On 08/09/2011 14:21, Bowie Bailey wrote: > On 9/8/2011 5:07 AM, Steve wrote: >> This is the thing that was so very, very odd. The message is identical >> - including the headers. If I look at the first and last spam email in >> a 9-message block, then <ctrl>u to get the source, and paste them into >> files... diff confirms that the messages are byte-by-byte identical. I >> don't think it's my server that's doing the duplicating... as some >> spams arrive only once... even though the bulk of the spam I receive >> is repeated 9 times. > That is odd. I don't know about your MTA, but mine assigns a unique id > number to each incoming email and writes it into the header. This would > make it impossible for duplicated messages to have identical headers > unless the duplication happens within the MTA or at some point thereafter. I'm using a (mostly vanilla) Postfix/Amvisd configuration... The messages are delivered to IMAP, and while they have different filenames within my imap folder, the textual content is identical for every pair of messages within a group (where I've checked this.) My received messages are not tagged with unique identifiers in the headers (though the message-id sent to me is retained...) My unique IDs associated with messages appear to be assigned by my IMAP server (Dovecot) - and distinct message numbers correspond to unique MailDir message files.
> If you look at your mail logs, do you actually see 9 messages being > received? I thought I did, but - now - I'm not so sure... because the log doesn't match the messages I find via IMAP. (Really!) I've attached a snippet from my syslog relating to a recent batch of 9 messages - with domains changed to mydom.org. As far as I can tell, multiple emails are sent together to my server at 15:04:34 - but funny things happen after that. It looks as if the messages were intended to be sent to nine separate email addresses at mydom.org - but, somehow, they all end-up addressed to the first addressee. All nine messages are sent to ste...@mydom.org - which, via a catch-all in virtual.db, gets delivered to st...@mydom.org. I'd have expected the To: address to be different in each - but it isn't. Is this a bug with Amvisd (possibly exposed my malformed messages)? Is there some other trick I'm missing - for example, some caveat about using spamassassin with postfix virtual aliases?
Sep 8 15:04:34 svr postfix/qmgr[2539]: 3052516C1A26: from=<adelama...@boimail.com>, size=1611, nrcpt=8 (queue active) Sep 8 15:04:36 svr postfix/smtpd[9776]: disconnect from unknown[208.30.118.112] Sep 8 15:04:42 svr postfix/smtpd[9791]: connect from localhost[127.0.0.1] Sep 8 15:04:42 svr postfix/smtpd[9791]: E24C916C02A6: client=localhost[127.0.0.1] Sep 8 15:04:42 svr postfix/cleanup[9782]: E24C916C02A6: message-id=<201109081759.8B7F082565A0D33F9A15@p00905q4tw> Sep 8 15:04:43 svr postfix/smtpd[9791]: disconnect from localhost[127.0.0.1] Sep 8 15:04:43 svr amavis[9242]: (09242-14) Passed SPAM, [208.30.118.112] [208.30.118.112] <adelama...@boimail.com> -> <st...@svr.mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>,<steve@svr. mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>,<st...@svr.mydom.org>, Message-ID: <201109081759.8B7F082565A0D33F9A15@p00905q4tw>, mail_id: 0eFkT73PzE2y, Hits: 25.936, size: 1608, queued_as: E24C916C02A6, 8169 ms Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<ste...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<subvers...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/qmgr[2539]: E24C916C02A6: from=<adelama...@boimail.com>, size=2534, nrcpt=8 (queue active) Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<4263e160.4090...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<426441f8.10...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/local[9801]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=0.55, delays=0.4/0/0/0.15, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<5010...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<1090...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<8080...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/local[9793]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=0.83, delays=0.4/0.23/0/0.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:43 svr postfix/smtp[9787]: 3052516C1A26: to=<st...@svr.mydom.org>, orig_to=<dun...@mydom.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=17/0/0/8.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E24C916C02A6) Sep 8 15:04:43 svr postfix/local[9801]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=1, delays=0.4/0.52/0/0.08, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:44 svr postfix/qmgr[2539]: 3052516C1A26: removed Sep 8 15:04:44 svr postfix/local[9793]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=1.3, delays=0.4/0.77/0/0.08, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:44 svr postfix/local[9801]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=1.4, delays=0.4/0.89/0/0.08, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:44 svr postfix/local[9793]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=1.5, delays=0.4/1/0/0.08, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:44 svr postfix/local[9801]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=1.6, delays=0.4/1.1/0/0.09, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:51 svr postfix/local[9794]: E24C916C02A6: to=<st...@svr.mydom.org>, relay=local, delay=8.5, delays=0.4/0/0/8.1, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Sep 8 15:04:51 svr postfix/qmgr[2539]: E24C916C02A6: removed
