Email to the wrong mailbox
Email to the wrong mailbox
Hello everyone,
I recently found a weird "bug" in my Efa. Some email are receive by the wrong person in our domain. When i checked in Efa, the "to:" show the "to:wrongperson@mydomain.com". (Checked in logs, MailWatch and outlook mail properties) And anywhere in the header it mention another possible receiver.
We ask the sender if it was a mistake by them but they never send the email to "wrongperson@mydomain.com". It happen to a couple different sender but "wrongreceiver@mydomain.com" is always the same.
My system as been running since a bit more than a year now and its up to date to the lastest version.
Everything else work fine, it only happen ~1/7000email.
Anyone would know what is this issue or have any clue where to begin ?
Thanks
			
			
									
						
										
						I recently found a weird "bug" in my Efa. Some email are receive by the wrong person in our domain. When i checked in Efa, the "to:" show the "to:wrongperson@mydomain.com". (Checked in logs, MailWatch and outlook mail properties) And anywhere in the header it mention another possible receiver.
We ask the sender if it was a mistake by them but they never send the email to "wrongperson@mydomain.com". It happen to a couple different sender but "wrongreceiver@mydomain.com" is always the same.
My system as been running since a bit more than a year now and its up to date to the lastest version.
Everything else work fine, it only happen ~1/7000email.
Anyone would know what is this issue or have any clue where to begin ?
Thanks
Re: Email to the wrong mailbox
Sorry Phil, I do not understand what your problem is exactly.
Are you saying that someone is sending message to "me@example.com" but the message actually goes to "you@example.com"?
			
			
									
						
										
						Are you saying that someone is sending message to "me@example.com" but the message actually goes to "you@example.com"?
Re: Email to the wrong mailbox
Hello pdwalker,
Sorry if the problem is a bit unclear 
 
Yes, our client try to send the email to "me@example.com" but we receive it as to "you@example.com"
If i checked the email header in Efa, the to: field is "you@example.com".
Thanks
			
			
									
						
										
						Sorry if the problem is a bit unclear
 
 Yes, our client try to send the email to "me@example.com" but we receive it as to "you@example.com"
If i checked the email header in Efa, the to: field is "you@example.com".
Thanks
Re: Email to the wrong mailbox
What is your mail system?  MS Exchange Server?  Also provide the version if you know it.
It basically sounds like you have an alias defined that maps me@example.com to you@example.com.
			
			
									
						
										
						It basically sounds like you have an alias defined that maps me@example.com to you@example.com.
Re: Email to the wrong mailbox
My mail system is exchange server 2010. (sp1)
If the problem was that, should we expect Efa to get the message with to "me@example.com" and then when exchange get it, change it for "you@example.com" since Efa get the email first ? 
 
I checked and there is no alias or mapping between the 2 address.
Thanks
			
			
									
						
										
						If the problem was that, should we expect Efa to get the message with to "me@example.com" and then when exchange get it, change it for "you@example.com" since Efa get the email first ?
 
 I checked and there is no alias or mapping between the 2 address.
Thanks
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Email to the wrong mailbox
There has to be a reason, regardless of the cause...
Exchange remapping
A fowarder rule
eFa misdirecting an email
Very curious about this cause....
			
			
									
						
										
						Exchange remapping
A fowarder rule
eFa misdirecting an email
Very curious about this cause....
Re: Email to the wrong mailbox
I did some testing with the forward and mapping with exchange.
EFa receive the email with the initial "to" regardless of mapping or forward on the exchange side. (For receiving external mail) That mean that, even if there is mapping or not, i should see "me@example.com" and not "you@example.com". :/
Is there a config file in eFa we can do mapping or forward that i could check ? or a specific log for more detail ?
Thanks
			
			
									
						
										
						EFa receive the email with the initial "to" regardless of mapping or forward on the exchange side. (For receiving external mail) That mean that, even if there is mapping or not, i should see "me@example.com" and not "you@example.com". :/
Is there a config file in eFa we can do mapping or forward that i could check ? or a specific log for more detail ?
Thanks
Re: Email to the wrong mailbox
So, mail to efa addressed to "to@example.com" gets sent to your exchange server as "you@example.com".
Can you tell me what the "me" and "you" parts are? Just curious to see if that gives me an additional hint.
The answers should all be in /var/log/maillog. You should see the mail come in, and then go out to your exchange server. For example, I just sent a mail to one of my accounts and here is how the log looks like:
message received and accepted from upstream provider (they filter my messages first before EFA does for additional protection)
And here is where EFA passes the message on to my exchange server
So, I can see the received message was given an ID of 62189180061, and postfix requeued it as C93C2180490.
Perhaps if you find your message ids, you can track what happens in the log files and see what postfix is sending to your exchange server.
Also, you might want look at /etc/aliases to see if there is anything weird in that file.
			
