From marc at merlins.org Sat Mar 1 01:26:00 2003 From: marc at merlins.org (Marc MERLIN) Date: Fri, 28 Feb 2003 17:26:00 -0800 Subject: [SA-exim] SpamAssassin 2.50 & SA-Exim 2.2 ==> problem ... In-Reply-To: <355190000.1046271949@lnx> References: <355190000.1046271949@lnx> Message-ID: <20030301012600.GI3644@merlins.org> On Wed, Feb 26, 2003 at 04:05:49PM +0100, Pierre-Luc Boucheron / UniGE (Email Address in signature) wrote: > If I don't disable the new report message (report_safe 0) all messages > detected as SPAM are delivered with an empty body (only the headers are > present). I will try to look at this, but I've had very little time recently. Please bear with me in the meantime. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From nicolas at marchildon.net Mon Mar 10 04:03:41 2003 From: nicolas at marchildon.net (Nicolas Marchildon) Date: 09 Mar 2003 23:03:41 -0500 Subject: [SA-exim] Mailman integration Message-ID: <1047269022.22863.96.camel@cortex.marchildon.net> I had to change my config file a bit to make Mailman work without having to rely on /etc/aliases. I'm using Mailman 2.0.13-2 on Debian testing, using my own build of the debian tree made available by Marc. In "address_pipe" transport, had to change "/var/local/mailman/mail/mailman" to "/var/lib/mailman/mail/wrapper". Changed MAILMAN_HOME from "/var/local/mailman" to "/var/lib/mailman", MAILMAN_WRAP from "MAILMAN_HOME/mail/mailman" to "MAILMAN_HOME/mail/wrapper", and two "config.pck" to "config.db" in the "require_files" statements. The name of the routers (mm21_main_director and mm21_director) and transport (mm21_transport) make me beleive the config was for Mailman 2.1, which I don't use yet. Maybe we could add mm20_xxx config elements so that this SA-Exim package works with both versions? Nicolas -- OpenPGP public key: http://nicolas.marchildon.net/pubkey.txt Key fingerprint: 5E84 1089 0036 BB63 6997 232C 8FFB 777D 39D4 B2D4 Jabber ID: nicolas@marchildon.net http://www.jabber.org What have you done for freedom today? http://www.gnu.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.merlins.org/archives/sa-exim/attachments/20030309/a7c9f33f/attachment.bin From marc at merlins.org Wed Mar 12 15:43:25 2003 From: marc at merlins.org (Marc MERLIN) Date: Wed, 12 Mar 2003 07:43:25 -0800 Subject: [SA-exim] Mailman integration In-Reply-To: <1047269022.22863.96.camel@cortex.marchildon.net> References: <1047269022.22863.96.camel@cortex.marchildon.net> Message-ID: <20030312154325.GF3763@merlins.org> On Sun, Mar 09, 2003 at 11:03:41PM -0500, Nicolas Marchildon wrote: > I had to change my config file a bit to make Mailman work without having > to rely on /etc/aliases. I'm using Mailman 2.0.13-2 on Debian testing, > using my own build of the debian tree made available by Marc. I appreciate that you're posting here, but this list is really for sa-exim, not for my unofficial debian package :) (let's continue off line) > In "address_pipe" transport, had to change > "/var/local/mailman/mail/mailman" to "/var/lib/mailman/mail/wrapper". > Changed MAILMAN_HOME from "/var/local/mailman" to "/var/lib/mailman", > MAILMAN_WRAP from "MAILMAN_HOME/mail/mailman" to I compile maliman from source and install it there. That's why I have variables you can change. > "MAILMAN_HOME/mail/wrapper", and two "config.pck" to "config.db" in the > "require_files" statements. > > The name of the routers (mm21_main_director and mm21_director) and > transport (mm21_transport) make me beleive the config was for Mailman > 2.1, which I don't use yet. Maybe we could add mm20_xxx config elements > so that this SA-Exim package works with both versions? No. MM 2.0 is dead and it would really make the config file a lot larger I have posted mm2.0 directors for exim4 before (check the mailman/exim archives), but they're long and not as powerful. If you are using exim4, upgrade to MM 2.1 too, you'll thank yourself later :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20030312/cf51811e/attachment.bin From tonni at billy.demon.nl Wed Mar 12 16:16:10 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 12 Mar 2003 17:16:10 +0100 Subject: [SA-exim] [Fwd: Re: [Exim] Exim version 4.14] Message-ID: <1047485768.13326.91.camel@localhost> Best, Tony -- Tony Earnshaw 247,035 lemmings can't be wrong ... Ask the man from Framfjord