How to write a recipe to get the real email sender - email

I am trying to send email back to the sender using sendmail -oi -t, but somehow it extracted MTA, how to write the receipt to get the real sender since the email return-path and first From in the email header is MTA, not the real sender? So sendmail can deliver email back to: Sender: +xxxxxxxxxx#tmomail.net
or From: +xxxxxxxxxx#tmomail.net
Here is the procmail.log and email received:
...
procmail: Matched "+1xxxxxxxxxx#tmomail.net"
procmail: Match on "^Sender: \/.+"
procmail: Assigning "LASTFOLDER= (/usr/bin/formail -rA"Precedence: junk" \
-A"X-Loop:addr#mydomain.com" \
-I"To: $MATCH"; \
echo "$result"; \
) | /usr/sbin/sendmail -oi -t"
procmail: Assigning "PATH=/home/r/bin:/usr/local/bin:/usr/bin:/bin"
procmail: Unable to treat as directory "/var/mail/new"
procmail: Skipped "/var/mail"
procmail: Assigning "LASTFOLDER=/var/mail/r"
procmail: Executing " (/usr/bin/formail -rA"Precedence: junk" \
-A"X-Loop:addr2mydomain.com" \
-I"To: $MATCH"; \
echo "$result"; \
) | /usr/sbin/sendmail -oi -t"
procmail: Opening "/var/mail/r"
procmail: Acquiring kernel-lock
procmail: Notified comsat: "r#884017:/var/mail/r"
From btv1==909280b6006==+1xxxxxxxxxx/TYPE=PLMN#tmomail.net Mon Apr 11 17:09:24 2016
Folder: /var/mail/r
Here is the email header:
From btv1==9062f44d095==+xxxxxxxxxx/TYPE=PLMN#tmomail.net Fri Apr 8 00:19:01 2016
Return-Path: <btv1==9062f44d095==+xxxxxxxxxx/TYPE=PLMN#tmomail.net>
X-Original-To: recipient#mydomain.com
Delivered-To: recipient#mydomain.com
Received: from ch3p-tmo-mm3-sfw004.syniverse.com (chi-tmo-mm3.syniverse.com [x.x.x.x])
by mail.mydomain.com (Postfix) with ESMTP id 7D444222D0
for <recipient#mydomain.com>; Fri, 8 Apr 2016 00:19:01 +0000 (UTC)
Received: from tmobile.net ([10.166.3.161]) by ch3p-tmo-mm3- sfw004.syniverse.com with ESMTP id RuIW8dEKbs9H2Iyg for <r#mr4.biz>; Fri, 08 Apr 2016 00:18:58 +0000 (GMT)
To: recipient#mydomain.com
From: +xxxxxxxxxx#tmomail.net
Content-Type: multipart/related;Type="text/html";boundary="-boundaryRMS123"
Date: Fri, 8 Apr 2016 00:18:58 GMT
Message-ID: 20160308001858639184#mavenir.com
Sender: +xxxxxxxxxx#tmomail.net
User-Agent: iPhoneOS/9.2.1 (13D15)
X-Virus-Scanned: by bsmtpd at syniverse.com
Here is the last part of recipe:
:0hc
* !^X-Loop:old#domain.com
* ^Sender: \/.+
| (/usr/bin/formail -rA"Precedence: junk" \
-A"X-Loop:addr#mydomain.com" ; \
echo "$result"; \
) | /usr/sbin/sendmail -oi -t

You are instructing formail to generate a reply and it will faithfully attempt to do so. By default, the -r option tries to select the best one out of a priority list of headers1; if the message has a Reply-To: header (but no Resent-From:, and no Resent-Reply-To:, etc), it will generate a reply to that.
With -rt, you get RFC-compliant but somewhat less pragmatic behavior, but it doesn't really help here.
Anyway, if you know exactly which header you want to reply to, just use that.
:0hc
* ! ^X-Loop:old#domain\.com
* ^Sender: \/.+
| ( formail -rA"Precedence: junk" \
-A"X-Loop:r#mydomain.com" \
-I"To: $MATCH"; \
echo "$result"; \
) | /usr/sbin/sendmail -oi -t
This uses formail -r in order to get correct In-reply-to: and References: headers (as well as any previous X-Loop:) but overwrites the generated To: header with the one we captured from the Sender: header.
The \/ token in a Procmail regular expression causes anything after it to be captured into the variable MATCH. We use this to grab the value of the Sender: header from the incoming message.
http://www.iki.fi/era/procmail/formail.html -- this is from an older version, but this code hasn't changed in a loooooong time.

Related

awk appears to be miscalculating dates

I have a log file where each line begins with a date; here is an example line:
26/06/2020 00:00:01 Executing daily job...
I am using the following awk command:
awk -v d="$(date -d "1 month ago" "+%d/%m/%Y")" '$1 $2 > d' log > temp-log
The result is supposed to be log entries in the last month but I only get the last day.
So, putting it all together, we get this solution:
cat logfile | awk -v startdate="$(date -d "1 month ago" "+%Y/%m/%d")" '
{sep="/"; split($1,array,sep); $1=array[3] sep array[2] sep array[1];
if ($1 > startdate) print}'

Blocking Spam from Sendgrid

Since July 3, we have been receiving hundreds of spam emails from Sendgrid, through Rackspace to our emails.
I have blacklisted the full SendGrid IP range 192.254.125.xxx
I have blacklisted the sender email - bounce#smecos.bes
I have blacklisted the sender domain - smecos.best
I have verified that there is no entry on our whitelist for it.
Does anyone have an idea on how to block this?
Delivered-To: myemail#mydomain.com
Return-Path: <bounces+14130655-c4d2-myemail=mydomain.com#sendgrid.net>
Delivered-To: myemail#mydomain.com
Received: from director12.mail.ord1d.rsapps.net ([172.27.255.8]) by backend25.mail.ord1d.rsapps.net with LMTP id OALhG8KxBF9jTAAAANS3aA for <myemail#mydomain.com>; Tue, 07 Jul 2020 13:32:50 -0400
Received: from proxy10.mail.iad3a.rsapps.net ([172.27.255.8]) by director12.mail.ord1d.rsapps.net with LMTP id WBInGcKxBF/cKgAAIasKDg ; Tue, 07 Jul 2020 13:32:50 -0400
Received: from smtp15.gate.iad3a ([172.27.255.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.iad3a.rsapps.net with LMTP id QPz7EsKxBF80MAAAnQ/bqA ; Tue, 07 Jul 2020 13:32:50 -0400
Return-Path: <bounces+14130655-c4d2-myemail=mydomain.com#sendgrid.net>
X-Spam-Exception: WHITELISTED
X-Spam-Threshold: 95
X-Spam-Score: 100
X-MS-Exchange-Organization-SCL: 9
Precedence: junk
X-Spam-Flag: YES
X-Virus-Scanned: OK
X-Orig-To: myemail#mydomain.com
X-Originating-Ip: [192.254.125.54]
Authentication-Results: smtp15.gate.iad3a.rsapps.net; iprev=pass policy.iprev="192.254.125.54"; spf=pass smtp.mailfrom="bounces+14130655-c4d2-myemail=mydomain.com#sendgrid.net" smtp.helo="o19225412554.outbound-mail.sendgrid.net"; dkim=pass header.d=sendgrid.net; dmarc=none (p=nil; dis=none) header.from=smecos.best
X-Suspicious-Flag: NO
X-Classification-ID: e0a3814e-c077-11ea-8ea3-525400f46865-1-1
Received: from [192.254.125.54] ([192.254.125.54:40911] helo=o19225412554.outbound-mail.sendgrid.net) by smtp15.gate.iad3a.rsapps.net (envelope-from <bounces+14130655-c4d2-myemail=mydomain.com#sendgrid.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=AES256-GCM-SHA384) id 69/3D-03017-1C1B40F5; Tue, 07 Jul 2020 13:32:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=content-type:from:subject:to; s=smtpapi; bh=kfSTUxrtrj7Cfftqpn3LN0WgHvE5kCnC+uOSG98vgVw=; b=h9mc6mDQC6rOc ccC9wL3Kli8FNwOSt5jau76QDpLrBAbHKhT396C0WbX2/KSD3uThrlp4nUXnvjSz r89bSPYTB6MJrgneNAlDS8NUaLi+NsKiUoR2rzuNp4DiS7srNyXLmpiDD2CT1ngR 1sWo8vVID+7G9+Zj/LmG4Hf8n1JV44=
Received: by filter1449p1las1.sendgrid.net with SMTP id filter1449p1las1-6945-5F04B1AF-2 2020-07-07 17:32:31.196480369 +0000 UTC m=+669233.137313263
Received: from localhost.local (unknown) by ismtpd0002p1lon1.sendgrid.net (SG) with ESMTP id ubRiQA93Qiu1jVJoiOUwWA for <myemail#mydomain.com>; Tue, 07 Jul 2020 17:32:30.923 +0000 (UTC)
Content-Type: text/html;
From: LeafFilter Promotion <bounce#smecos.best>
Subject: Clean-Flowing Gutters For Life. NOW 10% Off
To: myemail#mydomain.com
Date: Tue, 07 Jul 2020 17:32:31 +0000 (UTC)
Message-ID: <ubRiQA93Qiu1jVJoiOUwWA#ismtpd0002p1lon1.sendgrid.net>
X-SG-EID: pcWxy9UBUtUw1gLvETZLKtJE+upTXkXQzSeXVboYOfj8445+b2JsYfGgCpUWh8jVevl8/mhHKM7/bO cH66Ixkc6hUTlPM1+gw7fPZ+GgUnTm9aSlAe3BVn04Ij2UoKzBcvDZTSeQ36bqJOD3LuCa3N042M5N 5w7kLpwCQtqtjsCrM4HXT078AKROMUSpgkSXwz0ZXJbX5V+mjjJlMheILWef2HZCdQIqmghlz64LFz s=
Postfix Filter header_checks.pcre on
/^Message-ID: .*\.sendgrid\.net\>$/ REJECT spam emails from Sendgrid

Mails marked as spam from Google - SPF and DKIM passes

I am going crazy to figure out why my emails are being marked as spam by Gmail.
SPF and DKIM all pass.
Any idea what could be going on? Here is an example header from Gmail (IPs and domains changed for privacy):
Delivered-To: XXXXXXXXXXXXXXX#gmail.com
Received: by 10.50.15.201 with SMTP id z9csp2075257igc;
Wed, 21 Jan 2015 12:34:45 -0800 (PST)
X-Received: by 10.180.89.225 with SMTP id br1mr37591618wib.70.1421872484313;
Wed, 21 Jan 2015 12:34:44 -0800 (PST)
Return-Path: <yyyyyy#example.com>
Received: from MY.MAILSERVER.com (MY.MAILSERVER.com. [217.172.XXX.XXX])
by mx.google.com with ESMTPS id k10si315060wiz.77.2015.01.21.12.34.43
for <XXXXXXXXXXXXXXX#gmail.com>
(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 21 Jan 2015 12:34:44 -0800 (PST)
Received-SPF: pass (google.com: domain of yyyyyy#example.com designates 217.172.XXX.XXX as permitted sender) client-ip=217.172.XXX.XXX;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of yyyyyy#example.com designates 217.172.XXX.XXX as permitted sender) smtp.mail=yyyyyy#example.com;
dkim=pass header.i=#example.com
Received: from PietPC (ip-84-119-117-236.unity-media.net [84.119.117.236])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: yyyyyy#example.com)
by MY.MAILSERVER.com (Postfix) with ESMTPSA id 1A56F7659B3
for <XXXXXXXXXXXXXXX#gmail.com>; Wed, 21 Jan 2015 21:34:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com; s=mail;
t=1421872486; bh=PwUG0SLiX8we/Zb4/tKUkTAw+2s5Aab+YjM1uaM2FOY=;
h=From:To:Subject:Date;
b=FbGkEinlkILGtwi5DI9zJXN2wTIUhGMvhI34pwWiyXIZMBUkNX+4EahcTkNwSIWdS
epSqWBjjQ33j5D33jVylRBSka4eyNH7aCZJLH91iWLD5G09OEGeCCgeq7Rf7pQ5PC5
ry/6Eq72t7jqxEoxINVnY8odfQx8BPQ19qNTuHIA=
From: <yyyyyy#example.com>
To: <XXXXXXXXXXXXXXX#gmail.com>
Subject: Mittag Essen
Date: Wed, 21 Jan 2015 21:34:20 +0100
Message-ID: <012b01d035b9$ab92f060$02b8d120$#example.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdA1uaJS4CMjPIuyTaimdKHtOrYSoQ==
Content-Language: de
Besteht unser Termin fuers Mittag essen?

Why my email sent by phpmailer consider as junk(header included)?

I use phpmailer to send emails. the phpmailer reconfigured with SMTP perfectly. My domain/ip are not blacklisted. My header seems ok but still goes in hotmail anf ggole in the junk
here is my email header
x-store-info:4r51+eLowCe79NzwdU2kR0zqpsRfiBoybK3PQ6mULzhh/qStzTUBj1CiOy1ifpB5jRYvkVe516nq8df03m5lTTvFlpziq8EZP6IWKXOqJsDsIiQbuDS0q3AJ3AMTGnyocsnA9INLLlY0x93UPxgWHw==
Authentication-Results: hotmail.com; spf=pass (sender IP is 216.246.45.58) smtp.mailfrom=event#eoman-ita.com; dkim=pass header.d=eoman-ita.com; x-hmca=pass header.id=event#eoman-ita.com
X-SID-PRA: event#eoman-ita.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: z6+tzUa3IoTSxtlwoUMYkGNdpCeLYkzDYtuP0/tvOrptl1UQvrig4LYPdRjCh4EVukMrJuorEq5iDHWLswthVz0ViHWKkAIrIM8CNQCcyZuIzAfTmL/k6p8YZ0qqD87cMH+yN4ch8Nm02Ni5VAILrn3rKXlZY8NMMa90cSkJGSFP6a8GjOgrNnFejkx8jAIdajiKd8xqKNhlnPL7JpC57E8f3jR1BJLc
Received: from server.reyam.net ([216.246.45.58]) by COL004-MC5F35.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22712);
Tue, 4 Nov 2014 15:24:02 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eoman-ita.com; s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Subject:Reply-To:From:To:Date; bh=AgYLBbYRXPLfqW6J+49c3YlpdLX4Gll2zXIu0mJI6i8=;
b=QcUH74C2vNyKQj+2ajF9YwD0GbBmOjHrGzJHbofdFNOu8DGq0aWnvVOzAz5TRw/Mhp+6NaJL2jIGUkWVNcDUNbGgXUqJ3+CrAqGGUb/WDTy4N6nAl6h96Xgbsnbhan7aecInhMz7XnPU0R9b4hYM/huvOhvQS3KwALTlaiZkzxo=;
Received: from [216.246.45.58] (port=39807 helo=server.reyam.net)
by server.reyam.net with esmtpsa (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from <event#eoman-ita.com>)
id 1XlnSD-0007yy-R9
for squ_1#hotmail.com; Wed, 05 Nov 2014 02:24:01 +0300
Date: Wed, 5 Nov 2014 03:24:01 +0400
To: Invitee <squ_1#hotmail.com>
From: ITA <event#eoman-ita.com>
Reply-To: ITA <info#eoman-ita.com>
Subject: =?UTF-8?B?2KzYp9im2LLYqSDYp9mE2LPZhNi32KfZhiDZgtin2KjZiNizINmE2YTYpdis?=
=?UTF-8?B?2KfYr9ipINmB2Yog2KfZhNiu2K/Zhdin2Kog2KfZhNit2YPZiNmF2YrYqSA=?=
=?UTF-8?B?2KfZhNil2YTZg9iq2LHZiNmG2YrYqSBTdWx0YW4gUWFib29zIEF3YXJk?=
=?UTF-8?B?IGZvciBFeGNlbGxlbmNlIGluIGVHb3Zlcm5tZW50?=
Message-ID: <2f438668313c88bbcc9616ca0a5a0442#server.reyam.net>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_2f438668313c88bbcc9616ca0a5a0442"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.reyam.net
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - eoman-ita.com
X-Get-Message-Sender-Via: server.reyam.net: authenticated_id: event#eoman-ita.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: event#eoman-ita.com
X-OriginalArrivalTime: 04 Nov 2014 23:24:02.0749 (UTC) FILETIME=[6B5B5ED0:01CFF886]
--b1_2f438668313c88bbcc9616ca0a5a0442
Content-Type: text/plain; charset=us-ascii
Hi my frind. I wanw to say hi to you
--b1_2f438668313c88bbcc9616ca0a5a0442
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<p><img src="http://eoman-ita.com/smartevent/images/invet.jpg" /></p>

Validating date in Unix

I have a scenario as below:
I will be getting two dates viz. start_dt and end_dt in yyyyMMdd format as arguments to my Unix Script.
I have to loop through each of the dates starting from start_dt till end_dt incrementing by a day each time.
The script I have written is as below:
start_date=$1
end_date=$2
#verify dates
if ! date -d "$start_date" 2>&1 > /dev/null ;
then echo "start date is invalid" ; exit 1
fi
if ! date -d "$end_date" 2>&1 > /dev/null ;
then echo "end date is invalid" ; exit 1
fi
#set current and end date
curr_dt=$(date -d "$start_date")
end_dt=$(date -d "$end_date +1 hours")
#loop over all dates
while [ "$end_dt" != "$curr_dt" ]
do
echo $curr_dt
# increment the date
curr_dt=$(date -d "$curr_dt +1 hours")
done
However, I am getting below error when I am running with input arguments as 20140128 and 20140130:
date: invalid date `20140130 +1 hours'
Tue Jan 28 00:00:00 EST 2014
date: invalid date `Tue Jan 28 00:00:00 EST 2014 +1 hours'