spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve <spamassassin_st...@shic.co.uk>
Subject Re: Curious phenomenon with 9-repetitions of each spam...
Date Thu, 08 Sep 2011 15:44:51 GMT
On 08/09/2011 14:21, Bowie Bailey wrote:
> On 9/8/2011 5:07 AM, Steve wrote:
>> This is the thing that was so very, very odd. The message is identical
>> - including the headers. If I look at the first and last spam email in
>> a 9-message block, then <ctrl>u to get the source, and paste them into
>> files... diff confirms that the messages are byte-by-byte identical. I
>> don't think it's my server that's doing the duplicating... as some
>> spams arrive only once... even though the bulk of the spam I receive
>> is repeated 9 times. 
> That is odd.  I don't know about your MTA, but mine assigns a unique id
> number to each incoming email and writes it into the header.  This would
> make it impossible for duplicated messages to have identical headers
> unless the duplication happens within the MTA or at some point thereafter.
I'm using a (mostly vanilla) Postfix/Amvisd configuration... The
messages are delivered to IMAP, and while they have different filenames
within my imap folder, the textual content is identical for every pair
of messages within a group (where I've checked this.)  My received
messages are not tagged with unique identifiers in the headers (though
the message-id sent to me is retained...)  My unique IDs associated with
messages appear to be assigned by my IMAP server (Dovecot) - and
distinct message numbers correspond to unique MailDir message files.

> If you look at your mail logs, do you actually see 9 messages being
> received?
I thought I did, but - now - I'm not so sure... because the log doesn't
match the messages I find via IMAP. (Really!)

I've attached a snippet from my syslog relating to a recent batch of 9
messages - with domains changed to mydom.org.  As far as I can tell,
multiple emails are sent together to my server at 15:04:34 - but funny
things happen after that.  It looks as if the messages were intended to
be sent to nine separate email addresses at mydom.org - but, somehow,
they all end-up addressed to the first addressee.  All nine messages are
sent to steved@mydom.org - which, via a catch-all in virtual.db, gets
delivered to steve@mydom.org. I'd have expected the To: address to be
different in each - but it isn't.

Is this a bug with Amvisd (possibly exposed my malformed messages)?  Is
there some other trick I'm missing - for example, some caveat about
using spamassassin with postfix virtual aliases?


Mime
View raw message