Spam/Virus "duplicates" dropped when receiving multiple relayed identical incoming messages (but different recipients)

Bugs and fixes announcements. Please post real bugs and fixes here. Ask in the help forums if unsure.

Moderators: FlorianB, Pascal, bourgeois, mentor

Posts: 14
Joined: Tue Aug 13, 2013 5:27 pm
How did you hear about Mailcleaner: Google searching for antispam gateway

Spam/Virus "duplicates" dropped when receiving multiple relayed identical incoming messages (but different recipients)

Postby jimp » Tue Feb 14, 2017 11:04 pm

I have an external qmail host that is configured to relay its outgoing (submission port 587) SMTP traffic through MailCleaner, because of the ability to rate limit and search the logs comprehensively. When an email is relayed with multiple recipients, the qmail box will relay the outgoing message through MailCleaner to each recipient one at a time. Note that my test is to and from separate domains both configured in MailCleaner.

I was just performing some extensive testing of sending messages containing a virus (actually the EICAR test file, not a true virus), because I am developing a Maildrop script to handle tagged messages on the receiving end (for domains that dislike a separate spam quarantine). While testing delivery to multiple recipients at the same domain in the same email, I noticed only one recipient ever getting through.

A MailCleaner log trace show the both copies of the message arriving for relaying. The first is spam, Quarantined, and Tagged. The second is spam, Quarantined, and [-]. The trace on the first says "Spam Actions: message 1cdkY9-00027p-Tg actions are deliver" but the second says "Spam Actions: message 1cdkY9-00027l-TC actions are delete." The notable difference in the second one is a line that claims the spam check is cached. Nothing lands in either quarantine. One is tagged and delivered, the other is dropped.

I just did the same test with a spam message (GTUBE test), instead of Dangerous Content. Same result. One delivered, one dropped before exiting MailCleaner.

I can understand how this helps with performance (duplicate spam, different recipients), but it also blocks an office worker from emailing "attachment.doc" to several recipients. The first will receive it and can request a quarantine release, but the other recipients will think the email was never sent at all.

Is this a bug? I cannot find a setting (tried disabling botnet detection) to continue delivery on a spam cache hit. When I send the test email in separate emails within 1 second of each other, the problem doesn't occur. It only happens when I send "To:" both on the same email and the qmail server delivers them as individual submissions.

MailCleaner Status
Version : 2014.10
Patch level : 2014120101

Return to “Bugs and fixes”

Who is online

Users browsing this forum: No registered users and 2 guests