Re: [exim-dev] [Bug 1389] New: DMARC $dmarc_ar_header contai…

Góra strony
Delete this message
Reply to this message
Autor: Todd Lyons
Data:  
CC: exim-dev
Temat: Re: [exim-dev] [Bug 1389] New: DMARC $dmarc_ar_header contains trash
Doing this in the mailing list for now. This is a long email and don't
want to clutter up the Bug just yet.
I also sent this as Rich Text in order for Gmail to not auto-wrap the long
lines.


On Mon, Sep 30, 2013 at 4:24 AM, bes <bes.internal@???> wrote:
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
>
> http://bugs.exim.org/show_bug.cgi?id=1389
>            Summary: DMARC $dmarc_ar_header contains trash
> Exim version 4.80_230-b1f3784 #2 built 29-Sep-2013 22:54:20 (some minor

updates
> from exim-4_82_RC1 tag)
> opendmarc-1.1.3
>
> Sometimes I got strange dmarc behavior. $dmarc_ar_header contains trash.

For
> example:


Can you give me a sample email body with all of the envelope arguments to
duplicate this? I'm using what I think is your data (From: header and EHLO
data) and it's working properly for me:

processing "warn"
check dmarc_status = *
DMARC adding DKIM sender domain = misterball.com
DMARC no record found for it-labs.ru
norecord in "*"? yes (matched "*")
warn: condition test succeeded in ACL "acl_check_content"
LOG: MAIN
H=mail75.atl11.rsgsv.net [205.201.133.75] Warning: DMARC DEBUG: norecord
*** No DMARC record *** it-labs.ru *** Authentication-Results:
tlyons.ivenue.net; dmarc=temperror header.from=it-labs.ru


Full debug output is below. The DMARC related output doesn't occur until
near the end:


swaks --pipe '/home/exim-build/projects/exim/src/build-Linux-i386/exim
-C/home/exim-build/tmp/etc/exim/exim.conf -d -bh 205.201.133.75' --ehlo
mail75.atl11.rsgsv.net -f "bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???" -t "todd@???" --data
/home/todd/8.eml

=== Trying pipe to /home/exim-build/projects/exim/src/build-Linux-i386/exim
-C/home/exim-build/tmp/etc/exim/exim.conf -d -bh 205.201.133.75...
=== Connected to /home/exim-build/projects/exim/src/build-Linux-i386/exim
-C/home/exim-build/tmp/etc/exim/exim.conf -d -bh 205.201.133.75.
Exim version 4.80_250-9bdd29a uid=1001 gid=1001 pid=1788 D=fbb95cfd
Berkeley DB: Berkeley DB 5.1.25: (January 28, 2011)
Support for: crypteq iconv() IPv6 Perl Expand_dlfunc OpenSSL
Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_DMARC
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch mysql passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.6.3]
Library version: OpenSSL: Compile: OpenSSL 1.0.1 14 Mar 2012
                          Runtime: OpenSSL 1.0.1 14 Mar 2012
Library version: Cyrus SASL: Compile: 2.1.25
                             Runtime: 2.1.25 [Cyrus SASL]
Library version: PCRE: Compile: 8.12
                       Runtime: 8.12 2011-01-15
Total 14 lookups
Library version: MySQL: Compile: 5.5.32 [(Ubuntu)]
                        Runtime: 5.5.32
Library version: SQLite: Compile: 3.7.9
                         Runtime: 3.7.9
WHITELIST_D_MACROS:
"DIR:EXIM_PATH:AA:ACL:ACLRCPT:ACL_MAIL:ACL_PREDATA:ACL_RCPT:AFFIX:ALLOW:ARG1:ARG2:AUTHF:AUTHS:AUTH_ID_DOMAIN:BAD:BANNER:BB:BR:BRB:CERT:COM:COMMAND_USER:CONNECTCOND:CONTROL:CREQCIP:CREQMAC:CRL:CSS:D6:DATA:DCF:DDF:DEFAULTDWC:DELAY:DETAILS:DRATELIMIT:DYNAMIC_OPTION:ELI:ERROR_DETAILS:ERT:FAKE:FALLBACK:FILTER:FILTER_PREPEND_HOME:FORBID:FORBID_SMTP_CODE:FUSER:HAI:HAP:HARDLIMIT:HEADER_LINE_MAXSIZE:HEADER_MAXSIZE:HELO_MSG:HL:HOSTS:HOSTS_AVOID_TLS:HOSTS_MAX_TRY:HVH:IFACE:IGNORE_QUOTA:INC:INSERT:IP1:IP2:LAST:LDAPSERVERS:LENCHECK:LIMIT:LIST:LOG_SELECTOR:LS:MAXNM:MESSAGE_LOGS:MSIZE:NOTDAEMON:ONCE:ONLY:OPT:OPTION:ORDER:PAH:PEX:PORT:PTBC:QDG:QOLL:QUOTA:QUOTA_FILECOUNT:QWM:RCPT_MSG:REMEMBER:REQUIRE:RETRY:RETRY1:RETRY2:RETURN:RETURN_ERROR_DETAILS:REWRITE:ROUTE_DATA:RRATELIMIT:RT:S:SELECTOR:SELF:SERVER:SERVERS:SREQCIP:SREQMAC:SRV:STD:STRICT:SUB:SUBMISSION_OPTIONS:TIMEOUTDEFER:TIMES:TRUSTED:TRYCLEAR:UL:USE_SENDER:UTF8:VALUE:WMF:X:Y"
TRUSTED_CONFIG_LIST: "/home/exim/tmp/etc/exim/trusted_configs"
Exim has no root privilege: uid=1001 gid=1001 euid=1001 egid=1001
changed uid/gid: -C, -D, -be or -bf forces real uid
  uid=1001 gid=1001 pid=1788
  auxiliary group list: 104 999 1001
seeking password data for user "exim-build": cache not available
getpwnam() succeeded uid=1001 gid=1001
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
tls_validate_require_cipher child 1789 ended: status=0x0
configuration file is /home/exim-build/tmp/etc/exim/exim.conf
log selectors = 00000ffc 00232001
LOG: MAIN PANIC
  exim user lost privilege for using -C option
trusted user
admin user
changing group to 999 failed: Operation not permitted
seeking password data for user "503": cache not available
originator: uid=1001 gid=1001 login=exim-build name=Exim Build System
sender address = exim-build@???
sender_fullhost = [205.201.133.75]
sender_rcvhost = [205.201.133.75]
host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
  SMTP connection from [205.201.133.75]
host in host_lookup? yes (matched "*")
looking up host name for 205.201.133.75
DNS lookup of 75.133.201.205.in-addr.arpa (PTR) succeeded
Reverse DNS security status: unverified
IP address lookup yielded mail75.atl11.rsgsv.net
gethostbyname2 looked up these IP addresses:
  name=mail75.atl11.rsgsv.net address=205.201.133.75
checking addresses for mail75.atl11.rsgsv.net
  205.201.133.75 OK
sender_fullhost = mail75.atl11.rsgsv.net [205.201.133.75]
sender_rcvhost = mail75.atl11.rsgsv.net ([205.201.133.75])
set_process_info:  1788 handling incoming connection from
mail75.atl11.rsgsv.net [205.201.133.75]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
using ACL "acl_check_connect"
processing "warn"
check hosts = !^.*\\d+\.com\$ : ^.*\\d+[x.-]\\d+[x.-]\\d+[x.-].*
host in "!^.*\d+.com$ : ^.*\d+[x.-]\d+[x.-]\d+[x.-].*"? no (end of list)
warn: condition test failed in ACL "acl_check_connect"
processing "accept"
accept: condition test succeeded in ACL "acl_check_connect"

SMTP>> 220-tlyons.ivenue.net, ESMTP Exim 4.80_250-9bdd29a, Wed, 02 Oct 2013

05:55:06
220--0700
220 RFC's enforced
smtp_setup_msg entered
<-
<- **** SMTP testing session as if from host 205.201.133.75
<- **** but without any ident (RFC 1413) callback.
<- **** This is not for real!
<-
<- 220-tlyons.ivenue.net, ESMTP Exim 4.80_250-9bdd29a, Wed, 02 Oct 2013
05:55:06
<- 220--0700
<- 220 RFC's enforced
-> EHLO mail75.atl11.rsgsv.net
SMTP<< EHLO mail75.atl11.rsgsv.net
sender_fullhost = mail75.atl11.rsgsv.net [205.201.133.75]
sender_rcvhost = mail75.atl11.rsgsv.net ([205.201.133.75])
set_process_info: 1788 handling incoming connection from
mail75.atl11.rsgsv.net [205.201.133.75]
host in pipelining_advertise_hosts? no (end of list)
host in tls_advertise_hosts? no (option unset)
SMTP>> 250-tlyons.ivenue.net Hello mail75.atl11.rsgsv.net [205.201.133.75]

250-SIZE 52428800
250-8BITMIME
250-ETRN
250-EXPN
250 HELP
<- 250-tlyons.ivenue.net Hello mail75.atl11.rsgsv.net [205.201.133.75]
<- 250-SIZE 52428800
<- 250-8BITMIME
<- 250-ETRN
<- 250-EXPN
<- 250 HELP
-> MAIL FROM:<bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???>
SMTP<< MAIL FROM:<bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???>
SMTP>> 250 OK

