mta | Scrape & analyze MTA arrival times

Your array is multidimensional, the first dimension seems to be the IP of the server.

If that IP is fixed, you can use the answer of @B001ᛦ in the first comment to your question.

Otherwise if it changes and if there can be multiple IPs, you can just loop.

After running some testcases, I have experienced the following:

(This was done by a Outlook.com smtp server.)

• MTA-STS: Deliberately incorrect, but existing third-party mx server in mta-sts file.
• DNS: Correct mx server.

The sender was informed about the delivery failure after 24 hours.

It was explained in my local language what was going on; here information highlights:

1. That the message could was not delivered.
2. That it was tried multiple times to deliver.
3. But that the cause was being unable to connect to the remote server.
4. Advise was given to contact the recipient by phone to ask the recipient to inform the postmaster about the error.
5. It was even suggested that the problem could most likely only be solved by the postmaster.
6. (A link was provided but that wasn't really helpful. Additionally the technical bounce message was visible among it the technical words "failed MTA-STS validation").

• MTA-STS: Correct and desired mx in mta-sts file.
• DNS: Deliberately set to incorrect mx server, existing server though.

After 24 hours I received an error back. Confusingly the message state that the address did not exists in the target domain. Though this is true, it shouldn't have gotten this far. However, when reviewing the technical part the outlook-sending server mentioned 'failed mta-sts errors validation'. So the technical part contained the correct mta-sts validation error, but the human/user readable part only mentioned that the target address did not exist in the target server.

I guess if the address doesn't exists, any mta-sts errors are "less important" to report to the end-user. The user was advised to re-type and resend the e-mail and verify if the address with the recipient (phone was mentioned). However, even if the user followed the instructions, the next e-mail wouldn't have been delivered either, but that is beyond this testcase.

• MTA-STS: Correct mx in mta-sts file.
• DNS: Fake MX corrects.

After 24 hours I received an error back. The cause for not being able to deliver the message was being unable to resolve the domain location of the recipient. (Undesired result, but logical, mx were referring to nothing.)

The technical part of the message mentioned 'DNS query failed'. Nothing of mta-sts was mentioned.

• MTA-STS: Correct mx in mta-sts file.
• DNS: Incorrect but existing mx records; a cname referring to the same IP of the correct mx server (which shouldn't matter because mta-sts should compare cert with cname.)

The results, unexpected:

• One email got delivered somewhere between that 24 time-window.
• One email failed due to mta-sts validation error.

Temporary downtime of webserver might have been a factor, though that shouldn't have mattered. - Cannot explain.

I took a while to find the correct testcase as you can see. But Testcase C describes the desired behaviour. Yes, the sender is informed, after 24 hours with outlook.com as smtp-server. The user is informed in clear language. That being said, I do have an additional opinion about the timing here, mentioned below.

Staying with the facts: I did not perform a testcase with a server trying unencrypted connections. Testcase C puts the ball into the the recipient's postmaster's court, I would be curious to see where the ball (the 'todo') would be placed, in the case of unencrypted attempts, as that cannot be solved by the recipient but must be solved by the sender or sender's postmaster.

I also did not test multiple smtp servers.

That being said, MTA-STS-validation needs to be supported by the sender SMTP (correct me in comments if I am wrong*), so if a server is so old it tries do deliver an e-mail over non-encrypted connection, it will most likely not support MTA-STS so it will not validate the MTA-STS policy and simply deliver the e-mail unprotected. * Found confirmation here, from paragraph "There is a standard...")

If somebody tries to redirect some incoming e-mail by dns-poisoning, a modern smtp-server will not deliver the e-mail to an incorrect destination. So it protects against evil doing, not against legacy.

I think the feedback delay of 24 hours is too long. Testcase C reports 11 retry attempts within that 24 hour window. Though I appreciate the system not giving up, I would argue that it might be in the interest of the sender to inform him of at least a non-regular delivery.

The second message (did not issue MAIL/EXPN/VRFY/ETRN) can be found if you would set mode aggressive by sendmail-reject jail (after this fix, e. g. v.0.10.6 and 0.11.2).

