What I am now realizing is the issue is that my Exim configuration is not
handling bounces correctly. They are being routed out to the internet
instead of back to our inbound node. Postfix is (now) running (only) on our
non-mail nodes as an MUA to submit mail to our inbound Exim node. It's the
solved part of the problem.
I'm puzzled, though, why the R=1p7Hiz-00010h-3B message ID doesn't match
anything else in the logs. When I exigrep it, I get the same result as when
I exigrep the other ID. No other message shows up:
# exigrep R=1p7Hiz-00010h-3B main.log
2022-12-19 09:08:49 1p7Hl3-00015O-1S <= <> R=1p7Hiz-00010h-3B U=exim
P=local S=3157
2022-12-19 09:08:49 1p7Hl3-00015O-1S H=ASPMX.L.GOOGLE.COM [142.250.114.27]:
SMTP error from remote mail server after pipelined end of data: 421-4.7.0
This message does not pass authentication checks (SPF and DKIM both
do\n421-4.7.0 not pass). SPF check for [] does not pass with ip:
[redacted].To\n421-4.7.0 best protect our users from spam, the message has
been blocked.\n421-4.7.0 Please visit\n421-4.7.0
https://support.google.com/mail/answer/81126#authentication for more\n421
4.7.0 information. i124-20020acab882000000b00355785aa693si7304080oif.43 -
gsmtp
2022-12-19 09:08:50 1p7Hl3-00015O-1S => redacted@??? R=dnslookup
T=remote_smtp H=ALT1.ASPMX.L.GOOGLE.COM [142.250.152.27]
X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes K C="250 2.0.0 OK
l5-20020a0566022dc500b006ceacbe1851si8859449iow.64 - gsmtp"
2022-12-19 09:08:50 1p7Hl3-00015O-1S Completed
On Mon, Dec 19, 2022 at 3:02 PM Jeremy Harris via Exim-users <
exim-users@???> wrote:
> On 19/12/2022 19:55, Johnnie W Adams via Exim-users wrote:
>
> > 2022-12-19 09:08:49 1p7Hl3-00015O-1S <= <> R=1p7Hiz-00010h-3B U=exim
> P=local S=3157
>
> That's an Exim log line, recording a bounce having been generated
> and "received" by that Exim for input processing. Follow the R=
> message ID to see what message was being bounced.
>
> There no special reason for Postfix to have gotten involved with that.
> --
> Cheers,
> Jeremy
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? |
http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<
http://ualr.edu/itservices/security/>.