Troubleshooting Postfix SMTP Delivery: Messages Show as Sent But Not Received in Recipient’s Inbox (AT&T/Bellsouth Case Study)


2 views

When your Postfix logs show a successful delivery (status=sent, dsn=2.0.0) but the message never appears in the recipient's inbox - especially with major ISPs like AT&T/Bellsouth - you're facing one of email's most frustrating scenarios. The server accepted the message, but something happened after the handoff.

The log snippet shows a complete SMTP transaction:

status=sent (250 ok ; id=20120227140036M0700qer4ne)
postfix/qmgr[5595]: D53A72713E5: removed

This indicates AT&T's MX server (gateway-f1.isp.att.net) accepted responsibility for delivery. The "250 ok" response means successful reception, not necessarily final delivery.

  • Greylisting: AT&T may temporarily reject then requeue messages
  • Content filtering: Silent drops of messages flagged as spam
  • IP reputation issues: Your server's IP might be on blocklists
  • Missing PTR records: Reverse DNS not properly configured
  • SPF/DKIM failures: Authentication issues causing silent rejection

First, verify your server's basic configuration:

postconf -n | grep -E 'myhostname|mydomain|smtpd_banner|mynetworks'

Then check your IP's reputation:

dig +short $(hostname -f)
# Then check the IP against:
# https://mxtoolbox.com/blacklists.aspx
# https://www.spamhaus.org/lookup/

Add these to main.cf for enhanced logging:

# Enable detailed delivery status notifications
smtpd_discard_ehlo_keyword_address_maps = 
    hash:/etc/postfix/discard_ehlo
disable_vrfy_command = yes
smtpd_data_restrictions = 
    reject_unauth_pipelining

# Improved logging
debug_peer_level = 2
debug_peer_list = att.net,bellsouth.net

Since you can't rely on bounce messages, implement these alternatives:

  1. Email headers analysis: 
    Received: from mail.example.com (mail.example.com [192.0.2.1])
    by gateway-f1.isp.att.net with ESMTP id x1234
    for ; Mon, 27 Feb 2023 09:02:37 +0000
  2. Third-party verification services: 
    # Using Telnet to test SMTP directly
telnet gateway-f1.isp.att.net 25
EHLO yourdomain.com
MAIL FROM:
RCPT TO:

For production environments, consider implementing a Perl/Python script to parse Postfix logs and track delivery statuses:

#!/usr/bin/perl
use strict;
use warnings;

open(my $fh, '<', '/var/log/mail.log') or die $!;
while(<$fh>) {
    if(/postfix\/smtp.*(status=sent).*to=<([^>]+)>/) {
        my $email = $2;
        log_delivery($email, 'sent');
    }
    elsif(/postfix\/bounce/) {
        # Handle bounce messages
    }
}
close $fh;

sub log_delivery {
    my ($email, $status) = @_;
    # Implement your tracking logic here
    # Consider writing to a database or monitoring system
}

For AT&T/Bellsouth specifically:

  • Register with their postmaster portal (postmaster.att.net)
  • Ensure your IP isn't on their internal blocklists
  • Follow their bulk sender guidelines if sending >10k messages/day
  • Consider using their approved submission port (587 with auth)

When your Postfix logs show successful delivery (status=sent) but messages never reach the recipient's inbox at ISPs like AT&T/Bellsouth, you're dealing with one of the most frustrating email delivery scenarios. The SMTP protocol's "250 OK" response only confirms that the receiving server accepted responsibility for delivery - not that the message actually reached the inbox.

Here's how to systematically approach this issue:

# Check your server's bounce handling configuration
postconf -n | grep -E 'notify_classes|bounce|delay'

# Typical output you should verify:
notify_classes = bounce, delay, resource, software
bounce_service_name = bounce
delay_notice_recipient = postmaster

AT&T and other large ISPs often implement silent filtering. To test this:

# Create a test email with full headers
telnet localhost 25
EHLO yourdomain.com
MAIL FROM: <test@yourdomain.com>
RCPT TO: <your@bellsouth.net>
DATA
Subject: Test email with headers
X-Mailer: Test Suite
Message-ID: <custom123@yourdomain.com>
Date: $(date -R)

This is a test message body.
.
QUIT

Enhance your logging to capture more delivery details:

# In main.cf add:
debug_peer_list = att.net, bellsouth.net
debug_peer_level = 2

# For better tracking:
smtp_destination_concurrency_limit = 1
smtp_destination_rate_delay = 1s

Implement a simple tracking system using Python:

import re
from datetime import datetime

def parse_postfix_log(log_file, recipient_domain):
    pattern = r'(?P<date>\w{3} \d{1,2} \d{2}:\d{2}:\d{2}).*?postfix/smtp.*?to=<(?P<recipient>.*?)>.*?relay=(?P<relay>.*?),.*?status=(?P<status>.*?)\)'
    results = []
    
    with open(log_file) as f:
        for line in f:
            if recipient_domain in line and 'status=sent' in line:
                match = re.search(pattern, line)
                if match:
                    results.append({
                        'timestamp': datetime.strptime(match.group('date'), '%b %d %H:%M:%S'),
                        'recipient': match.group('recipient'),
                        'relay': match.group('relay'),
                        'status': match.group('status')
                    })
    return results

Verify your server's reputation and DNS configuration:

# Check your SPF record
dig TXT yourdomain.com

# Verify DKIM signing
openssl s_client -connect yourmailserver:25 -starttls smtp -crlf

# Check blacklists
for bl in dnsbl.spamhaus.org bl.spamcop.net; do
    host -t a $(hostname -i | awk -F. '{print $4"."$3"."$2"."$1}'."$bl")
done

When messages disappear, request headers from test recipients to identify:

  • X-AT&T-Headers: Special headers AT&T adds during processing
  • Received-SPF: Authentication results
  • X-Filter-ID: Indicates filtering actions

Implementing these diagnostic steps will help pinpoint where in the delivery chain messages are being dropped, even when SMTP logs show successful transmission.