Delays in mail deliveries
Nikolaos Milas
nmilas at noa.gr
Tue Mar 1 22:20:34 CET 2022
Hello,
In our organizational mail architecture we have two mail gateway servers
accepting mail from the Internet; the servers are Rocky Linux running
postfix, amavis, spamassassin, clamav (as usual). These two servers
process incoming mail and deliver to the final destination, a mailbox
server (running postfix/dovecot), also being the outgoing mail server.
The current problem:
Some incoming mails are verification messages which include a code so
that users can use it (along with their credentials) to login to various
services; Typically Microsoft is using this model (officeonline,
sharepointonline etc). These codes expire in a short time, after which
they are rendered useless.
Unfortunately, the mail gateway servers may delay while processing mail
(esp. if there is some increased load at the time, so the queue may take
longer to get processed), so such mails may delay for an unacceptable
amount of time.
What are the options we have to achieve short delivery times for such
mails?
Can you identify some very specific characteristics of these mails (see
at the end an example of such a verification mail) so that these can be
used to safely exclude them from scanning?
A suggestion was to whitelist the sender address (at the example below:
no-reply at sharepointonline.com), but we fear that this (or other similar)
commonly used sender address may be deceptively used in third-party
phishing/malicious mail which will then get through unprocessed/unfiltered.
What are your suggestions or your solutions in similar problems as mail
admins?
Thanks in advance for your advice and experience.
Regards,
Nick
====================================================== Verification Mail
Example / Start ===================================================
Return-Path: <no-reply at sharepointonline.com>
Delivered-To: nuserxyz at noa.gr
Received: from vmail2.noa.gr
by vmail2.noa.gr with LMTP id ENPiG+K/HWI1WwAAcV+qjQ
for <nuserxyz at noa.gr>; Tue, 01 Mar 2022 08:40:34 +0200
Received: from mailgw1.noa.gr (mailgw1.noa.gr [IPv6:2001:648:2ffc:1115::27])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by vmail2.noa.gr (IC-XC-NI-KA) with ESMTPS id 2B2AB800279E8
for <nuserxyz at noa.gr>; Tue, 1 Mar 2022 08:36:19 +0200 (EET)
Authentication-Results: vmail2.noa.gr;
dkim=pass (1024-bit key) header.d=spoemeaeop.onmicrosoft.com
header.i=@spoemeaeop.onmicrosoft.com header.b="duygZdT7";
dkim=pass (2048-bit key) header.d=sharepointonline.com
header.i=@sharepointonline.com header.b="NSIBSpc4"
Received: from localhost (localhost [127.0.0.1])
by mailgw1.noa.gr (NOA MAIL ICXC-NIKA) with ESMTP id 4K76w30stzzLrN6
for <nuserxyz at noa.gr>; Tue, 1 Mar 2022 08:36:19 +0200 (EET)
X-Virus-Scanned: amavisd-new at noa.gr
X-Spam-Flag: NO
X-Spam-Score: -1.198
X-Spam-Level:
X-Spam-Status: No, score=-1.198 tagged_above=-999 required=3.4
tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_MSPIKE_H2=-0.4, SPF_HELO_PASS=-0.1, SPF_PASS=-0.1,
URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: mailgw1.noa.gr (amavisd-new); dkim=pass
(1024-bit key)
header.d=spoemeaeop.onmicrosoft.com header.b="duygZdT7";
dkim=pass (2048-bit key) header.d=sharepointonline.com
header.b="NSIBSpc4"
Received: from mailgw1.noa.gr ([127.0.0.1])
by localhost (mailgw1.noa.gr [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id EG6CD8_ppl7r for <nuserxyz at noa.gr>;
Tue, 1 Mar 2022 08:36:17 +0200 (EET)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com
(mail-am6eur05on2107.outbound.protection.outlook.com [40.107.22.107])
by mailgw1.noa.gr (NOA MAIL ICXC-NIKA) with ESMTPS id 4K76w10b2bzLrN2
for <nuserxyz at noa.gr>; Tue, 1 Mar 2022 08:36:16 +0200 (EET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=DQy/HPfqgVGVzhRDDPblc7PYpVyj8tDb7cAzuyhxNBekKL6VhobTOHxFA8aVda731s7TUOidf0oWdRcIVUYN59ESUa6PhOR9yatOv/jo5usAF0saLkK3W39tpmTaCKTdWfWOuxrydvPY8pFhPUD13IF25NeGc9muK7XeuvqE0CZ/pguxL72orX2Tnipph52Gxe1ywNowof9Non+ZIaauQaPT8PgeJ9qB6aTntCngDAbOK6R96fV0JsF/t6lX1hHwrHaoz94P8cusUmiVpIna9Lj8TgqkeUDGW1Izi3BIxmJFeuUXVw8Bqbkc7OoKdxDs0iQipqZnxp80TbQC3JKJhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=d7bSMeveuuT/xdNhkJBNqGHH/RPI6FAO2VsSzVp8VOg=;
b=LI56/Wj4Z2+4QWNIrW97b3VL8N+qsLrNLiIttbrDkxuPJGRRbjEVE7zmOkf0tDSHq3FILulZPPvtGepBLE7GmqO0m+V96PP1cHcVB2EE5Gp81g816GLAzey64c0TzyiQLddsnMjewPrmGMIRaNFTyKsPGQZYsI9HP9ebTAIFUOytlfgJmIbua6Yhp64ZNA63vObVJfuz6NeV1/7gZL0B+Wyr04uLC2tOJMhKRaJmaVCFO9LOdB71U8CVXD3T2igMJjxRNRudIh4p8zi6DR1a267tlRRE9D/r3foAZslFIqr49BkGxi5f42xQS5p1KJl4uJCqHw1uMI6g9NrPk6Sa1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
action=none header.from=sharepointonline.com; dkim=none (message not
signed);
arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=spoemeaeop.onmicrosoft.com; s=selector1-spoemeaeop-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=d7bSMeveuuT/xdNhkJBNqGHH/RPI6FAO2VsSzVp8VOg=;
b=duygZdT7LI/NtfjuuCp3OsLKWBAUVi35sK8KmVZKML0TmLz+RifN1gF9W4s28KpeyNR78S0sIRGO3WdPdaSCHvI4nM10+cTRPuoZSEaSOkGRstLnMcJ+WeRNc0lFaxgMGePEumlky3jsGlDnrUx4KlawX6W0USyoX265RVWBZCk=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sharepointonline.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=d7bSMeveuuT/xdNhkJBNqGHH/RPI6FAO2VsSzVp8VOg=;
b=NSIBSpc4fhf0CSrvzYoI0drAvSDPw7diyzdQE40a6CDzltOIToSHaxcVoWnktYCmSkthZUAi2HpsbYyXOMrpzIytiS2F+csF5m81RjI6i/BKOIcB8Pxa6aUrBd7T13NLwjIkUgsCzz2CXzYXPXjGGhrzRR9/r3MHQpZmJJ9VTVKjTJKgBKxdmumkI/zk9VkQiwHps3ATrRJJy0kJihF/FfDjVJQmArKt0WnTi7/rqboX2m/JWiCU0QOE/yq98yfk5rM2SA8PpNbPPIFut3KnL7ZdD2y6/1C/LpiFdk5YbQ/ee+LPyCAMvEkl9tuya067OEwqHY0FsKT2UVakseMufQ==
Received: from AM6P192CA0108.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::49)
by PR3PR09MB4443.eurprd09.prod.outlook.com (2603:10a6:102:35::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Tue, 1 Mar
2022 06:36:15 +0000
Received: from VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com
(2603:10a6:209:8d:cafe::8c) by AM6P192CA0108.outlook.office365.com
(2603:10a6:209:8d::49) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via
Frontend
Transport; Tue, 1 Mar 2022 06:36:14 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 52.232.126.143)
smtp.mailfrom=sharepointonline.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=sharepointonline.com;
Received: from westeurope0.notifyp.svc.ms (52.232.126.143) by
VE1EUR03FT048.mail.protection.outlook.com (10.152.19.8) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5017.22 via Frontend Transport; Tue, 1 Mar 2022 06:36:14 +0000
Date: Tue, 01 Mar 2022 06:36:14 +0000
Subject: 30362606 is your Microsoft SharePoint verification code.
