Re: [exim] No MAIL verb before RCPT

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MViktor Dukhovni at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Phillip Carroll
Date:  
To: exim-users
Subject: Re: [exim] No MAIL verb before RCPT
On 2/13/2017 3:37 PM, Viktor Dukhovni wrote:
>
>> On Feb 13, 2017, at 5:08 PM, Phillip Carroll <postmaster@???> wrote:
>>
>> Viktor,
>>
>> The headers do not indicate this was a purported bounce. It had a normal from header:
>> From: "Amazon.com" <amazon@???>
>
> The "From:" header is quite irrelevant in this context. Especially
> with email scams, the message envelope will often have no relationship
> with the headers.
>
> You could check the "Return-Path:" which is typically where the envelope
> sender is recorded on final delivery.
>

Viktor, I should have answered your other question first. There is
nothing in my mail acl that behaves differently for a purported bounce.

In any event, for the sake of completeness, the headers (with minimal
obfuscation) were: 

Return-path: <amazon@???>
Envelope-to: obfuscated@???
Delivery-date: Mon, 13 Feb 2017 08:52:27 -0700
Received: from 47-48-213-250.static.gwnt.ga.charter.com 
([47.48.213.250]:17559 helo=amazon-sales.com)
    by enablingsimplicity.com with smtp (Exim 4.88)
    (envelope-from <amazon@???>)
    id 1cdIvT-0003YL-Df
    for obfuscated@???; Mon, 13 Feb 2017 08:52:27 -0700
Message-ID: <DB450527.2B166B0D@???>
Date: Mon, 13 Feb 2017 10:52:27 -0500
From: "Amazon.com" <amazon@???>
X-Mailer: iPad Mail (9B206)
X-Accept-Language: en-us
MIME-Version: 1.0
To: <obfuscated@???>
Subject: Your Amazon.com order has shipped (#506-57028223-6312652776)
{{{ the message }}}


The main log has the following entries at time of receipt. The second
logged line is from a logwrite in the RCPT acl:

2017-02-13 08:52:26 [25626] SMTP connection from [47.48.213.250]:17559
I=[45.79.89.203]:25 (TCP/IP connection count = 1)

2017-02-13 08:52:27 [13661] HELO=amazon-sales.com,
HOST=47-48-213-250.static.gwnt.ga.charter.com ** receipt accepted

2017-02-13 08:52:27 [13661] 1cdIvT-0003YL-Df <= amazon@???
H=47-48-213-250.static.gwnt.ga.charter.com (amazon-sales.com)
[47.48.213.250]:17559 I=[45.79.89.203]:25 P=smtp S=4950 M8S=0
id=DB450527.2B166B0D@??? T="Your Amazon.com order has
shipped (#506-57028223-6312652776)" from <amazon@???> for
obfuscated@???

--
Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] No MAIL verb before RCPTRe: [exim] No MAIL verb before RCPT->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)