O365 Journal emails not being delivered to Piler

We were alerted yesterday that our outbound connector on O365 queue was very high (25k+). Doing some research its been happening for a while. I renamed the smtp.acl and the issue persists. Internal email seems to land fine in piler.

here are some maillog entries

‌

Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.60.51:9003 on fd=7 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:32416 on fd=6 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:37914 on fd=8 (active connections: 3)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=6 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.51 on fd=7 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=8 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.54:6131 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.54 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.58:14148 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.58 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.52:34303 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.53:12672 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.50:6508 on fd=8 (active connections: 3)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.50 on fd=8 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.52 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.53 on fd=7 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.51:37760 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.53:65472 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.53 on fd=7 (0 active connections)

‌

I tried replacing piler.pem with our wildcard cert but the issue persists.

Piler version is:

/usr/local/sbin/piler-smtp -v
1.3.10 build 998

Here are some ngrep entries *replaced our domain name with domain.com

#
T 104.47.61.54:64814 -> 10.2.4.112:25 [AF] #499
  ..                                                                                                                                                                
##
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #501
  ..                                                                                                                                                                
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [AF] #502
  ..                                                                                                                                                                
##
T 104.47.60.51:6286 -> 10.2.4.112:25 [AP] #504
  ...........`..Y....C]c..[..k...e..T.A..bH....$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
  ........                                                                                                                                                          
#
T 10.2.4.112:25 -> 104.47.60.51:6286 [AP] #505
  ....5...1..)m...)<.%d...w.....3...$..1....2..5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
  .U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
  O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
  ....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
  .....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
  ....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
  http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
  .....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
  .l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
  t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
  ...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............                                   
#
T 104.47.61.54:64814 -> 10.2.4.112:25 [A] #506
  ..                                                                                                                                                                
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #507
  ..                                                                                                                                                                
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #508
  ..                                                                                                                                                                
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [AF] #509
  ..                                                                                                                                                                
####
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #513
  ..                                                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #514
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #515
  220 archive.domain.com ESMTP..                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #516
  EHLO CAN01-QB1-obe.outbound.protection.outlook.com..                                                                                                              
##
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #518
  250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #519
  STARTTLS..                                                                                                                                                        
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #520
  220 Ready to start TLS..                                                                                                                                          
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #521
  ...........`..Y)...;sM.`...g......i[..Ew..N..$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
  ........                                                                                                                                                          
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #522
  ....5...1......V.Y.Sv.J.A...<.f...:..u.8.*...5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
  .U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
  O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
  ....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
  .....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
  ....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
  http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
  .....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
  .l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
  t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
  ...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............                                   
###
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #525
  ..                                                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AF] #526
  ..                                                                                                                                                                
##
T 104.47.60.51:31424 -> 10.2.4.112:25 [A] #528
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #529
  220 archive.domain.com ESMTP..                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #530
  ..                                                                                                                                                                
###
T 104.47.60.51:31424 -> 10.2.4.112:25 [AP] #533
  EHLO CAN01-QB1-obe.outbound.protection.outlook.com..                                                                                                              
##
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #535
  250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..                                                                                
#
T 104.47.60.56:35161 -> 10.2.4.112:25 [A] #536
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.56:35161 [AP] #537
  220 archive.domain.com ESMTP..

Looks for suggestion on next step(s)

Comments (18)