[exim] Very loosely Exim related! - Need help reading header…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Gareth Hastings
Datum:  
To: exim-users
Betreff: [exim] Very loosely Exim related! - Need help reading headers please
We recently had a user send out an email to a huge list of very badly
formatted emails (Random quotes, semicolons, commas instead of
semi-colons, spaces in emails, double quotes round blocked of 10+
emails, angled brackets all over the place, duplicate recipients etc).
Unfortunately no one was told about this until after it had been sent.
The To: header alone contained around 1200 email addresses. Aside from
the obvious data protection issues, method of mass mail, amount of
recipients in to field, is there anyway this alone could break an MTA?
The reason I ask is because numerous recipients of this e-mail have
received not one but 200-300 copies of the same email.

Internally we use Exchange which then sends onto an Exim box which
relays out to our smart host (Postini) who virus/spam check each mail. I
can not see in any of the logs (exchange, exim) the e-mail going out
multiple times.

The thing that gets even weirder is that I've spoken to a couple of very
annoyed customers and managed to get them to forward back the headers of
their emails. Our company's mail servers do not appear anywhere in the
headers. I've spoken to 4 different people and all 4 sets of headers
look similar. Sometimes it appears as though duplicate headers have been
added somewhere in the middle (one set had around 8 lots of
X-Virus-Scanned headers). The last few sets of e-mails appear to have
originated through Demon's (or one of their customers maybe) mail
servers.

I added an Exim filter which says send me any message from the original
user with a specific word in the subject directly to me. I have since
received a few copies of this email myself (The user placed her email
address in the to field also)! Upon checking our Exchange server I can
see the message didn't come from there. It's header show the first
server as

Received-SPF: none (mxeu5: 194.217.242.90 is neither permitted nor
denied by domain of twi.co.uk) client-ip=194.217.242.90;
envelope-from=deborah.pullen@???;
helo=anchor-post-32.mail.demon.net;

I have attached a full header as received from an annoyed customer. I
know people hate it when you obfuscate logs so I've left MOST of it
alone. The only bits I've removed are the customers email addresses
contained in the to field.

Attached are 2 sets of headers. 1st set are headers from a customer, 2nd
set are the headers I received after the Exim server received the email
and forwarded the email to me.

