Loading ...
Sorry, an error occurred while loading the content.

Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails

Expand Messages
  • Victor Duchovni
    ... This is a new behaviour of the Postfix 2.2 release, to spread the word that Postfix now has a complete A-to-Z feature set. Some cynics argue instead that
    Message 1 of 26 , Nov 22, 2005
    View Source
    • 0 Attachment
      On Wed, Nov 23, 2005 at 11:52:40AM +0800, Jason wrote:

      > version : postfix-2.2.5-3.rhel4.rpm
      > OS : Centos 4.2
      >
      > After this setup, emails sent to otherusers@... will be having
      > "aaazzzaaazzzaaazzzaaazzzaaazzz" in the body.
      >
      > content of generic :
      >
      > sender_a sender_a@...
      > sender_b sender_b@...
      > etc
      >
      > I have seen some posts on forums claiming that this may be caused by virus,
      > but I don't think so. What's wrong with generic?
      >

      This is a new behaviour of the Postfix 2.2 release, to spread the word
      that Postfix now has a complete "A-to-Z" feature set.

      Some cynics argue instead that there may be issues with your hardware
      or the Centos compiler toolchain, userland or kernel, but they are
      clearly wrong as evidenced by this message, sent from my system which
      only has Postfix 2.2 in common with yours and yet still includes the
      offending text.

      --
      Viktor.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    • Wietse Venema
      ... show actual evidence.
      Message 2 of 26 , Nov 23, 2005
      View Source
      • 0 Attachment
        Jason:
        > After this setup, emails sent to otherusers@... will be having
        > "aaazzzaaazzzaaazzzaaazzzaaazzz" in the body.

        show actual evidence.
      • Jason
        Hi, ... From: Wietse Venema To: Jason Cc: Sent: Wednesday, November 23, 2005 8:19 PM
        Message 3 of 26 , Nov 23, 2005
        View Source
        • 0 Attachment
          Hi,

          ----- Original Message -----
          From: "Wietse Venema" <wietse@...>
          To: "Jason" <pg@...>
          Cc: <postfix-users@...>
          Sent: Wednesday, November 23, 2005 8:19 PM
          Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails


          > Jason:
          >> After this setup, emails sent to otherusers@... will be having
          >> "aaazzzaaazzzaaazzzaaazzzaaazzz" in the body.
          >
          > show actual evidence.
          >

          I don't know what evidence could help. But here is some of them :

          Case 1.
          With jason@chinamail mapped to jason@... in generic in the
          intranet postfix machine
          email sent from the chinamail intranet postfix machine by
          echo "hello1" | mail -s test1 jason@...

          Log of the intranet postfix machine (sending)

          Nov 24 10:11:31 chinamail postfix/pickup[28725]: 5F03D18436: uid=1028
          from=<jason>
          Nov 24 10:11:31 chinamail postfix/cleanup[29069]: 5F03D18436:
          message-id=<20051124021131.5F03D18436@chinamail>
          Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436:
          from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
          Nov 24 10:11:31 chinamail postfix/smtp[29174]: 5F03D18436:
          to=<jason@...>, relay=mail.newhonest.com[202.85.165.133
          Nov 24 10:11:31 chinamail postfix/cleanup[29069]: AB35518437:
          message-id=<20051124021131.AB35518437@chinamail>
          Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: from=<>,
          size=1975, nrcpt=1 (queue active)
          Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436: removed

          Log of the receiving sendmail machine (sorry that some of the MailScanner
          logs may be irrelevant) :

          Nov 24 10:10:43 mail sendmail[15575]: jAO2Agsd015575:
          from=<jason@...>, size=31, class=0, nrcpts=1,
          msgid=<200511240210.jAO2Agsd015575@...>, proto=ESMTP,
          daemon=MTA, relay=[59.36.73.215]
          Nov 24 10:10:43 mail MailScanner[15576]: MailScanner E-Mail Virus Scanner
          version 4.38.10 starting...
          Nov 24 10:10:43 mail MailScanner[15576]: Read 2 hostnames from the phishing
          whitelist
          Nov 24 10:10:43 mail MailScanner[15576]: Enabling SpamAssassin
          auto-whitelist functionality...
          Nov 24 10:10:43 mail MailScanner[15562]: New Batch: Scanning 1 messages, 555
          bytes
          Nov 24 10:10:43 mail MailScanner[15576]: Using locktype = flock
          Nov 24 10:10:45 mail MailScanner[15562]: Virus and Content Scanning:
          Starting
          Nov 24 10:10:46 mail MailScanner[15562]: Uninfected: Delivered 1 messages
          Nov 24 10:10:46 mail sendmail[15594]: jAO2Agsd015575:
          to=<jason@...>, ctladdr=<jason@...> (500/500),
          delay=00:00:04, xdelay=00:00:00, mailer=local, pri=120031, dsn=2.0.0,
          stat=Sent

          The received email :
          Return-Path: <jason@...>
          Received: from chinamail ([59.36.73.215])
          by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
          for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
          Date: Thu, 24 Nov 2005 10:10:42 +0800
          From: jason@...
          Message-Id: <200511240210.jAO2Agsd015575@...>
          X-MailScanner-Information: Please contact the ISP for more information
          X-MailScanner: Found to be clean
          X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=3.225,
          required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
          MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
          RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
          X-MailScanner-From: jason@...

          aaazzzaaazzzaaazzzaaazzzaaazzz



          Case 2.
          After deleted the entry of jason@chinamail being mapped to
          jason@... in generic in the intranet postfix machine (then
          postmap)
          email sent from the chinamail intranet postfix machine by
          echo "hello1" | mail -s test1 jason@...

          Log of the intranet postfix machine

          Nov 24 10:11:31 chinamail postfix/local[29072]: AB35518437:
          to=<jason@chinamail>, relay=local, delay=0, status=sent (deliver
          Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: removed
          Nov 24 10:12:08 chinamail postfix/pickup[28725]: 72FDC18436: uid=1028
          from=<jason>
          Nov 24 10:12:08 chinamail postfix/cleanup[29069]: 72FDC18436:
          message-id=<20051124021208.72FDC18436@chinamail>
          Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436:
          from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
          Nov 24 10:12:08 chinamail postfix/smtp[29174]: table
          hash:/etc/postfix/generic(0,100) has changed -- restarting
          Nov 24 10:12:08 chinamail postfix/smtp[29222]: 72FDC18436:
          to=<jason@...>, relay=mail.newhonest.com[202.85.165.133
          Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436: removed


          Log of the receiving sendmail machine

          Nov 24 10:11:20 mail sendmail[15633]: jAO2BJfd015633:
          from=<jason@chinamail>, size=267, class=0, nrcpts=1,
          msgid=<20051124021208.72FDC18436@chinamail>, proto=ESMTP, daemon=MTA,
          relay=[59.36.73.215]
          Nov 24 10:11:20 mail MailScanner[15552]: New Batch: Scanning 1 messages, 668
          bytes
          Nov 24 10:11:21 mail MailScanner[15552]: Virus and Content Scanning:
          Starting
          Nov 24 10:11:21 mail MailScanner[15552]: Uninfected: Delivered 1 messages
          Nov 24 10:11:21 mail sendmail[15646]: jAO2BJfd015633:
          to=<jason@...>, delay=00:00:02, xdelay=00:00:00, mailer=local,
          pri=120267, dsn=2.0.0, stat=Sent

          The received email :

          Return-Path: <jason@chinamail>
          Received: from chinamail ([59.36.73.215])
          by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2BJfd015633
          for <jason@...>; Thu, 24 Nov 2005 10:11:19 +0800
          Received: by chinamail (Postfix, from userid 1028)
          id 72FDC18436; Thu, 24 Nov 2005 10:12:08 +0800 (CST)
          To: jason@...
          Subject: tes2
          Message-Id: <20051124021208.72FDC18436@chinamail>
          Date: Thu, 24 Nov 2005 10:12:08 +0800 (CST)
          From: jason@chinamail
          X-MailScanner-Information: Please contact the ISP for more information
          X-MailScanner: Found to be clean
          X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.089, required 5,
          BAYES_40 -1.10, NO_REAL_NAME 0.01)
          X-MailScanner-From: jason@chinamail

          hello2
        • Wietse Venema
          ... THIS MAIL WAS NEVER TOUCHED BY POSTFIX!! Postfix can be recognized by its message headers. THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL. Wietse
          Message 4 of 26 , Nov 23, 2005
          View Source
          • 0 Attachment
            Jason:
            > The received email :
            > Return-Path: <jason@...>
            > Received: from chinamail ([59.36.73.215])
            > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
            > for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
            > Date: Thu, 24 Nov 2005 10:10:42 +0800
            > From: jason@...
            > Message-Id: <200511240210.jAO2Agsd015575@...>
            > X-MailScanner-Information: Please contact the ISP for more information
            > X-MailScanner: Found to be clean
            > X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=3.225,
            > required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
            > MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
            > RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
            > X-MailScanner-From: jason@...
            >
            > aaazzzaaazzzaaazzzaaazzzaaazzz

            THIS MAIL WAS NEVER TOUCHED BY POSTFIX!!

