Re: [exim] Very strange problem: E-Mail denied by ACL, but …

Am 24.02.2021 13:31, schrieb Jeremy Harris via Exim-users:

Hi again

     Add debug options to your -bh repeat-by,
     and follow through the flow of the ACLs.

This is very strange... I tried to add a "deny" just after the check by
Kaspersky:

   warn  condition       = ${if def:h_X-Ciphermail {false}{true}}
         condition       = ${if eq {$acl_m_dontAVscan}{} {yes}{no}}
         set acl_m_klms_headers =
         set acl_m_klms_result =
         set acl_m_klms_answer = 
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}

deny senders = lucabert@???

If I try to send an E-Mail from my address, it will rejected and then...
sent to my mailbox...
Tried with exim -d+all -bh ... I see:

09:37:26 24256  ┌considering: 
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
09:37:26 24256   ┌considering: 
/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
09:37:26 24256   ├──expanding: /opt/kaspersky/klms/lib64/libklms-exim.so
09:37:26 24256   └─────result: /opt/kaspersky/klms/lib64/libklms-exim.so
09:37:26 24256   ┌considering: scan}{${spool_directory}/input}}
09:37:26 24256   ├──expanding: scan
09:37:26 24256   └─────result: scan
09:37:26 24256   ┌considering: ${spool_directory}/input}}
09:37:26 24256   ├──expanding: ${spool_directory}/input
09:37:26 24256   └─────result: /var/spool/exim4/input
09:37:26 24256   ┌considering: ${sender_helo_name}
09:37:26 24256   ├──expanding: ${sender_helo_name}
09:37:26 24256   └─────result: mail.lucabert.de
09:37:26 24256   ┌considering: ${recipients}
09:37:26 24256   ├──expanding: ${recipients}
09:37:26 24256   └─────result: l.bertoncello@???
09:37:27 24256  ├──expanding: 
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
09:37:27 24256  └─────result: 250 OK
09:37:27 24256 check set acl_m_klms_answer = 
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
09:37:27 24256                             = 250 OK
09:37:27 24256 warn: condition test succeeded in ACL "acl_check_data"
09:37:27 24256 processing "deny"
09:37:27 24256 check senders = lucabert@???
09:37:27 24256 address match test: subject=lucabert@??? 
pattern=lucabert@???
09:37:27 24256 lucabert.de in "lucabert.de"? yes (matched "lucabert.de")
09:37:27 24256 lucabert@??? in "lucabert@???"? yes 
(matched "lucabert@???")
09:37:27 24256 deny: condition test succeeded in ACL "acl_check_data"
09:37:27 24256 end of ACL "acl_check_data": DENY
09:37:27 24256 >>Headers added by DATA ACL:
09:37:27 24256   X-AV-scan: yes
09:37:27 24256 >>
09:37:27 24256 unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lJXrk-0006JE-Qh/1lJXrk-0006JE-Qh.eml'
09:37:27 24256 unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lJXrk-0006JE-Qh/1lJXrk-0006JE-Qh-00000'
09:37:27 24256 unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lJXrk-0006JE-Qh/1lJXrk-0006JE-Qh-00002'
09:37:27 24256 unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lJXrk-0006JE-Qh/1lJXrk-0006JE-Qh-00001'
09:37:27 24256 SMTP>> 550 Administrative prohibition
550 Administrative prohibition
09:37:27 24256 LOG: MAIN REJECT
09:37:27 24256   H=(mail.lucabert.de) [185.242.112.224] 
F=<lucabert@???> rejected after DATA
09:37:27 24256 smtp_setup_msg entered
quit
09:37:30 24256 SMTP<< quit
09:37:30 24256 SMTP>> 221 mail.queo-group.com closing connection
221 mail.queo-group.com closing connection
09:37:30 24256 LOG: smtp_connection MAIN
09:37:30 24256   SMTP connection from (mail.lucabert.de) 
[185.242.112.224] closed by QUIT
09:37:30 24256 search_tidyup called
09:37:30 24256 >>>>>>>>>>>>>>>> Exim pid=24256 (main) terminating with 
rc=0 >>>>>>>>>>>>>>>>

The strange is, that the E-Mail just be submitted if it contains a ZIP
file as attachment. For example, an E-Mail with a PNG will not be
resubmitted...

Do someone have an idea what happens?

Thanks
Luca Bertoncello
(lucabert@???)