From mollo at club-internet.fr Mon Nov 1 11:02:45 2004 From: mollo at club-internet.fr (mollo) Date: Mon Nov 1 02:03:03 2004 Subject: [SA-exim] Build for Debian Woody help Message-ID: <20041101110245.52d2181e@concord.bghflt.org> Hello, I'm using for my Debian Woody the exim backport packages from http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/woody/ it's release 4.34 of Exim. I'm now using SpamAssassin 3.0, an update of sa-exim is needed. I build with patching the sources, but I got : 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() library doesn't contain local_scan_version_major() function - message temporarily rejected 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed with signal 11 - message temporarily rejected (size 2241) Has anyone builded sa-exim.so for woody, thanks. Build Notes: -I extract exim4.34 somewhere -I patch using localscan_dlopen_exim_4.20_or_better.patch -Because updating the SA-exim Makefile with EXIM_SRC=/home//exim-4.34/src don't work (make don't see any file), I just copy the files local_scan.h, and so from exim tree. -Build work with some warning and give the 'sa-exim' -Using files provided in eximinc give the same error when run. Ciao' Mathieu -- From ssmeenk at freshdot.net Mon Nov 1 11:06:42 2004 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Mon Nov 1 02:07:17 2004 Subject: [SA-exim] Build for Debian Woody help In-Reply-To: <20041101110245.52d2181e@concord.bghflt.org> References: <20041101110245.52d2181e@concord.bghflt.org> Message-ID: <20041101100642.GC30678@freshdot.net> Quoting mollo (mollo@club-internet.fr): > I'm using for my Debian Woody the exim backport packages from > http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/woody/ > I build with patching the sources, but I got : > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed with > signal 11 - message temporarily rejected (size 2241) Ugly :) > -I extract exim4.34 somewhere > -I patch using localscan_dlopen_exim_4.20_or_better.patch > -Because updating the SA-exim Makefile with > EXIM_SRC=/home//exim-4.34/src don't work (make don't see any file), I > just copy the files local_scan.h, and so from exim tree. > -Build work with some warning and give the 'sa-exim' > -Using files provided in eximinc give the same error when run. For all I know, the Exim backports made by Andreas Metzler for Woody *already* have dlopen support built in, so you shouldn't need to patch anything, and instead just run make in the sa-exim sourcetree, and move the resulting accept.so, sa-exim.so and sa-exim.conf to the apropriate directories... HTH, Sander. -- | Genealogy: Tracing yourself back to better people. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From mollo at club-internet.fr Mon Nov 1 11:20:50 2004 From: mollo at club-internet.fr (mollo) Date: Mon Nov 1 02:21:04 2004 Subject: [SA-exim] Build for Debian Woody help In-Reply-To: <20041101100642.GC30678@freshdot.net> References: <20041101110245.52d2181e@concord.bghflt.org> <20041101100642.GC30678@freshdot.net> Message-ID: <20041101112050.4e242129@concord.bghflt.org> On Mon, 1 Nov 2004 11:06:42 +0100 Sander Smeenk wrote: Hia Sander, > > I'm using for my Debian Woody the exim backport packages from > > http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/woody/ > > > I build with patching the sources, but I got : > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed > > with signal 11 - message temporarily rejected (size 2241) > > Ugly :) > For all I know, the Exim backports made by Andreas Metzler for Woody > *already* have dlopen support built in, so you shouldn't need to patch > anything, and instead just run make in the sa-exim sourcetree, and move > the resulting accept.so, sa-exim.so and sa-exim.conf to the apropriate > directories... 'make' works if done with ROOT access.. Don't know why 'make' wont work if run with normal user. Thanks for putting me on the right way. Have a nice day Mathieu From agt-nogreylist at mib.org Wed Nov 3 15:05:49 2004 From: agt-nogreylist at mib.org (Adam Tilghman) Date: Wed Nov 3 16:16:17 2004 Subject: [SA-exim] Modifying Content-Type header, when SARewriteBody==0 Message-ID: <20041103230549.GA19806@nuthaus.mib.org> I recently installed sa-exim, and noticed that Mailman crashed when receiving certain sa-exim processed spam messages. It turns out that the problem messages had been given MIME multipart/mixed Content-Types even though the body wasn't rewritten into MIME multipart format. Is there any reason to modify (or create) the