[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] Catchall not working correctly

Subject: Re: [vps-mail] Catchall not working correctly
From: "Bennett Lanford" <ben@xxxxxxxxxxxxx>
Date: Thu, 20 Nov 2003 17:19:23 -0000

Jim Smith <maillists@xxxxxxxxxxxxxxxx> said:

> I finally set my catchall to bounce emails that aren't specifically
> addressed to an identified address. It cut my junk mail down immensely.
> However, I'm still getting a few spams each day that it should bounce and
> doesn't (see headers copied below). I'm wondering if anyone can give me some
> ideas as to how these are sneaking in past the catchall and how to block
> them. For example, I got an email to denisep@xxxxxxxxxxxxxxxx yet I have
> nothing vaguely resembling denisep in my virtmap list. There is no
> indication of cc or bcc going to me (jimsmith@xxxxxxxxxxxxxxxx) or any of my
> virtmap listings. How did it get through?

Any correspondence between what appears in e-mail headers and the actual 
envelope recipients/senders is purely coincidental--at least in the world of 
spammers. During the SMTP conversation, the sender issued a "RCPT TO:" SMTP 
command, specifying an address that matched a valid recipient in

1. virtmaps/virtusertable OR
2. aliases OR
3. a local mailbox

Then, during the DATA phase (where the actual text--including headers--of the 
e-mail is entered) the sender entered a line with the header

To: denisep@xxxxxxxxxxxxxxxx

which doesn't correspond to any of the "RCPT TO:" envelope recipients. Since 
sendmail uses the envelope recipients to deliver incoming e-mail, it ignored 
the To: header.

(Actually, it might be even more complicated than that: the sender might have 
issued multiple "RCPT TO:" commands, including one to denisep@xxxxxxxxxxxxxxxx 
[which *might* have been refused], but including only one of the recipients in 
the "To:" header ...)

I notice that none of your "Received" headers include a "for=" clause, and 
that none of the headers indicate who the envelope recipient was.

You *might* be able to search the messages/maillog for the entries that 
correspond to that e-mail and look for the "to=" equate to see who the 
envelope recipient was. That might help solve the mystery ...

Ben

> 
> I can set up a redundant rule in my procmailrc list to block everything
> missed by the virtmap catchall but it seems that, if the catchall is not
> working correctly, that should be fixed first. Any thoughts?
> 
> Thanks,
> 
> Jim Smith
> 
>  --------------------------------------------------------
>            Jim Smith, Blarneystone, LLC.
>   Website Design, Hosting, Development & Enhancement
>    E-MAIL:      jimsmith@xxxxxxxxxxxxxxxx
>    WEBSITE:     http://www.blarneystone.com
>  --------------------------------------------------------
> 
> Return-Path: <jrh3isxu@xxxxxxx>
> Received: from 12-223-103-109.client.insightbb.com
> (12-223-103-109.client.insightbb.com [12.223.103.109])
> 	by blarneys.securesites.net (8.12.6p3/8.12.6) with SMTP id 
hAK62Qlw065870;
> 	Thu, 20 Nov 2003 06:02:27 GMT
> 	(envelope-from jrh3isxu@xxxxxxx)
> Received: from [212.140.180.92]
> 	by 12-223-103-109.client.insightbb.com with ESMTP id DBABDABC9E7;
> 	Thu, 20 Nov 2003 02:54:37 -0200
> Message-ID: <35e76z99q8y-d30-462-5-lmvn2g$bo@2uq5c4j>
> From: "Marco Bloom" <jrh3isxu@xxxxxxx>
> Reply-To: "Marco Bloom" <jrh3isxu@xxxxxxx>
> To: denisep@xxxxxxxxxxxxxxxx
> Subject: Talk about huge res.ults... donf
> Date: Thu, 20 Nov 2003 02:54:37 GMT
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="ADE61A_.5..5C._B5C.DD.FC"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-ClamAV: clean
> X-Spam-Status: No, hits=3.3 required=5.0
> 	tests=CASHCASHCASH,MISSING_MIMEOLE,SPAM_PHRASE_00_01,
> 	      USER_AGENT_OE
> 	version=2.43
> Status:  O
> 
> 
> ======================================================================
> This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
> ======================================================================
> 



-- 
Bennett Lanford
ben@xxxxxxxxxxxxx


======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
======================================================================

References:
- [vps-mail] Catchall not working correctly
  - From: Jim Smith

Prev by Date: [vps-mail] Catchall not working correctly
Next by Date: Re: [vps-mail] Installing SCBL for sendmail - need help, please
Previous by thread: [vps-mail] Catchall not working correctly
Next by thread: [vps-mail] About adding headers to mail
Index(es):
- Date
- Thread

Main Index | Thread Index