There was indeed no exact rule for the first message (rate limit exceeded) matching this kind of message exactly, due to different handling on the arguments, but...
I fixed this now in f0214b3 on github.

Unless not released you can extend it by yourselves either in filter (copy & paste from github filter) or directly in jail:

Third-party MTA: Only Exchange Edge is supported as SMTP gateway for Exchange onprem <-> Exchange online hybrid traffic.

Flow direction: For simplicity you should either use centralized mail transport or non-centralized mail transport.

Centralized mail transport (Inbound and Outbound via Exchange onprem)

Inbound: Internet -> SMTP gateway (third-party MTA is ok) -> Exchange Hybrid -> Onprem mailboxes Inbound: Internet -> SMTP gateway (third-party MTA is ok) -> Exchange Hybrid -> Hybrid SMTP connector (direct or via Edge) -> Online mailboxes

Outbound: Onprem mailboxes -> Exchange Hybrid -> SMTP gateway (third-party MTA is OK) -> Internet Outbound: Online mailboxes -> DHybrid SMTP connector (Direct or via Edge) -> Exchange Hybrid -> SMTP gateway (third-party MTA is ok) -> Internet.

The key is that the SMTP traffic between Exchange Online and the Exchange onprem server should either be direct or via exchange edge.

Non-centralized mail transport (inbound and outbound to internet via Office 365)

Inbound: Internet -> Exchange Online -> Online mailboxes Inbound: Internet -> Exchange Online -> Hybrid SMTP connector -> Exchange Hybrid -> Onprem mailboxes

Outbound: Online mailboxes -> Exchange Online -> Internet Outbound: Onprem mailboxes -> Exchange Hybrid -> Hybrid SMTP connector (either direct or via Exchange Edge) -> Exchange Online -> Internet

OK - based on the image you posted, I'm going to use a 2:1 aspect ratio for your "Logo Image"...

Start with a "basic" layout:

Here's the constraints:

the Outer StackView properties:

and the Buttons StackView properties:

At this point, we should be "good to go" with "portrait" layout.

Let's add some trait variations...

To get this layout:

We'll add `Width: Any / Height: Compact" for the Axis and Alignment of the OuterStack:

and we'll add `Width: Any / Height: Compact" for the Alignment of the ButtonsStack:

If we run that (iPhone 12 sim), we get this:

We're close, but... we get a whole mess of auto-layout warning / error messages in the debug console.

That's because (from my experience) auto-layout needs to make multiple "passes" to fully evaluate the layout, particularly when using Aspect-Ratio constraints mixed with Stack Views.

To get rid of that, we'll give the Image View's Aspect-Ratio constraint a less-than-required Priority:

This, effectively, allows auto-layout to break constraints during its multiple layout passes.

Here's an entire Storyboard source so you can more closely inspect things:

You can use a ThreadPoolExecutor to speed things up:

Seems pretty clear in the response you received. The message transfer agent, who's Internet address is mx3.imadiff.net flagged your email as having content that it determined was contraband for their system. You need to look at what you sent and figure it out ... maybe it had curse words in it, or it had an attachment that the filter didn't like. You could try contacting the recipient and asking them what their mail filter system looks for as contraband and then look at the message you sent to see if you can figure out why it got flagged. Then remove whatever that is and re-send it.

My assumption is that it is looking for raw_data.txt in the wrong folder and failing because it cannot find the file. To see the full about of the script, add a log file for the cron job to dump the output to. You could say something like: * * * * * /use/bin/python3 /home/m/one.py >> /home/m/out.log. This would dumb the full output of the execution to out.log and give you all the information you need to solve the issue.

Without knowing more, my assumption is that the issue is caused by os.getcwd(). This does not get the current working directory of one.py but the current working directory where cron is executed from. Since you are opening as a+, the file must exist first in order to append to the file. What you want instead is os.path.dirname(os.path.realpath(__file__)) which will give you the full directory path of one.py regardless of where the script is called from. Change that line to be this:

Is the next to last block the output of crontab -l? Looks to me like there's an extra "root" in there.

The hint is in your syslog output: