losing e-mail: maybe wrong Lines or Content-Length

E

Edmund Evans

Verified User
Joined
Jun 20, 2004
Messages
5
I keep losing messages because they get tacked onto the end of spam messages. Is this a known problem?

I suspect it might be because the (Russian) spam messages have an incorrect Lines or Content-Length header which the MDA is not correcting and the POP3 server is believing, but it's a bit hard for me to diagnose the problem as I'm only a user (of hostlogical.com) and can't inspect the mail spool.

I tend to rather doubt the quality of the POP3 server, anyway. It's vm-pop3d 1.1.6 and it leaves blank lines in the UIDL listing, which is not really a sign of quality:

UIDL
..
102 [email protected]
103 D[20

104 [email protected]
..
 
i am getting mails lost too. I have 2 servers, both running DA but of different version, server ones DA is 1.21.3 while server 2 which is a newer server is running ver 1.222000. When i send an e-mail from one of the domain located on server 1 to a domain on server 2 (that was migrated from server 1), the mail was never received. Tried a few times last night, all mails not received but when i send out from domain on server 2, it gets received all the time.

Any ideas?
 
Hello,

That might be different. Check your /var/log/exim/mainlog. Also, the version of DirectAdmin doesn't have as much to with with email as does the exim version or vm-pop3d version.

John
 
DirectAdmin Support said:
Hello,

That might be different. Check your /var/log/exim/mainlog. Also, the version of DirectAdmin doesn't have as much to with with email as does the exim version or vm-pop3d version.

John
Click to expand...

here the logs.

From older server. Send receive no problem. i was trying to send to e-mail address ending with itcow.com

[root@gandalf root]# cat /var/log/exim/mainlog | grep [email protected]
2004-06-29 00:24:43 1Beyvu-0001GZ-FL => mobile <[email protected]> R=virtual_user T=virtual_localdelivery
2004-06-29 00:36:16 1Bez79-0002JR-Af => mobile <[email protected]> R=virtual_user T=virtual_localdelivery
2004-06-29 00:37:02 1Bez7t-0002KS-Fw => mobile <[email protected]> R=virtual_user T=virtual_localdelivery
2004-06-29 12:54:55 1BfAdz-0006r5-85 <= [email protected] H=(support.antlabs.com) [202.172.38.6] P=smtp S=6969
2004-06-29 13:04:43 1BfAnQ-0007E3-C3 => mobile <[email protected]> R=virtual_user T=virtual_localdelivery

From new server, send no problem, receiving problem, no mails were ever received but i tried sending from [email protected] to [email protected] i get the e-mail immediately.

Following is the only line for [email protected]

[root@aragorn XSilver]# cat /var/log/exim/mainlog | grep [email protected]
2004-06-28 09:57:50 1BelP0-0000fP-UL => mobile <[email protected]> R=virtual_user T=virtual_localdelivery
 
Hello,

Run this:

grep 1BelP0-0000fP-UL /var/log/exim/mainlog

to see all the logs records for that message.

Just a note.... I telnetted to 25 for your domain, it showed "aragorn.ministryofhosting.com" as the hostname. I did a lookup on that record, and it doesn't resolve. Make sure the hostname resolves.

John
 
DirectAdmin Support said:
Hello,

Run this:

grep 1BelP0-0000fP-UL /var/log/exim/mainlog

to see all the logs records for that message.

Just a note.... I telnetted to 25 for your domain, it showed "aragorn.ministryofhosting.com" as the hostname. I did a lookup on that record, and it doesn't resolve. Make sure the hostname resolves.

John
Click to expand...

Hi John,

the command returns:


[root@aragorn root]# grep 1BelP0-0000fP-UL /var/log/exim/mainlog
2004-06-28 09:57:50 1BelP0-0000fP-UL <= [email protected] H=(gw2.myedumail.moe.edu.sg) [166.121.5.65] P=esmtp S=9854 [email protected]
2004-06-28 09:57:50 1BelP0-0000fP-UL => mobile <[email protected]> R=virtual_user T=virtual_localdelivery
2004-06-28 09:57:50 1BelP0-0000fP-UL Completed

How do i make it resolve? sorry for the trouble.
 
