From jvanasco at mastersofbranding.com Thu Jun 5 17:59:40 2003 From: jvanasco at mastersofbranding.com (Jonathan Vanasco) Date: Thu Jun 5 13:58:54 2003 Subject: [SA-exim] teergrube whitelist (possible?) Message-ID: is there any way of getting a list into that 'do not teergrube' statement, short of chaining a bunch of "if and"s ? From ssmeenk+exim-sa at freshdot.net Fri Jun 6 23:41:48 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Fri Jun 6 13:41:53 2003 Subject: [SA-exim] Fails to expand Message-ID: <20030606204148.GA9183@freshdot.net> Hey, | SA: PANIC: SAEximRunCond expansion failure on ${if and | {{def:sender_host_address}{!eq{$sender_host_address}{127.0.0.1}} | {!eq{$h_X-SA-Do-Not-Run:}{Yes}}{eq{${extract{spamassassin}{${lookup | {$domain}lsearch{/etc/exim4/policy}}}{$value}{no}}}{yes}}}} | (but message was accepted) Why is that ? If I split the SAEximRunCond line up like so: |${if | and { | {def:sender_host_Address} | {!eq | {$sender_host_address} | {127.0.0.1} | } | {!eq | {$h_X-SA-Do-Not-Run:} | {Yes} | } | {eq | {${extract{spamassassin}{${lookup{$domain}lsearch{/etc/exim4/policy}}}{$value}{no}}} | {yes} | } | } |} It looks sane, right? My {}-matcher finds no disparities :) The same lookup I do in that last {eq{}{}} block works elsewhere in an ACL. I copied it 1:1 by cut 'n paste, so I made no typo's. Exim4 isn't very verbose about WHY it failed expanding, and I would expect this to be possible... Any clues? Sander. -- | I doubt, therefore I might be. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From ssmeenk+exim-sa at freshdot.net Fri Jun 6 23:46:33 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Fri Jun 6 13:46:38 2003 Subject: [SA-exim] Fails to expand In-Reply-To: <20030606204148.GA9183@freshdot.net> References: <20030606204148.GA9183@freshdot.net> Message-ID: <20030606204633.GB9183@freshdot.net> Quoting Sander Smeenk (ssmeenk+exim-sa@freshdot.net): > Why is that ? > If I split the SAEximRunCond line up like so: ARGH! I forgot the {1}{0} clause! * beats himself in the head with a sharp pointy object * Not to waste this moment: Wouldn't it be neat if 'spamassassin.conf' was named 'exim-sa.conf' or something similar, by default? I know I got the source and I can change it myself, but it seems like a confusing name to me, and probably other too ;) Furthermore, I posted this on the exim4debian list too, but when using exim-sa, and it starts teergrube'ing a client, the messages like '451- Please wait for more output' appear in my mainlog, and not at the sending connection's end. This happens with the latest exim-sa module (as of today that is), and the latest unstable release of exim4 (4.20-1) Regards, Sander. -- | If space is a vacuum, who changes the bags? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From ssmeenk+exim-sa at freshdot.net Sun Jun 8 16:55:23 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Sun Jun 8 06:55:30 2003 Subject: [SA-exim] A little help on SAEximRunCond & rcpt domain based lookups Message-ID: <20030608135523.GD9183@freshdot.net> Hey all, I got this configuration for exim4 from a friend, and it works really really nice. The basic idea is that you have a file called 'policy' that specifies, for each domain you host, what checks to perform, and what ACL (rcpt_acl) to use. The ACL in its turn looks up wether options like 'verifysender' or 'verifyhelo' are turned on, and wether it has to 'dnsbl=reject' or 'dnsbl=warn', etc, etc. Works real nifty I can tell you :) I thought I could add that same behaviour to exim-sa's SAEximRunCond, since that RunCond undergoes exim4 string-expansion. So there shouldn't be any problems looking up if 'spamassassin' is set to 'yes' in the policy file for the recipient domain. There is only one big problem. I can't seem to figure out, during the phase where SAEximRunCond gets expanded, what the recipient address (envelope!) for the mail is. I really need the address the mail will be delivered to, not the $h_To value, since one can forge that. $domain is empty, there's no $h_Envelope-to, and $recipients is empty too. I thought about adding a header somewhere earlier, something like 'X-Received-For-Domain: nnn.tld', and have it removed later, but it seems I can only add headers *after* the message passed through exim-sa. Anyone on this list having ideas about what I can do next to figure out the recipient address in an SAEximRunCond like this: | ${if | and { | {def:sender_host_address} | {!eq | {$sender_host_address} | {127.0.0.1} | } | {!eq | {$h_X-SA-Do-Not-Run:} | {Yes} | } | {eq | {${extract{spamassassin}{${lookup{#RCPTDOMAINNEEDEDHERE#}lsearch{/etc/exim4/policy}}}{$value}{no}}} | {yes} | } | } | {1}{0} | } Any help is greatly appreciated! Thanks, Sander. -- | Remember: If you shake it more than twice, you're playing with it! | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From tonni at billy.demon.nl Sun Jun 8 23:42:08 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Sun Jun 8 13:48:53 2003 Subject: [SA-exim] A little help on SAEximRunCond & rcpt domain based lookups In-Reply-To: References: Message-ID: <3EE39FA0.20907@billy.demon.nl> Chirik wrote: > Correct - since local_scan is after the SMTP DATA command, we only have > the ability to accept or reject the message as a whole, for all recipients. "Not quite" - the very words Marc used to me when I wrote the same, not long ago. Don't forget that you can implement 'localpartlist nosarej' and so on (see Marc's example Exim config) for people, groups or whatever you like. The choices are quite powerful. Best, Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From ssmeenk at freshdot.net Sun Jun 8 21:57:08 2003 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Sun Jun 8 14:51:00 2003 Subject: [SA-exim] A little help on SAEximRunCond & rcpt domain based lookups In-Reply-To: References: <20030608135523.GD9183@freshdot.net> Message-ID: <20030608185708.GA28593@freshdot.net> Quoting Chirik (chirik@castlefur.com): > Instead, do the checks during the master check_rcpt acl, and set one of > the 'acl_m#' variables, I did what you suggested. And this works. I can now switch on and off the spamassassin scans from within my policy file for each domain seperately. > Note, this will result in SAEximRunCond being true if *any* domain for *any* > recipient has it set true. You can adjust it to default to run, and set it > to not run if any domain doesn't want SA run, instead, if you'd like. Whoo :) You lost me. If a message comes in with, say, two RCPT TO:'s, and one of them has spamassassin=yes in it's policy, and the other hasn't, the message will get scanned? That's ok I think. Wouldn't the same happen when I default to scan, and set for specific domains not to scan? Wouldn't it be the same? One has exim-sa set to not run, so both RCPT TO's won't get scanned? > Personally, I think using the acl_m# variables for this purpose is better > than using headers - they get reset when a new message is started, and you > don't have to take precautions to prevent SA not being run if they happen to > be set on an inbound message ... unless you want that, of course. Funny is that I didn't come to think of setting acl_m# variables. I thought they wouldn't be available in SAEximRunCond either, because they are ACL variables. But, yes, I want to scan incoming messages. Unless the message was received from localhost / localIP or the 'don't scan' header is set :) But SAEximRunCond has correct {eq{}{}} things for that. > In my case, I use acl_m0 as a signal to whether to run spamassassin, > and whether or not to reject messages or just flag (I set it to > 'do-not-reject' in acl_check_rcpt, and that is overridden by > 'do-not-run' in acl_check_data) I use acl_m1 as a count of recipients > I accepted, or would have accepted, were I not lying and telling the > remote site that anything they tried was invalid because they were > just guessing at usernames. ;-) I'll first see how this works out before I start doing kinky stuff like making rejecting optional ;) > I really like exim, and it works great for my home systems - I'm looking for > alternatives to deploy at my company, and I'm not sure exim is appropriate > there. :-/ Hmm, with exim4's ACL's I have the idea anything is possible ;) Thanks alot for helping me out this much... I'll continue doing tests now! Sander. -- | I doubt, therefore I might be. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From ssmeenk at freshdot.net Sun Jun 8 23:58:19 2003 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Sun Jun 8 14:51:00 2003 Subject: [SA-exim] A little help on SAEximRunCond & rcpt domain based lookups In-Reply-To: <3EE39FA0.20907@billy.demon.nl> References: <3EE39FA0.20907@billy.demon.nl> Message-ID: <20030608205819.GA904@freshdot.net> Quoting Tony Earnshaw (tonni@billy.demon.nl): > >Correct - since local_scan is after the SMTP DATA command, we only have > >the ability to accept or reject the message as a whole, for all recipients. > "Not quite" - the very words Marc used to me when I wrote the same, not > long ago. > > Don't forget that you can implement 'localpartlist nosarej' and so on > (see Marc's example Exim config) for people, groups or whatever you > like. The choices are quite powerful. Hmm, I hadn't yet thought about per-localpart nosa(rej). But you are right, the choices are powerful. Today, I learnt that you shouldn't focus on one approach ;) -- | What would it profit a man to gain the world, and loose his soul... | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From marc at merlins.org Sun Jun 8 18:57:38 2003 From: marc at merlins.org (Marc MERLIN) Date: Sun Jun 8 17:57:43 2003 Subject: [SA-exim] logfile entry for max. teergrube time In-Reply-To: <20030521204438.GD9036@merlins.org> References: <47212.213.84.248.7.1053459570.squirrel@webmail.addicts.nl> <20030521204438.GD9036@merlins.org> Message-ID: <20030609005737.GB7170@merlins.org> On Wed, May 21, 2003 at 01:44:38PM -0700, Marc MERLIN wrote: > On Tue, May 20, 2003 at 09:39:30PM +0200, Martin Balvers wrote: > > Hi, > > > > I am writing a logparser for sa-exim logfiles (exim_mainlog). > > I was wondering why the scantime and the message recipient are not logged > > when a teergrube takes the fully configured amount of time. > > If the spammer/sender closes the connection before the max. configured > > teergrube time, both scantime and recipient address are logged. > > It's an oversight in the logging. I'll fix that. It's fixed in CVS, although I probably won't have the time to release SA-Exim 3.1 for a while, so that probably doesn't help you too much (I