Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#1372 closed Bug/Something is broken (fixed)

Email messages delayed several days

Reported by: https://id.mayfirst.org/workersliberty Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: email greylisting Cc:
Sensitive: no

Description

I've just today [05/09/08] received an email sent on 25/08/08. It may be significant that it arrived together with another email sent by the same person to me on 01/09/08. I've noticed one other example recently of an email being delayed several days, and then arriving after the person writing to me has written again. That other example, by the way, was from someone mailing via a different ISP.

Anyway, these are the relevant headers. There's a baffling (to me) date of Fri, 4 Apr 2008 in the middle of the headers from the first message.

Subject: Re: The Iran/Israel furore From: david.osler@… Date: Mon, 25 Aug 2008 11:38:10 +0000 (GMT) To: martin@… X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: <david.osler@…> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on albizu.mayfirst.org X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,HTML_MESSAGE, MIME_HTML_ONLY autolearn=no version=3.2.3 X-Original-To: martin.thomas@… Delivered-To: martin.thomas@… Received: from localhost (localhost [127.0.0.1]) by albizu.mayfirst.org (Postfix) with ESMTP id 23FE768082 for <martin.thomas@…>; Fri, 5 Sep 2008 00:18:52 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at albizu.mayfirst.org Received: from albizu.mayfirst.org ([127.0.0.1]) by localhost (albizu.mayfirst.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oeqm826glNSC for <martin.thomas@…>; Fri, 5 Sep 2008 00:18:52 -0400 (EDT) X-Greylist: delayed 1533 seconds by postgrey-1.27 at albizu; Fri, 05 Sep 2008 00:18:51 EDT Received: from smtprelay.hostedemail.com (smtprelay0196.hostedemail.com [216.40.44.196]) by albizu.mayfirst.org (Postfix) with ESMTP id EE0DD6807F for <martin@…>; Fri, 5 Sep 2008 00:18:51 -0400 (EDT) Received: from smtprelay.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtpgrave01.hostedemail.com (Postfix) with ESMTP id EF96DA4E9FB for <martin@…>; Fri, 4 Apr 2008 22:17:02 +0000 (UTC) Received: from filter.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtprelay03.hostedemail.com (Postfix) with SMTP id A3EBF15AFA7 for <martin@…>; Mon, 25 Aug 2008 11:38:10 +0000 (UTC) X-SpamScore: 1 Received: from webmail08 (imap-ext [216.40.42.5]) (Authenticated sender: david.osler@…) by omf04.hostedemail.com (Postfix) with ESMTP for <martin@…>; Mon, 25 Aug 2008 11:38:10 +0000 (UTC) Reply-To: david.osler@… Message-ID: <1636677078.526491219664290502.JavaMail.mail@webmail08> MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-session-marker: 64617669642E6F736C65724076697267696E2E6E6574

Subject: Re: The Iran/Israel furore From: david.osler@… Date: Mon, 1 Sep 2008 10:45:25 +0000 (GMT) To: martin@… X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: <david.osler@…> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on albizu.mayfirst.org X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,HTML_MESSAGE, MIME_HTML_ONLY autolearn=no version=3.2.3 X-Original-To: martin.thomas@… Delivered-To: martin.thomas@… Received: from localhost (localhost [127.0.0.1]) by albizu.mayfirst.org (Postfix) with ESMTP id C41CE68082 for <martin.thomas@…>; Fri, 5 Sep 2008 00:31:46 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at albizu.mayfirst.org Received: from albizu.mayfirst.org ([127.0.0.1]) by localhost (albizu.mayfirst.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTNz31fe3Rdd for <martin.thomas@…>; Fri, 5 Sep 2008 00:31:46 -0400 (EDT) Received: from smtprelay.hostedemail.com (smtprelay0097.hostedemail.com [216.40.44.97]) by albizu.mayfirst.org (Postfix) with ESMTP id 980786807F for <martin@…>; Fri, 5 Sep 2008 00:31:46 -0400 (EDT) Received: from smtprelay.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtpgrave01.hostedemail.com (Postfix) with ESMTP id D57938DC01F for <martin@…>; Mon, 1 Sep 2008 10:45:26 +0000 (UTC) Received: from filter.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtprelay01.hostedemail.com (Postfix) with SMTP id 912C3812566 for <martin@…>; Mon, 1 Sep 2008 10:45:25 +0000 (UTC) X-SpamScore: 1 Received: from webmail06 (imap-ext [216.40.42.5]) (Authenticated sender: david.osler@…) by omf05.hostedemail.com (Postfix) with ESMTP for <martin@…>; Mon, 1 Sep 2008 10:45:25 +0000 (UTC) Reply-To: david.osler@… Message-ID: <1798372025.1298381220265925266.JavaMail.mail@webmail06> MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-session-marker: 64617669642E6F736C65724076697267696E2E6E6574

Martin

Didn't you get my earlier reply?

Change History (2)

comment:1 Changed 10 years ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from new to closed

Hi Martin,

Thanks for posting the headers of the email message - that makes it much easier to identify the problem. Unfortunately, our wiki displayed the headers as one giant blob of text. In the future, you can avoid that by enclosing headers or any other single-spaced content between three curly braces:

{{{
like this
and this
}}} 

Despite our wiki formatting problems, the info was in your post and I was able to track down what happened.

The problem is due to a combination of our greylisting setup and the sender's mis-configured mail server.

We've reduced spam considerably by deferring email the first time it is sent to our server, and then, if it is resent within 2 days, we accept the message and don't greylist them again (unless they go 35 days without sending a new message to you).

The reason this works is because of an Internet-wide agreement on how email should be resent if the first delivery is deferred. All servers should retry in at least 30 minutes. That means that for 99% of the Internet, postgrey delays delivery by 30 minutes or so the first time someone emails you. After that, postgrey doesn't get in the way at all. And, you (and our servers) have considerably less spam to contend with.

This system works great unless... you are receiving email from a server that does not conform to Internet standards.

In this example, I've carefully examined the logs dating back to August 31 and found the following (all times are America/New_York time - which is the timezone our logs are kept in):

  • david.osler sent two messages to you, one right after the other at Sep 1 06:45:26. It's also possible that david.osler's mail server retried immediately after getting deferred the first time. It's not clear if it's one or two different messages.
  • Our server deferred the messages.
  • We never heard from the sending server again until Sep 4 23:53:18, when it tried to send you an email (again, not clear if the sending server simply waited 3 full days to resend the old email or whether this was a new message). Since the greylisting 2 day period had already expired, the message was once again greylisted
  • The sending server again connected at Sep 5 00:18:51. Now, our greylisting software accepted the message.
  • The sending server sent another message at Sep 5 00:31:46 (that's message number two in your post). Since the greylisting had already been lifted, it went through immediately as well.

So conclusions... I suspect that david.osler's sending server may be seriously broken and he may not be getting all of his emails delivered. Greylisting is fairly common these days, so I would encourage him to follow up with his service provider (and reference this post if it's helpful). I think that his server is simply not trying to resend mail when it is deferred the first time. Only when he happens to send you two messages within a 2 day period will you get them.

In the meantime, I don't see any abuse from his server in our log files, so I've added his server to our white list file so our server will no longer greylist emails from his server.

As for the April date. Sheesh. Looks like hostedemail.com has some date configuration problems on their servers. Those are the time stamps added as the email was passed between internal hostedemail.com servers.

comment:2 Changed 10 years ago by https://id.mayfirst.org/jamie

  • Keywords email greylisting added

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.