Author: John Dalbec Date: To: Gabriel Ricard CC: Exim Users Mailing List Subject: Re: [Exim] HELP! exim 3 address rewriting problem
Gabriel Ricard wrote: > On Tuesday, July 8, 2003, at 01:25 PM, John Dalbec wrote:
>
>> Gabriel Ricard wrote:
>>
>>> This is the third time I've mailed this to the list, perhaps someone
>>> can actually help me out with it this time.
>>> Is there a default rule in exim 3 to rewrite an email address and
>>> change its domain if the email address bounces?
>>> There are no rules in the rewrite section of our config file, yet we
>>> get instances where an email that was destined for
>>> randomuser@??? will wind up being sent to
>>> randomuser@???. I have no idea how this is happening. Could
>>> this have some thing to do with the retry rules?
>>
>>
>> <Shot in the dark> Could somedomain.com have their MX record pointing
>> to a CNAME that resolves to imaxsales.net? </Shot> Without seeing
>> your whole configuration, it's hard to tell what's happening. What
>> Exim version? BTW, most people on the list who could help you are
>> using Exim 4 now. I recommend you do the same.
>>
>> What does exim -d9 -bt randomuser@??? say?
>>
>> Wait, do you mean that the "To:" header shows
>> randomuser@??? but the envelope recipient is
>> randomuser@???? If so, spammers do this all the time.
>> Nothing in SMTP enforces any relationship between the "To:" header in
>> the message and the recipients of the message.
>> John
>
>
> This is what 'exim -d9 -bt madsen@???' tells me:
>
> Exim version 3.36 debug level 9 uid=0 gid=0
> probably Berkeley DB version 1.8x (native mode)
> search_open: mysql "NULL"
> search_find: file="NULL"
> key="select DomainName as domain from Sites where (DomainName =
> 'smtp.imaxsales.net') AND (HostingEmail = 1)" partial=-1
> LRU list:
> internal_search_find: file="NULL"
> type=mysql key="select DomainName as domain from Sites where
> (DomainName = 'smtp.imaxsales.net') AND (HostingEmail = 1)"
> database lookup required for select DomainName as domain from Sites
> where (DomainName = 'smtp.imaxsales.net') AND (HostingEmail = 1)
> MYSQL query: select DomainName as domain from Sites where (DomainName =
> 'smtp.imaxsales.net') AND (HostingEmail = 1)
> MYSQL new connection: ####CENSORED#####
> MYSQL: no data found
> lookup failed
> smtp.imaxsales.net in local_domains? no (end of list)
> adding primary host name smtp.imaxsales.net to local_domains
> Reset TZ to EST: time is 2003-07-08 14:59:26
> Caller is an admin user
> Caller is a trusted user
> originator: uid=0 gid=0 login=root name=System Administrator
> sender address = root@???
> Address testing: uid=0 gid=0 euid=42 egid=42
> >>>>>>>>>>>>>>>>>>>>>>>>
> Testing madsen@???
> search_open: mysql "NULL"
> cached open
> search_find: file="NULL"
> key="select DomainName as domain from Sites where (DomainName =
> 'uolinectis.com.ar') AND (HostingEmail = 1)" partial=-1
> LRU list:
> internal_search_find: file="NULL"
> type=mysql key="select DomainName as domain from Sites where
> (DomainName = 'uolinectis.com.ar') AND (HostingEmail = 1)"
> database lookup required for select DomainName as domain from Sites
> where (DomainName = 'uolinectis.com.ar') AND (HostingEmail = 1)
> MYSQL query: select DomainName as domain from Sites where (DomainName =
> 'uolinectis.com.ar') AND (HostingEmail = 1)
> MYSQL using cached connection for ####CENSORED#####
> MYSQL: no data found
> lookup failed
> uolinectis.com.ar in local_domains? no (end of list)
> address madsen@???
> local_part=madsen domain=uolinectis.com.ar
> domain is not local
> >>>>>>>>>>>>>>>>>>>>>>>>
> routing madsen@???, domain uolinectis.com.ar
> smarthost router called for madsen@???
> route_domain = uolinectis.com.ar
> after handling route_lists items, matched = 0
> smarthost router: lsearch key=uolinectis.com.ar
> file="/etc/exim/bypasshosts"
> search_open: lsearch "/etc/exim/bypasshosts"
> search_find: file="/etc/exim/bypasshosts"
> key="uolinectis.com.ar" partial=-1
> LRU list:
> 7/etc/exim/bypasshosts
> End
> internal_search_find: file="/etc/exim/bypasshosts"
> type=lsearch key="uolinectis.com.ar"
> file lookup required for uolinectis.com.ar
> in /etc/exim/bypasshosts
> lookup failed
> search_find failed:
> smarthost router declined
> lookuphost router called for madsen@???
> dns lookup: route_domain = uolinectis.com.ar
> DNS lookup of uolinectis.com.ar (MX) gave HOST_NOT_FOUND
> returning DNS_NOMATCH
> DNS lookup of uolinectis.com.ar (A) gave HOST_NOT_FOUND
> returning DNS_NOMATCH
> lookuphost router declined
> end of routers reached
> madsen@??? is undeliverable:
> unrouteable mail domain "uolinectis.com.ar"
> search_tidyup called
> close MYSQL connection: ####CENSORED#####
>
>
> The email is generated by our system, so I know it is not spam. It is
> being sent to madsen@???, and in this case, I know this
> address is incorrect, and instead of the message bouncing, it instead
> somehow winds up at madsen@???, which goes to a catch-all
> account for the imaxsales.net domain. This has happened for all
> non-existent email addresses our system has sent email to.
>
>
> Which is the recommended version of exim 4 for production use? I tried
> one version on a dev server, but had some difficulties with it, so I
> have not deployed exim 4 on this mail server yet.
Exim 4.20 is the latest version. I'm running Exim 4.14 in production.
You might try placing one of these messages on the queue with
exim -d9 -odq madsen@???
and then delivering it with
exim -d9 -M <message-id>
where <message-id> is the Exim-assigned message ID number.
Maybe that will shed some light on what's happening.
John >
> - Gabriel
>
>
>