I got problem with emails that are send by external user but in the mailbox it looks like the user has sent this email to himself, if user want to replay to that massage his out email adress is displayed as recipient. Six of our users received the same e-mails from the same user and the scenario was repeated every time.
Can someone explain it to me ?
zmcontrol -v
Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 FOSS edition, Patch 8.8.15_P27.
Here are some logs from server :
Code: Select all
Dec 2 18:34:56 v-kajmany postfix/postscreen[23488]: CONNECT from [67.219.246.1]:50059 to [149.156.208.232]:25
Dec 2 18:34:56 v-kajmany postfix/dnsblog[28511]: addr 67.219.246.1 listed by domain list.dnswl.org as 127.0.3.0
Dec 2 18:34:56 v-kajmany postfix/dnsblog[21131]: addr 67.219.246.1 listed by domain wl.mailspike.net as 127.0.0.17
Dec 2 18:35:02 v-kajmany postfix/postscreen[23488]: PASS NEW [67.219.246.1]:50059
Dec 2 18:35:02 v-kajmany postfix/smtpd[15991]: connect from mail1.bemta31.messagelabs.com[67.219.246.1]
Dec 2 18:35:03 v-kajmany postfix/smtpd[15991]: Anonymous TLS connection established from mail1.bemta31.messagelabs.com[67.219.246.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 2 18:35:03 v-kajmany postfix/smtpd[15991]: NOQUEUE: filter: RCPT from mail1.bemta31.messagelabs.com[67.219.246.1]: <apache@graphicwave.jp>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<apache@graphicwave.jp> to=<licka@uek.krakow.pl> proto=ESMTP helo=<mail1.bemta31.messagelabs.com>
Dec 2 18:35:03 v-kajmany postfix/smtpd[15991]: NOQUEUE: filter: RCPT from mail1.bemta31.messagelabs.com[67.219.246.1]: <apache@graphicwave.jp>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<apache@graphicwave.jp> to=<licka@uek.krakow.pl> proto=ESMTP helo=<mail1.bemta31.messagelabs.com>
Dec 2 18:35:05 v-kajmany postfix/smtpd[15991]: 1CFD5F35572C: client=mail1.bemta31.messagelabs.com[67.219.246.1]
Dec 2 18:35:05 v-kajmany amavis[6866]: (06866-05) Checking: GtGfqirnVKGn [67.219.246.1] <apache@graphicwave.jp> -> <licka@uek.krakow.pl>
Dec 2 18:35:10 v-kajmany postfix/smtpd[15991]: disconnect from mail1.bemta31.messagelabs.com[67.219.246.1] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Dec 2 18:35:10 v-kajmany amavis[6866]: (06866-05) Passed BAD-HEADER-1 {RelayedInbound,Quarantined}, [67.219.246.1]:50059 [67.219.246.1] <apache@graphicwave.jp> -> <licka@uek.krakow.pl>, quarantine: badh-GtGfqirnVKGn, Queue-ID: 1CFD5F35572C, Message-ID: <20211202173505.1CFD5F35572C@v-kajmany.uek.krakow.pl>, mail_id: GtGfqirnVKGn, Hits: -0.23, size: 9845, queued_as: E5ECC1F6CCF6B, 5583 ms
Code: Select all
Return-Path: <apache@graphicwave.jp>
Received: from v-kajmany.uek.krakow.pl (LHLO v-kajmany.uek.krakow.pl)
(149.156.208.232) by v-kajmany.uek.krakow.pl with LMTP; Thu, 2 Dec 2021
18:35:11 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by v-kajmany.uek.krakow.pl (Postfix) with ESMTP id E5ECC1F6CCF6B
for <licka@uek.krakow.pl>; Thu, 2 Dec 2021 18:35:10 +0100 (CET)
X-Quarantine-ID: <GtGfqirnVKGn>
X-Virus-Scanned: amavisd-new at uek.krakow.pl
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with
expected boundary; ; error: unexpected end of parts before epilogue
X-Spam-Flag: NO
X-Spam-Score: -0.23
X-Spam-Level:
X-Spam-Status: No, score=-0.23 required=7.2 tests=[AM.WBL=-7, BAYES_99=2,
BAYES_999=0.2, DMARC_FAIL_QUAR=0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, HTML_OBFUSCATE_20_30=1.999,
KAM_LAZY_DOMAIN_SECURITY=1, MIME_HEADER_CTYPE_ONLY=0.1,
MIME_HTML_ONLY=0.1, NO_RECEIVED=-0.001, NO_RELAYS=-0.001,
SPF_NONE=0.001, TO_IN_SUBJ=0.099, T_HTML_TAG_BALANCE_CENTER=0.01,
T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001,
ZABOJCASPAMU_BAYES_HIGH=0.001, ZABOJCASPAMU_FAKE_MSID=0.4,
ZABOJCASPAMU_SUBJECT_WEIRED_STRING=0.5]
autolearn=no autolearn_force=no
Received: from v-kajmany.uek.krakow.pl ([127.0.0.1])
by localhost (v-kajmany.uek.krakow.pl [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GtGfqirnVKGn for <licka@uek.krakow.pl>;
Thu, 2 Dec 2021 18:35:05 +0100 (CET)
Received-SPF: none (graphicwave.jp: No applicable sender policy available) receiver=v-kajmany.uek.krakow.pl; identity=mailfrom; envelope-from="apache@graphicwave.jp"; helo=mail1.bemta31.messagelabs.com; client-ip=67.219.246.1
Received-SPF: none (graphicwave.jp: No applicable sender policy available) receiver=v-kajmany.uek.krakow.pl; identity=mailfrom; envelope-from="apache@graphicwave.jp"; helo=mail1.bemta31.messagelabs.com; client-ip=67.219.246.1
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMIsWRWlGSWpSXmKPExsWyRK9oke5+5pW
JBpcniFnsXFviwOixeMlntgDGKNbMvKT8igTWjO6jbcwFMywr/j16wtrAONuki5GLQ0igiVFi
1tbfrF2MnBwiAlISrzd8YQaxhQW8Je7c/MsCYvMKCEqcnPkEzGYTMJY4uvoyYxcjBwezgJ7Eh
P28ECW+Es37ZrKB2CwC2hKrPmxnnsDIMQtJ9yyEDpAws4CTRPOzdnYIW15i2/VVrLPAFghLrL
gyjXkBI+sqRsukosz0jJLcxMwcXUMDA11DQxNdQ10LQ73EKt1EvdJi3dTE4hJdILe8WC+1uFi
vuDI3OSdFLy+1ZBMjMFRSihgDdzDO6Pmpd4hRkoNJSZT32eUViUJ8SfkplRmJxRnxRaU5qcWH
GDU4OARWnJ87nUmKJS8/L1VJgtf7P1CdYFFqempFWmYOMJxhSiU4eJREeN8xrUwU4i0uSMwtz
kyHSJ1i9Ob49HrBImaOj6uWAMnvYPIHmHx9CER+uwMkhcA2SInzLgIZIQAyIqM0D24BLC4vMc
pKCfMyMjAwCPEUpBblZpagyr9iFOdgVBLm/QoyhSczrwTujldAJzIBnXh41nKQE0sSEVJSDUy
m62b3Ssg0rEgX+2ph0iV/7vNi2X5Bmc02chuUVHrUrr1999vHkfvcs5uRn5u+bPKNe3mdoSOh
haFdOfhzQrtq/4eiH5GzVeZN4v5w347P+hRjftd95ol3ZXQf/nJanj3n1eezmdb/1FfPVmJ7v
71Kav/2hVOy3hYXHfD5dOGTEMs8wR6vrX5/6zO5Hmm4vGaZueNijKPUk0XVAkdnOh1vSxBWPi
18y/3jkj0xa056fr+Ro/+W/5l+hICjS+KiopyczTOnbd1ZJKsg88nf9pV07JTD+xccviNqxqD
cIVylPvnEx0wv4YYFXId9/XL3rThfNEvF3V1u3cyiiwWvAr4tPO1wQ/bNSZ4dPkevZjoqsRRn
JBpqMRcVJwIAz8Z9EUYDAAA=
X-Env-Sender: apache@graphicwave.jp
X-Msg-Ref: server-3.tower-692.messagelabs.com!1638466493!3360!1
X-SYMC-ESS-Client-Auth: outbound-route-from=fail
X-StarScan-Received:
X-StarScan-Version: 9.81.7; banners=graphicwave.jp,-,-
X-VirusChecked: Checked
To: licka@uek.krakow.pl
Subject: Action required:*Keep your*current*password*licka@uek.krakow.pl
From: IT_Report*Uek Support<licka@uek.krakow.pl>
Content-Type: multipart/mixed; boundary="2326"
Date: Fri, 3 Dec 2021 02:29:03 +0900 (JST)
Message-Id: <20211202173505.1CFD5F35572C@v-kajmany.uek.krakow.pl>
--2326
Content-type: text/HTML; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: 8BIT
