Mailing List SIMS@mail.stalker.com Message #13894
From: Joe Wagner <joew@cdr.stanford.edu>
Subject: Delivering message to wrong mailbox?
Date: Mon, 03 Nov 2003 02:56:57 -0800
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Hi all,
        I've found a strange problem.  I'm running SIMS 1.8b9d14 on a PCC 7300/200 and recently had a user ask me why she received an email sent to another users, with another domain.  I looked at the email's headers and darn if I can tell why that happened.  I used the router test address and it says it'll go to the correct box -- and the log says it was delivered to the correct box.  Now my servers are getting a fair beating now with a spam load that's recently grown to sometimes 15k+ messages a day but still, should SIMS be able to get confused.  Below is the header, router and the log file.  Intended domain is ABC.com, other user who got the message is XYZ.com, both with catch-all addresses:

Return-Path: STRANGERX@yahoo.com
Received: from web10710.mail.yahoo.com ([216.136.130.75] verified)
  by mail.hasit.com (Stalker SMTP Server 1.8b9d14)
  with SMTP id S.0001187952 for <USERABC@ABC.com>; Sun, 02 Nov 2003 11:26:00 -0700
Message-ID: <20031102192552.15902.qmail@web10710.mail.yahoo.com>
Received: from [68.112.232.50] by web10710.mail.yahoo.com via HTTP; Sun, 02 Nov 2003 11:25:52 PST
Date: Sun, 2 Nov 2003 11:25:52 -0800 (PST)
From: STRANGER X <STRANGERX@yahoo.com>
Subject: Hekllo out there
To: USER ABC <USERABC@ABC.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii


11:26:00 4 SMTP Line 318820 created for answering
11:26:00 4 SMTP-820() Got connection from [216.136.130.75:24111]
11:26:00 4 SMTP(tcp) Connection accepted from [216.136.130.75:24111], seq=75686, 14/15
11:26:00 4 SMTP-820([216.136.130.75]) Sending 220-mail.hasit.com Stalker Internet Mail Server V.1.8b9d14 is ready.\r\n220 ESMTP is spoken here. NO UCE Sending unsolicited email ads uses equipment of Hypertouch located in CA and violates its policie
11:26:00 4 SMTP-820([216.136.130.75]) Input Line: HELO web10710.mail.yahoo.com\r
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Looking for web10710.mail.yahoo.com
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Sending 250 mail.hasit.com is pleased to meet you\r\n
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Input Line: MAIL FROM:<STRANGERX@yahoo.com>\r
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Sending 250 <STRANGERX@yahoo.com> sender accepted\r\n
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Input Line: RCPT TO:<USERABC@ABC.com>\r
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Sending 250 <USERABC@ABC.com> recipient accepted\r\n
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Input Line: DATA\r
11:26:00 4 SMTP-820(web10710.mail.yahoo.com) Sending 354 Enter mail, end with "." on a line by itself\r\n
11:26:01 2 SMTP-820(web10710.mail.yahoo.com) {S.0001187952} received, 998 bytes
11:26:01 4 SMTP-820(web10710.mail.yahoo.com) Sending 250 S.0001187952 message accepted for delivery\r\n
11:26:01 4 SMTP-820(web10710.mail.yahoo.com) Input Line: QUIT\r
11:26:01 2 SYSTEM [S.0001187952] <20031102192552.15902.qmail@web10710.mail.yahoo.com> 0+1 From:STRANGERX@yahoo.com
11:26:01 4 SMTP-820(web10710.mail.yahoo.com) Sending 221 mail.hasit.com closing connection\r\n
11:26:01 4 SMTP-820(web10710.mail.yahoo.com) Closing
11:26:01 3 SMTP-820(web10710.mail.yahoo.com) Abort Received, reason=5483576
11:26:01 4 SMTP-820(web10710.mail.yahoo.com) Nothing read - stream broken
11:26:01 3 SMTP-820(web10710.mail.yahoo.com) Reading Failed. Error Code=-25010. Read:
11:26:01 2 SYSTEM(POP) [S.0001187952] delivered to (ABC)
11:26:01 2 SYSTEM [S.0001187952] deleted
11:26:01 4 SMTP disposing line 318820

Yet that message appears in XYZ's file.

Here is the router entry for those domains.  I switch mail.domain.com to domain.com to catch stuff coming from the secondaries mailservers which relay.  The two users don't want blacklists, so I white list everything.  And XYZ-USERXYZ and ABC are both account names.

mail.XYZ.org=XYZ.org
<*%XYZ.org@blacklisted>=XYZ-USERXYZ
<*@XYZ.org>=XYZ-USERXYZ
mail.ABC.com=ABC.com
<*%ABC.com@blacklisted>=ABC
<*@ABC.com>=ABC

So, any ideas how that has happened? I'm stumped.  This has now happened twice today. I've smtp logging turned on to low-level so couple that to my spam load mean that yesterday I had a 200 mb log file, and today it was 50 mb before I copied it to track down the error.  But slow != bad file management right?.  I've 3 gigs left on that drive

Thanks for any hints as to what's going on.

Joe
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster