please assist me on parsing mail logs using Loki & Grafana :)
My logging server collects maillog files from Linux server, and I want to use Loki to check status (sent, deferred, etc) of messages from specific user.
The problem is that mail logs are divided into different log lines and I need to correlate different log lines using message id (40F36420E05 in text below):
Jun 9 22:38:36 mail postfix/smtp[376635]: 40F36420E05: to=<otheruser#domain2>, relay=domain3[11.11.11.11]:25, delay=13, delays=0.58/0/4.6/7.8, dsn=2.6.0, status=sent (250 2.6.0 <20220609193823.D980A420E06#mail> [InternalId=13731010457062, Hostname=XXX] 15472 bytes in 0.524, 28.786 KB/sec Queued mail for delivery)
Jun 9 22:37:35 mail postfix/qmgr[193514]: 40F36420E05: from=<user#domain>, size=4496, nrcpt=1 (queue active)
Jun 9 22:37:35 mail opendkim[251972]: 40F36420E05: DKIM-Signature field added (s=mail, d=domain)
Jun 9 22:37:35 mail postfix/cleanup[376634]: 40F36420E05: message-id=<20220609193735.40F36420E05#mail>
Jun 9 22:37:35 mail postfix/submission/smtpd[376557]: 40F36420E05: client=compute-1.amazonaws.com[44.11.11.11], sasl_method=PLAIN, sasl_username=user
I'm using this query to find required mail messages and regexp function to extract messageid label:
{host="mail.com"} |~"from=<user#domain>" | regexp "(?P<messageid>\\S+): from="
Jun 9 22:59:58 mail postfix/qmgr[377114]: 40F36420E05: from=<user#domain>, size=11916, nrcpt=1 (queue active)
Jun 9 22:59:58 mail postfix/qmgr[377114]: C3E5D420E05: from=<user#domain>, size=9622, nrcpt=1 (queue active)
Jun 9 22:59:57 mail postfix/qmgr[377114]: 27057420E07: from=<user#domain>, size=6695, nrcpt=1 (queue active)
Now I want to fetch all log lines containing with all messageid labels extracted from previous query. Like {host="mail.com"} |~"from=<user#domain>" | regexp "(?P<messageid>\\S+): from="} | messageid={list_of_parsed_messageids}
How can I achieve that? Thanks!
Related
We have a perl script which tries to send an email notification when the system is about to shut down. To do this, we catch the SIGTERM and call Unix mail command to send email in the signal handler. SIGTERM is caught but the unix mail log shows that the FROM and TO address are changed from user#companyname.com to user#hostname during shutdown. Any idea why the system does this and how to prevent it? (Please note: The same email works fine when we run the script and kill the process from terminal)
Here is the perl code snippet:
$SIG{TERM} = \&signal_handler;
sleep(3600);
sub signal_handler {
my $email_address = 'user#companyname.com';
system("echo \"TestBody\" | mail -s \"TestEmailSubject\" -c \"$email_address\" -r \"$email_address\" \"$email_address\"");
}
Here is what is printed in /var/log/mail/mail during shutdown:
Sep 17 21:17:04 postfix/postfix-script[7009]: starting the Postfix mail system
Sep 17 21:17:10 postfix/master[7011]: daemon started -- version 2.10.1, configuration /etc/postfix
Sep 17 21:17:10 postfix/pickup[10349]: 35F801809C9: uid=0 from=root
Sep 17 21:17:10 postfix/cleanup[10356]: 35F801809C9: message-id=<20190917211710.35F801809C9#HOSTNAME.net>
Sep 17 21:17:10 postfix/qmgr[10350]: 35F801809C9: from=root#HOSTNAME.net, size=1618, nrcpt=1 (queue active)
Sep 17 21:17:10 postfix/local[10372]: 35F801809C9: to=root#HOSTNAME.net, orig_to=<root>, relay=local, delay=13, delays=13/0.01/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
Here is the working case when we kill the process from terminal:
Sep 17 21:20:41 postfix/pickup[10349]: E5328180968: uid=14936 from=user#COMPANYNAME.com
Sep 17 21:20:41 postfix/cleanup[22690]: E5328180968: message-id=<5d814e29.qZd+wgg47afpUdbd%user#COMPANYNAME.com>
Sep 17 21:20:41 postfix/qmgr[10350]: E5328180968: from=user#COMPANYNAME.com, size=544, nrcpt=1 (queue active)
Sep 17 21:20:41 postfix/smtp[22692]: E5328180968: to=user#COMPANYNAME.com, delay=0.06, delays=0.01/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 OK 4E/77-59832-92E418D5)
the postfix system is probably being shut down earlier in the shutdown process than your script. Have you confirmed within your script that the mail system is still up after your script has tried to send an email?
Simple usecase but doesn't work.
I have a web application and want to configure a SMTP server to send emails from application.
Installed mailx as per link - http://tecadmin.net/bash-mail-command-not-found/
All good.
Test Sending email as: echo "This is a test email body " | mail -s "This is a test email " dk#xxx.com
Now I get the following in logs :
root#/var/log $ tail -f /var/log/maillog
Jul 19 16:47:57 bridgeapps-dev01 postfix/postfix-script[23104]: stopping the Postfix mail system
Jul 19 16:47:57 bridgeapps-dev01 postfix/master[1466]: terminating on signal 15
Jul 19 16:47:57 bridgeapps-dev01 postfix/postfix-script[23184]: starting the Postfix mail system
Jul 19 16:47:57 bridgeapps-dev01 postfix/master[23186]: daemon started -- version 2.10.1, configuration /etc/postfix
Jul 19 16:48:12 bridgeapps-dev01 postfix/pickup[23187]: 4163841204: uid=0 from=<root>
Jul 19 16:48:12 bridgeapps-dev01 postfix/cleanup[23194]: 4163841204: message-id=<20160719154812.4163841204#bridgeapps-dev01.localdomain>
Jul 19 16:48:12 bridgeapps-dev01 postfix/qmgr[23188]: 4163841204: from=<root#bridgeapps-dev01.localdomain>, size=582, nrcpt=1 (queue active)
Jul 19 16:48:12 bridgeapps-dev01 postfix/smtp[23196]: connect to ASPMX.L.GOOGLE.com[2a00:1450:400c:c09::1b]:25: Network is unreachable
Jul 19 16:48:12 bridgeapps-dev01 postfix/smtp[23196]: 4163841204: to=<dk#xxx.com>, relay=ASPMX.L.GOOGLE.com[64.233.166.26]:25, delay=0.47, delays=0.02/0.01/0.24/0.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1468943292 l4si11397516wmf.56 - gsmtp)
Jul 19 16:48:12 bridgeapps-dev01 postfix/qmgr[23188]: 4163841204: removed
All green, no errors, just as things seem to be too good to be true, I never receive this email in gmail.
What am I missing ?
Thank you,
First off, you can't send an email from localhost. You need a mail relay. Since you're already using gmail I would recommend this:
https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/
Good day!
