[SA-exim] SA-Exim 2.0 released

Marc MERLIN marc at merlins.org
Fri, 14 Jun 2002 15:19:09 -0700
Previous message: [SA-exim] SA-Exim 2.0 released
Next message: [SA-exim] SA-Exim 2.0 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------------------- multipart/signed attachment
On Fri, Jun 14, 2002 at 05:11:04PM -0500, Derrick 'dman' Hudson wrote:
> On Fri, Jun 14, 2002 at 10:44:04AM -0700, Marc MERLIN wrote:
> | Finally, it is there.
> | It compiled cleanly, and my mail server didn't catch fire after running=
 it
> | for 8 hours, so it must be bug free [tm]
>=20
> :-).
=20
I forgot to mention, you'll also want to upgrade to SA CVS, or the rumoured
soon to be released 2.30.
I put a lot of work in SA to make sure it was time bound and fit to run at
SMTP time.

I may release my own patches against 2.30 depending on how much of my code
gets in.
=20
> | You will want to make sure to get the new spamassassin.conf and look at=
 the
> | added options.
>=20
> Oh, yeah, that would be a good idea.  FWIW the "old" config works just
> fine (at least, I haven't noticed any problems in the last 2 days)
> with 2.0b1.

It'll work, you'll just be missing on all the new features :-)

> |     * Support X-Spam-Status from SA pre 2.30
>=20
> I don't understand this one.  I'm using SA 2.20 and have been using
> sa-exim 2.0b1 for the past 2 days.  I don't see anything wrong in
> mainlog.
=20
If you upgrade to SA pre 2.30, sa-exim 2.0b1 and older will fail to parse
the X-Spam-Status that SA now generates.
=20
> | Note that you will need this version to run the more recent
> | SpamAssassin code, they changed the format of X-Spam-Status.
>=20
> That's going to break my mutt hooks :-(.  I've got a pair of
> message-hooks to only display that header (in my pager) if some test
> triggered.
 =20
It's a multiline header now.
Probably just as well, because the line was getting quite long.
 =20
> I haven't done much socket programming, and no C-based socket
> programming, but I think the only way for an app to know that a TCP
> connection has timed out is to get an error back when it tries to
> read/write it.  I think select() can be used to synchronously wait

That was my understanding too.
Not easy to do from within sa-exim

> Another possibility is to annoy the other admin even more.  RFC 1047
> recommends a 5-10 minute timeout for receiving the response.  You

That's why the time to sleep is an option.
I  initially had  it return  a 450,  but  then I  figured that  if I  return
nothing, the  sender will  have to  wait as  long as  its timeout  is, _and_
consider that it was a temporary failure.

> Even better would be to store a hash (or some identifier), and simply
> stall n times before actually rejecting the message.  :-).
=20
I don't really want to keep state.
=20
> | Note too  that SA  2.30 pre  currently outputs *very  long* headers  in=
 some
> | cases, and it goes beyond SA's 8KB limit for string_sprintf.
> | So you'll want to change STRING_SPRINTF_BUFFER_SIZE in
> | exim/src/config.h.defaults
>=20
> Hmm, I don't see any size limits in RFC 2822 (line limits don't count
> if the header is properly wrapped).  You mentioned this was in
> relation to the spam phrases test. =20

Yep. See:
http://bugzilla.spamassassin.org/show_bug.cgi?id=3D444

> Maybe sa-exim could drop the
> excessive spam phrases data from the report (and truncate any
> remaining excessive data).  8KB for a header is a lot of data.  Many
> messages themselves (real ones, at least) are smaller than that.

I just read they're apparently not going to fix that for SA 2.30
So, I'll  just maintain my  patches against it and  remove the code  from SA
directly.

> I know that postfix truncates data when it logs to prevent any
> potential exploit or DoS as a result of excessive data.  (for example,
> read Wietse's paper on the origin of tcp-wrappers and the use of
> finger)=20

Exim has a safeguard, but it will just die if it detects that you are trying
to write too much data.

Marc
--=20
"A mouse is a device used to point at the xterm you want to type in" - A.S.=
R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet coo=
king
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP=
 key

---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/efe93b2f/attachment.bin

---------------------- multipart/signed attachment--
Previous message: [SA-exim] SA-Exim 2.0 released
Next message: [SA-exim] SA-Exim 2.0 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]