From P.W.Matthews at swansea.ac.uk Tue Dec 3 12:28:40 2002 From: P.W.Matthews at swansea.ac.uk (Paul Matthews) Date: Tue, 3 Dec 2002 12:28:40 +0000 (GMT) Subject: [SA-exim] Header Problem. Message-ID: Hi. We are using the following with good results: exim-4.10 sa-exim-2.2 Mail-SpamAssassin-2.43 We are getting one problem. One of our users has a large email list. A quick look at the headers is around 496 recipients and the header size is around 11756 bytes. It's failing to accept the message because it's bigger than the 8192 buffer (in exim's header.c) ?? Here's the log entry: 2002-12-03 00:33:36 18J10J-000507-00 string too long in header_add: X-SA-Exim-Rcpt-To: wales-jobs@swan.ac.uk, jasonalex_uk@yahoo.co.uk, jbkrome@hotmail.com, allennicola ... A quick hack of the sa-exim.c code (about line 274) to alter the header_add bit from this: header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); to this: if (strlen(rcptlist)<8192) header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); else header_add(' ', "X-SA-Exim-Rcpt-To: WARNING - STRING TOO BIG\n"); I'm not really a C programmer ! This appears to accept the message OK. This did work OK before using SA, etc... Has anyone else come across this or have I (not) done something studid ? Cheers, Paul. -------------------------------------------------------------------------- Paul Matthews Head of Networking/Postmaster Library and Information Services, University of Wales Swansea , Singleton Park, Swansea SA2 8PP, UK email: P.W.Matthews@swansea.ac.uk postmaster@swansea.ac.uk tel: +44 (0)1792 295107 mobile: 07802166089 fax: +44 (0)1792 295851 -------------------------------------------------------------------------- From marc at merlins.org Tue Dec 3 16:19:11 2002 From: marc at merlins.org (Marc MERLIN) Date: Tue, 3 Dec 2002 08:19:11 -0800 Subject: [SA-exim] Header Problem. In-Reply-To: References: Message-ID: <20021203161911.GJ8036@merlins.org> On Tue, Dec 03, 2002 at 12:28:40PM +0000, Paul Matthews wrote: > Here's the log entry: > > 2002-12-03 00:33:36 18J10J-000507-00 string too long in header_add: > X-SA-Exim-Rcpt-To: wales-jobs@swan.ac.uk, jasonalex_uk@yahoo.co.uk, > jbkrome@hotmail.com, allennicola ... > > A quick hack of the sa-exim.c code (about line 274) to alter the header_add > bit from this: > > header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); > > to this: > > if (strlen(rcptlist)<8192) > header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); > else > header_add(' ', "X-SA-Exim-Rcpt-To: WARNING - STRING TOO BIG\n"); Mmmh, indeed, I hadn't thought about that. I'll add a patch like this one in the next version. (I think I'll add an option that doesn't add the X-SA-Exim-Rcpt-To: header if it is bigger than a configurable size, giving the user the option to set it to 0) (BTW, you want your patch to say strlen(rcptlist)<8100), you have to acount for the size of X-SA-Exim-Rcpt-To:, the newline at the end and so forth :-) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From lists at timj.co.uk Tue Dec 3 21:05:40 2002 From: lists at timj.co.uk (Tim Jackson) Date: Tue, 3 Dec 2002 21:05:40 +0000 Subject: [SA-exim] Header Problem. In-Reply-To: <20021203161911.GJ8036@merlins.org> References: <20021203161911.GJ8036@merlins.org> Message-ID: <20021203210540.10414c7c.lists@timj.co.uk> On Tue, 3 Dec 2002 08:19:11 -0800 Marc wrote: > (I think I'll add an option that doesn't add the X-SA-Exim-Rcpt-To: > header if it is bigger than a configurable size, giving the user the > option to set it to 0) While you're at it, is there any chance of an option, something like: SAaddheaders = $some_exim_condition which decides if SA-Exim headers such as SA-Exim-Scanned, SA-Exim-Rcpt-To etc. are added? They are undoubtedly useful for debugging, but I'd rather not add these headers to mail all the time, especially outgoing mail. It'd be nice to be able to switch them on and