Mail Service issues

bsmorgan · 27 February 2026 16:29

I have configured the Mail Service and can “Send test mail” successfully but on Core update 200 Development Build, the IPS cannot send email. I believe the attached log extract shows the issue.

[root@bricknix ~]# tail /var/log/mail -n 50 -f
Feb 27 09:07:19 bricknix dma[1cc0606.2569e8d0]: remote delivery to smtp.comcast.net [96.102.18.196] failed after connect: 554 resomta-c2p-555481.sys.comcast.net resomta-c2p-555481.sys.comcast.net ESMTP server not available
Feb 27 09:07:19 bricknix dma[1cc0606.2569e8d0]: delivery failed, bouncing as 1cc16e3
Feb 27 09:07:19 bricknix dma[1cc16e3]: new mail from user=root uid=8 envelope_from=<>
Feb 27 09:07:19 bricknix dma[1cc16e3]: mail to=<brad-morgan@comcast.net> queued as 1cc16e3.256a2b60
Feb 27 09:07:19 bricknix dma[1cc16e3.256a2b60]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:07:19 bricknix dma[1cc16e3.256a2b60]: using smarthost (smtp.comcast.net:587)
Feb 27 09:07:19 bricknix dma[1cc16e3.256a2b60]: trying remote delivery to smtp.comcast.net [96.102.18.196] pref 0
Feb 27 09:07:19 bricknix dma[1cc16e3.256a2b60]: remote delivery to smtp.comcast.net [96.102.18.196] failed after connect: 554 resomta-c2p-555440.sys.comcast.net resomta-c2p-555440.sys.comcast.net ESMTP server not available
Feb 27 09:07:19 bricknix dma[1cc16e3.256a2b60]: can not bounce a bounce message, discarding
Feb 27 09:11:31 bricknix dma[1cc0606]: new mail from user=root uid=8 envelope_from=<brad-morgan@comcast.net>
Feb 27 09:11:31 bricknix dma[1cc16dc]: new mail from user=root uid=8 envelope_from=<brad-morgan@comcast.net>
Feb 27 09:11:31 bricknix dma[1cc0606]: mail to=<brad-morgan@comcast.net> queued as 1cc0606.ec148d0
Feb 27 09:11:31 bricknix dma[1cc0606.ec148d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:11:31 bricknix dma[1cc0606.ec148d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:11:31 bricknix dma[1cc16dc]: mail to=<brad-morgan@comcast.net> queued as 1cc16dc.2b68c8d0
Feb 27 09:11:31 bricknix dma[1cc16dc.2b68c8d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:11:31 bricknix dma[1cc16dc.2b68c8d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:11:31 bricknix dma[1cc16dc.2b68c8d0]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:11:31 bricknix dma[1cc0606.ec148d0]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:11:32 bricknix dma[1cc0606.ec148d0]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-555060.sys.comcast.net resomta-h2p-555060.sys.comcast.net ESMTP server not available
Feb 27 09:11:32 bricknix dma[1cc16dc.2b68c8d0]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-555031.sys.comcast.net resomta-h2p-555031.sys.comcast.net ESMTP server not available
Feb 27 09:11:32 bricknix dma[1cc0606.ec148d0]: delivery failed, bouncing as 1cc16ee
Feb 27 09:11:32 bricknix dma[1cc16dc.2b68c8d0]: delivery failed, bouncing as 1cc16f0
Feb 27 09:11:32 bricknix dma[1cc16ee]: new mail from user=root uid=8 envelope_from=<>
Feb 27 09:11:32 bricknix dma[1cc16f0]: new mail from user=root uid=8 envelope_from=<>
Feb 27 09:11:32 bricknix dma[1cc16ee]: mail to=<brad-morgan@comcast.net> queued as 1cc16ee.ec18b60
Feb 27 09:11:32 bricknix dma[1cc16ee.ec18b60]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:11:32 bricknix dma[1cc16ee.ec18b60]: using smarthost (smtp.comcast.net:587)
Feb 27 09:11:32 bricknix dma[1cc16ee.ec18b60]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:11:32 bricknix dma[1cc16f0]: mail to=<brad-morgan@comcast.net> queued as 1cc16f0.2b690b60
Feb 27 09:11:32 bricknix dma[1cc16f0.2b690b60]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:11:32 bricknix dma[1cc16f0.2b690b60]: using smarthost (smtp.comcast.net:587)
