reject=553 and stat=Sent simultaneously
am 21.01.2008 16:34:28 von SciurusFragment of my sendmail.mc:
KCH1 regex -a@YES
outblaze|check1check|mindspring|bigfoot|funnymail|bellsouth. net|
tiscali.(it|nl|fr)|wanadoo.(it|nl|fr)|nic.*olastse.(com|net) |
videotron.ca|blueyonder|mailcity[.]|mexico|comcast.net|earth link.com|
libertysurf.net|mozartmail.com|telepac.pt|edomex.com|quintan aroo.com|
telia.com|hideakifan.com|icq.com|delphi.com|optonline.net|
interbusiness.it
-------------
[skip]
KChHeader sequence CH1 CH2 CH3 CH4 CH5 CH6
HReceived: $>+CheckReceived
SCheckReceived
R$* $: $(ChHeader $1 $)
R@YES $#error $: "553 There is spam domain in the
header."
----------
These rules catched domain "telia.com".
maillog:
Jan 16 18:29:35 mail sendmail[16777]: m0GDTVAR016777: from=3D<>,
size=3D3420, class=3D0, nrcpts=3D1,
msgid=3D<20080116132132.BD722578F5@an.ru>, proto=3DESMTP, daemon=3DMTA,
relay=3Drelay.an.ru [213.142.209.142]
Jan 16 18:29:35 mail drweb-smf[16782]: [m0GDTVAR016777]: scan: the
message(drweb.tmp.gYnh0y) sent by <> to consiglio@anrb.ru is passed
Jan 16 18:29:35 mail drweb-smf[16782]: [m0GDTVAR016777]: processing
message from <> is over
Jan 16 18:29:35 mail sendmail[16777]: m0GDTVAR016777: Milter add:
header: X-Antivirus: Dr.Web (R) for Mail Servers on mail host
Jan 16 18:29:35 mail sendmail[16777]: m0GDTVAR016777: Milter add:
header: X-Antivirus-Code: 100000
Jan 16 18:29:36 mail sendmail[16777]: m0GDTVAR016777: Milter add:
header: X-Spam-Ystatus: hits=3D-7.50
Jan 16 18:29:36 mail sendmail[16777]: m0GDTVAR016777: Milter add:
header: X-Spam-Flag: NO
Jan 16 18:29:36 mail sendmail[16777]: m0GDTVAR016777: Milter add:
header: X-Spam-Yversion: Spamooborona-2.1.0
Jan 16 18:29:36 mail sendmail[16796]: m0GDTVAR016777:
ruleset=3DCheckReceived, arg1=3D from h195n2fls301o260.telia.com
(81.230.233.195) by pne-smtpout2-sn1.fre.skanova.net
(7.3.129)\n id 478E02C700000E83 for ipnfifnu@olcon.murmansk.ru;
Wed, 16 Jan 2008 14:21:05 +0100, relay=3Drelay.an.ru [213.142.209.142],
reject=3D553 5.0.0
header."
Jan 16 18:29:36 mail sendmail[16796]: m0GDTVAR016777:
to=3D
l,
pri=3D33750, dsn=3D2.0.0, stat=3DSent
------------
But there isn't telia.com in the main header.
It is in the internal Received in the message body:
Received: from h195n2fls301o260.telia.com (81.230.233.195) by pne-
smtpout2-n1.fre.skanova.net (7.3.129) id 478E02C700000E83 for
ipnfifnu@olcon.murmansk.ru; Wed, 16 Jan 2008 14:21:05 +0100
It seems that the original spam mail had the forged sender address and
bounce message delivered to my user.
>From MAILER-DAEMON Wed Jan 16 18:29:36 2008
Return-Path:
Received: from an.ru (relay.an.ru [213.142.209.142])
by mail.anrb.ru (8.14.2/8.14.2) with ESMTP id m0GDTVAR016777
for
Received: by an.ru (Postfix)
id BD722578F5; Wed, 16 Jan 2008 16:21:32 +0300 (MSK)
Date: Wed, 16 Jan 2008 16:21:32 +0300 (MSK)
From: MAILER-DAEMON@an.ru (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: consiglio@anrb.ru
MIME-Version: 1.0
Content-Type: multipart/report; report-type=3Ddelivery-status;
boundary=3D"9B4B0578DF.1200489692/an.ru"
Message-Id: <20080116132132.BD722578F5@an.ru>
X-Antivirus: Dr.Web (R) for Mail Servers on mail host
X-Antivirus-Code: 100000
X-Spam-Ystatus: hits=3D-7.50
X-Spam-Flag: NO
X-Spam-Yversion: Spamooborona-2.1.0
Status: RO
This is a MIME-encapsulated message.