off, or maybe on for inbound mail only. Thinking off the top of my head, are there also some potential privacy issues here, like if a mail is Bcc'd? Assuming your MUA/MTA are set up in such a way that the 'To:' recipient has no way of telling that someone else has been Bcc'd, would the SA-Exim-Rcpt-To header not reveal this? Cheers, Tim From marc at merlins.org Tue Dec 3 21:43:37 2002 From: marc at merlins.org (Marc MERLIN) Date: Tue, 3 Dec 2002 13:43:37 -0800 Subject: [SA-exim] Header Problem. In-Reply-To: <20021203210540.10414c7c.lists@timj.co.uk> References: <20021203161911.GJ8036@merlins.org> <20021203210540.10414c7c.lists@timj.co.uk> Message-ID: <20021203214337.GH26506@merlins.org> On Tue, Dec 03, 2002 at 09:05:40PM +0000, Tim Jackson wrote: > While you're at it, is there any chance of an option, something like: > > SAaddheaders = $some_exim_condition Well, I don't want to add an endless number of options, there are many already. SA-Exim-Scanned is trivial to remove from system_filter, and my sample exim4.conf config shows how to keep it for local mail. The documentation points you to: http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf.master > They are undoubtedly useful for debugging, but I'd rather not add these > headers to mail all the time, especially outgoing mail. It'd be nice to be > able to switch them on and off, or maybe on for inbound mail only. And you can already do this inside the exim config. Do I really need to add that to sa-exim? > Thinking off the top of my head, are there also some potential privacy > issues here, like if a mail is Bcc'd? Assuming your MUA/MTA are set up in > such a way that the 'To:' recipient has no way of telling that someone > else has been Bcc'd, would the SA-Exim-Rcpt-To header not reveal this? Right, see the docs: http://marc.merlins.org/linux/exim/files/sa-exim-current/README ---------------------------------------------------------------------------- PRIVACY WARNING --------------- By default SA-Exim adds a header with the list of recipients in an Email (including Bcced folks). X-SA-Exim-Rcpt-To is used to allow you to see who a spam went to easily (i.e. without scanning the exim logs), and to write SpamAssassin rules on the envelope To (like adding a score if there were too many recipients or a recipient who you know only receives spam) If it is not acceptable for your users to see this header, you should strip it in exim's system_filter with header_remove ---------------------------------------------------------------------------- Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Thu Dec 5 04:37:31 2002 From: marc at merlins.org (Marc MERLIN) Date: Wed, 4 Dec 2002 20:37:31 -0800 Subject: [SA-exim] Header Problem. In-Reply-To: <20021203230529.797d948f.tim@timj.co.uk> References: <20021203161911.GJ8036@merlins.org> <20021203210540.10414c7c.lists@timj.co.uk> <20021203214337.GH26506@merlins.org> <20021203230529.797d948f.tim@timj.co.uk> Message-ID: <20021205043731.GB11585@merlins.org> On Tue, Dec 03, 2002 at 11:05:29PM +0000, Tim Jackson wrote: > I understand you not wanting to add "option cruft", although I don't think > 1 additional option would hurt it. I dunno. I don't have any hugely strong > feelings either way - I don't think it would be out of place there. Whilst > Exim's options to remove headers are great, it seems natural to have an > option at the point of injection. At the end of the day, most people can > just leave it alone, or just set it to 1 or 0; it shouldn't really > complicate things. Fair enough. > Anyway, I want to say again just how successful SA-E is. After using it > on my server for a while (which to be honest doesn't handle very much > mail), I've put it on our server at work which is still lightly loaded > (there's only a few of us :) but in the first 3 weeks it caught ~1700 > spams, with 0 false positives (SApermreject=13.0). At last, I can