loathe to make a new release just for this small patch, so it'll wait until I fix a couple of other things, and maybe add another feature, but I'll add that in CVS) In the meantime, here's the patch: RCS file: /cvsroot/sa-exim/sa-exim/sa-exim.c,v retrieving revision 1.38 diff -u -r1.38 sa-exim.c --- sa-exim.c 30 Apr 2003 16:07:59 -0000 1.38 +++ sa-exim.c 8 Jun 2003 23:49:34 -0000 @@ -1186,7 +1186,7 @@ sleep(10); } - log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender until full configured duration of %d secs (%s)", SAteergrubetime, spamstatus); + log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender until full configured duration of %d secs: %s (scanned in %d/%d secs). %s", SAteergrubetime, spamstatus, scantime, fulltime, mailinfo); *return_text=string_sprintf(SAmsgteergruberej, spamstatus); return LOCAL_SCAN_TEMPREJECT_NOLOGHDR; } You can also get it from CVS Hopefully it won't be too hard for your parser to recognize the old and new log formats Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Sun Jun 8 19:34:01 2003 From: marc at merlins.org (Marc MERLIN) Date: Sun Jun 8 18:34:02 2003 Subject: [SA-exim] Teergrube output In-Reply-To: <20030606204633.GB9183@freshdot.net> References: <20030606204148.GA9183@freshdot.net> <20030606204633.GB9183@freshdot.net> Message-ID: <20030609013401.GJ6069@merlins.org> On Fri, Jun 06, 2003 at 10:46:33PM +0200, Sander Smeenk wrote: > Wouldn't it be neat if 'spamassassin.conf' was named 'exim-sa.conf' or > something similar, by default? I know I got the source and I can change > it myself, but it seems like a confusing name to me, and probably other > too ;) Yeah, I should do that. I will for the next version. It's in CVS already: http://marc.merlins.org/linux/exim/sa.html > Furthermore, I posted this on the exim4debian list too, but when using This was the wrong place :) > exim-sa, and it starts teergrube'ing a client, the messages like '451- > Please wait for more output' appear in my mainlog, and not at the > sending connection's end. This happens with the latest exim-sa module > (as of today that is), and the latest unstable release of exim4 (4.20-1) Ok, so the line of code we are talking about is: str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus) I just resent myself a spam I teergrubed and it worked fine 220 mail1.merlins.org ESMTP Exim 4.14 #1 Sun, 08 Jun 2003 18:26:37 -0700 - mm8 helo foo.bar 250 mail1.merlins.org Hello gargamel.merlins.org mail from: xxx@yyy.zz 250 OK rcpt to: xxx@yyy.zz 250 Accepted data 354 Enter message, ending with "." on a line by itself spam pasted . 451- wait for more output 451- wait for more output (...) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From jeff at jab.org Sun Jun 8 21:28:53 2003 From: jeff at jab.org (Jeff Breidenbach) Date: Sun Jun 8 23:47:35 2003 Subject: [SA-exim] Debian package of sa-exim? Message-ID: What needs to happen before Debian users can apt-get install sa-exim, and how can I help? -Jeff From marc at merlins.org Mon Jun 9 00:52:34 2003 From: marc at merlins.org (Marc MERLIN) Date: Sun Jun 8 23:52:36 2003 Subject: [SA-exim] Debian package of sa-exim? In-Reply-To: References: Message-ID: <20030609065234.GD2563@merlins.org> On Sun, Jun 08, 2003 at 08:28:53PM -0700, Jeff Breidenbach wrote: > > What needs to happen before Debian users can > apt-get install sa-exim, and how can I help? Thanks to much help from Andreas Metzler, I have pre-packages here: http://marc.merlins.org/linux/exim/files/debian/ Please do not distribute or announce these yet. They should work (also I haven't even installed them yet), but they might need a little tweaking before I'll release them (Andreas will probably answer me soon telling me whether there are any issues, and you're welcome to do so too if you're a debian developer) I know I haven't been very responsive due to way too much work (12-16H days), but I'll do my best to get back to people within a reasonable amount of time :-) Thanks, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From ssmeenk+exim-sa at freshdot.net Mon Jun 9 15:40:22 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Mon Jun 9 05:40:27 2003 Subject: [SA-exim] Teergrube output In-Reply-To: <20030609013401.GJ6069@merlins.org> References: <20030606204148.GA9183@freshdot.net> <20030606204633.GB9183@freshdot.net> <20030609013401.GJ6069@merlins.org> Message-ID: <20030609124022.GC904@freshdot.net> Quoting Marc MERLIN (marc@merlins.org): > Ok, so the line of code we are talking about is: > str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus) Jup. Atleast, that's where the message gets put into 'str'. The actual writing to filehandle 2 is done two lines below :) > I just resent myself a spam I teergrubed and it worked fine > 220 mail1.merlins.org ESMTP Exim 4.14 #1 Sun, 08 Jun 2003 18:26:37 -0700 - mm8 Do you see posibility to test this same with Exim 4.20 ? :) Because if I do the same, the 451- come in my mainlog, and the connection stays silent. Something must have changed, I presume. -- | Do jellyfish get gas from eating jellybeans? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From ssmeenk+exim-sa at freshdot.net Mon Jun 9 16:40:29 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Mon Jun 9 06:40:33 2003 Subject: [SA-exim] Teergrube output In-Reply-To: <20030609124022.GC904@freshdot.net> References: <20030609013401.GJ6069@merlins.org> <20030609124022.GC904@freshdot.net> Message-ID: <20030609134029.GD904@freshdot.net> Quoting Sander Smeenk (ssmeenk+exim-sa@freshdot.net): > Do you see posibility to test this same with Exim 4.20 ? :) On the connections end: | [ssmeenk@sorrow:~] % nc valor.freshdot.net 25 | 220 valor.freshdot.net ESMTP Exim 4.20 Mon, 09 Jun 2003 15:30:46 +0200 | HELO dot.freshdot.net | 250 valor.freshdot.net Hello ssmeenk at dot.freshdot.net [195.64.80.165] | MAIL FROM: | 250 OK | RCPT TO: | 250 Accepted | DATA | 354 Enter message, ending with "." on a line by itself | | . | | 451 "Please try again later" In the mainlog: | ==> /var/log/exim4/mainlog <== | 2003-06-09 15:32:40 19PMjq-0004eO-Aq SA: Debug: SAEximRunCond expan ... | 2003-06-09 15:32:40 19PMjq-0004eO-Aq SA: Debug: check succeeded, ru ... | 2003-06-09 15:32:42 19PMjq-0004eO-Aq SA: Debug: SAEximRejCond expan ... | 2003-06-09 15:32:42 19PMjq-0004eO-Aq SA: Debug: Writing message to ... | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 451- Please wait for more output (hits=8.9 required=5.0 trigger=1.0) | 2003-06-09 15:33:42 19PMjq-0004eO-Aq SA: Action: teergrubed sender until | full configured duration of 60 secs (hits=8.9 required=5.0 trigger=1.0) | 2003-06-09 15:33:42 19PMjq-0004eO-Aq temporarily rejected by | local_scan(): "Please try again later" After this, my reject log gets the header-section of the rejected message with the rejection reason (temporarily rejected by local_scan(): "Please try again later"). Hope this helps. I'm now gonna try what happens when I write to stdout instead of stderr :) Regards, Sander. -- | How do you write zero in Roman numerals? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From marc at merlins.org Mon Jun 9 08:18:12 2003 From: marc at merlins.org (Marc MERLIN) Date: Mon Jun 9 07:18:14 2003 Subject: [SA-exim] Teergrube output In-Reply-To: <20030609134029.GD904@freshdot.net> <20030609124022.GC904@freshdot.net> References: <20030609013401.GJ6069@merlins.org> <20030609124022.GC904@freshdot.net> <20030609134029.GD904@freshdot.net> <20030606204148.GA9183@freshdot.net> <20030606204633.GB9183@freshdot.net> <20030609013401.GJ6069@merlins.org> <20030609124022.GC904@freshdot.net> Message-ID: <20030609141812.GC28486@merlins.org> On Mon, Jun 09, 2003 at 02:40:22PM +0200, Sander Smeenk wrote: > > I just resent myself a spam I teergrubed and it worked fine > > 220 mail1.merlins.org ESMTP Exim 4.14 #1 Sun, 08 Jun 2003 18:26:37 -0700 - mm8 > > Do you see posibility to test this same with Exim 4.20 ? :) > Because if I do the same, the 451- come in my mainlog, and the > connection stays silent. > > Something must have changed, I presume. Yes, you've convinced me that something has. On Mon, Jun 09, 2003 at 03:40:29PM +0200, Sander Smeenk wrote: > Hope this helps. I'm now gonna try what happens when I write to stdout > instead of stderr :) That didn't work when I tried, but let me know. I posted on the exim list asking Philip how I'm supposed to do this now that he broke my way to write to the smtp socket directly Stay tuned Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From ssmeenk+exim-sa at freshdot.net Mon Jun 9 17:22:03 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Mon Jun 9 07:22:09 2003 Subject: [SA-exim] Teergrube output In-Reply-To: <20030609141812.GC28486@merlins.org> References: <20030609013401.GJ6069@merlins.org> <20030609124022.GC904@freshdot.net> <20030609134029.GD904@freshdot.net> <20030606204148.GA9183@freshdot.net> <20030606204633.GB9183@freshdot.net> <20030609013401.GJ6069@merlins.org> <20030609124022.GC904@freshdot.net> <20030609141812.GC28486@merlins.org> Message-ID: <20030609142203.GE904@freshdot.net> Quoting Marc MERLIN (marc@merlins.org): > > Something must have changed, I presume. > Yes, you've convinced me that something has. Good :) *g* > > Hope this helps. I'm now gonna try what happens when I write to stdout > > instead of stderr :) > That didn't work when I tried, but let me know. Still doesn't work. The write fails, and exim-sa thinks the remote end closed the connection. Too bad :| > I posted on the exim list asking Philip how I'm supposed to do this now that > he broke my way to write to the smtp socket directly > Stay tuned Thanks! I'm on that list too. Lurking :) Regards, Sander. -- | Artificial intelligence is no match for natural stupidity. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From marc at merlins.org Mon Jun 9 09:50:28 2003 From: marc at merlins.org (Marc MERLIN) Date: Mon Jun 9 08:50:30 2003 Subject: [SA-exim] Per user whitelisting or rejection In-Reply-To: <20030608205819.GA904@freshdot.net> References: <3EE39FA0.20907@billy.demon.nl> <20030608205819.GA904@freshdot.net> Message-ID: <20030609155028.GC3509@merlins.org> On Sun, Jun 08, 2003 at 10:58:19PM +0200, Sander Smeenk wrote: > Quoting Tony Earnshaw (tonni@billy.demon.nl): > > > >Correct - since local_scan is after the SMTP DATA command, we only have > > >the ability to accept or reject the message as a whole, for all recipients. > > "Not quite" - the very words Marc used to me when I wrote the same, not > > long ago. > > > > Don't forget that you can implement 'localpartlist nosarej' and so on > > (see Marc's example Exim config) for people, groups or whatever you > > like. The choices are quite powerful. > > Hmm, I hadn't yet thought about per-localpart nosa(rej). But you are > right, the choices are powerful. Today, I learnt that you shouldn't focus > on one approach ;) I haven't had the time to work on this (and even less test it), but my guess is that we can implement the per user rejection or accept with no additional code in sa-exim (sa-exim runs too late to do that anyway) Here's how it should work: - for each rcpt, check if it is in the whitelist. - if it's the first receipient, set X-SA-Do-Not-Rej - if it's not - and X-SA-Do-Not-Rej is set, accept - and X-SA-Do-Not-Rej is unset, send tempreject - do the same thing (reversed) if the rcpt is not in the whitelist - for extra points, check if the user has a ~/.spamassasin/user_prefs If so, accept just this user and tempreject the others (and set a header to tell SA-Exim that it should use the user's config file) To support #3, we just need a little code in sa-exim to run spamc -u user What do you all think? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Mon Jun 9 20:25:03 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Mon Jun 9 10:28:22 2003 Subject: [SA-exim] Per user whitelisting or rejection In-Reply-To: <20030609155028.GC3509@merlins.org> References: <3EE39FA0.20907@billy.demon.nl> <20030608205819.GA904@freshdot.net> <20030609155028.GC3509@merlins.org> Message-ID: <3EE4C2EF.4040402@billy.demon.nl> Marc MERLIN wrote: > I haven't had the time to work on this (and even less test it), but my > guess is that we can implement the per user rejection or accept with no > additional code in sa-exim (sa-exim runs too late to do that anyway) > Here's how it should work: > - for each rcpt, check if it is in the whitelist. Which whitelist? I stopped using SA's whitelist_from and whitelist_from_rcvd a while back, make my own regexes. The idea's good ... > - if it's the first receipient, set X-SA-Do-Not-Rej > - if it's not > - and X-SA-Do-Not-Rej is set, accept > - and X-SA-Do-Not-Rej is unset, send tempreject > - do the same thing (reversed) if the rcpt is not in the whitelist ... an Exim lookup or even (drool, drool) coupling with ACLs on my Openldap DIT would be even better, since that would be custom stuff. Up your MySQL - never use it. > - for extra points, check if the user has a ~/.spamassasin/user_prefs > If so, accept just this user and tempreject the others > (and set a header to tell SA-Exim that it should use the user's config > file) Spamd would have to run as root, then - and that's not such a good idea. It doesn't do the sort of uid metamorphoses that Exim does. An alternative is placing the user prefs in a common directory, so that the SA uid could read them (standard SA choice.) It would have to have write perms on the Bayes DB, too. Using user-based Bayes DBs for a large org is just about impossible: minimum 10MB per user, 3,000 employees? > To support #3, we just need a little code in sa-exim to run spamc -u user > What do you all think? The whole Exim/SA-Exim thing is unbelievably elegant and flexible and what you suggest is only proof of that. I'm sweating at learning Postfix 2.0 at the moment and though you might hold a candle for Wietse V. as a person and a card, the whole Postfix thing is one *huge* abhorrence. Coupled with Amavisd it is even worse. Though to put the whole thing in perspective, Postfix is 10 times better than Sendmail. I'm so glad I'm and Exim person, so that what you suggest is even possible. Philip's new book is *good* by the way. I bought it, and I'm glad. Especially new Exim mailadmins should have it, it's easy to read and gives a good grounding. Best, Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From marc at merlins.org Mon Jun 9 11:41:12 2003 From: marc at merlins.org (Marc MERLIN) Date: Mon Jun 9 10:41:14 2003 Subject: [SA-exim] Per user whitelisting or rejection In-Reply-To: <3EE4C2EF.4040402@billy.demon.nl> References: <3EE39FA0.20907@billy.demon.nl> <20030608205819.GA904@freshdot.net> <20030609155028.GC3509@merlins.org> <3EE4C2EF.4040402@billy.demon.nl> Message-ID: <20030609174112.GB10349@merlins.org> On Mon, Jun 09, 2003 at 07:25:03PM +0200, Tony Earnshaw wrote: > Marc MERLIN wrote: > > >I haven't had the time to work on this (and even less test it), but my > >guess is that we can implement the per user rejection or accept with no > >additional code in sa-exim (sa-exim runs too late to do that anyway) > > >Here's how it should work: > >- for each rcpt, check if it is in the whitelist. > > Which whitelist? I stopped using SA's whitelist_from and > whitelist_from_rcvd a while back, make my own regexes. This: http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf.master localpartlist nosarej = /etc/exim/acls/destwhitelist (...) warn message = X-SA-Do-Not-Rej: Yes local_parts = +nosarej:postmaster:abuse > The idea's good ... I've been meaning to do it for a while, just haven't had the time. If one of you can try it out and work out the syntax, please surprise me :) > >- for extra points, check if the user has a ~/.spamassasin/user_prefs > > If so, accept just this user and tempreject the others > > (and set a header to tell SA-Exim that it should use the user's config > > file) > > Spamd would have to run as root, then - and that's not such a good idea? Not necessarily. You can force users to make their ~/.spamassasin/user_prefs readable by all Or, you can patch spamd to read the conf from /var/lib/spamassassin/userprefs/login (or something) > It doesn't do the sort of uid metamorphoses that Exim does. An > alternative is placing the user prefs in a common directory, so that the Right. > perms on the Bayes DB, too. Using user-based Bayes DBs for a large org > is just about impossible: minimum 10MB per user, 3,000 employees? Right. I'm not looking at Bayes for now. > Philip's new book is *good* by the way. I bought it, and I'm glad. > Especially new Exim mailadmins should have it, it's easy to read and > gives a good grounding. I need to get google to buy a few, I need to enlighten a few sysadmins around here :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Mon Jun 9 23:06:44 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Mon Jun 9 21:17:38 2003 Subject: [SA-exim] Per user whitelisting or rejection In-Reply-To: References: Message-ID: <3EE4E8D4.7070308@billy.demon.nl> Chirik wrote: > I believe he is referring to whitelists in Exim's check_rcpt ACL, when you > actually accept / reject the recipient. Check. But what would be best is a whitelist that could be graded, not "all or nothing." > postmaster does get spam, so what I could do is refuse > to allow email addressed to postmaster AND anyone else - I'd accept > postmaster/abuse if it was the only recipient, and send a tempreject to all > remaining recipients except abuse, and if the first recipient was not > postmaster / abuse, I'd tempreject those. Postmaster and abuse should really be able to receive spam, if only to satisfy Joe job customers and suchlike. That having been said, I don't have much respect for other sites' postmasters/abuse any more. Time was, when they'd reply and took their jobs seriously. >>Spamd would have to run as root, then - and that's not such a good idea. >>It doesn't do the sort of uid metamorphoses that Exim does. An >>alternative is placing the user prefs in a common directory, so that the >>SA uid could read them (standard SA choice.) > I actually have my spamd setup with a master directory, because I want the > mail user to have certain preferences, but I don't want those to be the > system-wide prefs, and I don't want spamd running as root, so I am using a > central location for spamc - any users that want a custom config can run it > a second time. ;-) Same here. I'm not a mailadmin any more, but if I were, I'd argue my head off for site-wide filtering. That's what I used to use, for virus - anything else defeats its own purpose, in the end. >>I'm sweating at learning Postfix 2.0 at the moment and though you might >>hold a candle for Wietse V. as a person and a card, the whole Postfix >>thing is one *huge* abhorrence. Coupled with Amavisd it is even worse. > I don't just do this as a hobby - I do it professionally, to. I run exim > at home and love it, I run sendmail on my internal servers at my employer, > and postfix on the external relays. I'm considering alternatives to > sendmail on the internal servers, because it's queue handling is pathetic - > atleast right now, I'm leaning more towards postfix, just because I think it > has better queue handling than exim does, although I need to look at other > options, too. I still have to get used to Postfix - I've only been on it for ~3 weeks. I think you're right about the queue handling - I found that out today, by mistake. It's got a completely different philosophy from Exim and needs far more "powerful" hardware. > I do kinda feel like postfix is a little messier, and don't > like the lack of visibility into it's internals, but it looks like postfix > 2.0 may be better. Too much black magic, for my liking. With Exim one can adopt one's own solutions to a far greater extent. But things are going ahead - built-in SASL AUTH and spam filtering are finally being grudgingly considered, according to the list. As it is, I compile my own and there are too many undocumented additions and choices. >>Philip's new book is *good* by the way. I bought it, and I'm glad. >>Especially new Exim mailadmins should have it, it's easy to read and gives >>a good grounding. > Is the book different than the downloadable documentation? YES! It's far more relaxed and dwells longer on details. It's surprisingly well written and readable, but Phil mentions that he had the services of a professional copy writer - his wife :) > That's one > thing I must say, is exim has some of the best documentation available for > free software - much better than postfix OR sendmail. I wish postfix had > documentation available as a postscript or PDF file, so it'd print nicely. > (I like printed docs - easier reference) Perhaps we could start by helping Marc? A Faq-o-Matic like Openldap.org has, where people can contribute in bits and pieces (far easier to do than Bugzilla) might be a good start. Best, Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From thomask at mtnns.net Tue Jun 10 14:35:06 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue Jun 10 04:35:30 2003 Subject: [SA-exim] patch Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9A2D@protea.int.citec.net> Hi Marc. Just a quick 1. patch -p1 local......... just hangs any ideas around this? Regards, Tom From ssmeenk+exim-sa at freshdot.net Tue Jun 10 14:48:03 2003 From: ssmeenk+exim-sa at freshdot.net (Sander Smeenk) Date: Tue Jun 10 04:48:21 2003 Subject: [SA-exim] patch In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9A2D@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9A2D@protea.int.citec.net> Message-ID: <20030610114803.GD520@freshdot.net> Quoting Thomas Kinghorn (thomask@mtnns.net): > Hi Marc. > > Just a quick 1. > patch -p1 local......... just hangs Did you "< local.patch" ? The correct way would be for you to be in the sa-exim directory, and then type 'patch -p1 < /path/to/local.patch'. If it then asks where to find 'file' for patching, try -p0. -- | Chinese proverb: Man who stand on toilet is high on pot | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From thomask at mtnns.net Tue Jun 10 14:52:51 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Tue Jun 10 04:53:35 2003 Subject: [SA-exim] patch Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9A2F@protea.int.citec.net> Thanks Sander. You answered before I could send another posting... problem solved. for some reason, the processes on the server went into debug mode. ps -ax revealed a T, not S. Thank you for the prompt response though. much appreciated. Tom -----Original Message----- From: Sander Smeenk [mailto:ssmeenk+exim-sa@freshdot.net] Sent: 10 June 2003 01:48 To: Thomas Kinghorn Cc: Sa-Exim@Lists. Merlins. Org (E-mail) Subject: Re: [SA-exim] patch Quoting Thomas Kinghorn (thomask@mtnns.net): > Hi Marc. > > Just a quick 1. > patch -p1 local......... just hangs Did you "< local.patch" ? The correct way would be for you to be in the sa-exim directory, and then type 'patch -p1 < /path/to/local.patch'. If it then asks where to find 'file' for patching, try -p0. -- | Chinese proverb: Man who stand on toilet is high on pot | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From lololuy at freegates.be Wed Jun 11 14:25:38 2003 From: lololuy at freegates.be (Laurent Luyckx) Date: Wed Jun 11 06:25:39 2003 Subject: [SA-exim] spamassassin and bounces Message-ID: <1055337927.5193.5.camel@portable> Hi, Does someone knows how to prevent spamassassin to not scan bounce messages created by the server himself? I didn't find any help on this. Thanks for your help. Laurent From richard at lithvall.se Wed Jun 11 16:33:59 2003 From: richard at lithvall.se (Richard Lithvall) Date: Wed Jun 11 06:34:13 2003 Subject: [SA-exim] spamassassin and bounces In-Reply-To: <1055337927.5193.5.camel@portable> References: <1055337927.5193.5.camel@portable> Message-ID: <3EE72FC7.4050900@lithvall.se> Laurent Luyckx wrote: > Does someone knows how to prevent spamassassin to not scan bounce > messages created by the server himself? in sa-exim's config: SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0} } > I didn't find any help on this. It's all in the bundled example config. /Richard From lololuy at freegates.be Wed Jun 11 14:39:15 2003 From: lololuy at freegates.be (Laurent Luyckx) Date: Wed Jun 11 06:39:17 2003 Subject: [SA-exim] spamassassin and bounces In-Reply-To: <3EE72FC7.4050900@lithvall.se> References: <1055337927.5193.5.camel@portable> <3EE72FC7.4050900@lithvall.se> Message-ID: <1055338742.5193.10.camel@portable> Why this then? 2003-06-11 15:36:41 19Q5mL-0007iW-Hc SA: Action: scanned but message isn't spam: hits=1.0 required=5.0 (scanned in 0/0 secs) 2003-06-11 15:36:41 19Q5mL-0007iW-Hc <= <> R=19Q5ia-00070t-P8 U=mail P=local S=3628 T="Mail delivery failed: returning message to sender" from <> for xxxx@yyyyy.com On Wed, 2003-06-11 at 15:33, Richard Lithvall wrote: > Laurent Luyckx wrote: > > > Does someone knows how to prevent spamassassin to not scan bounce > > messages created by the server himself? > > in sa-exim's config: > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0} > } > > > I didn't find any help on this. > > It's all in the bundled example config. > > /Richard > From lololuy at freegates.be Wed Jun 11 14:45:03 2003 From: lololuy at freegates.be (Laurent Luyckx) Date: Wed Jun 11 06:45:04 2003 Subject: [SA-exim] spamassassin and bounces In-Reply-To: <3EE72FC7.4050900@lithvall.se> References: <1055337927.5193.5.camel@portable> <3EE72FC7.4050900@lithvall.se> Message-ID: <1055339089.5193.13.camel@portable> Arrghh I found the problem. I had this on my config file: SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} SAEximRunCond: 1 and it tooks SAEximRunCond: 1 Sorry for this. On Wed, 2003-06-11 at 15:33, Richard Lithvall wrote: > Laurent Luyckx wrote: > > > Does someone knows how to prevent spamassassin to not scan bounce > > messages created by the server himself? > > in sa-exim's config: > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0} > } > > > I didn't find any help on this. > > It's all in the bundled example config. > > /Richard > From thomask at mtnns.net Wed Jun 11 16:49:48 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Wed Jun 11 06:50:18 2003 Subject: [SA-exim] spamassassin and bounces Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9A48@protea.int.citec.net> I have the run-condition as you do but it still scans.... I have sent myself an e-mail from an off-site server. The returned message still shows that it is scanned. Subject: Mail delivery failed: returning message to sender X-Spam-Status: No, hits=-1.3 required=4.4 tests=BAYES_30,MAILER_DAEMON version=2.54 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp) X-SA-Exim-Version: 3.0 (built Mon May 19 13:57:57 GMT+2 2003) X-SA-Exim-Scanned: Yes -----Original Message----- From: Laurent Luyckx [mailto:lololuy@freegates.be] Sent: 11 June 2003 03:45 To: Richard Lithvall Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] spamassassin and bounces Arrghh I found the problem. I had this on my config file: SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} SAEximRunCond: 1 and it tooks SAEximRunCond: 1 Sorry for this. On Wed, 2003-06-11 at 15:33, Richard Lithvall wrote: > Laurent Luyckx wrote: > > > Does someone knows how to prevent spamassassin to not scan bounce > > messages created by the server himself? > > in sa-exim's config: > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0} > } > > > I didn't find any help on this. > > It's all in the bundled example config. > > /Richard > _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From lololuy at freegates.be Wed Jun 11 14:55:00 2003 From: lololuy at freegates.be (Laurent Luyckx) Date: Wed Jun 11 06:55:01 2003 Subject: [SA-exim] spamassassin and bounces In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9A48@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9A48@protea.int.citec.net> Message-ID: <1055339683.5192.17.camel@portable> I've removed the SAEximRunCond: 1 line and it does not scan anymore. ex: 2003-06-11 15:53:45 19Q62r-0001zF-0K SA: Notice: Not running SA because SAEximRunCond expanded to false 2003-06-11 15:53:45 19Q62r-0001zF-0K <= <> R=19Q62k-0001xj-Eh U=mail P=local S=6267 T="Mail delivery failed: returning message to sender" from <> for blahblah Did you restart spamd? On Wed, 2003-06-11 at 15:49, Thomas Kinghorn wrote: > I have the run-condition as you do but it still scans.... > > > I have sent myself an e-mail from an off-site server. > The returned message still shows that it is scanned. > > > Subject: Mail delivery failed: returning message to sender > X-Spam-Status: No, hits=-1.3 required=4.4 > tests=BAYES_30,MAILER_DAEMON > version=2.54 > X-Spam-Level: > X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp) > X-SA-Exim-Version: 3.0 (built Mon May 19 13:57:57 GMT+2 2003) > X-SA-Exim-Scanned: Yes > > > -----Original Message----- > From: Laurent Luyckx [mailto:lololuy@freegates.be] > Sent: 11 June 2003 03:45 > To: Richard Lithvall > Cc: sa-exim@lists.merlins.org > Subject: Re: [SA-exim] spamassassin and bounces > > > Arrghh > > I found the problem. > > I had this on my config file: > > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } > {1}{0}} > SAEximRunCond: 1 > > and it tooks SAEximRunCond: 1 > > Sorry for this. > > On Wed, 2003-06-11 at 15:33, Richard Lithvall wrote: > > Laurent Luyckx wrote: > > > > > Does someone knows how to prevent spamassassin to not scan bounce > > > messages created by the server himself? > > > > in sa-exim's config: > > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } > {1}{0} > > } > > > > > I didn't find any help on this. > > > > It's all in the bundled example config. > > > > /Richard > > > > > _______________________________________________ > SA-Exim mailing list > SA-Exim@lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim From tonni at billy.demon.nl Wed Jun 11 17:34:49 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Wed Jun 11 07:36:48 2003 Subject: [SA-exim] spamassassin and bounces In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9A48@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9A48@protea.int.citec.net> Message-ID: <3EE73E09.20006@billy.demon.nl> Thomas Kinghorn wrote: > Subject: Mail delivery failed: returning message to sender Hmmm? Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From thomask at mtnns.net Thu Jun 12 10:12:45 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Thu Jun 12 00:13:06 2003 Subject: [SA-exim] RunCond......baffles me. Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9A54@protea.int.citec.net> Hi List. This is NOT a sa-exim list issue but some input would be greatly appreciated. Platform: RH8, SA-2.54, SA-exim-3.0 . I have this in my spamassassin.conf : SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} BUT the exim server is just a relay for our exchange server, IP address 209.212.109.146. I have tried the above condition with {127.0.0.1 : 209.212.109.146} and just {209.212.109.146}, no luck. All mail that comes through the exim server expands to FALSE, so no scanning is occurring. 