Incoming email blocked/discarded by acl_not_smtp rule

drukpa

Verified User
Joined
Aug 30, 2019
Messages
13
I have the following rule for EXIM, mainly to block spoofed emails sent by forms/hacked websites on the server.

Code:
discard
condition = ${if ! match_domain{${domain:${address:$h_From:}}}{+hosted_domains : +local_domains}}
message = sorry, you don't have\
permission to send email from this server with a header that\
states the email is from ${lc:${address:$h_From:}}.
I have problems with ONE particular email address of a domain. All emails sent to this address are being blocked as per exim mainlog:
Actual emails redacted: Below log: Sending from xxx@gmail.com to someuser@thedomain.com (thedomain.com) is hosted on the server. MX is pointed correctly, and the option "hosts mail on the server" is ticked. The domain is also present in the hosted_domains and the local_domains variables in exim.

I have tried sending from gmail, hotmail, etc addresses, all fail.

Code:
2019-12-30 15:24:53 1ilrID-0000Tu-LD <= xxx@gmail.com H=mail-lf1-f66.google.com [209.85.167.66] P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=3381 DKIM=gmail.com id=CA+ZeKJ-NBnOf85nFJkDSDSFMiM6dDMv6zZyRLccRHx1vWSGnpxa-V1g@mail.gmail.com T="Testing mail" from <xxx@gmail.com> for someuser@thedomain.com
2019-12-30 15:24:53 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ilrID-0000Tu-LD
2019-12-30 15:24:53 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2019-12-30 15:24:54 1ilrID-0000U7-Sy <= xxx@gmail.com U=mail P=spam-scanned S=3906 id=CA+ZeKJ-NBnOf85nFJkMiM6dDMv6zZyRLccRHx1vWSGnpxa-V1g@mail.gmail.com T="Testing mail" from <xxx@gmail.com> for someuser@thedomain.com
2019-12-30 15:24:54 1ilrID-0000U7-Sy => blackhole (non-SMTP ACL discarded recipients): sorry, you don't havepermission to send email from this server with a header thatstates the email is from xxx@gmail.com.
2019-12-30 15:24:54 1ilrID-0000U7-Sy Completed
2019-12-30 15:24:54 1ilrID-0000Tu-LD => someuser <someuser@thedomain.com> F=<xxx@gmail.com> R=spamcheck_director T=spamcheck S=3778
2019-12-30 15:24:54 1ilrID-0000Tu-LD Completed
This happens to that ONE particular email, other emails of the same domain do not encounter this problem. There are no other settings for this email, no forwarders, vacation messages, etc. Very weird problem.

So from the log, I think it's hitting the acl_not_smtp rule above, but I don't know why an incoming mail would go through that rule.
 
Top