actually > use my mailboxes again. Fantastic! Most of the credit goes to SpamAssassin :-) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Sun Dec 8 01:22:58 2002 From: marc at merlins.org (Marc MERLIN) Date: Sat, 7 Dec 2002 17:22:58 -0800 Subject: [SA-exim] Re: tempreject vs. reject for teergrubing In-Reply-To: References: Message-ID: <20021208012258.GJ27411@merlins.org> [Added Cc to sa-exim list in case my answer can be useful to others] On Sat, Dec 07, 2002 at 06:31:24PM -0500, Brian Kendig wrote: > I think I've caught an inconsistency in sa-exim.c... in the teergrube > section, it returns LOCAL_SCAN_TEMPREJECT, but shouldn't it be > returning LOCAL_SCAN_REJECT instead, since you've deprecated the > settings for temporarily rejecting a message that's been teergrubed? I guess my docs can probably be improved :-) What I deprecated was the option to just sleep and return LOCAL_SCAN_TEMPREJECT way later. This option wasn't very good because it didn't know when the other side had disconnected and your exim still sat around for the entire time. > If I've teergrubed a message and the sender has stuck around for the > entire time, I don't want him to try again later... If it's a real spammer he will probably not try again, unless he is really dumb, or you have someone relaying the spam to you. If you select do to teergrubing, the idea is to passively hurt the spammer, so if he were to be dumb enough to try again, it makes sense for sa-exim to try and delay the spammer one more time. In other words, it works as designed :-) Now, if you have someone repeatetly trying to resend you a spam, it's usually either an MX for you or an open relay. At least in the first case, you want to put that sender in SAteergrubecond as shown in the example config file In the second case, you can decide whether tying up the open relay is worthwhile or not. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From brian at enchanter.net Fri Dec 13 02:54:58 2002 From: brian at enchanter.net (Brian Kendig) Date: Thu, 12 Dec 2002 21:54:58 -0500 Subject: [SA-exim] Re: tempreject vs. reject for teergrubing In-Reply-To: <20021208012258.GJ27411@merlins.org> Message-ID: <445B8A7E-0E46-11D7-9D74-003065546CF4@enchanter.net> >> If I've teergrubed a message and the sender has stuck around for the >> entire time, I don't want him to try again later... > > If it's a real spammer he will probably not try again, unless he is > really dumb, or you have someone relaying the spam to you. > If you select do to teergrubing, the idea is to passively hurt the > spammer, so if he were to be dumb enough to try again, it makes sense > for sa-exim to try and delay the spammer one more time. > In other words, it works as designed :-) Very good point. :-) And it makes sense this way! Thank you for the clarification! ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From thomask at mtnns.net Fri Dec 20 12:42:48 2002 From: thomask at mtnns.net (Thomas Kinghorn) Date: Fri, 20 Dec 2002 14:42:48 +0200 Subject: [SA-exim] make problem Message-ID: <4625C59C329BC447AFFB52E7F8BFF275063778@protea.int.citec.net> trying to follow the build instructions for sa-exim-2.2. Here is the error i am getting. # make sa-exim-2.2.so Building sa-exim-2.2.so gcc -I/downloads/exim-4.10/src -DDLOPEN_LOCAL_SCAN -DSPAMASSASSIN_CONF=\"/usr/exim/spamassassin.conf\" -DSPAMC_LOCATION=\"/usr/bin/spamc\" -O2 -Wall -shared -o sa-exim-2.2.so sa-exim.c sa-exim.c: In function `local_scan_version': sa-exim.c:37: `LOCAL_SCAN_ABI_VERSION' undeclared (first use in this function) sa-exim.c:37: (Each undeclared identifier is reported only once sa-exim.c:37: for each function it appears in.) sa-exim.c:350:2: warning: #warning you should not worry about the "might be clobbered by longjmp", see source make: *** [sa-exim-2.2.so] Error 1 # Any advise would be appreciated Regards, Tom (serious newbie) From marc at merlins.org Fri Dec 