cPanel Email Filters piping bounced email to a script - what gets piped?

rolinger · Jun 23, 2020

I am writing a script for an email filter to process bounced emails - to capture the original TO address and mark the address bad in our DB. When an email bounces back and gets processed by a "piped to script" what actually gets piped to a Email Filter script?

I ask because in most email clients (like MS Outlook) the bounce email is addressed TO the original From/Sender, while the original TO address is embedded in 2 of the three files attached to the bounced email. Those two attachments are the original message and the in the second the original headers. But if the bounce email itself is all thats passed, then the script will be grabbing the wrong TO address (which is the original FROM address). If its passing everything to the piped script, then there are TWO From addresses and TWO To addresses. I found this out (two from/to addresses, because I had to save a bounced email to a file to pipe to test my script from CLI- it flattened all three attachments and the base email into a single saved file. When it processed, it was grabbing the wrong To/From addresses.

rolinger · Jun 25, 2020

I was finally able to test a real bounced email and the TO address captured in my script is the original Sender/From address - "[email protected]" - not the original TO address to the user: [email protected]

Here are the real headers:

Code:

Envelope-to: [email protected]
Delivery-date: Thu, 25 Jun 2020 05:56:23 -0400
Date: Thu, 25 Jun 2020 02:55:43 -0700
From: [email protected]
To: [email protected]
Subject: Message Delivery Failure - Mail Delivery System
MIME-Version: 1.0
Content-Type: multipart/report; boundary="------------I305M09060309060P_115115930789430"
    
 Content analysis details:   (4.5 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: mydomainapp.com]
  4.5 RCVD_IN_MSPIKE_L4      RBL: Bad reputation (-4)
                             [198.71.225.37 listed in bl.mailspike.net]
  0.0 RCVD_IN_MSPIKE_BL      Mailspike blacklisted
X-Spam-Flag: NO

The real TO address is the '[email protected] - but this header is not precise. Its showing a content preview...meaning I can't reliably search for that address and always assume it will be in the header. Its like I am going to have search the entire email - attachements and all - to try and find the original email address.

cPanelLauren · Jun 25, 2020

The header is precise, it's for a bounced email though not the original email, this means that the original To: address didn't ever get it and it wasn't sent FROM: that address. The content preview I believe is from SpamAssassin so without that you'd just have the header info ending at Content-Type. I'm not sure how *you* would add a header for the original recipient considering that's not where the mail came from when it bounces. But I think I'm also addressing another thread from you that is almost identical to the same issue as this one which I will continue there

Thread starter	Similar threads	Forum	Replies	Date
M	Email filters from transferred cPanel account Copies not moves email	Email	1	Sep 28, 2022
F	email bypassing cpanel global email filters	Email	1	Oct 9, 2021
F	.exe file to redirect in cpanel global email filters	Email	3	May 18, 2021
P	Global Email Filters cpanel wildcards and words to add	Email	2	Jan 9, 2021
R	cPanel email filters with multiple actions	Email	2	Jun 23, 2020

Search

Search

cPanel Email Filters piping bounced email to a script - what gets piped?

rolinger

Well-Known Member

rolinger

Well-Known Member

cPanelLauren

Product Owner II