Topic: one email is flooding the spam

[cyrulution]

Sometimes certain spam mails are not deleted when retrieving from the ISP IMAP box. So it's retrived and moved to spam over and over again, hundreds of times. It happened several times, always with bounce messages of rejected spam emails. You can find one of these emails with all headers at http://www.kube.name/keepbouncing.txt.
It already happened that emails of these kind did slow down the email retrieval for hours repeating themselves thousands of times.
The only solution I've found is to remove the bad emails manually from the ISP mailbox.

Does anybody know this problem as well?

Cyrus

[mmccarn]

Am I correct to assume that you are using a single catch-all email address at your ISP, then using fetchmail (the 'multi-drop' choice in server-manager::Configuration::E-mail::E-mail retrieval mode)?

If so, what is your setting for server-manager::Configuration::E-mail::Change e-mail delivery settings::E-mail to unknown users?  This should normally be set to reject.

If you are using multi-drop there isn't much that SME can do to prevent in-bound SPAM to unknown users - the ISP has to accept email for any address, then SME has to deal with it.

[cyrulution]

Am I correct to assume that you are using a single catch-all email address at your ISP, then using fetchmail (the 'multi-drop' choice in server-manager::Configuration::E-mail::E-mail retrieval mode)?

No I'm using the external fetchmail multiple retrieval module.

If so, what is your setting for server-manager::Configuration::E-mail::Change e-mail delivery settings::E-mail to unknown users?  This should normally be set to reject.

email to unknown users is set to reject. But the email comes in to a correct address of mine. It's spam that got rejected somewhere else and is sent to me notifying me about the rejection.

If you are using multi-drop there isn't much that SME can do to prevent in-bound SPAM to unknown users - the ISP has to accept email for any address, then SME has to deal with it.

to explain my problem again:
everything is working fine. Email gets fetched correctly. Spam is sorted excellently. But about once a week there comes an email like http://www.kube.name/keepbouncing.txt and it's just not deleted from the isp's server. So it's fetched over and over again and starts flooding SME mail. Sometimes it's some of the same kind of emails and the flood get's worse.

I think the problem is, that there is some kind of spam mails that are not deleted at the external server ...
but why????

[p-jones]

Are the offending emails large or containing many graphic images ??

[cyrulution]

Are the offending emails large or containing many graphic images ??

They are large and have some kind of attachments. Just Spam. I must confess I haven't opened an attachment. It's always the same kind of emails:

subject:
BOUNCE members@ag-therapie.de:    Non-member submission from ["Clement Bernal"@ag-therapie.de]

Just Spam bounced back from one of my email lists, because the sender's address is not subscribed to the list. The spammers send several such emails every day, they all are bounced, almost all of them just land correctly in my server's spam folder, just a few get stuck at my email server.

[p-jones]

"Just Spam."  "Just Spam bounced back" 

I think you are drawing too many conclusions too fast. 

I have seen EXACTLY your problem, very recently, from email that is NOT spam. It was a large (250Mb) , legitimate email to a genuine user (me). It relates to the size of the message and/or the number or type of attachments (.jpg) (about 10) in my case and the spam filters not processing it fast enough or not being able to handle the size of the message or type of attachment.

Firstly I stopped the email repeating itself hudreds of time over by turning OFF the spam filtering. That allowed the email to spool tyo the mailbox in its entirety first. Then I added the sender to the whitelist so email from that sender is not processed by the spam filters in the future.

Yes I know it is a dubious technique but I had to do something immeadiately before the drive and mailbox blew apart. Stopping the mail service and restarting was not enough. Remember, this scenario involves a legitimate sender and a legitimate user and it is not appropiate for your situation but clearly the spam filtering mechanism is involved.

This needs to be taken to the bug tracker for further investigation if it is not already there. I should have done it at the time but I didnt have time. I now need to sift through many logs to get the info the devs will want before I can take it there.

[cyrulution]

"Just Spam."  "Just Spam bounced back" 

I think you are drawing too many conclusions too fast. 

I have seen EXACTLY your problem, very recently, from email that is NOT spam. It was a large (250Mb) , legitimate email to a genuine user (me). It relates to the size of the message and/or the number or type of attachments (.jpg) (about 10) in my case and the spam filters not processing it fast enough or not being able to handle the size of the message or type of attachment.

Firstly I stopped the email repeating itself hudreds of time over by turning OFF the spam filtering. That allowed the email to spool tyo the mailbox in its entirety first. Then I added the sender to the whitelist so email from that sender is not processed by the spam filters in the future.

I will keep on watching the repeating emails. It really seems to be a serious problem. The first time it happened to me I completely reinstalled the server because I could not find the problem. Now I solve the problem by just deleting the "bad" email from the ISP's server manually. 

[cyrulution]

I happened again.
I made two screen shots: my spam folder with the Mail repeating and repeating a few times before I deleted it from the originating server: http://www.kube.name/mailRepeating.jpg (it's the 16:52:20 email) and another screenshot with the headers of the mail itself: http://www.kube.name/repeatingMail.jpg.
It's just 46 KB long, so the reason can't be that it is too long ...

I must confess: I'm confused.

[p-jones]

Create a bug for it in the bugtracker

[cyrulution]

I submitted it as Bug 3502 in Contribs.org Bugzilla