[Dovecot] delivery to incorrect user
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
Without knowing details, could the messages have been BCC'd to her?
jpollara@lawnchair.net wrote:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
I checked all the obvious stuff. They were not BCC'd to her. She got a lot of confidential emails that were not even addressed to her. Not sure what's going on. She happens to be using POP3 and it seems as if she cleared out this other users mail box who was using IMAP.
Without knowing details, could the messages have been BCC'd to her?
jpollara@lawnchair.net wrote:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
Some MUA's make it clear a message has been BCC'd. Others do not.
The messages could conceivably be spam or viral, as well.
On Wed, 2005-01-12 at 08:49 -0600, Robert Cooper wrote:
Without knowing details, could the messages have been BCC'd to her?
jpollara@lawnchair.net wrote:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
As much as I wish they were BCC'd to her, they were not. These were all confidential emails from another users mailbox.
Dan Stromberg wrote:
Some MUA's make it clear a message has been BCC'd. Others do not.
The messages could conceivably be spam or viral, as well.
On Wed, 2005-01-12 at 08:49 -0600, Robert Cooper wrote:
Without knowing details, could the messages have been BCC'd to her?
jpollara@lawnchair.net wrote:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
Well if its spam or virus it might be that its sent by Bcc: field and then she wont appear at the To: field
jpollara@lawnchair.net skrev:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
-- Bengt-Arne Fjellner 0910-58 53 69
Unfortuantely it's not spam or a virus. They were real emails sent from one particular user to another user. She even cleared out this users mailbox because she was using pop3 and the other person was using imap.
Bengt-Arne Fjellner wrote:
Well if its spam or virus it might be that its sent by Bcc: field and then she wont appear at the To: field
jpollara@lawnchair.net skrev:
Yesterday a user reported to me that she received a bunch of emails that were not addressed to her. I'm using dovecot version 0.99.11 along with postfix and amavisd-new. I don't know how this happened because each mail file in /var/mail/ is only readable by the user. Has anyone ever heard of this happening before?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12-01-2005 16:19, Josh Pollara wrote:
Unfortuantely it's not spam or a virus. They were real emails sent from one particular user to another user. She even cleared out this users mailbox because she was using pop3 and the other person was using imap.
Maybe too obvious, but check that those two users do not have same userid.
- Jonas
- Jonas Smedegaard - idealist og Internet-arkitekt
- Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5Upun7DbMsAkQLgRArEHAJ42mgFN/zGlbPOWaoR/zhIz5JqzWwCeJMc6 WgasvImoxLNzYGUhFVGyOP4= =Z2xD -----END PGP SIGNATURE-----
Yah...thats the first thing I checked. They're not the same. owell. Maybe it's not dovecot? Could it be postfix, amavisd-new, or procmail?
Jonas Smedegaard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12-01-2005 16:19, Josh Pollara wrote:
Unfortuantely it's not spam or a virus. They were real emails sent from one particular user to another user. She even cleared out this users mailbox because she was using pop3 and the other person was using imap.
Maybe too obvious, but check that those two users do not have same userid.
- Jonas
- Jonas Smedegaard - idealist og Internet-arkitekt
- Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5Upun7DbMsAkQLgRArEHAJ42mgFN/zGlbPOWaoR/zhIz5JqzWwCeJMc6 WgasvImoxLNzYGUhFVGyOP4= =Z2xD -----END PGP SIGNATURE-----
Here's a long shot, but if these are "real" unix users, could they have the same number uid?
jpollara@lawnchair.net wrote:
Yah...thats the first thing I checked. They're not the same. owell. Maybe it's not dovecot? Could it be postfix, amavisd-new, or procmail?
Jonas Smedegaard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12-01-2005 16:19, Josh Pollara wrote:
Unfortuantely it's not spam or a virus. They were real emails sent from one particular user to another user. She even cleared out this users mailbox because she was using pop3 and the other person was using imap.
Maybe too obvious, but check that those two users do not have same userid.
- Jonas
- Jonas Smedegaard - idealist og Internet-arkitekt
- Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5Upun7DbMsAkQLgRArEHAJ42mgFN/zGlbPOWaoR/zhIz5JqzWwCeJMc6 WgasvImoxLNzYGUhFVGyOP4= =Z2xD -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12-01-2005 17:05, jpollara@lawnchair.net wrote:
Maybe it's not dovecot? Could it be postfix, amavisd-new, or procmail?
If you want anything but wild speculations then - as others suggested already - provide more info.
Logfiles, and headers of the emails involved (scrambling private parts).
- Jonas
- Jonas Smedegaard - idealist og Internet-arkitekt
- Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5VCgn7DbMsAkQLgRAlE9AKCOkKbS1b0n5otixf4YTM4tKKcSBACgps1B EdQTa7GZcoS6LLCQFOUxw5w= =f3bG -----END PGP SIGNATURE-----
participants (6)
-
Bengt-Arne Fjellner
-
Dan Stromberg
-
Jonas Smedegaard
-
Josh Pollara
-
jpollara@lawnchair.net
-
Robert Cooper