Hi
I've got an interesting problem where users are complaining that
mail sent to them is delivered twice into their mailbox.
I've seen message headers that users claim belong to at least 2
distinct messages that were downloaded, but I've not yet been able
to verify that the messages appeared twice in their mailbox because
they keep deleting the evidence.
This phenomenon doesn't appear to be confined to one server or to
a particular user and it happens to random messages (or at least I
haven't found a pattern yet).
Here's one example:
2005-09-26 17:49:40 1EJvEa-0005Nm-AI <= hvanzyl@??? H=(ctb-mesg2.saix.net) [196.25.240.82] P=esmtp S=101141 id=000001c5c2b1$deb87e40$b700a8c0@HVZ
2005-09-26 17:49:40 1EJvEa-0005Nm-AI => info <info@???> R=vmail_user T=vmail_delivery
2005-09-26 17:49:40 1EJvEa-0005Nm-AI Completed
For:
Return-path: <hvanzyl@???>
Envelope-to: info@???
Delivery-date: Mon, 26 Sep 2005 17:49:40 +0200
Received: from [196.25.240.82] (helo=ctb-mesg2.saix.net)
by www35a.your-server.co.za with esmtp (Exim 4.51)
id 1EJvEa-0005Nm-AI
for info@???; Mon, 26 Sep 2005 17:49:40 +0200
Received: from vgv.co.za (wblv-146-235-54.telkomadsl.co.za [165.146.235.54])
by ctb-mesg2.saix.net (Postfix) with SMTP id 8B9C46FFA
for <info@???>; Mon, 26 Sep 2005 17:49:21 +0200 (SAST)
Received: from ([192.168.0.183])
by server [192.168.0.200]
(running CapeSoft Email Server v2.21 build 90 www.capesoft.com)
with SMTP id <sender:hvanzyl@???>
for <info@???>; Mon, 26 Sep 2005 17:48:35 +0200
Reply-To: <hvanzyl@???>
From: "hvanzyl" <hvanzyl@???>
To: <dirkdv@???>
Cc: <info@???>
Subject: [redacted]
Date: Mon, 26 Sep 2005 17:49:25 +0200
Organization: VGV Prokureurs
Message-ID: <000001c5c2b1$deb87e40$b700a8c0@HVZ>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_01C5C2C2.A2414E40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scanned: Clear (ClamAV 0.87/1102/Sun Sep 25 16:04:56 2005)
Delivered-To: devmar-info@???
This message's pair has exactly the same MD5 checksum.
So, now I have to ask: is this duplicate delivery a possibility?
Or is it much more likely that the user is doing something that
results in them downloading the message twice so that it looks like
a duplicate delivery? I'm sceptical and inclined to the latter
explanation. But there are bits that I don't trust:
1. It runs on RedHat 7.0.3
2. Kernel 2.2.24 (old, I believe)
3. ext2fs - and this is the main source of my distrust.
I just don't know whether the locking semantics are good enough.
But locking might be a red herring.
[www35a] /etc/exim # exim -v -bV
Exim version 4.51 #2 built 26-May-2005 07:12:32
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 3.1.17: (July 31, 2000)
Support for: iconv() PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz mysql passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /etc/exim/configure
Here's the router and transport that hanled this delivery. This
whole installation used to be a qmail site so there is a little bit
of perl magic that provides the interface to the legacy vmailmgr
data.
Main
# Returns the UNIX username that owns the domain
VMAIL_USER = ${lookup{$domain} lsearch{/var/qmail/control/virtualdomains} \
{$value}fail}
# Returns a relative path to the mailbox
VMAIL_MBOX = ${perl {vmail_mailbox}{/usr/home/VMAIL_USER/passwd.cdb}}
Router
vmail_user:
driver = accept
domains = +vmail_domains
condition = VMAIL_MBOX
transport = vmail_delivery
Transports
vmail_delivery:
driver = appendfile
headers_remove = GLOBAL_HEADERS_REMOVE
directory = /usr/home/VMAIL_USER/VMAIL_MBOX
directory_mode = 0770
user = VMAIL_USER
create_directory
maildir_format
delivery_date_add
envelope_to_add
return_path_add
headers_add = ${if def:acl_m1 {$acl_m1\n}{}}\
${if def:acl_m2 {$acl_m2\n}{}}\
${if def:acl_m3 {$acl_m3\n}{}}\
Delivered-To: VMAIL_USER-$original_local_part@$domain
quota_filecount = ${perl {quota_files}{/usr/home/VMAIL_USER/passwd.cdb}}
quota = ${perl {quota_size}{/usr/home/VMAIL_USER/passwd.cdb}}
message_size_limit = ${perl {quota_msg_size}{/usr/home/VMAIL_USER/passwd.cdb}}
quota_warn_threshold = 75%
quota_warn_message = "\
To: $local_part@$domain\n\
Subject: Your mailbox\n\n\
This message is automatically created by mail delivery software.\n\n\
The size of your mailbox has exceeded a warning threshold that is\n\
set by the system administrator.\n"
shadow_condition = ${lookup{$domain} lsearch{/etc/exim/domains.intercept} {yes
}{no}}
shadow_transport = intercept
intercept:
driver = appendfile
headers_remove = GLOBAL_HEADERS_REMOVE
directory = /usr/local/intercept/VMAIL_USER/VMAIL_MBOX
directory_mode = 0770
user = VMAIL_USER
create_directory
maildir_format
delivery_date_add
envelope_to_add
return_path_add
headers_add = ${if def:acl_m1 {$acl_m1\n}{}}\
${if def:acl_m2 {$acl_m2\n}{}}\
${if def:acl_m3 {$acl_m3\n}{}}\
Delivered-To: VMAIL_USER-$original_local_part@$domain
Ian
--
Ian Freislich
