作者:kanlikanliti_627 | 来源:互联网 | 2023-09-03 14:00
What version of Gophish are you using?:
Version 0.5.0
Brief description of the issue:
A large number of the campaign recipients are receiving the phishing email twice.
What are you expecting to see happen? :
The email should only be sent once per email address.
What are you seeing happen?
I've run 7 campaigns of varying size. Out of the 7 campaigns 2 of them have occurrences where emails were sent multiple times to the same email address. I've verified within the 'mail.log', the GoPhish web interface and with our email team that this is occuring. What's odd is that with the exception of the emailing list (addresses and size), there have been no changes between any of the campaigns or the mail server. The times that this issue occurred were campaign 4 and 7, with there being no issues inbetween or prior. From what I can tell, there is a unique identifier for each email sent in the 'mail.log' file. This would imply to me at least, that postfix is being told to send the email 2 seperate unique times.
Please provide any terminal output that may be relevant below:
I've included a screenshot from GoPhish showing that the email status, "Email Sent", shows up twice. I've also included output from the mail.log file. I've sanitized certain data, but this shows the same recipient receiving the email twice over the course of 4 seconds.
1 2 3 4 5 6 7 8 9 10 11 12
| May 18 13:09:41 ServerNameReplaced postfix/smtpd[6660]: 896DA3FBFC: client=localhost[127.0.0.1]
May 18 13:09:41 ServerNameReplaced postfix/cleanup[6748]: 896DA3FBFC: message-id&#061;<20180518130941.896DA3FBFC>
May 18 13:09:41 ServerNameReplaced postfix/qmgr[19971]: 896DA3FBFC: from&#061;, size&#061;1148, nrcpt&#061;1 (queue active)
MAY 18 13:09:41 ServerNameReplaced POSTFIX/SMTP[6751]: 896DA3FBFC: to&#061;, relay&#061;DestinationServerRemoved[x.x.x.x]:25, delay&#061;0.16, delays&#061;0/0/0.04/0.12, dsn&#061;2.0.0, status&#061;sent (250 2.0.0 2hyj7phj4d-1 message accepted for delivery)
MAY 18 13:09:41 ServerNameReplaced POSTFIX/QMGR[19971]: 896DA3FBFC: REMOVED
May 18 13:09:45 ServerNameReplaced postfix/smtpd[6668]: 428583FBFB: client&#061;localhost[127.0.0.1]
May 18 13:09:45 ServerNameReplaced postfix/cleanup[6748]: 428583FBFB: message-id&#061;<20180518130945.428583FBFB>
May 18 13:09:45 ServerNameReplaced postfix/qmgr[19971]: 428583FBFB: from&#061;, size&#061;1148, nrcpt&#061;1 (queue active)
May 18 13:09:45 ServerNameReplaced postfix/smtp[6749]: 428583FBFB: to&#061;, relay&#061;DestinationServerRemoved[x.x.x.x]:25, delay&#061;0.18, delays&#061;0/0/0.04/0.13, dsn&#061;2.0.0, status&#061;sent (250 2.0.0 2hwu6g7rnw-1 Message accepted for delivery)
May 18 13:09:45 ServerNameReplaced postfix/qmgr[19971]: 428583FBFB: removed
|
Please provide as many steps as you can to reproduce the problem:
I'm not sure how to reproduce this problem. As I stated above it's only occured with 2 of the 7 campaigns I've run. The 7th campaign was fairly large (5,000 recipients), however the 4th campaign was only 1,000, which was smaller than the 3,000 recipients for campaign 5 and 6. I don't believe size is playing a part in this.
该提问来源于开源项目:gophish/gophish
Hi,
We are sending to 3324 users, we found that the email is being sent out twice to some users. I'm also seeing captures going down. People who have clicked the link and we're losing the results.
This is not great as we're running a live test at the moment.
We're using the latest version of gophish (v0.8.0).
I downloaded the raw list of events and I can see that we have duplicates in there. Not only are the clients receiving the email twice but the campaign stats figures have been going down.
We checked our input data and it seems that there were some records supplied by the client that had NULL values in them (As an unquoted string in an excel cell).
Looking in the gophish user group those 32 records seem to be missing (they weren't imported as expected) however when running the live phish the emails are duplicated and the clickthrough submitted figures are skewed.