Re: [exim] No MAIL verb before RCPT

Mon, 13 Feb 2017 15:32:45 -0800 

On 2/13/2017 3:37 PM, Viktor Dukhovni wrote:



On Feb 13, 2017, at 5:08 PM, Phillip Carroll 
<[email protected]> wrote:

Viktor,

The headers do not indicate this was a purported bounce. It had a normal from 
header:
From: "Amazon.com" <[email protected]>


The "From:" header is quite irrelevant in this context.  Especially
with email scams, the message envelope will often have no relationship
with the headers.

You could check the "Return-Path:" which is typically where the envelope
sender is recorded on final delivery.




Viktor, I should have answered your other question first. There is 
nothing in my mail acl that behaves differently for a purported bounce.



In any event, for the sake of completeness, the headers (with minimal 
obfuscation) were:


Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 13 Feb 2017 08:52:27 -0700

Received: from 47-48-213-250.static.gwnt.ga.charter.com 
([47.48.213.250]:17559 helo=amazon-sales.com)

        by enablingsimplicity.com with smtp (Exim 4.88)
        (envelope-from <[email protected]>)
        id 1cdIvT-0003YL-Df
        for [email protected]; Mon, 13 Feb 2017 08:52:27 -0700
Message-ID: <[email protected]>
Date: Mon, 13 Feb 2017 10:52:27 -0500
From: "Amazon.com" <[email protected]>
X-Mailer: iPad Mail (9B206)
X-Accept-Language: en-us
MIME-Version: 1.0
To: <[email protected]>
Subject: Your Amazon.com order has shipped (#506-57028223-6312652776)
{{{ the message }}}


The main log has the following entries at time of receipt. The second 
logged line is from a logwrite in the RCPT acl:



2017-02-13 08:52:26 [25626] SMTP connection from [47.48.213.250]:17559 
I=[45.79.89.203]:25 (TCP/IP connection count = 1)



2017-02-13 08:52:27 [13661] HELO=amazon-sales.com, 
HOST=47-48-213-250.static.gwnt.ga.charter.com ** receipt accepted



2017-02-13 08:52:27 [13661] 1cdIvT-0003YL-Df <= [email protected] 
H=47-48-213-250.static.gwnt.ga.charter.com (amazon-sales.com) 
[47.48.213.250]:17559 I=[45.79.89.203]:25 P=smtp S=4950 M8S=0 
[email protected] T="Your Amazon.com order has 
shipped (#506-57028223-6312652776)" from <[email protected]> for 
[email protected]


--
Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to