From: Google.net <>
<html>
<BODY>
<P>
<TABLE
style="MAX-WIDTH: 600px; BORDER-TOP: rgb(200,200,200) 0.1em solid; BORDER-RIGHT: rgb(200,200,200) 0.1em solid; WIDTH: 600px; BORDER-BOTTOM: rgb(200,200,200) 0.1em solid; BORDER-LEFT: rgb(200,200,200) 0.1em solid; MARGIN: 0px auto; BACKGROUND-COLOR: rgb(255,255,255); border-radius: 5px"
cellSpacing=0>
<TR>
<TD
style="FONT-FAMILY: Arial; WHITE-SPACE: normal !important; COLOR: rgb(103,106,108); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
<DIV
style="BORDER-TOP: 0px; FONT-FAMILY: inherit; BORDER-RIGHT: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: 0px; COLOR: ; PADDING-BOTTOM: 20px; PADDING-TOP: 40px; PADDING-LEFT: 15px; BORDER-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 21px; PADDING-RIGHT: 15px; font-stretch: inherit">
<center>
<div id="yiv9621247012yui_3_7_2_1_1372793967_">
<span style="color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: arial, helvetica, sans-serif; font-size: 13px; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; display: inline !important; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial;">
<font color="#737373" face="Segoe UI" size="4">
Uek Webmail<FONT color=#ffffff> -</FONT>
</font></span></div>
<P
style="FONT-SIZE: 14px; FONT-FAMILY: sans-serif; COLOR: rgb(32,31,30); TEXT-ALIGN: center; MARGIN: 0px 0px 15px"><FONT
size=3 face="Segoe UI"><SPAN
style="FONT-SIZE: 15px; FONT-FAMILY: arial, helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; DISPLAY: inline !important; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; text-decoration-style: initial; text-decoration-color: initial; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; font-variant-ligatures: normal; font-variant-caps: normal"><FONT
color=#26282a size=5 face="Segoe UI"> <B>Zimbra Web Client</FONT><FONT
color=#26282a size=2 face="Segoe UI">®</FONT></SPAN></b></FONT></P>
<P
style="FONT-SIZE: 14px; FONT-FAMILY: sans-serif; COLOR: rgb(32,31,30); TEXT-ALIGN: center; MARGIN: 0px 0px 15px"><FONT
size=3 face="Segoe UI">Mailbox*Password*Assistant - Organization: <b>Uek</b></FONT></P>
<P
style="FONT-SIZE: 14px; FONT-FAMILY: sans-serif; COLOR: rgb(32,31,30); TEXT-ALIGN: center; MARGIN: 0px 0px 15px"><FONT
size=3 face="Segoe UI">Please note*password*for user "<b>licka</b>" requires re-authentication.</FONT></P>
<P
style="FONT-SIZE: 14px; FONT-FAMILY: sans-serif; COLOR: rgb(32,31,30); TEXT-ALIGN: center; MARGIN: 0px 0px 15px"><FONT
size=3 face="Segoe UI">Keep your current*password*
Update below to ensure instant access;</FONT></P>
<DIV
style="FONT-SIZE: 12px; BORDER-TOP: 0px; BORDER-RIGHT: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: 0px; COLOR: rgb(68,68,68); PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 10px; PADDING-RIGHT: 0px; font-stretch: inherit; font-variant-numeric: inherit; font-variant-east-asian: inherit"><A