After installing and running kolab letters delivered instantly. But after a few days letters to local destinations have become delivered with a delay. Over time, they are delivered, but the delay may be several hours. An example of the path of the letter:
root#myhost:~# cat /var/log/mail.log | grep 7AA7935B1FC
Jan 12 11:31:03 myhost postfix/smtpd[19494]: 7AA7935B1FC:
client=localhost[127.0.0.1]
Jan 12 11:31:05 myhost postfix/cleanup[19492]: 7AA7935B1FC:
message-id=<20160112093103.7AA7935B1FC#mail.myhost.com>
Jan 12 11:31:05 myhost postfix/qmgr[7021]: 7AA7935B1FC:
from=<noreply#myhost.com>, size=1279, nrcpt=3 (queue active)
Jan 12 11:31:05 myhost lmtpunix[19631]: Delivered:
<20160112093103.7AA7935B1FC#mail.myhost.com> to mailbox:
myhost.com!user.user1
Jan 12 11:31:06 myhost postfix/lmtp[19617]: 7AA7935B1FC: to=<user1#myhost.com>, relay=mail.myhost.com[/var/lib/imap/socket/lmtp], delay=2.6, delays=2/0.01/0/0.59, dsn=4.3.0, status=deferred (host
mail.myhost.com[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd:
failed to mmap /var/lib/imap/deliver.db.NEW file (in reply to end of
DATA command))
Jan 12 11:31:06 myhost postfix/lmtp[19617]: 7AA7935B1FC: to=<user2#myhost.com>, relay=mail.myhost.com[/var/lib/imap/socket/lmtp], delay=2.7, delays=2/0.01/0/0.68, dsn=4.4.2, status=deferred (lost connection with mail.myhost.com[/var/lib/imap/socket/lmtp] while sending end of data
-- message may be sent more than once
Jan 12 11:31:07 myhost postfix/lmtp[19617]: 7AA7935B1FC: to=<user3#myhost.com>, relay=mail.myhost.com[/var/lib/imap/socket/lmtp], delay=2.7, delays=2/0.01/0/0.68, dsn=4.4.2, status=deferred (lost connection with mail.myhost.com[/var/lib/imap/socket/lmtp] while sending end of data
-- message may be sent more than once)
Currently mailq features a variety of messages in queue. An example of one of these:
7BBDF35B123 6162 Tue Jan 12 13:19:24 user#rambler.ru (delivery temporarily suspended: lost connection with mail.myhost.com[/var/lib/imap/socket/lmtp] while sending end of data -- message may be sent more than once) user4#myhost.com
-- 11667 Kbytes in 327 Requests.
I think that the main reason is described here:
lmtp: failed to mmap /var/lib/imap/deliver.db.NEW file
But, unfortunately, not been able to find a solution.
The problem was solved according to this recommendation: http://lists.kolab.org/pipermail/users-de/2015-May/001998.html
Stop Services cyrus-imap and postfix
Delete files deliver.db.NEW and deliver.db in the directory /var/lib/imap/
Start the services and the file deliver.db is automatically created
Restart the queue: postsuper -r ALL
Some of the letters delivered from the queue again.
Proposed cause: after installing and start services on the new server users download messages en masse in the format *.eml, downloaded from the last post. Perhaps these actions somehow overflowed index files.
P.S.: Unfortunately, the solution was temporary: the situation described above is repeated periodically :(
I find out my server is sending a spam. Spam is sent by postfix server. It has large queue of emails, that are going to be sent without my help. I cant understand which script is added these emails to postfix queue.
Now I have these questions:
How to determine what script is adding mails to postfix queue?
How to clear postfix queue from spam? (all emails are spam, there are no emails sent by me)
Why reports are recieved by user123? (user123 - is ubuntu user, not original, changed by security reason)
Report from /var/mail/user123:
From MAILER-DAEMON Tue Nov 11 04:01:47 2014
Return-Path: <>
X-Original-To: user123#ubuntu
Delivered-To: user123#ubuntu
Received: by ubuntu (Postfix)
id 8F0D227364; Mon, 10 Nov 2014 15:15:52 -0500 (EST)
Date: Mon, 10 Nov 2014 15:15:52 -0500 (EST)
From: MAILER-DAEMON#ubuntu (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: user123#ubuntu
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="C0BE92ECAB.1415650552/ubuntu"
Message-Id: <20141110201552.8F0D227364#ubuntu>
This is a MIME-encapsulated message.
