This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP failed with PGSQL error

Hi,

 

We have an smtp relay which is sending emails to us through our UTM mail filter. It works great except that recently a lots of emails were kept in our relay queue with an error message:

451 Temporary local problem - please try later (in reply to end of DATA command))

 

After looking in the SMTP Proxy livelog, the following error is shown:

2019:01:14-12:02:51 firewall-1 exim-in[8503]: 2019-01-14 12:02:51 SMTP connection from [x.x.x.x]:50566 (TCP/IP connection count = 1)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: 2019-01-14 12:02:51 H=mx0.domain.com [x.x.x.x]:50566 Warning: domain.com profile excludes SANDBOX scan
2019:01:14-12:02:51 firewall-1 exim-in[10975]: 2019-01-14 12:02:51 [x.x.x.x] F=<AlbertParkerw@eastanglianescorts.co.uk> R=<service@domain.com> Verifying recipient address with callout
2019:01:14-12:02:51 firewall-1 exim-in[10975]: 2019-01-14 12:02:51 1gj015-0002r1-28 ctasd reports 'Confirmed' RefID:str=0001.0A0C020F.5C3B98F0.0052,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [1\29] 2019-01-14 12:02:51 1gj015-0002r1-28 H=mx0.domain.com [x.x.x.x]:50566 F=<AlbertParkerw@eastanglianescorts.co.uk> temporarily rejected after DATA: PGSQL: query failed: ERROR: invalid byte sequence for encoding "UTF8": 0xf6 0x63 0x68 0x74
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [2\29] Envelope-from: <AlbertParkerw@eastanglianescorts.co.uk>
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [3\29] Envelope-to: <service@domain.com>
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [4\29] P Received: from mx0.domain.com ([x.x.x.x]:50566)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [5\29] by smtp.domain.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [6\29] (Exim 4.82_1-5b7a7c0-XX)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [7\29] (envelope-from <AlbertParkerw@eastanglianescorts.co.uk>)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [8\29] id 1gj015-0002r1-28
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [9\29] for service@domain.com; Mon, 14 Jan 2019 12:02:51 +0100
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [10\29] P Received: from eastanglianescorts.co.uk (unknown [164.52.42.6])
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [11\29] by mx0.domain.com (Postfix) with ESMTP id 71A1A3F6E0
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [12\29] for <service@domain.com>; Fri, 11 Jan 2019 15:26:08 +0100 (CET)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [13\29] P Received: from mmx09.tilkbans.com ([Fri, 11 Jan 2019 17:21:40 +0300])
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [14\29] by relay37.vosimerkam.net with QMQP; Fri, 11 Jan 2019 17:21:40 +0300
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [15\29] P Received: from smtp.endend.nl ([Fri, 11 Jan 2019 17:06:45 +0300])
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [16\29] by mail.webhostings4u.com with LOCAL; Fri, 11 Jan 2019 17:06:45 +0300
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [17\29] P Received: from unknown (HELO smtp.mixedthings.net) (Fri, 11 Jan 2019 17:05:33 +0300)
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [18\29] by external.newsubdomain.com with SMTP; Fri, 11 Jan 2019 17:05:33 +0300
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [19\29] X-CTCH-RefID: str=0001.0A0C020F.5C3B98F0.0052,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [20\29] I Message-ID: <E282FE99.89E937FE@eastanglianescorts.co.uk>
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [21\29] Date: Fri, 11 Jan 2019 17:05:33 +0300
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [22\29] F From: =?utf-8?B?IktpbmxleSIgPEFsYmVydFBhcmtlcndAZWFzdGFuZ2xpYW5lc2NvcnRzLmNvLnVrPg==?=
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [23\29] User-Agent: eGroups Message Poster
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [24\29] MIME-Version: 1.0
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [25\29] T To: "Kinley" <service@domain.com>
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [26\29] Subject: =?utf-8?B?SWNoIG32Y2h0ZSBkaWNoIHRyZWZmZW4=?=
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [27\29] Content-Type: text/html;
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [28\29] charset="utf-8"
2019:01:14-12:02:51 firewall-1 exim-in[10975]: [29/29] Content-Transfer-Encoding: base64
2019:01:14-12:02:51 firewall-1 exim-in[10975]: 2019-01-14 12:02:51 SMTP connection from mx0.domain.com [x.x.x.x]:50566 closed by QUIT

 

It seems that Exim did not like those emails, and thus closed the connection in the middle of the sending. The mail is obviously a spam message, and should be handled and rejected by UTM.

