After routing mail through postfix to an external relay server (in this case gmail's smtp relay), all the mail from a server was routing correctly. Except after a couple of days I noticed a couple of strange bounces. Authentication at the gmail end was by IP address and domain, so any address [email protected] could be used to send email. But these were coming from [email protected] so were being rejected with a helpful message by gmail.
The IP address you've 550-5.7.1 registered in your G Suite SMTP Relay service doesn't match domain of 550-5.7.1 the account this email is being sent from. If you are trying to relay 550-5.7.1 mail from a domain that isn't registered under your G Suite account 550-5.7.1 or has empty envelope-from, you must configure your mail server 550-5.7.1 either to use SMTP AUTH to identify the sending domain or to present 550-5.7.1 one of your domain names in the HELO or EHLO command. For more 550-5.7.1 information, please visit 550 5.7.1 https://support.google.com/a/answer/6140680
Pretty helpful as messages go. Less helpful was the fact that there were several websites on the server and a couple of other apps, and I didn't have access to the admin panels of any of them. The mails, once bounced, were removed from postfix's queue, never to be seen again. Time for some detective work.
I found that the mails were heading for [email protected] so I figured if I could make those appear locally I'd be able to look at the source and see what had created them. This is not so hard to do in postfix. First of all you need a line in your main.cf
# Added to troubleshoot rejection by gmail smtp
# Need to add addresses to the file and run postmap on it
recipient_bcc_maps = regexp:/etc/postfix/recipient_bcc_mapsThen you need to add entries in your /etc/postfix/recipient_bcc_maps
# run postmap recipient_bcc_maps after editing
/zzzz\@domain.com/ ubuntu
After that run postmap recipient_bcc_maps and restart postfix for good measure. So now any mail headed to [email protected] will also be bcced to the local ubuntu user, were we can pick it up in /var/spool/mail/ubuntu
All good. I waited. And waited. Then got bored of waiting and made a quick bash one liner to alert me when the ubuntu user's mail file changed.
while true; do if ls -hal "/var/spool/mail/ubuntu" | grep -q "Nov 15 07:14" ; then sleep 5 ; else mutt -s "changed" [email protected] </dev/null ; break ; fi ; done
So this is pretty crude but it works. Every 5 seconds it checks the date and time of the mail spool file (you'd need to change to the actual date of the file, of course), and if it changes it emails to [email protected]. I ran that under 'screen' and two days later I got a notification, from which I was able to figure out which script on which domain had fired off the email.
Maybe that one liner makes more sense as a script:
#!/bin/bash
FILE=/var/spool/mail/ubuntu
PATTERN="Oct 17 10:44"
while true;
do
if ls -hal "$FILE" | grep -q "$PATTERN" ; then
# Do nothing.
sleep 5
else
# echo "changed"
# play fanfare.mp3
mutt -s "changed" [email protected] </dev/null
break;
fi
done