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host ubuntu.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<quirin.cyrille#orange.fr>: delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; ubuntu
X-Postfix-Queue-ID: C0BE92ECAB
X-Postfix-Sender: rfc822; user123#ubuntu
Arrival-Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
Final-Recipient: rfc822; quirin.cyrille#orange.fr
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Undelivered Message Headers
Content-Type: text/rfc822-headers
Return-Path: <user123#ubuntu>
Received: by ubuntu (Postfix, from userid 1006)
id C0BE92ECAB; Wed, 5 Nov 2014 13:50:50 -0500 (EST)
From: =?UTF-8?B?T25seSBDYXNpbm8=?= <only_casino#bingo-chips.us>
To: "MOIDU88480" <quirin.cyrille#orange.fr>
Subject: =?UTF-8?B?Qm9uam91ciBNT0lEVTg4NDgwLiBWZWdhcyBEYXlzIENhc2lubyAtIExhcyBWZWdhcyBzJ2ludml0ZSBjaGV6IHZvdXMgc3VyIFZlZ2FzIERheSBDYXNpbm8h?=
Content-Type: multipart/mixed; boundary="PHP-mixed-3b3472b0874837cf2218d941eec5b6d8"
Message-Id: <20141105185050.C0BE92ECAB#ubuntu>
Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
--C0BE92ECAB.1415650552/ubuntu--
Googling gives no result.
My google search queries could be wrong, but I really need to fix this problem.
So any help is appreciated.
If I can provide more useful information please ask it in comments.
P.S. Server is hosting magento and wordpress sites.
P.S.S. 74.218.214.24 - is IP of my dedicated server, not original. It was changed in this post due to security reason.
UPDATE
Some lines from /var/log/mail.log:
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: to=<mywookie#ymail.com>, relay=mta6.am0.yahoodns.net[98.136.216.25]:25, delay=7.7, delays=7.4/0/0.19/0.06, dsn=5.7.1, status=bounced (host mta6.am0.yahoodns.net[98.136.216.25] said: 553 5.7.1 [BL21] Connections will not be accepted from 74.218.214.24, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: lost connection with mta6.am0.yahoodns.net[98.136.216.25] while sending RCPT TO
Nov 9 06:40:05 u17135818 postfix/pickup[10080]: 1338B3ED4A: uid=1006 from=<user123>
Nov 9 06:40:05 u17135818 postfix/cleanup[12998]: 1338B3ED4A: message-id=<20141109114005.1338B3ED4A#ubuntu>
Nov 9 06:40:05 u17135818 postfix/cleanup[13261]: 133D53ED54: message-id=<20141109114005.133D53ED54#ubuntu>
Nov 9 06:40:05 u17135818 postfix/smtp[10424]: DECBB27368: to=<toshiki_6#hotmail.com>, relay=mx2.hotmail.com[207.46.8.199]:25, delay=9.6, delays=9.3/0.02/0.19/0.06, dsn=5.0.0, status=bounced (host mx2.hotmail.com[207.46.8.199] said: 550 OU-002 (BAY004-MC6F11) Unfortunately, messages from 74.218.214.24 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[12030]: EFA783D645: to=<festefaen#gmail.com>, relay=gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b]:25, delay=7.3, delays=6.6/0/0.09/0.64, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b] said: 550-5.7.1 [2607:f1c0:841:fe00::66:d8fd 12] Our system has detected that 550-5.7.1 this message is likely unsolicited mail. To reduce the amount of spam 550-5.7.1 sent to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. sd5si10854734igb.33 - gsmtp (in reply to end of DATA command))
...
Nov 11 04:01:54 u17135818 postfix/smtp[17765]: E01792762C: host mx1.free.fr[212.27.48.6] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17797]: 953592B312: host cluster1.eu.messagelabs.com[85.158.143.99] refused to talk to me: 450 Requested action aborted [7.2] 21614, please visit www.messagelabs.com/support for more details about this error message.