Thanks for any and all help



--
Gareth Hastings
Return-Path: <deborah@???>
Received: from mwinf3102.me.freeserve.com (mwinf3102.me.freeserve.com)
by mwinb3105 (SMTP Server) with LMTP; Wed, 03 May 2006 12:51:46 +0200
X-Sieve: Server Sieve 2.2
Envelope-to: customersaddress@???
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf3102.me.freeserve.com (SMTP Server) with ESMTP id 039851C0129B
for <customersaddress@???>; Wed, 3 May 2006 12:51:46 +0200 (CEST)
Received: from lonas01.kinexus.net (lonas01.kinexus.net [212.113.24.129])
by mwinf3102.me.freeserve.com (SMTP Server) with ESMTP id 89F0A1C012A0
for <customersaddress@???>; Wed, 3 May 2006 12:51:45 +0200 (CEST)
X-ME-UUID: 20060503105145565.89F0A1C012A0@???
Received: from localhost (localhost [127.0.0.1])
by lonas01.kinexus.net (Postfix) with ESMTP id 2C33D24D88;
Wed, 3 May 2006 11:51:34 +0100 (BST)
Received: from retrac-group.com (unknown [217.206.172.205])
by lonas01.kinexus.net (Postfix) with SMTP id 036EC24C6D;
Wed, 3 May 2006 11:49:27 +0100 (BST)
Received: from mail pickup service by retrac-group.com with Microsoft SMTPSVC;
Wed, 3 May 2006 12:00:59 +0100
X-Original-To: mail@???
Delivered-To: mail@???
Received-SPF: none receiver=appereto.com; client-ip=212.113.24.129; envelope-from=deborah@???
X-Original-To: mail@???
Delivered-To: mail@???
Received-SPF: none receiver=appereto.com; client-ip=212.113.24.129; envelope-from=deborah@???
X-Original-To: mail@???
Delivered-To: mail@???
Received-SPF: none receiver=appereto.com; client-ip=212.113.24.129; envelope-from=deborah@???
X-Original-To: mail@???
Delivered-To: mail@???
Received-SPF: none receiver=appereto.com; client-ip=212.113.24.129; envelope-from=deborah@???
X-Original-To: mail@???
Delivered-To: mail@???
Delivery-Date: Wed, 03 May 2006 07:09:29 +0200
Received-SPF: none (mxeu9: 69.20.121.140 is neither permitted nor denied by domain of twi.co.uk) client-ip=69.20.121.140; envelope-from=deborah@???; helo=inbound.appriver.com;
Received-SPF: none receiver=appereto.com; client-ip=81.21.76.12; envelope-from=deborah@???
Delivered-To: halyard-mspop3connector.jgrazebrook@???
X-Original-To: mail@???
Delivered-To: mail@???
Delivered-To: halyard-jgrazebrook@???
Delivery-Date: Tue, 02 May 2006 20:51:59 +0200
Received-SPF: none (mxeu22: 207.38.45.145 is neither permitted nor denied by domain of twi.co.uk) client-ip=207.38.45.145; envelope-from=deborah@???; helo=appereto.com;
Received-SPF: none receiver=appereto.com; client-ip=80.46.45.189; envelope-from=deborah@???
Delivery-Date: Tue, 02 May 2006 20:14:25 +0200
Received-SPF: none (mxeu5: 194.217.242.90 is neither permitted nor denied by domain of twi.co.uk) client-ip=194.217.242.90; envelope-from=deborah@???; helo=anchor-post-32.mail.demon.net;
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Message-ID: <000001c66ea0$dbfa8950$c8fea8c0@???>
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C66E00.507370CE"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
Subject: FW: SMARTmat - Smart Composites Workshop
Date: Wed, 3 May 2006 12:00:59 +0100
X-Mailer: Microsoft CDO for Exchange 2000
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: SMARTmat - Smart Composites Workshop
thread-index: AcZt7+3J6FSoHJ82RPyqaVnQhq5zBQADBpGQ
From: "Deborah Pullen" <deborah@???>
To:
X-OriginalArrivalTime: 02 May 2006 19:01:26.0062 (UTC) FILETIME=[CFC4BCE0:01C66E1A]
Importance: normal
Priority: normal
X-OriginalArrivalTime: 02 May 2006 17:16:12.0968 (UTC) FILETIME=[1CDF0A80:01C66E0C]
X-TM-AS-Product-Ver: SMEX-7.2.0.1122-3.52.1006-14412.003
X-TM-AS-Result: No-3.110000-4.000000-1
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.1/328]
X-Virus-Scanned: by AMaViS 0.3.12
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server25.donhost.co.uk
X-Spam-Bouncer-Status: No, hits=1.8 required=7.0 tests=CLICK_BELOW,HTML_60_70,HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE,J_CHICKENPOX_53,SARE_TOCC_COMBO1
X-Policy: cogent-ssc.com
X-Policy: cogent-ssc.com
X-Note: This Email was scanned by AppRiver SecureTide
X-Warn: OPTOUT
X-Note: Spam Tests Failed: OPTOUT
X-Country-Path: UNITED KINGDOM->UNITED STATES->destination
X-Note-Sending-IP: 207.38.45.145
X-Note-Reverse-DNS: popaccts.quik.com
X-Note-WHTLIST: deborah@???
X-Note: User Rule Hits:
X-Note: Mail Class: VALID
Envelope-To: dafydd@???
X-SpamScore: 1.21tests= OPT_HEADER
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.2/329]
X-Virus-Scanned: by AMaViS 0.3.12
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.2/329]
X-Virus-Scanned: by AMaViS 0.3.12
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.2/329]
X-Virus-Scanned: by AMaViS 0.3.12
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.2/329]
X-Virus-Scanned: by AMaViS 0.3.12
X-Virus-Scanned: by AMaViS 0.3.12
X-Antivirus: AVG for E-mail 7.1.392 [268.5.2/329]
X-Virus-Scanned: by AMaViS 0.3.12
X-me-spamlevel: not-spam
X-me-spamrating: 0.032948
X-NAS-Language: English
X-NAS-Bayes: #0: 0; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 6849
X-NAS-Validation: {253ACAE6-E744-4A16-AA8D-A1362AA1C8E2}

This is a multi-part message in MIME format.

