[exim] Help me understand exigrep very short snippet output

Góra strony
Delete this message
Reply to this message
Autor: Chip
Data:  
Dla: Exim-Users Mailing List
Temat: [exim] Help me understand exigrep very short snippet output
Hello.

I have been successfully using DMARC with my email server for months
with no problems. It is a VPS running WHM/CPanel and Exim version 4.87
#1 built on CentOS. I receive reports from providers on how many emails
have successfully reached their destination, etc.

Suddenly, DMARC report messages inbound from google reporting are being
rejected and frozen in my queue, or so it seems. I believe the answer
may be in this following snippet of exigrep output but I'm having a
difficult time understanding it.

Perhaps an exim guru here can decipher?

Is this a frozen message FROM my server outbound to google or a frozen
message that has ARRIVED from google that is being bounced back and
frozen on my end? Or neither.

I've also pasted the content of the message after the exigrep output.

Interesting that the message says repackage as zip, but I know all DMARC
inbound messages ARE in zip format and the headers even say
"Content-Type: application/zip; "

Thank you.
======================================================
Here is the exigrep output:

root@bla [~]# exigrep 1bH6AZ-0006lp-QI /var/log/exim_mainlog
2016-06-26 05:15:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
1bH6AZ-0006lp-QI

2016-06-26 09:53:21 cwd=/usr/local/cpanel/whostmgr/docroot 3 args:
/usr/sbin/exim -Mvh 1bH6AZ-0006lp-QI

2016-06-26 09:53:21 cwd=/usr/local/cpanel/whostmgr/docroot 3 args:
/usr/sbin/exim -Mvb 1bH6AZ-0006lp-QI

+++ 1bH6AZ-0006lp-QI has not completed +++
2016-06-26 05:15:59 1bH6AZ-0006lp-QI <= <> R=1bH6AS-0006lb-Ih U=mailnull
P=local S=6567 T="Mail delivery failed: returning message to sender" for
noreply-dmarc-support@???
2016-06-26 05:16:00 1bH6AZ-0006lp-QI ** noreply-dmarc-support@???
R=dkim_lookuphost T=dkim_remote_smtp H=aspmx.l.google.com
[173.194.203.27] X=TLSv1:AES128-SHA:128 CV=yes: SMTP error from remote
mail server after RCPT TO:<noreply-dmarc-support@???>: 550-5.2.1
The user you are trying to contact is receiving mail at a rate
that\n550-5.2.1 prevents additional messages from being delivered. For
more\n550-5.2.1 information, please visit\n550 5.2.1
https://support.google.com/mail/answer/6592 d10si18506869pat.143 - gsmtp
2016-06-26 05:16:00 1bH6AZ-0006lp-QI Frozen (delivery error message)
2016-06-26 05:19:11 1bH6AZ-0006lp-QI Message is frozen
2016-06-26 06:19:11 1bH6AZ-0006lp-QI Message is frozen
2016-06-26 07:19:11 1bH6AZ-0006lp-QI Message is frozen
2016-06-26 08:19:11 1bH6AZ-0006lp-QI Message is frozen
2016-06-26 09:19:11 1bH6AZ-0006lp-QI Message is frozen


======================================================
Here is the message frozen in the queue:

Received: from mailnull by who.bla.com with local (Exim 4.87)
     id 1bH6AZ-0006lp-QI
     for noreply-dmarc-support@???; Sun, 26 Jun 2016 05:15:59 -0400
X-Failed-Recipients: dmarc@???
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@???>
To: noreply-dmarc-support@???
Content-Type: multipart/report; report-type=delivery-status; 
boundary=1466932559-eximdsn-1804289383
MIME-Version: 1.0
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1bH6AZ-0006lp-QI@???>
Date: Sun, 26 Jun 2016 05:15:59 -0400


--1466932559-eximdsn-1804289383
Content-type: text/plain; charset=us-ascii

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

   dmarc@???
     This message has been rejected because it has
     potentially executable content "google.com!bla.com
     This form of attachment has been used by
     recent viruses or other malware.
     If you meant to send this file then please
     package it up as a zip file and resend it.


--1466932559-eximdsn-1804289383
Content-type: message/delivery-status

Reporting-MTA: dns; who.bla.com

Action: failed
Final-Recipient: rfc822;dmarc@???
Status: 5.0.0

--1466932559-eximdsn-1804289383
Content-type: message/rfc822

Return-path: <noreply-dmarc-support@???>
Received: from mail-oi0-f74.google.com ([209.85.218.74]:33248)
     by who.bla.com with esmtps (TLSv1:AES128-SHA:128)
     (Exim 4.87)
     (envelope-from <noreply-dmarc-support@???>)
     id 1bH6-0006lb-Ih
     for dmarc@???; Sun, 26 Jun 2016 05:15:59 -0400
Received: by mail-oi0-f74.google.com with SMTP id m85so9189152oig.0
         for <dmarc@???>; Sun, 26 Jun 2016 02:15:52 -0700 
(PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
         d=google.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-disposition
          :content-transfer-encoding;
         bh=V2fPhhdOS9KPPLk5PMCwDdC8HI84gPI1jhgD3N4S2IQ=;
b=HO1zx0w5lqfoQJcevX2ru4SuVX5xbosytsRT3A0hCRGv0z3H2pX4tBLBtE0vXSiHL+
          pgYHBR4MT8MFjw5eEP8xI6O/OnV2/cD
W94vIi589rPO9ckEyvzGcsgxe5a9HUIBs+9anj8TVCDkA95GLndFgnilC9RoPSGv7d6p
f4w+lFlb8B2O4WUrCHExJeWjR5s3uQjeuZFFsDy/UqGR+GToKfSzDWqXgS+P5ZUiew9C
          iU6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
         d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to
          :content-disposition:content-transfer-encoding;
         bh=V2fPhhdOS9KPPLk5PMCwDdC8HI84gPI1jhgD3N4S2IQ=;
b=cE+Bmd6HvzUwF0VA/pxkXzUy0R8kkXFhCOZBLzLIMWYEDaZ8el1fr4BcP4pvyN0coW
0PB6pkMpSz0k2VcgO7xoy4ig2aKxh4QIiekn4ohxd00eku9w9wK03MOR2gr2KN6o2lEf
SA6YuSGQRex56tKLrwD6X118+jWodIg1/B23qgG9aRgZlMCw6EkX+JBSupbrmwq6wlLw
          wNYA==
X-Gm-Message-State: ALyK8tJZNWFuPbhNTjyiPuSOAmTgRLbU6ErD8UgEJNKYXiHA==
MIME-Version: 1.0
X-Received: by 10.157.1.79 with SMTP id 
73mr12256479otu.47.1466932551036; Sun,
  26 Jun 2016 02:15:51 -0700 (PDT)
Date: Sat, 25 Jun 2016 16:59:59 -0700
Message-ID: <17469619084381@???>
Subject: Report domain: bla.com Submitter: google.com Report-ID: 
1746962798084381
From: noreply-dmarc-support@???
To: dmarc@???
Content-Type: application/zip;
     name="google.com!bla.com!1466812800!1466899199.zip"
Content-Disposition: attachment;
     filename="google.com!bla.com!1466812800!1466899199.zip"
Content-Transfer-Encoding: base64
X-Spam-Status: No, score=-0.4
X-Spam-Score: -3
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "who.bla.com",
  has NOT identified this incoming email as spam.  The original
  message has been attached to this so you can view it or label
  similar future email.  If you have any questions, see
  root\@localhost for details.


Content preview: [...]

Content analysis details: (-0.4 points, 5.0 required)

   pts rule name              description
  ---- ---------------------- 
--------------------------------------------------
   0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL 
was blocked.
                              See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                               for more information.
                              [URIs: bla.com]
  -1.4 RP_MATCHES_RCVD        Envelope sender domain matches handover 
relay domain
  -0.0 SPF_PASS               SPF: sender matches SPF record
   1.1 DATE_IN_PAST_06_12     Date: is 6 to 12 hours before Received: date
  -0.1 DKIM_VALID             Message has at least one valid DKIM or DK 
signature
  -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature 
from author's
                              domain
   0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not 
necessarily valid
   0.0 TVD_SPACE_RATIO        No description available.
X-Spam-Flag: NO


UEsDBAoAAAAIAOVI2kjNZcFhDQIAAOsIAAA4AAAAZ29vZ2xlLmNvbSF3aG9zYmVlbmxvb2tpbmcu
Y29tITE0NjY4MTI4MDAhMTQ2Njg5OTE5OS54bWztVsty4yAQvOcrXL5bGMexpS1Cctov2D2rMBrJ
lCUggOLk7xcCesTxMZutVO3JuGemZ6ZpySYPL127eAZjhZL3S5ytlwuQXFVCNvfL379+rvLl4oHe
kBqgOjB+ojeLBTGglXFlB45VzLGAeVSZppSsA9oo1bSQcdURNIIxBzomWiqVZ2hfV1XHDF/ZXge6
x3lZzEs1L86wkivpGHelkLWiR+e0/YFQKs2mUsQQk/YMBm22u91dvvZcH+sjcVpDVBTvt7tih4vN
drMv8nW+vc0xQVM85vtdoTRMNmkbDx2gEZJi3yrHm3ztu0VkiIOsYrQocFH4WeRAht6zjd3mohKt


--1466932559-eximdsn-1804289383--