Two different sender addresses in one process in the maillog.

My Local_check_rcpt blocks mail with word "sale" in the sender
address.

Mar 28 00:15:03 mail sendmail[9029]: m2RJEnMg009029:
ruleset=check_mail, arg1=,
relay=visible-foe.volia.net [77.122.31.59], reject=554 5.0.0
Sorry,Your e-mail address looks like SPAM2N.If not,please contact the
postmaster@anrb.ru via another e-mail address.
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: from=<--rating@b-
r.ru>, size=9371, class=0, nrcpts=1,
msgid=<01c8904f$ffe3e280$3b1f7a4d@--rating>, proto=ESMTP, daemon=MTA,
relay=visible-foe.volia.net [77.122.31.59]
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter change:
header Subject: from
=?koi8-r?B?8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJL g==?= to
[SPAM:: 13.20]
=?koi8-r?B?8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJL g==?=
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Ystatus: hits=13.20
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Flag: YES
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Yversion: Spamooborona-2.1.0
Mar 28 00:15:11 mail drweb-smf[9034]: [m2RJEnMg009029]: scan: the
message(drweb.tmp.ShstoR) sent by --rating@b-r.ru to
zytseva@anrb.ru is passed
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Antivirus: Dr.Web (R) for Mail Servers on mail
host
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Antivirus-Code: 100000
Mar 28 00:15:11 mail drweb-smf[9034]: [m2RJEnMg009029]: processing
message from --rating@b-r.ru is over
Mar 28 00:15:11 mail sendmail[9386]: m2RJEnMg009029:
to=, delay=00:00:04, xdelay=00:00:00,
mailer=local, pri=39733, dsn=2.0.0, stat=Sent

Arg1= in the check_mail and from=<--rating@b-r.ru> are
different.
What makes this happen?

The header of the message is:

>From --rating@b-r.ru Fri Mar 28 00:15:11 2008
Return-Path: <--rating@b-r.ru>
Received: from tycoon-faa63cab (visible-foe.volia.net [77.122.31.59])
by mail.anrb.ru (8.14.2/8.14.2) with ESMTP id m2RJEnMg009029
for ; Fri, 28 Mar 2008 00:15:07 +0500
Received: from [77.122.31.59] by mx1.b-r.ru; Thu, 27 Mar 2008 21:17:45
+0200
Message-ID: <01c8904f$ffe3e280$3b1f7a4d@--rating>
From: =?koi8-r?B?78vTwc7B?= <--rating@b-r.ru>
To:
Subject: [SPAM:: 13.20] =?koi8-r?B?
8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJLg==?=
Date: Thu, 27 Mar 2008 21:17:45 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C8904F.FFE3E280"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Ystatus: hits=13.20
X-Spam-Flag: YES
X-Spam-Yversion: Spamooborona-2.1.0
X-Antivirus: Dr.Web (R) for Mail Servers on mail host
X-Antivirus-Code: 100000
Status: RO
X-Status:
X-Keywords:
X-UID: 11188

Address sale@nv.com.ua is absent in the header and in the message
body.

I saw today the same thing again: arg1= &
from=

Apr 1 01:16:41 mail sendmail[7140]: m2VJGQ3F007140:
ruleset=check_mail, arg1=,
relay=cpe-65-186-65-69.columbus.res.rr.com [65.186.65.69], reject=554
5.0.0 Sorry,Your e-mail address looks like SPAM2N.If
not,please contact the postmaster@anrb.ru via another e-mail address.
Apr 1 01:16:49 mail sendmail[7140]: m2VJGQ3F007140:
from=, size=5258, class=0, nrcpts=1,
msgid=<613122061.25715606261621@webpub.com>, proto=ESMTP, daemon=MTA,
relay=cpe-65-186-65-69.columbus.res.rr.com
[65.186.65.69]
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter change:
header Subject: from
=?koi8-r?B?7s/Xz9fXxcTFzsnRIMTM0SDQ0sHXIOnO1MXMLiDzz8LT1NfFz s7P0w==?=\n
\t=?koi8-r?B?1Mku?= to [SPAM:: 21.70]
=?koi8-r?B?7s/Xz9fXxcTFzsnRIMTM0SDQ0sHXIOnO1MXMLiDzz8LT1NfFz s7P0w==?=\n
\t=?koi8-r?B?1Mku?=
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Ystatus: hits=21.70
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Flag: YES
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Yversion: Spamooborona-2.1.0
Apr 1 01:16:50 mail drweb-smf[7143]: [m2VJGQ3F007140]: scan: the
message(drweb.tmp.KXmefg) sent by fac@webpub.com to
gertin@anrb.ru is passed
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Antivirus: Dr.Web (R) for Mail Servers on mail
host
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Antivirus-Code: 100000
Apr 1 01:16:50 mail drweb-smf[7143]: [m2VJGQ3F007140]: processing
message from fac@webpub.com is over
Apr 1 01:16:50 mail sendmail[7178]: m2VJGQ3F007140:
to=, delay=00:00:05, xdelay=00:00:00, mailer=local,
pri=35653, dsn=2.0.0, stat=Sent

My user has received this mail yet so I cannot show it's header.

Re: Two different sender addresses in one process in the maillog.

On Apr 4, 5:01=A0pm, Sciurus wrote:
> My Local_check_rcpt blocks mail with word "sale" in the sender
> address.

I am sorry. My Local_check_mail blocks mail with word "sale" in the
sender
address.

Re: Two different sender addresses in one process in the maillog.

Sciurus schrieb:
> My Local_check_rcpt blocks mail with word "sale" in the sender
> address.

If you must ...

> Arg1= in the check_mail and from=<--rating@b-r.ru> are
> different.
> What makes this happen?

Check out the concept of SMTP envelope.
Arg1 = envelope sender address
From = header sender address

HTH
T.

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Re: Two different sender addresses in one process in the maillog.

> Check out the concept of SMTP envelope.
> Arg1 =3D envelope sender address
> =A0From =3D header sender address

Yes, it is, if "From:" is in the header:
From: =3D?koi8-r?B?78vTwc7B?=3D <--rat...@b-r.ru>

But I say about "from=3D<--rating@b-r.ru>" in the maillog.
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: from=3D<--
rating@b-
r.ru>, size=3D9371, class=3D0, nrcpts=3D1,

Is "--rating@b-r.ru" header sender address too?
If not why does arg1=3D not coincide with from=3D?

Re: Two different sender addresses in one process in the maillog.

Sciurus schrieb:
>> Check out the concept of SMTP envelope.
>> Arg1 = envelope sender address
>> From = header sender address
>
> Yes, it is, if "From:" is in the header:
> From: =?koi8-r?B?78vTwc7B?= <--rat...@b-r.ru>
>
> But I say about "from=<--rating@b-r.ru>" in the maillog.
> Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: from=<--
> rating@b-
> r.ru>, size=9371, class=0, nrcpts=1,
>
> Is "--rating@b-r.ru" header sender address too?
> If not why does arg1= not coincide with from=?

It's not the same message. From your logs, it looks like the sender
first tried to send you a mail with envelope sender address
, which was rejected, and then within the same SMTP
connection sent another mail with envelope sender <--rating@b-r.ru>,
which was accepted.

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Re: Two different sender addresses in one process in the maillog.

> It's not the same message.
Evrika!
Thank you very much.