1

Topic: Mail flow & ESMTP - ESMTPSA auth questions

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

Centos iredmail & adminpro on current release using Nginx & MySQL

User claims to have not sent several e-mails to someone inside their own domain on system.  Review of maillog appears that message comes from user account (SASL method & username, IP match).  However, of the 5 messages in question, 3 share the same ESMTP and ESMTPSA values for different e-mails.   

Is this possible or a problem? 

Do the same values just represent an authentication time difference with the three messages being sent before authentication times out?

Is there a better resource to understand these values than these (i.e. implementation):
https://www.ietf.org/rfc/rfc3848.txt
https://tools.ietf.org/html/draft-newman-esmtpsa-01

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mail flow & ESMTP - ESMTPSA auth questions

pbf343 wrote:

of the 5 messages in question, 3 share the same ESMTP and ESMTPSA values for different e-mails.   

Excuse me, what is "ESMTPSA value"?

If you can find related log in maillog, that means someone did send emails with this account. You'd better show us related log so that we can help troubleshoot, otherwise it's not clear and hard to help.