Loading ...
Sorry, an error occurred while loading the content.

186893Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails

Expand Messages
  • /dev/rob0
    Nov 23, 2005
    • 0 Attachment
      Sorry Viktor, I had this one started before I saw you declare the thread
      dead, and it pertains to an earlier post which does have some possibly
      relevant information. I had a lot of this nitpicking work already
      written when I saw that, so I am hoping you won't kick me off the list
      for this.

      On Wednesday 2005-November-23 20:32, Jason wrote:
      > Case 1.
      > With jason@chinamail mapped to jason@... in generic in the
      > intranet postfix machine
      > email sent from the chinamail intranet postfix machine by
      > echo "hello1" | mail -s test1 jason@...
      >
      > Log of the intranet postfix machine (sending)
      >
      > Nov 24 10:11:31 chinamail postfix/pickup[28725]: 5F03D18436: uid=1028
      > from=<jason>
      > Nov 24 10:11:31 chinamail postfix/cleanup[29069]: 5F03D18436:
      > message-id=<20051124021131.5F03D18436@chinamail>

      Note the Message-ID @chinamail.

      > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436:
      > from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
      > Nov 24 10:11:31 chinamail postfix/smtp[29174]: 5F03D18436:
      > to=<jason@...>, relay=mail.newhonest.com[202.85.165.133

      Is something cut out here? I just tested with sendmail(1) and I got:

      Nov 24 04:08:40 please postfix/smtp[10726]: 730583941:
      to=<rob0@...>, relay=rob.example.org[my.IP.add.ress], delay=42,
      dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3C2E62FC27)

      You won't have the DSN without Postfix 2.3, but what about the status
      and the 250 reply from the relay?

      > Nov 24 10:11:31 chinamail postfix/cleanup[29069]: AB35518437:
      > message-id=<20051124021131.AB35518437@chinamail>

      And here's that Message-ID again? No, it has a different queue ID
      appended. The 20051124021131 part is the same. Ah, look, it is a GMT
      time string.

      > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: from=<>,
      > size=1975, nrcpt=1 (queue active)

      It's a bounce!

      > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436: removed

      But where did AB35518437 go? Find that message, and all its logs.

      > Log of the receiving sendmail machine (sorry that some of the
      > MailScanner logs may be irrelevant) :
      >
      > Nov 24 10:10:43 mail sendmail[15575]: jAO2Agsd015575:
      > from=<jason@...>, size=31, class=0, nrcpts=1,

      Envelope sender is different.

      > msgid=<200511240210.jAO2Agsd015575@...>, proto=ESMTP,

      Message-ID is different. Time stamp is 21 seconds before the Postfix
      one. System clocks not in synch?

      > daemon=MTA, relay=[59.36.73.215]

      Sendmail is relaying this to 59.36.73.215?

      > Nov 24 10:10:43 mail MailScanner[15576]: MailScanner E-Mail Virus
      > Scanner version 4.38.10 starting...
      > Nov 24 10:10:43 mail MailScanner[15576]: Read 2 hostnames from the
      > phishing whitelist
      > Nov 24 10:10:43 mail MailScanner[15576]: Enabling SpamAssassin
      > auto-whitelist functionality...
      > Nov 24 10:10:43 mail MailScanner[15562]: New Batch: Scanning 1
      > messages, 555 bytes
      > Nov 24 10:10:43 mail MailScanner[15576]: Using locktype = flock
      > Nov 24 10:10:45 mail MailScanner[15562]: Virus and Content Scanning:
      > Starting
      > Nov 24 10:10:46 mail MailScanner[15562]: Uninfected: Delivered 1
      > messages
      > Nov 24 10:10:46 mail sendmail[15594]: jAO2Agsd015575:
      > to=<jason@...>, ctladdr=<jason@...> (500/500),
      > delay=00:00:04, xdelay=00:00:00, mailer=local, pri=120031, dsn=2.0.0,
      > stat=Sent
      >
      > The received email :
      > Return-Path: <jason@...>
      > Received: from chinamail ([59.36.73.215])

      Aha! That IP is the place where sendmail relayed to ...

      > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
      > for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
      > Date: Thu, 24 Nov 2005 10:10:42 +0800

      Those timestamps are strange, even judged by the rest of this thread.
      Postfix accepted your mail at 10:11:31, and this being submitted via
      sendmail(1) means that the header timestamp would be that. This is not
      what you sent from chinamail.

