-1

I am receiving large number of duplicate emails to my Inbox all of the time. I suspect that they are processed by two queues: exim's and the spam filter's one. That I googled but do not know how to check. Here is an example of the logs:

2011-07-26 05:02:15 1QlQPu-0004WZ-Oa <= xxxxx@gmail.com U=Debian-exim
P=spam-scanned S=1933
id=CAJ=mMHW_MWB6uQb9vgyoYkbg5V1=9S9BkrPeiYKHmSRdVY4YBw@mail.gmail.com from
<bestesee@gmail.com> for service@auctionpond.com
2011-07-26 05:02:15 1QlQPu-0004WZ-Oa => service (service@auctionpond.com)
<service@auctionpond.com> R=localuser T=local_delivery

2011-07-26 05:07:45 1QlQVE-0004Wr-IB <= xxxxx@gmail.com U=Debian-exim
P=spam-scanned S=1933
id=CAJ=mMHW_MWB6uQb9vgyoYkbg5V1=9S9BkrPeiYKHmSRdVY4YBw@mail.gmail.com from
<bestesee@gmail.com> for service@auctionpond.com
2011-07-26 05:07:45 1QlQVE-0004Wr-IB => service (service@auctionpond.com)
<service@auctionpond.com> R=localuser T=local_delivery

Here is link to download the Exim 4 config file. I am using Ubuntu 10.04.3 LTS. Please help to investigate the issue. Thanks.

Update 1:

/var/log/mail.err log has 0 size. I have checked mail.err.1 and see several errors as below:

Jul 26 23:09:48 webserver spamc[22932]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Jul 26 23:09:49 webserver spamc[22932]: connection attempt to spamd aborted after 3 retries
Jul 27 06:25:02 webserver exim4: ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken

There are no any fresh errors.

/var/log/exim4/paniclog.03.gz contains many such errors:

2011-07-29 23:53:57 1QmnVl-0007Ad-CZ == service@auctionpond.com R=spamcheck_router T=spamcheck defer (-24): Transport filter process failed (127): unable to execute command
2011-07-29 23:58:57 1Qmnaa-0007Al-TQ == service@auctionpond.com R=spamcheck_router T=spamcheck defer (-24): Transport filter process failed (127): unable to execute command

/var/log/mail.log is full with such messages:

Aug  1 18:52:38 webserver spamd[17229]: prefork: child states: II
Aug  1 18:54:25 webserver spamd[13401]: spamd: connection from localhost [127.0.0.1] at port 35000
Aug  1 18:54:25 webserver spamd[13401]: spamd: setuid to Debian-exim succeeded
Aug  1 18:54:25 webserver spamd[13401]: spamd: processing message <CAM20inbXx7iUgpPdcx4itguf=MbvjAcAibNvVUWkWVTkooAWJg@mail.gmail.com> for Debian-exim:104
Aug  1 18:54:25 webserver spamd[13401]: spamd: clean message (-0.7/5.0) for Debian-exim:104 in 0.5 seconds, 1482 bytes.
Aug  1 18:54:25 webserver spamd[13401]: spamd: result: . 0 - FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_DKIM_INVALID,T_TO_NO_BRKTS_FREEMAIL scantime=0.5,size=1482,user=Debian-exim,uid=104,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=35000,mid=<CAM20inbXx7iUgpPdcx4itguf=MbvjAcAibNvVUWkWVTkooAWJg@mail.gmail.com>,autolearn=disabled
Andrew
  • 1,044
  • 6
  • 21
  • 36

2 Answers2

1

The message IDs from the remote system (gmail) is the same, but the local messages IDs are different and there is also a 5 minute difference. Have you checked to ensure something is not timing out or dropping the internal SMTP session prematurely?

user48838
  • 7,393
  • 2
  • 17
  • 14
0

We have found the issue which was caused by unproperly configured SpamAssassin. After disabling it all emails started to come just fine.

Andrew
  • 1,044
  • 6
  • 21
  • 36