--9B4B0578DF.1200489692/an.ru
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host an.ru.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
myself
--9B4B0578DF.1200489692/an.ru
Content-Description: Delivery error report
Content-Type: message/delivery-status
Reporting-MTA: dns; an.ru
Arrival-Date: Wed, 16 Jan 2008 16:21:32 +0300 (MSK)
Final-Recipient: rfc822; ipnfifnu@olcon.murmansk.ru
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; mail for olcon.murmansk.ru loops back to
myself
--9B4B0578DF.1200489692/an.ru
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from localhost (localhost [127.0.0.1])
by relay.an.ru (Postfix) with ESMTP id 9B4B0578DF
for
+0300 (MSK)
Received: from an.ru ([127.0.0.1])
by localhost (relay.an.ru [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP
id 70724-08 for
Wed, 16 Jan 2008 16:21:32 +0300 (MSK)
Received: from pne-smtpout2-sn1.fre.skanova.net (pne-smtpout2-
sn1.fre.skanova.net [81.228.11.159])
by an.ru (Postfix) with ESMTP id 1EB9F578DA
for
+0300 (MSK)
Received: from h195n2fls301o260.telia.com (81.230.233.195) by pne-
smtpout2-
==================== =====3D=
==================== =====3D=
=======3D
n1.fre.skanova.net (7.3.129)
id 478E02C700000E83 for ipnfifnu@olcon.murmansk.ru; Wed, 16
Jan 2008 14:21:05 +0100
Received: from [67.78.43.200] (HELO SWADLT)
by 81.230.233.195 (CommuniGate Pro SMTP 5.0.11)
with SMTP id 40127220 for ipnfifnu@olcon.murmansk.ru; Wed, 16
Jan 2008 14:21:14 +0100
Message-ID:
<002001c85842$abedbfb0$c3e9e651@h195n2fls301o260.telia.com>
From: "Àâàí=F1 - =D1-Ïèòå=F0"
To:
Subject: Ïëåíêà òåðìîóñàäî÷íàÿ
Date: Wed, 16 Jan 2008 14:21:14 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=3D"----=3D_NextPart_000_001D_01C8584B.0D3863D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3568
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3141
X-Virus-Scanned: by amavisd-new at an.ru
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char C0 hex) in
message header 'From'
From: "\300\342\340\355\361 - \321-\317\350\362\345\360"...
^
This is a multi-part message in MIME format.
------=3D_NextPart_000_001D_01C8584B.0D3863D0
Content-Type: text/plain;
charset=3D"windows-1251"
Content-Transfer-Encoding: quoted-printable
lvtr
------=3D_NextPart_000_001D_01C8584B.0D3863D0
Content-Type: text/html;
charset=3D"windows-1251"
Content-Transfer-Encoding: quoted-printable
------=3D_NextPart_000_001D_01C8584B.0D3863D0--
--9B4B0578DF.1200489692/an.ru--
I read that "sendmail.cf checks only "top level headers" (http://
groups.google.com/group/comp.mail.sendmail/browse_frm/thread /
fb23a981c96bf80b/e43880ae2f6bccde?tvc=3D1&q=3Dsciurus).
But what does this maillog record mean
( ruleset=3DCheckReceived ...reject=3D553 ...)?
Does it mean that sendmail.cf checks internal headers anyway but the
result doesn't matter for sendmail?
Sometimes the same thing happens with other rulesets (CheckSubject,
CheckFrom, CheckHeader).
Now i use sendmail8.14.2 but it also hapened in the previous
versions.
Thanks in advance,
Diana.
http://www.anrb.ru/linux/sendmail.html