2003-06-12 07:23:57 19QOJJ-0003A3-ER SA: Debug: SAEximRunCond expand returned: '0' 2003-06-12 07:23:57 19QOJJ-0003A3-ER SA: Notice: Not running SA because SAEximRunCond expanded to false 2003-06-12 07:23:57 19QOJJ-0003A3-ER <= evas@merchantwest.co.za H=mfwjs03.mfw.is.co.za [196.35.77.21] P=esmtp S=46384 id=22949D5F4724CA498C435A8605092E99155BEF@mwest01.merchantwest.co.za 2003-06-12 07:23:58 19QOJJ-0003A3-ER => michaels@mail-rbk.mtnns.net R=hub_route T=remote_smtp H=mail-rbk.mtnns.net [209.212.109.146] 2003-06-12 07:23:58 19QOJJ-0003A3-ER Completed I need to get this sorted as all local(outbound) mail from our domain is being scanned. Any idvice would be appreciated. Thanks for all the past help. Regards, Tom Frustrated :o$ From tonni at billy.demon.nl Thu Jun 12 12:20:36 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Thu Jun 12 02:22:30 2003 Subject: [SA-exim] RunCond......baffles me. In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9A54@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9A54@protea.int.citec.net> Message-ID: <3EE845E4.9000507@billy.demon.nl> Thomas Kinghorn wrote: > Platform: RH8, SA-2.54, SA-exim-3.0 . [...] > I need to get this sorted as all local(outbound) mail from our domain is > being scanned. You give the platform, with all but the Exim version :-) Are you in a position to run Exim as a daemon in debug mode on that machine /and/ with '-d+expand' ? That's my bracket-testing and condition-testing choice for Exim, but I think it only began with v4.14 - not sure. You'd have to run it under a heavily scrollable xterm window, so that you could scroll backwards and forward through the output. Also, you'd probably have to go in to work in the middle of the night to do it, when traffic's minimal, unless you have remote access. That's a funny IP number for an Exchange server. It's a public number, which suggests that the machine is directly on the Internet and not in a DMZ or behind a proxy firewall at least. Check that that really is the IP number used for sending. Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From thomask at mtnns.net Thu Jun 12 12:34:02 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Thu Jun 12 02:34:09 2003 Subject: [SA-exim] RunCond......baffles me. Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9A5A@protea.int.citec.net> OOPS :o$...thanks Tony, Its exim-4.14 -----Original Message----- From: Tony Earnshaw [mailto:tonni@billy.demon.nl] Sent: 12 June 2003 11:21 To: Thomas Kinghorn Cc: Sa-Exim@Lists. Merlins. Org (E-mail) Subject: Re: [SA-exim] RunCond......baffles me. Thomas Kinghorn wrote: > Platform: RH8, SA-2.54, SA-exim-3.0 . [...] > I need to get this sorted as all local(outbound) mail from our domain is > being scanned. You give the platform, with all but the Exim version :-) Are you in a position to run Exim as a daemon in debug mode on that machine /and/ with '-d+expand' ? That's my bracket-testing and condition-testing choice for Exim, but I think it only began with v4.14 - not sure. You'd have to run it under a heavily scrollable xterm window, so that you could scroll backwards and forward through the output. Also, you'd probably have to go in to work in the middle of the night to do it, when traffic's minimal, unless you have remote access. That's a funny IP number for an Exchange server. It's a public number, which suggests that the machine is directly on the Internet and not in a DMZ or behind a proxy firewall at least. Check that that really is the IP number used for sending. Tony -- Tony Earnshaw There's none so daft as them as will not learn http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From marc at merlins.org Thu Jun 12 07:21:29 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Jun 12 06:21:32 2003 Subject: [SA-exim] RunCond......baffles me. In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF9A54@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF9A54@protea.int.citec.net> Message-ID: <20030612132129.GA32560@merlins.org> On Thu, Jun 12, 2003 at 09:12:45AM +0200, Thomas Kinghorn wrote: > Hi List. > > This is NOT a sa-exim list issue but some input would be greatly > appreciated. > > Platform: RH8, SA-2.54, SA-exim-3.0 . > > I have this in my spamassassin.conf : > > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } > {1}{0}} > > 2003-06-12 07:23:57 19QOJJ-0003A3-ER SA: Debug: SAEximRunCond expand > returned: '0' Well, it's pretty simple: We can't easily guess for you which one of the 3 tests fails, so what do you do? You take out the tests one per one until you find which one evals to false Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From nick at 3tpro.com Thu Jun 19 17:20:34 2003 From: nick at 3tpro.com (Nick) Date: Thu Jun 19 14:23:11 2003 Subject: [SA-exim] sa-exim and whiltelists Message-ID: <86F3AD6D5B0BD511850900B0D0B041AE6586A3@3TPRO> I've read through the archives regarding user based preferences and understand the arguments against it. I've also seen the various sorcery one could use to make it work by using Tom Kistner's strategy. My question is slightly different since I'm only interested in whitelists. What I'd like to do is one of two things. Either not scan a message if ANY of the recipients have whitelisted the sender, or, adjust the score so that it would not be considered spam. The whitelists would be stored in a mysql database. I found a post in the spamassassin-talk archive (http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105567290926230&w=2)tha t states that this could be done using the exclusion rule. What are your thoughts on the best way to do this? Thanks, Nick From jvanasco at mastersofbranding.com Thu Jun 19 18:27:08 2003 From: jvanasco at mastersofbranding.com (Jonathan Vanasco) Date: Thu Jun 19 14:26:17 2003 Subject: [SA-exim] logging spammer ips Message-ID: just wondering if this would be possible w/the current sa-exim implementation... would it be possible to log the ips of incoming mail sources to a seperate file? for example: the originating ip of all spam marked 12+ is added to spammer_ips.txt -- which can be used as a blacklist or, you could log ip:spamscore to one or more files, and play with that data its like making a realtime local rbl dunno if its entirely useful in practice, but it could be cool to experiment with From bill at wiliweld.com Thu Jun 19 16:05:04 2003 From: bill at wiliweld.com (Bill Schoolcraft) Date: Thu Jun 19 15:02:53 2003 Subject: [SA-exim] spamassin and Postfix ? Message-ID: Hello, I was wondering how well Spamassin works with Postfix, and if it does is there any specific docs for that? Thanks -- |<----------------------"Word-Wrap-At-72-Please"---------------------->| Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ "UNIX, A Way Of Life." _\_v From nick at 3tpro.com Thu Jun 19 18:07:30 2003 From: nick at 3tpro.com (Nick) Date: Thu Jun 19 15:10:07 2003 Subject: [SA-exim] spamassin and Postfix ? Message-ID: <86F3AD6D5B0BD511850900B0D0B041AE6586A4@3TPRO> Hi Bill, You should check out the spamassassin-talk list. You can browse the archives here: http://marc.theaimsgroup.com/?l=spamassassin-talk&r=1&w=2 A quick search in the above archive led me to this post which may or may not be helpful: http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105246349607551&w=2 Regards, Nick > -----Original Message----- > From: Bill Schoolcraft [mailto:bill@wiliweld.com] > Sent: Thursday, June 19, 2003 4:05 PM > To: sa-exim@lists.merlins.org > Subject: [SA-exim] spamassin and Postfix ? > > > Hello, > > I was wondering how well Spamassin works with Postfix, and if it > does is there any specific docs for that? > > Thanks > > -- > |<----------------------"Word-Wrap-At-72-Please"-------------- > -------->| > Bill Schoolcraft > PO Box 210076 -o) > San Francisco CA 94121 /\ > "UNIX, A Way Of Life." _\_v > > > > _______________________________________________ > SA-Exim mailing list > SA-Exim@lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim > From nick at 3tpro.com Thu Jun 19 18:26:12 2003 From: nick at 3tpro.com (Nick) Date: Thu Jun 19 15:28:50 2003 Subject: [SA-exim] sa-exim and whiltelists Message-ID: <86F3AD6D5B0BD511850900B0D0B041AE6586A5@3TPRO> Similarly, I'd also like to not scan a message if the following conditions are net: 1)There is only one recipient or all recipients are of the same domain and 2)That domain or address is listed in an exclusion table/file. feasible? > -----Original Message----- > From: Nick [mailto:nick@3tpro.com] > Sent: Thursday, June 19, 2003 4:21 PM > To: 'sa-exim@lists.merlins.org' > Subject: [SA-exim] sa-exim and whiltelists > > > I've read through the archives regarding user based preferences and > understand the arguments against it. I've also seen the > various sorcery one > could use to make it work by using Tom Kistner's strategy. > My question is > slightly different since I'm only interested in whitelists. > What I'd like > to do is one of two things. Either not scan a message if ANY of the > recipients have whitelisted the sender, or, adjust the score > so that it > would not be considered spam. The whitelists would be stored > in a mysql > database. I found a post in the spamassassin-talk archive > (http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105567290 > 926230&w=2)tha > t states that this could be done using the exclusion rule. > What are your > thoughts on the best way to do this? > > Thanks, > > Nick > > _______________________________________________ > SA-Exim mailing list > SA-Exim@lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim > From marc at merlins.org Thu Jun 19 16:36:58 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Jun 19 15:37:01 2003 Subject: [SA-exim] sa-exim and whiltelists In-Reply-To: <86F3AD6D5B0BD511850900B0D0B041AE6586A5@3TPRO> References: <86F3AD6D5B0BD511850900B0D0B041AE6586A5@3TPRO> Message-ID: <20030619223658.GF5560@merlins.org> On Thu, Jun 19, 2003 at 05:26:12PM -0600, Nick wrote: > Similarly, I'd also like to not scan a message if the following conditions > are net: > 1)There is only one recipient or all recipients are of the same domain > and > 2)That domain or address is listed in an exclusion table/file. You'd probably have to write a fairly complex SAEximRunCond, but my guess is that it's doable. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Thu Jun 19 16:39:33 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Jun 19 15:39:35 2003 Subject: [SA-exim] sa-exim and whiltelists In-Reply-To: <86F3AD6D5B0BD511850900B0D0B041AE6586A3@3TPRO> References: <86F3AD6D5B0BD511850900B0D0B041AE6586A3@3TPRO> Message-ID: <20030619223933.GG5560@merlins.org> On Thu, Jun 19, 2003 at 04:20:34PM -0600, Nick wrote: > I've read through the archives regarding user based preferences and > understand the arguments against it. I've also seen the various sorcery one > could use to make it work by using Tom Kistner's strategy. My question is > slightly different since I'm only interested in whitelists. What I'd like > to do is one of two things. Either not scan a message if ANY of the > recipients have whitelisted the sender, or, That can be done in SAEximRunCond or SAEximRejCond. > adjust the score so that it would not be considered spam. The whitelists You can have exim add a header with warn on any condition and write an SA rule that removes/add points depending on the header Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From nick at 3tpro.com Thu Jun 19 18:41:51 2003 From: nick at 3tpro.com (Nick) Date: Thu Jun 19 15:44:27 2003 Subject: [SA-exim] sa-exim and whiltelists Message-ID: <86F3AD6D5B0BD511850900B0D0B041AE6586A6@3TPRO> Thanks Marc, Your help (and software) is greatly appreciated. --Nick > -----Original Message----- > From: Marc MERLIN [mailto:marc@merlins.org] > Sent: Thursday, June 19, 2003 4:40 PM > To: Nick > Cc: 'sa-exim@lists.merlins.org' > Subject: Re: [SA-exim] sa-exim and whiltelists > > > On Thu, Jun 19, 2003 at 04:20:34PM -0600, Nick wrote: > > I've read through the archives regarding user based preferences and > > understand the arguments against it. I've also seen the > various sorcery one > > could use to make it work by using Tom Kistner's strategy. > My question is > > slightly different since I'm only interested in whitelists. > What I'd like > > to do is one of two things. Either not scan a message if ANY of the > > recipients have whitelisted the sender, or, > > That can be done in SAEximRunCond or SAEximRejCond. > > > adjust the score so that it would not be considered spam. > The whitelists > > You can have exim add a header with warn on any condition and > write an SA > rule that removes/add points depending on the header > > Marc > -- > "A mouse is a device used to point at the xterm you want to > type in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is > to gourmet cooking > Home page: http://marc.merlins.org/ | Finger > marc_f@merlins.org for PGP key > From marc at merlins.org Thu Jun 19 16:48:26 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Jun 19 15:48:27 2003 Subject: [SA-exim] logging spammer ips In-Reply-To: References: Message-ID: <20030619224826.GI5560@merlins.org> On Thu, Jun 19, 2003 at 05:27:08PM -0400, Jonathan Vanasco wrote: > > just wondering if this would be possible w/the current sa-exim > implementation... > > would it be possible to log the ips of incoming mail sources to a > seperate file? > > for example: the originating ip of all spam marked 12+ is added to > spammer_ips.txt -- which can be used as a blacklist Sure thing, parse the logs: 2003-06-16 05:31:20 19Rt8l-0001ox-Ui SA: Action: permanently rejected message: h its=21.0 required=7.0 trigger=12.0 (scanned in 1/1 secs). From (host=h0007e9f09ccb.ne.client2.attbi.com [24.34.37.97]) for user@mydomain Be careful not to blacklist your secondary MXes and hosts that forward mail to you (/etc/aliases / ~/.forward) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Fri Jun 20 07:55:10 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Thu Jun 19 22:04:19 2003 Subject: [SA-exim] spamassin and Postfix ? In-Reply-To: References: Message-ID: <3EF293AE.4010504@billy.demon.nl> Bill Schoolcraft wrote: > I was wondering how well Spamassin works with Postfix, and if it > does is there any specific docs for that? Bill, It works beautifully and is super-fast with 2.0.9 and newer, with different ways of incorporating SA. I use 2.0.12 with amavisd.new myself - it won't do realtime smtp scanning with SA like SA-Exim, though. Appropriate fora (mailadmins who use it in production and other experts) are the Postfix and SA mailing lists. Best, Tony -- Tony Earnshaw Working to get a life http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From bill at wiliweld.com Fri Jun 20 07:35:57 2003 From: bill at wiliweld.com (Bill Schoolcraft) Date: Fri Jun 20 06:33:39 2003 Subject: [SA-exim] spamassin and Postfix ? In-Reply-To: <86F3AD6D5B0BD511850900B0D0B041AE6586A4@3TPRO> Message-ID: At Thu, 19 Jun 2003 it looks like Nick composed: > Hi Bill, > > You should check out the spamassassin-talk list. You can browse the > archives here: http://marc.theaimsgroup.com/?l=spamassassin-talk&r=1&w=2 > > A quick search in the above archive led me to this post which may or may not > be helpful: > http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105246349607551&w=2 > > Regards, > Thanks Nick, I was curious since a work project had me shift to Postfix for a while. -- |<----------------------"Word-Wrap-At-72-Please"---------------------->| Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ "UNIX, A Way Of Life." _\_v From wash at wananchi.com Fri Jun 20 17:49:50 2003 From: wash at wananchi.com (ODHIAMBO Washington) Date: Fri Jun 20 06:50:27 2003 Subject: [SA-exim] spamassin and Postfix ? In-Reply-To: References: <86F3AD6D5B0BD511850900B0D0B041AE6586A4@3TPRO> Message-ID: <20030620134950.GK23682@ns2.wananchi.com> * Bill Schoolcraft [20030620 16:34]: wrote: > At Thu, 19 Jun 2003 it looks like Nick composed: > > > Hi Bill, > > > > You should check out the spamassassin-talk list. You can browse the > > archives here: http://marc.theaimsgroup.com/?l=spamassassin-talk&r=1&w=2 > > > > A quick search in the above archive led me to this post which may or may not > > be helpful: > > http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105246349607551&w=2 > > > > Regards, > > > > Thanks Nick, > > I was curious since a work project had me shift to Postfix for a > while. What Postfix can do, Exim can do better. Ask Tony Earnshaw ;) Nice weekend pals. -Wash -- Odhiambo Washington "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) When all other means of communication fail, try words. From jerry at cheesymouse.com Fri Jun 20 19:22:20 2003 From: jerry at cheesymouse.com (Jerry Rasmussen) Date: Fri Jun 20 15:22:28 2003 Subject: [SA-exim] SA-Exim errors Message-ID: Where can I look to find out more about why this error is being generated? X-SA-Exim-Version: 3.0 (built Sun Jun 1 08:16:53 EDT 2003) X-SA-Exim-Scanned: No; Unknown failure I am running Exim4.20 and sa Exim 3.0 on a red hat 9 os. Any help would be appreciated. From marc at merlins.org Fri Jun 20 16:23:00 2003 From: marc at merlins.org (Marc MERLIN) Date: Fri Jun 20 15:23:01 2003 Subject: [SA-exim] SA-Exim errors In-Reply-To: References: Message-ID: <20030620222300.GH18968@merlins.org> On Fri, Jun 20, 2003 at 06:22:20PM -0400, Jerry Rasmussen wrote: > > > Where can I look to find out more about why this error is being > generated? > > X-SA-Exim-Version: 3.0 (built Sun Jun 1 08:16:53 EDT 2003) > X-SA-Exim-Scanned: No; Unknown failure > > I am running Exim4.20 and sa Exim 3.0 on a red hat 9 os. Any help would > be appreciated. Look in your exim logs Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From jerry at cheesymouse.com Sat Jun 21 01:38:29 2003 From: jerry at cheesymouse.com (Jerry Rasmussen) Date: Fri Jun 20 21:38:35 2003 Subject: [SA-exim] SA-Exim errors Message-ID: This is what I am getting in the mail.log does anyone have an idea why this might be happening? 2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: SAEximRunCond expand returned: '1' 2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: check succeeded, running spamc 2003-06-20 22:40:55 19TYJ9-0006Cw-Qn SA: Action: SA didn't successfully run against message, accepting (time: 3/3 secs) 2003-0 -----Original Message----- From: Marc MERLIN [mailto:marc@merlins.org] Sent: Friday, June 20, 2003 6:23 PM To: Jerry Rasmussen Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] SA-Exim errors On Fri, Jun 20, 2003 at 06:22:20PM -0400, Jerry Rasmussen wrote: > > > Where can I look to find out more about why this error is being > generated? > > X-SA-Exim-Version: 3.0 (built Sun Jun 1 08:16:53 EDT 2003) > X-SA-Exim-Scanned: No; Unknown failure > > I am running Exim4.20 and sa Exim 3.0 on a red hat 9 os. Any help would > be appreciated. Look in your exim logs Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Sat Jun 21 08:51:49 2003 From: marc at merlins.org (Marc MERLIN) Date: Sat Jun 21 07:51:51 2003 Subject: [SA-exim] SA-Exim errors In-Reply-To: References: Message-ID: <20030621145149.GA11791@merlins.org> On Sat, Jun 21, 2003 at 12:38:29AM -0400, Jerry Rasmussen wrote: > 2003-06-20 22:40:55 19TYJ9-0006Cw-Qn SA: Action: SA didn't successfully > run against message, accepting (time: 3/3 secs) SA-Exim ran spamc, spamc returned the mail as is, unscanned. Check your spamc/spamd config to make sure it works, and that you configured spamd as indicated in the SA-Exim docs. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Sat Jun 21 14:54:22 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Sat Jun 21 08:29:09 2003 Subject: [SA-exim] SA-Exim errors In-Reply-To: References: Message-ID: <3EF4476E.3070204@billy.demon.nl> Jerry Rasmussen wrote: > This is what I am getting in the mail.log does anyone have an idea why > this might be happening? > 2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: SAEximRunCond expand > returned: '1' > 2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: check succeeded, running > spamc > 2003-06-20 22:40:55 19TYJ9-0006Cw-Qn SA: Action: SA didn't successfully > run against message, accepting (time: 3/3 secs) > 2003-0 In my spamassassin.conf, I have: SAspamcpath: /usr/local/bin/spamc Because that's where it is. Where is your spamc? Does your spamassassin.conf point to it? Is spamd running? Tony -- Tony Earnshaw Working to get a life http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From tonni at billy.demon.nl Sat Jun 21 15:01:45 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Sat Jun 21 08:29:10 2003 Subject: [SA-exim] spamassin and Postfix ? In-Reply-To: <20030620134950.GK23682@ns2.wananchi.com> References: <86F3AD6D5B0BD511850900B0D0B041AE6586A4@3TPRO> <20030620134950.GK23682@ns2.wananchi.com> Message-ID: <3EF44929.2070807@billy.demon.nl> ODHIAMBO Washington wrote: > What Postfix can do, Exim can do better. Ask Tony Earnshaw ;) Not entirely true. It's rather like comparing two similar cars/automobiles from 2 different manufacturers. Exim has more options available than Postfix, but they're often "more expensive" ;) Best, Tony -- Tony Earnshaw Working to get a life http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From Terry.Shows at csstn.com Fri Jun 20 15:27:47 2003 From: Terry.Shows at csstn.com (Terry Shows) Date: Sat Jun 21 12:02:28 2003 Subject: [SA-exim] Extra stuff in reject.log Message-ID: Since installing the sa-exim patch to exim, I am getting a lot of extra stuff in my reject log. In the past this log was short and concise making it easy for me to see hosts that were rejected, Is there any way to stop all of the activity that the new local_scan.c has added to my log? Thank You Terry Shows Computer Software Specialists LLC terry.shows@csstn.com From marc at merlins.org Sat Jun 21 13:05:23 2003 From: marc at merlins.org (Marc MERLIN) Date: Sat Jun 21 12:05:25 2003 Subject: [SA-exim] SA-Exim errors In-Reply-To: <3EF4476E.3070204@billy.demon.nl> References: <3EF4476E.3070204@billy.demon.nl> Message-ID: <20030621190523.GH11791@merlins.org> On Sat, Jun 21, 2003 at 01:54:22PM +0200, Tony Earnshaw wrote: > Jerry Rasmussen wrote: > > >This is what I am getting in the mail.log does anyone have an idea why > >this might be happening? > >2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: SAEximRunCond expand > >returned: '1' > >2003-06-20 22:40:52 19TYJ9-0006Cw-Qn SA: Debug: check succeeded, running > >spamc > >2003-06-20 22:40:55 19TYJ9-0006Cw-Qn SA: Action: SA didn't successfully > >run against message, accepting (time: 3/3 secs) > >2003-0 > > In my spamassassin.conf, I have: > > SAspamcpath: /usr/local/bin/spamc If it were the problem, SA-Exim would report an error running spamc. In this case spamc gets run, but returns an unscanned message, because it couldn't talk to spamd or spamd failed somehow. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Sat Jun 21 13:10:22 2003 From: marc at merlins.org (Marc MERLIN) Date: Sat Jun 21 12:10:24 2003 Subject: [SA-exim] Extra stuff in reject.log In-Reply-To: References: Message-ID: <20030621191022.GI11791@merlins.org> On Fri, Jun 20, 2003 at 02:27:47PM -0500, Terry Shows wrote: > Since installing the sa-exim patch to exim, I am getting a lot of extra > stuff in my reject log. In the past this log was short and concise making > it easy for me to see hosts that were rejected, You probably aren't using SMTP callouts, otherwise you'd have seen those before. Basically SA-Exim gives you headers of the mails that are rejected because of content, just like exim does if a header check or header callback fails. > Is there any way to stop all of the activity that the new local_scan.c has > added to my log? You could remove all the logging from the sa-exim source, but I'm not going to do that myself, I'd consider it evil[tm] Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Sat Jun 21 22:27:04 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Sat Jun 21 12:50:07 2003 Subject: [SA-exim] SA-Exim errors In-Reply-To: <20030621190523.GH11791@merlins.org> References: <3EF4476E.3070204@billy.demon.nl> <20030621190523.GH11791@merlins.org> Message-ID: <3EF4B188.8090704@billy.demon.nl> Marc MERLIN wrote: >>In my spamassassin.conf, I have: >> >>SAspamcpath: /usr/local/bin/spamc > > If it were the problem, SA-Exim would report an error running spamc. > In this case spamc gets run, but returns an unscanned message, because it > couldn't talk to spamd or spamd failed somehow. Right :-) Tony -- Tony Earnshaw Working to get a life http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From jerry at cheesymouse.com Sat Jun 21 16:52:23 2003 From: jerry at cheesymouse.com (Jerry Rasmussen) Date: Sat Jun 21 12:52:26 2003 Subject: [SA-exim] SA-Exim errors Message-ID: I had just recently rebuilt the computer with RedHat 9. I thought I had added spamd -d to the startup script. I was obviously mistaken. Thanks for pointing me in the right direction. -----Original Message----- From: Tony Earnshaw [mailto:tonni@billy.demon.nl] Sent: Saturday, June 21, 2003 3:27 PM To: Marc MERLIN Cc: Jerry Rasmussen; sa-exim@lists.merlins.org Subject: Re: [SA-exim] SA-Exim errors Marc MERLIN wrote: >>In my spamassassin.conf, I have: >> >>SAspamcpath: /usr/local/bin/spamc > > If it were the problem, SA-Exim would report an error running spamc. > In this case spamc gets run, but returns an unscanned message, because it > couldn't talk to spamd or spamd failed somehow. Right :-) Tony -- Tony Earnshaw Working to get a life http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From marilyn at deliberate.com Tue Jun 24 23:44:51 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Tue Jun 24 22:45:54 2003 Subject: [SA-exim] Overwriting local_scan.c to build Message-ID: Hi, I am choosing to compile the sa-exim code into exim by overwriting src/local_scan.c with sa-exim.c. Is this still ok? The INSTALL says "1) Unpack exim 4.11 or better, and overwrite src/local_scan.c with sa-exim-x.y.c. Rebuild exim, and you're done." sa-exim-x.y.c? I figured you mean sa-exim.c? So I tried that. (I did fix up SPAMASSASSIN_CONF in the sa-exim.c) But I get a compiler complaint because it can't find sa-exim.h, which is #included in sa-exim.c. I can't find an sa-exim.h in the sa-exim-3.0 distribution. Please tell me, what am I doing wrong? I'm sure it's irrelevant but I'm running exim-4.20, RH 7.3. Marilyn Davis p.s. Thank you so much for this great facility, and for all that you contribute! From marc at merlins.org Tue Jun 24 23:53:39 2003 From: marc at merlins.org (Marc MERLIN) Date: Tue Jun 24 22:53:41 2003 Subject: [SA-exim] Overwriting local_scan.c to build In-Reply-To: References: Message-ID: <20030625055339.GI5901@merlins.org> On Tue, Jun 24, 2003 at 10:44:51PM -0700, Marilyn Davis wrote: > Hi, > > I am choosing to compile the sa-exim code into exim by overwriting > src/local_scan.c with sa-exim.c. Is this still ok? Yes, although the install is not very polished anymore > The INSTALL says "1) Unpack exim 4.11 or better, and overwrite > src/local_scan.c with sa-exim-x.y.c. Rebuild exim, and you're done." > > sa-exim-x.y.c? I figured you mean sa-exim.c? So I tried that. Right. > But I get a compiler complaint because it can't find sa-exim.h, which > is #included in sa-exim.c. I can't find an sa-exim.h in the > sa-exim-3.0 distribution. You need to type make sa-exim.h, it'll generate the file and then you need to copy it in the exim tree. Yeah, I need to fix the docs, sorry. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From thomask at mtnns.net Wed Jun 25 10:18:10 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Wed Jun 25 00:18:35 2003 Subject: [SA-exim] run condition Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF9B1F@protea.int.citec.net> Morning list. This is just a quick THANK YOU to the contributors on this list, especially Marc. The problems i have been having with the run condition was due to too many people having admin rights to the exchange server. I routed the mail via the sa-exim server but somebody kept changing the mail routing to a sendmail server. Thanks for all the advise regarding the SAEximRunCond. You guys rule. Regards Tom From jerry at cheesymouse.com Wed Jun 25 08:54:34 2003 From: jerry at cheesymouse.com (Jerry Rasmussen) Date: Wed Jun 25 04:54:40 2003 Subject: [SA-exim] run condition Message-ID: I just wanted to echo Thomas' thoughts and say thanks. -----Original Message----- From: Thomas Kinghorn [mailto:thomask@mtnns.net] Sent: Wed 6/25/2003 3:18 AM To: Sa-Exim@Lists. Merlins. Org (E-mail) Cc: Subject: [SA-exim] run condition Morning list. This is just a quick THANK YOU to the contributors on this list, especially Marc. The problems i have been having with the run condition was due to too many people having admin rights to the exchange server. I routed the mail via the sa-exim server but somebody kept changing the mail routing to a sendmail server. Thanks for all the advise regarding the SAEximRunCond. You guys rule. Regards Tom _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From marilyn at deliberate.com Wed Jun 25 18:24:18 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Wed Jun 25 17:25:24 2003 Subject: [SA-exim] Overwriting local_scan.c to buildy In-Reply-To: <20030625055339.GI5901@merlins.org> Message-ID: Hi, Thank you! On Tue, 24 Jun 2003, Marc MERLIN wrote: > On Tue, Jun 24, 2003 at 10:44:51PM -0700, Marilyn Davis wrote: > > Hi, > > > > I am choosing to compile the sa-exim code into exim by overwriting > > src/local_scan.c with sa-exim.c. Is this still ok? > > Yes, although the install is not very polished anymore > > > The INSTALL says "1) Unpack exim 4.11 or better, and overwrite > > src/local_scan.c with sa-exim-x.y.c. Rebuild exim, and you're done." > > > > sa-exim-x.y.c? I figured you mean sa-exim.c? So I tried that. > > Right. > > > But I get a compiler complaint because it can't find sa-exim.h, which > > is #included in sa-exim.c. I can't find an sa-exim.h in the > > sa-exim-3.0 distribution. > > You need to type make sa-exim.h, it'll generate the file and then you need > to copy it in the exim tree. Yep! It's totally working now. Very cool. > > Yeah, I need to fix the docs, sorry. It's ok since you're right here to ask. :^) So install method 2 is "better"? Is this because it's simpler? Because you can do it without the exim source? Is there some advantage to having local_scan in its library? Is this what's happening? If those are too many questions, just ignore me. Thank so much again. Marilyn > > Marc > -- > "A mouse is a device used to point at the xterm you want to type in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to gourmet cooking > Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key > From marilyn at deliberate.com Wed Jun 25 20:30:43 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Wed Jun 25 19:31:47 2003 Subject: [SA-exim] Overwriting local_scan.c to buildy In-Reply-To: Message-ID: One more thing. The doc says to put report_header 1 into the spamassin config. But from the debug report coming out of spamc, it appears that it can't parse this and so ignores it. I wonder what was the intention and if there is something else you are advising. Thanks so much again. Marilyn From tonni at billy.demon.nl Thu Jun 26 08:31:21 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Wed Jun 25 22:33:43 2003 Subject: [SA-exim] Overwriting local_scan.c to buildy In-Reply-To: References: Message-ID: <3EFA8529.3090605@billy.demon.nl> Marilyn Davis wrote: > The doc says to put > > report_header 1 > > into the spamassin config. But from the debug report coming out of spamc, > it appears that it can't parse this and so ignores it. > > I wonder what was the intention and if there is something else you are > advising. Perhaps you misunderstood "the doc." report_header 1 goes into local.cf. I've found SA-Exim to be particularly good-tempered in what it accepts from local.cf entries and with no especial gripes or barfs about the entries it accepts. Best, Tony -- Tony Earnshaw Humor him, and he'll go away again http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From marilyn at deliberate.com Wed Jun 25 23:47:26 2003 From: marilyn at deliberate.com (Marilyn Davis) Date: Wed Jun 25 22:48:33 2003 Subject: [SA-exim] Overwriting local_scan.c to buildy In-Reply-To: <3EFA8529.3090605@billy.demon.nl> Message-ID: Thank you Tony. Yes, I put it in my local.cf, for spamassassin to read. Also, "subject_header" doesn't appear when I do perldoc mail::spamassassin::conf The other config thingies that Marc suggests seem to be read fine. It's spamc that writes the debug complaint. sa-exim is happy. In fact, also spamassassin is happy, it just ignores what it can't read. So, I removed it. Everything still works the same as far as I can see. Thank you again for your thoughts. Marilyn On Thu, 26 Jun 2003, Tony Earnshaw wrote: > Marilyn Davis wrote: > > > The doc says to put > > > > report_header 1 > > > > into the spamassin config. But from the debug report coming out of spamc, > > it appears that it can't parse this and so ignores it. > > > > I wonder what was the intention and if there is something else you are > > advising. > > Perhaps you misunderstood "the doc." report_header 1 goes into local.cf. > > I've found SA-Exim to be particularly good-tempered in what it accepts > from local.cf entries and with no especial gripes or barfs about the > entries it accepts. > > Best, > > Tony > > -- > Tony Earnshaw > > Humor him, and he'll go away again > > http://j-walk.com/blog/docs/conference.htm > http://www.billy.demon.nl > Mail: tonni@billy.demon.nl > > From richard at lithvall.se Thu Jun 26 11:48:34 2003 From: richard at lithvall.se (Richard Lithvall) Date: Thu Jun 26 01:48:42 2003 Subject: [SA-exim] SA report_safe and sa-exim Message-ID: <3EFAB362.7090706@lithvall.se> Hi list-members. The issue with Spamassassin 2.50 and it's report_safe mode have been discussed here a couple of times before. As sa-exim works it only modifies the headers of a message and never touches the message body, which makes it impossible to use report_safe as it modifies both the headers and body. I really wanted report_safe enabled so I rewrote parts of sa-exim enabling it to modify the body as well. Marc has already received my patch and more or less promised to include it in the next release of sa-exim but suggested that I should post the patch to this list so that people could use it before he release the next version. So, for the brave and impatient here it is: http://richard.lithvall.se/projects/sa-exim/ /Richard From wash at wananchi.com Thu Jun 26 13:37:13 2003 From: wash at wananchi.com (ODHIAMBO Washington) Date: Thu Jun 26 02:37:39 2003 Subject: [SA-exim] SA report_safe and sa-exim In-Reply-To: <3EFAB362.7090706@lithvall.se> References: <3EFAB362.7090706@lithvall.se> Message-ID: <20030626093713.GT27922@ns2.wananchi.com> * Richard Lithvall [20030626 11:49]: wrote: > Hi list-members. > > The issue with Spamassassin 2.50 and it's report_safe mode have been > discussed here a couple of times before. > > As sa-exim works it only modifies the headers of a message and never > touches the message body, which makes it impossible to use report_safe > as it modifies both the headers and body. > > I really wanted report_safe enabled so I rewrote parts of sa-exim > enabling it to modify the body as well. Hmm, is the body modification an allowed practice? Aren't we going to far? -Wash -- Odhiambo Washington "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) "Right now I'm having amnesia and deja vu at the same time." -- Steven Wright From richard at lithvall.se Thu Jun 26 13:05:32 2003 From: richard at lithvall.se (Richard Lithvall) Date: Thu Jun 26 03:05:42 2003 Subject: [SA-exim] SA report_safe and sa-exim In-Reply-To: <20030626093713.GT27922@ns2.wananchi.com> References: <3EFAB362.7090706@lithvall.se> <20030626093713.GT27922@ns2.wananchi.com> Message-ID: <3EFAC56C.3060709@lithvall.se> ODHIAMBO Washington wrote: >>I really wanted report_safe enabled so I rewrote parts of sa-exim >>enabling it to modify the body as well. > > Hmm, is the body modification an allowed practice? Aren't we going > to far? Do you mean allowed practice as in let exim modify the body or as in let SA modify the body? In the Exim case Philip Hazel answered my question like this: Me> When consulting spec.txt you do not recommend updating the body, Me> would You mind evolving that a bit (considering my actions)? Phil> The main reason is just caution/paranoia in case something Phil> goes wrong. Phil> However, there is also the fact that certain variables such as Phil> $body-linecount will be wrong if you change the number of lines. Phil> Actually, I think that is probably the only one; $message_size is Phil> re-computed when the message is read for delivery. In the SA case, consulting the docs: report_safe { 0 | 1 | 2 } (default: 1) if this option is set to 1, if an incoming message is tagged as spam, instead of modifying the original mes? sage, SpamAssassin will create a new report message and attach the original message as a message/rfc822 MIME part (ensuring the original message is completely preserved, not easily opened, and easier to recover). ...makes at least me confident modifying the body. Judge for yourself. /Richard From simon at nuit.ca Thu Jun 26 15:40:44 2003 From: simon at nuit.ca (simon raven) Date: Thu Jun 26 07:41:09 2003 Subject: [SA-exim] sa-exim needs -fPIC to run correctly on PPC Message-ID: <20030626144044.GA19549@nuit.ca> well, weird thing: when i compiled the sa-exim.so on my last kernel, i wasn't getting this: ----- 2003-06-26 14:17:42 19VXZF-00037C-2C temporarily rejected by local_scan(): Local configuration error - local_scan() library failure\n/usr/lib/exim4/local_scan/sa-exim-3.0.so: R_PPC_REL24 relocation at 0x31689a70 for symbol `<93>~' out of range ----- now, on my new kernel (2.4.21-xfs-grsec-benh1) i was. i've tried enabling -fPIC, and now i'm wating to see if this works... (update soon) eric -- UNIX is user friendly, it's just picky about who its friends are. ------------------------------------------------------------------- ,''`. http://www.debian.org/ | http://www.nuit.ca/ : :' : Debian GNU/Linux | http://simonraven.nuit.ca/ `. `' | PGP key ID: 6169 BE0C 0891 A038 `- | From simon at nuit.ca Thu Jun 26 15:42:32 2003 From: simon at nuit.ca (simon raven) Date: Thu Jun 26 07:42:49 2003 Subject: [SA-exim] update to -fPIC question In-Reply-To: References: Message-ID: <20030626144232.GB19549@nuit.ca> absolutely needs -fPIC to work correctly. compiled with gcc-3.2, and the aforementioned kernel. cheers, eric -- UNIX is user friendly, it's just picky about who its friends are. ------------------------------------------------------------------- ,''`. http://www.debian.org/ | http://www.nuit.ca/ : :' : Debian GNU/Linux | http://simonraven.nuit.ca/ `. `' | PGP key ID: 6169 BE0C 0891 A038 `- | From tonni at billy.demon.nl Thu Jun 26 19:04:57 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Thu Jun 26 09:06:11 2003 Subject: [SA-exim] update to -fPIC question In-Reply-To: <20030626144232.GB19549@nuit.ca> References: <20030626144232.GB19549@nuit.ca> Message-ID: <3EFB19A9.3060901@billy.demon.nl> simon raven wrote: > absolutely needs -fPIC to work correctly. compiled with gcc-3.2, and the > aforementioned kernel. Don't see no mention of no kernel. Nowhere. Probably Windows 95. Tony -- Tony Earnshaw Humor him, and he'll go away again http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From sdickenson at keyschool.org Thu Jun 26 13:11:35 2003 From: sdickenson at keyschool.org (Dickenson, Steven) Date: Thu Jun 26 09:13:10 2003 Subject: [SA-exim] update to -fPIC question Message-ID: <1DBA7B491604E94BBCCE5133069A5BB248CF52@ringo.internal.keyschool.org> As I recall from an earlier message, he was running this under DOS 5 using DesqView. :P Steven --- Steven Dickenson Network Administrator The Key School, Annapolis Maryland -----Original Message----- From: Tony Earnshaw [mailto:tonni@billy.demon.nl] Sent: Thursday, June 26, 2003 12:05 PM To: simon raven Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] update to -fPIC question simon raven wrote: > absolutely needs -fPIC to work correctly. compiled with gcc-3.2, and the > aforementioned kernel. Don't see no mention of no kernel. Nowhere. Probably Windows 95. Tony -- Tony Earnshaw Humor him, and he'll go away again http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From tonni at billy.demon.nl Thu Jun 26 19:34:35 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: Thu Jun 26 09:37:00 2003 Subject: [SA-exim] update to -fPIC question In-Reply-To: <1DBA7B491604E94BBCCE5133069A5BB248CF52@ringo.internal.keyschool.org> References: <1DBA7B491604E94BBCCE5133069A5BB248CF52@ringo.internal.keyschool.org> Message-ID: <3EFB209B.3060508@billy.demon.nl> Dickenson, Steven wrote: > As I recall from an earlier message, he was running this under DOS 5 using > DesqView. :P Nope. Dos 5 never had no kernel, only DOS 5. Same as DOS 4; later DOS 6. DesqView was O.k., though, same as Qemm386 was O.k. Maybe he still has to configure LIM. Tony -- Tony Earnshaw Humor him, and he'll go away again http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: tonni@billy.demon.nl From marc at merlins.org Thu Jun 26 11:18:41 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu Jun 26 10:18:43 2003 Subject: [SA-exim] update to -fPIC question In-Reply-To: <3EFB209B.3060508@billy.demon.nl> References: <1DBA7B491604E94BBCCE5133069A5BB248CF52@ringo.internal.keyschool.org> <3EFB209B.3060508@billy.demon.nl> Message-ID: <20030626171841.GA27197@merlins.org> g On Thu, Jun 26, 2003 at 06:34:35PM +0200, Tony Earnshaw wrote: > Dickenson, Steven wrote: > > >As I recall from an earlier message, he was running this under DOS 5 using > >DesqView. :P > > Nope. Dos 5 never had no kernel, only DOS 5. Same as DOS 4; later DOS 6. > > DesqView was O.k., though, same as Qemm386 was O.k. Maybe he still has > to configure LIM. Aaaarrgggh, reallly bad memories, please stop it... :) Marc (unfortunate enough to be very familiar with what he's talking about) -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Mon Jun 30 09:41:43 2003 From: marc at merlins.org (Marc MERLIN) Date: Tue Jul 1 04:36:12 2003 Subject: [SA-exim] Overwriting local_scan.c to buildy In-Reply-To: References: <20030625055339.GI5901@merlins.org> Message-ID: <20030630064143.GB3961@merlins.org> On Wed, Jun 25, 2003 at 05:24:18PM -0700, Marilyn Davis wrote: > So install method 2 is "better"? It means you need to recompile exim if you change local_scan > Is this because it's simpler? Putting sa-exim directly inside exim is a bit simpler at build time, in exchange for being more work to maintain later. > Because you can do it without the exim source? Building sa-exim as a module can indeed be done without the source, but your running exim must have the local_scan patch, and it probably won't unless you're runnig debian. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key