Transparency on Email Privacy and Troubleshooting

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

As I remain committed to full transparency, I wanted to discuss what I do and do not see regarding emails in the backend servers, I wanted to list them out and show examples of what I see in the logs, and more. This is to make sure you trust the process and understand what is private and what is not. The main take-away, I see only what I need to do for troubleshooting (and this is how almost every mail server works, really, except for ones like Gmail that scan message content to serve up advertising), and on my servers the contents of your email (including subject lines) are completely hidden from me and stored encrypted on disk. This ensures that the only person who can see your email is you and you alone.

What I DO see:

  • Timestamps
  • Event types
  • Sending server details including hostnames and IP addresses
  • Authentication method
  • Spam classification
  • From email (sender) address and To (receiving) email address

What I DO NOT see:

  • Contents (including subject lines) of any emails. Email messages themselves are encrypted on disk and are unreadable by anything but the application connecting to it using proper authentication.

Example logs

In the examples below, these are logs for an email sent from one of my web apps to my email address in order to preserve privacy.

In JSON viewer

{
  "ts": 1603755945209,
  "type": "queued",
  "direction": "outbound",
  "uuid": "5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1",
  "remote": {
    "ip": "172.18.0.35",
    "port": 41064,
    "host": "2ee0480b-2848-4af9-bf7d-6ad8719e698c.cloudron",
    "info": "2ee0480b-2848-4af9-bf7d-6ad8719e698c.cloudron",
    "closed": false,
    "is_private": true,
    "is_local": false
  },
  "authUser": "mainwp.app@d19.ca",
  "mailFrom": "<mainwp.app@d19.ca>",
  "rcptTo": [
    "<dustin@d19.ca>"
  ],
  "details": {
    "spamStatus": "",
    "message": "Message Queued (5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1)"
  }
}

In raw logs

2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF] [core] connect ip=172.18.0.35 port=41064 local_ip=:: local_port=2525
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF] [helo.checks] multi: true, skip:proto_mismatch(private), host_mismatch(private)
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF] [core]  hook=unrecognized_command plugin=cloudron function=hook_unrecognized_command params=AUTH retval=OK msg=""
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF] [core]  hook=unrecognized_command plugin=cloudron function=hook_unrecognized_command params="bWFpbndwLmFwcEBkMTkuY2E=" retval=OK msg=""
2020-10-26T23:45:45.000Z [INFO] [-] [cloudron] authenticated as : mainwp.app@d19.ca
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF] [core]  hook=unrecognized_command plugin=cloudron function=hook_unrecognized_command params=Njk3N2M0ZTE5ZTZkOGRhYzdlYWFjODI4YzYyZTM5ZmQxZTc5ZGUxZDAxMDgzOWEy retval=OK msg=""
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] sender <mainwp.app@d19.ca> code=CONT msg=""
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core]  hook=rcpt plugin=rcpt_to.in_host_list function=hook_rcpt params=<dustin@d19.ca> retval=OK msg=""
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [delay_deny] bypassing all pre-DATA deny: AUTH/RELAY
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] recipient <dustin@d19.ca> code=OK msg="" sender=mainwp.app@d19.ca
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] message mid=<MAeDA8GCZZjqLHeIw84yuq2r98rJfSdl1itbcNu30@2ee0480b-2848-4af9-bf7d-6ad8719e698c> size=4058 rcpts=1/0/0 delay=0.001 code=CONT msg=""
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [dkim_sign] signed for d19.ca
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] queue code=CONT msg="Message Queued (5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1)"
2020-10-26T23:45:45.000Z [INFO] [-] [core] [outbound] Sending email as a transaction
2020-10-26T23:45:45.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: d19.ca
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] queue code=OK msg="Message Queued (5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1)"
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1] [core] disconnect ip=172.18.0.35 rdns=2ee0480b-2848-4af9-bf7d-6ad8719e698c.cloudron helo=2ee0480b-2848-4af9-bf7d-6ad8719e698c relay=Y early=N esmtp=Y tls=N pipe=N errors=0 txns=1 rcpts=1/0/0 msgs=1/0/0 bytes=4058 lr="" time=0.044
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1.1] [outbound]  hook=get_mx plugin=cloudron function=get_mx params=d19.ca retval=OK msg="[object Object]"
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1.1] [outbound] Attempting to deliver to: 127.0.0.1:2424 using LMTP (0) (2)
2020-10-26T23:45:45.000Z [INFO] [-] [core] [outbound] [outbound::2424:127.0.0.1:undefined:50] dispense() clients=1 available=0
2020-10-26T23:45:45.000Z [INFO] [-] [core] [outbound] acquired socket 91EA6721-B605-4722-AB8B-8A507F1D9157 for outbound::2424:127.0.0.1:undefined:50
2020-10-26T23:45:45.000Z [NOTICE] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1.1] [outbound]  delivered file=1603755945207_1603755945207_0_87_D3ypiU_922_c66f5f0e4678 domain=d19.ca host=127.0.0.1 ip=127.0.0.1 port=2424 mode=LMTP tls=Y auth=N response="<dustin@d19.ca> +HgcDqlfl1+NIgAAZbsJcg Saved" delay=0.176 fails=0 rcpts=1/0/0