Message-Id:
<odspmicro-SpoShare-e66525a0-8010-c000-b666-00c1854ccaf9-90fd2a7f-b429-4326-b8dd-1502e232d603-71a3f397-006b-4288-922a-b7e9a3e8157e at RD501AC5BFEEBE>
Sender: SharePoint Online <no-reply at sharepointonline.com>
X-SpRequestGuid: e66525a0-8010-c000-b666-00c1854ccaf9
X-SpMailMessageId: ee7db6d7-186d-4fd2-8525-21d939e0ca91
To: nuserxyz at noa.gr
Reply-To: no-reply at sharepointonline.com
X-Crid:
=?us-ascii?q?e66525a0-8010-c000-b666-00c1854ccaf9-90fd2a7f-b429-4326-b8dd-?=
=?us-ascii?q?1502e232d603-71a3f397-006b-4288-922a-b7e9a3e8157e?=
X-Tnid: 7a3603ac-db0c-4fe6-b725-0b64d501d886
From: SharePoint Online <no-reply at sharepointonline.com>
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Id: <F73SC7YA7GU4.IHSLFU3R01RX at RD501AC5BFEEBE>
X-MS-TrafficTypeDiagnostic:
VE1EUR03FT048:EE_FirstParty-SPO-V3|PR3PR09MB4443:EE_FirstParty-SPO-V3
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id:
51bb0214-9615-46e1-fab9-08d9fb4dc8bb
X-Microsoft-Antispam-PRVS:
<PR3PR09MB44436E4976AB73FFB577027DE5029 at PR3PR09MB4443.eurprd09.prod.outlook.com>
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
7yuUdAwwNUF9b5MueqmNH8L8UuXp96Q9Ks5y4eC919OHhdxvNP7R7ppZk/+e6AoQb3Xt/2sYKVJIX4OqKJbbc3biUVUl739rthFirFSJCbC0XQePXLkRlfLVECyGbuSyeYOCdS8NnjQVrtjEVLLWyJBsM3Zf21ULLDmebv20imrAgRa2cUP9ywS3/3dpHkKtFyMqNyKyxPEeW54Eui1ODZ0PsSyr2kTwirATjpooWSYJD80Iq54Vb9Ip7LMDpLMy9vBwMnftqQYJ395QazO1m16Y8BvzS2/fOmAG7m7Jk36TXjI1R/zWrJB4jCvzJy8M/uytrs/5VwRzykLIBjZwDAOpkc6wiZ0lL7HurbALobEx5kLRluAWDYuyZRLyNIpJ5spBwO55rU3ciYOj4ippSug0HmZfujbsUsiEDnP+tjkKdpS7jlC4LUPm9WxDsx8GOktCiKOpDsANV0FLQ9zhP/tBPX8qv3yn7Bcf8tGpU2ZnJPiW0NZs+12yq+BpPGUBcB6xye+XzlITfIoQ6QDhWPy4XfB4QVfLDOWWSiH+bvBrJyFDflmGtLw1B63XJeWD1rsZoy+0Se6Z45nHJdY/uWNHEMfjiu+d4fw12psAHaKK+l4JHgGVQN5+6J2TZZKB3ApFleQZXvm+qe0QnuSqnA==
X-Forefront-Antispam-Report:
CIP:52.232.126.143;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:westeurope0.notifyp.svc.ms;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(7916004)(346002)(39840400004)(396003)(376002)(136003)(47690400004)(47530400004)(6506007)(7846003)(26005)(6512007)(9686003)(6486002)(336012)(3450700001)(52230400001)(83380400001)(4744005)(118246002)(5660300002)(68406010)(8936002)(8676002)(33716001)(956004)(6916009)(166002)(356005)(81166007)(2906002)(15650500001)(316002)(508600001)(36736006)(86362001);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
y+l04T9dNb1eJye8NxzGlQrpeHlEo6t4359n8NRs8zn3qDNdiDrkjinwPKxvojNgl67QwM4VDVEruhHTrijKG+CPKMUuAGUiERrwI4JE2oxibvP0rmevQo88BKZPpzzf
X-OriginatorOrg: spoemeaeop.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2022 06:36:14.7045
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
51bb0214-9615-46e1-fab9-08d9fb4dc8bb
X-MS-Exchange-CrossTenant-Id: 4d93e101-5f88-4b2c-b255-9a7bb7b1b764
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=4d93e101-5f88-4b2c-b255-9a7bb7b1b764;Ip=[52.232.126.143];Helo=[westeurope0.notifyp.svc.ms]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource:
TreatMessagesAsInternal-VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR09MB4443
<style type="text/css">a { color: #0072bc; text-decoration: none;
}</style><table border="0" cellspacing="0" cellpadding="8"
style="width:100%" dir="ltr"><tr><td align="left" valign="top"><div
style="font-family: 'Segoe UI Semilight', 'Segoe UI', Verdana,
sans-serif; color: #444444;"><div style="margin-bottom: 21px; font-size:
18px;"><!-- _lcid="1033" _dal="1" -->
<!-- _LocalBinding -->
<html dir="ltr">
<head>
<base
href="<ows:HttpVDir/>/_layouts/15/<%=System.Threading.Thread.CurrentThread.CurrentUICulture.LCID%>/emailattestationtemplate.htm">
<meta name="SharePointError" content="">
