Why was this email discarded?

twv

Verified User
Joined
Oct 31, 2003
Messages
217
My customer is having trouble receiving email from domains that use protection.outlook.com. Can you help me understand why this particular email was deleted?

Relevant lines from /var/log/exim/mainlog-20210822:
2021-08-20 16:45:58 40.107.236.76 whitelisted in local hosts IP whitelist
2021-08-20 16:45:59 1mHBOo-000JjJ-Qx <= [email protected] H=mail-bn8nam11on2076.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com) [40.107.236.76] P=esmtps X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no S=50153 DKIM=senderdomain.onmicrosoft.com id=[email protected]22.prod.outlook.com T="Subject of Email" from <[email protected]> for [email protected]
2021-08-20 16:45:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mHBOo-000JjJ-Qx
2021-08-20 16:45:59 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2021-08-20 16:45:59 SSL_write: (from mail-bn8nam11on2076.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com) [40.107.236.76]) syscall: Connection reset by peer
2021-08-20 16:46:04 1mHBOp-000JjN-1M <= [email protected] U=mail P=spam-scanned S=53628 id=[email protected]22.prod.outlook.com T="Subject of Email" from <[email protected]> for [email protected]
2021-08-20 16:46:04 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mHBOp-000JjN-1M
2021-08-20 16:46:04 1mHBOp-000JjN-1M => discarded <[email protected]> R=domain_filter
2021-08-20 16:46:04 1mHBOp-000JjN-1M Completed
2021-08-20 16:46:04 1mHBOo-000JjJ-Qx => recipient <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=53506
2021-08-20 16:46:04 1mHBOo-000JjJ-Qx Completed

The discarded line says “R=domain_filter”. This client has the DA adult filter enabled. Is that what blocked this email? Or is R=domain_filter what the log shows whenever an email is discarded by spamassassin?

Also, is the “syscall: Connection reset by peer” important?

Other possibly relevant info:

/etc/virtual/whitelist_hosts_ip
Code:
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.92.0.0/15
40.96.0.0/12
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17

/etc/virtual/skip_rbl_domains
Code:
outlook.com
outbound.protection.outlook.com
*.outbound.protection.outlook.com
*.mail.protection.outlook.com
mail.protection.outlook.com
 
The discarded line says “R=domain_filter”. This client has the DA adult filter enabled. Is that what blocked this email? Or is R=domain_filter what the log shows whenever an email is discarded by spamassassin?
domain_filter is the per-domain filter that exim applies. The filter/rules are defined in /etc/virtual/<domain>/filter, so take a look in there.
 
  • Like
Reactions: twv
Back
Top