e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl -------------- next part -------------- An embedded message was scrubbed... From: Tony Earnshaw Subject: Re: [Exim] Exim version 4.14 Date: 12 Mar 2003 16:58:15 +0100 Size: 2054 Url: http://lists.merlins.org/archives/sa-exim/attachments/20030312/a0317b0a/attachment.txt From mboyd at cirilium.com Thu Mar 13 20:39:11 2003 From: mboyd at cirilium.com (Mark Boyd) Date: Thu, 13 Mar 2003 13:39:11 -0700 Subject: [SA-exim] Question about the headers X-SA-Do-Not-Rej/Run. Message-ID: <551810A11AE6DD4B81B4EE2C0E131CB05A7FB8@typhoon.cirilium.com> In the exim4.conf on Marc's page either the X-SA-Do-Not-Rej or X-SA-Do-Not-Run header can get added to the e-mail at RCPT time. That's all well and good, and I understand what's going on. However, it appears that I (or some unscrupulous spammer) could simply add in the X-SA-Do-Not-Run header on an incoming SMTP message and force sa-exim to skip the spam check. Do I have a configuration error, or is this just the way it works? - Mark From lists at timj.co.uk Thu Mar 13 20:45:42 2003 From: lists at timj.co.uk (Tim Jackson) Date: Thu, 13 Mar 2003 20:45:42 +0000 Subject: [SA-exim] Question about the headers X-SA-Do-Not-Rej/Run. In-Reply-To: <551810A11AE6DD4B81B4EE2C0E131CB05A7FB8@typhoon.cirilium.com> References: <551810A11AE6DD4B81B4EE2C0E131CB05A7FB8@typhoon.cirilium.com> Message-ID: <20030313204542.545ec002.lists@timj.co.uk> Hi Mark, on Thu, 13 Mar 2003 13:39:11 -0700 you wrote: > In the exim4.conf on Marc's page either the X-SA-Do-Not-Rej or > X-SA-Do-Not-Run header can get added to the e-mail at RCPT time. That's > all well and good, and I understand what's going on. However, it > appears that I (or some unscrupulous spammer) could simply add in the > X-SA-Do-Not-Run header on an incoming SMTP message and force sa-exim to > skip the spam check. This is a possibility, yes. If it concerns you, however, you can easily change this to a unique non-guessable header of your choice (e.g. "X-SquirbleFlippy: h234fgh92ht9798") - you just need to adjust the conditions in the SA config file. Tim From dcoy at lincoln.ac.uk Thu Mar 20 10:37:39 2003 From: dcoy at lincoln.ac.uk (Darran Michael Coy) Date: Thu, 20 Mar 2003 10:37:39 -0000 Subject: [SA-exim] Newbie: Releasing mail Message-ID: <3E7999F6.22700.2D29E4DC@localhost> Hi All, Sorry if this question is tooo newbie. We just started testing SA-Exim here and we're really impressed. We're running the latest version with SA 2.50 and Exim 4.10. Everything is working a treat. We're getting mail in SAtempreject and SApermreject. My question. How do I release a message that has ended up in one of these dirs, but is real mail? I also have some mail in SATimeoutsave that I need to release. Thanks ~~ Volunteer member of Pegasus Mail & Mercury Tech Team ~~ ~~~~~~~ Mailed using Pegasus Mail & Mercury NDS NLM ~~~~~~ Darran Coy, Systems Services Team Leader, CS University of Lincoln +---------------------------------------------+ | Email: dcoy@lincoln.ac.uk | | Tel: +44 (0)1482 440550 | +---------------------------------------------+ --------------------------------------------------------- Quote for the day: I have travelled the length and breadth of this country and talked with he best people, and I can assure you that data processing is a fad that wont last out the year. -- Editor, Business Books, Prentice Hall, 1957 From lists at timj.co.uk Thu Mar 20 14:21:50 2003 From: lists at timj.co.uk (Tim Jackson) Date: Thu, 20 Mar 2003 14:21:50 +0000 Subject: [SA-exim] Newbie: Releasing mail In-Reply-To: <3E7999F6.22700.2D29E4DC@localhost> References: <3E7999F6.22700.2D29E4DC@localhost> Message-ID: <20030320142150.08e96d20.lists@timj.co.uk> Hi Darran, on Thu, 20 Mar 2003 10:37:39 -0000 you wrote: > We're getting mail in SAtempreject and SApermreject. > How do I release a message that has ended up in one of these dirs, but > is real mail? You don't 'release them', as such. These are just plain old directories with plain files in. Once they're in there, SA-Exim basically has nothing more to do with them. Assuming you've got SA-Exim/Exim to not scan and/or reject mail from the local host, however, you should be able to re-inject them via the exim command line. > I also have some mail in SATimeoutsave that I need to release. Ditto, although be cautious here, to