From mth at Ingersoll.com Mon Apr 7 16:54:38 2003 From: mth at Ingersoll.com (Hess, M.Todd, /mth) Date: Mon, 7 Apr 2003 10:54:38 -0500 Subject: [SA-exim] spamc unable to connect to spamd Message-ID: <752D46E7E674D311842600A0C9EC627A068E4F01@rockford> Occasionally, spamc reports that it can't connect to spamd: "connect() to spamd failed: Connection refused" I have not been able to figure out why this happens. When this happens, email bypasses the spamd and continues to be delivered. Until I can solve this problem, I would like the email to be held until spamc is able to connect to spamd again. Is there a way I can force spamc to wait "forever" for a spamd connection? I read about the "-f" flag, but that won't accomplish what I need. TIA! M.Todd Hess mth@ingersoll.com From tonni at billy.demon.nl Mon Apr 7 18:13:11 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 07 Apr 2003 19:13:11 +0200 Subject: [SA-exim] spamc unable to connect to spamd In-Reply-To: <752D46E7E674D311842600A0C9EC627A068E4F01@rockford> References: <752D46E7E674D311842600A0C9EC627A068E4F01@rockford> Message-ID: <1049735589.10917.194.camel@localhost> man, 07.04.2003 kl. 17.54 skrev Hess, M.Todd, /mth: > Occasionally, spamc reports that it can't connect to spamd: > > "connect() to spamd failed: Connection refused" > > I have not been able to figure out why this happens. When this happens, > email bypasses the spamd and continues to be delivered. > > Until I can solve this problem, I would like the email to be held until > spamc is able to connect to spamd again. Is there a way I can force spamc > to wait "forever" for a spamd connection? I read about the "-f" flag, but > that won't accomplish what I need. What version of SA? What version of SA-Exim? What version of Exim? What OS, distro and version? The short answer to what you ask is: "You can't," The long answer is: "Why should this be occurring at all?" Like: "I never get that, and neither would I expect it." Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From mth at Ingersoll.com Tue Apr 8 11:24:05 2003 From: mth at Ingersoll.com (Hess, M.Todd, /mth) Date: Tue Apr 8 08:24:15 2003 Subject: [SA-exim] spamc unable to connect to spamd Message-ID: <752D46E7E674D311842600A0C9EC627A068E4F07@rockford> Versions: SA: 2.31 SA-Exim: 2.0.1 Exim: 4.05 OS: SuSE 6.4 I suppose upgrading is in order, but I hate to break anything with my current workload. Thanks, M.Todd Hess mth@ingersoll.com -----Original Message----- From: Tony Earnshaw [mailto:tonni@billy.demon.nl] Sent: Monday, April 07, 2003 12:13 PM To: sa-exim@lists.merlins.org Subject: Re: [SA-exim] spamc unable to connect to spamd man, 07.04.2003 kl. 17.54 skrev Hess, M.Todd, /mth: > Occasionally, spamc reports that it can't connect to spamd: > > "connect() to spamd failed: Connection refused" > > I have not been able to figure out why this happens. When this > happens, email bypasses the spamd and continues to be delivered. > > Until I can solve this problem, I would like the email to be held > until spamc is able to connect to spamd again. Is there a way I can > force spamc to wait "forever" for a spamd connection? I read about > the "-f" flag, but that won't accomplish what I need. What version of SA? What version of SA-Exim? What version of Exim? What OS, distro and version? The short answer to what you ask is: "You can't," The long answer is: "Why should this be occurring at all?" Like: "I never get that, and neither would I expect it." Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From tonni at billy.demon.nl Tue Apr 8 17:31:09 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Tue Apr 8 09:31:10 2003 Subject: [SA-exim] spamc unable to connect to spamd In-Reply-To: <752D46E7E674D311842600A0C9EC627A068E4F07@rockford> References: <752D46E7E674D311842600A0C9EC627A068E4F07@rockford> Message-ID: <1049818207.17530.144.camel@localhost> tir, 08.04.2003 kl. 17.24 skrev Hess, M.Todd, /mth: > Versions: > > SA: 2.31 > SA-Exim: 2.0.1 > Exim: 4.05 > OS: SuSE 6.4 > > I suppose upgrading is in order, but I hate to break anything with my > current workload. Oh dear. Doesn't look all that good, does it? Is the machine it's all running on as old as the SuSE version too? Uptime 2 years or more? That's going to cr*p out at any time as well - try to get someone to look after things for you. Move to Holland, Old Europe (which is where I am); I'd be happy to accommodate you. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From denis at rybin.ru Tue Apr 15 22:57:51 2003 From: denis at rybin.ru (Denis Rybin) Date: Tue Apr 15 10:58:31 2003 Subject: [SA-exim] destwhitelist Message-ID: <10375649515.20030415215751@telmos.ru> Hello I've installed sa-exim-2.2. Just replace local_scan.c by sa-exim.c. Rebuild exim. Intsall SpamAssassin, run spamd, add /etc/exim/spamassassin.conf. spamassassin.conf default is on - SAEximRunCond: ... {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} That's all. Question - how can i disable spam scanning for some local (not only local) users? It seems to me is special play with SAEximRunCond and special recipient variables in it. Right? add localpartlist nosarej = /etc/exim/acls/destwhitelist and warn message = X-SA-Do-Not-Rej: Yes local_parts = +nosarej:postmaster:abuse take no effect. Thank you From marc at merlins.org Tue Apr 15 12:49:41 2003 From: marc at merlins.org (Marc MERLIN) Date: Tue Apr 15 11:49:44 2003 Subject: [SA-exim] destwhitelist In-Reply-To: <10375649515.20030415215751@telmos.ru> References: <10375649515.20030415215751@telmos.ru> Message-ID: <20030415184941.GB8584@merlins.org> On Tue, Apr 15, 2003 at 09:57:51PM +0400, Denis Rybin wrote: > Hello > > I've installed sa-exim-2.2. > Just replace local_scan.c by sa-exim.c. Rebuild exim. > Intsall SpamAssassin, run spamd, add /etc/exim/spamassassin.conf. > spamassassin.conf default is on - > SAEximRunCond: ... {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} > That's all. There is SAEximRejCond and RunCond, please read your config file a bit. > Question - how can i disable spam scanning for some local (not only > local) users? > It seems to me is special play with SAEximRunCond and special > recipient variables in it. Right? > > add > > localpartlist nosarej = /etc/exim/acls/destwhitelist > > and > > warn message = X-SA-Do-Not-Rej: Yes > local_parts = +nosarej:postmaster:abuse > > take no effect. Since there is an obvious header mismatch. What I gave you was a way to scan a message but not reject it. If you don't even want to scan it, set X-SA-Do-Not-Run: Yes instead of X-SA-Do-Not-Rej: Yes Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Tue Apr 15 21:11:38 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Tue Apr 15 13:11:39 2003 Subject: [SA-exim] destwhitelist In-Reply-To: <10375649515.20030415215751@telmos.ru> References: <10375649515.20030415215751@telmos.ru> Message-ID: <1050437135.20624.15.camel@localhost> tir, 15.04.2003 kl. 19.57 skrev Denis Rybin: > Question - how can i disable spam scanning for some local (not only > local) users? You can't with SA-Exim. It's site-wide or no scanning. If you have to do as you want, you'll have to go (back?) to the old-fashioned Exim router/transport alternative. And sacrifice the possibility of doing smtp 550 rejects and teergrubing. Maybe Marc will want to implement TK's horrible hack idea in version 3.0 ;) I for one won't be making use of it. Best, Tony -- Tony Earnshaw Do not come to visit me with both arms the same length. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From marc at merlins.org Tue Apr 15 14:36:27 2003 From: marc at merlins.org (Marc MERLIN) Date: Tue Apr 15 13:36:29 2003 Subject: [SA-exim] destwhitelist In-Reply-To: <1050437135.20624.15.camel@localhost> References: <10375649515.20030415215751@telmos.ru> <1050437135.20624.15.camel@localhost> Message-ID: <20030415203627.GB23601@merlins.org> On Tue, Apr 15, 2003 at 10:05:37PM +0200, Tony Earnshaw wrote: > You can't with SA-Exim. It's site-wide or no scanning. Not quite. You can have it not scan or reject a mail, only if one of the receipients doesn't want rejection (like postmaster@ or sales@) It's not that often that you get mails from outside sent to a whitelisted Email and Cced to people who want rejection, and that's the only case where the current sa-exim compromizes by letting the mail through. > Maybe Marc will want to implement TK's horrible hack idea in version 3.0 > ;) I for one won't be making use of it. I might, but I should really get 2.3 out the door, which is waiting on my upgrade to the debian exim4 package (I abandonned mine, and I'm converting my entire config to that package, so that I can just ship sa-exim separately and have it mate with the standard already existing exim4 package) I'm trying to work on it, I swear :-) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From brian at enchanter.net Tue Apr 15 17:48:21 2003 From: brian at enchanter.net (Brian Kendig) Date: Tue Apr 15 13:48:34 2003 Subject: [SA-exim] Latest CVS source for sa-exim (1.29) strips out subject line Message-ID: <97F99C7C-6F83-11D7-8F66-003065546CF4@enchanter.net> FYI -- I had been using the sa-exim 1.26 source from CVS without any problems. A few days ago I updated to the 1.29 source from CVS, and ever since then, the subject lines of all incoming email disappeared as if they were stripped out. I backed down to the 1.26 source, and I started seeing subject lines on my incoming email again. :) ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From marc at merlins.org Tue Apr 15 14:49:51 2003 From: marc at merlins.org (Marc MERLIN) Date: Tue Apr 15 13:49:52 2003 Subject: [SA-exim] Latest CVS source for sa-exim (1.29) strips out subject line In-Reply-To: <97F99C7C-6F83-11D7-8F66-003065546CF4@enchanter.net> References: <97F99C7C-6F83-11D7-8F66-003065546CF4@enchanter.net> Message-ID: <20030415204951.GE23601@merlins.org> On Tue, Apr 15, 2003 at 04:48:21PM -0400, Brian Kendig wrote: > FYI -- I had been using the sa-exim 1.26 source from CVS without any > problems. A few days ago I updated to the 1.29 source from CVS, and > ever since then, the subject lines of all incoming email disappeared as > if they were stripped out. > > I backed down to the 1.26 source, and I started seeing subject lines on > my incoming email again. :) Yeah, CVS is completely untested outside of the fact that it compiles :-) That's why I'm rebuilding my exim setup so that I can actually test the code and find minor "nothing works anymore" bugs :-) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From hans-peter.zahno at unifr.ch Thu Apr 17 17:37:46 2003 From: hans-peter.zahno at unifr.ch (Hans-Peter Zahno) Date: Thu Apr 17 07:36:38 2003 Subject: [SA-exim] Connecting to spamd on a remote host Message-ID: <200304171637.46167.hans-peter.zahno@unifr.ch> Hello, I have sa-exim-4.14 running on solaris 9 and having spamassassin (spamd) running on a linux box. How do I configure (or patch) Exim-SA to be able that spamc is called with the option '-d '? Thanks for any help Regards Hans-Peter Zahno From Nigel.Metheringham at dev.InTechnology.co.uk Thu Apr 17 17:17:33 2003 From: Nigel.Metheringham at dev.InTechnology.co.uk (Nigel Metheringham) Date: Thu Apr 17 09:17:34 2003 Subject: [SA-exim] Marking up of identified spam - report_safe Message-ID: <1050596245.26687.38.camel@angua.localnet> I've not looked at SA-exim recently (used to run it a while back). Could someone let me know how it handles a recent SA (ie 2.50 or later) working in report_safe mode (where a new message is created for identified spam, and the original message is attached as a mail/rfc822 component). exiscan, at least, only mods the headers on identified spam, is sa-exim any different? Nigel. -- [ Nigel Metheringham Nigel.Metheringham@InTechnology.co.uk ] [ - Comments in this message are my own and not ITO opinion/policy - ] From marc at merlins.org Thu Apr 17 10:22:33 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Apr 17 09:22:34 2003 Subject: [SA-exim] Marking up of identified spam - report_safe In-Reply-To: <1050596245.26687.38.camel@angua.localnet> References: <1050596245.26687.38.camel@angua.localnet> Message-ID: <20030417162233.GG9216@merlins.org> On Thu, Apr 17, 2003 at 05:17:25PM +0100, Nigel Metheringham wrote: > I've not looked at SA-exim recently (used to run it a while back). > > Could someone let me know how it handles a recent SA (ie 2.50 or later) > working in report_safe mode (where a new message is created for > identified spam, and the original message is attached as a mail/rfc822 > component). There is no support for that. Adding it would be a little work for that matter, SA-Exim mostly worries about refusing mail at SMTP time, even though it can obviously be used for site-wide scanning and tagging, but not in report_safe mode which would force me to scan the whole body of the message and do mime parsing to get the spam headers, right? > exiscan, at least, only mods the headers on identified spam, is sa-exim > any different? Nope, I also modify the headers (for that matter, exiscan copied sa-exim's behaviour, not that I mind in the slightest way :-) I'm getting closer to releasing 2.3 with a few more minor features, but sa-exim 2.2 is very usuable, I've been running it on several sites for about 6 months now. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Thu Apr 17 18:37:12 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Thu Apr 17 10:37:13 2003 Subject: [SA-exim] Marking up of identified spam - report_safe In-Reply-To: <20030417162233.GG9216@merlins.org> References: <1050596245.26687.38.camel@angua.localnet> <20030417162233.GG9216@merlins.org> Message-ID: <1050600951.31765.80.camel@localhost> tor, 17.04.2003 kl. 18.22 skrev Marc MERLIN: > > Could someone let me know how it handles a recent SA (ie 2.50 or later) > > working in report_safe mode (where a new message is created for > > identified spam, and the original message is attached as a mail/rfc822 > > component). > > There is no support for that. Beg your pardon? This is a spamd/local.cf feature. If SA-Exim lets spam through ('cos it doesn't reject it), then spamd does this. It's got nothing to do with SA-Exim, then. Should mention I use SA 2.60-CVS and choose to smtp 550 reject spam at smtp time, if the score is high enough. The point about SA-Exim is, that one can choose to do everything at smtp time, in one fell swoop, instead of twice, both having local_scan handle it and then send it back at router and transport time, as with the original Exim concept. Whether it's SA-Exim or exiscan shouldn't make any difference in this respect. I only chose SA-Exim over Exiscan originally, because "Marc Merlin" is such a fantastic name. So I tried it out, and one happy bunny. Best, Tony -- Tony Earnshaw Do not come to visit me with both arms the same length. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From marc at merlins.org Thu Apr 17 12:14:45 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Apr 17 11:14:48 2003 Subject: [SA-exim] Marking up of identified spam - report_safe In-Reply-To: <1050600951.31765.80.camel@localhost> References: <1050596245.26687.38.camel@angua.localnet> <20030417162233.GG9216@merlins.org> <1050600951.31765.80.camel@localhost> Message-ID: <20030417181445.GK9216@merlins.org> On Thu, Apr 17, 2003 at 07:35:54PM +0200, Tony Earnshaw wrote: > > > Could someone let me know how it handles a recent SA (ie 2.50 or later) > > > working in report_safe mode (where a new message is created for > > > identified spam, and the original message is attached as a mail/rfc822 > > > component). > > > > There is no support for that. > > Beg your pardon? This is a spamd/local.cf feature. If SA-Exim lets spam > through ('cos it doesn't reject it), then spamd does this. It's got > nothing to do with SA-Exim, then. Right, but if you configure spamd with report_safe when SA-Exim runs it, SA-Exim isn't able to get the SA info out of it from what people wrote (which makes sense if SA puts the SA headers inside the attached message and not the wrapper message. I have to upgrade to SA 2.50, but haven't had the time to do so yet) > Should mention I use SA 2.60-CVS and choose to smtp 550 reject spam at > smtp time, if the score is high enough. Right. That's what I do too and most people who use SA-Exim do since this is the main appeal of my program. > I only chose SA-Exim over Exiscan originally, because "Marc Merlin" is > such a fantastic name. So I tried it out, and one happy bunny. ROFTL :-))) But seriously, SA-Exim offers more spam rejection and handling features than exiscan, but obviously exiscan offers virus scanning, so exiscan is a better choice for people who want both. My understanding too is that if you want the best of both worlds, you can patch exim to do exiscan, and also run SA-Exim in local_scan. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From dman at dman.ddts.net Thu Apr 17 16:44:39 2003 From: dman at dman.ddts.net (Derrick 'dman' Hudson) Date: Thu Apr 17 12:40:40 2003 Subject: [SA-exim] Re: Connecting to spamd on a remote host In-Reply-To: <200304171637.46167.hans-peter.zahno@unifr.ch> References: <200304171637.46167.hans-peter.zahno@unifr.ch> Message-ID: <20030417194439.GA2046@dman.ddts.net> On Thu, Apr 17, 2003 at 04:37:46PM +0200, Hans-Peter Zahno wrote: | Hello, | | I have sa-exim-4.14 running on solaris 9 and having spamassassin (spamd) | running on a linux box. How do I configure (or patch) Exim-SA to be able | that spamc is called with the option '-d '? --- /etc/exim/spamassassin.conf (or where ever you compiled it to be) SAspamcpath: /usr/local/bin/spamc.sh --- /usr/local/bin/spamc.sh #!/bin/sh exec /usr/bin/spamc -d foo -D -- How to shoot yourself in the foot with Java: You find that Microsoft and Sun have released incompatible class libraries both implementing Gun objects. You then find that although there are plenty of feet objects implemented in the past in many other languages, you cannot get access to one. But seeing as Java is so cool, you don't care and go around shooting anything else you can find. (written by Mark Hammond) http://dman.ddts.net/~dman/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20030417/a2ad16e0/attachment.bin From marc at merlins.org Wed Apr 23 09:08:40 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed Apr 23 08:08:44 2003 Subject: [SA-exim] SA-Exim CVS ready for testing before SA-Exim 2.3 In-Reply-To: <20030415204951.GE23601@merlins.org> References: <97F99C7C-6F83-11D7-8F66-003065546CF4@enchanter.net> <20030415204951.GE23601@merlins.org> Message-ID: <20030423150840.GF19429@merlins.org> On Tue, Apr 15, 2003 at 01:49:51PM -0700, Marc MERLIN wrote: > > I backed down to the 1.26 source, and I started seeing subject lines on > > my incoming email again. :) > > Yeah, CVS is completely untested outside of the fact that it compiles :-) This is now working well enough that I'm running it on my mail server with exim 4.14 I'll probably still add a thing or two before the release, but those should be minor. This time, I'll make a deb package of just sa-exim so that it can be used against the debian exim4 package. You can get the CVS tree here: http://marc.merlins.org/linux/exim/files/sa-exim-cvs.tar.gz or there http://sourceforge.net/cvs/?group_id=56124 (that one is always up to date) The changelog for now is: 2003/04/23 - v2.2.x cvs (not yet released, use CVS) * Made SAmaxrcptlistlength and option to control how long of a X-SA-Exim-Rcpt-To header you can output if you want to output it at all * Do not output "savemail condition expanded to false" if not in debug mode (as reported by Brian Kendig) * Now ships with a sample local_scan.h if we can't find the exim source * Change of logic to delete SA headers that were in the original mail but weren't outputted by the SA run (like X-Spam-Flag, as reported by Chad Leigh) * Modified local_scan dlopen patch to deal with updates to the exim local_scan API * The default location for spamasassin.conf was changed to /etc/exim4 (debian default) * Updated README and INSTALL * Updated localscan_dlopen.patch to deal with minor/major version numbers * Added X-SA-Exim-Version Thanks for reporting back successes or failures Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From brian at enchanter.net Wed Apr 23 14:39:36 2003 From: brian at enchanter.net (Brian Kendig) Date: Wed Apr 23 10:39:46 2003 Subject: [SA-exim] Re: SA-Exim CVS ready for testing before SA-Exim 2.3 In-Reply-To: <20030423150840.GF19429@merlins.org> Message-ID: <8D51C9F8-75B2-11D7-BEEC-003065546CF4@enchanter.net> A couple of ideas to toss in: - Could you make the SA log message formats more similar? The 'permanently rejected' one looks like this (and the 'temporarily rejected' one is similar, thanks for changing these a while ago!): SA: local_scan permanently rejected message: hits=117.0 required=5.0 trigger=12.0 (scanned in 14/14 secs). From (host=NULL [61.129.66.34]) for brian@enchanter.net But the 'accepted' one is: SA: score hits=3.0 required=5.0 (scanned in 5/5 secs) And the 'spam but accepted' one is: SA: Flagged as Spam but accepted: Score hits=10.9 required=5.0 (scanned in 8/8 secs) It would really be helpful for the 'accepted' one to say "local_scan accepted message: hits=3.0 (scanned in 14/14 secs). From ... (host=... [...]) for ..." And for the 'spam but accepted' one to say "local_scan accepted spam: ..." or some other wording. This would let me easily grep on 'temporarily', 'permanently', 'accepted message', 'accepted spam' so I could get stats on each category of message. - Also, might you consider removing 'required=5.0 trigger=12.0' (or whatever the user has those values set to) from the messages? You don't want to tell spammers how close they were to having their spam get past the filters... - And in sa-exim.c, where you have the string_sprintf lines which send messages back to the spammer (like "451- wait for more output" and "How about you try again later for a little more teergrube?"), can you change those strings to #defines at the top of sa-exim.c, so that they can be easily modified all in one place? I'm concerned that spammers might come to recognize these strings and immediately know they're going to get teergrubed... making them easier to change would encourage users to define their own strings so as to be less detectable by spammers. Thanks for considering these! And many many kudos to you for continuing to develop this great piece of software! It's come in VERY handy for me! :-) ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From tonni at billy.demon.nl Wed Apr 23 21:16:09 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Wed Apr 23 13:16:11 2003 Subject: [SA-exim] Re: SA-Exim CVS ready for testing before SA-Exim 2.3 In-Reply-To: <8D51C9F8-75B2-11D7-BEEC-003065546CF4@enchanter.net> References: <8D51C9F8-75B2-11D7-BEEC-003065546CF4@enchanter.net> Message-ID: <1051124814.10197.11.camel@localhost> ons, 23.04.2003 kl. 19.39 skrev Brian Kendig: > - Also, might you consider removing 'required=5.0 trigger=12.0' (or > whatever the user has those values set to) from the messages? You > don't want to tell spammers how close they were to having their spam > get past the filters... Agreed absolutely here. I have had a virus vendor coming back twice a day since April 16, from 200.34.143.9, Instituto Mexicano del Seguro Social, to see how he's getting on with his pro-spam measures. (he gets a 550 each time and I've told postmaster there, but deathly silence.) I mark the virus vendor up a couple of SA + points each day :) > And many many kudos to you for > continuing to develop this great piece of software! It's come in VERY > handy for me! :-) And from me. Best, Tony -- Tony Earnshaw Do not come to visit me with both arms the same length. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From brian at enchanter.net Thu Apr 24 01:50:25 2003 From: brian at enchanter.net (Brian Kendig) Date: Wed Apr 23 21:50:32 2003 Subject: [SA-exim] Another suggestion: conf file is too wordy Message-ID: <43628C34-7610-11D7-BEEC-003065546CF4@enchanter.net> Here's another suggestion to toss out to ya... The spamassassin.conf file is awfully wordy -- my copy of the file has 230 comment lines and only 30 actual parameter setting lines. This makes it hard to see at a glance exactly what the parameters are set to and what the configuration's doing, and it also makes it harder to upgrade if a new version changes the settings somewhat. Also, several of the explanations are very similar and share a lot of text. Would you consider pulling the comments into a separate documentation file, so that the conf file only needs to contain the settings themselves? ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From marc at merlins.org Sun Apr 27 08:24:48 2003 From: marc at merlins.org (Marc MERLIN) Date: Sun Apr 27 19:32:04 2003 Subject: [SA-exim] Re: SA-Exim CVS ready for testing before SA-Exim 2.3 In-Reply-To: <8D51C9F8-75B2-11D7-BEEC-003065546CF4@enchanter.net> References: <20030423150840.GF19429@merlins.org> <8D51C9F8-75B2-11D7-BEEC-003065546CF4@enchanter.net> Message-ID: <20030427142447.GA22406@merlins.org> On Wed, Apr 23, 2003 at 01:39:36PM -0400, Brian Kendig wrote: > A couple of ideas to toss in: > > - Could you make the SA log message formats more similar? The (...) Now that exim 4.11 or better allows me to decouple smtp error messages and what goes in the logs, it's done, and I tried to make this more consistent Do a cvs update to see my recent commit. Best, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From rbergmair at acm.org Sat Apr 26 16:40:02 2003 From: rbergmair at acm.org (Richard Bergmair) Date: Sun Apr 27 19:32:06 2003 Subject: [SA-exim] sa-exim and fetchmail Message-ID: <200304261540.02393.rbergmair@acm.org> Hi! I've just set up my new mail-environment using exim 4.14, SpamAssassin-2.53 and sa-exim 2.2. I receive both mail sent directly to my MTA, and mail sent to my provider's mail-account. I use fetchmail 5.6.5 in deamon-mode to poll my provider's POP3-server for new mail, and now I want to get rid of spam sent directly to my MTA, as well as spam lying around in my providers mailbox. Filtering seems to work perfectly. I don't *receive* any more spam that spamassassin can identify as such, but it's not deleted from the POP3-account. I assume that this is due to fetchmail: Fetchmail gets all mail from the POP3-account and opens an SMTP-connection to the localhost, simply forwarding mail to exim. Before exim gets to see it sa-exim runs spamassassin to check, whether it's spam, and rejects it. (I've set "SAEximRunCond: 1" in spamassassin.conf, since the normal check for local deliveries would prevent SpamAssassin to be run on mail coming from fetchmail) That's why fetchmail can't deliver that mail, so it doesn't delete it from the mailbox. In fetchmail(1) I read, that fetchmail deletes mail only if the delivery was either successful, or it receives one of the error-codes [571, 550, 501, 554] which usually indicate that mail was rejected due to spam-checking. Doesn't sa-exim send one of these error-codes, or what could be the reason, that spam remains in the mailbox, after running fetchmail on a spammed mailbox? Thanks a lot! Richard From thomask at mtnns.net Tue Apr 29 10:00:15 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue Apr 29 00:00:56 2003 Subject: [SA-exim] clearing out SAspamaccept Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9780@protea.int.citec.net> Good morning. Is there a way to zip or clear the mail in SAspamaccept? My directory is massive. There must be a way to automate this, however, I am pretty new to SA-Exim. Regards, Tom Kinghorn From merlins.org at paulm.com Tue Apr 29 09:26:10 2003 From: merlins.org at paulm.com (Paul Makepeace) Date: Tue Apr 29 00:26:31 2003 Subject: [SA-exim] clearing out SAspamaccept In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9780@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9780@protea.int.citec.net> Message-ID: <20030429072610.GL27273@mythix.realprogrammers.com> On Tue, Apr 29, 2003 at 09:00:15AM +0200, Thomas Kinghorn wrote: > Is there a way to zip or clear the mail in SAspamaccept? > > My directory is massive. > There must be a way to automate this, however, I am pretty new to SA-Exim. You could try something like, find /var/spool/exim/SAspamaccept -mtime +7 -print0 | xargs -0 rm Which will remove anything modified (or created in this case) over seven days. The -0 deals with the horrid filenames being produced. You could have this scheduled to happen at regular intervals. Look in man 5 crontab and man 1 crontab. Paul -- Paul Makepeace ....................................... http://paulm.com/ "If one paper burns well, then what can you do." -- http://paulm.com/toys/surrealism/ From thomask at mtnns.net Tue Apr 29 10:32:04 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue Apr 29 00:32:20 2003 Subject: [SA-exim] clearing out SAspamaccept Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9781@protea.int.citec.net> many thanks Paul. -----Original Message----- From: Paul Makepeace [mailto:merlins.org@paulm.com] Sent: 29 April 2003 09:26 To: Thomas Kinghorn Cc: Sa-Exim@Lists. Merlins. Org (E-mail) Subject: Re: [SA-exim] clearing out SAspamaccept On Tue, Apr 29, 2003 at 09:00:15AM +0200, Thomas Kinghorn wrote: > Is there a way to zip or clear the mail in SAspamaccept? > > My directory is massive. > There must be a way to automate this, however, I am pretty new to SA-Exim. You could try something like, find /var/spool/exim/SAspamaccept -mtime +7 -print0 | xargs -0 rm Which will remove anything modified (or created in this case) over seven days. The -0 deals with the horrid filenames being produced. You could have this scheduled to happen at regular intervals. Look in man 5 crontab and man 1 crontab. Paul -- Paul Makepeace ....................................... http://paulm.com/ "If one paper burns well, then what can you do." -- http://paulm.com/toys/surrealism/ From thomask at mtnns.net Tue Apr 29 12:16:02 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue Apr 29 02:16:11 2003 Subject: [SA-exim] clearing out SAspamaccept Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9786@protea.int.citec.net> Hi all. Is there a way of clearing out the messages is SApermreject directory. i would like to clear messages older than 21 days. I was thinking of something like this find /var/spool/exim/SApermreject/new/ -mtime +21 -print0 | xargs -0 rm -Rf For some reason I need the arg rm -Rf, not just rm. Please advise. Thanks for the previous help. Tom -----Original Message----- From: Paul Makepeace [mailto:merlins.org@paulm.com] Sent: 29 April 2003 09:26 To: Thomas Kinghorn Cc: Sa-Exim@Lists. Merlins. Org (E-mail) Subject: Re: [SA-exim] clearing out SAspamaccept On Tue, Apr 29, 2003 at 09:00:15AM +0200, Thomas Kinghorn wrote: > Is there a way to zip or clear the mail in SAspamaccept? > > My directory is massive. > There must be a way to automate this, however, I am pretty new to SA-Exim. You could try something like, find /var/spool/exim/SAspamaccept -mtime +7 -print0 | xargs -0 rm Which will remove anything modified (or created in this case) over seven days. The -0 deals with the horrid filenames being produced. You could have this scheduled to happen at regular intervals. Look in man 5 crontab and man 1 crontab. Paul -- Paul Makepeace ....................................... http://paulm.com/ "If one paper burns well, then what can you do." -- http://paulm.com/toys/surrealism/ From tonni at billy.demon.nl Tue Apr 29 11:39:41 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Tue Apr 29 03:39:42 2003 Subject: [SA-exim] clearing out SAspamaccept In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9786@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9786@protea.int.citec.net> Message-ID: <1051612443.29238.29.camel@localhost> P? ty , 29/04/2003 klokka 11:16, skreiv Thomas Kinghorn: > Is there a way of clearing out the messages is SApermreject directory. > i would like to clear messages older than 21 days. > I was thinking of something like this > find /var/spool/exim/SApermreject/new/ -mtime +21 -print0 | xargs -0 rm -Rf > > For some reason I need the arg rm -Rf, not just rm. Personally I never use the "xargs" stuff for 'find'. The following sort of thing works for me: cd /var/spool/exim/SApermreject/new find . -mtime +21 -exec rm {} \; Best, Tony -- Tony Earnshaw Do not come to visit me with both arms the same length. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl Tony Earnshaw From marc at merlins.org Wed Apr 30 11:05:10 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed Apr 30 10:05:11 2003 Subject: [SA-exim] SA-Exim 3.0 released Message-ID: <20030430170510.GI6772@merlins.org> Since SA-Exim now uses a newer dlopen_localscan patch (you'll need to rebuild your exim with the newer patch, or if you already have 4.11 or better, you can for now add -DDLOPEN_LOCAL_SCAN_OLD_API in the Makefile), and due to the number of changes and dependency on newer exims (4.11 or better), bumping the version to 3.0 seemed like a good idea. Here's the changelog 2003/04/30 - v3.0 * Makefile can generate a short spamassassin.conf (for Brian Kendig) * Added a contrib directory with 3rd party scripts * Since we already had X-SA-Exim-Rcpt-To: to show the envelope to (disabled by default), I added X-SA-Exim-Mail-From: to show the envelope from (always enabled, but you can delete it in system_filter if you wish). If you can't easily see or parse the envelope sender in your mails, this should definitely help * Much improved directory creation and error handling for the reject save directories * Added SIGCHLD patch from David Woodhouse * Added version header that looks like this: X-SA-Exim-Version: 2.2.x-cvs (built Tue Apr 22 10:28:25 PDT 2003) * Rewrote pretty much every log message to be more consistent and grepable (the previous ones were quite bad). Suggested by multiple people including Brian Kendig * Made the SMTP error messages finally configurable (suggested by several people). This is now possible since exim lets me output a different message in the log than in the SMTP session. Consequently, new default messages do not show the spam score, this only goes to the exim now. * Made SAmaxrcptlistlength and option to control how long of a X-SA-Exim-Rcpt-To header you can output if you want to output it at all * Do not output "savemail condition expanded to false" if not in debug mode (as reported by Brian Kendig) * Now ships with a sample local_scan.h if we can't find the exim source * Change of logic to delete SA headers that were in the original mail but weren't outputted by the SA run (like X-Spam-Flag, as reported by Chad Leigh) * Modified local_scan dlopen patch to deal with updates to the exim local_scan API * The default location for spamasassin.conf was changed to /etc/exim4 (debian default) * Updated README and INSTALL * Updated localscan_dlopen.patch to deal with minor/major version numbers * Added X-SA-Exim-Version I have been running pre-versions of this code for several days and unless I somehow added a bug while making the release tar, the code seems to work well (famous last words :) But seriously, no problems on my mail server, and sa-exim will deal with errors anyway, log them, and allow the mail through so that you don't lose anything. As usual, it's here: http://marc.merlins.org/linux/exim/sa.html http://sourceforge.net/projects/sa-exim/ I'll release a deb against the debian exim4 package in a few days Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From brian at enchanter.net Wed Apr 30 19:52:58 2003 From: brian at enchanter.net (Brian Kendig) Date: Wed Apr 30 15:53:09 2003 Subject: [SA-exim] 3.0 is great! Message-ID: <7CB556BC-7B5E-11D7-9DE2-003065546CF4@enchanter.net> Marc, you ROCK. :-D I'm installing sa-exim 3.0 right now. A couple of thoughts while I set it up, feel free to ignore... I was confused at the "missing sa-exim.h" error during the exim compile. (The INSTALL file still says that I just copy sa-exim-x.y.c over src/local_scan.c and it'll work.) Then I noticed that 'make' will create this file, so I ran 'make'... and got a whole bunch of "ld: Undefined symbols" errors (_main, _expand_string, _header_add, _header_list, etc.) and failed to make sa-exim-3.0.so, but it does appear to have made a good sa-exim.h. Thank you very much for making the messages a configurable option in the conf file! And by the way, 'make spamassassin_short.conf' leaves a whole bunch of blank lines in the file... it's not really all that important or necessary, though, 'cos I just stripped all the documentation out of my copy of the file. :) I notice you still have the code in there for the deprecated 'stall' stuff. Will that be going away any time soon? (I don't use it, I was just curious.) ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From marc at merlins.org Wed Apr 30 17:03:43 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed Apr 30 16:03:44 2003 Subject: [SA-exim] 3.0 is great! In-Reply-To: <7CB556BC-7B5E-11D7-9DE2-003065546CF4@enchanter.net> References: <7CB556BC-7B5E-11D7-9DE2-003065546CF4@enchanter.net> Message-ID: <20030430230343.GA18244@merlins.org> On Wed, Apr 30, 2003 at 06:52:58PM -0400, Brian Kendig wrote: > A couple of thoughts while I set it up, feel free to ignore... > > I was confused at the "missing sa-exim.h" error during the exim > compile. (The INSTALL file still says that I just copy sa-exim-x.y.c > over src/local_scan.c and it'll work.) Aaaah, very true, I forgot that some people still just patch exim. I only tested building sa-exim as a module (which then works correctly with my makefile) > Then I noticed that 'make' will create this file, so I ran 'make'... > and got a whole bunch of "ld: Undefined symbols" errors (_main, > _expand_string, _header_add, _header_list, etc.) and failed to make > sa-exim-3.0.so, but it does appear to have made a good sa-exim.h. That seems to say that it wasn't able to find the exim local_scan.h when trying to build sa-exim-3.0.so, but I now provide the file to avoid just this problem. If you can't build the module or reproduce this in some way, please send me more details off list, I'll see if I can fix that. > Thank you very much for making the messages a configurable option in > the conf file! And by the way, 'make spamassassin_short.conf' leaves a > whole bunch of blank lines in the file... it's not really all that A few. Multiple blank lines are collapsed into one. One empty line to separate options a bit is not the end of the world :) > important or necessary, though, 'cos I just stripped all the > documentation out of my copy of the file. :) Whatever makes you happy :-) > I notice you still have the code in there for the deprecated 'stall' > stuff. Will that be going away any time soon? (I don't use it, I was > just curious.) I thought I had removed it from the config file. I'll make sure it's really gone. I'll probably drop it from the code soon too. Thanks for the report. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From brian at enchanter.net Wed Apr 30 20:04:56 2003 From: brian at enchanter.net (Brian Kendig) Date: Wed Apr 30 16:05:02 2003 Subject: [SA-exim] "SAEximRunCond expanded to false" Message-ID: <28FCE3AA-7B60-11D7-9DE2-003065546CF4@enchanter.net> I found one small bug: I get "SA: Notice: Not running SA because SAEximRunCond expanded to false" in the log every time I send an email, even though "SAEximDebug: 0" is the first line of spamassassin.conf. ____ |\/| Brian Kendig Set your priorities right. \ /\ / ..__. brian at enchanter net No one ever said on his \/ \__\ _/ http://www.enchanter.net/ death bed, "Gee, if I'd \__ __ \_ Be insatiably curious. only spent more time at \____\___\ Ask "why" a lot. the office." From marc at merlins.org Wed Apr 30 17:08:48 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed Apr 30 16:08:49 2003 Subject: [SA-exim] "SAEximRunCond expanded to false" In-Reply-To: <28FCE3AA-7B60-11D7-9DE2-003065546CF4@enchanter.net> References: <28FCE3AA-7B60-11D7-9DE2-003065546CF4@enchanter.net> Message-ID: <20030430230848.GB18244@merlins.org> On Wed, Apr 30, 2003 at 07:04:56PM -0400, Brian Kendig wrote: > I found one small bug: I get "SA: Notice: Not running SA because > SAEximRunCond expanded to false" in the log every time I send an email, > even though "SAEximDebug: 0" is the first line of spamassassin.conf. It's not a bug, it's a notice, it's meant to be there. SA-Exim will output one line per mail. If it doesn't run, it tells you. If it runs, it tells you what it did with the mail (accepted, rejected, teergrube, etc...) I think it should be there, but if you really don't like it and it's hard to ignore, feel free to remove the comment in the code Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key