			
									
						
										
						Can you tell me what the "me" and "you" parts are? Just curious to see if that gives me an additional hint.
The answers should all be in /var/log/maillog. You should see the mail come in, and then go out to your exchange server. For example, I just sent a mail to one of my accounts and here is how the log looks like:
message received and accepted from upstream provider (they filter my messages first before EFA does for additional protection)
Code: Select all
Aug 29 12:59:18 efa postfix/smtpd[19810]: Anonymous TLS connection established from mail6.bemta12.messagelabs.com[216.82.250.247]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 29 12:59:19 efa sqlgrey: whitelist: pdwalker@from.domain, 216.82.250.247(mail6.bemta12.messagelabs.com) -> pdwalker@to.domain
Aug 29 12:59:19 efa postfix/smtpd[19810]: 62189180061: client=mail6.bemta12.messagelabs.com[216.82.250.247]
Aug 29 12:59:19 efa postfix/cleanup[19814]: 62189180061: hold: header Received: from mail6.bemta12.messagelabs.com (mail6.bemta12.messagelabs.com [216.82.250.247])??(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))??(No client certificate requested) from mail6.bemta12.messagelabs.com[216.82.250.247]; from=<pdwalker@from.domain> to=<pdwalker@to.domain> proto=ESMTP helo=<mail6.bemta12.messagelabs.com>
Aug 29 12:59:19 efa postfix/cleanup[19814]: 62189180061: message-id=<CANT6AS8Ks5ko7SuZbweEkeS6ifPdUm_CVhc6u-odgCOYn_ZnuQ@mail.gmail.com>
Aug 29 12:59:19 efa opendkim[2005]: 62189180061: mail6.bemta12.messagelabs.com [216.82.250.247] not internal
Aug 29 12:59:19 efa opendkim[2005]: 62189180061: not authenticated
Aug 29 12:59:20 efa opendkim[2005]: 62189180061: DKIM verification successful
Aug 29 12:59:21 efa MailScanner[13809]: New Batch: Scanning 1 messages, 5658 bytes
Aug 29 12:59:21 efa MailScanner[13809]: Virus and Content Scanning: Starting
Aug 29 12:59:25 efa postfix/smtpd[19810]: disconnect from mail6.bemta12.messagelabs.com[216.82.250.247] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7Code: Select all
Aug 29 12:59:38 efa MailScanner[13809]: Requeue: 62189180061.A9764 to C93C2180490
Aug 29 12:59:38 efa postfix/qmgr[2589]: C93C2180490: from=<pdwalker@from.domain>, size=4557, nrcpt=1 (queue active)
Aug 29 12:59:38 efa MailScanner[13809]: Uninfected: Delivered 1 messages
Aug 29 12:59:38 efa MailScanner[13809]: Deleted 1 messages from processing-database
Aug 29 12:59:38 efa MailScanner[13809]: MailWatch: Logging message 62189180061.A9764 to SQL
Aug 29 12:59:38 efa MailScanner[13813]: MailWatch: 62189180061.A9764: Logged to MailWatch SQL
Aug 29 12:59:38 efa postfix/smtp[20076]: C93C2180490: to=<pdwalker@to.domain>, relay=exchange.server.local[192.168.1.1]:25, delay=20, delays=20/0/0/0.37, dsn=2.6.0, status=sent (250 2.6.0 <CANT6AS8Ks5ko7SuZbweEkeS6ifPdUm_CVhc6u-odgCOYn_ZnuQ@mail.gmail.com> Queued mail for delivery)
Aug 29 12:59:38 efa postfix/qmgr[2589]: C93C2180490: removedPerhaps if you find your message ids, you can track what happens in the log files and see what postfix is sending to your exchange server.
Also, you might want look at /etc/aliases to see if there is anything weird in that file.
Re: Email to the wrong mailbox
Me = sales@domain.com (intended receiver)
You = bob@domain.com
client = client@clientdomain.com
Scenario : Bob receive invoice from our client instead of the sales department.
Here the log in the maillog. (replace the name with the above for confidentiality) Efa received the email to bob@domain.com.
The weird part is, it happen for that email but the rest before and after are send to the right person from that client. 
It happen to a couple client but bob@domain.com is always the same unintended receiver.
For the /var/aliases file, everything looks normal and default i think.
EDITED:
i checked the router logs and it received the email "from:client@clientdomain.com, to:bob@domain.com" also. Look like the problem is before eFa. :/
Thanks
			
			
									
						
										
						You = bob@domain.com
client = client@clientdomain.com
Scenario : Bob receive invoice from our client instead of the sales department.
Here the log in the maillog. (replace the name with the above for confidentiality) Efa received the email to bob@domain.com.
Code: Select all
Aug 24 15:50:13 efa postfix/smtpd[7661]: 9A741120067: client=relais.relaisClient[RelaisClientIP]
Aug 24 15:50:16 efa postfix/cleanup[8853]: 9A741120067: hold: header Received: from relais.relaisClient (relais.relaisClient [RelaisClientIP])??(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))??(No client certificate requested)??by efa.domain.local  from relais.relaisClient[RelaisClientIP];from=<client@clientdomain.com> to=<bob@domain.com> proto=ESMTP helo=<relais.relaisClient>
Aug 24 15:50:16 efa postfix/cleanup[8853]: 9A741120067: message-id=<8175f30de45f4b70ae2137476f70e96c@exch01.ci.local>
Aug 24 15:50:20 efa MailScanner[4624]: HTML Img tag found in message 9A741120067.A023E from client@clientdomain.com
Aug 24 15:50:25 efa MailScanner[4624]: Requeue: 9A741120067.A023E to A4E79120052
Aug 24 15:50:25 efa MailScanner[4624]: Uninfected: Delivered 1 messages
Aug 24 15:50:25 efa postfix/qmgr[1915]: A4E79120052: from=<client@clientdomain.com>, size=501695, nrcpt=1 (queue active)
Aug 24 15:50:25 efa MailScanner[4624]: Deleted 1 messages from processing-database
Aug 24 15:50:25 efa MailScanner[4624]: MailWatch: Logging message 9A741120067.A023E to SQL
Aug 24 15:50:25 efa MailScanner[4632]: MailWatch: 9A741120067.A023E: Logged to MailWatch SQL
Aug 24 15:50:26 efa postfix/smtp[8839]: A4E79120052: to=<bob@domain.com>, relay=ExchangeIP[ExchangeIP]:25, delay=13, delays=12/0/0/0.28, dsn=2.6.0, status=sent (250 2.6.0 <8175f30de45f4b70ae2137476f70e96c@exch01.ci.local> [InternalId=20117] Queued mail for delivery)
Aug 24 15:50:26 efa postfix/qmgr[1915]: A4E79120052: removed
It happen to a couple client but bob@domain.com is always the same unintended receiver.
For the /var/aliases file, everything looks normal and default i think.
EDITED:
i checked the router logs and it received the email "from:client@clientdomain.com, to:bob@domain.com" also. Look like the problem is before eFa. :/
Thanks
Re: Email to the wrong mailbox
You've figured it out 
It's the clients mail program that's the culprit.
Are they running outlook by chance?
One neat gotcha that you can do with outlook so your address object can appear as 'sales@domain' while the actual email attribute is 'bob@domain'.
Or they may have an alias on their server that changes sales to bob. Don't know It is their system and there is nothing you can do on their side.
If the client is unwilling to fix their problem, or unable( you could setup an exchange transport rule like:
If mail from client, sent to bob, redirect it to sales.
I strongly do not recommend doing this though.
			
			
									
						
										
						It's the clients mail program that's the culprit.
Are they running outlook by chance?
One neat gotcha that you can do with outlook so your address object can appear as 'sales@domain' while the actual email attribute is 'bob@domain'.
Or they may have an alias on their server that changes sales to bob. Don't know It is their system and there is nothing you can do on their side.
If the client is unwilling to fix their problem, or unable( you could setup an exchange transport rule like:
If mail from client, sent to bob, redirect it to sales.
I strongly do not recommend doing this though.
Re: Email to the wrong mailbox
I was about to suggest the very same thing, its most probably Outlook on the client side, maybe Outlook's autocomplete is messed up. I'm sure if you ask them to forward you one of these emails as attachments and then look into the headers of that email you will see they were actually writing to bob@domain.com
			
			
									
						
										
						Re: Email to the wrong mailbox
At least we know eFa is running well, thx pdwalker for taking time to look at the problem and thx to ovizli for the good idea.
Thanks
			
			
									
						
										
						Thanks

