Hi
Can anyone point me in the right direction in solving a intermittant issue
Basically, I have a Windows 2003 Std Server running GFi Mail Essentials and Mail Security. The only role this machine has is to check inbound emails for junk / virus infected emails, basically acting as an email gateway
I have started to receive intermittant reports of external recipitents receiving multiple copies of the same email sent from one of my users, on one occasion 700+ copies of the email was received
I have looked in the smtp logs, a sample included below and each time it happens, the logs appear to show the connection coming up, email being sent, but not a data received / close connection message like other emails
- 220+mail-12.uk.tiscali.com+ESMTP+Service+ready
EHLO domain name.co.uk
- 250-mail-12.uk.tiscali.com
MAIL FROM:<email address>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>+NOTIFY=FAILURE,DELAY
- 250+RCPT+TO:<email.address@tiscali.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-7.uk.tiscali.com+ESMTP+Service+ready
EHLO domain.name.co.uk
- 250-mail-7.uk.tiscali.com
MAIL FROM:<email.address.co.uk>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>
- 250+RCPT+TO:<email.address.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-10.uk.tiscali.com+ESMTP+Service+ready
EHLO domain.name.co.uk
- 250-mail-10.uk.tiscali.com
MAIL FROM:<email.address.co.uk>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>
- 250+RCPT+TO:<email.address.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-8.uk.tiscali.com+ESMTP+Service+ready
This is a section of the logs which repeated 70 times yesterday for an email, until the email was finally accepted
The SMTP service is setup to only attempt to delivery emails 5 times before giving a failure notice
GFi doesn't appear to be the problem because the email is processed ok and dropped in the queue folder for IIS to dispatch. The email remains in the queue folder until a successful delivery is made or I delete it manually to stop it being delivered over and over.
Can anyone help with this?
Thanks in advance
W2rus
Can anyone point me in the right direction in solving a intermittant issue
Basically, I have a Windows 2003 Std Server running GFi Mail Essentials and Mail Security. The only role this machine has is to check inbound emails for junk / virus infected emails, basically acting as an email gateway
I have started to receive intermittant reports of external recipitents receiving multiple copies of the same email sent from one of my users, on one occasion 700+ copies of the email was received
I have looked in the smtp logs, a sample included below and each time it happens, the logs appear to show the connection coming up, email being sent, but not a data received / close connection message like other emails
- 220+mail-12.uk.tiscali.com+ESMTP+Service+ready
EHLO domain name.co.uk
- 250-mail-12.uk.tiscali.com
MAIL FROM:<email address>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>+NOTIFY=FAILURE,DELAY
- 250+RCPT+TO:<email.address@tiscali.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-7.uk.tiscali.com+ESMTP+Service+ready
EHLO domain.name.co.uk
- 250-mail-7.uk.tiscali.com
MAIL FROM:<email.address.co.uk>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>
- 250+RCPT+TO:<email.address.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-10.uk.tiscali.com+ESMTP+Service+ready
EHLO domain.name.co.uk
- 250-mail-10.uk.tiscali.com
MAIL FROM:<email.address.co.uk>+RET=FULL
- 250+MAIL+FROM:<email.address.co.uk>+OK
RCPT TO:<email.address.co.uk>
- 250+RCPT+TO:<email.address.co.uk>+OK
DATA -
- 354+Start+mail+input;+end+with+<CRLF>.<CRLF>
- 220+mail-8.uk.tiscali.com+ESMTP+Service+ready
This is a section of the logs which repeated 70 times yesterday for an email, until the email was finally accepted
The SMTP service is setup to only attempt to delivery emails 5 times before giving a failure notice
GFi doesn't appear to be the problem because the email is processed ok and dropped in the queue folder for IIS to dispatch. The email remains in the queue folder until a successful delivery is made or I delete it manually to stop it being delivered over and over.
Can anyone help with this?
Thanks in advance
W2rus