What can I do?

 

Here is the full email that is sent:

Received: from eastanglianescorts.co.uk (unknown [164.52.42.6])
by mx0.domain.com (Postfix) with ESMTP id 71A1A3F6E0
for <service@domain.com>; Fri, 11 Jan 2019 15:26:08 +0100 (CET)
Received: from mmx09.tilkbans.com ([Fri, 11 Jan 2019 17:21:40 +0300])
by relay37.vosimerkam.net with QMQP; Fri, 11 Jan 2019 17:21:40 +0300
Received: from smtp.endend.nl ([Fri, 11 Jan 2019 17:06:45 +0300])
by mail.webhostings4u.com with LOCAL; Fri, 11 Jan 2019 17:06:45 +0300
Received: from unknown (HELO smtp.mixedthings.net) (Fri, 11 Jan 2019 17:05:33 +0300)
by external.newsubdomain.com with SMTP; Fri, 11 Jan 2019 17:05:33 +0300
Message-ID: <E282FE99.89E937FE@eastanglianescorts.co.uk>
Date: Fri, 11 Jan 2019 17:05:33 +0300
From: =?utf-8?B?IktpbmxleSIgPEFsYmVydFBhcmtlcndAZWFzdGFuZ2xpYW5lc2NvcnRzLmNvLnVrPg==?=
User-Agent: eGroups Message Poster
MIME-Version: 1.0
To: "Kinley" <service@domain.com>
Subject: =?utf-8?B?SWNoIG32Y2h0ZSBkaWNoIHRyZWZmZW4=?=
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64

