Re: [exim] Message with error freeze instead of NDR

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] Message with error freeze instead of NDR
> From: Thomas Hommers

> I am running exim as an email gateway


Why? What's the goal? Why not directly, without Exim at all,
just a firewall with incoming connections (except to port 25) blocked?

> The gateway itself does currently no content checking and is just
> forwarding any message as long the recipient is valid.


What's the difference with before you inserted the gateway?

> However the destination server might reject some messages based on it?s own spam filter. For most messages that works fine, that means that in case the destination server rejects a message, exim creates a NDR to the sender and drops the message.
> Only with a few messages, exim freezes the message after delivery error and does not create a NDR, it?s continue trying to deliver.
>
> Here are some details:
>
> exim -Mvh 1WieCZ-00030T-GL
> 1WieCZ-00030T-GL-H
> Debian-exim 101 103
> <>


This <> means that incoming message (spam) had empty envelope-from
(return-path, $sender_address).

> 1399616555 0
> -helo_name static.vnpt-hanoi.com.vn
> -host_address 222.252.20.152.2119
> -interface_address 1.2.3.4.25
> -received_protocol smtp
> -body_linecount 2
> -max_received_linelength 77
> -frozen 1399683558
> -manual_thaw
> XX
> 1
> nikki@???
>
> 189P Received: from [222.252.20.152] (helo=static.vnpt-hanoi.com.vn)
>     by mx.mydomain.com with smtp (Exim 4.72)
>     id 1WieCZ-00030T-GL
>     for nikki@???; Fri, 09 May 2014 14:22:36 +0800
> 141P Received: from unknown (HELO localhost) (gonj@???@144.137.192.218)
>     by 222.252.20.152 with ESMTPA; Fri, 9 May 2014 13:26:40 +0700


The second Received is fake (see below).

> 026F From: gonj@???
> 029T To: nikki@???
> 044 Subject: Improve your relationship with her
> 037 Date: Fri, 9 May 2014 13:11:56 +0700
>
> exim -Mvb 1WieCZ-00030T-GL
> 1WieCZ-00030T-GL-D
> Unbelievable improving effect on male health http://concerning.burra.ru/
>
> exim -Mvl 1WieCZ-00030T-GL
> 2014-05-09 14:22:36 Received from <> H=(static.vnpt-hanoi.com.vn) [222.252.20.152] P=smtp S=541


Here you also see <> which means empty envelope-from.

> 2014-05-09 14:28:48 nikki@??? R=direct_route_mx_dynamic T=remote_smtp_cert_dynamic: SMTP error from remote mail server after end of data: host mx-intern.mydomain.com [2.3.4.5]: 550 5.7.1 Message rejected as spam by Content Filtering.
> *** Frozen (delivery error message)


Here Exim calls the spam "delivery error message" because of empty
envelope-from (NDR have empty envelope-from). Exim doesn't create NDR
because it hasn't email address to send the NDR to. NDR must be sent
to envelope-from, not "From:".

I filter this type spam with:

  discard message = discarded because recognized as Ukrainian spam (type 2)
        senders = :
        condition = ${if eq{$received_protocol}{smtp}}
        condition = ${if !match{${local_part:$header_From:}}{(?i)daemon}}
        condition = ${if match{$message_headers_raw}\
                {\N\AReceived:(?:.+\n\t)+.+\n\
                Received: from unknown \(HELO localhost\) \
                \(([a-z\d._-]+@[a-z\d.-]+)@([\d.]+)\)\n\
                \tby \S+ with ESMTPA;.+\n\
                (X-Originating-IP: \2\n)?\
                From: \1\n\
                To: \S+\n\
                Subject: \N}}
# The second Received is fake.