Content-Type: and Content-Transfer-Encoding: headers when the message body is unchanged? The following (small) changes fixed my problems with Mailman. -- Adam --- ORIG/sa-exim-cvs/sa-exim.c 2004-08-23 08:39:49.000000000 -0700 +++ sa-exim.c 2004-11-03 11:22:38.000000000 -0800 @@ -1037,8 +1037,8 @@ beginning of the loop without reading a new line since we already did that */ if (parsemlheader(buffer, (FILE *)readfh, "Subject", NULL)) goto restart; - if (parsemlheader(buffer, (FILE *)readfh, "Content-Type", NULL)) goto restart; - if (parsemlheader(buffer, (FILE *)readfh, "Content-Transfer-Encoding", NULL)) goto restart; + if ((SARewriteBody == 1) && (parsemlheader(buffer, (FILE *)readfh, "Content-Type", NULL))) goto restart; + if ((SARewriteBody == 1) && (parsemlheader(buffer, (FILE *)readfh, "Content-Transfer-Encoding", NULL))) goto restart; if (parsemlheader(buffer, (FILE *)readfh, "X-Spam-Flag", &xspamflag)) { -- Adam Tilghman http://eldred.cc \ The Fourth Conjecture: SF Action/Adv. agt@mib.org Save the Public Domain \ Oct. 7-9th, 2005 - www.conjecture.org From marc at merlins.org Wed Nov 3 20:19:06 2004 From: marc at merlins.org (Marc MERLIN) Date: Wed Nov 3 21:44:15 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <1097667346.3055.5.camel@mars> References: <1097667346.3055.5.camel@mars> Message-ID: <20041104041906.GC1478@merlins.org> On Wed, Oct 13, 2004 at 01:35:46PM +0200, Kilian Krause wrote: > Hi, > > if i want to drop spam that's coming from a known relay (i.e. my email > whatever@domain1.org has a static forwarding to somewhat@domain2.org and > i can't influence what domain1.org MX does, but i own domain2.org), what > would be the best place for this? > > Obviously something like "SAdevnullcond" isn't mentioned in the > sa-exim.conf templates, so i doubt i can just use it like the > SAteergrubecond, can i? If it existed, that'd just leave me the option > to put the default SAdevnull score to some value that isn't very likely > to be matched, but i still can use it to silently drop all spam instead > proactively introducing secondary spam with all my rejects to that relay > MX. I think I understand what you're trying to do, and basically, right now you can only influence whether teergrube will run or not. For that matter, you can't make tne devnull condition run before teergrube either. But let me ask, teergrubbing a peer MX is bad, but why are you trying to /dev/null? Can't you just reject the mail? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20041103/8300f821/attachment.bin From marc at merlins.org Wed Nov 3 19:26:08 2004 From: marc at merlins.org (Marc MERLIN) Date: Wed Nov 3 21:44:18 2004 Subject: [SA-exim] greylisting DNSBL hosts? In-Reply-To: <1097235499.18184.30.camel@ganymede> References: <1097235499.18184.30.camel@ganymede> Message-ID: <20041104032608.GA1478@merlins.org> On Fri, Oct 08, 2004 at 01:38:19PM +0200, Kilian Krause wrote: > Has anyone yet produced a config of say exim4 and greylistd using DNSBL > for dialup hosts to trigger greylisting? That way all "regular" MTAs of For the most part, you can already do this by setting scores on blacklists and triggers so that you greylist people with a high enough score Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20041103/a8f0ef48/attachment.bin From marc at merlins.org Wed Nov 3 19:55:34 2004 From: marc at merlins.org (Marc MERLIN) Date: Wed Nov 3 21:44:24 2004 Subject: [SA-exim] Build for Debian Woody help In-Reply-To: <20041101112050.4e242129@concord.bghflt.org> <20041101100642.GC30678@freshdot.net> <20041101110245.52d2181e@concord.bghflt.org> References: <20041101110245.52d2181e@concord.bghflt.org> <20041101100642.GC30678@freshdot.net> <20041101112050.4e242129@concord.bghflt.org> <20041101110245.52d2181e@concord.bghflt.org> <20041101100642.GC30678@freshdot.net> <20041101110245.52d2181e@concord.bghflt.org> Message-ID: <20041104035534.GB1478@merlins.org> On Mon, Nov 01, 2004 at 11:02:45AM +0100, mollo wrote: > I build with patching the sources, but I got : > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() library doesn't contain > local_scan_version_major() function - message temporarily rejected > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed with > signal 11 - message temporarily rejected (size 2241) This actually crashed inside exim, it complains that your sa-exim module didn't export LOCAL_SCAN_ABI_VERSION_MAJOR. See if your binary was built properly: gandalf:~$ strings /usr/lib/exim4/local_scan/sa-exim.so | grep -i local_scan local_scan_version_major local_scan_version_minor local_scan > Build Notes: > -I extract exim4.34 somewhere > -I patch using localscan_dlopen_exim_4.20_or_better.patch I can confirm that you did patch this in, since the error message you got came from there: "local_scan() library doesn't contain local_scan_version_major() function" > -Because updating the SA-exim Makefile with > EXIM_SRC=/home//exim-4.34/src don't work (make don't see any file), I > just copy the files local_scan.h, and so from exim tree. Mmmh, ok. > -Build work with some warning and give the 'sa-exim' The warnings might matter. So, does strings on sa-exim.so return the same stuff than on mine? On Mon, Nov 01, 2004 at 11:20:50AM +0100, mollo wrote: > > For all I know, the Exim backports made by Andreas Metzler for Woody > > *already* have dlopen support built in, so you shouldn't need to patch > > anything, and instead just run make in the sa-exim sourcetree, and move > > the resulting accept.so, sa-exim.so and sa-exim.conf to the apropriate > > directories... > > 'make' works if done with ROOT access.. > > Don't know why 'make' wont work if run with normal user. Uh? It builds fine as a user for me. You're going to have to give some error messages and more details :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From marc at merlins.org Wed Nov 3 23:11:47 2004 From: marc at merlins.org (Marc MERLIN) Date: Wed Nov 3 23:11:49 2004 Subject: [SA-exim] Modifying Content-Type header, when SARewriteBody==0 In-Reply-To: <20041103230549.GA19806@nuthaus.mib.org> References: <20041103230549.GA19806@nuthaus.mib.org> Message-ID: <20041104071147.GA31918@merlins.org> On Wed, Nov 03, 2004 at 03:05:49PM -0800, Adam Tilghman wrote: > > I recently installed sa-exim, and noticed that Mailman crashed > when receiving certain sa-exim processed spam messages. > > It turns out that the problem messages had been given MIME > multipart/mixed Content-Types even though the body wasn't rewritten > into MIME multipart format. > > Is there any reason to modify (or create) the Content-Type: and > Content-Transfer-Encoding: headers when the message body is unchanged? Well, this used to be useful with defang_mime and report_safe=0, but now that defang_mime is gone, I'm wondering... I guess I can probably remove the modification unless rewrite_body is on Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From kk at verfaction.de Thu Nov 4 13:59:46 2004 From: kk at verfaction.de (Kilian Krause) Date: Thu Nov 4 04:00:14 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <20041104041906.GC1478@merlins.org> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> Message-ID: <1099573187.4704.3.camel@ganymede> Hi Marc, > But let me ask, teergrubbing a peer MX is bad, but why are you trying to > /dev/null? Can't you just reject the mail? sure it's bad. And bouncing would mean to introduce secondary spam as most of the sender addresses are very likely to be either fake or void. Thus i'd just like to accept them and stuff them into the digital dustbin for the sake of other postmasters out there. -- Best regards, Kilian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.merlins.org/archives/sa-exim/attachments/20041104/0e9dc915/attachment.bin From marc at merlins.org Thu Nov 4 07:58:10 2004 From: marc at merlins.org (Marc MERLIN) Date: Thu Nov 4 07:58:13 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <1099573187.4704.3.camel@ganymede> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> Message-ID: <20041104155810.GB31918@merlins.org> On Thu, Nov 04, 2004 at 01:59:46PM +0100, Kilian Krause wrote: > Hi Marc, > > > But let me ask, teergrubbing a peer MX is bad, but why are you trying to > > /dev/null? Can't you just reject the mail? > > sure it's bad. And bouncing would mean to introduce secondary spam as > most of the sender addresses are very likely to be either fake or void. > Thus i'd just like to accept them and stuff them into the digital > dustbin for the sake of other postmasters out there. I see. I have just less compassion that you :) (if they accept random spam they're going to get the unbounceable mail anyway, with or without me refusing some of their forwards) So, if each option were conditional instead of just having a score, that would do what you need. This is already a feature request, and I'm hoping to put that in the next version Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20041104/5c43793f/attachment.bin From jason+lists.sa-exim at lixfeld.ca Fri Nov 5 14:03:16 2004 From: jason+lists.sa-exim at lixfeld.ca (Jason Lixfeld) Date: Fri Nov 5 11:03:32 2004 Subject: [SA-exim] BCP for calling per-user SA after sa-exim Message-ID: <59A8693C-2F5D-11D9-BA78-000A95D6AB8E@lixfeld.ca> Hello, First off, sorry for the cross-post. I'm not sure if this is better answered by the SA guys or the SA-exim guys so it's going to both. I like the idea of using SA-exim because it's got some great features! I would also like to incorporate per-user SA for mail that makes it past SA-exim. The question is what, if any, is the best common practice for doing this, or something like this. The issues that I have found so far are that there doesn't seem to be a way to tell SA-exim to not tag messages below a certain spam-score so exim can pass it off to an SA transport via an SA router. Can I delete the headers or something using an exim ACL? I'v also tried looking at amavisd-new, but while it seems rather robust, it takes some of the features away that SA and SA-exim have, such as being able to add the spam score using _SCORE_ in the message header, being able to encapsulate the message inside a spam report that shows exactly why the message was tagged as spam, etc. Anyone have any insight they can share? From marc at merlins.org Sat Nov 6 16:59:43 2004 From: marc at merlins.org (Marc MERLIN) Date: Sat Nov 6 22:26:02 2004 Subject: [SA-exim] BCP for calling per-user SA after sa-exim In-Reply-To: <59A8693C-2F5D-11D9-BA78-000A95D6AB8E@lixfeld.ca> References: <59A8693C-2F5D-11D9-BA78-000A95D6AB8E@lixfeld.ca> Message-ID: <20041107005943.GF16162@merlins.org> On Fri, Nov 05, 2004 at 02:03:16PM -0500, Jason Lixfeld wrote: > Hello, > > First off, sorry for the cross-post. I'm not sure if this is better > answered by the SA guys or the SA-exim guys so it's going to both. > > I like the idea of using SA-exim because it's got some great features! > I would also like to incorporate per-user SA for mail that makes it > past SA-exim. The question is what, if any, is the best common > practice for doing this, or something like this. > > The issues that I have found so far are that there doesn't seem to be a > way to tell SA-exim to not tag messages below a certain spam-score so Correct. > exim can pass it off to an SA transport via an SA router. Can I delete > the headers or something using an exim ACL? Sure. system_filter should let you do that, or header_delete in your transport(s) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tor at slett.net Wed Nov 10 11:09:11 2004 From: tor at slett.net (Tor Slettnes) Date: Wed Nov 10 11:09:08 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <20041104155810.GB31918@merlins.org> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> Message-ID: <011A16EB-334C-11D9-B213-0030656CF512@slett.net> On Nov 4, 2004, at 07:58, Marc MERLIN wrote: > I see. I have just less compassion that you :) (if they accept random > spam they're going to get the unbounceable mail anyway, with or > without me refusing some of their forwards) I tend to agree in the case where you are using another host as a secondary MX. It is important that you either have control of your own MXs, or that the party hosting your secondary MX has (at least) as stringent filters as you do. There are a couple of other cases where there _is_ a need for host-based whitelisting: - If someone on your site subscribe to a mailing list, you'll get forwarded spam from that list. In my case, most spam comes from the Debian list servers, or to my account. - If one of your users have a ".forward" setup on another host, you will get spam from there. In both these cases, you do not want to do SMTP (550) rejects - you'll only (a) hurt your friend, who will see freezes in their mail queue, or (b) generate collateral spam -- depending on whether the sender address is valid or not. With SA-Exim, any whitelisting you do in Exim ACLs have no effect, since SA-Exim runs under a different Exim subsystem: local_scan(). The only option, therefore, is to whitelist these hosts in SpamAssassin: whitelist_from_rcvt *@* debian.org The issue with this is that because SA-Exim does not pass the recipient username to SpamAssassin, there is no per-user configuration (including a per-user whitelist). Thus, all mailing lists and forwarders that _any_ user on your system receives mail from have to be setup at the system level (in /etc/spamassassin/local.cf, /etc/mail/spamassassin/local.cf, or similar). I wrote up some text on these considerations, here: http://tldp.org/HOWTO/Spam-Filtering-for-MX/considerations.html