ensure that recipients don't get two copies. Tim From jclark at crownofmaine.net Thu Mar 20 15:03:14 2003 From: jclark at crownofmaine.net (Jeff Clark) Date: Thu, 20 Mar 2003 10:03:14 -0500 Subject: [SA-exim] SA-Exim Header Question Message-ID: Hi everyone. Our organization is greatly benefiting from SA-Exim, thanks to all involved! Quick question regarding X-SA-Do-Not.... headers: We currently prevent SA-Exim from scanning our outgoing mail for trusted subnets/authenticated users by adding to exim.conf: warn message = X-SA-Do-Not-Run: Yes hosts = +relay_from_hosts warn message = X-SA-Do-Not-Run: Yes authenticated = * This works great. But I've noticed that if one of our users on one SA-Exim enabled mail server sends an email to another of our users on another SA-Exim enabled mail server, SA-Exim doesn't scan the incoming message on the second mail server because X-SA-Do-Not-Run gets set to Yes as per the above rule. This obviously isn't a problem between our two mail servers but it got me wondering how this all works. I know people on the list have raised the concern about what would happen if a spammer put those headers in their messages. One suggestion I saw was to, in the sa-exim conf file, set these headers to something non-guessable. I'm sure this would work but I'm a little confused as to why this is needed. That is, I though SA-Exim was supposed to strip all X-SA headers before scanning the message anyway? From the v 2.2 Changelog: "Now strips any X-SA-Exim-* headers already present in the message before scanning it." Furthermore, I was under the impression from looking at the sample exim.conf on Marc's site that another way to handle this was to have exim strip off any X-SA headers on incoming smtp messages with: headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned" in the remote_smtp: transport But doing this only seems to remove these headers in outgoing smtp mail, not in incoming smtp mail. So this wouldn't seem to prevent a spammer from entering a X-SA-Do-Not... header and fooling sa-exim. Could someone please explain what the best way to prevent spammers from fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any misconceptions I have about how any of the above mechanisms work? Thanks! :) Jeff From tonni at billy.demon.nl Thu Mar 20 15:26:59 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 20 Mar 2003 16:26:59 +0100 Subject: [SA-exim] Newbie: Releasing mail In-Reply-To: <3E7999F6.22700.2D29E4DC@localhost> References: <3E7999F6.22700.2D29E4DC@localhost> Message-ID: <1048174018.19617.120.camel@localhost> tor, 2003-03-20 kl. 11:37 skrev Darran Michael Coy: > How do I release a message that has ended up in one of these dirs, but is real mail? Well now. Join the club of happy SA-Exim 2.2 users. Firstly, given the right config files, you should never get any stuff that /has/ to be disposed of in this way. *I* never do :-> However, here's what I just tried out for you and it worked a treat: I have a machine with SA-Exim and wu-imap 2003.DEV running. Thus, I have imap mboxes for a number of users. They are in ~/mail. I have for myself an mbox: ~/mail/Temp. As a user with rights to both directories (in the following test case as root) I go to /var/mail/exim/SApermreject/new and do (on the last spam to be refused with an smtp 550, a Nigerian spam from a Dutch spammer at Netscape.net, his account really does exist, the idiot - he spammed the Conexant modem mailing list and me 3 times): 'cat 1048169690_200303201404.h2KE45mF030210@valve.mbsi.ca >> /u/home/tonye/mail/Temp' - and what do you know ... If you've even only a little practice in Unix shell programming and things like 'find', ls -lu', you name it, Unix has it, you can set up a regular cron job to find out what are the new spams and do the above. You can then delete, forward or do whatever you like with your mails. My own chosen mailer is Evolution, but you could more or less use anything. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From tonni at billy.demon.nl Thu Mar 20 15:55:59 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 20 Mar 2003 16:55:59 +0100 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: References: Message-ID: <1048175758.19633.125.camel@localhost> tor, 2003-03-20 kl. 16:03 skrev Jeff Clark: > headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned" > > in the remote_smtp: transport > > But doing this only seems to remove these headers in outgoing smtp mail, not > in incoming smtp mail. Couldn't really, could it? > So this wouldn't seem to prevent a spammer from > entering a X-SA-Do-Not... header and fooling sa-exim. > Could someone please explain what the best way to prevent spammers from > fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any > misconceptions I have about how any of the above mechanisms work? Thanks! Think it was Tim who answered this. On the Exim list? Or the SA list? Just call the header something else, unique and only known to you, as being the mailadmin. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From marc at merlins.org Thu Mar 20 16:08:13 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu, 20 Mar 2003 08:08:13 -0800 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: References: Message-ID: <20030320160813.GB24108@merlins.org> On Thu, Mar 20, 2003 at 10:03:14AM -0500, Jeff Clark wrote: > it got me wondering how this all works. I know people on the list have > raised the concern about what would happen if a spammer put those headers in > their messages. One suggestion I saw was to, in the sa-exim conf file, set > these headers to something non-guessable. I'm sure this would work but I'm Right. > a little confused as to why this is needed. That is, I though SA-Exim was > supposed to strip all X-SA headers before scanning the message anyway? From > the v 2.2 Changelog: "Now strips any X-SA-Exim-* headers already present in > the message before scanning it." Furthermore, I was under the impression Right, X-SA-Exim-*, not X-SA-Do-Not-Run X-SA-Do-Not-Run is left in because for incoming mail, you want to be able to have a record that the mail didn't get scanned if it's spam Also, if you had X-SA-Do-Not-Run: Yes, well, SA-Exim doesn't get run, so it can't remove the headers now, can it? :) But SA-Exim can't really know if X-SA-Do-Not-Run was added by your ACLs or was injected into the mail before it hit your system. > from looking at the sample exim.conf on Marc's site that another way to > handle this was to have exim strip off any X-SA headers on incoming smtp > messages with: > > headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned" > in the remote_smtp: transport Yes, but you don't want to strip this on incoming mail as much as you want to strip it on mail that leaves your system. (ah, I see what you mean, I mean on incoming mail after it went through your ACLs and SA-Exim, so that you know when a mail ends up in a mailbox whether it was received or not) > But doing this only seems to remove these headers in outgoing smtp mail, not > in incoming smtp mail. Absolutely, that was the idea. > So this wouldn't seem to prevent a spammer from entering a X-SA-Do-Not... > header and fooling sa-exim. Correct. For now, if this becomes a problem you can rename the header to anything you want. Note too that if you are correctly configured, you are not going to leak that header out of your system, so this shouldn't be a big problem. What you want to do is remove arbitrary headers in exim's rcpt_to ACL, and I don't quite remember if you can do that. I'm sure Philip could add the feature if it's not there and you ask him. > Could someone please explain what the best way to prevent spammers from > fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any Call the header something else if you are worried. > misconceptions I have about how any of the above mechanisms work? Thanks! > :) Hopefully I just did. Cheers, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tonni at billy.demon.nl Thu Mar 20 18:57:52 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 20 Mar 2003 19:57:52 +0100 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: <20030320160813.GB24108@merlins.org> References: <20030320160813.GB24108@merlins.org> Message-ID: <1048186671.19633.146.camel@localhost> tor, 2003-03-20 kl. 17:08 skrev Marc MERLIN: > What you want to do is remove arbitrary headers in exim's rcpt_to ACL, and I > don't quite remember if you can do that. > I'm sure Philip could add the feature if it's not there and you ask him. header_add and header_remove can be carried out by routers and transports, according to spec.txt and that's how /you/ do it. Why would anyone want to add/remove them in ACLs? ACLs are there for determining what has been done in routers and transports - or before even those.. > > Could someone please explain what the best way to prevent spammers from > > fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any > Call the header something else if you are worried. Quite. Next I have a "newbie" question myself, but I'll eat first - first food today :-) Listening to BBC and Americans and British bombing Baghdad somehow took my appetite away. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From marc at merlins.org Thu Mar 20 20:55:38 2003 From: marc at merlins.org (Marc MERLIN) Date: Thu, 20 Mar 2003 12:55:38 -0800 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: <1048186671.19633.146.camel@localhost> References: <20030320160813.GB24108@merlins.org> <1048186671.19633.146.camel@localhost> Message-ID: <20030320205538.GY11449@merlins.org> On Thu, Mar 20, 2003 at 07:57:52PM +0100, Tony Earnshaw wrote: > tor, 2003-03-20 kl. 17:08 skrev Marc MERLIN: > > > What you want to do is remove arbitrary headers in exim's rcpt_to ACL, and I > > don't quite remember if you can do that. > > I'm sure Philip could add the feature if it's not there and you ask him. > > header_add and header_remove can be carried out by routers and > transports, according to spec.txt and that's how /you/ do it. Why would > anyone want to add/remove them in ACLs? ACLs are there for determining I could see a point for removing X-SA-Do-Not-Run from the mail headers before you hit my ACLs to add it. Right now, this only works because you can change X-SA-Do-Not-Run to some other secret if you wish. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From pfournier at loups.net Thu Mar 20 21:03:19 2003 From: pfournier at loups.net (Patrice Fournier) Date: Thu, 20 Mar 2003 16:03:19 -0500 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: References: Message-ID: <1048194199.3e7a2c974da2a@www.courrier.sabius.net> Quoting Jeff Clark : > Could someone please explain what the best way to prevent spammers from > fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any > misconceptions I have about how any of the above mechanisms work? I believe the new Exim 4.14 $acl_m? variables would be perfect here (I've not yet looked at how they work so I can't confirm this yet) -- Patrice Fournier pfournier@loups.net From tonni at billy.demon.nl Fri Mar 21 10:17:12 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 21 Mar 2003 11:17:12 +0100 Subject: [SA-exim] User-based white- and blacklists Message-ID: <1048241831.25649.91.camel@localhost> Hi list, I'm sure this must have been raised before, if so I'm sorry. Exim 4.14, SA-Exim 2.2/dlopen patch, SA 2.50-CVS Exim runs as user exim uid 502, spamd runs as suid root, Bayes is in /usr/local/var/spamassassin, local.cf in /etc/mail/spamassassin. Everything works beautifully. Now I'd like to use user preferences. Maybe I shouldn't, the docs say it's "a bad thing", but I'm trying things out. As far as I can see, exim calls spamc every time data is received and prohibits using user preferences. Or am I wrong? Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From tonni at billy.demon.nl Fri Mar 21 10:03:51 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 21 Mar 2003 11:03:51 +0100 Subject: [SA-exim] SA-Exim Header Question In-Reply-To: <1048194199.3e7a2c974da2a@www.courrier.sabius.net> References: <1048194199.3e7a2c974da2a@www.courrier.sabius.net> Message-ID: <1048241030.25647.77.camel@localhost> tor, 2003-03-20 kl. 22:03 skrev Patrice Fournier: > > Could someone please explain what the best way to prevent spammers from > > fooling sa-exim with forged X-SA-Do-No headers is? And also dispel any > > misconceptions I have about how any of the above mechanisms work? > > I believe the new Exim 4.14 $acl_m? variables would be perfect here (I've > not yet looked at how they work so I can't confirm this yet) Now that you made me start to think at all and RTFM a bit (which always helps), I could imagine an SA regex meta for local.cf which ought to be able to cope with this, too, in combination with existing ACLs. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From dman at dman.ddts.net Fri Mar 21 14:49:40 2003 From: dman at dman.ddts.net (Derrick 'dman' Hudson) Date: Fri, 21 Mar 2003 09:49:40 -0500 Subject: [SA-exim] Re: User-based white- and blacklists In-Reply-To: <1048241831.25649.91.camel@localhost> References: <1048241831.25649.91.camel@localhost> Message-ID: <20030321144940.GA10595@dman.ddts.net> On Fri, Mar 21, 2003 at 11:17:12AM +0100, Tony Earnshaw wrote: | Now I'd like to use user preferences. Maybe I shouldn't, the docs say | it's "a bad thing", but I'm trying things out. | | As far as I can see, exim calls spamc every time data is received and | prohibits using user preferences. Or am I wrong? The problem is a message can have multiple recipients. If you're using sa-exim, then you scan only once per message, even if the message has 100 recipients. You can use user preferences if you do the scanning later (eg similar to the way my docs explain the integration), but then you must scan once per recipient and you lose the ability to reject the message and take no responsibility for delivery. -D -- He who walks with the wise grows wise, but a companion of fools suffers harm. Proverbs 13:20 http://dman.ddts.net/~dman/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20030321/4bef027f/attachment.bin From tonni at billy.demon.nl Fri Mar 21 16:24:43 2003 From: tonni at billy.demon.nl (Tony Earnshaw) Date: 21 Mar 2003 17:24:43 +0100 Subject: [SA-exim] Re: User-based white- and blacklists In-Reply-To: <20030321144940.GA10595@dman.ddts.net> References: <1048241831.25649.91.camel@localhost> <20030321144940.GA10595@dman.ddts.net> Message-ID: <1048263882.25645.154.camel@localhost> fre, 2003-03-21 kl. 15:49 skrev Derrick 'dman' Hudson: > | Now I'd like to use user preferences. Maybe I shouldn't, the docs say > | it's "a bad thing", but I'm trying things out. > | > | As far as I can see, exim calls spamc every time data is received and > | prohibits using user preferences. Or am I wrong? > > The problem is a message can have multiple recipients. If you're > using sa-exim, then you scan only once per message, even if the > message has 100 recipients. You can use user preferences if you do > the scanning later (eg similar to the way my docs explain the > integration), but then you must scan once per recipient and you lose > the ability to reject the message and take no responsibility for > delivery. Heh ... Haven't I seen your name somewhere before? Yes, I've seen the reasoning before and the logic is obvious. Funnily enough, Tom Kistner posted a an Exim 4.14 Exiscan kludge to the Exim list this week which should also work for SA-Exim, for the above situation. http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030317/051275.html However, I find it so horrible ("il s'oppose meme la nature", as my granny might have said) that I would never use it myself. The above question was simply a sanity check. However, there must be an alternative solution. Best, Tony -- Tony Earnshaw e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl From marc at merlins.org Fri Mar 21 19:00:24 2003 From: marc at merlins.org (Marc MERLIN) Date: Fri, 21 Mar 2003 11:00:24 -0800 Subject: [SA-exim] Re: User-based white- and blacklists In-Reply-To: <1048263882.25645.154.camel@localhost> References: <1048241831.25649.91.camel@localhost> <20030321144940.GA10595@dman.ddts.net> <1048263882.25645.154.camel@localhost> Message-ID: <20030321190023.GA18439@merlins.org> On Fri, Mar 21, 2003 at 05:24:43PM +0100, Tony Earnshaw wrote: > http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030317/051275.html Man, that's an ugly trick. I have to admit that I would never have thought about it, that's quite smart from Tom to have come up with that. Note that for sa-exim, it's even worse, because you can only accept people who don't have a spamassassinrc, or only one receipient who has one. Yet, this would work, I think. Tom, have you checked that remote MTAs will not be spooked out by getting a 45x after the xth rcpt to, and will all correctly go on to data and deliver to the receipients that were accepted? I'm a bit afraid that some broken MTAs may just see a 45x, and issue a quit instead of data for the ones that were accepted. > However, I find it so horrible ("il s'oppose meme la nature", as my > granny might have said) Mmmh, that looks and sounds like French, but that isn't quite French though :-) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tom at duncanthrax.net Fri