Feb 27 09:11:32 bricknix dma[1cc16f0.2b690b60]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:11:32 bricknix dma[1cc16ee.ec18b60]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-554997.sys.comcast.net resomta-h2p-554997.sys.comcast.net ESMTP server not available
Feb 27 09:11:32 bricknix dma[1cc16ee.ec18b60]: can not bounce a bounce message, discarding
Feb 27 09:11:32 bricknix dma[1cc16f0.2b690b60]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-555060.sys.comcast.net resomta-h2p-555060.sys.comcast.net ESMTP server not available
Feb 27 09:11:32 bricknix dma[1cc16f0.2b690b60]: can not bounce a bounce message, discarding
Feb 27 09:13:42 bricknix dma[1cc0600.21bce8d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:13:42 bricknix dma[1cc0600.21bce8d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:13:42 bricknix dma[1cc0600.21bce8d0]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:13:43 bricknix dma[1cc0600.21bce8d0]: remote delivery deferred: SSL handshake failed fatally: error:0A00010B:SSL routines::wrong version number
Feb 27 09:15:00 bricknix dma[1cc0602.1cbb58d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:15:00 bricknix dma[1cc0602.1cbb58d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:15:00 bricknix dma[1cc0602.1cbb58d0]: trying remote delivery to smtp.comcast.net [96.103.145.181] pref 0
Feb 27 09:15:00 bricknix dma[1cc0602.1cbb58d0]: remote delivery deferred: SSL handshake failed fatally: error:0A00010B:SSL routines::wrong version number
Feb 27 09:17:53 bricknix dma[1cc0606]: no recipients
Feb 27 09:26:13 bricknix dma[1cc0600.21bce8d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:26:13 bricknix dma[1cc0600.21bce8d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:26:13 bricknix dma[1cc0600.21bce8d0]: trying remote delivery to smtp.comcast.net [96.103.145.180] pref 0
Feb 27 09:26:13 bricknix dma[1cc0600.21bce8d0]: remote delivery deferred: SSL handshake failed fatally: error:0A00010B:SSL routines::wrong version number
Feb 27 09:27:33 bricknix dma[1cc0606]: new mail from user=root uid=8 envelope_from=<brad-morgan@comcast.net>
Feb 27 09:27:33 bricknix dma[1cc0606]: mail to=<brad-morgan@comcast.net> queued as 1cc0606.3ca088d0
Feb 27 09:27:33 bricknix dma[1cc0606.3ca088d0]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:27:33 bricknix dma[1cc0606.3ca088d0]: using smarthost (smtp.comcast.net:587)
Feb 27 09:27:33 bricknix dma[1cc0606.3ca088d0]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:27:33 bricknix dma[1cc0606.3ca088d0]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-555059.sys.comcast.net resomta-h2p-555059.sys.comcast.net ESMTP server not available
Feb 27 09:27:33 bricknix dma[1cc0606.3ca088d0]: delivery failed, bouncing as 1cc16ec
Feb 27 09:27:33 bricknix dma[1cc16ec]: new mail from user=root uid=8 envelope_from=<>
Feb 27 09:27:33 bricknix dma[1cc16ec]: mail to=<brad-morgan@comcast.net> queued as 1cc16ec.3ca0cb60
Feb 27 09:27:33 bricknix dma[1cc16ec.3ca0cb60]: <brad-morgan@comcast.net> trying delivery
Feb 27 09:27:33 bricknix dma[1cc16ec.3ca0cb60]: using smarthost (smtp.comcast.net:587)
Feb 27 09:27:33 bricknix dma[1cc16ec.3ca0cb60]: trying remote delivery to smtp.comcast.net [96.102.167.165] pref 0
Feb 27 09:27:33 bricknix dma[1cc16ec.3ca0cb60]: remote delivery to smtp.comcast.net [96.102.167.165] failed after connect: 554 resomta-h2p-555060.sys.comcast.net resomta-h2p-555060.sys.comcast.net ESMTP server not available
Feb 27 09:27:33 bricknix dma[1cc16ec.3ca0cb60]: can not bounce a bounce message, discarding

