1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Multiple Email

Discussion in 'Plesk for Linux - 8.x and Older' started by Swakoo, Aug 28, 2005.

  1. Swakoo

    Swakoo Guest

    0
     
    Hi guys,

    some of my users complain of multiple mails...

    i have not got this problem myself....

    u guys know of anything that will cause multiple emails? what should i check to get more info?
     
  2. jamesyeeoc

    jamesyeeoc Guest

    0
     
  3. Swakoo

    Swakoo Guest

    0
     
    Nope it isn't, just a RHEL standard machine
     
  4. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Look through the mail logs for any indications of errors or problems (I know the log is messy)

    /usr/local/psa/var/logs/maillog

    If you can track down a date/time (even a close one) and email name or address affected, it makes it much easier to search the log file(s)
     
  5. Swakoo

    Swakoo Guest

    0
     
    any other such known problems about duplication?
     
  6. Swakoo

    Swakoo Guest

    0
     
    the same box is giving problem again with multiple emails. My users (a handful only) are complaining that some emails they are sending out are being repeated at the recipients end.

    I have re-sync the database, and have told them to note the recipient email address and time sent next time this occur so I can check the log as advised earlier, but what could be the reason?

    The only major thing I did to the server was that I upgraded the ram (512->2GB)
     
  7. Swakoo

    Swakoo Guest

    0
     
    I check the log

    If you notice, the email address (masked for privacy reason) is repeated. it repeats many more times down the log

    same msg <id>, so i suppose this is the one that was repeated... what's wrong?

    a few of my users are having this problem, and their recipients/clients are complaining about the multiple emails.

    a check in the log do show the emails being sent out repeatedly..

    Update: a few members are now receiving the multiple emails... and at the same time there are cases where they use their gmail account and mail to their account in my PLESK box. they receive ok. but after a while they receive a bounce mail on the gmail account from the PLESK box saying xyz@someotherdomain.com is not valid.

    Interestingly, they didn't send to such a domain at all.

    Getting queer, getting out of hand man... :(

    Anyone?
     
  8. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Have you checked the perms and ownership of the message files in the /var/qmail/queue/remote directories (the ones listed in the logs) ?

    It may be queue corruption, may possibly be temporary and clear itself (or not).

    Per Qmail docs:
    Also see: this link for more possible causes.
     
  9. Swakoo

    Swakoo Guest

    0
     
    even saw one line that said this!
    checked the log and the directory, but don even see the message file, probably because it got sent out successfully. But otherwise those that I see there all belonged to qmails:qmail.

    This problem has been around since last friday.

    Read the link at WHT but my server didn't crashed recently. I just down it to upgrade the ram. proper shutdown. could that be a cause too? But the load on my server, even after upgrading the ram, averages around 2.5 consistently

    before that it could hit up to 5!

    And as mentioned, the other weird thing we realised is that sometimes, when people send to email accounts on the PLESK machine, sometimes only, the mail sent do get successfuly recevied by the user (PLESK). But after a while, the person who sent it will get a bounce message from PLESK machine saying that the email nosuch@domain.com is not valid, when the user didn't even send to that address....

    weird...
     
  10. Swakoo

    Swakoo Guest

    0
     
    anyone with the same problem and a solution?

    Been googling, not much people listed this problem and even so, no solutions...

    hmm perplexing indeed...
     
  11. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Since it only started after upgrading RAM, what about the possibility of bad RAM modules? I know it's not very likely, but you should consider the possibility
    This might support the theory of Qmail queue corruption of some sort
     
  12. Swakoo

    Swakoo Guest

    0
     
    Right now.. I am checking the logs real hard...

    so far... only 1 user is complaining that the emails they send out are being repeated at the recipients end.

    4 others are complaining that they are receiving multiple emails. interestingly, all 4 don have POP accounts in my PLESK box. Rather their account in the PLESK is only a forwarding account, which goes to GMail.

    Any link?

    Anyway I need help intepreting log.

