Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Tracking down a mail forwarding loop
474 views
Skip to first unread message
LuKreme
Feb 4, 2015, 9:20:45 AM2/4/15
to
I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
The only place that “*bob*” is mentioned in virtual is in line like this:
bil...@covisp.net bob,fred,george
Where bob, fred, and george are all local users.
bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not forwarding mail anywhere.
Where else do I look?
postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results.
--
Behind every great man there's a woman with a vibrator -- Hawkeye Pierce
Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
The only place that “*bob*” is mentioned in virtual is in line like this:
bil...@covisp.net bob,fred,george
Where bob, fred, and george are all local users.
bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not forwarding mail anywhere.
Where else do I look?
postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results.
--
Behind every great man there's a woman with a vibrator -- Hawkeye Pierce
Wietse Venema
Feb 4, 2015, 9:38:55 AM2/4/15
to
LuKreme:
> bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not forwarding mail anywhere.
Wietse
> I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
>
> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>
> The only place that ?*bob*? is mentioned in virtual is in line like this:
>
> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>
> bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not forwarding mail anywhere.
>
> Where else do I look?
Other opportunities for forwarding, such as "postconf mailbox_command"?
> Where else do I look?
Wietse
LuKreme
Feb 4, 2015, 9:47:52 AM2/4/15
to
I do see that the modification date on the procmailrc is quite recent. Maybe he munged something and got it fixed. I’ll keep watching.
--
Growing up leads to growing old, and then to dying/And dying to me don't
sound like all that much fun.
Miles Fidelman
Feb 4, 2015, 11:20:25 AM2/4/15
to
LuKreme wrote:
> I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
>
> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>
> The only place that “*bob*” is mentioned in virtual is in line like this:
> I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
>
> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>
> bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not forwarding mail anywhere.
>
> Where else do I look?
>
I'd start with the headers in a message that's looped - that might help
> Where else do I look?
>
track things down.
Miles Fidelman
LuKreme
Feb 4, 2015, 10:35:11 PM2/4/15
to
Return-Path: <gri...@hybridbestlife.net>
Received: from hybridbestlife.net (unknown [170.130.246.6])
by mail.covisp.net (Postfix) with ESMTP id AEBE9212D4F
for <b...@covisp.net>; Wed, 4 Feb 2015 15:05:34 -0700 (MST)
Delivered-To: b...@covisp.net
Subject: (Spam? 08.0) Amazing Savings On Hybrid Cars
From: "Hybrid Cars" <gri...@hybridbestlife.net>
Content-Type: multipart/mixed; boundary="----------=_54D297B1.982CD94F"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <603___014.078.+47B788.924Z3f8e./././-gri...@hybridbestlife.net>
Date: Wed, 04 Feb 2015 14:49:55 -0700
References: <gri...@hybridbestlife.net>
In-Reply-To: <gri...@hybridbestlife.net>
To: b...@covisp.net
(that's without the SpamAssassin headers)
This email postdates the time stamp on the procmail file, so it wasn’t fixed. However, the message is not getting to procmail there’s nothing in the ptocmail log at the right time or with the right subject.
Feb 4 15:05:34 mail postfix/smtpd[73739]: AEBE9212D4F: client=unknown[170.130.246.6]
Feb 4 15:05:34 mail postfix/cleanup[73559]: AEBE9212D4F: message-id=<603___014.078.+47B788.924Z3f8e./././-gri...@hybridbestlife.net>
Feb 4 15:05:37 mail postfix/qmgr[52581]: AEBE9212D4F: from=<gri...@hybridbestlife.net>, size=43769, nrcpt=2 (queue active)
Feb 4 15:05:37 mail postfix/local[73514]: AEBE9212D4F: to=<b...@covisp.net>, relay=local, delay=3.3, delays=3.1/0.1/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for b...@covisp.net)
Feb 4 15:05:37 mail postfix/pipe[73515]: AEBE9212D4F: to=<backup@*otherdomain*.tld>, relay=dovecot, delay=3.5, delays=3.1/0/0/0.4, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 4 15:05:37 mail postfix/bounce[73745]: AEBE9212D4F: sender non-delivery notification: 9F062212D52
Feb 4 15:05:37 mail postfix/qmgr[52581]: AEBE9212D4F: removed
--
Words have meanings, but not here.