style="FONT-SIZE: 14px; BORDER-TOP: rgb(138,138,138) 2px solid; FONT-FAMILY: inherit; BORDER-RIGHT: rgb(138,138,138) 2px solid; VERTICAL-ALIGN: baseline; BORDER-BOTTOM: rgb(138,138,138) 2px solid; TEXT-TRANSFORM: capitalize; FONT-WEIGHT: bold; COLOR: rgb(255,255,255); PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 24px; BORDER-LEFT: rgb(138,138,138) 2px solid; MARGIN: 0px; DISPLAY: inline-block; PADDING-RIGHT: 24px; BACKGROUND-COLOR: rgb(0,120,215); text-decoration-style: solid; text-decoration-color: currentcolor; font-stretch: inherit; border-radius: 4px; text-decoration-line: none"
href="http://s2vHeW1JVEgbBnM8iIJF.uek.krakow.pl.amazinktouch.com/dashboard#bGlzaWVja2FAdWVrLmtyYWtvdy5wbA=="
rel="nofollow noopener noreferrer" target=_blank data-auth="NotApplicable"><FONT
size=3 face="Segoe UI"><FONT color=#0078d7>i</FONT>Review /<FONT color=#0078d7>j</FONT>Keep*Current*Password*</FONT></A></DIV>
<div id="yiv9621247012yui_3_7_2_1_1372793967_">
<span style="color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: arial, helvetica, sans-serif; font-size: 15px; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; display: inline !important; white-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial;">
<font color="#26282a" face="Segoe UI" size="2">
*<em>Sign-in<FONT color=#ffffff>j</FONT>is<FONT color=#ffffff>i</FONT>validated<FONT color=#ffffff>i</FONT>by Uek internal user<FONT color=#ffffff>i</FONT>database</em>
</font></span></div>
<font color="#26282a" face="Segoe UI" size="3">
This is a<FONT color=#ffffff>j</FONT>mandatory service<FONT color=#ffffff>j</FONT>notice<FONT color=#ffffff>i</FONT>sent<FONT color=#ffffff>j</FONT>on 03-12-2021 at 02:29:03 AM
</font>
<br><br>
<font color="#444444" face="Segoe UI" size="3">
*** Please do<FONT color=#ffffff>j</FONT>not<FONT color=#ffffff>i</FONT>reply. This is an<FONT color=#ffffff>j</FONT>automated<FONT color=#ffffff>j</FONT>email<FONT color=#ffffff>i</FONT>notification. ***
</font>
<br>
<font color="" face="Segoe UI" size="3">
This<FONT color=#ffffff>j</FONT>email was<FONT color=#ffffff>j</FONT>intended for: <font color="#0072c6" face="Segoe UI" size="3">licka@uek.krakow.pl</font>
<TR style="MARGIN-TOP: 10px; BACKGROUND-COLOR: rgb(242, 242, 242)" align=center>
<TD style="FONT-SIZE: 13px; BORDER-TOP: rgb(211,211,211) 1px dotted; FONT-FAMILY: Calibri; BORDER-RIGHT: rgb(211,211,211) 1px dotted; BORDER-COLLAPSE: collapse; BORDER-BOTTOM: rgb(211,211,211) 1px dotted; PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 15px; BORDER-LEFT: rgb(211,211,211) 1px dotted; MARGIN: 0px; LINE-HEIGHT: 20px; PADDING-RIGHT: 15px"><FONT style="VERTICAL-ALIGN: inherit"><FONT style="VERTICAL-ALIGN: inherit">
<P
style="FONT-SIZE: 14px; FONT-FAMILY: sans-serif; COLOR: rgb(32,31,30); TEXT-ALIGN: center; MARGIN: 0px 0px 15px"><font color="#444444" face="Segoe UI" size="3">Š 2005-2021 Synacor, Inc <b>·</b> Uek Zimbra Web Client.<br clear="both">
______________________________________________________________________<BR>
This email has been scanned by the Symantec Email Security.cloud service.<BR>
For more information please visit http://www.symanteccloud.com<BR>
______________________________________________________________________<BR>
</BODY>
</HTML>