            Postfix can be recognized by its message headers.

            THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.

            Wietse
          • Jason
            ... From: Wietse Venema To: Postfix users Sent: Thursday, November 24, 2005 10:38 AM Subject: Re: I m
            Message 5 of 26 , Nov 23, 2005
            View Source
            • 0 Attachment
              ----- Original Message -----
              From: "Wietse Venema" <wietse@...>
              To: "Postfix users" <postfix-users@...>
              Sent: Thursday, November 24, 2005 10:38 AM
              Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails


              > Jason:
              >> The received email :
              >> Return-Path: <jason@...>
              >> Received: from chinamail ([59.36.73.215])
              >> by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
              >> for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
              >> Date: Thu, 24 Nov 2005 10:10:42 +0800
              >> From: jason@...
              >> Message-Id: <200511240210.jAO2Agsd015575@...>
              >> X-MailScanner-Information: Please contact the ISP for more information
              >> X-MailScanner: Found to be clean
              >> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
              >> (score=3.225,
              >> required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
              >> MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
              >> RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
              >> X-MailScanner-From: jason@...
              >>
              >> aaazzzaaazzzaaazzzaaazzzaaazzz
              >
              > THIS MAIL WAS NEVER TOUCHED BY POSTFIX!!
              >
              > Postfix can be recognized by its message headers.
              >
              > THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.
              >
              > Wietse
              >

              Oh, because this message is not sent from postfix. The new postfix server is
              an intranet server, but I want it to be able to send outside emails too.
              That's why I want to use generic. But the message you're receiving now is an
              old public server using sendmail.

              Shoud I send you an email using the postifx server? Which email should I
              sent? Would your server reject it because it is using a dynamic IP?

              Jason
            • Chris
              ... Oh for hells sakes... -- Best regards, Chris A bird in the hand is dead.
              Message 6 of 26 , Nov 23, 2005
              View Source
              • 0 Attachment
                Jason wrote:
                >
                > ----- Original Message ----- From: "Wietse Venema" <wietse@...>
                > To: "Postfix users" <postfix-users@...>
                > Sent: Thursday, November 24, 2005 10:38 AM
                > Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails
                >
                >
                >> Jason:
                >>
                >>> The received email :
                >>> Return-Path: <jason@...>
                >>> Received: from chinamail ([59.36.73.215])
                >>> by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
                >>> for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
                >>> Date: Thu, 24 Nov 2005 10:10:42 +0800
                >>> From: jason@...
                >>> Message-Id: <200511240210.jAO2Agsd015575@...>
                >>> X-MailScanner-Information: Please contact the ISP for more information
                >>> X-MailScanner: Found to be clean
                >>> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
                >>> (score=3.225,
                >>> required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
                >>> MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
                >>> RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
                >>> X-MailScanner-From: jason@...
                >>>
                >>> aaazzzaaazzzaaazzzaaazzzaaazzz
                >>
                >>
                >> THIS MAIL WAS NEVER TOUCHED BY POSTFIX!!
                >>
                >> Postfix can be recognized by its message headers.
                >>
                >> THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.
                >>
                >> Wietse
                >>
                >
                > Oh, because this message is not sent from postfix. The new postfix
                > server is an intranet server, but I want it to be able to send outside
                > emails too. That's why I want to use generic. But the message you're
                > receiving now is an old public server using sendmail.
                >
                > Shoud I send you an email using the postifx server? Which email should I
                > sent? Would your server reject it because it is using a dynamic IP?
                >
                > Jason
                >
                >

                Oh for hells sakes...

                --
                Best regards,
                Chris

                A bird in the hand is dead.
              • Jason
                ... From: Chris To: Jason Cc: Postfix users Sent: Thursday, November 24, 2005 10:49
                Message 7 of 26 , Nov 23, 2005
                View Source
                • 0 Attachment
                  ----- Original Message -----
                  From: "Chris" <racerx@...>
                  To: "Jason" <pg@...>
                  Cc: "Postfix users" <postfix-users@...>
                  Sent: Thursday, November 24, 2005 10:49 AM
                  Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails


                  > Jason wrote:
                  >>
                  >> ----- Original Message ----- From: "Wietse Venema" <wietse@...>
                  >> To: "Postfix users" <postfix-users@...>
                  >> Sent: Thursday, November 24, 2005 10:38 AM
                  >> Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails
                  >>
                  >>
                  >>> Jason:
                  >>>
                  >>>> The received email :
                  >>>> Return-Path: <jason@...>
                  >>>> Received: from chinamail ([59.36.73.215])
                  >>>> by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
                  >>>> for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
                  >>>> Date: Thu, 24 Nov 2005 10:10:42 +0800
                  >>>> From: jason@...
                  >>>> Message-Id: <200511240210.jAO2Agsd015575@...>
                  >>>> X-MailScanner-Information: Please contact the ISP for more information
                  >>>> X-MailScanner: Found to be clean
                  >>>> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
                  >>>> (score=3.225,
                  >>>> required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
                  >>>> MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
                  >>>> RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
                  >>>> X-MailScanner-From: jason@...
                  >>>>
                  >>>> aaazzzaaazzzaaazzzaaazzzaaazzz
                  >>>
                  >>>
                  >>> THIS MAIL WAS NEVER TOUCHED BY POSTFIX!!
                  >>>
                  >>> Postfix can be recognized by its message headers.
                  >>>
                  >>> THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.
                  >>>
                  >>> Wietse
                  >>>
                  >>
                  >> Oh, because this message is not sent from postfix. The new postfix
                  >> server is an intranet server, but I want it to be able to send outside
                  >> emails too. That's why I want to use generic. But the message you're
                  >> receiving now is an old public server using sendmail.
                  >>
                  >> Shoud I send you an email using the postifx server? Which email should I
                  >> sent? Would your server reject it because it is using a dynamic IP?
                  >>
                  >> Jason
                  >>
                  >>
                  >
                  > Oh for hells sakes...
                  >
                  > --
                  > Best regards,
                  > Chris
                  >
                  > A bird in the hand is dead.
                  >

                  All I want to do is to send email from the intranet server to our corperate
                  public server. Anything wrong?

                  Jason
                • Chris
                  ... What you want to do can t be anymore complex then using Exchange and having Postfix relay it. It s really not rocket science - if I can do it, anyone can.
                  Message 8 of 26 , Nov 23, 2005
                  View Source
                  • 0 Attachment
                    Jason wrote:
                    >
                    > ----- Original Message ----- From: "Chris" <racerx@...>
                    > To: "Jason" <pg@...>
                    > Cc: "Postfix users" <postfix-users@...>
                    > Sent: Thursday, November 24, 2005 10:49 AM
                    > Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails
                    >
                    >
                    >> Jason wrote:
                    >>
                    >>>
                    >>> ----- Original Message ----- From: "Wietse Venema"
                    >>> <wietse@...>
                    >>> To: "Postfix users" <postfix-users@...>
                    >>> Sent: Thursday, November 24, 2005 10:38 AM
                    >>> Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails
                    >>>
                    >>>
                    >>>> Jason:
                    >>>>
                    >>>>> The received email :
                    >>>>> Return-Path: <jason@...>
                    >>>>> Received: from chinamail ([59.36.73.215])
                    >>>>> by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
                    >>>>> for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
                    >>>>> Date: Thu, 24 Nov 2005 10:10:42 +0800
                    >>>>> From: jason@...
                    >>>>> Message-Id: <200511240210.jAO2Agsd015575@...>
                    >>>>> X-MailScanner-Information: Please contact the ISP for more information
                    >>>>> X-MailScanner: Found to be clean
                    >>>>> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
                    >>>>> (score=3.225,
                    >>>>> required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
                    >>>>> MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
                    >>>>> RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
                    >>>>> X-MailScanner-From: jason@...
                    >>>>>
                    >>>>> aaazzzaaazzzaaazzzaaazzzaaazzz
                    >>>>
                    >>>>
                    >>>>
                    >>>> THIS MAIL WAS NEVER TOUCHED BY POSTFIX!!
                    >>>>
                    >>>> Postfix can be recognized by its message headers.
                    >>>>
                    >>>> THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.
                    >>>>
                    >>>> Wietse
                    >>>>
                    >>>
                    >>> Oh, because this message is not sent from postfix. The new postfix
                    >>> server is an intranet server, but I want it to be able to send outside
                    >>> emails too. That's why I want to use generic. But the message you're
                    >>> receiving now is an old public server using sendmail.
                    >>>
                    >>> Shoud I send you an email using the postifx server? Which email should I
                    >>> sent? Would your server reject it because it is using a dynamic IP?
                    >>>
                    >>> Jason
                    >>>
                    >>>
                    >>
                    >> Oh for hells sakes...
                    >>
                    >> --
                    >> Best regards,
                    >> Chris
                    >>
                    >> A bird in the hand is dead.
                    >>
                    >
                    > All I want to do is to send email from the intranet server to our
                    > corperate public server. Anything wrong?
                    >
                    > Jason
                    >
                    >
                    >

                    What you want to do can't be anymore complex then using Exchange and
                    having Postfix relay it.

                    It's really not rocket science - if I can do it, anyone can.
                    Trust me - I'm fairly lame.

                    Advice ... (With sarcasm) Drop the Linux. Use some flavor of BSD for
                    Postfix. In my opinion, you'll be better off security wise, and sanity wise.



                    --
                    Best regards,
                    Chris

                    The other line moves faster.
                  • Jason
                    Hi, ... I don t have Exchange. ... Thank you for your advice. But is this aaazzz problem related to dynamic ip, or linux, or a bug? Jason
                    Message 9 of 26 , Nov 23, 2005
                    View Source
                    • 0 Attachment
                      Hi,

                      >> All I want to do is to send email from the intranet server to our
                      >> corperate public server. Anything wrong?
                      >>
                      >> Jason
                      >>
                      >>
                      >>
                      >
                      > What you want to do can't be anymore complex then using Exchange and
                      > having Postfix relay it.
                      >
                      I don't have Exchange.

                      > It's really not rocket science - if I can do it, anyone can.
                      > Trust me - I'm fairly lame.
                      >
                      > Advice ... (With sarcasm) Drop the Linux. Use some flavor of BSD for
                      > Postfix. In my opinion, you'll be better off security wise, and sanity
                      > wise.
                      >

                      Thank you for your advice.

                      But is this "aaazzz" problem related to dynamic ip, or linux, or a bug?

                      Jason

                      >
                      >
                      > --
                      > Best regards,
                      > Chris
                      >
                      > The other line moves faster.
                      >
                    • /dev/rob0
                      ... Of course not. ... Of course not. ... Apparently not in Postfix. I would guess in sendmail or mailscanner, more likely the latter. Why in particular did
                      Message 10 of 26 , Nov 23, 2005
                      View Source
                      • 0 Attachment
                        On Wednesday 2005-November-23 22:03, Jason wrote:
                        > But is this "aaazzz" problem related to dynamic ip,

                        Of course not.

                        > or linux,

                        Of course not.

                        > or a bug?

                        Apparently not in Postfix. I would guess in sendmail or mailscanner,
                        more likely the latter. Why in particular did you think it was Postfix
                        doing this?
                        --
                        mail to this address is discarded unless "/dev/rob0"
                        or "not-spam" is in Subject: header
                      • vg_us@hotmail.com
                        ... From: Jason To: Cc: Postfix users Sent: Wednesday, November 23, 2005 11:03 PM
                        Message 11 of 26 , Nov 23, 2005
                        View Source
                        • 0 Attachment
                          ----- Original Message -----
                          From: "Jason" <pg@...>
                          To: <RacerX@...>
                          Cc: "Postfix users" <postfix-users@...>
                          Sent: Wednesday, November 23, 2005 11:03 PM
                          Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails


                          > Hi,
                          >
                          > >> All I want to do is to send email from the intranet server to our
                          > >> corperate public server. Anything wrong?
                          > >>
                          > >> Jason
                          > >>
                          > >>
                          > >>
                          > >
                          > > What you want to do can't be anymore complex then using Exchange and
                          > > having Postfix relay it.
                          > >
                          > I don't have Exchange.
                          >
                          > > It's really not rocket science - if I can do it, anyone can.
                          > > Trust me - I'm fairly lame.
                          > >
                          > > Advice ... (With sarcasm) Drop the Linux. Use some flavor of BSD for
                          > > Postfix. In my opinion, you'll be better off security wise, and sanity
                          > > wise.
                          > >
                          >
                          > Thank you for your advice.
                          >
                          > But is this "aaazzz" problem related to dynamic ip, or linux, or a bug?
                          >
                          > Jason
                          >
                          > >
                          > >
                          > > --
                          > > Best regards,
                          > > Chris
                          > >
                          > > The other line moves faster.
                          > >
                          >
                          >

                          OK - go through MailScanner config, pay attention to every settings that
                          potentially writes or rewrites any headers (like "spam score").
                          Try taking MailScanner out of equation.
                          Finally, try posting on Mailscanner list!
                        • Victor Duchovni
                          ... Barring a miracle (the OP posting clear, relevant and sufficient evidence supporting his anecdotal claims), this thread is dead. Rehashing the same
                          Message 12 of 26 , Nov 23, 2005
                          View Source
                          • 0 Attachment
                            On Wed, Nov 23, 2005 at 10:16:31PM -0600, /dev/rob0 wrote:

                            > Apparently not in Postfix. I would guess in sendmail or mailscanner,
                            > more likely the latter. Why in particular did you think it was Postfix
                            > doing this?

                            Barring a miracle (the OP posting clear, relevant and sufficient evidence
                            supporting his anecdotal claims), this thread is dead. Rehashing the
                            same unanswered questions is a waste of time. No follow-ups please.

                            If the OP chooses to post clear, relevant and sufficient evidence that
                            includes logs, complete received message contents, portions of decoded
                            network packet captures at the sending Postfix system that demonstrate
                            damage at the Postfix hop rather than downstream, URL for full binary
                            packet capture (if tcpdump with -s 1500 to not lose packet contents),
                            and does so in a new thread, someone may yet bother to take a look
                            at such evidence.

                            The odds of this happening diminish with each message that further
                            muddies the waters without providing any useful information.

                            --
                            Viktor.

                            Disclaimer: off-list followups get on-list replies or get ignored.
                            Please do not ignore the "Reply-To" header.

                            To unsubscribe from the postfix-users list, visit
                            http://www.postfix.org/lists.html or click the link below:
                            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                            If my response solves your problem, the best way to thank me is to not
                            send an "it worked, thanks" follow-up. If you must respond, please put
                            "It worked, thanks" in the "Subject" so I can delete these quickly.
                          • Tom Diehl
                            ... How should we know? You have access to the server(s) we do not. ... Who knows!! At this point I think it is PEBKAC. You have not provided ANY useful
                            Message 13 of 26 , Nov 23, 2005
                            View Source
                            • 0 Attachment
                              On Thu, 24 Nov 2005, Jason wrote:

                              > Hi,
                              >
                              >>> All I want to do is to send email from the intranet server to our
                              >>> corporate public server. Anything wrong?

                              How should we know? You have access to the server(s) we do not.