PCFkb2N0eXBlIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgY2hhcnNldD0idXRmLTgiPg0K
PC9oZWFkPg0KPGJvZHk+DQo8cD5JY2ggaGVpc3NlIElzYWJlbGxhLiBJY2ggYmluIDI1LiBJY2gg
YmluIGpldHp0IHNlaHIgZWluc2FtIHVuZCBnZWxhbmd3ZWlsdC4uLiBJY2ggaGFiZSBuYWNoIEZh
Y2Vib29rIGdlc3VjaHQgdW5kIGRpY2ggZ2VmdW5kZW48dWw+PC91bD4NCiAgVW5kIC4uLi4gaWNo
IGxpZWJlIFNleCBzZWhyLiBXaWxsc3QgZHUgbWljaCBmaWNrZW4/PyBFcyBnaWJ0IHZpZWxlIG1l
aW5lciBGb3RvcyB1bmQgS29udGFrdGUuIDxhcnRpY2xlPjwvYXJ0aWNsZT4NCjwvcD4NCjxhIGhy
ZWY9Imh0dHA6Ly9taWxlbmFzd2VldC5zdSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly9taWxlbmFz
d2VldC5zdSAgPGhyPjwvYT4NCjxwPjxhIGhyZWY9Imh0dHA6Ly9taWxlbmFzd2VldC5zdSI+PGlt
ZyBzcmM9Imh0dHA6Ly8yNC1pbmZvLmluZm8vdXBsb2Fkcy9wb3N0cy8yMDE4LTAzLzE1MjExNTEy
MTQ4LmpwZyIgIGFsdD0ibW1tbSAuLi4uIElociBCcm93c2VyIGJsb2NraWVydCBCaWxkZXIgLi4u
IGVudHNwZXJydCBlcyBvZGVyIGtsaWNrZW4gU2llIGhpZXIsIHVtIGRhcyBGb3RvIGFuenV6ZWln
ZW4iLz48L2E+PC9wPg0KPHA+Jm5ic3A7PC9wPg0KPHA+Jm5ic3A7PC9wPg0KPHA+Jm5ic3A7IDwv
cD4NCjx0YWJsZT4NCjx0cj4NCjx0ZCBiYWNrZ3JvdW5kPSJodHRwOi8vMjQtaW5mby5pbmZvL3Vw
bG9hZHMvcG9zdHMvMjAxOC0wMy8xNTIxMTUxMjI3MTkuanBnIiB2YWxpZ249InRvcCIgc3R5bGU9
ImJhY2tncm91bmQ6IHVybChodHRwOi8vMjQtaW5mby5pbmZvL3VwbG9hZHMvcG9zdHMvMjAxOC0w
NS8xNTI2ODAyMTA3X3UtemVya2FsYS0zMC5qcGcpIG5vLXJlcGVhdCBjZW50ZXI7YmFja2dyb3Vu
ZC1wb3NpdGlvbjogdG9wOyI+PCEtLVtpZiBndGUgbXNvIDldPiA8djpyZWN0IHhtbG5zOnY9InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206dm1sIiBmaWxsPSJ0cnVlIiBzdHJva2U9ImZhbHNlIiBz
dHlsZT0ibXNvLXdpZHRoLXBlcmNlbnQ6MTAwMDtoZWlnaHQ6MTcwM3B4OyI+IDx2OmZpbGwgdHlw
ZT0idGlsZSIgc3JjPSJodHRwOi8vMjQtaW5mby5pbmZvL3VwbG9hZHMvcG9zdHMvMjAxOC0wNS8x
NTI2ODAyMTkzX3UtemVya2FsYS00OS5qcGciICAvPiA8djp0ZXh0Ym94IGluc2V0PSIwLDAsMCww
Ij4gPCFbZW5kaWZdLS0+PG9sPjwvb2w+DQo8ZGl2Pg0KPGNlbnRlcj4NCjx0YWJsZSBjZWxsc3Bh
Y2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSI2MDAiIGhlaWdodD0iMTgwMyIgY2xhc3M9
InczMjAiPg0KPHRyPg0KPHRkIHZhbGlnbj0ibWlkZGxlIiBzdHlsZT0idmVydGljYWwtYWxpZ246
bWlkZGxlO3RleHQtYWxpZ246bGVmdDsiIGNsYXNzPSJtb2JpbGUtY2VudGVyIiBoZWlnaHQ9IjE4
MDMiPjxkaXY+PC9kaXY+IDwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvY2VudGVyPg0KPC9kaXY+
DQo8IS0tW2lmIGd0ZSBtc28gOV0+IDwvdjp0ZXh0Ym94PiA8L3Y6cmVjdD4gPCFbZW5kaWZdLS0+
PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPC9ib2R5Pg0KPC9odG1sPg0K

 

Thanks



This thread was automatically locked due to age.
Parents
  • Hallo Clyde,

    I wonder if the SMTP PostgreSQL database isn't corrupted.  I know the following worked 6 years ago, and I expect that it's still valid:

    /var/mdw/scripts/smtp stop
    dropdb -U postgres smtp
    createdb -U postgres smtp
    /var/mdw/scripts/smtp start

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Clyde,

    I wonder if the SMTP PostgreSQL database isn't corrupted.  I know the following worked 6 years ago, and I expect that it's still valid:

    /var/mdw/scripts/smtp stop
    dropdb -U postgres smtp
    createdb -U postgres smtp
    /var/mdw/scripts/smtp start

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hallo Bob,

     

    the dropdb command is not working...

    <M> firewall:/root # /var/mdw/scripts/smtp stop
    :: Stopping SMTP Proxy
    [ ok ]
    <M> firewall:/root # dropdb -U postgres smtp    
    dropdb: database removal failed: ERROR:  database "smtp" is being accessed by other users
    DETAIL:  There are 4 other sessions using the database.

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Please let us know what Sophos Support says about this.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA