[SA-exim] SA-Exim 2.0 released
Derrick 'dman' Hudson
dman at dman.ddts.net
Fri, 14 Jun 2002 17:11:04 -0500
---------------------- multipart/signed attachment
On Fri, Jun 14, 2002 at 10:44:04AM -0700, Marc MERLIN wrote:
| Finally, it is there.
| It compiled cleanly, and my mail server didn't catch fire after running it
| for 8 hours, so it must be bug free [tm]
:-).
| You will want to make sure to get the new spamassassin.conf and look at t=
he
| added options.
Oh, yeah, that would be a good idea. FWIW the "old" config works just
fine (at least, I haven't noticed any problems in the last 2 days)
with 2.0b1.
| Changelog from 2.0b1 is:
| * Allow for stalling SMTP sessions from spammers (caution)
Sounds like fun. :-). Reminds me of coderedneck/labrae.
| * Support X-Spam-Status from SA pre 2.30
I don't understand this one. I'm using SA 2.20 and have been using
sa-exim 2.0b1 for the past 2 days. I don't see anything wrong in
mainlog.
| * dman's indirect request for saved files to be 660
Oh, yeah, I left that in there. I had forgotten to fix my copy, then
I was wondering why mutt would say I had a new message in the folder,
but there was none. (I didn't have permission to read the file, just
the directory) :-)
=20
| Note that you will need this version to run the more recent
| SpamAssassin code, they changed the format of X-Spam-Status.
That's going to break my mutt hooks :-(. I've got a pair of
message-hooks to only display that header (in my pager) if some test
triggered.
=20
| Feel free to play with SAstallsender (at your own risk), and if you
| can find an easy way to stop stalling and sitting around if
| the other side disconnected, I'm all ears :-)
I have a couple of ideas.
I haven't done much socket programming, and no C-based socket
programming, but I think the only way for an app to know that a TCP
connection has timed out is to get an error back when it tries to
read/write it. I think select() can be used to synchronously wait
until something interesting happens, that something being the
disconnect. I don't think you get get the socket from exim, though,
without some modifications there.
Another possibility is to annoy the other admin even more. RFC 1047
recommends a 5-10 minute timeout for receiving the response. You
could wait for just under 5 minutes, then send the reject code. That
prolongs the connection as long as possible, but still makes the
message go away.
Even better would be to store a hash (or some identifier), and simply
stall n times before actually rejecting the message. :-).
| Note too that SA 2.30 pre currently outputs *very long* headers in s=
ome
| cases, and it goes beyond SA's 8KB limit for string_sprintf.
| So you'll want to change STRING_SPRINTF_BUFFER_SIZE in
| exim/src/config.h.defaults
Hmm, I don't see any size limits in RFC 2822 (line limits don't count
if the header is properly wrapped). You mentioned this was in
relation to the spam phrases test. Maybe sa-exim could drop the
excessive spam phrases data from the report (and truncate any
remaining excessive data). 8KB for a header is a lot of data. Many
messages themselves (real ones, at least) are smaller than that.
I know that postfix truncates data when it logs to prevent any
potential exploit or DoS as a result of excessive data. (for example,
read Wietse's paper on the origin of tcp-wrappers and the use of
finger)=20
-D
--=20
If your life is a hard drive,
Christ can be your backup.
=20
http://dman.ddts.net/~dman/
---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/b9be51ea/attachment.bin
---------------------- multipart/signed attachment--