I am having a problem with Google's SMTP servers. They reject my SMTP server's IP for no valid reason. My server complies with all the necessary rules to deliver the message but Google rejects it by IP without giving me details and I cannot find support either. I have written to postmaster#gmail.com but got no response. My server sends notifications to the users of the system, it does not do SPAM and apparently everything is correct. I don't see a valid reason for this crash, and I can't find a way to fix it. I would like to know if the same thing happened to someone and how they could solve it. Next I copy the console with the delivery attempt and additionally some DNS checks that show that apparently there is no problem on my server:
root#venabili:~# hostname -f
venabili.tecnologica.com.ar
root#venabili:~# id
uid=0(root) gid=0(root) grupos=0(root)
root#venabili:~# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 200.69.236.179 netmask 255.255.255.0 broadcast 200.69.236.255
inet6 fe80::f816:3eff:fe27:b8e1 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:27:b8:e1 txqueuelen 1000 (Ethernet)
RX packets 302342269 bytes 32703331063 (30.4 GiB)
RX errors 0 dropped 17 overruns 0 frame 0
TX packets 75025298 bytes 12670842456 (11.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root#venabili:~# nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> set type=mx
> tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
tecnologica.com.ar mail exchanger = 10 venabili.tecnologica.com.ar.
Authoritative answers can be found from:
> set type=a
> venabili.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: venabili.tecnologica.com.ar
Address: 200.69.236.179
> set type=aaaa
> venabili.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: venabili.tecnologica.com.ar
Address: fe80::f816:3eff:fe27:b8e1
> set type=ptr
> 200.69.236.179
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
179.236.69.200.in-addr.arpa name = venabili.tecnologica.com.ar.
Authoritative answers can be found from:
> set type=txt
> tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
tecnologica.com.ar text = "v=spf1 a mx ip4:200.69.236.179 ip6:fe80::f816:3eff:fe27:b8e1 ~all"
Authoritative answers can be found from:
> set type=txt
> default._domainkey.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
default._domainkey.tecnologica.com.ar text = "v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+GrX8vxp9W51ehJuixhL5AbjmCgcN2h7KqMiLI8LMUfmpWPP1GIhxlWCieFUVMOAQGlQrImuFE3kk/qLOgyumzUTRBwxlNX+7tix7dlBclXAWq8SjB9SbbAcPKkTBAq0pvXvp4l4qTCFnfVXAs1g/lCywlJrbfAFVVXWdN44ElFz+bD4YRYsXSmz//L1uFU7YE" "zkFUvbMtwBOL1xRvjAFXH4xQ7/vkHX6+OIxnm47vO/a2CqFVXok0FhAj44BmlBT+Py0x0SP8jsm+xhnLc238ZIsGylTwCb0Zbl3DR9bKGBy9FqXoUyRIzWKEkAtwaKq7qeBO3oRT4kQOKEOog2QIDAQAB"
Authoritative answers can be found from:
> _dmarc.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
_dmarc.tecnologica.com.ar text = "v=DMARC1; p=reject; rua=mailto:postmaster#tecnologica.com.ar; ruf=mailto:postmaster#tecnologica.com.ar"
Authoritative answers can be found from:
> _smtp._tls.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
_smtp._tls.tecnologica.com.ar text = "v=TLSRPTv1; rua=mailto:postmaster#tecnologica.com.ar"
Authoritative answers can be found from:
> _mta-sts.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
_mta-sts.tecnologica.com.ar text = "v=STSv1; id=20200918192500"
Authoritative answers can be found from:
> set type=cname
> mta-sts.tecnologica.com.ar
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
mta-sts.tecnologica.com.ar canonical name = venabili.tecnologica.com.ar.
Authoritative answers can be found from:
> exit
root#venabili:~# openssl s_client -connect mta-sts.tecnologica.com.ar:443
CONNECTED(00000004)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mta-sts.tecnologica.com.ar
verify return:1
---
Certificate chain
0 s:CN = mta-sts.tecnologica.com.ar
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISBC7Vr1sblDEJHYgxBtfro6xcMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA5MTgyMzM4MjdaFw0y
MDEyMTcyMzM4MjdaMCUxIzAhBgNVBAMTGm10YS1zdHMudGVjbm9sb2dpY2EuY29t
LmFyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5glA7vEmuS0EzKhn
w9IfLPHHertYYOYx54t/2zr8G1pSmkCjrOlfV+YHwIuWeehxDUz/ezy1JXyK11kd
raDd71MoBd9mV12fjITO99oDpkYu9g09TxJ9rpIEkU8LRGkgjfDGBBtf5X5Za+Ah
gWbJ4JudVoykVZ00riQsZzbfJ8FNZcwEgErWCZCBL45tR7tfeFlXTJGFhyszqQN+
r4gS3C/JpsObIMaoqmkJrO5YUGcfGvqDOG3INthp2L9/t743OfYUGTqRFu09Rq5S
xwEYxR8GksaLwzMWOIRelMP4W5F9ce7hhdxU68cK4j9rHXaaeNXLySeMs7K9C2vt
p1nnowIDAQABo4ICcDCCAmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ1A7mXXvtb
eS6ZYRtw4EA7WhJ3/zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBv
BggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5s
ZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5s
ZXRzZW5jcnlwdC5vcmcvMCUGA1UdEQQeMByCGm10YS1zdHMudGVjbm9sb2dpY2Eu
Y29tLmFyMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW
eQIEAgSB9gSB8wDxAHcA5xLysDd+GmL7jskMYYTx6ns3y1YdESZb8+DzS/JBVG4A
AAF0o8xFcQAABAMASDBGAiEAlc3Q8FEkd5ZUayxVfeorQv9+Jt1OSgOOP+jqVw5K
sskCIQCE0Hx7YDWcJ9o4Cck50WP7UtA/qRgmfn1fVIHyEZMftwB2AAe3XBvlfWj/
8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABdKPMRZcAAAQDAEcwRQIgBVUd9xxC
DVX/kr0+308ra9YOqJC/yvBJnktxWg6YUVMCIQCR14/ouxc+Ydm4tePVBjBnmpRq
QzQEDYrd+4R7JjpiCjANBgkqhkiG9w0BAQsFAAOCAQEAlCnRwvP7wNRHTzB5N9/N
2cBPuVxKbvf1rHwusXYzQBVlyM6grEvjTgd5V/C+we1ueDUp991tP3z5AAksIGWM
/ssDlK0VSxv9PIzC1LxDK39Sl+P8xkuGj0zSDYg321sFjFyZLashP+xFYyzx3QdD
9h65J0uB/BigWOIN9sK1vLVhIB4yqV190vucyMamJBZ1dvSaYCi52dCgEEsAxM3v
LksETYgpSqB4+6zB2ae3/FN2/m3vyWCdFv1fL19hIidKjwIYhIKVOLKTQCYvCd+p
srhlTtnRf8i+P8Dni9xKmKSFwSGc8L+AS0AfTh6M/+IEPOO2zJsp1R/PBWgiy42v
fw==
-----END CERTIFICATE-----
subject=CN = mta-sts.tecnologica.com.ar
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3203 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: 38FDD25BCB4C28F5364CA3418C05D13F279E62882E594190276850599BB67EAB
Session-ID-ctx:
Master-Key: 41AEF29EC1545AAE8C53958032EFF464E237232D8AA9D22CF9513297DFFBA40645226685FE58FEC782DA20CDFFEB5EDB
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 5f 78 fa 6f 3a 54 9c c2-f0 8e b2 b7 70 13 05 d4 _x.o:T......p...
0010 - 4b 39 84 62 c7 cb 96 f8-89 5c 27 09 6c 2b aa ad K9.b.....\'.l+..
0020 - 52 22 36 d6 a3 0b 8b 5e-ed 4b 78 f5 49 61 47 69 R"6....^.Kx.IaGi
0030 - c9 e7 41 88 c2 e6 29 86-b5 52 a9 8f 56 3f 79 3e ..A...)..R..V?y>
0040 - 14 bd b5 24 ca c5 f7 a4-ab b9 f9 26 dc 1c 71 7a ...$.......&..qz
0050 - ab 5a a2 a9 76 df 61 70-a5 91 5f 69 36 bc 64 69 .Z..v.ap.._i6.di
0060 - 02 b5 4b ba 79 e0 c9 a7-3b e2 a6 30 9b 2b 34 33 ..K.y...;..0.+43
0070 - 02 af 1e 3c 82 90 bc ca-32 b3 57 5b e0 b6 33 b0 ...<....2.W[..3.
0080 - a6 4c dc a8 c9 01 29 cf-98 ba 7c 40 3a ae 4b 04 .L....)...|#:.K.
0090 - 95 66 2f 96 b2 b9 5b f1-b0 f2 b0 6c e4 61 6f d0 .f/...[....l.ao.