20 14:41:57 2002 From: marc at merlins.org (Marc MERLIN) Date: Fri, 20 Dec 2002 06:41:57 -0800 Subject: [SA-exim] make problem In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF275063778@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF275063778@protea.int.citec.net> Message-ID: <20021220144153.GW5519@merlins.org> On Fri, Dec 20, 2002 at 02:42:48PM +0200, Thomas Kinghorn wrote: > trying to follow the build instructions for sa-exim-2.2. > > Here is the error i am getting. > > # make sa-exim-2.2.so > Building sa-exim-2.2.so > gcc -I/downloads/exim-4.10/src -DDLOPEN_LOCAL_SCAN > -DSPAMASSASSIN_CONF=\"/usr/exim/spamassassin.conf\" > -DSPAMC_LOCATION=\"/usr/bin/spamc\" -O2 -Wall -shared -o sa-exim-2.2.so > sa-exim.c > sa-exim.c: In function `local_scan_version': > sa-exim.c:37: `LOCAL_SCAN_ABI_VERSION' undeclared (first use in this > function) > sa-exim.c:37: (Each undeclared identifier is reported only once > sa-exim.c:37: for each function it appears in.) > sa-exim.c:350:2: warning: #warning you should not worry about the "might be > clobbered by longjmp", see source You are compliing sa-exim with -DDLOPEN_LOCAL_SCAN This is defined in exim's local_scan.h, but only if you patched exim with localscan_dlopen.patch Either, you should not define -DDLOPEN_LOCAL_SCAN and copy sa-exim.c as local_scan.c in exim's source, or you should apply the patch I mentionned. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From thomask at mtnns.net Mon Dec 23 11:25:49 2002 From: thomask at mtnns.net (Thomas Kinghorn) Date: Mon, 23 Dec 2002 13:25:49 +0200 Subject: [SA-exim] ABI version Message-ID: <4625C59C329BC447AFFB52E7F8BFF27506377F@protea.int.citec.net> Good day. I am trying to finish the sa-exim installation. Howver, i am getting the error as stated below while running make LOCAL_SCAN_ABI_VERSION' undeclared (first use in this function) any idea's? Regards, Tom From marc at merlins.org Mon Dec 23 18:24:43 2002 From: marc at merlins.org (Marc MERLIN) Date: Mon, 23 Dec 2002 19:24:43 +0100 Subject: [SA-exim] ABI version In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27506377F@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27506377F@protea.int.citec.net> Message-ID: <20021223182443.GC15908@merlins.org> On Mon, Dec 23, 2002 at 01:25:49PM +0200, Thomas Kinghorn wrote: > Good day. > > I am trying to finish the sa-exim installation. > > Howver, i am getting the error as stated below while running make > > LOCAL_SCAN_ABI_VERSION' undeclared (first use in this function) I guess I'll have to further improve the docs, you're the second to ask about this in the last week. You can compile sa-exim in two ways: 1) standalone (copy sa-exim.c over exim's local_scan.c and rebuild exim) 2) Recompile exim with the localscan_dlopen.patch and make sure that sa-exim can see (with -I) the patched exim tree Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From thomask at mtnns.net Tue Dec 24 06:28:01 2002 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue, 24 Dec 2002 08:28:01 +0200 Subject: [SA-exim] Just a quick THANK YOU Message-ID: <4625C59C329BC447AFFB52E7F8BFF27506378A@protea.int.citec.net> Morning all Just a quick thank you to everyone for all the help and a great mailing list. May you have a merry Christmas and prosperous new year. Chat to you all again in 2003. Regards, Tom Kinghorn From brian at enchanter.net Sat Dec 28 15:48:07 2002 From: brian at enchanter.net (Brian Kendig) Date: Sat, 28 Dec 2002 10:48:07 -0500 Subject: [SA-exim] SA-Exim logging questions/suggestions Message-ID: A couple of questions and suggestions about the way SA-Exim logs things: - I'm not saving any rejected mail, so every spam that comes in puts a 'SA: savemail condition expanded to false, not saving message to disk' in my mainlog. I really don't need this message every time -- is there a way of turning it off, short of editing the source code? Would you consider removing it in a future version of SA-Exim? - If the messages for 'teergrube completed' and 'teergrube interrupted' were more similar, and if the 'completed' message listed the length of time the message was teergrubed for, it would make grepping the mainlog and reporting on it easier. Right now the two messages are: SA: local_scan stall completed. Sending tempreject SA: Interrupting Teergrube, remote side closed the connection after about 1020 secs I'd like to suggest something like: SA: teergrube ended after 28800 secs, completed normally SA: teergrube ended after 1020 secs, remote side closed the connection I know I can edit the source code for this, but I figured it might be useful to more people than just me. ;) ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From marc at merlins.org Sun Dec 29 11:39:39 2002 From: marc at merlins.org (Marc MERLIN) Date: Sun, 29 Dec 2002 12:39:39 +0100 Subject: [SA-exim] SA-Exim logging questions/suggestions In-Reply-To: References: Message-ID: <20021229113939.GN15600@merlins.org> On Sat, Dec 28, 2002 at 10:48:07AM -0500, Brian Kendig wrote: > - I'm not saving any rejected mail, so every spam that comes in puts a > 'SA: savemail condition expanded to false, not saving message to disk' > in my mainlog. I really don't need this message every time -- is there Indeed. I always run with debugging set to at least 1, so I never noticed that I forgot to only print this when debugging is enabled. I just fixed that in my source (debugging needs to be on to see it) > I'd like to suggest something like: > SA: teergrube ended after 28800 secs, completed normally > SA: teergrube ended after 1020 secs, remote side closed the connection Sure, why not? Done. I'll upload that to sf.net's CVS tree (do a cvs update, the cvs.tar.gz won't be updated until I get home from vacation) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Mon Dec 30 07:17:15 2002 From: marc at merlins.org (Marc MERLIN) Date: Mon, 30 Dec 2002 08:17:15 +0100 Subject: [SA-exim] Header Problem. In-Reply-To: <20021203161911.GJ8036@merlins.org> References: <20021203161911.GJ8036@merlins.org> Message-ID: <20021230071714.GQ15600@merlins.org> On Tue, Dec 03, 2002 at 08:19:11AM -0800, Marc MERLIN wrote: > > A quick hack of the sa-exim.c code (about line 274) to alter the header_add > > bit from this: > > > > header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); > > > > to this: > > > > if (strlen(rcptlist)<8192) > > header_add(' ', "X-SA-Exim-Rcpt-To: %s\n", rcptlist); > > else > > header_add(' ', "X-SA-Exim-Rcpt-To: WARNING - STRING TOO BIG\n"); > > Mmmh, indeed, I hadn't thought about that. > I'll add a patch like this one in the next version. > (I think I'll add an option that doesn't add the X-SA-Exim-Rcpt-To: > header if it is bigger than a configurable size, giving the user the > option to set it to 0) Ok, so I made a quick patch that should take care of this, and also deals with the feature request of disabling the header altogether. (This wasn't the only place where you had to fix this, rcptlist is pieced up together with an string_sprintf that also hits the 8K limit) spamassassin.conf now has: # You can have SA-Exim add a X-SA-Exim-Rcpt-To header, which will list all # the receipients for the Email, unless the list gets bigger than # SAmaxrcptlistlength bytes. # The default value of 0 disables the header for privacy reasons (the header # exposes Bcced receipients) # Any value bigger than 8000 will be ignored because there is a limit on the # size of headers that you can have and exim's string_sprintf SAmaxrcptlistlength: 0 This is not tested, I'm on vacation in France on a modem, so I'll check it in CVS and let you guys check it out, but eh, it compiles, so it has to work, right :) (in other words, please give me feedback) Happy upcoming new year to you all Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key