Discarded E-mail

Shark

Shark

Verified User
Joined
Aug 8, 2005
Messages
42
Location
Ohio
/var/log/exim/mainlog shows:

2005-09-13 17:57:51 1EFIml-00019M-Hn => discarded <[email protected]> R=domain_filter

This email was a forward from [email protected] to an employee.

Turning off spamassassin doesn't work. Adding my address to /etc/virtual/whitelist_from doesn't work. Yes I've restarted exim. I found domain_filter in the exim.conf but it makes no sense to me.

I wouldn't really care so much except for the fact that it was discarded, not returned and no notification. I'm currently using Jeff's version "RSS-1.0da".

DaveR~
 
Filters have nothing to do with SpamAssassin or with SpamBlocker.

Have you checked your filters page in the administration interface? (Sorry, but I don't remember where it is and I don't have time to look right now.)

Jeff
 
Going to THIS domain's SPAM filters, there is one test filter:

Block e-mail containing this word: cialis

DaveR~
 
Wondering if "domain_filter" means something specific.

Have you searched for the term in the exim.conf file?

Jeff
 
Shark said:
Going to THIS domain's SPAM filters, there is one test filter:

Block e-mail containing this word: cialis

DaveR~
Click to expand...

What's the actual contents of the filter, i.e. /etc/virtual/$domain/filter?

What does your exim domain_filter look like?
 
This email was a business email that was a forward of a forward of a forward which I did some work for then tried to reply....

/etc/virtual/$domain/filter (adult block on):

# Exim Filter

# created by DirectAdmin, version 1.24.4
# Do not modify this file as any changes will be
# overwritten when the user makes a change.
# (data is only written to this file, not read)

if error_message then finish endif

if
$header_subject: contains "cialis" or $header_body: contains "cialis" or $message_body: contains "cialis"
then
seen finish
endif

if
$header_subject: contains "****" or $header_body: contains "****" or $header_from: contains "****"
or $header_subject: contains "****" or $header_body: contains "****" or $header_from: contains "****"
or $header_subject: contains " ass " or $header_body: contains " ass " or $header_from: contains " ass "
or $header_subject: contains "asshole" or $header_body: contains "asshole" or $header_from: contains "asshole"
or $header_subject: contains "bitch" or $header_body: contains "bitch" or $header_from: contains "bitch"
or $header_subject: contains " **** " or $header_body: contains " **** " or $header_from: contains " **** "
or $header_subject: contains " whore " or $header_body: contains " whore " or $header_from: contains " whore "
or $header_subject: contains " sex " or $header_body: contains " sex " or $header_from: contains " sex "
or $header_subject: contains " sexy " or $header_body: contains " sexy " or $header_from: contains " sexy "
or $header_subject: contains " sexiest " or $header_body: contains " sexiest " or $header_from: contains " sexiest "
or $header_subject: contains " **** " or $header_body: contains " **** " or $header_from: contains " **** "
or $header_subject: contains " ****ty " or $header_body: contains " ****ty " or $header_from: contains " ****ty "
then
seen finish
endif
if
$h_X-Spam-Status: contains "Yes,"
then
seen finish
endif

**************************************************

Also, a search of exim.conf for domain_filter:

domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify


DaveR~
 
Was the email destined for the domain with that filter in effect?

If that's the case, it's set up to discard for the word "cialis", or any word in the adult filter or if it's tagged as spam.

Have a close look at the headers and run it through spamassassin to see what comes up. Feel free to PM me the headers or the message if you'd like...
 
Thanks ballyn I PM'd you some things.

Original email is a valid e-mail- though it's a forward of a forward to a forward, etc... My sales manager forwarded it to me (so I got it), I made the requested site changes, hit REPLY, typed ONE word 'Done...' and now sending it back it gets discarded?

There are alot of url's and email addys in the e-mail but it came to me just fine.

Just so I'm clear, this is a SpamAssassin problem? I mean, when SA is set to delete spam it logs as *discard*?

Thanks for everyone's help!

DaveR~
 
Well, after playing out a few scenarios, it was indeed the 'cialis' keyword block. I remove it, the email sends everytime. I use other keywords and the email sends everytime. I put cialis back and bam discarded.

Funny tho', there is NO cialis mention that I can find anywhere in the header/body as mentioned it was a legite business e-mail.

This reminds me of the times I was playing with procmail keywords. Not having spaces before and after the keyword brought a lot of false-positives especially if there was an attachment.

Off to try and figure out why this false-positive is occuring. Once again, thanks for everyone's help!

DaveR~

quick update: when someone signs their email:

"Dealer Comm Specialist" it does indeed include the word SpeCIALISt.

I take it the lesson learned is read the fine print in the DA spam filter section:

If you expect it to be it's own word, then block " put ", with spaces beside it to avoid partial matching.
Click to expand...

Signed Again,

Duh!
 
Last edited:
The U.S. Declaration of Independence doesn't have cialis in it, but it does have ass, sex and tit.

So the moral of the story is that filters are a pain in the a** :) .

Jeff
 
You must log in or register to reply here.
Back
Top