Hello Mark,
On 05/21/2012 03:22 PM, Mark Martinec wrote:
Alex,
Environment :
- Ubuntu - 10.04.3 LTS
- Postfix - 2.7.0-1ubuntu0.2
- Amavis - 1:2.6.4-1ubuntu5
- Spam Assassin - 3.3.1-1
- ClamAV - 0.96.5+dfsg-1ubuntu1.10.04.3
Symptoms - A couple of emails per day come through the system with empty
attachments. They have the following line in their header:
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
with expected boundary
- I have not been able to reproduce the problem myself
- Problematic mails re-sent often come through without problem, ie with
the attachment
- The offending mails generate ClamAV quarantine files, but even these
don't contain the attachments
- If I receive the same emails at a different account on an unrelated
system I see the attachment perfectly well
- We see the same issue from a number of unrelated senders
Sample header (anonymised):
From [email protected] Tue May 15 07:41:14 2012
Return-Path:<[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by mail.yyyyy.com (Postfix) with ESMTP id 170554C16E9;
Tue, 15 May 2012 07:41:14 +0200 (CEST)
X-Quarantine-ID:<Px1M0jVRJetN>
X-Virus-Scanned: Debian amavisd-new at yyyyy.com
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
with expected boundary
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-100 required=6.31
tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01]
autolearn=ham
Received: from mail.yyyyy.com ([127.0.0.1])
by localhost (yyyyy.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Px1M0jVRJetN; Tue, 15 May 2012 07:41:11 +0200 (CEST)
Received: by mail.yyyyy.com (Postfix, from userid 1002)
id BBE204C03D1; Tue, 15 May 2012 07:41:11 +0200 (CEST)
Received: from mail1.xxx.com (mail1.xxx.com [11.22.33.44])
by mail.yyyyy.com (Postfix) with ESMTP id 98EBC4C03D1;
Tue, 15 May 2012 07:41:11 +0200 (CEST)
From: XXXX XXXXX<[email protected]>
Subject: News
Thread-Topic: News
Thread-Index: Ac0yXHvsAZ0A5DlqQrO9zy68+EZRewAANCFg
Date: Tue, 15 May 2012 05:41:08 +0000
Message-ID:<[email protected]>
References:<[email protected]>
In-Reply-To:<[email protected]>
Accept-Language: de-CH, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/mixed;
boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-Copyrighted-Material: None
--_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
Content-Type: multipart/alternative;
boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
--_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
.....
This seems to happen before a message reaches amavisd.
Ok
Received: by mail.yyyyy.com (Postfix, from userid 1002)
So what is this thing that is re-injecting a message locally
from userid 1002 ???
We have a line in the Postfix configuration that blind copies every mail
going through the system to a local user. I guess this is the cause of
the re-injection. This is for audit purposes. I wonder now if that is
causing the issues somehow. I will remove this line temporarily to see
if it fixes the issue. If so we will find a better way of saving copies
of the mail.
Thanks for your pointer.
Mark
Alex