ms · 27 February 2026 16:44

I believe you might have an issue with your configuration here.

You are trying to talk TLS on port 578, which is expecting some plaintext first. If you switch the TLS field in the configuration, you should be able to send mail.

bonnietwin · 27 February 2026 16:56

The field is called TLS mode and with port 587 you want to select
explicit (STARTTLS)

bsmorgan · 27 February 2026 17:39

It is (has been) set to explicit (STARTTLS). As I said earlier, Send test mail works.

ms · 27 February 2026 17:58

If the test email works, the others should work just as well. It is the same configuration.

Unless you changed the configuration recently and those emails are trying to be delivered since before that.

bsmorgan · 27 February 2026 18:27

OK. I’ll keep an eye on it.

tphz · 27 February 2026 18:28

Have you changed the Sender Address in the Intrusion Prevention System?

edit

edit2

You can check the contents of the files in the /var/mail and /var/spool/dma folders.

bonnietwin · 27 February 2026 19:06

To make it easier to read the logs, I copied them to a text editor that I could set to full screen.

What I can see is that there are 8 attempts to deliver a mail to the server where a connection to the IP was made but that then no ESMTP server was found to be available.
This suggests a problem with your mail server being down or temporarily not accepting connections.

There are two delivery attempts where the server was found but then the connection failed due to a mismatch in the TLS version used. dma uses TLS 1.2 or higher and I doubt that your mail server provider would be using less than TLS 1.2
I suspect that this TLS mismatch might be a reflection also of a problem with the mail server.

If so then it would be expected to become available again later.

I just checked out the smtp.comcast.net on a couple of “is it down” sites and in those it is being reported back as being down.

Have you tried sending an email via some other system like Thunderbird or whatever email client you use on your network?

bonnietwin · 27 February 2026 20:12

I have just realised that your log was from 9:00 in the morning, so depending on your location that could be a while ago and the problem may or may not still be present.

I also realised that the “is it down” sites I used are looking at web sites and so are likely using protocols that a mail server will not respond to.

I think the best thing to do is to enable the emerging-attack_response.rules from Emerging Threats.
Then set the Severity for the reporting to All, Including Informational Alerts, then Save.

Then on a command line from one of the PC’s on your green network run the command

curl http://testmynids.org/uid/index.html

This will be blocked so the command will just stop and do nothing. Ctrl-C to exit from the command.
You should find the following entry in the IPS Logs section

Date: 02/27 21:09:11
Name: GPL ATTACK_RESPONSE id check returned root
Priority: 2
Type: Potentially Bad Traffic
IP Info: 3.165.206.29:80 → 192.168.37.43:53154
SID: 2100498
Refs:

See if you get an email from both the Test Send and the IPS Alert. If you receive both then there was an issue at 9:07 with the mail server that has been resolved.

If you only receive the Test Send then copy and past the dma logs that include the Test Send and the IPS alert. That way we can see the logs for a successful and unsuccessful email send to try and see what is causing the difference.

bsmorgan · 27 February 2026 21:51

You may be right about the flakiness of smtp.comcast.net. I attempted to change to using gmail but I could never get Send test message to work.

In the mean time, some messages have started coming through so it does look like the configuration is correct.

I’m going to let it sit for a few days. I’m in the middle of another project which is demanding most of my time. I’ll try your tests after this project settles down.

Thanks for your help.

bsmorgan · 27 February 2026 22:00

Both the sender and the recipient are the same in both places.

tphz · 27 February 2026 22:08

Do you have any files in the /var/spool/dma folder?

e.g.

edit

Another reason for not sending the message:
We can't accept this message because it is spam

From: MAILER-DAEMON <>
To: recipientname@recipientmail.pl
Subject: Mail delivery failed
Message-Id: <8f131d@xxx.localdomain>
Date: Fri, 27 Feb 2026 23:15:15 +0100

This is the DragonFly Mail Agent v0.14 at xxx.localdomain.

There was an error delivering your mail to <ilikeipfire@gmail.com>.

smtp.sendermail.com [yyy.yyy.yyy.yyy] did not like our final DATA:
554 (#5.3.0) Nie przyjmiemy tej wiadomosci poniewaz jest to spam - zobacz strone: https://pomoc.wp.pl/polityka-antyspamowa / We can't accept this message because it is spam - see: https://pomoc.wp.pl/polityka-antyspamowa  [127]

Original message follows.

The IPFire test mail (on Mail Service Configuration) is sent without any issues.

Regards

bsmorgan · 27 February 2026 23:36

Do you have any files in the /var/spool/dma folder?

Yes, over 5,000 of them. Should I delete them?

tphz · 28 February 2026 09:52

There are text files there. You can view them using MidnightCommander, for example.

obraz

These files often contain information about the reasons for the failure to send messages.

–
IPFire has a weekly scheduled task to run the command dma-cleanup-spool.
This command removes files older than 30 days from the /var/spool/dma folder.

obraz

You may also execute the dma-cleanup-spool command in the IPFire console.

–

Regards