00a0 - 98 a2 67 06 c9 22 ef a3-f5 ec 24 ac a2 b1 5f 4e ..g.."....$..._N
Start Time: 1600571394
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
GET /.well-known/mta-sts.txt HTTP/1.1
Host: venabili.tecnologica.com.ar
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sun, 20 Sep 2020 03:10:22 GMT
Content-Type: text/plain
Content-Length: 77
Last-Modified: Sat, 19 Sep 2020 14:07:46 GMT
Connection: keep-alive
ETag: "5f6610b2-4d"
Accept-Ranges: bytes
version: STSv1
mode: testing
mx: venabili.tecnologica.com.ar
max_age: 604800
^C
root#venabili:~# openssl s_client -starttls smtp -connect venabili.tecnologica.com.ar:587 -crlf -ign_eof
CONNECTED(00000004)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = venabili.tecnologica.com.ar
verify return:1
---
Certificate chain
0 s:CN = venabili.tecnologica.com.ar
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISBAyLUnN1zyR0tAMF7k1G3023MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA5MTgyMjMxMjZaFw0y
MDEyMTcyMjMxMjZaMCYxJDAiBgNVBAMTG3ZlbmFiaWxpLnRlY25vbG9naWNhLmNv
bS5hcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/svQH9FsoQZyGh
krGZLrN3GAzwuAV2IEsYdAixVrVXGPPjA4oTxQDWncBPVh8x6nMstJqq4xP19aBr
pw5P2rcsMvLT9RJ14wGuNzzDcx9uOmR709ZrPpPzZJ4JJnZxQP5dE2jJMrPQ7tnI
3AudscEaAMW8qBLj91jPDiv4LbRHL4xU+w46yZbB6szgb4u567SSKFaVlRQ8tmCt
msIkYdA5mP5/1Z0QN6PgtAzCWECEkn/eRpuTUHliMjgCocwQ3RYkofGrNQ1a4H7F
RgdaQzjCjQ7JdT/pZTYWrejr3alMsFAukRfIH/FMI5v8ojaxzlQOhz46WJiw3qNH
rmjb+G0CAwEAAaOCAnEwggJtMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU91GfsO41
iPZN1SROqwqnCPSN9yIwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw
bwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMu
bGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu
bGV0c2VuY3J5cHQub3JnLzAmBgNVHREEHzAdght2ZW5hYmlsaS50ZWNub2xvZ2lj
YS5jb20uYXIwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEE
AdZ5AgQCBIH2BIHzAPEAdwDnEvKwN34aYvuOyQxhhPHqezfLVh0RJlvz4PNL8kFU
bgAAAXSjjusOAAAEAwBIMEYCIQDOwhtVW/tkJzexdCpcX2gLXX7axA8Fw4bDURrr
tu/ecQIhAKpdzqz+iWGw9I7pkKfYNjyyLdWojRlT+IYQfR7qxQc4AHYAB7dcG+V9
aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAF0o47rMwAABAMARzBFAiBUUOSO
S+8ueu2ACk+862qxbAsXylwZAfHhg/7HmEeEQQIhAKq3jqMMSIjTo47t2JXrU58d
PP6E3NwNHOgGCNje4R/nMA0GCSqGSIb3DQEBCwUAA4IBAQAua/T4drS/7xpNmGDV
Xp2iFhSaVsbWeHh5+40POEAy9NvaZ8O4CeNjV3NeV84QI2Jh1PjehebM72K85rCT
7jEOqaJY5vmKrLBVji6MsgryyGLm4Y368nMR3JrXDLUkATgart+jLdsxLbaRsI1t
Gf+BLc6TYb4roGiI7TTjEQDAy2SOGqfOWbAEdVKIEr9P3IBrlOSOl2o8gd97PXQ/
vEmklVM/5zr5l5paInHOidBL8y8qVk2s9AkaQNAS2QTX5+iFl9D1u8z5mz49eKPb
sb9GSFVTm/qe0KHl02qga4/1ANRoNCuKoaE5xxhqyboJwy58qp7opbzipqxbQI0T
N8e/
-----END CERTIFICATE-----
subject=CN = venabili.tecnologica.com.ar
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3389 bytes and written 432 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D8A0F5C48FBFE47FAEF6482AC696CBCAB01EB030F683053A41539DCD5B91E593
Session-ID-ctx:
Resumption PSK: 3CACF3832764ACCF8A00FFDAFA9A8771E62C04FCDF1429A85EB2A3AC0F39733F642045E4602CE73F62AEC75745B51392
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 30 00 51 89 4c df 15 62-da 50 55 37 92 60 65 f2 0.Q.L..b.PU7.`e.
0010 - 05 72 39 3d fb 1e 8a 05-2f 95 6b f0 cd 33 29 b0 .r9=..../.k..3).
0020 - b7 38 89 4f 2f 32 91 66-f7 59 2f 80 43 fc 81 f7 .8.O/2.f.Y/.C...
0030 - c6 53 68 3d d8 69 0d 10-6c 4c 62 9c 81 d9 ec 60 .Sh=.i..lLb....`
0040 - 9f ef a0 95 46 d3 e0 10-29 09 20 ab 48 3b 07 34 ....F...). .H;.4
0050 - 82 d3 0e 39 3d 11 18 e8-9e 44 b7 69 b9 d0 45 2e ...9=....D.i..E.
0060 - 97 4f da 69 aa 89 27 2c-e5 9c 63 39 4b f8 3f 54 .O.i..',..c9K.?T
0070 - 23 1a db 73 ac 7e 78 20-76 f5 67 b9 8f e1 c3 34 #..s.~x v.g....4
0080 - d7 f0 b5 0b 0d c7 dc 80-f6 40 0c 20 3f 8d 16 b7 .........#. ?...
0090 - 3a c2 e2 a9 c1 b6 fd 84-65 7f a5 1c 16 81 60 5a :.......e.....`Z
00a0 - 53 12 3a bf d0 4a 0c 0e-a2 3b 57 ce ad 63 89 e6 S.:..J...;W..c..
00b0 - a7 58 ea 21 f9 2e 04 00-ff 6f a7 40 9d 2c bf 39 .X.!.....o.#.,.9
00c0 - 8d d9 19 c9 e1 05 a6 19-a4 60 06 75 8d 3e 95 89 .........`.u.>..
Start Time: 1600567929
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
ehlo venabili.tecnologica.com.ar
250-venabili.tecnologica.com.ar
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
auth login
334 VXNlcm5hbWU6
bm8tcmVzcG9uZGVyQHRlY25vbG9naWNhLmNvbS5hcg==
334 UGFzc3dvcmQ6
!!!
235 2.7.0 Authentication successful
mail from: no-responder#tecnologica.com.ar
250 2.1.0 Ok
rcpt to: jmouriz#gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
from: root <no-responder#tecnologica.com.ar>
to: Juan Manuel Mouriz <jmouriz#gmail.com>
subject: Mensaje de prueba
Hola, este es un mensaje de prueba
.
250 2.0.0 Ok: queued as 5E50844853
quit
221 2.0.0 Bye
closed
root#venabili:~# grep 5E50844853 /var/log/mail.log
Sep 19 23:18:54 venabili postfix/submission/smtpd[7994]: 5E50844853: client=venabili.tecnologica.com.ar[200.69.236.179], sasl_method=login, sasl_username=no-responder#tecnologica.com.ar
Sep 19 23:20:35 venabili postfix/cleanup[8543]: 5E50844853: message-id=<20200920021854.5E50844853#venabili.tecnologica.com.ar>
Sep 19 23:20:35 venabili postfix/qmgr[5677]: 5E50844853: from=<no-responder#tecnologica.com.ar>, size=554, nrcpt=1 (queue active)
Sep 19 23:20:35 venabili postfix/cleanup[8543]: 6F3BE4485D: message-id=<20200920021854.5E50844853#venabili.tecnologica.com.ar>
Sep 19 23:20:35 venabili amavis[26666]: (26666-19) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [200.69.236.179]:55833 [200.69.236.179] <no-responder#tecnologica.com.ar> -> <jmouriz#gmail.com>, Queue-ID: 5E50844853, Message-ID: <20200920021854.5E50844853#venabili.tecnologica.com.ar>, mail_id: bcEyyqxUQvNK, Hits: -1, size: 554, queued_as: 6F3BE4485D, dkim_new=default:tecnologica.com.ar, 329 ms
Sep 19 23:20:35 venabili postfix/smtp[8676]: 5E50844853: to=<jmouriz#gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=115, delays=115/0.02/0.01/0.32, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 6F3BE4485D)
Sep 19 23:20:35 venabili postfix/qmgr[5677]: 5E50844853: removed
root#venabili:~# grep 6F3BE4485D /var/log/mail.log
Sep 19 23:20:35 venabili postfix/smtpd[8679]: 6F3BE4485D: client=localhost[127.0.0.1]
Sep 19 23:20:35 venabili postfix/cleanup[8543]: 6F3BE4485D: message-id=<20200920021854.5E50844853#venabili.tecnologica.com.ar>
Sep 19 23:20:35 venabili postfix/qmgr[5677]: 6F3BE4485D: from=<no-responder#tecnologica.com.ar>, size=1625, nrcpt=1 (queue active)
Sep 19 23:20:35 venabili amavis[26666]: (26666-19) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [200.69.236.179]:55833 [200.69.236.179] <no-responder#tecnologica.com.ar> -> <jmouriz#gmail.com>, Queue-ID: 5E50844853, Message-ID: <20200920021854.5E50844853#venabili.tecnologica.com.ar>, mail_id: bcEyyqxUQvNK, Hits: -1, size: 554, queued_as: 6F3BE4485D, dkim_new=default:tecnologica.com.ar, 329 ms
Sep 19 23:20:35 venabili postfix/smtp[8676]: 5E50844853: to=<jmouriz#gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=115, delays=115/0.02/0.01/0.32, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 6F3BE4485D)
Sep 19 23:20:37 venabili postfix/smtp[8680]: 6F3BE4485D: to=<jmouriz#gmail.com>, relay=gmail-smtp-in.l.google.com[172.217.192.26]:25, delay=1.7, delays=0.02/0.02/0.88/0.8, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[172.217.192.26] said: 550-5.7.1 [200.69.236.179] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError a44si4686321qtk.87 - gsmtp (in reply to end of DATA command))
Sep 19 23:20:37 venabili postfix/bounce[8681]: 6F3BE4485D: sender non-delivery notification: 32EF64485E
Sep 19 23:20:37 venabili postfix/qmgr[5677]: 6F3BE4485D: removed
root#venabili:~#
The domain in question is tecnologica.com.ar and I leave a link to some verifications where it is seen that the RR SPF, DKIM, DMARC, _SMTP._TLS, _MTA-STS, MTA-STS, CAA and PTR are correct and it is not a open relay:
https://mxtoolbox.com/domain/tecnologica.com.ar
The certificates are signed by Let's Encrypt. The host name matches the certificate. The classes are correct. And finally, I do not SPAM. I would greatly appreciate a help because at this point I am completely disoriented and can't find what else to do.
I am not looking for a solution but rather where I can find it.
Thank you very much for your help
Additional info
This is a report domain for DMARC:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support#google.com</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
<report_id>7762784093316082866</report_id>
<date_range>
<begin>1603756800</begin>
<end>1603843199</end>
</date_range>
</report_metadata>
<policy_published>
<domain>tecnologica.com.ar</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>reject</p>
<sp>reject</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>200.69.236.179</source_ip>
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>tecnologica.com.ar</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>tecnologica.com.ar</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
<spf>
<domain>tecnologica.com.ar</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
And this is a report domain for TLS:
{"organization-name":"Google Inc.","date-range":{"start-datetime":"2020-10-26T00:00:00Z","end-datetime":"2020-10-26T23:59:59Z"},"contact-info":"smtp-tls-reporting#google.com","report-id":"2020-10-26T00:00:00Z_tecnologica.com.ar","policies":[{"policy":{"policy-type":"sts","policy-string":["version: STSv1\r","mode: testing\r","mx: venabili.tecnologica.com.ar\r","max_age: 604800\r","\r"],"policy-domain":"tecnologica.com.ar"},"summary":{"total-successful-session-count":1,"total-failure-session-count":0}}]}
On my Windows 10, mmc.exe crashes when I try to add the certificate snap-in. When I click "Ok" after having added the snap-in (computer account, local computer) the message: "Microsoft Management Console has stopped working" and I am offered a debug option.
There are no further error messages.
I have tried to run "sfc /scannow" and found nothing to repair.
The MMC is crashing because of the SqlManager.dll from SQLServer 2014 RTM (2014.0120.2000.08 ((SQL14_RTM).140220-1924 ))
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=0000000000000000 rbx=0000000072f3df90 rcx=000000000000000a
rdx=0000000072f3df90 rsi=0000000000000000 rdi=0000000080000010
rip=00007ffcb524a030 rsp=000000000f13ec18 rbp=000000001339d408
r8=000000000f13eb78 r9=000000001339d408 r10=0000000000000000
r11=000000000f13ebe0 r12=0000000000220a5e r13=0000000000000090
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!RtlFailFast2:
00007ffc`b524a030 cd29 int 29h
Resetting default scope
FAULTING_IP:
ntdll!RtlFailFast2+0
00007ffc`b524a030 cd29 int 29h
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffcb524a030 (ntdll!RtlFailFast2)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000000a
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
PROBLEM_CLASSES:
ID: [0n262]
Type: [FAIL_FAST]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
ID: [0n256]
Type: [GUARD_ICALL_CHECK_FAILURE]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
ID: [0n92]
Type: [AVRF]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x3be8]
TID: [0x3cf0]
Frame: [0] : ntdll!RtlFailFast2
BUGCHECK_STR: FAIL_FAST_GUARD_ICALL_CHECK_FAILURE_AVRF
DEFAULT_BUCKET_ID: FAIL_FAST_GUARD_ICALL_CHECK_FAILURE_AVRF
PRIMARY_PROBLEM_CLASS: FAIL_FAST
STACK_TEXT:
00 ntdll!RtlFailFast2
01 ntdll!RtlpHandleInvalidUserCallTarget
02 ntdll!LdrpHandleInvalidUserCallTarget
03 user32!UserCallWinProcCheckWow
04 user32!DispatchClientMessage
05 user32!_fnDWORD
06 ntdll!KiUserCallbackDispatcherContinue
07 win32u!NtUserDestroyWindow
08 SqlManager_72c70000!CEventRegWnd::~CEventRegWnd
09 SqlManager_72c70000!CRT_INIT
0a SqlManager_72c70000!CRT_INIT
0b verifier!AVrfpStandardDllEntryPointRoutine
0c ntdll!LdrpCallInitRoutine
0d ntdll!LdrpProcessDetachNode
0e ntdll!LdrpUnloadNode
0f ntdll!LdrpDecrementModuleLoadCountEx
10 ntdll!LdrUnloadDll
11 KERNELBASE!FreeLibrary
12 combase!CClassCache::CDllPathEntry::CFinishObject::Finish
13 combase!CClassCache::CFinishComposite::Finish
14 combase!CClassCache::CleanUpDllsForApartment
15 combase!CCCleanUpDllsForApartment
16 combase!FinishShutdown::__l2::<lambda_ac39365968346bea08de70a73a47183a>::operator()
17 combase!ObjectMethodExceptionHandlingAction<<lambda_ac39365968346bea08de70a73a47183a> >
18 combase!FinishShutdown
19 combase!ApartmentUninitialize
1a combase!wCoUninitialize
1b combase!CoUninitialize
1c verifier!AVrfpCoUninitialize
1d mmcndmgr!MMC21ADDREMOVEUI::CAboutInfoThread::ThreadProc
1e msvcrt!_callthreadstartex
1f msvcrt!_threadstartex
20 verifier!AVrfpStandardThreadFunction
21 kernel32!BaseThreadInitThunk
22 ntdll!RtlUserThreadStart
So update the SQL Server to latest Service Pack and Update Hotfix Rollup. Import the uninstall .reg to disable dump creation and app verifier.
We‘re using LDAP/SSO in my company which provides the username in UTF-8 format to SonarQube.
However LDAP/SSO sends the username in UFT-8 but SonarQube requires Latin1/ISO-8859. There is no way to change the encoding on LDAP/SSO or SonarQube.
Result wrong umlauts:
Andrü Tingö = Andr«Ã Ting¼Ã OR äëüö = äëüÃ
Is there any workaround?
I wanted to post this as comment, but I need 50 reputations to write comments.
We are using simplesamlphp for SSO as IdP and SP. IdP takes cn, givenName and sn from LDAP, which has UTF-8 values. Loginnames/Usernames are us-ascii only.
If the user comes to Sonar, the non-us-ascii characters are incorrect - they were converted from ... to utf-8, even they already are in utf-8.
If I use the attributes from IDP in PHP which sends the page in UTF-8, then characters are correct.
I did just now one test. In our Apache Config we set the X-Forwarded-Name to MCAC_ATTR_CN attribute what SP get from IdP. Original configuration is:
RequestHeader set X-Forwarded-Name "expr=%{reqenv:MCAC_ATTR_CN}"
Now I have added fixed string in UTF-8:
RequestHeader set X-Forwarded-Name "expr=%{reqenv:MCAC_ATTR_CN} cäëöüc"
The "c" characters are only separators to see the encoded text better.
The hexdump of this configuration line is:
0000750: 09 0909 5265 7175 6573 7448 6561 ...RequestHea
0000760: 6465 7220 7365 7420 582d 466f 7277 6172 der set X-Forwar
0000770: 6465 642d 4e61 6d65 2022 6578 7072 3d25 ded-Name "expr=%
0000780: 7b72 6571 656e 763a 4d43 4143 5f41 5454 {reqenv:MCAC_ATT
0000790: 525f 434e 7d20 63c3 a4c3 abc3 b6c3 bc63 R_CN} c........c
00007a0: 220a ".