                              > But is this "aaazzz" problem related to dynamic ip, or linux, or a bug?

                              Who knows!! At this point I think it is PEBKAC. You have not provided ANY
                              useful information. You were asked to show proof of your problem and you
                              showed logs for a message that was NEVER touched by postfix. Until you can
                              provide a coherent description of the problem and logs that support your
                              description NO ONE can help you. If you cannot even describe the problem
                              how do you expect anyone to be able to help you?

                              Regards,

                              Tom
                            • Jason
                              Hi, ... From: /dev/rob0 To: Sent: Thursday, November 24, 2005 12:16 PM Subject: Re: I m sending
                              Message 14 of 26 , Nov 23, 2005
                              View Source
                              • 0 Attachment
                                Hi,

                                ----- Original Message -----
                                From: "/dev/rob0" <rob0@...>
                                To: <postfix-users@...>
                                Sent: Thursday, November 24, 2005 12:16 PM
                                Subject: Re: I'm sending "aaazzzaaazzzaaazzzaaazzzaaazzz" emails


                                > On Wednesday 2005-November-23 22:03, Jason wrote:
                                >> But is this "aaazzz" problem related to dynamic ip,
                                >
                                > Of course not.
                                >
                                >> or linux,
                                >
                                > Of course not.
                                >
                                >> or a bug?
                                >
                                > Apparently not in Postfix. I would guess in sendmail or mailscanner,
                                > more likely the latter. Why in particular did you think it was Postfix
                                > doing this?

                                Because this would happen only when I have an entry of address mapping in
                                generic table of the postfix box :
                                eg user1@localhost user1@...
                                And although I have mailscanner installed in the sendmail box, in order to
                                verify it, I have disabled mailscanner, and the situation is exactly the
                                same.

                                > --
                                > mail to this address is discarded unless "/dev/rob0"
                                > or "not-spam" is in Subject: header
                                >
                              • Jason
                                Hi, ... I think I have already posted my log on both servers, and in both cases : with generic and without generic. Here is part of the message I post earlier
                                Message 15 of 26 , Nov 23, 2005
                                View Source
                                • 0 Attachment
                                  Hi,
                                  >
                                  > How should we know? You have access to the server(s) we do not.
                                  >
                                  >> But is this "aaazzz" problem related to dynamic ip, or linux, or a bug?
                                  >
                                  > Who knows!! At this point I think it is PEBKAC. You have not provided ANY
                                  > useful information. You were asked to show proof of your problem and you
                                  > showed logs for a message that was NEVER touched by postfix. Until you can
                                  > provide a coherent description of the problem and logs that support your
                                  > description NO ONE can help you. If you cannot even describe the problem
                                  > how do you expect anyone to be able to help you?
                                  >
                                  > Regards,
                                  >
                                  > Tom
                                  >
                                  I think I have already posted my log on both servers, and in both cases :
                                  with generic and without generic. Here is part of the message I post earlier
                                  today, which is the log of the sending (postfix) server's log, and the
                                  received email :

                                  With jason@chinamail mapped to jason@... in generic in the
                                  intranet postfix machine
                                  email sent from the chinamail intranet postfix machine by
                                  echo "hello1" | mail -s test1 jason@...

                                  Log of the intranet postfix machine (sending)

                                  Nov 24 10:11:31 chinamail postfix/pickup[28725]: 5F03D18436: uid=1028
                                  from=<jason>
                                  Nov 24 10:11:31 chinamail postfix/cleanup[29069]: 5F03D18436:
                                  message-id=<20051124021131.5F03D18436@chinamail>
                                  Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436:
                                  from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
                                  Nov 24 10:11:31 chinamail postfix/smtp[29174]: 5F03D18436:
                                  to=<jason@...>, relay=mail.newhonest.com[202.85.165.133
                                  Nov 24 10:11:31 chinamail postfix/cleanup[29069]: AB35518437:
                                  message-id=<20051124021131.AB35518437@chinamail>
                                  Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: from=<>,
                                  size=1975, nrcpt=1 (queue active)
                                  Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436: removed

                                  Log of the receiving sendmail machine (sorry that some of the MailScanner
                                  logs may be irrelevant) :

                                  Nov 24 10:10:43 mail sendmail[15575]: jAO2Agsd015575:
                                  from=<jason@...>, size=31, class=0, nrcpts=1,
                                  msgid=<200511240210.jAO2Agsd015575@...>, proto=ESMTP,
                                  daemon=MTA, relay=[59.36.73.215]
                                  Nov 24 10:10:43 mail MailScanner[15576]: MailScanner E-Mail Virus Scanner
                                  version 4.38.10 starting...
                                  Nov 24 10:10:43 mail MailScanner[15576]: Read 2 hostnames from the phishing
                                  whitelist
                                  Nov 24 10:10:43 mail MailScanner[15576]: Enabling SpamAssassin
                                  auto-whitelist functionality...
                                  Nov 24 10:10:43 mail MailScanner[15562]: New Batch: Scanning 1 messages, 555
                                  bytes
                                  Nov 24 10:10:43 mail MailScanner[15576]: Using locktype = flock
                                  Nov 24 10:10:45 mail MailScanner[15562]: Virus and Content Scanning:
                                  Starting
                                  Nov 24 10:10:46 mail MailScanner[15562]: Uninfected: Delivered 1 messages
                                  Nov 24 10:10:46 mail sendmail[15594]: jAO2Agsd015575:
                                  to=<jason@...>, ctladdr=<jason@...> (500/500),
                                  delay=00:00:04, xdelay=00:00:00, mailer=local, pri=120031, dsn=2.0.0,
                                  stat=Sent

                                  The received email :
                                  Return-Path: <jason@...>
                                  Received: from chinamail ([59.36.73.215])
                                  by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
                                  for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
                                  Date: Thu, 24 Nov 2005 10:10:42 +0800
                                  From: jason@...
                                  Message-Id: <200511240210.jAO2Agsd015575@...>
                                  X-MailScanner-Information: Please contact the ISP for more information
                                  X-MailScanner: Found to be clean
                                  X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=3.225,
                                  required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS 0.12,
                                  MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01,
                                  RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
                                  X-MailScanner-From: jason@...

                                  aaazzzaaazzzaaazzzaaazzzaaazzz
                                • Jason
                                  Hi, ... In additional to the log I posted, here is the tcpdum -s 1500, captured during sending thru postfix : 12:40:11.520061 IP chinamail.33904
                                  Message 16 of 26 , Nov 23, 2005
                                  View Source
                                  • 0 Attachment
                                    Hi,

                                    > Barring a miracle (the OP posting clear, relevant and sufficient evidence
                                    > supporting his anecdotal claims), this thread is dead. Rehashing the
                                    > same unanswered questions is a waste of time. No follow-ups please.
                                    >
                                    > If the OP chooses to post clear, relevant and sufficient evidence that
                                    > includes logs, complete received message contents, portions of decoded
                                    > network packet captures at the sending Postfix system that demonstrate
                                    > damage at the Postfix hop rather than downstream, URL for full binary
                                    > packet capture (if tcpdump with -s 1500 to not lose packet contents),
                                    > and does so in a new thread, someone may yet bother to take a look
                                    > at such evidence.
                                    >
                                    > The odds of this happening diminish with each message that further
                                    > muddies the waters without providing any useful information.
                                    >

                                    In additional to the log I posted, here is the tcpdum -s 1500, captured
                                    during sending thru postfix :

                                    12:40:11.520061 IP chinamail.33904 > gateway.domain: 64391+ MX?
                                    newhonest.com. (31)
                                    12:40:11.533877 IP gateway.domain > chinamail.33904: 64391 1/2/2 MX
                                    mail.newhonest.com. 0 (130)
                                    12:40:11.534051 IP chinamail.33904 > gateway.domain: 21121+ A?
                                    mail.newhonest.com. (36)
                                    12:40:11.534370 IP gateway.domain > chinamail.33904: 21121 1/0/0 A
                                    202.85.165.133 (52)
                                    12:40:11.534623 IP chinamail.33905 > gateway.domain: 6667+ PTR?
                                    133.165.85.202.in-addr.arpa. (45)
                                    12:40:11.534733 IP chinamail.33578 > 202.85.165.133.smtp: S
                                    3120539098:3120539098(0) win 5840 <mss 1460,sackOK,timestamp 344872502
                                    0,nop,wscale 2>
                                    12:40:11.559622 IP 202.85.165.133.smtp > chinamail.33578: S
                                    1694697943:1694697943(0) ack 3120539099 win 5792 <mss 1452,sackOK,timestamp
                                    2954886600
                                    12:40:11.559644 IP chinamail.33578 > 202.85.165.133.smtp: . ack 1 win 1460
                                    <nop,nop,timestamp 344872527 2954886600>
                                    12:40:11.596829 IP 202.85.165.133.smtp > chinamail.33578: P 1:89(88) ack 1
                                    win 1448 <nop,nop,timestamp 2954886630 344872527>
                                    12:40:11.596836 IP chinamail.33578 > 202.85.165.133.smtp: . ack 89 win 1460
                                    <nop,nop,timestamp 344872564 2954886630>
                                    12:40:11.596946 IP chinamail.33578 > 202.85.165.133.smtp: P 1:17(16) ack 89
                                    win 1460 <nop,nop,timestamp 344872564 2954886630>
                                    12:40:11.624391 IP 202.85.165.133.smtp > chinamail.33578: . ack 17 win 1448
                                    <nop,nop,timestamp 2954886664 344872564>
                                    12:40:11.626657 IP 202.85.165.133.smtp > chinamail.33578: P 89:310(221) ack
                                    17 win 1448 <nop,nop,timestamp 2954886665 344872564>
                                    12:40:11.627361 IP chinamail.33578 > 202.85.165.133.smtp: P 17:96(79) ack
                                    310 win 1728 <nop,nop,timestamp 344872595 2954886665>
                                    12:40:11.641159 IP 202.85.165.133.smtp > chinamail.33578: P 310:321(11) ack
                                    96 win 0
                                    12:40:11.642870 IP 202.85.165.133.smtp > chinamail.33578: P ack 96 win 46100
                                    12:40:11.681154 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                    <nop,nop,timestamp 344872649 2954886665>
                                    12:40:11.689690 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886734 344872595>
                                    12:40:11.689701 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                    <nop,nop,timestamp 344872657 2954886665>
                                    12:40:11.701773 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886745 344872595>
                                    12:40:11.701775 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                    <nop,nop,timestamp 344872669 2954886665>
                                    12:40:11.710155 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886753 344872595>
                                    12:40:11.710158 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                    <nop,nop,timestamp 344872678 2954886665>
                                    12:40:11.715362 IP 202.85.165.133.smtp > chinamail.33578: P 310:547(237) ack
                                    133 win 1448 <nop,nop,timestamp 2954886756 344872595>
                                    12:40:11.715371 IP chinamail.33578 > 202.85.165.133.smtp: . ack 547 win 1996
                                    <nop,nop,timestamp 344872683 2954886756,nop,nop,sack sack 1 {310:321}
                                    12:40:11.715465 IP chinamail.33578 > 202.85.165.133.smtp: P 96:105(9) ack
                                    547 win 1996 <nop,nop,timestamp 344872683 2954886756>
                                    12:40:11.715490 IP chinamail.33578 > 202.85.165.133.smtp: F 105:105(0) ack
                                    547 win 1996 <nop,nop,timestamp 344872683 2954886756>
                                    12:40:11.718713 IP gateway.domain > chinamail.33905: 6667 NXDomain 0/1/0
                                    (111)
                                    12:40:11.725935 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886766 344872595>
                                    12:40:11.730580 IP 202.85.165.133.smtp > chinamail.33578: P 547:558(11) ack
                                    105 win 0
                                    12:40:11.730636 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539203:3120539203(0) win 0
                                    12:40:11.731837 IP vp239045.static.uac1.hknet.com.1577 > chinamail.ssh: .
                                    ack 121 win 64687
                                    12:40:11.732533 IP 202.85.165.133.smtp > chinamail.33578: P 547:555(8) ack
                                    105 win 55466
                                    12:40:11.732540 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539203:3120539203(0) win 0
                                    12:40:11.733091 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886774 344872595>
                                    12:40:11.733095 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539231:3120539231(0) win 0
                                    12:40:11.740459 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886780 344872595>
                                    12:40:11.740463 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539231:3120539231(0) win 0
                                    12:40:11.743414 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886782 344872595,nop,nop,sack sack 1 {96:105} >
                                    12:40:11.743418 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539231:3120539231(0) win 0
                                    12:40:11.746345 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                    <nop,nop,timestamp 2954886784 344872595,nop,nop,sack sack 1 {105:106} >
                                    12:40:11.746349 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539231:3120539231(0) win 0
                                    12:40:11.747560 IP 202.85.165.133.smtp > chinamail.33578: . ack 142 win 1448
                                    <nop,nop,timestamp 2954886785 344872595,nop,nop,sack sack 1 {105:133} >
                                    12:40:11.747564 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539240:3120539240(0) win 0
                                    12:40:11.748828 IP 202.85.165.133.smtp > chinamail.33578: P 547:658(111) ack
                                    142 win 1448 <nop,nop,timestamp 2954886785 344886785 344872595>
                                    12:40:11.748832 IP chinamail.33578 > 202.85.165.133.smtp: R
                                    3120539240:3120539240(0) win 0
                                    12:40:11.856766 IP vp239045.static.uac1.hknet.com.1577 > chinamail.ssh: .
                                    ack 189 win 64619
                                    12:40:15.421876 arp who-has gateway tell adm1
                                    12:40:17.414956 IP 192.168.1.14.1028 > chinamail.netbios-ssn: P
                                    3361520384:3361520437(53) ack 2624186463 win 65054 NBT Packet
                                    12:40:17.415367 IP chinamail.netbios-ssn > 192.168.1.14.1028: P 1:54(53) ack
                                    53 win 32767 NBT Packet
                                    12:40:17.415480 IP chinamail.33905 > gateway.domain: 2703+ PTR?
                                    14.1.168.192.in-addr.arpa. (43)
                                    12:40:17.415986 IP gateway.domain > chinamail.33905: 2703 NXDomain 0/0/0
                                    (43)
                                    12:40:17.633676 IP 192.168.1.14.1028 > chinamail.netbios-ssn: . ack 54 win
                                    65001
                                    12:40:18.495144 (NOV-802.2) 00000001.00:50:ba:b8:54:8d.0455 >
                                    00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50
                                    12:40:19.093027 IP vp239045.static.uac1.hknet.com.1576 > chinamail.ssh: P
                                    1:53(52) ack 232 win 64959
                                  • Jason
                                    Hi, ... In additional to the log I posted, here is the tcpdum -s 1500, captured during sending thru postfix : 12:40:11.520061 IP chinamail.33904
                                    Message 17 of 26 , Nov 23, 2005
                                    View Source
                                    • 0 Attachment
                                      Hi,

                                      > Barring a miracle (the OP posting clear, relevant and sufficient evidence
                                      > supporting his anecdotal claims), this thread is dead. Rehashing the
                                      > same unanswered questions is a waste of time. No follow-ups please.
                                      >
                                      > If the OP chooses to post clear, relevant and sufficient evidence that
                                      > includes logs, complete received message contents, portions of decoded
                                      > network packet captures at the sending Postfix system that demonstrate
                                      > damage at the Postfix hop rather than downstream, URL for full binary
                                      > packet capture (if tcpdump with -s 1500 to not lose packet contents),
                                      > and does so in a new thread, someone may yet bother to take a look
                                      > at such evidence.
                                      >
                                      > The odds of this happening diminish with each message that further
                                      > muddies the waters without providing any useful information.
                                      >

                                      In additional to the log I posted, here is the tcpdum -s 1500, captured
                                      during sending thru postfix :

                                      12:40:11.520061 IP chinamail.33904 > gateway.domain: 64391+ MX?
                                      newhonest.com. (31)
                                      12:40:11.533877 IP gateway.domain > chinamail.33904: 64391 1/2/2 MX
                                      mail.newhonest.com. 0 (130)
                                      12:40:11.534051 IP chinamail.33904 > gateway.domain: 21121+ A?
                                      mail.newhonest.com. (36)
                                      12:40:11.534370 IP gateway.domain > chinamail.33904: 21121 1/0/0 A
                                      202.85.165.133 (52)
                                      12:40:11.534623 IP chinamail.33905 > gateway.domain: 6667+ PTR?
                                      133.165.85.202.in-addr.arpa. (45)
                                      12:40:11.534733 IP chinamail.33578 > 202.85.165.133.smtp: S
                                      3120539098:3120539098(0) win 5840 <mss 1460,sackOK,timestamp 344872502
                                      0,nop,wscale 2>
                                      12:40:11.559622 IP 202.85.165.133.smtp > chinamail.33578: S
                                      1694697943:1694697943(0) ack 3120539099 win 5792 <mss 1452,sackOK,timestamp
                                      2954886600
                                      12:40:11.559644 IP chinamail.33578 > 202.85.165.133.smtp: . ack 1 win 1460
                                      <nop,nop,timestamp 344872527 2954886600>
                                      12:40:11.596829 IP 202.85.165.133.smtp > chinamail.33578: P 1:89(88) ack 1
                                      win 1448 <nop,nop,timestamp 2954886630 344872527>
                                      12:40:11.596836 IP chinamail.33578 > 202.85.165.133.smtp: . ack 89 win 1460
                                      <nop,nop,timestamp 344872564 2954886630>
                                      12:40:11.596946 IP chinamail.33578 > 202.85.165.133.smtp: P 1:17(16) ack 89
                                      win 1460 <nop,nop,timestamp 344872564 2954886630>
                                      12:40:11.624391 IP 202.85.165.133.smtp > chinamail.33578: . ack 17 win 1448
                                      <nop,nop,timestamp 2954886664 344872564>
                                      12:40:11.626657 IP 202.85.165.133.smtp > chinamail.33578: P 89:310(221) ack
                                      17 win 1448 <nop,nop,timestamp 2954886665 344872564>
                                      12:40:11.627361 IP chinamail.33578 > 202.85.165.133.smtp: P 17:96(79) ack
                                      310 win 1728 <nop,nop,timestamp 344872595 2954886665>
                                      12:40:11.641159 IP 202.85.165.133.smtp > chinamail.33578: P 310:321(11) ack
                                      96 win 0
                                      12:40:11.642870 IP 202.85.165.133.smtp > chinamail.33578: P ack 96 win 46100
                                      12:40:11.681154 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                      <nop,nop,timestamp 344872649 2954886665>
                                      12:40:11.689690 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886734 344872595>
                                      12:40:11.689701 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                      <nop,nop,timestamp 344872657 2954886665>
                                      12:40:11.701773 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886745 344872595>
                                      12:40:11.701775 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                      <nop,nop,timestamp 344872669 2954886665>
                                      12:40:11.710155 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886753 344872595>
                                      12:40:11.710158 IP chinamail.33578 > 202.85.165.133.smtp: . ack 321 win 1728
                                      <nop,nop,timestamp 344872678 2954886665>
                                      12:40:11.715362 IP 202.85.165.133.smtp > chinamail.33578: P 310:547(237) ack
                                      133 win 1448 <nop,nop,timestamp 2954886756 344872595>
                                      12:40:11.715371 IP chinamail.33578 > 202.85.165.133.smtp: . ack 547 win 1996
                                      <nop,nop,timestamp 344872683 2954886756,nop,nop,sack sack 1 {310:321}
                                      12:40:11.715465 IP chinamail.33578 > 202.85.165.133.smtp: P 96:105(9) ack
                                      547 win 1996 <nop,nop,timestamp 344872683 2954886756>
                                      12:40:11.715490 IP chinamail.33578 > 202.85.165.133.smtp: F 105:105(0) ack
                                      547 win 1996 <nop,nop,timestamp 344872683 2954886756>
                                      12:40:11.718713 IP gateway.domain > chinamail.33905: 6667 NXDomain 0/1/0
                                      (111)
                                      12:40:11.725935 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886766 344872595>
                                      12:40:11.730580 IP 202.85.165.133.smtp > chinamail.33578: P 547:558(11) ack
                                      105 win 0
                                      12:40:11.730636 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539203:3120539203(0) win 0
                                      12:40:11.731837 IP vp239045.static.uac1.hknet.com.1577 > chinamail.ssh: .
                                      ack 121 win 64687
                                      12:40:11.732533 IP 202.85.165.133.smtp > chinamail.33578: P 547:555(8) ack
                                      105 win 55466
                                      12:40:11.732540 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539203:3120539203(0) win 0
                                      12:40:11.733091 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886774 344872595>
                                      12:40:11.733095 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539231:3120539231(0) win 0
                                      12:40:11.740459 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886780 344872595>
                                      12:40:11.740463 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539231:3120539231(0) win 0
                                      12:40:11.743414 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886782 344872595,nop,nop,sack sack 1 {96:105} >
                                      12:40:11.743418 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539231:3120539231(0) win 0
                                      12:40:11.746345 IP 202.85.165.133.smtp > chinamail.33578: . ack 133 win 1448
                                      <nop,nop,timestamp 2954886784 344872595,nop,nop,sack sack 1 {105:106} >
                                      12:40:11.746349 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539231:3120539231(0) win 0
                                      12:40:11.747560 IP 202.85.165.133.smtp > chinamail.33578: . ack 142 win 1448
                                      <nop,nop,timestamp 2954886785 344872595,nop,nop,sack sack 1 {105:133} >
                                      12:40:11.747564 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539240:3120539240(0) win 0
                                      12:40:11.748828 IP 202.85.165.133.smtp > chinamail.33578: P 547:658(111) ack
                                      142 win 1448 <nop,nop,timestamp 2954886785 344886785 344872595>
                                      12:40:11.748832 IP chinamail.33578 > 202.85.165.133.smtp: R
                                      3120539240:3120539240(0) win 0
                                      12:40:11.856766 IP vp239045.static.uac1.hknet.com.1577 > chinamail.ssh: .
                                      ack 189 win 64619
                                      12:40:15.421876 arp who-has gateway tell adm1
                                      12:40:17.414956 IP 192.168.1.14.1028 > chinamail.netbios-ssn: P
                                      3361520384:3361520437(53) ack 2624186463 win 65054 NBT Packet
                                      12:40:17.415367 IP chinamail.netbios-ssn > 192.168.1.14.1028: P 1:54(53) ack
                                      53 win 32767 NBT Packet
                                      12:40:17.415480 IP chinamail.33905 > gateway.domain: 2703+ PTR?
                                      14.1.168.192.in-addr.arpa. (43)
                                      12:40:17.415986 IP gateway.domain > chinamail.33905: 2703 NXDomain 0/0/0
                                      (43)
                                      12:40:17.633676 IP 192.168.1.14.1028 > chinamail.netbios-ssn: . ack 54 win
                                      65001
                                      12:40:18.495144 (NOV-802.2) 00000001.00:50:ba:b8:54:8d.0455 >
                                      00000000.ff:ff:ff:ff:ff:ff.0455: ipx-netbios 50
                                      12:40:19.093027 IP vp239045.static.uac1.hknet.com.1576 > chinamail.ssh: P
                                      1:53(52) ack 232 win 64959
                                    • Jorey Bump
                                      ... [...] ... [...] ... [...] ... Ah, the problem is now clear: It appears that the sendmail machine receives the message 48 seconds before it is sent. Since
                                      Message 18 of 26 , Nov 23, 2005
                                      View Source
                                      • 0 Attachment
                                        Jason wrote:

                                        > Log of the intranet postfix machine (sending)
                                        >
                                        > Nov 24 10:11:31 chinamail postfix/pickup[28725]: 5F03D18436: uid=1028
                                        > from=<jason>
                                        [...]
                                        > Log of the receiving sendmail machine (sorry that some of the MailScanner
                                        > logs may be irrelevant) :
                                        >
                                        > Nov 24 10:10:43 mail sendmail[15575]: jAO2Agsd015575:
                                        > from=<jason@...>, size=31, class=0, nrcpts=1,
                                        > msgid=<200511240210.jAO2Agsd015575@...>, proto=ESMTP,
                                        > daemon=MTA, relay=[59.36.73.215]
                                        [...]
                                        > The received email :
                                        [...]
                                        > aaazzzaaazzzaaazzzaaazzzaaazzz

                                        Ah, the problem is now clear: It appears that the sendmail machine
                                        receives the message 48 seconds before it is sent. Since it has time on
                                        its hands, it decides to take a nap, hence the snoring...
                                      • /dev/rob0
                                        Sorry Viktor, I had this one started before I saw you declare the thread dead, and it pertains to an earlier post which does have some possibly relevant
                                        Message 19 of 26 , Nov 23, 2005
                                        View Source
                                        • 0 Attachment
                                          Sorry Viktor, I had this one started before I saw you declare the thread
                                          dead, and it pertains to an earlier post which does have some possibly
                                          relevant information. I had a lot of this nitpicking work already
                                          written when I saw that, so I am hoping you won't kick me off the list
                                          for this.

