sevenymedia
Verified User
- Joined
- Sep 28, 2015
- Messages
- 34
I experienced an issue with Exim overnight. I got some clients telling me they weren't able to send any emails, I gave it a try through two of my own accounts and indeed I also got the warning that the outgoing mailserver wasn't responding.
I ssh-ed into the server and did see Exim active and also traffic going through, but just to be sure I did a service restart, which took quite a while (like at least one minute..) and after that some emails were coming in, even from yesterday. And the emails I sent for testing were also send.. but twice. Now after going through some mailboxes I'm seeing lots of duplicate emails, which started around yesterday afternoon.
Below some log results of two different emails which I received like 10 times.
I hope somebody is able to point me in the right direction to find the cause of the issue, probably worth mentioning is that this is the second time this happened, exactly the same thing happened like three weeks ago.
I ssh-ed into the server and did see Exim active and also traffic going through, but just to be sure I did a service restart, which took quite a while (like at least one minute..) and after that some emails were coming in, even from yesterday. And the emails I sent for testing were also send.. but twice. Now after going through some mailboxes I'm seeing lots of duplicate emails, which started around yesterday afternoon.
Below some log results of two different emails which I received like 10 times.
I hope somebody is able to point me in the right direction to find the cause of the issue, probably worth mentioning is that this is the second time this happened, exactly the same thing happened like three weeks ago.
Code:
2020-07-19 13:56:26 1jx7ve-0003NW-BI <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 14:21:26 1jx8Jq-0005LG-OT <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 14:46:27 1jx8i2-0007FD-Lb <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 15:26:27 1jx9Kl-00023l-L7 <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 16:36:28 1jxAQV-000777-VR <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 17:46:28 1jxBWG-0006rG-C7 <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 18:56:28 1jxCc0-0006Ok-F7 <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 20:06:29 1jxDhk-0007Pk-M8 <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 21:16:29 1jxEnU-0001lw-UC <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 22:26:31 1jxFtG-0004a1-GY <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-19 23:36:31 1jxGz1-0004jw-9x <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 00:46:32 1jxI4m-0005YP-7e <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 01:56:33 1jxJAX-0003El-1D <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 03:06:33 1jxKGH-0006Gt-Mx <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 04:16:35 1jxLM2-0006gF-Bx <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 05:26:35 1jxMRm-00054s-U6 <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
2020-07-20 06:36:35 1jxNXX-00061V-FL <= [email protected] H=smtp-relay-03.hcbmedia.nl [194.48.214.27] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=19627 DKIM=qassa.nl id=1595159785.9f96f36b7aae3b1ff847c26ac94c604e@cron2.prod.qassa.cyso.net T="***" from <[email protected]> for ***
Code:
2020-07-20 01:24:53 1jxIfs-0005hs-N5 <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 01:35:25 1jxIq4-0004df-6L <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 01:46:30 1jxJ0n-0004lX-KP <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 01:58:04 1jxJC0-0004fC-94 <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 02:10:10 1jxJNi-0005i9-05 <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 02:24:14 1jxJbK-0006M0-8x <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 02:42:39 1jxJt9-0005JD-H7 <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 03:07:45 1jxKHQ-0002LE-Q7 <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 03:47:50 1jxKuD-0005Rj-ER <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 04:57:55 1jxM03-0001zP-CH <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***
2020-07-20 08:08:00 1jxOxz-0004ZO-Tf <= ***@mail.haveibeenpwned.com H=o1.mail.haveibeenpwned.com [167.89.85.8] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=12048 DKIM=haveibeenpwned.com [email protected] T="You're one of 268,765,495 people pwned in the Wattpad data breach" from <***@mail.haveibeenpwned.com> for ***