m going to have him disable that, since one of the messages he was waiting for was rejected by Postfix for not using TLS.

So there were two issues:

RSpamd thresholds too tight, I set reject=30, and greylist=20, and at least my test link finally arrived. It did land in the Junk folder, but that’s a better result than what I was getting before.
turn off Enforce TLS incoming in each mailbox. That was preventing another message from arriving

ETNyx

Properly managing mail stack is no trivial task, as you see, you need to receive mails from poorly managed senders and sometimes it is easier and more viable to use commercial service. If you see fit to use Mailcow as better solution, I/we will try to help you if we can.

For those threshold, Yes try your limits you will see if this will work for you.