Hi Heiko,
many, many thanks for the detailed analysis. The result is really surprising for me:
I started receiving 5 days ago significant amount of spam to this email address with
an empty message's sender, but to my other addresses very rarely (even though
some of them receive a significant amount of other spam).
What do you recommend to do to filter spam with an empty message's sender?
Checking first for SPAM then for error_message?
if $h_X-Spam-Score: CONTAINS "++++++" then save Maildir/.SPAM/
logwrite "$tod_log $message_id contains spam"
finish
endif
if error_message then logwrite "$tod_log $message_id has an error_message"
finish endif
Thanks again,
Rainer
PS: This address was in use exclusively for the Outlet City Metzingen.
I notified them that (assuming that they did not sell my address) somebody may
have access to their systems.
On Saturday 12 December 2015 18:39:25 Heiko Schlittermann wrote:
> Hi Rainer,
>
> Rainer Dorsch <ml@???> (Sa 12 Dez 2015 17:55:19 CET):
> …
>
> > Dec 12 16:53:03 netcup exim4[13510]: 14658 Condition is true:
> > error_message
>
> Without consulting any documentation I'd say an 'error_message'
> condition is true, if the message's sender is empty.
>
> > In my case it is definitely no delivery failure message and from the log
> > for me no obvious other error is visible either (the "no IP address found
> > for host" shows also on some other messages which work ok).
> >
> > Does anybody see why the message below triggers an error_message?
>
> Contact from the remote sender:
> > Dec 12 16:52:58 netcup exim4[13510]: 13852 Connection request from
> > 115.73.16.126 port 26375
> …
>
> Recipient verification:
> > Dec 12 16:53:00 netcup exim4[13510]: 14645 R: system_aliases for
> > metzingen@??? Dec 12 16:53:00 netcup exim4[13510]: 14645 R:
> > system_aliases for rd@??? Dec 12 16:53:00 netcup exim4[13510]:
> > 14645 R: lowuid_aliases for rd@??? Dec 12 16:53:00 netcup
> > exim4[13510]: 14645 R: local_user for rd@???
> Content scan via spamd:
> > Dec 12 16:53:00 netcup exim4[13510]: 14645 trying server 127.0.0.1, port
> > 783
> Now, as it passed all checks, we accept (and log) the message.
>
> > Dec 12 16:53:03 netcup exim4[13510]: 14645 LOG: MAIN
>
> And the message has an empty (<>) sender. This it's an error message:
> > Dec 12 16:53:03 netcup exim4[13510]: 14645 <= <> H=(115.73.55.172)
> > [115.73.16.126] P=smtp S=2605
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
--
Rainer Dorsch
http://bokomoko.de/