Join Log in
Score:1
Rodrigo Teixeira Andreotti avatar Server

Postfix with ISPConfig and `Sender address rejected: User unknown in virtual mailbox table;`

cn flag
Rodrigo Teixeira Andreotti

I have a mail server that was configured with ISPConfig (amavisd, spamassasing, dovecote, etc) and a few non-standard tweaks from the tool's default tutorial (ISPConfig). The server itself works beautifully.

However, I have a problem delivering e-mail using an external service called SendPulse.

I use the sendpulse SMTP tool to send invoices to my clients, however when the client has an email hosted on my email server (which is the most frequent) the email is not received due to some setting that I can't find. In the logs I get the following error:

postfix/smtpd[2979413]: NOQUEUE: reject: RCPT from mx25.smtppulse.com[213.109.76.186]: 550 5.1.0 
<[email protected]>: Sender address rejected: User unknown in virtual mailbox table;
from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mx25.smtppulse.com>

[email protected] is the e-mail address that is configured in the sendpulse smtp to be used as from, this e-mail also exists in the mail server.

DKIM, DMARC and SPF are configured and working correctly.

I tried, as a test, to set the smtpd_reject_unlisted_sender= no parameter, but I still couldn't get the email delivered.

Edit:

My current config:

main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

postscreen_greet_action = enforce

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mailussl.eximiaweb.com.br
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = mailussl.eximiaweb.com.br, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128, smtppulse.com
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
smtpd_helo_required = yes

# alterado por Rodrigo
#smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit
#reject_rbl_client dnsbl.inps.de, reject_rbl_client zen.spamhaus.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client bl.mailspike.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client noptr.spamrats.com, reject_rbl_client dyna.spamrats.com, reject_rbl_client drone.abuse.ch, reject_rbl_client cbl.abuseat.org
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040

smtpd_sender_restrictions = permit_mynetworks, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf,  permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender
smtpd_reject_unlisted_sender = no
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
smtpd_delay_reject = yes
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = lmtp:unix:private/dovecot-lmtp
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
tls_preempt_cipherlist = yes
address_verify_negative_refresh_time = 60s
enable_original_recipient = no
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users = 
authorized_mailq_users = nagios, icinga
smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
address_verify_sender_ttl = 15686s
smtp_dns_support_level = dnssec
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
message_size_limit = 0
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept


postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop

master.cf

smtp      inet  n       -       y       -       -       smtpd
smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_security_level=may
  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_security_level=may
  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}


amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o smtp_bind_address=


127.0.0.1:10025 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o address_verify_virtual_transport=$virtual_transport
        -o address_verify_transport_maps=$transport_maps


127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o address_verify_virtual_transport=$virtual_transport
        -o address_verify_transport_maps=$transport_maps
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
1412
2 + 2
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Is the domain `eximiaweb.com.br` controlled by this Postfix server, e.g. is it listed in `mydomains`, `virtual_mailbox_domains` or `virtual_alias_domains`? If yes, does `local_recipient_maps`, `alias_maps`, `virtual_mailbox_maps` or `virtual_alias_maps` contain the `[email protected]` address? This is all in some mysql tables, which Postfix checks according to the corresponding .cf files mentioned in said configuration parameters.
0
Reply
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
Now I have 2 servers, one with mysql + bind + apache2 that host websites and databases, and this server that have mail services and another instance of bind syncing with webserver. all email domains including exmiaweb are on this server. The [email protected] account has been created and is usable and accessible on this server
0
Reply
Score:1
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

I think I understand what's happening and why is this the deficiency of the configuration.

The error messages says sender address rejected e.g. rejected by some item in smtp_sender_restrictions, likely the last one, reject_unlisted_sender. Your attempt to set smtpd_reject_unlisted_sender = no was the step into the right direction, but it is only used if no reject_unlisted_sender is happening anywhere, and it defaults to "no" anyway.

