Re: [exim] Massive eBay Dupe Flood

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Christopher Snell at <-
MMStephen Gran at ->
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Christopher Snell, exim-users
CC: 
Subject: Re: [exim] Massive eBay Dupe Flood


--On Monday, November 1, 2004 12:38 pm -0600 Christopher Snell
<chris.snell@???> wrote:

> Hi All,
>
> I'm trying to figure out why folks at our site are getting massive
> amounts of duplicate mail from eBay. The mail seems to be isolated
> that which is generated by an automated process, for example,
> end-of-auction e-mails and customer service automated responses. We
> are getting the same messages delivered every five or ten minutes or
> so. The logs show nothing unusual except duplicate Message IDs:

This example doesn't show a duplicate Message ID.

> (recipient e-mail address changed to protect the innocent)
>
> 2004-11-01 00:23:55 1COVZD-000F97-J2 <= somebody@???
> H=mxpool23.ebay.com (mx53.sjc.ebay.com) [66.135.197.29] P=esmtp S=6789
> id=200410292150.i9TLoKbs024947@???
> 2004-11-01 00:23:55 1COVZD-000F97-J2 => somebody@???
> R=send_to_gateway T=remote_smtp H=10.0.0.9 [10.0.0.9]
> 2004-11-01 00:23:55 1COVZD-000F97-J2 Completed
>
> [ ... and then a little while later ... ]
>
> 2004-11-01 01:03:28 1COWBV-000FHT-9n <= somebody@???
> H=mxpool23.ebay.com (mx53.sjc.ebay.com) [66.135.197.29] P=esmtp S=6641
> id=200410292150.i9TLoKbs024947@???
> 2004-11-01 01:03:28 1COWBV-000FHT-9n => somebody@???
> R=send_to_gateway T=remote_smtp H=10.0.0.9 [10.0.0.9]
> 2004-11-01 01:03:28 1COWBV-000FHT-9n Completed
>
> That message is an automated reply sent in response to my complaint
> about the issue. Five hundred messages later, I wish I never
> complained in the first place. :)
>
> When an eBay employee telnet'ed to my mail server from one of their MX
> boxes, he was able to send an e-mail without any problems. This email
> has not yet duped, either:

The TELNET example doesn't replicate the bad example properly, because in
the example above the return address is the same as the recipient address,
but here they give an ebay address as the return address.

> [root@mx5 root]# telnet 209.142.99.217 25
> Trying 209.142.99.217...
> Connected to fw-01.satx.bikeworld.net (209.142.99.217).
> Escape character is '^]'.
> 220 web02.satx.bikeworld.net ESMTP Exim 4.34 Mon, 01 Nov 2004 12:02:08
> -0600
> helo ebay.com
> 250 web02.satx.bikeworld.net Hello mxpool03.ebay.com [66.135.197.9]
> mail from:somebody@???
> 250 OK
> rcpt to:somebody@???
> 250 Accepted
> data
> 354 Enter message, ending with "." on a line by itself
> test message
> .
> 250 OK id=1COgWD-000Li2-62
>
> eBay is blaming this on my mail server, even though we sucessfully
> process around 100,000 messages a day.
>
> Has anybody seen this? Does anybody have any contacts at eBay?
>
> Thanks in advance,
>
> Chris Snell



--
Ian Eiloart
Servers Team
Sussex University ITS



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [exim] body line length limitsRe: [exim] Massive eBay Dupe Flood->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)