Results 1 to 3 of 3

Thread: Receiving the same message over and over

  1. #1
    Join Date
    Jan 2006
    Posts
    88
    Rep Power
    9

    Default Receiving the same message over and over

    I'm having the wierdest problem. I keep getting the same message, with 6MB attachment, over and over and over again, from one specific sender.

    Is there any way i can check to make sure that these messages were sent that many times by the sender, versus multiplied somehow once it got to the zimbra server?

    Perhaps I can compare the source of each message to view the headers and determine if they are the same. Not too sure how to do that from the web gui.

    Please advise on how i can debug this.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Have a look at /var/log/zimbra.log
    Look to see the delivery transaction info.

    If you can see that it's there more than once, it's them. If it's there just once, it's Zimbra.

  3. #3
    Join Date
    Jan 2006
    Posts
    88
    Rep Power
    9

    Default

    I see a message from amavis for each e-mail, but not one from the original sending mail server.

    Is it possible that the messages are getting stuck in amavis?

    I have a non standard incoming e-mail configuration. My zimbra server is not on an MX for my domain. Only the edge spam server is. That edge spam server has a built in rule to forward scanned messages to the zimbra server.

    If I add the zimbra server as a lower priority MX, then the spammers just fire mail at it directly, bypassing the edge spam system.

    If I turn off amavis, then there is the possibility that through port scanning (or older copies of dns records), spammers will find my e-mail server anyway, and start beaming messages in completely unscanned.

    The problem e-mail is the one coming from faheym@fit.edu

    Mar 30 11:20:51 zimbra postfix/cleanup[26818]: 1D89411D8001: message-id=<2007033
    0151818.965FB4E0D9@wiki.raydiance-inc.com> Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 1D89411D8001: from=<bugzilla-daemon@w
    iki.raydiance-inc.com>, size=3109, nrcpt=1 (queue active) Mar 30 11:20:51 zimbra postfix/smtpd[26817]: disconnect from localhost[127.0.0.1]
    Mar 30 11:20:51 zimbra amavis[4079]: (04079-06) FWD via SMTP: <bugzilla-daemon@wiki.raydiance-inc.com> -> <rwaarts@raydiance-inc.com>, BODY=8BITMIME 250 2.6.0 Ok, id=04079-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 1D89411D8001
    Mar 30 11:20:51 zimbra amavis[4079]: (04079-06) Passed CLEAN, [64.45.239.149] [207.30.53.130] <bugzilla-daemon@wiki.raydiance-inc.com> -> <rwaarts@raydiance-inc.com>, Message-ID: <20070330151818.965FB4E0D9@wiki.raydiance-inc.com>, mail_id: wZ+8Je9P40LU, Hits: -1.612, queued_as: 1D89411D8001, 21071 ms
    Mar 30 11:20:51 zimbra postfix/smtp[26813]: 0B95911D8005: to=<rwaarts@raydiance-inc.com>, relay=127.0.0.1[127.0.0.1], delay=21, status=sent (250 2.6.0 Ok, id=04079-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 1D89411D8001)
    Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 0B95911D8005: removed
    Mar 30 11:20:51 zimbra postfix/lmtp[26821]: 1D89411D8001: to=<rwaarts@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=0, status=sent (250 2.1.5 OK)
    Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 1D89411D8001: removed
    Mar 30 11:20:55 zimbra postfix/lmtp[26822]: 58F3C11D800E: to=<ssapers@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=15, status=sent (250 2.1.5 OK)
    Mar 30 11:20:55 zimbra postfix/qmgr[4026]: 58F3C11D800E: removed
    Mar 30 11:20:56 zimbra amavis[4087]: (04087-04) spam_scan: not wasting time on SA, message longer than 524288 bytes: 1853+10648432
    Mar 30 11:20:56 zimbra postfix/smtpd[26819]: connect from localhost[127.0.0.1]
    Mar 30 11:20:56 zimbra postfix/smtpd[26819]: 9CD0611D8001: client=localhost[127.0.0.1]
    Mar 30 11:20:56 zimbra postfix/cleanup[26820]: 9CD0611D8001: message-id=<3281.163.118.201.145.1175101073.squirrel@webac cess.fit.edu>
    Mar 30 11:20:57 zimbra postfix/smtpd[26819]: disconnect from localhost[127.0.0.1]
    Mar 30 11:20:57 zimbra amavis[4087]: (04087-04) FWD via SMTP: <faheym@fit.edu> -> <jlammers@raydiance-inc.com>, BODY=8BITMIME 250 2.6.0 Ok, id=04087-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9CD0611D8001
    Mar 30 11:20:57 zimbra postfix/qmgr[4026]: 9CD0611D8001: from=<faheym@fit.edu>, size=10789107, nrcpt=1 (queue active)
    Mar 30 11:20:57 zimbra amavis[4087]: (04087-04) Passed CLEAN, [64.45.239.149] [163.118.201.145] <faheym@fit.edu> -> <jlammers@raydiance-inc.com>, Message-ID: <3281.163.118.201.145.1175101073.squirrel@webacces s.fit.edu>, mail_id: X0vCXkBD9AWw, Hits: -, queued_as: 9CD0611D8001, 13455 ms
    Mar 30 11:20:57 zimbra postfix/smtp[26807]: A5DCD11D8006: to=<jlammers@raydiance-inc.com>, relay=127.0.0.1[127.0.0.1], delay=26, status=sent (250 2.6.0 Ok, id=04087-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9CD0611D8001)
    Mar 30 11:20:57 zimbra postfix/qmgr[4026]: A5DCD11D8006: removed
    Mar 30 11:21:02 zimbra postfix/lmtp[26821]: 9CD0611D8001: to=<jlammers@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=6, status=sent (250 2.1.5 OK)
    Last edited by jonnyRo; 03-30-2007 at 10:39 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •