Results 1 to 6 of 6

Thread: Users receiving copies of other user's spam?

  1. #1
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default Users receiving copies of other user's spam?

    Hey All,

    I think this may have been a fluke, but I want to ask anyway. I had an incident where a user, Bob, received some spam messages that were addressed to another user, Barbara. When viewing the headers of the e-mail messages, it didn't appear that the messages were addressed to Bob or to any distribution list/alias related to him. Both users received the messages.

    If it makes a difference, we have two domains, mpcsd.org and mpcsd.k12.ca.us. the .org domain was how Zimbra was set up and the .k12.ca.us domain was added later as an "alias" to .org. The spam messages were both sent to Barbara at the alias domain.

    I did some test and they're properly receiving non-spam messages addressed to them.

    One thing that crossed my mind was BCC. If somebody was spammed as a "BCC" recipient, would this not show in the headers?

    Anywho...is it something I should worry about?

    Thanks!

    ~ Anthony

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Would you be able to post the headers so that we can take a look ? What version of ZCS are you running ?

  3. #3
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default

    Quote Originally Posted by uxbod View Post
    Would you be able to post the headers so that we can take a look ? What version of ZCS are you running ?
    We are running ZCS 5.0.7 open source edition.

    Here are the headers plus the body of one of the messages:

    Code:
    Return-Path: diufmxvovif@bostonpromotionalgifts.com
    Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
     by cottontail.mpcsd.org with LMTP; Sun, 27 Jul 2008 16:06:00 -0700 (PDT)
    Received: from localhost (localhost [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id A8908574005;
    	Sun, 27 Jul 2008 16:06:00 -0700 (PDT)
    X-Virus-Scanned: amavisd-new at 
    X-Spam-Flag: NO
    X-Spam-Score: 1.594
    X-Spam-Level: *
    X-Spam-Status: No, score=1.594 tagged_above=-10 required=6.6
    	tests=[BAYES_50=0.001, RCVD_IN_PBL=0.905,
    	XMAILER_MIMEOLE_OL_3AC1D=0.688]
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id XRebfEh9RPIw; Sun, 27 Jul 2008 16:06:00 -0700 (PDT)
    Received: from brln-4db88a68.pool.einsundeins.de (brln-4db88a68.pool.einsundeins.de [77.184.138.104])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 55D02574004;
    	Sun, 27 Jul 2008 16:02:18 -0700 (PDT)
    Received: from [77.184.138.104] by mx01.kundenserver.de; Mon, 28 Jul 2008 00:02:18 +0100
    Message-ID: <01c8f045$333d3c80$688ab84d@diufmxvovif>
    From: "United Parcel Service" <diufmxvovif@bostonpromotionalgifts.com>
    To: <bcottrell@mpcsd.k12.ca.us>
    Subject: [NO-REPLY] UPS Tracking Number 7286463719
    Date: Mon, 28 Jul 2008 00:02:18 +0100
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0006_01C8F045.333D3C80"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 5.00.2919.6700
    X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
    
    This is a multi-part message in MIME format.
    
    ------=_NextPart_000_0006_01C8F045.333D3C80
    Content-Type: text/plain;
    	charset="iso-8859-1"
    Content-Transfer-Encoding: 7bit
    
    Unfortunately we were not able to deliver postal package you sent on July the 25 in time
    because the recipient�s address is not correct.
    Please print out the invoice copy attached and collect the package at our office
    
    Your UPS
    http://www.ups.com
    I have a feeling it's a fluke, but any insight would be appreciated.

    Thanks!

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Could you also perform a zmmsgtrace aswell so we can see how ZCS processed it please.

  5. #5
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default

    Quote Originally Posted by uxbod View Post
    Could you also perform a zmmsgtrace aswell so we can see how ZCS processed it please.
    Here ya go!

    Code:
    zimbra@cottontail:/home/ahoppe$ zmmsgtrace -s diufmxvovif@bostonpromotionalgifts.com
    Tracing messages
            from diufmxvovif@bostonpromotionalgifts.com
    
    
    Message ID '01c8f045$333d3c80$688ab84d@diufmxvovif'
    diufmxvovif@bostonpromotionalgifts.com -->
                    bcottrell@mpcsd.org
                    bcottrelln@mpcsd.org
                    bcottrellnn@mpcsd.org
                    bcrabb@mpcsd.org
                    bcrabbd@mpcsd.org
                    bcrabbdd@mpcsd.org
      Recipient bcottrell@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> cottontail.mpcsd.org (10.1.1.37]:7025) status sent
      Recipient bcottrelln@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> none () status bounced  
        (mpcsd.org)
      Recipient bcottrellnn@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> none () status bounced  
        (mpcsd.org)
      Recipient bcrabb@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> cottontail.mpcsd.org (10.1.1.37]:7025) status sent
      Recipient bcrabbd@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> none () status bounced  
        (mpcsd.org)
      Recipient bcrabbdd@mpcsd.org
      2008-07-27 16:06:00 - localhost (127.0.0.1) --> cottontail
      2008-07-27 16:06:00 - cottontail --> none () status bounced  
        (mpcsd.org)
    
    1 messages found
    It looks like I suspected. Could the users the e-mail was sent to have been BCCed? When bcrabb received the e-mail, it wasn't addressed to him, only to bcottrell.

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    I would concur with that train of thought. I would keep an eye on it and see if it happens again.

Similar Threads

  1. Spam/Ham training under Outlook/Thunderbird/etc.
    By chuckm in forum Administrators
    Replies: 23
    Last Post: 03-18-2009, 12:01 PM
  2. Replies: 3
    Last Post: 02-25-2008, 06:33 AM
  3. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  4. Spam default users deleted
    By gbajczman in forum Installation
    Replies: 2
    Last Post: 10-02-2007, 08:22 AM
  5. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •