> On Sat, 21 Jul 2001, Gregory Heinrich wrote:
>
> > As expected, an email containing executable attachment is not delivered
to
> > the recipient, but no email is being sent back to the sender : the email
is
> > sent to the postmaster instead of the sender.
> > What can I do to get the message to be sent to the sender?
> >
> > I get this message in the exim mainlog:
> >
> > ----------
> > 2001-07-21 16:15:20 15NxXM-0000CS-00 cancelled by message filter: This
> > message has been rejected because it has
>
> What was the incoming log line? Specifically, what was the address of
> the sender?
>
Hi Philip,
Thank you very much for your answser.
the incoming line in the log was :
--
2001-07-23 10:57:41 15ObX3-0007JA-00 <= heinrich@???
H=(frmta01.chello.fr) [212.186.224.12] P=esmtp S=2048
id=001601c1135f$16edf940$45e7bad4@???
2001-07-23 10:57:41 15ObX3-0007JA-00 cancelled by message filter: This
message has been rejected because it has been rejected ...
2001-07-23 10:57:41 15ObX3-0007JC-00 <= <> R=15ObX3-0007JA-00 U=mail P=local
S=3227
2001-07-23 10:57:41 15ObX3-0007JA-00 Error message sent to
heinrich@???
--
Then in the mainlog, a sequence like this one is repeated a large number of
times (maybe 20 times or more) :
--
2001-07-23 10:57:41 15ObX3-0007JC-00 cancelled by message filter: This
message has been rejected because it has...
2001-07-23 10:57:41 15ObX3-0007JA-00 Completed
2001-07-23 10:57:41 15ObX3-0007JE-00 <= <> R=15ObX3-0007JC-00 U=mail P=local
S=4372
2001-07-23 10:57:41 15ObX3-0007JC-00 Error message sent to
postmaster@???
2001-07-23 10:57:41 15ObX3-0007JC-00 Completed
2001-07-23 10:57:41 15ObX3-0007JE-00 cancelled by message filter: This
message has been rejected because it has...
2001-07-23 10:57:41 15ObX3-0007JG-00 <= <> R=15ObX3-0007JE-00 U=mail P=local
S=5533
2001-07-23 10:57:41 15ObX3-0007JE-00 Error message sent to
postmaster@???
2001-07-23 10:57:41 15ObX3-0007JE-00 Completed
--
I think I get it! In fact, the message that is supposed to be sent back to
the heinrich@??? with an error message is also filtered! Which
explains the fact that heinrich@??? does not recieve this message,
since it is blocked by the filter! I think postmaster@???
finally recieves a message when the maximum number of delivery attempt has
been reached.
To fix it, I have added a test for first_delivery at the beginning of my
filter so that it now looks like :
---
# Exim filter
if not first_delivery
then
finish
endif
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants
#
if $message_body matches
"(?:Content-(?:Type:\\\\s*[\\\\w-]+/[\\\\w-]+|Dispos$
then
fail text "This message has been rejected because ..."
seen finish
endif
---
Trouble is it doesn't seem to fix the problem... the mail is still not sent
to the sender, and the postmaster recieves it after when the maximum number
of delivery attempt has been reached. I get this in the mainlog :
--
2001-07-23 11:19:10 15Obrq-0007Oy-00 <= heinrich@???
H=(frmta01.chello.fr) [212.186.224.12] P=esmtp S=2048
id=003101c11362$17975140$45e7bad4@???
2001-07-23 11:19:10 15Obrq-0007Oy-00 cancelled by message filter: This
message has been rejected because it has...
2001-07-23 11:19:10 15Obrq-0007P0-00 <= <> R=15Obrq-0007Oy-00 U=mail P=local
S=3225
2001-07-23 11:19:10 15Obrq-0007Oy-00 Error message sent to
heinrich@???
2001-07-23 11:19:10 15Obrq-0007Oy-00 Completed
2001-07-23 11:19:10 15Obrq-0007P0-00 cancelled by message filter: This
message has been rejected because it has ....
2001-07-23 11:19:10 15Obrq-0007P2-00 <= <> R=15Obrq-0007P0-00 U=mail P=local
S=4368
2001-07-23 11:19:10 15Obrq-0007P0-00 Error message sent to
postmaster@???
2001-07-23 11:19:10 15Obrq-0007P0-00 Completed
--
I do not know the exim filter language very well. How can I fix it?
Thank you in advance,
Greg.