Whitelisted email getting /dev/null treatment

hermit

Active Member
Sep 22, 2004
35
1
158
I have a customer that can't get email from a few clients. One in particular. Log entry. It gets tagged as not spam but still gets /dev/null? WTF? I tried white listing the 207 server. Still no go.

[email protected] [/home/oooc]# cat /var/log/exim_mainlog |grep 1MqQZQ-0008A1-Pl
2009-09-23 08:03:41 1MqQZQ-0008A1-Pl H=eu1sys200aog114.obsmtp.com [207.126.144.137] Warning: "SpamAssassin as jarotran detected message as NOT spam (-100.0)"
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl <= [email protected] H=eu1sys200aog114.obsmtp.com [207.126.144.137] P=smtps X=TLSv1:AES256-SHA:256 S=7046 [email protected]is.corusgroup.com T="Sescilla: Test 9-23-09..."
2009-09-23 08:03:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1MqQZQ-0008A1-Pl
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
 

MattCurry

Well-Known Member
Aug 18, 2009
275
0
66
Houston, Tx
Email getting /dev/null

Hello,

I am sorry to hear you are having issue, I would recommend checking to make sure that this is not an account level filter. That could cause these issues, if that is not that case you can also open a ticket via the link at the bottom of the post. Please let me know if you have any other questions.

Thank you,
Matthew Curry
 

hermit

Active Member
Sep 22, 2004
35
1
158
Hello,

I am sorry to hear you are having issue, I would recommend checking to make sure that this is not an account level filter. That could cause these issues, if that is not that case you can also open a ticket via the link at the bottom of the post. Please let me know if you have any other questions.

Thank you,
Matthew Curry
I'll double check. Maybe change the order of some of their filters, but all the 'whites' first? The whitelist is at the local level as you see by the -100 score it gets.
 

cPanelStephen

Active Member
Staff member
Aug 7, 2007
25
0
51
This is occurring as a result of account level filtering. You can determine this from the following log lines by focusing on the router that handled the message (see the 'R=' component of the log entry):

Code:
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
In this case, the 'central_filter' router was responsible for handling the message. This router's role is to apply the account level filters in the delivery process:

Code:
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
...TRUNCATED...
If you happen to have a copy of the message being sent (including headers), I would recommend running it through the filter debugger.

Code:
exim -v -bf /etc/vfilters/${domain} < message.file
You could also step through debugging the filters during a live SMTP process by executing:

Code:
exim -d-all+filter -bs
This will launch a local SMTP session with the built-in debugger enabled, but will require you to manually issue the SMTP commands required to deliver that message.
 

hermit

Active Member
Sep 22, 2004
35
1
158
This is occurring as a result of account level filtering. You can determine this from the following log lines by focusing on the router that handled the message (see the 'R=' component of the log entry):

Code:
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <[email protected]> R=central_filter T=**bypassed**
In this case, the 'central_filter' router was responsible for handling the message. This router's role is to apply the account level filters in the delivery process:

Code:
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
...TRUNCATED...
If you happen to have a copy of the message being sent (including headers), I would recommend running it through the filter debugger.

Code:
exim -v -bf /etc/vfilters/${domain} < message.file
You could also step through debugging the filters during a live SMTP process by executing:

Code:
exim -d-all+filter -bs
This will launch a local SMTP session with the built-in debugger enabled, but will require you to manually issue the SMTP commands required to deliver that message.
I removed all of his black lists and the sender is white listed. That only leaves SA but I see nothing in the logs to indicate SA is removing it. What other user level filter could there be?
 

hermit

Active Member
Sep 22, 2004
35
1
158
got it

Thank you. I was a little slow on the uptake because I've only done the SA filters. I found the ones you were talking about and deleted them from the customers account.

Thanks again.