    Because I am armed with all the repeated emails: I got their recipients, sender, subject and date/time stamp of the email

    But the log only shows delivery id, message id, and recipient address.. and sender

    by ID number only, sometime abit hard to track the multiple email properly.... or am i not appreciating the log enough?

    and i realise smtp authentication is not working despite it being on
    http://forum.swsoft.com/showthread.php?s=&threadid=34324

    anyone?

    Update: again repeated mail and i saw it in the log....
    I first trace by recipient email address (external domain), then I trace the messageid and true enough it repeats itself consisitently... but in between i don see any entries mentioning that message ID... just alot of the below quoted entries
    Towards the end, there is an entry in the log with the problem email message id
    It then attempted to send one more time (but to one less recipient)

    then it finally ended

    And I realise my email servers is sending alot of mail to @netzero.com
    i sometimes get bounced email that there are no such recipients on the other end... but i didn't send... am i getting screwed or what man...

    thanks guys!
     
  13. chiefgofor

    chiefgofor Guest

    0
     
    @Swakoo
    I am in the same boat you are. As such, I am carefully watching this thread. So, thank you for that. And thanks to all those assisting.
     
  14. Swakoo

    Swakoo Guest

    0
     
    oh man, that sucks.. yeah.. i hope we can solve this too

    anyway i just have another case of a mail send out by my user... the recipient got no less than 20 copies of it.. (some 75!)its more clear here...
    this is the start, mail received and starting delivery
    Then as you guys can see... it is repeating but with no other message for the same message id: one page full of log
    It finally ends...
    headche....

    i also realise its more of emails with attachment... some kind of bug?
     
  15. Swakoo

    Swakoo Guest

    0
     
    I ran chkrootkit

    only one suspicious thing:

    Checking `bindshell'... INFECTED (PORTS: 465)

    problem?
     
  16. Swakoo

    Swakoo Guest

    0
     
    Guys... just to update:

    I inserted the following control files into /var/qmail/control

    timeoutremote - 1200
    timeoutsmtpd - 1200
    timeoutconnect - 60

    Switched off Spamassasin and DrWeb earlier too (it didn't affect the load, but i am not using it anyway)

    The load on my server went drastically down!
    0.10 on average.. where it used to be 2.5-3.5 average ..

    and no more multiple emails... not sure if it is the cause to celebrate... but am still observing...
     
  17. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Most likely it's the well known 'false positive' which chkrootkit is known for. You should make sure there is actually nothing valid listening on port 465.

    Also use RKHunter to scan.

    Have you protected your server with either Atomic Secured Linux or at least mod_security? (www.atomicrocketturtle.com)

    You should uninstall DrWeb and use clamav/clamd or f-prot instead!
     
  18. jamesyeeoc

    jamesyeeoc Guest

    0
     
    If SA is causing too much load, then you need to figure out why:

    1. Hardware issue (celeron instead of P4 or Xeon)

    2. SA configuration issue

    3. Too much spam hitting the server (hardware upgrade needed?)
    Have you possibly been blacklisted?
     
  19. Swakoo

    Swakoo Guest

    0
     
    james,

    i used rkhunter but it had permissioning problem... first time occur such issue. but otherwise nothing much on it

    I stop both drweb and spamassasin as i didn't use select the email to be scan by drweb...

    and without the spam assasin control panel, i didn't link my mail to be checked...

    SA is not causing too much load since its not running on any email accounts... but ever since i set the timeout... the multiple emails have stopped, spam has been cut down alot, and my server load... is LOW! sweet... but any idea why?

    blacklisted!? i hope not man.. but i will try those that you mention.. i haven't done any of them.. will give it a look.. and check back here again
     
  20. jamesyeeoc

    jamesyeeoc Guest

    0
     
    You didn't post what those timeout values were before you changed them, so I can only speculate endlessly...

    Did you resolve the permissions problems? If not, then the RKHunter results may be incomplete or inconclusive.
     
Loading...