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: C7D883257C: from=<user123#ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 0799A259AD: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 90F4332280: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 67B8B2E7C7: from=<user123#ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 9063532F5D: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: EE4222A874: removed
Nov 11 04:01:54 u17135818 postfix/smtp[17724]: 61C22360A0: to=<lgennuso#princetonhcs.org>, relay=smtp4.princetonhcs.org[209.123.81.114]:25, delay=381492, delays=381485/5.6/0.59/0, dsn=4.5.0, status=deferred (host smtp4.princetonhcs.org[209.123.81.114] refused to talk to me: 550 5.5.0 74.218.214.24 is blacklisted by FortiGuard. This email from IP has been rejected. The email message was detected as spam.)
Nov 11 04:01:54 u17135818 postfix/smtp[17800]: 61B3A3AD2C: to=<bigboy#starbucks.org>, relay=none, delay=259892, delays=259884/2.2/5.5/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=starbucks.org type=MX: Host not found, try again)
Nov 11 04:01:54 u17135818 postfix/smtp[17787]: CD3312175D: host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17819]: 780C624266: to=<max.charlene#aliceadsl.fr>, relay=mx1.free.fr[212.27.48.7]:25, conn_use=5, delay=227385, delays=227377/6.5/0.66/0.34, dsn=4.0.0, status=deferred (host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command))
Nov 11 04:01:54 u17135818 postfix/smtp[17778]: CE12E26756: to=<rcataldo#laposte.net>, relay=smtpz4.laposte.net[194.117.213.1]:25, delay=133031, delays=133023/6.5/0.79/0.27, dsn=5.0.1, status=bounced (host smtpz4.laposte.net[194.117.213.1] said: 501 5.0.1 Emetteur invalide. Invalid Sender. LPN007_405 (in reply to MAIL FROM command))
It looks like one service or software triggering this mails. You can block all outgoing mails frompostfix by using the mail relaying options for external domains, this is possible if you don't want to send any mails from your machine.
You can check the maillog file inside /var/log - that will give the more details, also check the command mailq to see how many mails are pending.
Update:-
Do you allowed any of other people in your network to send mail through your machine ?, then you can suspect that case. Few things I can notice from the log is that -
The mail being rejected by the receiver end saying your public IP is flooding mails.
If these mails are coming periodically and not from any of other machines in your network, then you have to find out which process or application doing this. For that you have to use the tcpdump and monitor for the TCP packets. From that you can see that, the mail client first pushing the mail to your local postfix server, then that's being forwarded to the target mail server.
This is the way I can see to find out which application sending mails from your computer.
Hope this will help you to figure out the culprit.
I'm facing an issue with delivering e-mails.
I've successfully setup dovecot + postfix + mysql. The issue is that e-mails is not in the INBOX when I send e-mails from localhost (for example from php script). It works perfectly when I send e-mails from any other server. I have no idea what could cause this issue. Maillog seems to be OK. Where should I take a look?
Log for undelivered e-mail looks like this
Nov 9 22:31:31 user postfix/pickup[15929]: 474A5300E47: uid=5005 from=<webmaster#domain.com>
Nov 9 22:31:31 user postfix/cleanup[18511]: 474A5300E47: message-id=<20141109223131.474A5300E47#domain.com>
Nov 9 22:31:31 user postfix/qmgr[2582]: 474A5300E47: from=<webmaster#domain.com>, size=1198, nrcpt=1 (queue active)