      > From: jason@...
      > Message-Id: <200511240210.jAO2Agsd015575@...>
      > X-MailScanner-Information: Please contact the ISP for more
      > information
      > X-MailScanner: Found to be clean
      > X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
      > (score=3.225, required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS
      > 0.12, MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME
      > 0.01, RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
      > X-MailScanner-From: jason@...
      >
      > aaazzzaaazzzaaazzzaaazzzaaazzz

      No evidence that this came through Postfix, as we all know by now.

      > Case 2.
      > After deleted the entry of jason@chinamail being mapped to
      > jason@... in generic in the intranet postfix machine (then
      > postmap)
      > email sent from the chinamail intranet postfix machine by
      > echo "hello1" | mail -s test1 jason@...

      You have "echo hello1" and "-s test1" here. I think that is not copied
      from the command line, right?

      > Log of the intranet postfix machine
      >
      > Nov 24 10:11:31 chinamail postfix/local[29072]: AB35518437:
      > to=<jason@chinamail>, relay=local, delay=0, status=sent (deliver

      Aha, here's AB35518437, a local(8) delivery, with delivery status
      information removed.

      > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: removed
      > Nov 24 10:12:08 chinamail postfix/pickup[28725]: 72FDC18436: uid=1028
      > from=<jason>

      It took you 37 seconds to delete the generic(5) mapping and postmap(1)
      the file? That is fast. If that is true, I am jealous. :)

      > Nov 24 10:12:08 chinamail postfix/cleanup[29069]: 72FDC18436:
      > message-id=<20051124021208.72FDC18436@chinamail>
      > Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436:
      > from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
      > Nov 24 10:12:08 chinamail postfix/smtp[29174]: table
      > hash:/etc/postfix/generic(0,100) has changed -- restarting

      So it appears to be true. Good job.

      > Nov 24 10:12:08 chinamail postfix/smtp[29222]: 72FDC18436:
      > to=<jason@...>, relay=mail.newhonest.com[202.85.165.133
      > Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436: removed
      >
      >
      > Log of the receiving sendmail machine
      >
      > Nov 24 10:11:20 mail sendmail[15633]: jAO2BJfd015633:

      Same 37-second time differential.

      > from=<jason@chinamail>, size=267, class=0, nrcpts=1,
      > msgid=<20051124021208.72FDC18436@chinamail>, proto=ESMTP, daemon=MTA,

      That's the Postfix message-ID.

      > relay=[59.36.73.215]
      > Nov 24 10:11:20 mail MailScanner[15552]: New Batch: Scanning 1
      > messages, 668 bytes
      > Nov 24 10:11:21 mail MailScanner[15552]: Virus and Content Scanning:
      > Starting
      > Nov 24 10:11:21 mail MailScanner[15552]: Uninfected: Delivered 1
      > messages
      > Nov 24 10:11:21 mail sendmail[15646]: jAO2BJfd015633:
      > to=<jason@...>, delay=00:00:02, xdelay=00:00:00,
      > mailer=local, pri=120267, dsn=2.0.0, stat=Sent
      >
      > The received email :
      >
      > Return-Path: <jason@chinamail>
      > Received: from chinamail ([59.36.73.215])
      > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2BJfd015633
      > for <jason@...>; Thu, 24 Nov 2005 10:11:19 +0800
      > Received: by chinamail (Postfix, from userid 1028)
      > id 72FDC18436; Thu, 24 Nov 2005 10:12:08 +0800 (CST)

      And that is a Postfix Received header.

      > To: jason@...
      > Subject: tes2

      How would "-s test1" yield this Subject header?

      > Message-Id: <20051124021208.72FDC18436@chinamail>
      > Date: Thu, 24 Nov 2005 10:12:08 +0800 (CST)
      > From: jason@chinamail
      > X-MailScanner-Information: Please contact the ISP for more
      > information X-MailScanner: Found to be clean
      > X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.089,
      > required 5, BAYES_40 -1.10, NO_REAL_NAME 0.01)
      > X-MailScanner-From: jason@chinamail
      >
      > hello2

      But you echo'ed "hello1"?

      Anyway, I think part of the answer might lie with your Postfix queue ID
      AB35518437, but it really does appear that the funny stuff is happening
      at the sendmail relay, mail.newhonest.com[202.85.165.133].
      --
      mail to this address is discarded unless "/dev/rob0"
      or "not-spam" is in Subject: header
    • Show all 26 messages in this topic