As you can see, there are fixed utf-8 characters "ä" c3a4 "ë" c3ab "ö" c3b6 "ü" c3bc.
From LDAP comes follwing name:
xxxxxx xxxxx xxxx äëüö
In Apache config is appended " cäëöüc", therefore resulting name should be:
xxxxxx xxxxx xxxx äëüö cäëöüc
But in Sonar, the name is displayed as
xxxxxx xxxxx xxxx äëüö cäëöüc
You get similar result if you convert follwing text:
xxxxxx xxxxx xxxx äëüö cäëöüc
from ISO-8859-1 to UTF-8:
echo "xxxxxx xxxxx xxxx äëüö cäëöüc" | iconv -f iso-8859-2 -t utf-8
xxxxxx xxxxx xxxx äÍßÜ cäÍÜßc
The "¤" character is utf-8 char c2 a4:
00000000: c2a4 0a ...
I have made tcpdump on loopback to get communications from apache proxy module to sonarqube and even there you can see correct UTF-8 characters c3a4 c3ab c3bc c3b6 comming from IdP and then between "c"s you can see c3a4 c3ab c3b6 c3bc comming direct from apache.
00000000 47 45 54 20 2f 61 63 63 6f 75 6e 74 20 48 54 54 GET /acc ount HTT
...
00000390 58 2d 46 6f 72 77 61 72 64 65 64 2d 4e 61 6d 65 X-Forwar ded-Name
000003A0 3a 20 72 6f 62 65 72 74 20 74 65 73 74 32 20 77 : xxxxxx xxxxx x
000003B0 6f 6c 66 20 c3 a4 c3 ab c3 bc c3 b6 20 63 c3 a4 xxx .... .... c..
000003C0 c3 ab c3 b6 c3 bc 63 0d 0a ......c. .
...
The system has locales set to en_US.UTF-8, if this matters.
So Sonar gets really UTF-8 Text from Apache (direct config or from IdP) but then something probably converts this utf-8 text as if it was iso-8859 text to utf-8 again and makes nonsense.
Do you have any idea now? Could this be something in sonar or in wrapper or somewhere some options set incorrectly?
Regards,
Robert.
With a smart card Gemalto (IAS ECC), I would to calculate a signature by using private key stored on smart card. For this, I use APDU commands:
// Verify PIN
00 20 00 01 04 31 32 33 34
-> 90 00
// Create a context for security operation
00 22 41 B6 06 84 01 84 80 01 12
-> 90 00
// Set the hash of the document
00 2A 90 A0 14 HASH OF DOCUMENT
-> 69 85
// Calculating the signature
00 2A 9E 9A 80
-> 69 85
My problem is the following: the las two commands return the error code "69 85", meaning "Conditions of use not satisfied".
I have already tried several solutions, but I obtain always the same error. How to resolve it? What does this code can mean?
After some tests, I discovered something interesting. When I replace cla "00" by "10", smart card returns a different response:
// Create a context for security operation
00 22 41 B6 06 84 01 84 80 01 12
// Verify PIN
00 20 00 01 04 31 32 33 34
// Calculating the signature (I replace "00" by "10")
10 2A 9E 9A 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 12 13 14 15
I don't know if it's the good solution because smart card returns "90 00". But, it would return the content of my signature!
Thank you for your help!
Best regards
You are getting SW 6985 for
// Set the hash of the document
00 2A 90 A0 14 HASH OF DOCUMENT
-> 69 85
Since you have not set the correct context in current security environment.
Let me explain this below
First you performed VERIFY PIN command which was successful
// Verify PIN
00 20 00 01 04 31 32 33 34
-> 90 00
Then you performed MSE SET command,Where you set the security context.For this you have to understood how SE works(Please refer to section 3.5 fron IAS ECC v1.01).
At the time of personalisation, the Personaliser agent create SDO(Secure Data Object) inside the card.The reference to this SDO are mentioned in SE(Security Environment) in form of CRT(Control reference template).
// Create a context for security operation
00 22 41 B6 06 84 01 84 80 01 12
-> 90 00
Generally speaking, MSE SET command will always return SW 900 even if the SDO reference is wrong. Since it only return SW 6A80 when the template is wrong not when the reference is wrong.(The SDO reference is passed in tag 84)
After that you performed PSO HASH command
// Set the hash of the document
00 2A 90 A0 14 HASH OF DOCUMENT
-> 69 85
where the card return SW 6985(Condition of use not satisfied), This indicate the algorithm and SDO reference used for calculating Hash may wrong. Which is probably happening since the SDO reference which was sent during the time of MSE SET command is not available
Detecting error coming from MSE SET could be tricky since it return SW 9000.
For these type of situation you have to check the personalisation file carefully and need to match the MSE SET command with regard to SDO reference and supported ALGOs.
It may be useful to put the default context (e.g., cryptographic algorithms or
security operations) into the current SE in order to have few exchanges of MSE set commands.
Any code using Mail::IMAPClient is having this error. To verify I have used the below example from the topic: How do I authenticate into Gmail using Perl?
#!/usr/bin/env perl -w
use strict; use warnings;
use Mail::IMAPClient;
# Connect to IMAP server
my $client = Mail::IMAPClient->new(
Server => 'imap.gmail.com',
User => $user,
Password => $pass,
Port => 993,
Ssl => 1,
)
or die "Cannot connect through IMAPClient: $#";
# List folders on remote server (see if all is ok)
if ( $client->IsAuthenticated() ) {
print "Folders:\n";
print "- ", $_, "\n" for #{ $client->folders() };
};
# Say so long
$client->logout();
Now, I have gone through questions similar to this but have never seen such a strange error like "Network Unreachable". There is no actual network problem, ping works fine. I have IO::Socket::SSL, Net::SSLeay installed.
$ echo -n | openssl s_client -connect imap.gmail.com:993
CONNECTED(00000003)
depth=2 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIKFefcnAADAAA7OzANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMTExMTgwMjAxMjRaFw0xMjExMTgwMjExMjRa
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5pbWFw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmv2pvvhXOyOA
Uq053VLGMAErgk2NcDzxWNB5PWwXHzkcFuZOa0q1YUlff6LaJurq5UctkOO+3mt1
L+/wcZiEzxTdfOclyJcY/qBsjz8qgG+4Kx3/dVlTYz2geUyxvGNibNQfuXpoI1M5
iUQ/FSaFIazXZ01tpb+mgCOtwzENMk8CAwEAAaOCASwwggEoMB0GA1UdDgQWBBRd
l+HsAH5IwfNuc25lLuryGEaXwzAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra
42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv
b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy
bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp
Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo
b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ
KoZIhvcNAQEFBQADgYEAa6JYZBInXMfojI4bXLusfDlzZ6gnGtHxOO8hUZbDAwcL
t2/4uDDj8sroVrTWXMqURzk1lCsXlGPFhaKdnsMrmcgC01THAKPFrrQnQc/BM5H/
kr5ZAyJKHyu4dNnL3NNjig+22fp8slaLo25C95YQT5LiBL2qnAzLs4nWBzqih74=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1850 bytes and written 299 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: D98F3659858A0F39D32F1B5D96F756DE6E093E849A6AE0066C391BE2881B9A69
Session-ID-ctx:
Master-Key: 8D4BE4DFEB7F3218A501FE9240E0B51CC987B99EE0DDBA5EC13E9A10137B63508692DA684DA25E8B2839906F0F7ADDD5
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 6e 26 64 bb c3 97 30 9c-32 6f c5 38 d6 db 23 54 n&d...0.2o.8..#T
0010 - 65 43 b8 01 4e 46 5b b3-81 7e 26 6b 3a 36 2b 62 eC..NF[..~&k:6+b
0020 - 03 96 44 de 3d b0 81 be-18 b0 14 a1 09 99 28 73 ..D.=.........(s
0030 - 2d 5a 87 6c b9 26 64 94-af f2 5e f1 f4 10 ba ff -Z.l.&d...^.....
0040 - 68 a0 6a 31 d6 10 f8 88-61 63 5a 58 0b 1d d0 98 h.j1....acZX....
0050 - 81 ed f7 45 11 1d 4a 22-23 2f 44 0c 62 b4 18 e9 ...E..J"#/D.b...
0060 - e7 4a 57 10 f1 3c a0 d6-ee 46 98 5d df e9 a5 52 .JW..<...F.]...R
0070 - a6 75 da a6 25 89 87 f0-b0 ec 60 0d c0 19 0e 6f .u..%.....`....o
0080 - 23 53 a2 f2 18 e8 8d 51-28 e7 f2 d3 52 8a 02 f4 #S.....Q(...R...
0090 - 32 aa 82 db 2...
Start Time: 1342180574
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
this could be an ipv6 error. Gmail enabled ipv6 access recently. Can you try putting this before the 'use Mail::IMAPClient;' line:
use IO::Socket::SSL 'inet4';