Wietse Venema
Feb 5, 2015, 7:07:44 AM2/5/15
to
LuKreme:
> Delivered-To: b...@covisp.net
Have you considered the possibility that the mail was sent with a
bogus Delivered-To: header (i.e. the header is present, but not
added by Postfix).
Wietse
>
> > On Feb 4, 2015, at 9:20 AM, Miles Fidelman <mfid...@meetinghouse.net> wrote:
> >
> > LuKreme wrote:
> >> I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
> >>
> >> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>...
> > On Feb 4, 2015, at 9:20 AM, Miles Fidelman <mfid...@meetinghouse.net> wrote:
> >
> > LuKreme wrote:
> >> I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq.
> >>
> >> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
> Delivered-To: b...@covisp.net
Have you considered the possibility that the mail was sent with a
bogus Delivered-To: header (i.e. the header is present, but not
added by Postfix).
Wietse
LuKreme
Feb 5, 2015, 5:33:50 PM2/5/15
to
On 05 Feb 2015, at 05:07 , Wietse Venema <wie...@porcupine.org> wrote:
> Have you considered the possibility that the mail was sent with a
> bogus Delivered-To: header (i.e. the header is present, but not
> added by Postfix).
Yes, but I’m unsure how to diagnose that.
> Have you considered the possibility that the mail was sent with a
> bogus Delivered-To: header (i.e. the header is present, but not
> added by Postfix).
Here is a full dump of one of these files (with only the user name munged)
<https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0>
--
"Thank you for sending me a copy of your book; I'll waste no time
reading it." - Moses Hadas
Wietse Venema
Feb 5, 2015, 5:53:30 PM2/5/15
to
LuKreme:
/^Delivered-To: bob@covisp\.net$/ hold
> Here is a full dump of one of these files (with only the user name munged)
>
> <https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0>
We already know that the message loops because the Delivered-To: header
is present.
Here are the first few headers of the message before delivery:
Return-Path: <ros...@approvednowauto.com>
Received: from approvednowauto.com (unknown [170.130.246.204])
by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03
for <b...@covisp.net>; Thu, 5 Feb 2015 14:58:19 -0700 (MST)
Delivered-To: b...@covisp.net
I suggest that you have a look at the other ones. If none of the
other Received: headers belongs to your systems, then they added
"Delivered-To: b...@covisp.net" before sending the message to your
systems.
Wietse
> On 05 Feb 2015, at 05:07 , Wietse Venema <wie...@porcupine.org> wrote:
> > Have you considered the possibility that the mail was sent with a
> > bogus Delivered-To: header (i.e. the header is present, but not
> > added by Postfix).
>
> Yes, but I'm unsure how to diagnose that.
header_checks:
> > Have you considered the possibility that the mail was sent with a
> > bogus Delivered-To: header (i.e. the header is present, but not
> > added by Postfix).
>
> Yes, but I'm unsure how to diagnose that.
/^Delivered-To: bob@covisp\.net$/ hold
> Here is a full dump of one of these files (with only the user name munged)
>
> <https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0>
is present.
Here are the first few headers of the message before delivery:
Return-Path: <ros...@approvednowauto.com>
Received: from approvednowauto.com (unknown [170.130.246.204])
by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03
for <b...@covisp.net>; Thu, 5 Feb 2015 14:58:19 -0700 (MST)
Delivered-To: b...@covisp.net
I suggest that you have a look at the other ones. If none of the
other Received: headers belongs to your systems, then they added
"Delivered-To: b...@covisp.net" before sending the message to your
systems.
Wietse
0 new messages