<-  250 OK
 -> RCPT TO:<todd@???>
SMTP<< RCPT TO:<todd@???>
using ACL "acl_check_rcpt"
processing "accept"
check hosts = :
host in ":"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "drop"
check condition = ${if def:sender_helo_name {false}{true}}
                = false
drop: condition test failed in ACL "acl_check_rcpt"
processing "drop"
check !authenticated = *
check condition = ${if and {{match
{$sender_helo_name}{\N^\[(.+)\]$\N}}{isip4 {$1}}}{true}{false}}
                = false
drop: condition test failed in ACL "acl_check_rcpt"
processing "deny"
check senders = :
address match test: subject=bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@??? pattern=
mail75.atl11.rsgsv.net in ""? no (end of list)
bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@??? in ":"? no (end of list)
deny: condition test failed in ACL "acl_check_rcpt"
processing "warn"
check !senders = :
address match test: subject=bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@??? pattern=
mail75.atl11.rsgsv.net in ""? no (end of list)
bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@??? in ":"? no (end of list)
check !authenticated = *
check !hosts = +relay_from_hosts
host in "127.0.0.1 : 10.1.0.0/16"? no (end of list)
host in "+relay_from_hosts"? no (end of list)
check !hosts = ${lookup dnsdb{ptr=$sender_host_address}{$value}}
search_open: dnsdb "NULL"
search_find: file="NULL"
  key="ptr=205.201.133.75" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
  type=dnsdb key="ptr=205.201.133.75"
database lookup required for ptr=205.201.133.75
dnsdb key: 75.133.201.205.in-addr.arpa
DNS lookup of 75.133.201.205.in-addr.arpa (PTR) succeeded
lookup yielded: mail75.atl11.rsgsv.net
gethostbyname2 looked up these IP addresses:
  name=mail75.atl11.rsgsv.net address=205.201.133.75
host in "mail75.atl11.rsgsv.net"? yes (matched "mail75.atl11.rsgsv.net")
warn: condition test failed in ACL "acl_check_rcpt"
processing "deny"
check local_parts = ^.*[@%!/|] : ^\\.
todd in "^.*[@%!/|] : ^\."? no (end of list)
deny: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check local_parts = postmaster
todd in "postmaster"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check hosts = +iv_live_hosts
host in "10.1.1.86 : 10.1.1.87 : 10.1.1.88 : 10.1.1.43 : 10.1.1.44 :
192.168.100.79 : 10.1.1.120"? no (end of list)
host in "+iv_live_hosts"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "warn"
check add_header = X-Originating-IP: ${sender_host_address}
                 = X-Originating-IP: 205.201.133.75
check set acl_c_rcpt = $local_part@$domain
                     = todd@???
warn: condition test succeeded in ACL "acl_check_rcpt"
processing "require"
check verify = sender

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Verifying bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Considering bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