<meta name="Robots" content="NOINDEX">
<meta name="GENERATOR" content="Microsoft SharePoint">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Expires" content="0">
<title id="onetidTitle">Time of Access</title>
<html lang="en-us">
<head>
<title>Time of Access v2</title>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
table td {border-collapse:collapse;margin:0;padding:0;}
</style>
</head>
<body>
<table style="height: 100%; border-style: none; width: 100%;
border-spacing: 0; padding: 0; background-color: #f8f8f8;">
<tbody style="height: 100%;">
<tr style="height: 100%; background-color: #ffffff;">
<td align="center" valign="bottom">
<table border="0" width="640" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="14"> </td>
<td height="48"><img
src="https://wedoprojects.sharepoint.com/sites/WeDo-Projects/_layouts/15/images/SharePointBanner.png"
alt="SharePoint" width="80" height="13"></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr style="height: 100%;">
<td style="height: 100%;" align="center" valign="bottom">
<table style="height: 100%;" border="0" width="640" cellspacing="0"
cellpadding="0">
<tbody style="height: 100%;">
<tr>
<td> </td>
</tr>
<tr>
<td width="14"> </td>
<td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td>
<table border="0" cellspacing="0" cellpadding="0" bgcolor="#FFFFFF">
<tbody>
<tr>
<td width="32"> </td>
<td height="32"> </td>
<td width="32"> </td>
</tr>
<tr>
<td> </td>
<td style="color: #333333; font-family: 'Segoe UI',Arial,sans-serif;
font-size: 14px; padding: 0px 0px 0px 0px;" bgcolor="#ffffff">Hello,</td>
</tr>
<tr>
<td> </td>
<td style="color: #333333; font-family: 'Segoe UI',Arial,sans-serif;
font-size: 14px; padding: 12px 0px 14px 0px;" bgcolor="#ffffff">For
security purposes, you must enter the code below to verify your account
to access CULTURE Proposal folder. The code will only work for 15
minutes and if you request a new code, this code will stop working.</td>
</tr>
<tr>
<td> </td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="color: #333333; font-family: 'Segoe UI',Arial,sans-serif;
font-size: 14px; padding: 8px 16px 0px 16px;" bgcolor="#FFF4CE">Account
verification code:</td>
</tr>
<tr>
<td style="color: #333333; font-family: 'Segoe UI',Arial,sans-serif;
font-size: 18px; padding: 0px 16px 8px 16px;"
bgcolor="#FFF4CE"><strong>30362606</strong></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td> </td>
<td style="padding: 24px 0px 0px; color: #333333; font-family: 'Segoe
UI',Arial,sans-serif; font-size: 14px;" bgcolor="#ffffff"><strong>Having
problems with the code?</strong></td>
</tr>
<tr>
<td> </td>
<td style="padding: 0px 0px 48px; color: #333333; font-family: 'Segoe
UI',Arial,sans-serif; font-size: 14px;">View the error and make sure
that the email identifier is "287G12B". If it's not, look for an updated
email or try requesting a new code.</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
<td width="14"> </td>
</tr>
<tr style="height: 100%;">
<td width="14"> </td>
<td style="padding-top: 20px; padding-bottom: 20px;" align="left"
valign="top">
<p style="font-family: 'Segoe UI', Tahoma, sans-serif; margin: 0px 0px
0px 5px; color: #000; font-size: 10px;">© 2017 Microsoft <a
style="color: #072b60;" title="Privacy"
href="https://privacy.microsoft.com/privacystatement"> Privacy &
Cookies</a></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html></head></html></div></div></td></tr></table>
====================================================== Verification Mail
Example / End ===================================================
More information about the amavis-users
mailing list