                                          On Wednesday 2005-November-23 20:32, Jason wrote:
                                          > Case 1.
                                          > With jason@chinamail mapped to jason@... in generic in the
                                          > intranet postfix machine
                                          > email sent from the chinamail intranet postfix machine by
                                          > echo "hello1" | mail -s test1 jason@...
                                          >
                                          > Log of the intranet postfix machine (sending)
                                          >
                                          > Nov 24 10:11:31 chinamail postfix/pickup[28725]: 5F03D18436: uid=1028
                                          > from=<jason>
                                          > Nov 24 10:11:31 chinamail postfix/cleanup[29069]: 5F03D18436:
                                          > message-id=<20051124021131.5F03D18436@chinamail>

                                          Note the Message-ID @chinamail.

                                          > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436:
                                          > from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
                                          > Nov 24 10:11:31 chinamail postfix/smtp[29174]: 5F03D18436:
                                          > to=<jason@...>, relay=mail.newhonest.com[202.85.165.133

                                          Is something cut out here? I just tested with sendmail(1) and I got:

                                          Nov 24 04:08:40 please postfix/smtp[10726]: 730583941:
                                          to=<rob0@...>, relay=rob.example.org[my.IP.add.ress], delay=42,
                                          dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3C2E62FC27)

                                          You won't have the DSN without Postfix 2.3, but what about the status
                                          and the 250 reply from the relay?

                                          > Nov 24 10:11:31 chinamail postfix/cleanup[29069]: AB35518437:
                                          > message-id=<20051124021131.AB35518437@chinamail>

                                          And here's that Message-ID again? No, it has a different queue ID
                                          appended. The 20051124021131 part is the same. Ah, look, it is a GMT
                                          time string.

                                          > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: from=<>,
                                          > size=1975, nrcpt=1 (queue active)

                                          It's a bounce!

                                          > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: 5F03D18436: removed

                                          But where did AB35518437 go? Find that message, and all its logs.

                                          > Log of the receiving sendmail machine (sorry that some of the
                                          > MailScanner logs may be irrelevant) :
                                          >
                                          > Nov 24 10:10:43 mail sendmail[15575]: jAO2Agsd015575:
                                          > from=<jason@...>, size=31, class=0, nrcpts=1,

                                          Envelope sender is different.

                                          > msgid=<200511240210.jAO2Agsd015575@...>, proto=ESMTP,

                                          Message-ID is different. Time stamp is 21 seconds before the Postfix
                                          one. System clocks not in synch?

                                          > daemon=MTA, relay=[59.36.73.215]

                                          Sendmail is relaying this to 59.36.73.215?

                                          > Nov 24 10:10:43 mail MailScanner[15576]: MailScanner E-Mail Virus
                                          > Scanner version 4.38.10 starting...
                                          > Nov 24 10:10:43 mail MailScanner[15576]: Read 2 hostnames from the
                                          > phishing whitelist
                                          > Nov 24 10:10:43 mail MailScanner[15576]: Enabling SpamAssassin
                                          > auto-whitelist functionality...
                                          > Nov 24 10:10:43 mail MailScanner[15562]: New Batch: Scanning 1
                                          > messages, 555 bytes
                                          > Nov 24 10:10:43 mail MailScanner[15576]: Using locktype = flock
                                          > Nov 24 10:10:45 mail MailScanner[15562]: Virus and Content Scanning:
                                          > Starting
                                          > Nov 24 10:10:46 mail MailScanner[15562]: Uninfected: Delivered 1
                                          > messages
                                          > Nov 24 10:10:46 mail sendmail[15594]: jAO2Agsd015575:
                                          > to=<jason@...>, ctladdr=<jason@...> (500/500),
                                          > delay=00:00:04, xdelay=00:00:00, mailer=local, pri=120031, dsn=2.0.0,
                                          > stat=Sent
                                          >
                                          > The received email :
                                          > Return-Path: <jason@...>
                                          > Received: from chinamail ([59.36.73.215])

                                          Aha! That IP is the place where sendmail relayed to ...

                                          > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2Agsd015575
                                          > for <jason@...>; Thu, 24 Nov 2005 10:10:42 +0800
                                          > Date: Thu, 24 Nov 2005 10:10:42 +0800

                                          Those timestamps are strange, even judged by the rest of this thread.
                                          Postfix accepted your mail at 10:11:31, and this being submitted via
                                          sendmail(1) means that the header timestamp would be that. This is not
                                          what you sent from chinamail.

                                          > From: jason@...
                                          > Message-Id: <200511240210.jAO2Agsd015575@...>
                                          > X-MailScanner-Information: Please contact the ISP for more
                                          > information
                                          > X-MailScanner: Found to be clean
                                          > X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
                                          > (score=3.225, required 5, AWL -1.30, BAYES_40 -1.10, MISSING_HEADERS
                                          > 0.12, MISSING_SUBJECT 1.23, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME
                                          > 0.01, RCVD_IN_SORBS_DUL 1.99, TRACKER_ID 0.56)
                                          > X-MailScanner-From: jason@...
                                          >
                                          > aaazzzaaazzzaaazzzaaazzzaaazzz

                                          No evidence that this came through Postfix, as we all know by now.

                                          > Case 2.
                                          > After deleted the entry of jason@chinamail being mapped to
                                          > jason@... in generic in the intranet postfix machine (then
                                          > postmap)
                                          > email sent from the chinamail intranet postfix machine by
                                          > echo "hello1" | mail -s test1 jason@...

                                          You have "echo hello1" and "-s test1" here. I think that is not copied
                                          from the command line, right?

                                          > Log of the intranet postfix machine
                                          >
                                          > Nov 24 10:11:31 chinamail postfix/local[29072]: AB35518437:
                                          > to=<jason@chinamail>, relay=local, delay=0, status=sent (deliver

                                          Aha, here's AB35518437, a local(8) delivery, with delivery status
                                          information removed.

                                          > Nov 24 10:11:31 chinamail postfix/qmgr[28726]: AB35518437: removed
                                          > Nov 24 10:12:08 chinamail postfix/pickup[28725]: 72FDC18436: uid=1028
                                          > from=<jason>

                                          It took you 37 seconds to delete the generic(5) mapping and postmap(1)
                                          the file? That is fast. If that is true, I am jealous. :)

                                          > Nov 24 10:12:08 chinamail postfix/cleanup[29069]: 72FDC18436:
                                          > message-id=<20051124021208.72FDC18436@chinamail>
                                          > Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436:
                                          > from=<jason@chinamail>, size=276, nrcpt=1 (queue active)
                                          > Nov 24 10:12:08 chinamail postfix/smtp[29174]: table
                                          > hash:/etc/postfix/generic(0,100) has changed -- restarting

                                          So it appears to be true. Good job.

                                          > Nov 24 10:12:08 chinamail postfix/smtp[29222]: 72FDC18436:
                                          > to=<jason@...>, relay=mail.newhonest.com[202.85.165.133
                                          > Nov 24 10:12:08 chinamail postfix/qmgr[28726]: 72FDC18436: removed
                                          >
                                          >
                                          > Log of the receiving sendmail machine
                                          >
                                          > Nov 24 10:11:20 mail sendmail[15633]: jAO2BJfd015633:

                                          Same 37-second time differential.

                                          > from=<jason@chinamail>, size=267, class=0, nrcpts=1,
                                          > msgid=<20051124021208.72FDC18436@chinamail>, proto=ESMTP, daemon=MTA,

                                          That's the Postfix message-ID.

                                          > relay=[59.36.73.215]
                                          > Nov 24 10:11:20 mail MailScanner[15552]: New Batch: Scanning 1
                                          > messages, 668 bytes
                                          > Nov 24 10:11:21 mail MailScanner[15552]: Virus and Content Scanning:
                                          > Starting
                                          > Nov 24 10:11:21 mail MailScanner[15552]: Uninfected: Delivered 1
                                          > messages
                                          > Nov 24 10:11:21 mail sendmail[15646]: jAO2BJfd015633:
                                          > to=<jason@...>, delay=00:00:02, xdelay=00:00:00,
                                          > mailer=local, pri=120267, dsn=2.0.0, stat=Sent
                                          >
                                          > The received email :
                                          >
                                          > Return-Path: <jason@chinamail>
                                          > Received: from chinamail ([59.36.73.215])
                                          > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id jAO2BJfd015633
                                          > for <jason@...>; Thu, 24 Nov 2005 10:11:19 +0800
                                          > Received: by chinamail (Postfix, from userid 1028)
                                          > id 72FDC18436; Thu, 24 Nov 2005 10:12:08 +0800 (CST)

                                          And that is a Postfix Received header.

                                          > To: jason@...
                                          > Subject: tes2

                                          How would "-s test1" yield this Subject header?

                                          > Message-Id: <20051124021208.72FDC18436@chinamail>
                                          > Date: Thu, 24 Nov 2005 10:12:08 +0800 (CST)
                                          > From: jason@chinamail
                                          > X-MailScanner-Information: Please contact the ISP for more
                                          > information X-MailScanner: Found to be clean
                                          > X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.089,
                                          > required 5, BAYES_40 -1.10, NO_REAL_NAME 0.01)
                                          > X-MailScanner-From: jason@chinamail
                                          >
                                          > hello2

                                          But you echo'ed "hello1"?

                                          Anyway, I think part of the answer might lie with your Postfix queue ID
                                          AB35518437, but it really does appear that the funny stuff is happening
                                          at the sendmail relay, mail.newhonest.com[202.85.165.133].
                                          --
                                          mail to this address is discarded unless "/dev/rob0"
                                          or "not-spam" is in Subject: header
                                        • Tom Allison
                                          ... I always thought this was a rather brutally arrogant mailing list. Good stuff and good people abound, but not everyone here is a level 4 smtp-mage.
                                          Message 20 of 26 , Nov 29, 2005
                                          View Source
                                          • 0 Attachment
                                            Victor Duchovni wrote:
                                            > On Wed, Nov 23, 2005 at 10:16:31PM -0600, /dev/rob0 wrote:
                                            >
                                            >
                                            >>Apparently not in Postfix. I would guess in sendmail or mailscanner,
                                            >>more likely the latter. Why in particular did you think it was Postfix
                                            >>doing this?
                                            >
                                            >
                                            > Barring a miracle (the OP posting clear, relevant and sufficient evidence
                                            > supporting his anecdotal claims), this thread is dead. Rehashing the
                                            > same unanswered questions is a waste of time. No follow-ups please.
                                            >

                                            I always thought this was a rather brutally arrogant mailing list.
                                            Good stuff and good people abound, but not everyone here is a level 4
                                            smtp-mage.
                                          • Tom Allison
                                            ... You re problem comes up without postfix touching the email. So how can postfix have anything to do with it? (hint: it can t) You ll have to find and fix
                                            Message 21 of 26 , Nov 29, 2005
                                            View Source
                                            • 0 Attachment
                                              >> THERE ARE NO POSTFIX MESSAGE HEADERS IN THE ABOVE EMAIL.
                                              >>
                                              >> Wietse
                                              >>
                                              >
                                              > Oh, because this message is not sent from postfix. The new postfix
                                              > server is an intranet server, but I want it to be able to send outside
                                              > emails too. That's why I want to use generic. But the message you're
                                              > receiving now is an old public server using sendmail.
                                              >
                                              > Shoud I send you an email using the postifx server? Which email should I
                                              > sent? Would your server reject it because it is using a dynamic IP?
                                              >
                                              > Jason

                                              You're problem comes up without postfix touching the email.
                                              So how can postfix have anything to do with it?
                                              (hint: it can't)

                                              You'll have to find and fix whatever it is that is dumping this string
                                              into your messages, but your own logs and messages tell the story.
                                              Postfix has nothing to do with this one.
                                            • Victor Duchovni
                                              ... - I actually found the user s problem, while others fumbled about in the dark. - Doing so required the right evidence, and getting everyone to stop wasting
                                              Message 22 of 26 , Nov 29, 2005
                                              View Source
                                              • 0 Attachment
                                                On Tue, Nov 29, 2005 at 06:14:03AM -0500, Tom Allison wrote:

                                                > Victor Duchovni wrote:
                                                > >Barring a miracle (the OP posting clear, relevant and sufficient evidence
                                                > >supporting his anecdotal claims), this thread is dead. Rehashing the
                                                > >same unanswered questions is a waste of time. No follow-ups please.
                                                > >
                                                >
                                                > I always thought this was a rather brutally arrogant mailing list.
                                                > Good stuff and good people abound, but not everyone here is a level 4
                                                > smtp-mage.
                                                >

                                                - I actually found the user's problem, while others fumbled about
                                                in the dark.

                                                - Doing so required the right evidence, and getting everyone to
                                                stop wasting the OP's time and our collective bandwidth with
                                                wild speculation about the origin of the problem.

                                                - Once the right evidence was presented (a network trace with
                                                the decoded payload), the problem was evident.

                                                Given limited time resources, I can be very polite or very helpful.
                                                I think on the whole it is appropriate that I choose the latter.

                                                --
                                                Viktor.

                                                Disclaimer: off-list followups get on-list replies or get ignored.
                                                Please do not ignore the "Reply-To" header.

                                                To unsubscribe from the postfix-users list, visit
                                                http://www.postfix.org/lists.html or click the link below:
                                                <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                                                If my response solves your problem, the best way to thank me is to not
                                                send an "it worked, thanks" follow-up. If you must respond, please put
                                                "It worked, thanks" in the "Subject" so I can delete these quickly.
                                              • Wietse Venema
                                                ... It s nice and right if one can be nice and right at the same time :-) Wietse
                                                Message 23 of 26 , Nov 29, 2005
                                                View Source
                                                • 0 Attachment
                                                  Victor Duchovni:
                                                  > On Tue, Nov 29, 2005 at 06:14:03AM -0500, Tom Allison wrote:
                                                  >
                                                  > > Victor Duchovni wrote:
                                                  > > >Barring a miracle (the OP posting clear, relevant and sufficient evidence
                                                  > > >supporting his anecdotal claims), this thread is dead. Rehashing the
                                                  > > >same unanswered questions is a waste of time. No follow-ups please.
                                                  > > >
                                                  > >
                                                  > > I always thought this was a rather brutally arrogant mailing list.
                                                  > > Good stuff and good people abound, but not everyone here is a level 4
                                                  > > smtp-mage.
                                                  > >
                                                  >
                                                  > - I actually found the user's problem, while others fumbled about
                                                  > in the dark.
                                                  >
                                                  > - Doing so required the right evidence, and getting everyone to
                                                  > stop wasting the OP's time and our collective bandwidth with
                                                  > wild speculation about the origin of the problem.
                                                  >
                                                  > - Once the right evidence was presented (a network trace with
                                                  > the decoded payload), the problem was evident.
                                                  >
                                                  > Given limited time resources, I can be very polite or very helpful.
                                                  > I think on the whole it is appropriate that I choose the latter.

                                                  It's nice and right if one can be nice and right at the same time :-)

                                                  Wietse
                                                Your message has been successfully submitted and would be delivered to recipients shortly.