routing bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
--------> dnslookup_smtp_auth router <--------
local_part=bounce-mc.us2_5466910.1551729-comp-news=nestormedia.com domain=
mail75.atl11.rsgsv.net
checking domains
mail75.atl11.rsgsv.net in "@ : tlyons.ivenue.net"? no (end of list)
mail75.atl11.rsgsv.net in "! +local_domains"? yes (end of list)
checking "condition"
dnslookup_smtp_auth router skipped: condition failure
--------> dnslookup_webmail router <--------
local_part=bounce-mc.us2_5466910.1551729-comp-news=nestormedia.com domain=
mail75.atl11.rsgsv.net
checking domains
cached no match for +local_domains
cached lookup data = NULL
mail75.atl11.rsgsv.net in "! +local_domains"? yes (end of list)
checking "condition"
dnslookup_webmail router skipped: condition failure
--------> dnslookup_iv_hosts router <--------
local_part=bounce-mc.us2_5466910.1551729-comp-news=nestormedia.com domain=
mail75.atl11.rsgsv.net
checking domains
cached no match for +local_domains
cached lookup data = NULL
mail75.atl11.rsgsv.net in "! +local_domains"? yes (end of list)
checking "condition"
dnslookup_iv_hosts router skipped: condition failure
--------> dnslookup router <--------
local_part=bounce-mc.us2_5466910.1551729-comp-news=nestormedia.com domain=
mail75.atl11.rsgsv.net
checking domains
cached no match for +local_domains
cached lookup data = NULL
mail75.atl11.rsgsv.net in "! +local_domains"? yes (end of list)
calling dnslookup router
dnslookup router called for bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
  domain = mail75.atl11.rsgsv.net
DNS lookup of mail75.atl11.rsgsv.net (MX) succeeded
DNS lookup of mail.mail75.atl11.rsgsv.net (A) succeeded
205.201.133.75 in "0.0.0.0 : 127.0.0.0/8"? no (end of list)
fully qualified name = mail75.atl11.rsgsv.net
host_find_bydns yield = HOST_FOUND (2); returned hosts:
  mail.mail75.atl11.rsgsv.net 205.201.133.75 MX=10
set transport remote_smtp
queued for remote_smtp transport: local_part =
bounce-mc.us2_5466910.1551729-comp-news=nestormedia.com
domain = mail75.atl11.rsgsv.net
  errors_to=NULL
  domain_data=NULL localpart_data=NULL
routed by dnslookup router
  envelope to: bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
  transport: remote_smtp
  host mail.mail75.atl11.rsgsv.net [205.201.133.75] MX=10
----------- end verify ------------
sender bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@??? verified ok
require: condition test succeeded in ACL "acl_check_rcpt"
processing "accept"
check authenticated = *
accept: condition test failed in ACL "acl_check_rcpt"
processing "deny"
check condition = ${if eq {$interface_port}{587} {yes}{no} }
                = no
deny: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check hosts = +relay_from_hosts
cached no match for +relay_from_hosts
cached lookup data = NULL
host in "+relay_from_hosts"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "warn"
check dnslists = exclusions.blacklist.ivenue.net : list.dnswl.org
DNS list check: exclusions.blacklist.ivenue.net
new DNS lookup for 75.133.201.205.exclusions.blacklist.ivenue.net
DNS lookup of 75.133.201.205.exclusions.blacklist.ivenue.net (A) gave
HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 75.133.201.205.exclusions.blacklist.ivenue.net failed
=> that means 205.201.133.75 is not listed at
exclusions.blacklist.ivenue.net
DNS list check: list.dnswl.org
new DNS lookup for 75.133.201.205.list.dnswl.org
DNS lookup of 75.133.201.205.list.dnswl.org (A) succeeded
DNS lookup for 75.133.201.205.list.dnswl.org succeeded (yielding 127.0.15.0)
DNS lookup of 75.133.201.205.list.dnswl.org (TXT) succeeded
=> that means 205.201.133.75 is listed at list.dnswl.org
check set acl_c0 = $sender_host_address
                 = 205.201.133.75
check add_header = X-RBL-Whitelist: $sender_host_address is in DNS based
whitelist
                 = X-RBL-Whitelist: 205.201.133.75 is in DNS based whitelist
warn: condition test succeeded in ACL "acl_check_rcpt"
processing "deny"
check !condition = ${if eq {$acl_c0}{$sender_host_address}}
                 = true
deny: condition test failed in ACL "acl_check_rcpt"
processing "deny"
check !condition = ${if eq {$acl_c0}{$sender_host_address}}
                 = true
deny: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check domains = +local_domains
tlyons.ivenue.net in "@ : tlyons.ivenue.net"? yes (matched "@")
tlyons.ivenue.net in "+local_domains"? yes (matched "+local_domains")
check verify = recipient

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Verifying todd@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Considering todd@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

routing todd@???
--------> dnslookup_smtp_auth router <--------
local_part=todd domain=tlyons.ivenue.net
checking domains
cached yes match for +local_domains
cached lookup data = NULL
tlyons.ivenue.net in "! +local_domains"? no (matched "! +local_domains" -
cached)
dnslookup_smtp_auth router skipped: domains mismatch
--------> dnslookup_webmail router <--------
local_part=todd domain=tlyons.ivenue.net
checking domains
cached yes match for +local_domains
cached lookup data = NULL
tlyons.ivenue.net in "! +local_domains"? no (matched "! +local_domains" -
cached)
dnslookup_webmail router skipped: domains mismatch
--------> dnslookup_iv_hosts router <--------
local_part=todd domain=tlyons.ivenue.net
checking domains
cached yes match for +local_domains
cached lookup data = NULL
tlyons.ivenue.net in "! +local_domains"? no (matched "! +local_domains" -
cached)
dnslookup_iv_hosts router skipped: domains mismatch
--------> dnslookup router <--------
local_part=todd domain=tlyons.ivenue.net
checking domains
cached yes match for +local_domains
cached lookup data = NULL
tlyons.ivenue.net in "! +local_domains"? no (matched "! +local_domains" -
cached)
dnslookup router skipped: domains mismatch
--------> system_aliases router <--------
local_part=todd domain=tlyons.ivenue.net
checking "condition"
calling system_aliases router
rda_interpret (string):
${lookup{$local_part}lsearch{/home/exim-build/tmp/etc/aliases}}
search_open: lsearch "/home/exim-build/tmp/etc/aliases"
search_find: file="/home/exim-build/tmp/etc/aliases"
key="todd" partial=-1 affix=NULL starflags=0
LRU list:
7/home/exim-build/tmp/etc/aliases
End
internal_search_find: file="/home/exim-build/tmp/etc/aliases"
type=lsearch key="todd"
file lookup required for todd
in /home/exim-build/tmp/etc/aliases
lookup failed
expanded:
file is not a filter file
parse_forward_list:
system_aliases router declined for todd@???
--------> localuser router <--------
local_part=todd domain=tlyons.ivenue.net
checking for local user
seeking password data for user "todd": cache not available
getpwnam() succeeded uid=1000 gid=1000
checking "condition"
calling localuser router
localuser router called for todd@???
domain = tlyons.ivenue.net
set transport local_delivery
queued for local_delivery transport: local_part = todd
domain = tlyons.ivenue.net
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by localuser router
envelope to: todd@???
transport: local_delivery
----------- end verify ------------
accept: condition test succeeded in ACL "acl_check_rcpt"
SMTP>> 250 Accepted

