Mailing List Archive

Strange .forward fail
Hello,

I received an email with this header:

Return-path: <>
Envelope-to: microdollar@bokomoko.de
Delivery-date: Tue, 30 Mar 2021 14:14:46 +0200
Received: from [194.87.238.87] (helo=rusohrana.su)
by contabo.bokomoko.de with esmtp (Exim 4.92)
id 1lRDGd-0004lC-Dr
for microdollar@bokomoko.de; Tue, 30 Mar 2021 14:14:46 +0200
MIME-Version: 1.0
Message-Id: <INX.HDEkU.1ee9.7a6ae.2e18.iqBX8ac.bounce9@inx1and1.de>
From: Gewichtsverlust Deal <support-team-146@purosalin24.de>
Subject: Klicken Sie hier, um einen Zuschuss zu erhalten und Gewicht zu
verlieren - 14 Kg in 1 Monat
Reply-To: reply_iqBX8ac.bounce9@inx1and1.de
To: microdollar@bokomoko.de
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Tue, 30 Mar 2021 14:14:06 +0200
X-Spam-Score: 3.2 (+++)

my .forward file contains

elif "$original_local_part" is "microdollar" or $h_to: contains
"microdollar@bokomoko.de" then save Maildir/.AA-bokomoko.spam/

It seems to fail to match the above email:

2021-03-30 14:14:46 1lRDGd-0004lC-Dr <= <> H=(rusohrana.su) [194.87.238.87]
P=esmtp K S=4309 id=INX.HDEkU.1ee9.7a6ae.2e18.iqBX8ac.bounce9@inx1and1.de
2021-03-30 14:14:46 1lRDGd-0004lC-Dr => rd <microdollar@bokomoko.de>
R=local_user T=maildir_home

For an email for which the filter applies, I see

2021-03-29 15:22:17 1lQrqF-00085A-LA <=
pidVwypcDCvOSxt@yiddishdictionary.co.il H=(tr6a.ithound.com) [52.139.24.213]
P=esmtp K S=2318
2021-03-29 15:22:17 1lQrqF-00085A-LA => /home/rd/Maildir/.AA-bokomoko.spam/
(rd@bokomoko.de) <microdollar@bokomoko.de> R=userforward T=address_directory
2021-03-29 15:22:17 1lQrqF-00085A-LA Completed

The corresponding header

Return-path: <pidVwypcDCvOSxt@yiddishdictionary.co.il>
Envelope-to: microdollar@bokomoko.de
Delivery-date: Mon, 29 Mar 2021 15:22:17 +0200
Received: from [52.139.24.213] (helo=tr6a.ithound.com)
by contabo.bokomoko.de with esmtp (Exim 4.92)
(envelope-from <pidVwypcDCvOSxt@yiddishdictionary.co.il>)
id 1lQrqF-00085A-LA
for microdollar@bokomoko.de; Mon, 29 Mar 2021 15:22:17 +0200
MIME-Version: 1.0
From: 2DF Bitcoin Bulletin <Bitcoin-Geld-
iqjGxjnfXj@2DFBitcoinNews.webmdservice.com>
Subject: Finden Sie heraus, warum Mark Zuckerberg in Krypto investiert hat.
Reply-To: reply_to@webmdservice.com
Message-
Id:<slcesknsyvjxirwklhfirm_bcmomruqmiv_pokrc_tzedyfulrddkkpnbsygbajgploxijzhtk@.amazonses.com>
To: microdollar@bokomoko.de
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Mon, 29 Mar 2021 08:21:57 -0500
X-Spam-Score: 3.5 (+++)


Any idea or hint why these two emails are treated differently by the .forward
file is very welcome.

Thanks
Rainer

--
Rainer Dorsch
http://bokomoko.de/



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Strange .forward fail [ In reply to ]
Hello,

I think I found the problem:

I have an entry

if error_message then logwrite "$tod_log $message_id has an error_message"
finish
endif

which apparently hit these messages. It seems that some spam senders excite
(on purpose) this error path.

I assume forwarding these messages to an error folder would fix the issue:

if error_message then save Maildir/.AA-bokomoko.error/
logwrite "$tod_log $message_id has an error_message"
finish
endif

Regards
Rainer


Am Dienstag, 30. M?rz 2021, 22:39:29 CEST schrieb Rainer Dorsch via Exim-
users:
> Hello,
>
> I received an email with this header:
>
> Return-path: <>
> Envelope-to: microdollar@bokomoko.de
> Delivery-date: Tue, 30 Mar 2021 14:14:46 +0200
> Received: from [194.87.238.87] (helo=rusohrana.su)
> by contabo.bokomoko.de with esmtp (Exim 4.92)
> id 1lRDGd-0004lC-Dr
> for microdollar@bokomoko.de; Tue, 30 Mar 2021 14:14:46 +0200
> MIME-Version: 1.0
> Message-Id: <INX.HDEkU.1ee9.7a6ae.2e18.iqBX8ac.bounce9@inx1and1.de>
> From: Gewichtsverlust Deal <support-team-146@purosalin24.de>
> Subject: Klicken Sie hier, um einen Zuschuss zu erhalten und Gewicht zu
> verlieren - 14 Kg in 1 Monat
> Reply-To: reply_iqBX8ac.bounce9@inx1and1.de
> To: microdollar@bokomoko.de
> Content-Transfer-Encoding: 7bit
> Content-Type: text/html; charset=UTF-8
> Date: Tue, 30 Mar 2021 14:14:06 +0200
> X-Spam-Score: 3.2 (+++)
>
> my .forward file contains
>
> elif "$original_local_part" is "microdollar" or $h_to: contains
> "microdollar@bokomoko.de" then save Maildir/.AA-bokomoko.spam/
>
> It seems to fail to match the above email:
>
> 2021-03-30 14:14:46 1lRDGd-0004lC-Dr <= <> H=(rusohrana.su) [194.87.238.87]
> P=esmtp K S=4309 id=INX.HDEkU.1ee9.7a6ae.2e18.iqBX8ac.bounce9@inx1and1.de
> 2021-03-30 14:14:46 1lRDGd-0004lC-Dr => rd <microdollar@bokomoko.de>
> R=local_user T=maildir_home
>
> For an email for which the filter applies, I see
>
> 2021-03-29 15:22:17 1lQrqF-00085A-LA <=
> pidVwypcDCvOSxt@yiddishdictionary.co.il H=(tr6a.ithound.com) [52.139.24.213]
> P=esmtp K S=2318
> 2021-03-29 15:22:17 1lQrqF-00085A-LA => /home/rd/Maildir/.AA-bokomoko.spam/
> (rd@bokomoko.de) <microdollar@bokomoko.de> R=userforward T=address_directory
> 2021-03-29 15:22:17 1lQrqF-00085A-LA Completed
>
> The corresponding header
>
> Return-path: <pidVwypcDCvOSxt@yiddishdictionary.co.il>
> Envelope-to: microdollar@bokomoko.de
> Delivery-date: Mon, 29 Mar 2021 15:22:17 +0200
> Received: from [52.139.24.213] (helo=tr6a.ithound.com)
> by contabo.bokomoko.de with esmtp (Exim 4.92)
> (envelope-from <pidVwypcDCvOSxt@yiddishdictionary.co.il>)
> id 1lQrqF-00085A-LA
> for microdollar@bokomoko.de; Mon, 29 Mar 2021 15:22:17 +0200
> MIME-Version: 1.0
> From: 2DF Bitcoin Bulletin <Bitcoin-Geld-
> iqjGxjnfXj@2DFBitcoinNews.webmdservice.com>
> Subject: Finden Sie heraus, warum Mark Zuckerberg in Krypto investiert hat.
> Reply-To: reply_to@webmdservice.com
> Message-
> Id:<slcesknsyvjxirwklhfirm_bcmomruqmiv_pokrc_tzedyfulrddkkpnbsygbajgploxijzh
> tk@.amazonses.com> To: microdollar@bokomoko.de
> Content-Transfer-Encoding: 7bit
> Content-Type: text/html; charset=UTF-8
> Date: Mon, 29 Mar 2021 08:21:57 -0500
> X-Spam-Score: 3.5 (+++)
>
>
> Any idea or hint why these two emails are treated differently by the
> .forward file is very welcome.
>
> Thanks
> Rainer


--
Rainer Dorsch
http://bokomoko.de/



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/