Mar 21 19:51:15 2003 From: tom at duncanthrax.net (Tom Kistner) Date: Fri, 21 Mar 2003 20:51:15 +0100 Subject: [SA-exim] Re: User-based white- and blacklists In-Reply-To: <20030321190023.GA18439@merlins.org> References: <1048241831.25649.91.camel@localhost> <20030321144940.GA10595@dman.ddts.net> <1048263882.25645.154.camel@localhost> <20030321190023.GA18439@merlins.org> Message-ID: <3E7B6D33.8050904@duncanthrax.net> Marc MERLIN wrote: >>http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030317/051275.html > Tom, have you checked that remote MTAs will not be spooked out by getting a > 45x after the xth rcpt to, and will all correctly go on to data and deliver > to the receipients that were accepted? From what I have seen so far on my 2 systems, there doesn't seem to be a problem. A "proper" MTA should handle this situation well, because I could also think of "legit" 4xx reponses ("Mailbox over quota", "partition full", or similar). > I'm a bit afraid that some broken MTAs may just see a 45x, and issue > a quit instead of data for the ones that were accepted. I can confirm that _MUAs_ can't handle this. So you must make sure to skip the procedure for typical MUA delivery paths (ASMTP, Allowed Relay Networks). >>However, I find it so horrible ("il s'oppose meme la nature", as my >>granny might have said) It's the best you can get if you want both SMTP time rejection and per-user settings. I can assure it can't get any better, unless we change the fundamentals of SMTP :) I hope I can post to the sa-exim list, since I'm not subscribed ... :) /tom -- Tom Kistner ICQ 1501527 dcanthrax@efnet http://duncanthrax.net From marc at merlins.org Fri Mar 21 22:15:59 2003 From: marc at merlins.org (Marc MERLIN) Date: Fri, 21 Mar 2003 14:15:59 -0800 Subject: [SA-exim] Re: User-based white- and blacklists In-Reply-To: <3E7B6D33.8050904@duncanthrax.net> References: <1048241831.25649.91.camel@localhost> <20030321144940.GA10595@dman.ddts.net> <1048263882.25645.154.camel@localhost> <20030321190023.GA18439@merlins.org> <3E7B6D33.8050904@duncanthrax.net> Message-ID: <20030321221559.GA25541@merlins.org> On Fri, Mar 21, 2003 at 08:51:15PM +0100, Tom Kistner wrote: > From what I have seen so far on my 2 systems, there doesn't seem to be > a problem. A "proper" MTA should handle this situation well, because I > could also think of "legit" 4xx reponses ("Mailbox over quota", > "partition full", or similar). Good point. > >I'm a bit afraid that some broken MTAs may just see a 45x, and issue > >a quit instead of data for the ones that were accepted. > > I can confirm that _MUAs_ can't handle this. So you must make sure to > skip the procedure for typical MUA delivery paths (ASMTP, Allowed Relay > Networks). Right, that makes sense. > It's the best you can get if you want both SMTP time rejection and > per-user settings. I can assure it can't get any better, unless we > change the fundamentals of SMTP :) Agreed. > I hope I can post to the sa-exim list, since I'm not subscribed ... :) Yep, I took care of it. Thanks for your answer. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From thomask at mtnns.net Mon Mar 24 07:10:41 2003 From: thomask at mtnns.net (Thomas Kinghorn) Date: Mon, 24 Mar 2003 09:10:41 +0200 Subject: [SA-exim] outbound mail scanning Message-ID: <4625C59C329BC447AFFB52E7F8BFF27504FF947E@protea.int.citec.net> Good day I am currently running sa-exim-2.2. All my outbound mail is being scanned and some falsely tagged as SPAM. How do I override the scanning of outbound mail? Any assistance would be appreciated. Regards, Tom Kinghorn From marc at merlins.org Mon Mar 24 07:26:51 2003 From: marc at merlins.org (Marc MERLIN) Date: Sun, 23 Mar 2003 23:26:51 -0800 Subject: [SA-exim] outbound mail scanning In-Reply-To: <4625C59C329BC447AFFB52E7F8BFF27504FF947E@protea.int.citec.net> References: <4625C59C329BC447AFFB52E7F8BFF27504FF947E@protea.int.citec.net> Message-ID: <20030324072651.GC22217@merlins.org> On Mon, Mar 24, 2003 at 09:10:41AM +0200, Thomas Kinghorn wrote: > Good day > > I am currently running sa-exim-2.2. > > All my outbound mail is being scanned and some falsely tagged as SPAM. > How do I override the scanning of outbound mail? Look in README EXIM4 INTEGRATION / NOT SCANNING YOUR OWN MAILS Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From richard