From marilyn at deliberate.com Tue Jul 1 11:14:26 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Tue Jul 1 10:16:32 2003 Subject: [SA-exim] Overwriting local_scan.c to build In-Reply-To: <20030630064143.GB3961@merlins.org> Message-ID: Thanks Marc. I got it. I'll use method 2 since I have other stuff to add to local_scan. Thanks again. Marilyn On Mon, 30 Jun 2003, Marc MERLIN wrote: > On Wed, Jun 25, 2003 at 05:24:18PM -0700, Marilyn Davis wrote: > > So install method 2 is "better"? > > It means you need to recompile exim if you change local_scan > > > Is this because it's simpler? > > Putting sa-exim directly inside exim is a bit simpler at build > time, in exchange for being more work to maintain later. > > > Because you can do it without the exim source? > > Building sa-exim as a module can indeed be done without the source, but > your running exim must have the local_scan patch, and it probably won't > unless you're runnig debian. > > Marc > -- > "A mouse is a device used to point at the xterm you want to type in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to gourmet cooking > Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key > From marilyn at deliberate.com Tue Jul 1 14:21:30 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Tue Jul 1 13:22:36 2003 Subject: [SA-exim] INSTALLing this way and that Message-ID: OK! I did the build method #2 and made a little coding change and it works and it *is* a great way to modify quickly and easily. I have a few suggestions for the INSTALL document: > CONFIGURING SPAMASSASSIN > ------------------------ > For all this to work correctly, your global spamassassin config should have: > > # Put report in the headers > report_header 1 report_header causes a complaint if you run spamd -D (which keeps spamd in the forground and outputs debug messages). It doesn't hurt anything but doesn't do anything either -- as far as I can tell. > > BUILDING > -------- > The code can be compiled in two ways: > > 1) Unpack exim 4.11 or better, and overwrite src/local_scan.c with sa-exim.c. Edit your src/local_scan.c, which is now a copy of sa-exim.c: #define SPAMASSASSIN_CONF "path/to/your/config-file-for-sa-exim" Rebuild exim, and you're done. However, if you ever want to modify or update the local_scan function, you will be glad you instead built a dynamically loaded library for your local_scan so you don't have to keep compiling exim. Build method #2 tells you how. 2) In the directory where you run make for exim, do this: patch -p1 < path-to-sa-exim-localscan_dlopen.patch-in-this-directory This patches exim's src/EDITME, amongst other things. Now fix up the patched src/EDITME to be your Local/Makefile for exim, making all the modifications you need for exim. Rebuild exim. In this sa-exim directory, fix up sa-exim's Makefile so that EXIM_SRC points to exim's src directory; so that SACONF points to your configuration file for sa-exim; and so that SPAMC points to your spamc executable. Run make here to build your sa-exim library. Copy the resulting sa-exim-x.x.so file someplace convenient, maybe /usr/lib/exim4/local_scan/sa-exim-x.x.so And in your exim configuration file, make local_scan_path point to your copied sa-exim-x.x.so, for example: local_scan_path = /usr/lib/exim4/local_scan/sa-exim-x.x.so kill SIGHUP your exim pid and you're set. When you modify your local_scan function (in sa-exim.c), just run make here and copy the sa-exim-x.x.so to your local_scan_path. And that is all, you are running your new code. You don't even need to SIGHUP your exim daemon. ----- Hope this helps. Thank you again. Marilyn > sa-exim-x.y.c. Rebuild exim, and you're done. > Note that if you do this, you are responsible for modifying variables > in sa-exim.c that would normally have been modified by the Makefile. > > 2) The better solution is to patch exim with localscan_dlopen.patch originally > from David Woodhouse (provided in this archive), and rebuild exim. > After that you can edit EXIM_SRC in the Makefile and build sa-exim-x.y.so > I have however modified the build environment so that you can now build > sa-exim without having the exim sources. > > You can look in eximinc/version to see which source I included. While this > should work for the forseable future, the exim local_scan API might change > one day and not building against the current exim sources could cause issues > (hopefully, at worst it will prevent sa-exim from using better functions in > newer versions of the local_scan API). > To be really safe, I modified the localscan_dlopen patch to include a > minor and major version number for the API. Philip has agreed to including > the piece of the patch that says which version of the API exim is using, > so it will be obvious in the future whether exim become potentially > incompatible with an older version of sa-exim. Note that when Philip adds > this small portion of the patch, you will have a resulting conflict if > you try to apply it again. This is obviously normal, just remove it :-) > > Once you're done building, you can copy sa-exim-x.y.so and optionally the > dummy/test accept.so in /usr/lib/exim4/local_scan/, and add this to your > exim4.conf: > #local_scan_path = /usr/lib/exim4/local_scan/accept.so > local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so > > If you are a package builder, note too that you don't actually have > to edit the values in the Makefile, you can override them as such: > make SACONF=/etc/mail/sa-exim.conf LDFLAGS="-shared -fPIC" > > > The following is mostly obsolete, but left here for info purposes > ----------------------------------------------------------------- > I would also recommend to edit exim/src/config.h.defaults as such: > #define STRING_SPRINTF_BUFFER_SIZE 32768 > The default value is a bit too small for some of the strings that we need to > expand from SA. > That said, I found out that exim then complaints that the headers > it tries to add are too big even after I set "uschar buffer[32768];" in > src/header.c. > As a result, I haven't quite found out how to deal with more than 8KB worth > of SpamAssassin headers, but it may not be a huge deal, 8KB headers are too > long anyway. > I asked the SA guys not to output such huge headers and I wrote a patch > to disable one of the "features" that outputs such huge headers. > See: http://bugzilla.spamassassin.org/showattachment.cgi?attach_id=195 > This is included and turned on by default in Spamassassin 2.40 and later. > > > INSTALL > ------- > Copy spamassassin.conf to /etc/exim4 (or whatever you set SACONF to), > and make sure to read it and edit the values to suit your environment. > So that you don't make any mistakes, SAEximRunCond is turned off by default. > This should force you to scan the docs before potentially shooting yourself > in the foot :) > > See README for options > > From jvanasco at mastersofbranding.com Wed Jul 2 12:36:13 2003 From: jvanasco at mastersofbranding.com (Jonathan Vanasco) Date: Wed Jul 2 08:36:13 2003 Subject: [SA-exim] turning debugging off Message-ID: I keep getting messages like this in /var/log/maillog Jun 29 05:24:22 redivi spamd[25542]: info: setuid to exim succeeded there are about 5 lines per message i'm confidant this isn't from sa-exim, because in /usr/exim/spamassassin.conf i have: SAEximDebug:0 but i can't find any spamd startup script or info that has debugging turned on. so i'm just lost. this is probably more of a sa-talk question -- but there's an offchance this is some weird sa-exim interaction thing so i post here. From jcring at switch.com Wed Jul 2 17:22:52 2003 From: jcring at switch.com (Ring, John C) Date: Wed Jul 2 13:22:59 2003 Subject: [SA-exim] "authenticator name missing" when starting exim? Message-ID: <8F329FEDF58BD411BE5200508B10DA760CF58E69@exchptc1.switch.com> Ok, I have a Redhat 9.0 system with exim already installed from source and running correctly. Now I'm trying to add sa-exim using install option #2. I applied the patch, recompiled exim, and did a make install to copy the new binaries to the production paths. Then I edited the few items in the sa-exim makefile, compile, and copy the .so files to a production location, along with the spamassassin.conf file to the SACONF value I set. However, when I edit my Exim 4.20 configuration file to add the local_scan_path and restart exim, I get Starting exim: 2003-07-02 16:03:45 Exim configuration error in line 550: authenticator name missing Line 550 is the added line, local_scan_path=/usr/exim/bin/sa-exim-3.0.so Any idea what I've missed? I can't find that error message in any previous threads. -------------------------- John C. Ring, Jr. jcring@switch.com Web and Network Technologies Specialist Union Switch & Signal Inc. From simon at nuit.ca Wed Jul 2 21:53:25 2003 From: simon at nuit.ca (simon raven) Date: Wed Jul 2 13:53:34 2003 Subject: [SA-exim] -fPIC and kernel version In-Reply-To: References: Message-ID: <20030702205325.GD32585@nuit.ca> ok ok, sorry for that omission =), it's 2.4.21-xfs-grsec-ben1, teehee :). cheers, eric -- UNIX is user friendly, it's just picky about who its friends are. ------------------------------------------------------------------- ,''`. http://www.debian.org/ | http://www.nuit.ca/ : :' : Debian GNU/Linux | http://simonraven.nuit.ca/ `. `' | PGP key ID: 6169 BE0C 0891 A038 `- | From marc at merlins.org Wed Jul 2 23:56:12 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed Jul 2 13:56:19 2003 Subject: [SA-exim] "authenticator name missing" when starting exim? In-Reply-To: <8F329FEDF58BD411BE5200508B10DA760CF58E69@exchptc1.switch.com> References: <8F329FEDF58BD411BE5200508B10DA760CF58E69@exchptc1.switch.com> Message-ID: <20030702205612.GF5228@merlins.org> On Wed, Jul 02, 2003 at 04:22:52PM -0400, Ring, John C wrote: > Starting exim: 2003-07-02 16:03:45 Exim configuration error in line 550: > authenticator name missing > > Line 550 is the added line, local_scan_path=/usr/exim/bin/sa-exim-3.0.so exim is reporting an error because you probably stuck the line at the end of the file, in the wrong section. Put it at the beginning and things should work. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From scott at ncs.co.nz Fri Jul 4 00:17:35 2003 From: scott at ncs.co.nz (Scott Truman) Date: Thu Jul 3 04:17:44 2003 Subject: [SA-exim] SAEximRunCond false for gateway machine on same subnet Message-ID: <54A7F218A7383947AE5A49FF064D5FDC1154EF@napnt.ncs.co.nz> Hi there, We have a subnet 192.168.1.0/24, whose IP's should be able to relay through the exim/sa-exim/spamassassin mail server. The incoming mail appears to come from 192.168.1.254, because it is the gateway server to the internet, which maps port 25 to the internal mail server. This all works fine except Spamassassin is not being run for inbound emails from the internet (as said, they appear to come from the host 192.168.1.254). My config is as follows: hostlist relay_from_hosts = 127.0.0.1 : !192.168.1.254 : !192.168.1.0/24 And even though I have negated 192.168.1.254 in the above hostlist, it still seems to cause the following acl to kick in. warn message = X-SA-Do-Not-Run: Yes hosts = +relay_from_hosts Do acls work differently, or am I going about this incorrectly? Thanks in advance. Scott From BStory at DOTFOODS.com Sun Jul 6 18:00:47 2003 From: BStory at DOTFOODS.com (Ben Story) Date: Sun Jul 6 15:02:48 2003 Subject: [SA-exim] User_prefs Message-ID: First I'd like to thank all of the developers for making an excellent product. My managers have asked me to find out if I can make sa-exim use individual user_pref information for Spam Assassin from the SA sql storage method. I noticed some chatter in the archives about this last month, but I was wondering if anyone has come up with a preferred way to do this. Ben Story MIS Dot Foods, Inc. From marc at merlins.org Mon Jul 7 10:49:30 2003 From: marc at merlins.org (Marc MERLIN) Date: Mon Jul 7 00:51:42 2003 Subject: [SA-exim] User_prefs In-Reply-To: References: Message-ID: <20030707074930.GD8736@merlins.org> On Sun, Jul 06, 2003 at 05:00:47PM -0500, Ben Story wrote: > First I'd like to thank all of the developers for making an excellent > product. My managers have asked me to find out if I can make sa-exim use > individual user_pref information for Spam Assassin from the SA sql storage > method. I noticed some chatter in the archives about this last month, but I > was wondering if anyone has come up with a preferred way to do this. The short answer is "no" It is doable with exim ACL kludgery (see a message I posted about this), but no one has done it yet Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Mon Jul 7 11:03:10 2003 From: marc at merlins.org (Marc MERLIN) Date: Mon Jul 7 06:11:54 2003 Subject: [SA-exim] turning debugging off In-Reply-To: References: Message-ID: <20030707080310.GG8736@merlins.org> On Wed, Jul 02, 2003 at 11:36:13AM -0400, Jonathan Vanasco wrote: > > I keep getting messages like this in /var/log/maillog > Jun 29 05:24:22 redivi spamd[25542]: info: setuid to exim succeeded Are you running spamd with -d -u nobody ? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From info at g-house.de Thu Jul 10 15:36:32 2003 From: info at g-house.de (Malte Geierhos) Date: Thu Jul 10 08:34:16 2003 Subject: [SA-exim] Re: User_prefs In-Reply-To: <20030707074930.GD8736@merlins.org> References: <20030707074930.GD8736@merlins.org> Message-ID: i've made it ... with exim_acl + spamd +sql user_prefs... *********local.cf************** rewrite_subject 1 report_safe 1 user_scores_dsn DBI:mysql:courier_mail:localhost user_scores_sql_username user_scores_sql_password user_scores_sql_table userprefs rewrite_subject 1 ok languages en de allow_user_rules 1 <<<<<<< On Sun, Jul 06, 2003 at 05:00:47PM -0500, Ben Story wrote: > >>First I'd like to thank all of the developers for making an excellent >>product. My managers have asked me to find out if I can make sa-exim use >>individual user_pref information for Spam Assassin from the SA sql storage >>method. I noticed some chatter in the archives about this last month, but I >>was wondering if anyone has come up with a preferred way to do this. > > > The short answer is "no" > > It is doable with exim ACL kludgery (see a message I posted about this), > but no one has done it yet > > Marc From psacha at blue-cable.net Fri Jul 11 15:52:24 2003 From: psacha at blue-cable.net (Philipp Sacha) Date: Fri Jul 11 05:52:32 2003 Subject: [SA-exim] LDAP-Calls in SAEximRunCond Message-ID: <3F0EB308.2020809@blue-cable.net> Hi, i have installed exim 4.20 with sa-exim 3.0. What i try to configure is, that only mail for users with an attribute in LDAP set to 'y' is scanned for spam. Therefor in spamassassin.conf i have defined: SAEximRunCond: ${if eq {${lookup ldap {ldap:///dc=mydomain,dc=example??sub?(&(mail=$local_part@$domain)(spamcheck=y)) }{1}{0}}}{1}{0}} When sa-exim asks LDAP it seems that $local_part and $domain are empty. The resulting filter from the slapd-log is: filter="(&(mail=@)(spamcheck=y))" Could it be that i have missed something? Regards, Philipp -- Philipp Sacha mailto:psacha@blue-cable.net From sdickenson at keyschool.org Fri Jul 11 10:08:01 2003 From: sdickenson at keyschool.org (Dickenson, Steven) Date: Fri Jul 11 06:09:37 2003 Subject: [SA-exim] LDAP-Calls in SAEximRunCond Message-ID: <1DBA7B491604E94BBCCE5133069A5BB248CF79@mail.keyschool.org> $local_part and $domain are not available at the time that SA-Exim is called. If you want per user scanning, see the e-mail that Malte Geierhos posted yesterday. You'll need to make use of ACLs present in Exim 4.20. Steven --- Steven Dickenson Network Administrator The Key School, Annapolis Maryland -----Original Message----- From: Philipp Sacha [mailto:psacha@blue-cable.net] Sent: Friday, July 11, 2003 8:52 AM To: sa-exim@lists.merlins.org Subject: [SA-exim] LDAP-Calls in SAEximRunCond Hi, i have installed exim 4.20 with sa-exim 3.0. What i try to configure is, that only mail for users with an attribute in LDAP set to 'y' is scanned for spam. Therefor in spamassassin.conf i have defined: SAEximRunCond: ${if eq {${lookup ldap {ldap:///dc=mydomain,dc=example??sub?(&(mail=$local_part@$domain)(spamcheck= y)) }{1}{0}}}{1}{0}} When sa-exim asks LDAP it seems that $local_part and $domain are empty. The resulting filter from the slapd-log is: filter="(&(mail=@)(spamcheck=y))" Could it be that i have missed something? Regards, Philipp -- Philipp Sacha mailto:psacha@blue-cable.net _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From fabio at vivaolinux.com.br Thu Jul 31 05:24:18 2003 From: fabio at vivaolinux.com.br (=?ISO-8859-1?Q?F=E1bio?= Berbert de Paula) Date: Thu Jul 31 00:27:38 2003 Subject: [SA-exim] sa-exim with SQL user prefs Message-ID: <20030731042418.192ec9ff.fabio@vivaolinux.com.br> Hi all, I compiled sa-exim in replacement of local_scan.c on Exim4-4.20 source and configured the same do perform a SQL search for userpref, according the documentation about SQL on spamassassin oficial web site. As well, all of this 'works', but in a lot of times a local user get his address in a WHITELIST_TO test without explanation and accept a SPAM. How can I debug the why is it hiting on this test? Note: sa-exim is using only the @GLOBAL user prefs, if is there any way to do sa-exim load a single user prefs, please tell me. It can be done via ACL right? Any URL to give me? My ISP receive a bit more than 400.000 messages/day, with spamassassin + exim3 + director, we're blocking 50.000 messages/day, with sa-exim + exim4 only 20.000 because the problem with the misterious WHITELIST_TO. Other note: I'm using the same version and configuration of spamassassin in both cases: exim3 and exim4. Please, give some idea or sites do look for documentation. Thanks, Fabio Berbert de Paula fabio@vivaolinux.com.br