Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Duplicated incoming g-mail

1 view
Skip to first unread message

Giles Malet

unread,
May 12, 2005, 3:05:30 PM5/12/05
to
I've heard of three reports of this happening now, so thought I'd post
a bit of information, gleaned by looking at the headers from three
instances of a duplicated msg.

For example, relevant headers from two of those msgs:

> Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194])
> by demeter.uwaterloo.ca (8.13.1/8.13.1) with ESMTP id j420OAgh022977
> for <xy...@uwaterloo.ca>; Sun, 1 May 2005 20:24:12 -0400
> Received: by wproxy.gmail.com with SMTP id 36so1625405wra
> for <xyz...@uwaterloo.ca>; Sun, 01 May 2005 17:24:56 -0700 (PDT)
> Received: by 10.54.27.65 with SMTP id a65mr283310wra;
> Sun, 01 May 2005 15:38:15 -0700 (PDT)
> Received: by 10.54.104.12 with HTTP; Sun, 1 May 2005 15:38:15 -0700 (PDT)
> Message-ID: <a84edcf705050...@mail.gmail.com>


> Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205])
> by demeter.uwaterloo.ca (8.13.1/8.13.1) with ESMTP id j421OA4l013915
> for <xy...@uwaterloo.ca>; Sun, 1 May 2005 21:24:13 -0400
> Received: by wproxy.gmail.com with SMTP id 36so1635170wra
> for <xy...@uwaterloo.ca>; Sun, 01 May 2005 18:24:56 -0700 (PDT)
> Received: by 10.54.27.65 with SMTP id a65mr283310wra;
> Sun, 01 May 2005 15:38:15 -0700 (PDT)
> Received: by 10.54.104.12 with HTTP; Sun, 1 May 2005 15:38:15 -0700 (PDT)
> Message-ID: <a84edcf705050...@mail.gmail.com>


These are from the same msg, as evidenced by the Message-ID, yet if
you start at the bottom and work up (the order the headers are added)
you can see they first differ on the wproxy.gmail.com line, thusly:

SMTP id 36so1625405wra [...]; Sun, 01 May 2005 17:24:56 -0700 (PDT)
SMTP id 36so1635170wra [...]; Sun, 01 May 2005 18:24:56 -0700 (PDT)

Those times are exactly an hour apart, which looks suspiciously like a
queue retry interval....

Anyhow, it appears that the previous machine, the poorly identified
host at 10.54.27.65, is the one that duplicated the original msg,
passing the dups onto another internal g-mail machine, which in turn
contacted UW. In fact wproxy.gmail.com is more than one machine, as
the IP address in the top line of each example above is different,
reinforcing the fact that the split is happening before UW even sees
any attempt being made to deliver the msg.

So, all I can deduce at this point is that it is not being caused by
UW's mail systems, but that's from reading the above headers. There's
a very good chance that in fact more is going on than is being tracked
above (stuff is being hidden from us), so I could be wrong.

If anyone has any input or examples like the above please reply or
follow up. Since we (IST) are about to activate greylisting on a large
scale here we want to be sure we're not going to unleash some wild
daemons.

Thanks,
gdm

0 new messages