<- 250 Accepted
-> DATA
SMTP<< DATA
SMTP>> 354 Enter message, ending with "." on a line by itself

search_tidyup called
<-  354 Enter message, ending with "." on a line by itself
 -> Received: from webmail2.ivenue.net (localhost.localdomain [127.0.0.1])^M
 ->     by smtp-webmail.ivenue.com (8.14.4/8.14.4) with ESMTP id
oBKKuaUd008454^M
 ->     for <todd@???>; Mon, 20 Dec 2010 12:56:36 -0800^M
 -> Received: from User (24-113-254-185.wavecable.com [24.113.254.185])^M
 ->     (authenticated bits=0)^M
 ->     by mail941c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id
pASL7WTW028577;^M
 ->     Mon, 28 Nov 2011 21:07:37 GMT^M
 -> X-DKIM: OpenDKIM Filter v2.2.2 smtp-webmail.ivenue.com oBKKuaUd008454^M
 -> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=misterball.com;
s=k8;^M
 ->     t=1292878596; bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=;^M
 ->     h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:^M
 ->      Subject:Reply-To:Date;^M
 ->
z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Di^M
 ->
 sposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Versi^M
 ->      on:=201.0|From:=20<todd@???>|To:=20todd@???
|^M
 ->      Subject:=20Fwd:=20test=201|Reply-To:=20todd@???
|X-Maile^M
 ->      r:=20AtMail=20Corp=204.0=20-=20http://webbasedemail.com/|X-Origin
:^M
 ->
 =20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+00^M
 ->
 00|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenu^M
 ->      e.net|X-Virus-Status:=20Clean;^M
 ->
b=IcA2guXoW4OZ78TyoOvUiBbLe3pQ6kZ9/VX6HkgtVGDOefB3CnhqDE8A28YzhjKyA^M
 ->
 FKOKemKmhpvRcqWS4Xb9oRhtGA8wFFdVN0JEQAn6PyHS/Kthyb0kl1wjFOyyUyEcHK^M
 ->      T+1xFEY3BxTa1SHRvGzLrzoRYMqp4epKsBeLgk/g=^M
-> Message-Id: <2010122202056.oBKXKuaUd8454@???>^M
 -> Content-Type: text/plain; charset="iso-8859-1"^M
 -> Content-Disposition: inline^M
 -> Content-Transfer-Encoding: binary^M
 -> Mime-Version: 1.0^M
 -> From: =?utf-8?Q?IT=20Labs?= <lera@???>^M
 -> To: todd@???^M
 -> Subject: Fwd: test 3^M
 -> Date: Mon, 20 Dec 2010 20:56:36 +0000^M
 -> X-Virus-Scanned: clamav-milter 0.96.4 at webmail2.ivenue.net^M
 -> X-Virus-Status: Clean^M
 -> ^M
 -> ^M
 -> ^M
 -> ^M
 -> ----- Original Message ----- ^M
 -> From: Todd Lyons <tlyons@???>^M
 -> To: cannonball@???^M
 -> Sent: Wed Dec 15  5:57^M
 -> Subject: Fwd: test 1^M
 -> ^M
 -> ^M
 -> Huh, who would have thunk it?^M
 -> -- ^M
 -> Regards...          Todd^M
 -> I've visited conferences where the wireless LAN was deemed "secure" by^M
 -> the organisation because they had outlawed sniffers.    --Neils Bakker^M
 -> Linux kernel 2.6.35-23-generic   8 users,  load average: 2.45, 2.47,
2.38^M
 -> ^M
 -> ^M
 -> ---- Msg sent via WebMail^M
 -> ^M
 -> .
PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
v=1
a=rsa-sha256
c=relaxed/simple
d=misterball.com
s=k8
t=1292878596
bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=
h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:Subject:Reply-To:Date
z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Disposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Version:=201.0|From:=20<
todd@???>|To:=20todd@???
|Subject:=20Fwd:=20test=201|Reply-To:=20todd@???
|X-Mailer:=20AtMail=20Corp=204.0=20-=20
http://webbasedemail.com/|X-Origin:=20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+0000|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenue.net|X-Virus-Status:=20Clean
b=IcA2guXoW4OZ78TyoOvUiBbLe3pQ6kZ9/VX6HkgtVGDOefB3CnhqDE8A28YzhjKyAFKOKemKmhpvRcqWS4Xb9oRhtGA8wFFdVN0JEQAn6PyHS/Kthyb0kl1wjFOyyUyEcHKT+1xFEY3BxTa1SHRvGzLrzoRYMqp4epKsBeLgk/g=
PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DKIM-Signature:{SP}v=1;{SP}a=rsa-sha256;{SP}c=relaxed/simple;{SP}d=
misterball.com
;{SP}s=k8;{CR}{LF}{TB}t=1292878596;{SP}bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=;{CR}{LF}{TB}h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:{CR}{LF}{TB}{SP}Subject:Reply-To:Date;{CR}{LF}{TB}z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Di{CR}{LF}{TB}{SP}sposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Versi{CR}{LF}{TB}{SP}on:=201.0|From:=20<
todd@???>|To:=20todd@???
|{CR}{LF}{TB}{SP}Subject:=20Fwd:=20test=201|Reply-To:=20todd@???
|X-Maile{CR}{LF}{TB}{SP}r:=20AtMail=20Corp=204.0=20-=20
http://webbasedemail.com/|X-Origin:{CR}{LF}{TB}{SP}=20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+00{CR}{LF}{TB}{SP}00|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenu{CR}{LF}{TB}{SP}e.net|X-Virus-Status:=20Clean;{CR}{LF}{TB}b=
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
{CR}{LF}{CR}{LF}{CR}{LF}-----{SP}Original{SP}Message{SP}-----{SP}{CR}{LF}From:{SP}Todd{SP}Lyons{SP}<
tlyons@???>{CR}{LF}To:{SP}cannonball@???{CR}{LF}Sent:{SP}Wed{SP}Dec{SP}15{SP}{SP}5:57{CR}{LF}Subject:{SP}Fwd:{SP}test{SP}1{CR}{LF}{CR}{LF}{CR}{LF}Huh,{SP}who{SP}would{SP}have{SP}thunk{SP}it?{CR}{LF}--{SP}{CR}{LF}Regards...{TB}{TB}Todd{CR}{LF}I've{SP}visited{SP}conferences{SP}where{SP}the{SP}wireless{SP}LAN{SP}was{SP}deemed{SP}"secure"{SP}by{CR}{LF}the{SP}organisation{SP}because{SP}they{SP}had{SP}outlawed{SP}sniffers.{SP}{SP}{SP}{SP}--Neils{SP}Bakker{CR}{LF}Linux{SP}kernel{SP}2.6.35-23-generic{SP}{SP}{SP}8{SP}users,{SP}{SP}load{SP}average:{SP}2.45,{SP}2.47,{SP}2.38{CR}{LF}{CR}{LF}{CR}{LF}----{SP}Msg{SP}sent{SP}via{SP}WebMail{CR}{LF}host
in ignore_fromline_hosts? no (option unset)