Last edited:
Hello,

Just add an A record "aragorn" to the "ministryofhosting.com" domain, with the server's main IP as the value.

John
 
DirectAdmin Support said:
Hello,

Just add an A record "aragorn" to the "ministryofhosting.com" domain, with the server's main IP as the value.

John
Click to expand...

Hi John, can you guide me on how to exactly go about doing that? i'm a little lost with /etc/named.conf
 
Hello,

Login to DA as admin, go to:

Admin Panel -> Dns Administration -> ministryofhosting.com

At the bottom of the page there should be a few input areas. There should be one for "A" records. Enter

aragorn

and then the server IP in the box to the right, then click Save.

John
 
DirectAdmin Support said:
Hello,

Login to DA as admin, go to:

Admin Panel -> Dns Administration -> ministryofhosting.com

At the bottom of the page there should be a few input areas. There should be one for "A" records. Enter

aragorn

and then the server IP in the box to the right, then click Save.

John
Click to expand...

Thanks John but i'm just wondering why doesn't it work for gandalf.ministryofhosting.com but it works fine for aragorn.ministryofhosting.com

Aragorn's IP belongs to server 2 (new server).
 
DirectAdmin Support said:
Hello,

both of those names are resolving now. What's the error you're getting now?

John
Click to expand...

Hi John, i'm not getting any error, the mail is just missing. Mail does not come in at all for anything send to [email protected]

What else you need to help me troubleshoot?

I think the problem is with the sender's e-mail address which i really find funny. I used [email protected] (old server) to mail out to others all no problem it seems but sending to [email protected] makes the mail disappear. Migration cause the problem? Itcow.com was on the old server and was migrated recently.

I found out using a Yahoo mail, sending from this yahoo mail to [email protected] no problem, and using [email protected] to send to thhis yahoo accoun also no problem.
 
Last edited:
Thanks for upgrading to 1.1.7e. That should avoid some problems with parsing the UIDL output.

However, the main problem still persists: today I had at least two real messages tacked onto the end of Russian spam messages, and therefore invisible unless you look at the raw text because the real message is after the final MIME boundary of the spam.

Unfortunately, by the time I notice this, the message has already been redelivered a couple of times and deleted from the original mailbox.

It might not be vm-pop3d's fault.

Whenever this happens, it's always Russian spam, so I would guess there is something strange about the Russian spam. If it's not the Lines or Content-Length, perhaps the spam is arriving without a final newline or something like that.
 
I looked at the mailbox parsing in vm-pop3d-1.1.6/extra.c and it's very simple: it looks for "\n\nFrom ". The merged message I have appears to have a blank line before the "From ", so the only way I can think of how it might go wrong is if vm-pop3d sees "\n\r\nFrom ". I don't know whether Exim 4.24 can be configured to write such a thing ...
 
Aha. I think I can see a bug in vm-pop3d-1.1.6/extra.c that might explain the symptoms: perhaps the Russian spam contains a '\0'. The code in extra.c uses strchr(buf, '\n') to decide whether it's seen the end of a line. If the last line of the Russian spam contains a '\0' then it won't see the '\n' and it will eat the blank line that forms part of the message separator.

YES! I can now reproduce the problem using this Perl script.

Do I get a prize, or must I make do with just the glory and honour?

#!/usr/bin/perl -w

use Net::SMTP;

$server = 'xxxx.org';
$address = '[email protected]';

$header = <<"END"
From: $address
To: $address
Subject: test

END
;

$message1 = $header . "With null\n\0";
$message2 = $header . "Without null\n";

$smtp = Net::SMTP->new($server);
$smtp->mail($address);
$smtp->to($address);
$smtp->data($message1);
$smtp->quit();

$smtp = Net::SMTP->new($server);
$smtp->mail($address);
$smtp->to($address);
$smtp->data($message2);
$smtp->quit();
 
Hello,

Yes, you get the wonderful prize of a new release of vm-pop3d (vm-pop3d-1.1.7f-T6). I'll package that up in the next few days.

John
 
You must log in or register to reply here.
Back
Top