> From: Thomas Hommers
> I am running exim as an email gateway
Why? What's the goal? Why not directly, without Exim at all,
just a firewall with incoming connections (except to port 25) blocked?
> The gateway itself does currently no content checking and is just
> forwarding any message as long the recipient is valid.
What's the difference with before you inserted the gateway?
> However the destination server might reject some messages based on it?s own spam filter. For most messages that works fine, that means that in case the destination server rejects a message, exim creates a NDR to the sender and drops the message.
> Only with a few messages, exim freezes the message after delivery error and does not create a NDR, it?s continue trying to deliver.
>
> Here are some details:
>
> exim -Mvh 1WieCZ-00030T-GL
> 1WieCZ-00030T-GL-H
> Debian-exim 101 103
> <>
This <> means that incoming message (spam) had empty envelope-from
(return-path, $sender_address).
> 1399616555 0
> -helo_name static.vnpt-hanoi.com.vn
> -host_address 222.252.20.152.2119
> -interface_address 1.2.3.4.25
> -received_protocol smtp
> -body_linecount 2
> -max_received_linelength 77
> -frozen 1399683558
> -manual_thaw
> XX
> 1
> nikki@???
>
> 189P Received: from [222.252.20.152] (helo=static.vnpt-hanoi.com.vn)
> by mx.mydomain.com with smtp (Exim 4.72)
> id 1WieCZ-00030T-GL
> for nikki@???; Fri, 09 May 2014 14:22:36 +0800
> 141P Received: from unknown (HELO localhost) (gonj@???@144.137.192.218)
> by 222.252.20.152 with ESMTPA; Fri, 9 May 2014 13:26:40 +0700
The second Received is fake (see below).
> 026F From: gonj@???
> 029T To: nikki@???
> 044 Subject: Improve your relationship with her
> 037 Date: Fri, 9 May 2014 13:11:56 +0700
>
> exim -Mvb 1WieCZ-00030T-GL
> 1WieCZ-00030T-GL-D
> Unbelievable improving effect on male health http://concerning.burra.ru/
>
> exim -Mvl 1WieCZ-00030T-GL
> 2014-05-09 14:22:36 Received from <> H=(static.vnpt-hanoi.com.vn) [222.252.20.152] P=smtp S=541
Here you also see <> which means empty envelope-from.
> 2014-05-09 14:28:48 nikki@??? R=direct_route_mx_dynamic T=remote_smtp_cert_dynamic: SMTP error from remote mail server after end of data: host mx-intern.mydomain.com [2.3.4.5]: 550 5.7.1 Message rejected as spam by Content Filtering.
> *** Frozen (delivery error message)
Here Exim calls the spam "delivery error message" because of empty
envelope-from (NDR have empty envelope-from). Exim doesn't create NDR
because it hasn't email address to send the NDR to. NDR must be sent
to envelope-from, not "From:".
I filter this type spam with:
discard message = discarded because recognized as Ukrainian spam (type 2)
senders = :
condition = ${if eq{$received_protocol}{smtp}}
condition = ${if !match{${local_part:$header_From:}}{(?i)daemon}}
condition = ${if match{$message_headers_raw}\
{\N\AReceived:(?:.+\n\t)+.+\n\
Received: from unknown \(HELO localhost\) \
\(([a-z\d._-]+@[a-z\d.-]+)@([\d.]+)\)\n\
\tby \S+ with ESMTPA;.+\n\
(X-Originating-IP: \2\n)?\
From: \1\n\
To: \S+\n\
Subject: \N}}
# The second Received is fake.