Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Receiving the same message over and over

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-29-2007, 11:36 AM
Project Contributor
  
Posts: 88
Default Receiving the same message over and over
I'm having the wierdest problem. I keep getting the same message, with 6MB attachment, over and over and over again, from one specific sender.

Is there any way i can check to make sure that these messages were sent that many times by the sender, versus multiplied somehow once it got to the zimbra server?

Perhaps I can compare the source of each message to view the headers and determine if they are the same. Not too sure how to do that from the web gui.

Please advise on how i can debug this.
Reply With Quote
  #2 (permalink)  
Old 03-29-2007, 11:39 AM
Former Zimbran
  
Posts: 5,606
Default
Have a look at /var/log/zimbra.log
Look to see the delivery transaction info.

If you can see that it's there more than once, it's them. If it's there just once, it's Zimbra.
Reply With Quote
  #3 (permalink)  
Old 03-30-2007, 08:43 AM
Project Contributor
  
Posts: 88
Default
I see a message from amavis for each e-mail, but not one from the original sending mail server.

Is it possible that the messages are getting stuck in amavis?

I have a non standard incoming e-mail configuration. My zimbra server is not on an MX for my domain. Only the edge spam server is. That edge spam server has a built in rule to forward scanned messages to the zimbra server.

If I add the zimbra server as a lower priority MX, then the spammers just fire mail at it directly, bypassing the edge spam system.

If I turn off amavis, then there is the possibility that through port scanning (or older copies of dns records), spammers will find my e-mail server anyway, and start beaming messages in completely unscanned.

The problem e-mail is the one coming from faheym@fit.edu

Mar 30 11:20:51 zimbra postfix/cleanup[26818]: 1D89411D8001: message-id=<2007033
0151818.965FB4E0D9@wiki.raydiance-inc.com> Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 1D89411D8001: from=<bugzilla-daemon@w
iki.raydiance-inc.com>, size=3109, nrcpt=1 (queue active) Mar 30 11:20:51 zimbra postfix/smtpd[26817]: disconnect from localhost[127.0.0.1]
Mar 30 11:20:51 zimbra amavis[4079]: (04079-06) FWD via SMTP: <bugzilla-daemon@wiki.raydiance-inc.com> -> <rwaarts@raydiance-inc.com>, BODY=8BITMIME 250 2.6.0 Ok, id=04079-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 1D89411D8001
Mar 30 11:20:51 zimbra amavis[4079]: (04079-06) Passed CLEAN, [64.45.239.149] [207.30.53.130] <bugzilla-daemon@wiki.raydiance-inc.com> -> <rwaarts@raydiance-inc.com>, Message-ID: <20070330151818.965FB4E0D9@wiki.raydiance-inc.com>, mail_id: wZ+8Je9P40LU, Hits: -1.612, queued_as: 1D89411D8001, 21071 ms
Mar 30 11:20:51 zimbra postfix/smtp[26813]: 0B95911D8005: to=<rwaarts@raydiance-inc.com>, relay=127.0.0.1[127.0.0.1], delay=21, status=sent (250 2.6.0 Ok, id=04079-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 1D89411D8001)
Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 0B95911D8005: removed
Mar 30 11:20:51 zimbra postfix/lmtp[26821]: 1D89411D8001: to=<rwaarts@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=0, status=sent (250 2.1.5 OK)
Mar 30 11:20:51 zimbra postfix/qmgr[4026]: 1D89411D8001: removed
Mar 30 11:20:55 zimbra postfix/lmtp[26822]: 58F3C11D800E: to=<ssapers@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=15, status=sent (250 2.1.5 OK)
Mar 30 11:20:55 zimbra postfix/qmgr[4026]: 58F3C11D800E: removed
Mar 30 11:20:56 zimbra amavis[4087]: (04087-04) spam_scan: not wasting time on SA, message longer than 524288 bytes: 1853+10648432
Mar 30 11:20:56 zimbra postfix/smtpd[26819]: connect from localhost[127.0.0.1]
Mar 30 11:20:56 zimbra postfix/smtpd[26819]: 9CD0611D8001: client=localhost[127.0.0.1]
Mar 30 11:20:56 zimbra postfix/cleanup[26820]: 9CD0611D8001: message-id=<3281.163.118.201.145.1175101073.squirrel@webac cess.fit.edu>
Mar 30 11:20:57 zimbra postfix/smtpd[26819]: disconnect from localhost[127.0.0.1]
Mar 30 11:20:57 zimbra amavis[4087]: (04087-04) FWD via SMTP: <faheym@fit.edu> -> <jlammers@raydiance-inc.com>, BODY=8BITMIME 250 2.6.0 Ok, id=04087-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9CD0611D8001
Mar 30 11:20:57 zimbra postfix/qmgr[4026]: 9CD0611D8001: from=<faheym@fit.edu>, size=10789107, nrcpt=1 (queue active)
Mar 30 11:20:57 zimbra amavis[4087]: (04087-04) Passed CLEAN, [64.45.239.149] [163.118.201.145] <faheym@fit.edu> -> <jlammers@raydiance-inc.com>, Message-ID: <3281.163.118.201.145.1175101073.squirrel@webacces s.fit.edu>, mail_id: X0vCXkBD9AWw, Hits: -, queued_as: 9CD0611D8001, 13455 ms
Mar 30 11:20:57 zimbra postfix/smtp[26807]: A5DCD11D8006: to=<jlammers@raydiance-inc.com>, relay=127.0.0.1[127.0.0.1], delay=26, status=sent (250 2.6.0 Ok, id=04087-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9CD0611D8001)
Mar 30 11:20:57 zimbra postfix/qmgr[4026]: A5DCD11D8006: removed
Mar 30 11:21:02 zimbra postfix/lmtp[26821]: 9CD0611D8001: to=<jlammers@raydiance-inc.com>, relay=zimbra.raydiance-inc.com[64.45.239.150], delay=6, status=sent (250 2.1.5 OK)
Last edited by jonnyRo; 03-30-2007 at 09:39 AM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.