Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Duplicate mail deliveries.

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


neil.sproston at 2ergo

Oct 3, 2007, 6:26 AM

Post #1 of 6 (1982 views)
Permalink
Duplicate mail deliveries.
All

I have a Debian Etch system running exim which is acting as a full
Internet mail server. The server is also using MailScanner to provide
mail filtering for spam, viruses etc.

The problem is that mails are being occasionally delivered twice (ie.
there are two completed line for a specific mail ID each with slightly
different delivery times)

Any help or pointers would be greatly appreciated.

yours,
Neil S.

Version output of exim:

root [at] mail:/etc/exim4# exim -bV
Exim version 4.63 #1 built 20-Jan-2007 10:42:32
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated


--

Neil Sprotson
Network Engineer


2ergo Ltd
T +44 (0) 1706 221777
F +44 (0) 1706 221888
E neil.sprotson [at] 2ergo <mailto:neil.sprotson [at] 2ergo>
http://www.2ergo.com


Ranked 2nd in UK mobile industry's '50 to Watch in Mobile' for 2nd year
running: Real Business / O2, 2007
<http://www.2ergo.com/news_and_events/32,view/69>



This message (including attachments) is confidential and may be legally
privileged. The content and views expressed are those of the sender and
not necessarily the 2ergo Group. If you are not the intended recipient,
you must not disclose, copy or use any part of it. Please delete all
copies immediately and notify the sender. 2ergo Limited (a 2ergo Group
plc company) is registered in England, No.: 03816463. Registered Office:
St. Mary's Chambers, Haslingden Road, Rawtenstall, Lancashire, BB4 6QX.




--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


neil.sproston at 2ergo

Oct 3, 2007, 10:04 AM

Post #2 of 6 (1934 views)
Permalink
Re: Duplicate mail deliveries. [In reply to]
John Jetmore wrote:
>
> (please keep on list)
>
> On Wed, 3 Oct 2007, Neil Sproston wrote:
>
>> I don't think that is the cause in this case. Exim receives SMTP
>> connections and places them into the /var/spool/exim4_incoming
>> directory. Mailscanner then does its stuff and uses exim with the flag
>> "-DOUTGOING" to place it into the /var/spool/exim4 SPOOLDIR for onward
>> delivery to local users mailbox's or remote servers.
>>
>> This is done by this in exim's config file:
>>
>> .ifdef OUTGOING
>> SPOOLDIR=/var/spool/exim4
>> .else
>> SPOOLDIR=/var/spool/exim4_incoming
>> queue_only = true
>> queue_only_override = false
>> .endif
>>
>> And here is a sample pulled from mainlog where a mail is delivered twice
>> to a local user:
>>
>> 2007-10-03 02:00:34 1IcsbK-0004f1-Np <= misterx [at] tuppence
>> H=machinex.tuppence.com (application.tuppence.com)
>> [111.111.111.111]:8711 I=[101.101.101.101]:25 P=esmtp S=1554
>> id=14361554.1191373229689.automail.application [at] application
>> from <misterx [at] tuppence> for mistery [at] tuppence
>> 2007-10-03 02:01:28 1IcsbK-0004f1-Np => mistery <mistery [at] tuppence>
>> F=<misterx [at] tuppence> P=<misterx [at] tuppence> R=localuser
>> T=maildir_home S=1674 QT=54s DT=0s
>> 2007-10-03 02:01:28 1IcsbK-0004f1-Np Completed QT=54s
>> 2007-10-03 02:01:34 1IcsbK-0004f1-Np => mistery <mistery [at] tuppence>
>> F=<misterx [at] tuppence> P=<misterx [at] tuppence> R=localuser
>> T=maildir_home S=1780 QT=1m DT=0s
>> 2007-10-03 02:01:34 1IcsbK-0004f1-Np Completed QT=1m
>>
>> NOTE: Names have been changed to protect the innocent.
>
> I have zero explanation for the same message to be delivered with the
> same exim_message_id (1IcsbK-0004f1-Np) to be delivered to the initial
> address (mistery [at] tuppence) and then the same local user (mistery).
> with different message sizes (S=1674, S=1780) with nothing else being
> logged. I generally think people are too harsh in their responses
> about not obfuscating logs, but in this case it seems possible that
> you obfuscated into uselessness
>
> If you hadn't posted those logs my advice to you would have been to
> look at the headers of the two messages and see where they diverge,
> especially the Received headers. That may still be good advice.
>
> Please read http://wiki.exim.org/DontObfuscate and consider posting
> your logs again without obfuscation.
>
> All of the above still stands, but after rereading your email, it
> seems that the above situation could only be caused by MailScanner
> placing two copies of the mail into your outgoing queue. If
> MailScanner has logs I'd look there to see if it lists it twice.
>
> --John
>
>

First of all my sincerest apologies for misdirecting my reply to
yourself. A simple but stupid mistake on my part.

I would love not to have to obfuscate but unfortunately I am forced too
(or loose my job and maybe liberty) however I can appreciate how
frustrating it can be.

However thanks for your comments they have given me a lead. I had
already checked the MailScanner logs and they only show a single
delivery however that may be for another list.

Again thanks for all your time it is greatly appreciated.

yours,
Neil S.



--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


andrew.johnson at sappsys

Oct 4, 2007, 3:27 AM

Post #3 of 6 (1929 views)
Permalink
Re: Duplicate mail deliveries. [In reply to]
I didn't see it was useless, as the only chage was an IP address. I also
disagree with the wiki page. Some of the systems I deal with contain
protectively marked IP addresses which would be inappropriate to reproduced
here - does that mean I shouldn't ask for help with Exim because I can't
post my log lines in full ?

In any case.. It seems to me that Exim had either "forgotten" it had
delivered the message the first time, or 2 processes tried to deliver it.
Are your mail spools on any kind of file system that could have locking
issues ? Maybe the queue runner was unaware that the message was being dealt
with by another process.

-Andy-

-----Original Message-----
From: John Jetmore [mailto:jj33 [at] pobox]
Sent: 03 October 2007 17:32
To: Neil Sproston
Cc: exim-users [at] exim
Subject: Re: [exim] Duplicate mail deliveries.

I generally think people are too harsh in their responses about not
obfuscating logs, but in this case it seems possible that you obfuscated
into uselessness

If you hadn't posted those logs my advice to you would have been to look at
the headers of the two messages and see where they diverge, especially the
Received headers. That may still be good advice.

Please read http://wiki.exim.org/DontObfuscate and consider posting your
logs again without obfuscation.


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


renaud at llorien

Oct 4, 2007, 3:34 AM

Post #4 of 6 (1932 views)
Permalink
Re: Duplicate mail deliveries. [In reply to]
Andrew Johnson wrote:
> Some of the systems I deal with contain
> protectively marked IP addresses which would be inappropriate to reproduced
> here

Security through obscurity symptom.
Attachments: smime.p7s (3.21 KB)


andrew.johnson at sappsys

Oct 4, 2007, 4:13 AM

Post #5 of 6 (1931 views)
Permalink
Re: Duplicate mail deliveries. [In reply to]
That may well be, but it's a UK government requirement....
If it's protectively marked information, then it's protectively marked and
that means it cannot be divulged unless a) the person you are sending it to
has the right clearence, and b) the person you are sending it to has the
need to know that information.

-Andy-

-----Original Message-----
From: Renaud Allard [mailto:renaud [at] llorien]
Sent: 04 October 2007 11:35
To: andrew.johnson [at] sappsys
Cc: 'John Jetmore'; 'Neil Sproston'; exim-users [at] exim
Subject: Re: [exim] Duplicate mail deliveries.



Andrew Johnson wrote:
> Some of the systems I deal with contain protectively marked IP
> addresses which would be inappropriate to reproduced here

Security through obscurity symptom.


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


peter at bowyer

Oct 4, 2007, 4:31 AM

Post #6 of 6 (1925 views)
Permalink
Re: Duplicate mail deliveries. [In reply to]
On 04/10/2007, Andrew Johnson <andrew.johnson [at] sappsys> wrote:
> I didn't see it was useless, as the only chage was an IP address. I also
> disagree with the wiki page. Some of the systems I deal with contain
> protectively marked IP addresses which would be inappropriate to reproduced
> here - does that mean I shouldn't ask for help with Exim because I can't
> post my log lines in full ?

No, this issue needs treating with common sense. If you obfuscate
(either because you need to as you've pointed out, or because you feel
like it), then the quality of the support you get may suffer. Not
usually deliberately, but as a result of confusion and potential
obfuscation typos.

This doesn't mean you shouldn't post. But a note saying 'sorry about
the obfuscation, I've no choice' will help avoid an unnecessary
side-conversation.

Peter
(Moderator hat on)
($BIGCLIENT deals with UK govt secure email, so I know your problems)
(oops, shouldn't have said that - why is there a big bloke in a suit
approaching my desk.....)



--
Peter Bowyer
Email: peter [at] bowyer

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.