Keep receiving the same email from 2 months ago

Help with Unusual Circumstances
1

Within the last couple of days my email has gone crazy. My two Macs using Mail.app started reloading all of my email and my iPhone mail app showed only a handful of messages but said I had 70,000+ unread. The inbox showed a few emails for that day then an email from two months ago and that was it. The other mailboxes appeared to be ok. My Mac email inboxes also appeared ok.

From my iPhone, thinking there might be something wrong with the older email, I tried to delete it and was asked if I really wanted to delete 70,000 messages. Now I really think there is an issue with that email. I should also add here that there are discrepancies between all of my email clients as to what is actually in my inbox.

I checked it out in RoundCube, and there were indeed 70,000+ copies of the email from two months ago. They were also still coming in. At some point in the last 15-20 minutes or so, 45 additional copies have appeared. They are all dated 4/22/22. The info in the headers is also dated 4/22/22.

I have been watching the mail log and don’t see any entries associated with the additional emails. mailq comes up empty. I’m not sure if there’s another queue I can check or not. The mail came from a CMS at BlueHost and although I manage it, I don’t have access to anything mail related. I have been avoiding the rabbit hole known as “let’s talk to BlueHost support about it”. But that is on the list eventually. Since there is nothing in the log, I kind of doubt that’s where the issue is.

Oh yeah, I have rebooted the server as well as my phone and one of the Macs with no joy. I just can’t figure out where the suckers are coming from. I should try shutting all of my clients down and see if it continues. I’ll do that as some point when I can break away from my day-job.

I am due for a MiaB update, but I think I’m only one version behind. That’s also on the list to try at some point, but again, due to when this started, I don’t think that’s going to be the issue.

So, thoughts on what might be happening or any additional steps to troubleshoot? The only place I can see all the messages is in RoundCube and I have been trying to delete them from there but the max is 200 at a time so it’s taking awhile. Also, if they keep coming in, simply deleting them isn’t enough.

Let me know if there is any more info that might help.

Thanks!

2

Check the headers for the sending IP address to verify where the message is coming from, or check /var/log/mail.log with tail /var/log/mail.log (assuming the rate they are coming in the last 10 entries should be the message).

3

Intersting problem.

First thing is to find out which device causes the problem.

Start with disabling the IMAP devices.
is the mail still coming with webmail?

Bluehost? You mean, you have a server with TransIP and a CMS using this environment sending out email?

4

@openletter I had already checked mail.log and there was nothing related that I could see. There was IMAP activity which could indicate an email client is doing it. I diffed a recent and an older copy of the emails and they are exactly the same, which implies to me that they are being duplicated rather than being sent. The source was definitely BlueHost.

@sander-schippers The BlueHost site is a store that gets used occasionally. It also has a dedicated IP. The emails are purchase acknowledgements. That part of it gets used once-a-year. The main problem is that I just can’t get at the logs and support is usually not that great. I am also trying to get the hell out of there but it’s a volunteer thing and time is limited.

As an update, I was able to shut down a few of my clients and I haven’t received any more copies. Now I need to start turning them back on to see when it starts back up (or if it magically fixed itself).

5

It ended up being an issue with the clients. I think I tried to move an email somewhere and it fumbled. The spam folder may or may not have been involved. It may have even been moving to another account and something went poof.

The ultimate fix was deleting the account/mail from all clients, deleting the bad emails from the server then letting the clients rebuild. I tried cleaning it up manually, but it just kept propagating so the nuclear option was necessary.

I think all is good now. At least it has been for the last 10 minutes.

But I probably just jinxed it.