Received: from gaspra.twi.co.uk ([194.128.9.3]) by tatum.twi.co.uk with Microsoft SMTPSVC(6.0.3790.1830);
     Wed, 3 May 2006 15:21:31 +0100
Received: from (psmtp.com) [207.126.144.51] 
    by gaspra.twi.co.uk with smtp 
    id 1FbI8m-0002Mb-00 ; Wed, 03 May 2006 15:15:44 +0100
Received: from source ([207.38.45.145]) by eu1sys200amx011.postini.com ([207.126.147.10]) with SMTP;
    Wed, 03 May 2006 14:21:26 UTC
Received: from [80.247.87.62] (account mmltd001@??? HELO morgan-marine.com)
  by appereto.com (CommuniGate Pro SMTP 4.3.7)
  with ESMTPA id 530246130; Wed, 03 May 2006 07:21:16 -0700
Received: from mail pickup service by morgan-marine.com with Microsoft SMTPSVC;
     Wed, 3 May 2006 15:15:52 +0100
Received-SPF: none receiver=appereto.com; client-ip=80.46.45.189; envelope-from=deborah@???
Received-SPF: none (mxeu1: 207.38.45.145 is neither permitted nor denied by domain of twi.co.uk) client-ip=207.38.45.145; envelope-from=deborah@???; helo=appereto.com;
Received-SPF: none receiver=appereto.com; client-ip=81.21.76.12; envelope-from=deborah@???
Delivered-To: halyard-jgrazebrook@???
Received-SPF: none receiver=appereto.com; client-ip=80.46.45.189; envelope-from=deborah@???
Received-SPF: none (mxeu5: 69.20.121.140 is neither permitted nor denied by domain of twi.co.uk) client-ip=69.20.121.140; envelope-from=deborah@???; helo=inbound.appriver.com;
Received-SPF: none (mxeu5: 194.217.242.90 is neither permitted nor denied by domain of twi.co.uk) client-ip=194.217.242.90; envelope-from=deborah@???; helo=anchor-post-32.mail.demon.net;
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----_=_NextPart_001_01C66E00.507370CE"
Content-Transfer-Encoding: 7bit
Message-ID: <000101c66ebc$159178c0$0300000a@???>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
Subject: FW: SMARTmat - Smart Composites Workshop
Date: Wed, 3 May 2006 15:15:52 +0100
X-Mailer: Microsoft CDO for Exchange 2000
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SMARTmat - Smart Composites Workshop
thread-index: AcZt7+3J6FSoHJ82RPyqaVnQhq5zBQADBpGQ
From: "Deborah Pullen" <deborah@???>
To: 
Importance: normal
Priority: normal
X-OriginalArrivalTime: 02 May 2006 17:16:12.0968 (UTC) FILETIME=[1CDF0A80:01C66E0C]
X-Policy: cogent-ssc.com
X-Policy: cogent-ssc.com
X-Note: This Email was scanned by AppRiver SecureTide
X-Warn: OPTOUT
X-Note: Spam Tests Failed: OPTOUT
X-Country-Path: UNITED KINGDOM->destination
X-Note-Sending-IP: 80.46.45.189
X-Note-Reverse-DNS: 80-46-45-189.static.dsl.as9105.com
X-Note-WHTLIST: deborah@???
X-Note: User Rule Hits: 
X-Note: Mail Class: VALID
X-TM-AS-Product-Ver: SMEX-7.2.0.1122-3.52.1006-14412.003
X-TM-AS-Result: No-3.110000-4.000000-1
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server28.donhost.co.uk
X-Spam-Bouncer-Status: No, hits=4.2 required=7.0 tests=CLICK_BELOW,HTML_60_70,HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE,J_CHICKENPOX_53,OPT_HEADER,SARE_TOCC_COMBO1
X-SpamScore: 1.21tests= OPT_HEADER
TWI-dp:
X-Envelope-To: carrie.spence@???,
 julian.speck@???
Return-Path: deborah@???

------_=_NextPart_001_01C66E00.507370CE
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C66E00.507370CE
Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01C66E00.507370CE--