1 Topic by maciek_henwar (edited by maciek_henwar 2015-09-15 04:12:20)

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Topic: script making mail

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.3
- Linux/BSD distribution name and version: Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-29-generic x86_64)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====
Hi all,

Where can I find script who making/generating mail?
Uspecially where is config of From:, CC: and Bcc:

Thanks for help...
Maciek

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

I'm afraid that I don't quite understand what "making/generating mail" means.

Postfix will log from/to addresses in log file, maybe you can check it.

3 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

In my mail.log I can't find nothing what I interested. I have problems with adressess in some people. For example Mrs. Kowalski (jan.kowalski@domain.com.pl) send e-mail to Mrs. Nowak (adam.nowak@domain.com.pl) and in head of e-mail shows strange things, that is in section From: To: CC: BCC: shows incorrect adressess (ex. jan@p21.progreso.com, kowalski@p21.progreso.com, and last is correct jan.kowalski@domain.com.pl and similliar). When I ask technical support of external post domain (progreso) about this situation they say to me that "The fields From :, CC: and Bcc: are set by scripts / mail program."

Can you help me where find it?

Best regards,
Maciek

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

From/CC/BCC are generated by mail client applications like Outlook, Thunderbird, or scripts like PHP/Python/Perl/Shell/... scripts. you should know which application sent out emails, maybe webmail, maybe users' mail client applications.

By the way, why are you looking for From/CC/BCC?

5 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

And where I have to looking? Do you have any other ideas where can I looking problem?
I noticed one strange thing... The problem is when few users (about 3-4 users) send/reply/forward e-mails
from mail client (Outlook and Thunderbird). When the same people send/reply/forward mails from ROUNDCUBE (over www) this problem disappears.

I'll be very greatful in someone help me, because this problem goes on for over a month.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

you didn't clearly mention what problem you have, instead you just asking how to do something.

It looks like someone is sending spams through your mail server. I suggest you try this:

*) Download script 'find_top_sasl_usernames.sh' below:
https://bitbucket.org/zhb/iredmail/raw/ … ernames.sh

*) Run it to get top SASL authentication usernames:

# bash find_top_sasl_usernames.sh /var/log/mail.log

It will show you who sent out most emails, did they send out spams? if yes, try to reset their passwords.

7 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

I make this commands and shows me many account send e-mails the most, but only 2-3 has this problem. I've changed password on one of this and It has not helped to end. When I send from this one account (ex. serwis@domain.pl) to another in this domain (john@domain.pl) from Thunderbird client I receive mail with correct addressess, but other person in another domain (this domain is belong to us), ex. marek@domain1.pl adressess are incorrect, ex. below
From     Serwis@p21c.progreso.pl, serwis@konsbud-audio.com.pl
To     henwar@konsbud-audio.com.pl, m.lewanty@apart-audio-polska.pl Magazyn@p21c.progreso.pl, magazyn@konsbud-audio.com.pl
Date     Today 15:51

This is real example. Correct domain it is: konsbud-audio.com.pl, wrong: p21c.progreso.pl.
Domain konsbud-audio.com.pl we have on our mail server (iRedMail, Ubuntu),
and apart-audio-polska is on external server (hoster: progreso.pl) and web client this domain
looks like iRedMail Roundcube (maybe little cut).

Please, help me...
I don't have idea what can I else do sad
This issue has been going two months

Best regards,
Maciek

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

Did you use 'p21c.progreso.pl' in any config files under /etc/? try this:

grep -ilr 'p21c.progreso.pl' /etc/*

9 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

After make this command below show:
root@poczta:~# grep -ilr 'p21c.progreso.pl' /etc/*
grep: /etc/blkid.tab: No such file or directory
grep: /etc/dovecot/conf.d/.#10-logging.conf: No such file or directory
grep: /etc/ssl_26.01.2015/certs/9b353c9a.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/TDC_Internet_Root_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/d537fba6.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/RSA_Root_Certificate_1.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/9af9f759.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/TC_TrustCenter__Germany__Class_3_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/1df5ec47.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/656b3e35.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Verisign_Class_2_Public_Primary_Certification_Authority.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ed049835.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/6adf0799.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/11a09b38.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Firmaprofesional_Root_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/9818ca0b.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/5f267794.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/55a10908.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/48ef30f1.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ed524cf5.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/bcdd5959.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/54edfa5d.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ValiCert_Class_2_VA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/7d3cd826.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/8f7b96c4.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/1155c94b.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/0f11b315.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ca.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/6faac4e3.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/972672fc.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/b5f329fa.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ValiCert_Class_1_VA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Wells_Fargo_Root_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/2cfc4974.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/TDC_OCES_Root_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/b097d71d.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/6e52cc39.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/20d096ba.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/cacert.org.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/f4996e82.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/99d0fa06.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Equifax_Secure_eBusiness_CA_2.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Entrust.net_Secure_Server_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/408e388a.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/ce026bf8.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/4597689c.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/03f0efa4.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/5ed36f99.0: No such file or directory
grep: /etc/ssl_26.01.2015/certs/TC_TrustCenter_Universal_CA_III.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/TC_TrustCenter__Germany__Class_2_CA.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/spi-ca-2003.pem: No such file or directory
grep: /etc/ssl_26.01.2015/certs/256fd83b.0: No such file or directory

What's that mean? ANy ideas?

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

No idea why it shows so many 'no such file or directory' error, it should return matched file or nothing.

11 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

Sooo... you can't help me sad
You don't have any others ideas?

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: script making mail

Sorry, no idea yet.

13 Reply by maciek_henwar

  • maciek_henwar
  • Member
  • Offline
  • Registered: 2015-09-15
  • Posts: 22

Re: script making mail

I find solution. Progreso as mail provider has some script who add to e-mail domain p21.progreso.pl who in his name special characters [] e.x. Jan Kowaski [Company] to his servers.