This reject happens likely because the sender address domain, eximiaweb.com.br, is from the domain Postfix thinks it controls, but the list of existing addresses within it (virtual_mailbox_maps or virtual_alias_maps for domains listed in virtual_mailbox_domains and virtual_alias_domains; local_recipient_maps and alias_maps for domains listed within mydomain) doesn't contain the [email protected].

This is the first problem with this configuration. (From the comment I can deduce you've solved it, but I keep the rest of the paragraph to explain why it was necessary.) It is bad idea to send mail with unroutable return address, even if it is a no-reply address. One of reasons why is that, is because some servers actually check that address (by trying to deliver mail there, but quitting instead of issuing DATA command) and they simply won't accept mail from nonexistent address. So you can even make it a blackhole destination, but do accept mail for it.

In your case, the configuration seems to be secure enough to check whether the sender address is permitted for this authenticated sender. But in your case the sender is not authenticated and therefore the delivery will still fail even if you add noreply@... into the list of existing addresses.

This shows the second problem of your configuration. You use the same single public smtpd instance for both receiving the mail from other server, which is unauthenticated by design, and for submissions of mail by local authenticated users. You even have the dedicated submission service enabled, but it shares the important bits of the configuration with the main "incoming" instance on the port 25, so it is effectively useless.

Better to have all smtpd_*_restrictions of those instances different; the smtpd authentication, the unlisted sender rejection and the sender email ownership being only checked in the submission service (and it should not permit mail without authentication at all). For that, set smtpd_sasl_auth_enabled=yes and smtpd_sender_restrictions to permit_sasl_authenticated,reject for it. The "incoming" port 25 instance should not accept any authentication and will be dedicated to only reception of mail from other servers, so it should have smtpd_sasl_auth_enabled=no and all corresponding checks (permit_sasl_authenticated, reject_unlisted_sender and so on) removed. This way, even if some other server sends mail to your server from the domain on your server, it will be accepted. There are other answers on ServerFault that explain this configuration in more detail.

+ 1
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
Wow! Some good points and a lot of new info to process, i really was uncorfortable with por 25 enabled to send email, even if anyone know this, but =P I'll try to make some configs tonight and turn back here to tell the result. For now, so many thanks for your time and your help.
0
Reply
Score:-1
Rodrigo Teixeira Andreotti avatar Server
cn flag
Rodrigo Teixeira Andreotti

OK, I ended up getting the issue resolved yesterday.

Basically what I needed to do was add the sendpulse domain (smtppulse.com) to my mynetworks variable, as follows:

mynetworks = 127.0.0.0/8 [::1]/128, smtppulse.com

Quite simple, but as it took me a while to reach this conclusion, maybe it will help someone to struggle a little less with this problem.

+ 6
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
I don't know how ISPConfig configures Postfix and what nasty tricks it uses so it requires this ugly hack, but for the rest of Postfix users this kind of solution is insane and dangerous. Basically, it permits any IP address that smtppulse.com resolves into to send anything through your server.
1
Reply
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
You're right! but, the problem occurs when the smtppulse try to delivery some email to someone inside my server, this because the configured mail-from inside sendpulse panel is a address of another account that remains in this same server, i think the problem is here. If you have some suggestion, I really love to know... =]
0
Reply
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
Additional info: ISPConfig doesn't do any specific configuration much outside of postfix. The issue lies in what I reported in the previous comment. A recipient and a sender that exist on the server itself, but the email is sent from outside.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
If you sure you are able to control Postfix fully as we expect (e.g. make arbitrary changes to the configurations), post the current configuration as suggested by the [tag description](https://serverfault.com/questions/tagged/postfix).
0
Reply
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
I'll edit my answer. if we can find any solution with more security, better
0
Reply
Rodrigo Teixeira Andreotti avatar
cn flag
Rodrigo Teixeira Andreotti
About full control in postfix, not that I'm 100% proficient, but I can get by fine, I'm planning to implement SNI on this server in a few days, and I've customized some settings to make it a little more secure than what ISPConfig delivers. Of course we can always learn more =P
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.