My customer is having trouble receiving email from domains that use protection.outlook.com. Can you help me understand why this particular email was deleted?
Relevant lines from /var/log/exim/mainlog-20210822:
The discarded line says “R=domain_filter”. This client has the DA adult filter enabled. Is that what blocked this email? Or is R=domain_filter what the log shows whenever an email is discarded by spamassassin?
Also, is the “syscall: Connection reset by peer” important?
Other possibly relevant info:
/etc/virtual/whitelist_hosts_ip
/etc/virtual/skip_rbl_domains
Relevant lines from /var/log/exim/mainlog-20210822:
2021-08-20 16:45:58 40.107.236.76 whitelisted in local hosts IP whitelist
2021-08-20 16:45:59 1mHBOo-000JjJ-Qx <= [email protected] H=mail-bn8nam11on2076.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com) [40.107.236.76] P=esmtps X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no S=50153 DKIM=senderdomain.onmicrosoft.com id=[email protected]22.prod.outlook.com T="Subject of Email" from <[email protected]> for [email protected]
2021-08-20 16:45:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mHBOo-000JjJ-Qx
2021-08-20 16:45:59 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2021-08-20 16:45:59 SSL_write: (from mail-bn8nam11on2076.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com) [40.107.236.76]) syscall: Connection reset by peer
2021-08-20 16:46:04 1mHBOp-000JjN-1M <= [email protected] U=mail P=spam-scanned S=53628 id=[email protected]22.prod.outlook.com T="Subject of Email" from <[email protected]> for [email protected]
2021-08-20 16:46:04 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mHBOp-000JjN-1M
2021-08-20 16:46:04 1mHBOp-000JjN-1M => discarded <[email protected]> R=domain_filter
2021-08-20 16:46:04 1mHBOp-000JjN-1M Completed
2021-08-20 16:46:04 1mHBOo-000JjJ-Qx => recipient <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=53506
2021-08-20 16:46:04 1mHBOo-000JjJ-Qx Completed
The discarded line says “R=domain_filter”. This client has the DA adult filter enabled. Is that what blocked this email? Or is R=domain_filter what the log shows whenever an email is discarded by spamassassin?
Also, is the “syscall: Connection reset by peer” important?
Other possibly relevant info:
/etc/virtual/whitelist_hosts_ip
Code:
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.92.0.0/15
40.96.0.0/12
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17
/etc/virtual/skip_rbl_domains
Code:
outlook.com
outbound.protection.outlook.com
*.outbound.protection.outlook.com
*.mail.protection.outlook.com
mail.protection.outlook.com