Vacation messages and blank return paths or sender addresses

[LawsHosting]

A week or two ago I implemented this : http://help.directadmin.com/item.php?id=357 (I understand this could block legitimate emails) - A lot of spam stopped, and a better mail queue, great!
Yesterday I had a client saying that their Vocation messages were not being sent (to external addresses, hotmail, etc.). So I thought that the code I implemented could be the culprit, I commented the code out to see. Now I assume everything is fine, they haven't got back.

So, I'm wondering if the way vocation messages are sent, they're not setting a sender address?

 

[scsi]

Are you using spamblocker 4.1?

This is the first line in /etc/exim.conf if you use spamblocker 4.1:

# SpamBlockerTechnology* powered exim.conf, Version 4.1

According to this code the from address is defined:

#EDIT#58
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log          
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
        ------                                                           ------\n\n\
        This message was automatically generated by email software\n\
        The delivery of your message has not been affected.\n\n\
        ------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
        #once = /etc/virtual/${domain}/reply/${local_part}.once

If you are not using spamblocker I would suggest you try it.

http://www.nobaloney.net/spamblocker.html

 

[LawsHosting]

I'm not no, I was aiming to set it up, but seemed I got side tracked.

I will sit down one day, configure it, then try it.

 

[LawsHosting]

Decided to change now, however.......

Any clues as to what this means?

malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1SsL0U-0007LK-CZ/1SsL0U-0007LK-CZ.eml: lstat() failed: Permission denied. ERROR

Then the connection gets cut:

H=mail-gh0-f170.google.com [209.85.160.170] F=<[email protected]> temporarily rejected after DATA

:/var/spool/exim# ls -l
drwxr-x--- 2 mail mail 4096 2010-04-07 14:36 db
drwxr-x--- 4 mail mail 4096 2012-07-20 22:52 input
drwxr-x--- 4 mail mail 4096 2012-07-20 22:52 msglog
drwxr-x--- 2 mail mail 4096 2012-07-20 22:52 scan

I found this on the clamav list. Also searched here, but could only see posts related to /tmp/ and0777.

Any ideas? I've reverted the exim.conf to v2 for now.

Thanks

 

[LawsHosting]

Friendly Bump. Would like to get this sorted pretty soon

What I've noticed that

v2: av_scanner = clamd:127.0.0.1 3310
v4.1: av_scanner = clamd:/var/run/clamav/clamd.sock:127.0.0.1 3310

 

[scsi]

You could try keeping the clamav line the same as v2. The v4.1 is only using a socket file connection instead. I am confused as to why it would be permission denied on 4.1 and not 2. My guess is the error is because whatever user the clamav is running as doesnt have permission to read from the scan folder. Either run clamav as the mail user or change the scan folder permissions to 755 or 754. You also could try adding the clamav user to the mail group and see if that helps fix the problem too, since then it would have the same group permissions.

 

[LawsHosting]

Thank you for taking time to reply.

To be honest, I installed ClamAV way before it was a part of CB, using the update.script. So I'm not sure the CB install is different to that of update.script.

I'll play around and get back.

 

[LawsHosting]

Think I've cracked it, well, I removed the socket from the config, now the error doesn't show

 

[nobaloney]

Replying to this thread a year later. I had a call today from a client with the same problem... the original problem, noted in the thread title: Vacatation Messages and blank return path.

The referred to fix (http://help.directadmin.com/item.php?id=357) has an unwanted side effect. Look way down at the bottom of the linked page and click on Referenced URL.

That link goes to How to disable delayed bounce back messages in exim (farhad.ca) and makes it clear that what DirectAdmin fix does is disables delayed bounce messages.

Since Vacation messages (and probably autoresponders as well, though I haven't tested) look like delayed bounce messages, they get deleted.

Thanks, Steve, for helping me find this.

Jeff

 

[DirectAdmin Support]

Hello,

I've poked around.. and yes, the Return-Path will be blank.. however I noticed there is a "Auto-Submitted" header, which might be unique to auto replies and vacation messages.

[COLOR=#000000]Return-path: <>
[/COLOR][COLOR=#000000]...
From: [email protected]
[/COLOR][COLOR=#000000]...
[/COLOR][COLOR=#000000]In-Reply-To: <[email protected]>
[/COLOR][COLOR=#000000]Auto-Submitted: auto-replied

so there are few things we could use to know it's a vacation message..

----

Option 1 is to check for the header

[/COLOR][COLOR=#000000]Auto-Submitted: auto-replied

and not continue if that's set...eg:
[/COLOR]if sender_address is ""
then
if header "Auto-Submitted" is not "auto-replied"
then
...

and so on, with the usual block.

That's not the correct syntax (it's been ages since I've worked with the exim filters, so am rusty).. just a pseudo code..

-----

Option 2.. is to actually check the From header... although, I'm not sure how reliable that would be..
if sender_address is ""
then
if this file doesn't exist: /etc/virtual/$from_domain/reply/$from_user.msg
then
...

where, again, the syntax isn't even close, but just the logic as to what to be checking.

-------

I see another header "In-Reply-To" which might also work to check, but I'm not sure if it exists for bounces too.
Basically, we just need to find one item in the vacation message itself that doesn't exist in the bounces.. and if we find that item, then don't block it.

John

 

[nobaloney]

@DirectAdmijn Support:

Would you consider trying your first suggestion above? it looks most logical. Or do you want me or someone else to try it first?

Do you think this problem would affect autoresponders as well, or do you manage them some other way?

Jeff

 

[DirectAdmin Support]

FYI, I've recently updated the guide with the proper/tested syntax while addressing the issue for another client.
http://help.directadmin.com/item.php?id=357

John