>>Headers received:

Received: from webmail2.ivenue.net (localhost.localdomain [127.0.0.1])
        by smtp-webmail.ivenue.com (8.14.4/8.14.4) with ESMTP id
oBKKuaUd008454
        for <todd@???>; Mon, 20 Dec 2010 12:56:36 -0800
Received: from User (24-113-254-185.wavecable.com [24.113.254.185])
        (authenticated bits=0)
        by mail941c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id
pASL7WTW028577;
        Mon, 28 Nov 2011 21:07:37 GMT
X-DKIM: OpenDKIM Filter v2.2.2 smtp-webmail.ivenue.com oBKKuaUd008454
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=misterball.com; s=k8;
        t=1292878596; bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=;
        h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:
         Subject:Reply-To:Date;
        z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Di
         sposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Versi
         on:=201.0|From:=20<todd@???>|To:=20todd@???|
         Subject:=20Fwd:=20test=201|Reply-To:=20todd@???|X-Maile
         r:=20AtMail=20Corp=204.0=20-=20http://webbasedemail.com/|X-Origin:
         =20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+00
         00|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenu
         e.net|X-Virus-Status:=20Clean;
        b=IcA2guXoW4OZ78TyoOvUiBbLe3pQ6kZ9/VX6HkgtVGDOefB3CnhqDE8A28YzhjKyA
         FKOKemKmhpvRcqWS4Xb9oRhtGA8wFFdVN0JEQAn6PyHS/Kthyb0kl1wjFOyyUyEcHK
         T+1xFEY3BxTa1SHRvGzLrzoRYMqp4epKsBeLgk/g=
Message-Id: <2010122202056.oBKXKuaUd8454@???>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Mime-Version: 1.0
From: =?utf-8?Q?IT=20Labs?= <lera@???>
To: todd@???
Subject: Fwd: test 3
Date: Mon, 20 Dec 2010 20:56:36 +0000
X-Virus-Scanned: clamav-milter 0.96.4 at webmail2.ivenue.net
X-Virus-Status: Clean


rewrite_one_header: type=F:
From: =?utf-8?Q?IT=20Labs?= <lera@???>
rewrite_one_header: type=T:
To: todd@???
search_tidyup called
>>Headers after rewriting and local additions:

P Received: from webmail2.ivenue.net (localhost.localdomain [127.0.0.1])
        by smtp-webmail.ivenue.com (8.14.4/8.14.4) with ESMTP id
oBKKuaUd008454
        for <todd@???>; Mon, 20 Dec 2010 12:56:36 -0800
P Received: from User (24-113-254-185.wavecable.com [24.113.254.185])
        (authenticated bits=0)
        by mail941c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id
pASL7WTW028577;
        Mon, 28 Nov 2011 21:07:37 GMT
  X-DKIM: OpenDKIM Filter v2.2.2 smtp-webmail.ivenue.com oBKKuaUd008454
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=misterball.com;
s=k8;
        t=1292878596; bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=;
        h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:
         Subject:Reply-To:Date;
        z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Di
         sposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Versi
         on:=201.0|From:=20<todd@???>|To:=20todd@???|
         Subject:=20Fwd:=20test=201|Reply-To:=20todd@???|X-Maile
         r:=20AtMail=20Corp=204.0=20-=20http://webbasedemail.com/|X-Origin:
         =20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+00
         00|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenu
         e.net|X-Virus-Status:=20Clean;
        b=IcA2guXoW4OZ78TyoOvUiBbLe3pQ6kZ9/VX6HkgtVGDOefB3CnhqDE8A28YzhjKyA
         FKOKemKmhpvRcqWS4Xb9oRhtGA8wFFdVN0JEQAn6PyHS/Kthyb0kl1wjFOyyUyEcHK
         T+1xFEY3BxTa1SHRvGzLrzoRYMqp4epKsBeLgk/g=
I Message-Id: <2010122202056.oBKXKuaUd8454@???>
  Content-Type: text/plain; charset="iso-8859-1"
  Content-Disposition: inline
  Content-Transfer-Encoding: binary
  Mime-Version: 1.0
F From: =?utf-8?Q?IT=20Labs?= <lera@???>
T To: todd@???
  Subject: Fwd: test 3
  Date: Mon, 20 Dec 2010 20:56:36 +0000
  X-Virus-Scanned: clamav-milter 0.96.4 at webmail2.ivenue.net
  X-Virus-Status: Clean


Data file written for message 1VRLxL-0000Sq-31
>>Generated Received: header line

P Received: from mail75.atl11.rsgsv.net ([205.201.133.75])
        by tlyons.ivenue.net with esmtp (Exim 4.80_250-9bdd29a)
        (envelope-from <bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???>)
        id 1VRLxL-0000Sq-31
        for todd@???; Wed, 02 Oct 2013 05:55:07 -0700

>>Headers added by MAIL or RCPT ACL:

X-Originating-IP: 205.201.133.75
X-RBL-Whitelist: 205.201.133.75 is in DNS based whitelist
>>

PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [misterball.com] Body bytes hashed: 460
PDKIM [misterball.com] bh  computed:
eab05fdd2a3d0e9602b6a29c4cfb9771e529f107c85eab9c0727b33570bb4451
PDKIM [misterball.com] Body hash verified OK
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
content-type:text/plain;{SP}charset="iso-8859-1"{CR}{LF}
content-transfer-encoding:binary{CR}{LF}
mime-version:1.0{CR}{LF}
from:=?utf-8?Q?IT=20Labs?={SP}<lera@???>{CR}{LF}
to:todd@???{CR}{LF}
subject:Fwd:{SP}test{SP}3{CR}{LF}
date:Mon,{SP}20{SP}Dec{SP}2010{SP}20:56:36{SP}+0000{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}c=relaxed/simple;{SP}d=
misterball.com
;{SP}s=k8;{SP}t=1292878596;{SP}bh=6rBf3So9DpYCtqKcTPuXceUp8QfIXqucByezNXC7RFE=;{SP}h=Content-Type:Content-Transfer-Encoding:Mime-Version:From:To:{SP}Subject:Reply-To:Date;{SP}z=Content-Type:=20text/plain=3B=20charset=3D"iso-8859-1"|Content-Di{SP}sposition:=20inline|Content-Transfer-Encoding:=20binary|Mime-Versi{SP}on:=201.0|From:=20<
todd@???>|To:=20todd@???
|{SP}Subject:=20Fwd:=20test=201|Reply-To:=20todd@???
|X-Maile{SP}r:=20AtMail=20Corp=204.0=20-=20
http://webbasedemail.com/|X-Origin:{SP}=20192.168.100.166|Date:=20Mon,=2020=20Dec=202010=2020:56:36=20+00{SP}00|X-Virus-Scanned:=20clamav-milter=200.96.4=20at=20webmail2.ivenu{SP}e.net|X-Virus-Status:=20Clean;{SP}b=
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [misterball.com] hh computed:
17cdc4a5250de3c243aef13d2debfde9d86d062cb4bd131fe407bfb5590bacec
DNS lookup of k8._domainkey.misterball.com. (TXT) gave HOST_NOT_FOUND
returning DNS_NOMATCH
PDKIM [misterball.com] signature status: PDKIM_VERIFY_INVALID
(PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE)
LOG: MAIN
  DKIM: d=misterball.com s=k8 c=relaxed/simple a=rsa-sha256 t=1292878596
[invalid - public key record (currently?) unavailable]
Found Content-Type: header - executing acl_smtp_mime.
Found content-type: MIME header, value is 'text/plain'
Found charset= MIME parameter in content-type: header, value is 'iso-8859-1'
Found content-disposition: MIME header, value is 'inline'
Found content-transfer-encoding: MIME header, value is 'binary'
using ACL "acl_check_mime"
processing "warn"
check decode = default
warn: condition test succeeded in ACL "acl_check_mime"
processing "deny"
check condition = ${if match {${lc:$mime_filename}}
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs)$\N} {1}{0}}
                = 0
deny: condition test failed in ACL "acl_check_mime"
processing "accept"
accept: condition test succeeded in ACL "acl_check_mime"
using ACL "acl_check_content"
processing "warn"
check dmarc_status = *
DMARC adding DKIM sender domain = misterball.com
DMARC no record found for it-labs.ru
norecord in "*"? yes (matched "*")
warn: condition test succeeded in ACL "acl_check_content"
LOG: MAIN
  H=mail75.atl11.rsgsv.net [205.201.133.75] Warning: DMARC DEBUG: norecord
*** No DMARC record *** it-labs.ru *** Authentication-Results:
tlyons.ivenue.net; dmarc=temperror header.from=it-labs.ru
processing "deny"
check condition = ${if >{${strlen:$h_subject:}}{1000}}
                =
deny: condition test failed in ACL "acl_check_content"
processing "deny"
check demime = *
check condition = ${if >{$demime_errorlevel}{2}{1}{0}}
                = 0
deny: condition test failed in ACL "acl_check_content"
processing "accept"
check condition = ${if def:header_x-atmail-account:{yes}{no}}
                = no
accept: condition test failed in ACL "acl_check_content"
processing "deny"
check condition = ${if !def:h_Date: {1}}
                =
deny: condition test failed in ACL "acl_check_content"
processing "discard"
check condition = ${if >{$message_size}{500K}{true}{false}}
                = false
discard: condition test failed in ACL "acl_check_content"
processing "accept"
accept: condition test succeeded in ACL "acl_check_content"
unspool_mbox(): unlinking
'/home/exim-build/tmp/var/spool/exim/scan/1VRLxL-0000Sq-31/1VRLxL-0000Sq-31-00000.com'
unspool_mbox(): unlinking
'/home/exim-build/tmp/var/spool/exim/scan/1VRLxL-0000Sq-31/1VRLxL-0000Sq-31-00000'
unspool_mbox(): unlinking
'/home/exim-build/tmp/var/spool/exim/scan/1VRLxL-0000Sq-31/1VRLxL-0000Sq-31.eml'
calling local_scan(); timeout=300
local_scan() returned 0 NULL
LOG: MAIN
  <= bounce-mc.us2_5466910.1551729-comp-news=
nestormedia.com@???
H=mail75.atl11.rsgsv.net[205.201.133.75] P=esmtp S=2638 id=
2010122202056.oBKXKuaUd8454@???

SMTP>> 250 OK id=1VRLxL-0000Sq-31

smtp_setup_msg entered
<- 250 OK id=1VRLxL-0000Sq-31
-> QUIT
SMTP<< QUIT
SMTP>> 221 tlyons.ivenue.net closing connection

LOG: smtp_connection MAIN
SMTP connection from mail75.atl11.rsgsv.net [205.201.133.75] closed by
QUIT
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=1788 terminating with rc=0 >>>>>>>>>>>>>>>>

<-
<- **** SMTP testing: that is not a real message id!
<-
<- 221 tlyons.ivenue.net closing connection
=== Connection closed with child process.



--
The total budget at all receivers for solving senders' problems is $0. If
you want them to accept your mail and manage it the way you want, send it
the way the spec says to. --John Levine