[exim] Odd delivery failure msg

Startseite
Nachricht löschen
Nachricht beantworten
Autor: John Horne
Datum:  
To: Exim users
Betreff: [exim] Odd delivery failure msg
Hello,

Received this a couple of times in our mailhub logs today:

2009-09-26 04:00:10 1MrNW6-0006xp-K0 failed to
open //your.greetingwiz.com/E-Greetings.exe"@saturne.pearl-online.com
when checking
""google.comhttp://your.greetingwiz.com/E-Greetings.exe"@saturne.pearl-online.com":
No such file or directory

Look's like exim is trying to 'open' the local part? There is nothing in
the mail queue, nor any other reference to the exim message id in the
logs. The dumped SpamAssassin scanned file shows (part of) the headers:

   Date: Sat, 26 Sep 2009 05:00:07 +0200
   Message-Id: <200909260300.n8Q307v4009869@???>
   From:
"google.comhttp://your.greetingwiz.com/E-Greetings.exe"@saturne.pearl-online.com
   To: ...
   Subject: Hey,    you   have   a new Greeting !!!
   Content-Type: text/html


(The To: field has been removed by me, but is a valid recipient
address. The Subject: field should just have single spaces in it, but
SaneSecurity is now detecting this subject line as malware.)

Our config does do checks on the From: header, but always uses the
'${domain' and '${local_part' functions to get the correct part of the
address. There is a 'verify = header_syntax' statement in the config,
perhaps that is causing the error?

I haven't investigated this too much yet. I ran a test msg through exim,
using the above From: field and it caused no problems. I was wondering
if anyone had seen something similar? We're using exim version 4.69.



Thanks,

John.

-- 
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287    Fax: +44 (0)1752 587001