Skip to main content

cPanel Email Filters piping bounced email to a script - what gets piped?

Comments

2 comments

  • rolinger
    I was finally able to test a real bounced email and the TO address captured in my script is the original Sender/From address - "register@mydomain.com" - not the original TO address to the user: user1@hotmail.com Here are the real headers: Return-Path: <> Delivered-To: register+INBOX@mydomain.com Received: from ip-192-167-167-70.ip.secureserver.net by ip-192-167-167-70.ip.secureserver.net with LMTP id MSG+Ocd09F6ZZgAA9USnCQ (envelope-from <>) for ; Thu, 25 Jun 2020 05:56:23 -0400 Return-path: <> Envelope-to: register@mydomain.com Delivery-date: Thu, 25 Jun 2020 05:56:23 -0400 Received: from a2nlsmtp01-03.prod.iad2.secureserver.net ([198.71.225.37]:46256) by ip-192-167-167-70.ip.secureserver.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) id 1joOcJ-0006nb-5t for register@mydomain.com; Thu, 25 Jun 2020 05:56:23 -0400 Date: Thu, 25 Jun 2020 02:55:43 -0700 From: mailer-daemon@secureserver.net To: register@mydomain.com Subject: Message Delivery Failure - Mail Delivery System MIME-Version: 1.0 Content-Type: multipart/report; boundary="------------I305M09060309060P_115115930789430" X-Spam-Status: No, score=4.5 X-Spam-Score: 45 X-Spam-Bar: ++++ X-Ham-Report: Spam detection software, running on the system "ip-192-167-167-70.ip.secureserver.net", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: This is an automatically generated Delivery Status Notification. Delivery to the following recipients was aborted after 19.3 hour(s): * brixxxxxxxxxxxx88@gmail.con Content analysis details: (4.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: mydomainapp.com] 4.5 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) [198.71.225.37 listed in bl.mailspike.net] 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted X-Spam-Flag: NO
    The real TO address is the 'brixxxxxxxxxxxx88@gmail.con - but this header is not precise. Its showing a content preview...meaning I can't reliably search for that address and always assume it will be in the header. Its like I am going to have search the entire email - attachements and all - to try and find the original email address.
    0
  • cPanelLauren
    The header is precise, it's for a bounced email though not the original email, this means that the original To: address didn't ever get it and it wasn't sent FROM: that address. The content preview I believe is from SpamAssassin so without that you'd just have the header info ending at Content-Type. I'm not sure how *you* would add a header for the original recipient considering that's not where the mail came from when it bounces. But I think I'm also addressing another thread from you that is almost identical to the same issue as this one which I will continue there
    0

Please sign in to leave a comment.