at lithvall.nu Mon Mar 24 15:31:40 2003 From: richard at lithvall.nu (Richard Lithvall) Date: Mon, 24 Mar 2003 16:31:40 +0100 Subject: [SA-exim] Rejecting spam at SMTP but forward it to its recipients Message-ID: <3E7F24DC.9060902@lithvall.nu> Hi list members! As the lazy postmaster I am I don't want to check every mail caught by SA for false positives but I really want to reject the damn spam at SMTP time. Therefore I wrote this little perl hack delegating this responsibilty to my users (they all use exim filters to file mail tagged as spam into a Junk folder). It works as follows. - Configure SA-exim to save rejected mail into a directory - Run the perl script attatched below from cron, let's say, once an hour (as user mail or whoever that runs your exim) - Inform your users how things work and their responsibilites to check for false positives. Please comment this script/hack and I'd really love to get some English spelling/grammar check as well :-) /Richard #!/usr/bin/perl $dir = "/var/spool/exim4/SApermrejectsave/new"; foreach $mail (<$dir/*>) { if(-f $mail){ open(MAIL, $mail); # print "Working on: " . $mail . "\n"; $from = ; $from =~ s/^From\s(.+?)\s.+\n/$1/; while (){ if(/^X-SA-Exim-Rcpt-To:\s(.+)/){ @rcpts = split(/, /, $1); last; } if(/^$/){ last; } } open(BSMTP, "| /usr/sbin/exim4 -bS"); print BSMTP "mail from:<" . $from . ">\n"; foreach $rcpt (@rcpts){ print BSMTP "rcpt to:<" . $rcpt . ">\n"; } print BSMTP "data\n"; print BSMTP "X-Spam-Notice: This mail was rejected during reception due to heuristic check marked it as spam,\n"; print BSMTP "\tbut forwarded to You for checking for false positives.\n"; seek(MAIL, 0, 0); $throw_away_first_from_line = ; while (){ if(/^\./){ print BSMTP "."; } print BSMTP; } close(MAIL); print BSMTP ".\n"; print BSMTP "quit\n"; close(BSMTP); unlink($mail); } } From dmabe at runningland.com Tue Mar 25 21:20:45 2003 From: dmabe at runningland.com (Mabe, David M) Date: Tue, 25 Mar 2003 16:20:45 -0500 Subject: [SA-exim] Archiving All Messages Message-ID: <1E3CDC3D20FEFC469492E5AC0B47421101FCBE@server3.runningland.com> All: I would like to archive every message that comes through my server. It would be ideal to archive messages that SA-exim marks as spam in one directory and those that aren't marked as spam in another directory. I have tried rewriting the address by adding an additional address like this, but exim doesn't like it: *@mydomain.com $1@mydomain.com,archive@mydomain.com Anybody have any suggestions? Looking through the mainlog, it looks like there might be an option for saving all spam messages that were accepted in a directory (SAspamacceptsave), but I can't seem to get it to work. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.merlins.org/archives/sa-exim/attachments/20030325/bbb65fc3/attachment.html From sdickenson at keyschool.org Wed Mar 26 13:22:07 2003 From: sdickenson at keyschool.org (Dickenson, Steven) Date: Wed, 26 Mar 2003 08:22:07 -0500 Subject: [SA-exim] Archiving All Messages Message-ID: <1DBA7B491604E94BBCCE5133069A5BB221FEBC@ringo.internal.keyschool.org> Check the spamassassin.conf file for SA-Exim. Towards the bottom, there's an option to save messages that aren't flagged as spam. There's also options to save mail that is flagged as spam, rejected, or teergrubed. If you enable all of these options, you'll essentially save every piece of mail that passes through SA-Exim. PS - Please use plain text for the list, not HTML. Steven --- Steven Dickenson Network Administrator The Key School, Annapolis Maryland -----Original Message----- From: Mabe, David M [mailto:dmabe@runningland.com] Sent: Tuesday, March 25, 2003 4:21 PM To: sa-exim@lists.merlins.org Subject: [SA-exim] Archiving All Messages All: I would like to archive every message that comes through my server. It would be ideal to archive messages that SA-exim marks as spam in one directory and those that aren't marked as spam in another directory. I have tried rewriting the address by adding an additional address like this, but exim doesn't like it: *@mydomain.com $1@mydomain.com,archive@mydomain.com Anybody have any suggestions? Looking through the mainlog, it looks like there might be an option for saving all spam messages that were accepted in a directory (SAspamacceptsave), but I can't seem to get it to work. Thanks in advance!