Two different sender addresses in one process in the maillog.
Sciurus
address.
Mar 28 00:15:03 mail sendmail[9029]: m2RJEnMg009029:
ruleset=check_mail, arg1=<sa...@nv.com.ua>,
relay=visible-foe.volia.net [77.122.31.59], reject=554 5.0.0
Sorry,Your e-mail address looks like SPAM2N.If not,please contact the
postm...@anrb.ru via another e-mail address.
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: from=<--rating@b-
r.ru>, size=9371, class=0, nrcpts=1,
msgid=<01c8904f$ffe3e280$3b1f7a4d@--rating>, proto=ESMTP, daemon=MTA,
relay=visible-foe.volia.net [77.122.31.59]
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter change:
header Subject: from
=?koi8-r?B?8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJLg==?= to
[SPAM:: 13.20]
=?koi8-r?B?8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJLg==?=
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Ystatus: hits=13.20
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Flag: YES
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Spam-Yversion: Spamooborona-2.1.0
Mar 28 00:15:11 mail drweb-smf[9034]: [m2RJEnMg009029]: scan: the
message(drweb.tmp.ShstoR) sent by --rat...@b-r.ru to
zyt...@anrb.ru is passed
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Antivirus: Dr.Web (R) for Mail Servers on mail
host
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: Milter add:
header: X-Antivirus-Code: 100000
Mar 28 00:15:11 mail drweb-smf[9034]: [m2RJEnMg009029]: processing
message from --rat...@b-r.ru is over
Mar 28 00:15:11 mail sendmail[9386]: m2RJEnMg009029:
to=<zyt...@anrb.ru>, delay=00:00:04, xdelay=00:00:00,
mailer=local, pri=39733, dsn=2.0.0, stat=Sent
Arg1=<sa...@nv.com.ua> in the check_mail and from=<--rat...@b-r.ru> are
different.
What makes this happen?
The header of the message is:
>From --rat...@b-r.ru Fri Mar 28 00:15:11 2008
Return-Path: <--rat...@b-r.ru>
Received: from tycoon-faa63cab (visible-foe.volia.net [77.122.31.59])
by mail.anrb.ru (8.14.2/8.14.2) with ESMTP id m2RJEnMg009029
for <zyt...@anrb.ru>; Fri, 28 Mar 2008 00:15:07 +0500
Received: from [77.122.31.59] by mx1.b-r.ru; Thu, 27 Mar 2008 21:17:45
+0200
Message-ID: <01c8904f$ffe3e280$3b1f7a4d@--rating>
From: =?koi8-r?B?78vTwc7B?= <--rat...@b-r.ru>
To: <zyt...@anrb.ru>
Subject: [SPAM:: 13.20] =?koi8-r?B?
8NLB18Egyc7UxczMxcvU1cHM2M7PyiDTz8LT1NfFzs7P09TJLg==?=
Date: Thu, 27 Mar 2008 21:17:45 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C8904F.FFE3E280"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Ystatus: hits=13.20
X-Spam-Flag: YES
X-Spam-Yversion: Spamooborona-2.1.0
X-Antivirus: Dr.Web (R) for Mail Servers on mail host
X-Antivirus-Code: 100000
Status: RO
X-Status:
X-Keywords:
X-UID: 11188
Address sa...@nv.com.ua is absent in the header and in the message
body.
I saw today the same thing again: arg1=<sa...@directadmin.ru> &
from=<f...@webpub.com>
Apr 1 01:16:41 mail sendmail[7140]: m2VJGQ3F007140:
ruleset=check_mail, arg1=<sa...@directadmin.ru>,
relay=cpe-65-186-65-69.columbus.res.rr.com [65.186.65.69], reject=554
5.0.0 Sorry,Your e-mail address looks like SPAM2N.If
not,please contact the postm...@anrb.ru via another e-mail address.
Apr 1 01:16:49 mail sendmail[7140]: m2VJGQ3F007140:
from=<f...@webpub.com>, size=5258, class=0, nrcpts=1,
msgid=<613122061.25...@webpub.com>, proto=ESMTP, daemon=MTA,
relay=cpe-65-186-65-69.columbus.res.rr.com
[65.186.65.69]
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter change:
header Subject: from
=?koi8-r?B?7s/Xz9fXxcTFzsnRIMTM0SDQ0sHXIOnO1MXMLiDzz8LT1NfFzs7P0w==?=\n
\t=?koi8-r?B?1Mku?= to [SPAM:: 21.70]
=?koi8-r?B?7s/Xz9fXxcTFzsnRIMTM0SDQ0sHXIOnO1MXMLiDzz8LT1NfFzs7P0w==?=\n
\t=?koi8-r?B?1Mku?=
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Ystatus: hits=21.70
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Flag: YES
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Spam-Yversion: Spamooborona-2.1.0
Apr 1 01:16:50 mail drweb-smf[7143]: [m2VJGQ3F007140]: scan: the
message(drweb.tmp.KXmefg) sent by f...@webpub.com to
ger...@anrb.ru is passed
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Antivirus: Dr.Web (R) for Mail Servers on mail
host
Apr 1 01:16:50 mail sendmail[7140]: m2VJGQ3F007140: Milter add:
header: X-Antivirus-Code: 100000
Apr 1 01:16:50 mail drweb-smf[7143]: [m2VJGQ3F007140]: processing
message from f...@webpub.com is over
Apr 1 01:16:50 mail sendmail[7178]: m2VJGQ3F007140:
to=<ger...@anrb.ru>, delay=00:00:05, xdelay=00:00:00, mailer=local,
pri=35653, dsn=2.0.0, stat=Sent
My user has received this mail yet so I cannot show it's header.
Sciurus
> My Local_check_rcpt blocks mail with word "sale" in the sender
> address.
I am sorry. My Local_check_mail blocks mail with word "sale" in the
sender
address.
Tilman Schmidt
> My Local_check_rcpt blocks mail with word "sale" in the sender
> address.
If you must ...
> Arg1=<sa...@nv.com.ua> in the check_mail and from=<--rat...@b-r.ru> are
> different.
> What makes this happen?
Check out the concept of SMTP envelope.
Arg1 = envelope sender address
From = header sender address
HTH
T.
--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
Sciurus
> Arg1 = envelope sender address
> From = header sender address
Yes, it is, if "From:" is in the header:
From: =?koi8-r?B?78vTwc7B?= <--rat...@b-r.ru>
But I say about "from=<--rat...@b-r.ru>" in the maillog.
Mar 28 00:15:11 mail sendmail[9029]: m2RJEnMg009029: from=<--
rating@b-
r.ru>, size=9371, class=0, nrcpts=1,
Is "--rat...@b-r.ru" header sender address too?
If not why does arg1= not coincide with from=?
Tilman Schmidt
It's not the same message. From your logs, it looks like the sender
first tried to send you a mail with envelope sender address
<sa...@nv.com.ua>, which was rejected, and then within the same SMTP
connection sent another mail with envelope sender <--rat...@b-r.ru>,
which was accepted.
Sciurus
Thank you very much.