5 Replies Latest reply: Feb 14, 2013 6:16 AM by MrHoffman
stephanos Level 1 (0 points)

When some of our users redirect emails from third parties to other internal users it may take up to one day until they are delivered – only across the room. Why?


Mac Pro, OS X Mountain Lion (10.8.2), MacPro QuadCore
  • MrHoffman Level 6 (14,832 points)

    The only way to be reasonably certain of what's going on is to check the mail server logs and see what's being reported there (if anything).  While there are various triggers, greylisting would be one potential suspect.  Greylisting is an anti-spam technique, and that intentionally delays the earliest messages from previously-unknown sources.  Once servers are known, greylisting gets out of the way and messages arrive immediately.  But do check the mail server logs for relevent details.

  • stephanos Level 1 (0 points)

    Sounds reasonably, too. What makes me wonder is, why totally common domains are delayed. Let's reconstruct:

     

    The original sender is a domain we receive hundreds of emails, we redirect it internally from one user to another and then it suddenly takes up to 12 hrs to be delivered.

     

    user@client.com -> user1@cidcom.at -> user2@cidcom.at (this is the delayed recipient)

     

    So the initial mail from @client.com arrives in time at user1@cidcom.at. Why should greylisting apply AFTER the redirect? ... I am not that good in interpreting logs, but in logical thinking

     

    Where should I look first?

  • MrHoffman Level 6 (14,832 points)

    Ok; so the users involved are not in various domains.  Then it is not likely greylisting, or greylisting has gone rather wacky.  Please check the mail server logs.  Start with /var/log/mail.log and /var/log/mailaccess.log files, and see what's being reported there related to messages traversing your network.

     

    I'm getting two PTRs back for your mail server IP address DNS, which looks rather strange.  I'd expect just one, as mail servers are generally expected to have one A record, which means matching forward (A) and reverse (PTR) DNS translations.

  • stephanos Level 1 (0 points)

    I went thru both logs, but can't find anything that tells me how messages might get held up while travelling internally in our network. The two PTRs are reasoned by two servers, as the 10.6.8 server is actually perfoming mail services and the new 10.8.x server should have been the replacement as a push mail server but Apple never made this announcement followed up by actions. So we're stuck in a foundation. 

  • MrHoffman Level 6 (14,832 points)

    AFAIK, a mail server has and must have exactly one address.  That's one PTR record.  Not two.

     

    Humor me.  Get rid of that second PTR definition.