Nov 9 22:31:35 user postfix/smtpd[18515]: connect from localhost[127.0.0.1]
Nov 9 22:31:35 user postfix/smtpd[18515]: 9A538300E48: client=localhost[127.0.0.1]
Nov 9 22:31:35 user postfix/cleanup[18511]: 9A538300E48: message-id=<20141109223131.474A5300E47#domain.com>
Nov 9 22:31:35 user postfix/smtpd[18515]: disconnect from localhost[127.0.0.1]
Nov 9 22:31:35 user postfix/qmgr[2582]: 9A538300E48: from=<webmaster#domain.com>, size=1595, nrcpt=1 (queue active)
Nov 9 22:31:35 user amavis[3458]: (03458-10) Passed CLEAN {RelayedInbound}, <webmaster#domain.com> -> <info#domain.com>, Message-ID: <20141109223131.474A5300E47#domain.com>, mail_id: 1S0boeHaaI2L, Hits: 1.115, size: 1196, queued_as: 9A538300E48, 4313 ms
Nov 9 22:31:35 user postfix/smtp[18512]: 474A5300E47: to=<info#domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.4, delays=0.05/0.02/0.02/4.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9A538300E48)
Nov 9 22:31:35 user postfix/qmgr[2582]: 474A5300E47: removed
Nov 9 22:31:35 user dovecot: lda(info#domain.com): sieve: msgid=<20141109223131.474A5300E47#domain.com>: stored mail into mailbox 'INBOX'
Nov 9 22:31:35 user postfix/pipe[18516]: 9A538300E48: to=<info#domain.com>, relay=dovecot, delay=0.1, delays=0.02/0.03/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 9 22:31:35 user postfix/qmgr[2582]: 9A538300E48: removed
Log for delivered e-mail
Nov 9 22:32:13 user postfix/smtpd[18542]: connect from mail-wi0-x236.google.com[2a00:1450:400c:c05::236]
Nov 9 22:32:13 user postfix/smtpd[18542]: 985EB300E47: client=mail-wi0-x236.google.com[2a00:1450:400c:c05::236]
Nov 9 22:32:13 user postfix/cleanup[18511]: 985EB300E47: message-id=<B840B0EE-45E6-4609-BD14-59EBF39449D0#gmail.com>
Nov 9 22:32:13 user postfix/qmgr[2582]: 985EB300E47: from=<example#gmail.com>, size=7916, nrcpt=1 (queue active)
Nov 9 22:32:13 user postfix/smtpd[18542]: disconnect from mail-wi0-x236.google.com[2a00:1450:400c:c05::236]
Nov 9 22:32:18 user postfix/smtpd[18515]: connect from localhost[127.0.0.1]
Nov 9 22:32:18 user postfix/smtpd[18515]: 3F751300E48: client=localhost[127.0.0.1]
Nov 9 22:32:18 user postfix/cleanup[18511]: 3F751300E48: message-id=<B840B0EE-45E6-4609-BD14-59EBF39449D0#gmail.com>
Nov 9 22:32:18 user postfix/qmgr[2582]: 3F751300E48: from=<example#gmail.com>, size=8407, nrcpt=1 (queue active)
Nov 9 22:32:18 user postfix/smtpd[18515]: disconnect from localhost[127.0.0.1]
Nov 9 22:32:18 user amavis[2072]: (02072-11) Passed CLEAN {RelayedInbound}, [2a00:1450:400c:c05::236]:65181 [86.149.90.56] <example#gmail.com> -> <info#domain.com>, Queue-ID: 985EB300E47, Message-ID: <B840B0EE-45E6-4609-BD14-59EBF39449D0#gmail.com>, mail_id: IXFd3XMT3ftY, Hits: -0.799, size: 7915, queued_as: 3F751300E48, dkim_sd=20120113:gmail.com, 4569 ms
Nov 9 22:32:18 user postfix/smtp[18512]: 985EB300E47: to=<info#domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7, delays=0.1/0/0.02/4.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3F751300E48)
Nov 9 22:32:18 user postfix/qmgr[2582]: 985EB300E47: removed
Nov 9 22:32:18 user dovecot: lda(info#domain.com): sieve: msgid=<B840B0EE-45E6-4609-BD14-59EBF39449D0#gmail.com>: stored mail into mailbox 'INBOX'
Nov 9 22:32:18 user postfix/pipe[18516]: 3F751300E48: to=<info#domain.com>, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 9 22:32:18 user postfix/qmgr[2582]: 3F751300E48: removed
FIXED IT
Just in case somebody else would face this issue. Check your /etc/hosts file
if you have
39.29.192.294 domain.com
Of course with your public ip address & your domain.
It wouldn't deliver any e-mail sent from localhost to #domain.com. Remove this line & it should works ;)