Friday, December 20, 2002 you wrote:
OW> I believe they are totally bogus. That is not actually received by
OW> iMail but somehow generated for whatever reason. Thus they do not
OW> appear in the log.
I don't know how they'd get in a mailbox without IMAIL placing the
message in the mailbox. And if Imail is putting the message in the
mailbox but not logging it then there are 2 problems: 1) the blank
message, and 2) the absence of a log entry.
You might try setting logging to DEBUG mode.
OW> The ones I have seen are different. These seem to have some sort
OW> of header associated. The ones I am seeing do not.
So are you seeing the messages in the mbx or already downloaded by
a client? Having no headers at all seems very strange to me.
I'd be considering the client in this case and I'd try leaving the
message on the server and then downloading the same message via
different client, checking by web mail, or manual inspection.
OW> We run McAfee Net Shield ... before this started
Well, virus scanners definitely can cause blank messages but you
should be excluding your spool and mailbox directories from Virus
scanning. If you're not then that could be something to
investigate further and certainly you want to keep the scanner
away from your IMAIL spool and user directories. You could get
entire mailboxes deleted.
OW> I can't imagine what one could do with a client configuration that
OW> would lead to this.
Actually it is not so uncommon although it is relatively rare in
my experience to see a completely blank message. I have a client
who sends me messages via Microsoft Entourage from a MAC and
includes pdf attachments. My "the Bat!" client usually cannot
"see" the attachments because Entourage does not properly end the
mime segment boundary. However, it does tell me the proper size
of the message so when I see one I just use a binary editor to
extract the mime. Now as far as who is at fault it depends upon
your viewpoint. Entourage clearly violates the rfc in the way in
which it breaks the boundary so I suppose technically "the Bat!"
is correct in not displaying it. However, other clients do render
it is one of those things best left to others to argue about.
It happens with just about every program from time to time.
MIME is just complicated.
>>broken senders
OW> What do you mean here? Even if this were the cause it should leave
OW> some tracks.
Well, I agree. I just have not ever seen a message come through
that did not appear somewhere in the logs.
But if you are certain you are downloading the message from IMAIL
then it still seems to me that the more likely place to look is
your client until you can prove there are empty messages on the
IMAIL sever. That's what I'd try to do if I were you.
On the other hand if you seeing the blanks on the IMAIL server in
the mailbox then that has to be something else.
One other thing that might cause this although I've never actually
observed it is a dictionary attack. A dictionary attack often
leaves a bunch of orphan q files but usually no message. I suppose it
is possible that some harvesting program is terminating in such a way
as to leave a blank msg file. I've never seen it in any of
the dictionary attacks we've had. Even then there should be a log
entry.
Hope you find it -
Terry Fritts
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