http://tldp.org/HOWTO/Spam-Filtering-for-MX/exim-sa.html http://tldp.org/HOWTO/Spam-Filtering-for-MX/exim-forward.html -tor From kk at verfaction.de Wed Nov 10 20:27:00 2004 From: kk at verfaction.de (Kilian Krause) Date: Wed Nov 10 11:27:21 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <011A16EB-334C-11D9-B213-0030656CF512@slett.net> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> Message-ID: <1100114820.5094.14.camel@ganymede> Hi Tor, > whitelist_from_rcvt *@* debian.org you don't seriously expect me to WHITELIST 80% of my SPAM source, eh? (for the example of the .forward on a friend's box..) Whitelisting the *host* would cause all the spam hit unfiltered my inbox, that's why i want to *NOT* produce collateral spam, but just accept and stuff it away into /dev/null... -- Best regards, Kilian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.merlins.org/archives/sa-exim/attachments/20041110/fd40275a/attachment.bin From kristopher.austin at oc.edu Wed Nov 10 14:55:52 2004 From: kristopher.austin at oc.edu (Kristopher Austin) Date: Wed Nov 10 12:56:07 2004 Subject: [SA-exim] SA 3.0 and Greylisting Message-ID: <0B91381A437EEF49AA5ED37EC5EDD555AB4D03@fsmail.oc.edu> I have looked everywhere I can think of to figure out how to get SA-Exim's Greylisting to work with SA 3.0. The current CVS of SA-Exim is supposed to support SA 3.0, but I couldn't find a new patch file to patch SA with. Am I missing something very obvious? I have seen no mention of this anywhere so I suppose everyone else has figured out how to get it to work. Can you please tell me your secret? Thanks, Kris From rick at linuxmafia.com Wed Nov 10 13:09:43 2004 From: rick at linuxmafia.com (Rick Moen) Date: Wed Nov 10 13:10:09 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <011A16EB-334C-11D9-B213-0030656CF512@slett.net> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> Message-ID: <20041110210943.GY28734@linuxmafia.com> Quoting Tor Slettnes (tor@slett.net): > I tend to agree in the case where you are using another host as a > secondary MX. It is important that you either have control of your own > MXs, or that the party hosting your secondary MX has (at least) as > stringent filters as you do. > > There are a couple of other cases where there _is_ a need for > host-based whitelisting: > > - If someone on your site subscribe to a mailing list, you'll get > forwarded spam from that list. This decade's argument of "Please don't punish my badly administered mailing-list box's MTA" seems to strongly resemble last decade's argument of "Please don't punish my badly administered open relay". I wonder how many people will accept the reasoning, this time? Personally, I 550-reject or teergrube mailing list spam sources with no regrets. Some negligent mailadmins scream; I LART them a little harder. It's a darwinian communication process that makes up in efficiency and sincerity what it lacks in polish. > In my case, most spam comes from the Debian list servers, or to my > account. Like those negligent mailadmins, for example. ? bas qmail! ?crasez l'inf?me![1] > - If one of your users have a ".forward" setup on another host, you > will get spam from there. The other host has an admin who needs cluebatting -- and clearly there's no good to be derived from accepting his spam. > In both these cases, you do not want to do SMTP (550) rejects - you'll > only (a) hurt your friend, who will see freezes in their mail queue, or > (b) generate collateral spam -- depending on whether the sender address > is valid or not. (a) You're _helping_ your friend, by clarifying to him that the other mailadmin is screwing up in his name, by accepting and trying to deliver easily avoidable spam addressed to him. (b) You are not generating that collateral spam: The negligent mailadmin is. He should not have accepted that mail in the first place, or, having accepted it, should not have attempted to deliver it. If he fails to do either of those things and you reject his mail, his turning your DSN into collateral spam is a third screw-up. The proper response is not to help conceal and paper over that third-rater's errors; it's to LART him until he bleeds. Otherwise, how and when is the problem there going to get fixed? Again, see last decade's open-relay flamewars for further information; the arguments were the same. My opinion; yours for a small fee and disclaimer of reverse-engineering rights. [1] I'm kidding. Unconfirmed rumour suggests that even qmail is capable of competent SMTP-time processing. -- Cheers, "Plus ?a change...." Rick Moen http://linuxmafia.com/~rick/pictures/1861-versus-2004.jpeg rick@linuxmafia.com P.S.: http://72.3.131.10/gallery/1/ From marc at merlins.org Wed Nov 10 14:21:34 2004 From: marc at merlins.org (Marc MERLIN) Date: Wed Nov 10 14:21:36 2004 Subject: [SA-exim] SA 3.0 and Greylisting In-Reply-To: <0B91381A437EEF49AA5ED37EC5EDD555AB4D03@fsmail.oc.edu> References: <0B91381A437EEF49AA5ED37EC5EDD555AB4D03@fsmail.oc.edu> Message-ID: <20041110222134.GB32543@merlins.org> On Wed, Nov 10, 2004 at 02:55:52PM -0600, Kristopher Austin wrote: > I have looked everywhere I can think of to figure out how to get > SA-Exim's Greylisting to work with SA 3.0. > > The current CVS of SA-Exim is supposed to support SA 3.0, but I couldn't > find a new patch file to patch SA with. Am I missing something very > obvious? I have seen no mention of this anywhere so I suppose everyone > else has figured out how to get it to work. I'm afraid there is no secret. I haven't upgraded to SA 3.0 yet, and thus haven't written the module (it won't be a patch SA 3.0 supports modules, so it should be cleaner) The snow season having started, it may however mean that I'll be in cars and/or hotel rooms with my laptop and will hopefully have time to write this soon Of course, that doesn't stop someone else from doing it first, the code in question is not rocket science :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tor at slett.net Wed Nov 10 15:02:21 2004 From: tor at slett.net (Tor Slettnes) Date: Wed Nov 10 15:02:16 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <1100114820.5094.14.camel@ganymede> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> <1100114820.5094.14.camel@ganymede> Message-ID: <41929DFD.60509@slett.net> [Kilian, sorry for the duplicate; I had the wrong address for the SA-Exim list the first time]. Kilian Krause wrote: >> whitelist_from_rcvt *@* debian.org >> >you don't seriously expect me to WHITELIST 80% of my SPAM source, eh? >(for the example of the .forward on a friend's box..) > As I was saying, with SA-Exim that is your only option, unless you also want to REJECT mail from that server (thus creating headaches for their postmaster). Because it runs outside Exim's ACL subsystem, you don't have access to the same sophisticated conditional evaluation that you do with, for instance, Exiscan-ACL (included in Debian's "exim4-daemon-heavy" package). You did not follow those links I posted, huh? >Whitelisting the *host* would cause all the spam hit unfiltered my >inbox, that's why i want to *NOT* produce collateral spam, but just >accept and stuff it away into /dev/null... > Below is how I do this with Exiscan-ACL. (Well, almost; this is a slight simplification). I still send all mail from external sources to SpamAssassin; but if it comes from a host in my /etc/mail/whitelist-hosts file, I never reject it. I also add a "X-Spam-Status:" header, so that my MDA (Cyrus) can filter it into the recipient's Junk folder. # Invoke SpamAssassin to obtain $spam_score and $spam_report. # Depending on the classification, $acl_m9 is set to "ham" or "spam". # # If the message is classified as spam, but the sending host is # in our whitelist, accept the mail anyway. # warn set acl_m9 = ham spam = mail set acl_m9 = spam !hosts = /etc/mail/whitelist-hosts control = fakereject logwrite = :reject: Rejected spam (score $spam_score): $spam_report # Add an appropriate X-Spam-Status: header to the message. # warn message = X-Spam-Status: \ ${if eq {$acl_m9}{spam}{Yes}{No}} (score $spam_score)\ ${if def:spam_report {: $spam_report}} logwrite = :main: Classified as $acl_m9 (score $spam_score) # Accept the message. # accept From kk at verfaction.de Thu Nov 11 00:07:12 2004 From: kk at verfaction.de (Kilian Krause) Date: Wed Nov 10 15:07:38 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <41929DFD.60509@slett.net> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> <1100114820.5094.14.camel@ganymede> <41929DFD.60509@slett.net> Message-ID: <1100128032.5094.22.camel@ganymede> Hi Tor, Am Mittwoch, den 10.11.2004, 15:02 -0800 schrieb Tor Slettnes: > [Kilian, sorry for the duplicate; I had the wrong address for the > SA-Exim list the first time]. well, first of all there's no need to CC me as i do read sa-exim anyway.. but sending me twice might already count as ground level spam hehe (just kiddin') ;) > > Kilian Krause wrote: > > >> whitelist_from_rcvt *@* debian.org > >> > >you don't seriously expect me to WHITELIST 80% of my SPAM source, eh? > >(for the example of the .forward on a friend's box..) > > > > As I was saying, with SA-Exim that is your only option, unless you also > want to REJECT mail from that server (thus creating headaches for their > postmaster). Because it runs outside Exim's ACL subsystem, you don't > have access to the same sophisticated conditional evaluation that you do > with, for instance, Exiscan-ACL (included in Debian's > "exim4-daemon-heavy" package). > > You did not follow those links I posted, huh? well, in fact i did read them and maybe i'm either to blind or just to fixed on my own thinking to see the obvious solution.. > >Whitelisting the *host* would cause all the spam hit unfiltered my > >inbox, that's why i want to *NOT* produce collateral spam, but just > >accept and stuff it away into /dev/null... > > > Below is how I do this with Exiscan-ACL. (Well, almost; this is a > slight simplification). I still send all mail from external sources to > SpamAssassin; but if it comes from a host in my > /etc/mail/whitelist-hosts file, I never reject it. I also add a > "X-Spam-Status:" header, so that my MDA (Cyrus) can filter it into the > recipient's Junk folder. > > > # Invoke SpamAssassin to obtain $spam_score and $spam_report. > # Depending on the classification, $acl_m9 is set to "ham" or "spam". > # > # If the message is classified as spam, but the sending host is > # in our whitelist, accept the mail anyway. > # > warn > set acl_m9 = ham > spam = mail > set acl_m9 = spam > !hosts = /etc/mail/whitelist-hosts > control = fakereject > logwrite = :reject: Rejected spam (score $spam_score): $spam_report > so you say the magic is here to use fakereject instead of reject? I daresay that i tried to understand that from the URL given back in the thread and somewhat i still cannot see what the *FAKE* about this reject is. So maybe you can enlighten me how i with this can do a "whitelisting" but still scan my mails and then throw them silently into /dev/null without producing large backscatter with my mx being the one listed in the "he's to blame, he didn't accept it!".. -- Best regards, Kilian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.merlins.org/archives/sa-exim/attachments/20041111/4676896b/attachment-0001.bin From tor at slett.net Wed Nov 10 15:55:55 2004 From: tor at slett.net (Tor Slettnes) Date: Wed Nov 10 15:55:50 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <1100128032.5094.22.camel@ganymede> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> <1100114820.5094.14.camel@ganymede> <41929DFD.60509@slett.net> <1100128032.5094.22.camel@ganymede> Message-ID: <0FDB8273-3374-11D9-A586-0030656CF512@slett.net> On Nov 10, 2004, at 15:07, Kilian Krause wrote: > Am Mittwoch, den 10.11.2004, 15:02 -0800 schrieb Tor Slettnes: >> [Kilian, sorry for the duplicate; I had the wrong address for the >> SA-Exim list the first time]. > > well, first of all there's no need to CC me as i do read sa-exim > anyway.. but sending me twice might already count as ground level spam > hehe (just kiddin') ;) Man, you *are* feisty. > so you say the magic is here to use fakereject instead of reject? I > daresay that i tried to understand that from the URL given back in the > thread and somewhat i still cannot see what the *FAKE* about this > reject is. "fakereject" is a control (similar to "freeze") provided by the Exiscan-ACL patch. It instructs Exim to issue a "550" response, even if the mail is accepted. I use it, rather than a "deny" statement, because I want to keep a copy of mail classified as spam in a separate Junk folder. > So maybe you can enlighten me how i with this can do a "whitelisting" > but still scan my mails and then throw them silently into /dev/null > without producing large backscatter with my mx being the one listed in > the "he's to blame, he didn't accept it!".. I tried twice, here is a third time. First, use Exiscan-ACL rather than SA-Exim, for the reasons I have described. Second, invoke SpamAssassin on all mail, but don't reject if the sending host is in your whitelist. The following does this (in a fashion a little bit simpler than what I provided last time): deny message = Classified as spam (score $spam_score)\n$spam_report set acl_m9 = ham spam = mail set acl_m9 = spam !hosts = /etc/mail/whitelist-hosts warn message = X-Spam-Status: \ ${if eq{$acl_m9}{spam}{Yes}{No}}; score=$spam_score The first ("deny") statement, line by line: - Define the 550 message that will be issued in the event that this statement evaluates to "true" - Initially set a flag in $acl_m9 to indicate that this message is ham. - Invoke SpamAssassin as user "mail" - If we are still here, it means the "spam" condition was true. Change the flag in $acl_m9 to indicate that the message is spam. - Check that the host is not in /etc/mail/whitelist-hosts, before actually deciding to reject the mail. The second ("warn") statement adds a "X-Spam-Status: No" or "X-Spam-Status: Yes" header line to the mail, depending on whether the mail was classified as ham or spam. Again, for a more sophisticated example, see: http://slett.net/spam-filtering-for-mx/exim-sa.html -tor From tor at slett.net Thu Nov 11 00:33:23 2004 From: tor at slett.net (Tor Slettnes) Date: Thu Nov 11 00:33:38 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <20041110210943.GY28734@linuxmafia.com> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> <20041110210943.GY28734@linuxmafia.com> Message-ID: <59AD8B7C-33BC-11D9-BF9D-00039381C3A4@slett.net> On Nov 10, 2004, at 13:09, Rick Moen wrote: > This decade's argument of "Please don't punish my badly administered > mailing-list box's MTA" seems to strongly resemble last decade's > argument of "Please don't punish my badly administered open relay". I > wonder how many people will accept the reasoning, this time? Closing open relays is a simple, well defined, unambigous task. Either you are relaying mail between third parties, or you are not. Simply put, you do not want to deal with sites that do relay - hence the various RBLs that specifically list such hosts. Stopping spam relaying is a very different ballgame. There is no "black" and "white" mechanism to identify spam - spam classifications/criteria vary from one filtering program/mechanism to another - something classified as ham by the receiving MX may in turn be classified as spam by the primary/final MX. Unless everyone in the world use the same mechanism to classify spam (at least for SMTP rejection purposes), you will end up punishing your friends, not the enemy - and you will end up (indirectly) generating collateral spam. (Of course, if everyone in the world _did_ use the same criteria, it would sort defeat the purpose of filtering in the first place). Finally, you ought to have a little chat with the Debian organization's postmaster - this is a guy who deals with hundreds of frozen messages (due to mail rejected by mailing list subscribers) each day. Although most of these rejected messages are spam (and you could argue that Debian ought to change its stance on spam filtering on their servers) you find plenty of cases where the mail rejected by list subscribers is not spam at all. -tor From kristopher.austin at oc.edu Thu Nov 11 08:11:50 2004 From: kristopher.austin at oc.edu (Kristopher Austin) Date: Thu Nov 11 06:12:09 2004 Subject: [SA-exim] SA 3.0 and Greylisting Message-ID: <0B91381A437EEF49AA5ED37EC5EDD555AB4F1D@fsmail.oc.edu> Okay, thanks for the response. I'll look and see if I can write the plugin. I'm a pretty decent programmer so I think I can figure it out. Do you happen to have an idea of where to start to get the information about writing Plugins for SA? Thanks for all of the work you've put into SA-Exim. Kris -----Original Message----- From: Marc MERLIN [mailto:marc@merlins.org] Sent: Wednesday, November 10, 2004 4:22 PM To: Kristopher Austin Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] SA 3.0 and Greylisting On Wed, Nov 10, 2004 at 02:55:52PM -0600, Kristopher Austin wrote: > I have looked everywhere I can think of to figure out how to get > SA-Exim's Greylisting to work with SA 3.0. > > The current CVS of SA-Exim is supposed to support SA 3.0, but I couldn't > find a new patch file to patch SA with. Am I missing something very > obvious? I have seen no mention of this anywhere so I suppose everyone > else has figured out how to get it to work. I'm afraid there is no secret. I haven't upgraded to SA 3.0 yet, and thus haven't written the module (it won't be a patch SA 3.0 supports modules, so it should be cleaner) The snow season having started, it may however mean that I'll be in cars and/or hotel rooms with my laptop and will hopefully have time to write this soon Of course, that doesn't stop someone else from doing it first, the code in question is not rocket science :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From kristopher.austin at oc.edu Thu Nov 11 16:17:04 2004 From: kristopher.austin at oc.edu (Kristopher Austin) Date: Thu Nov 11 14:17:22 2004 Subject: [SA-exim] SA 3.0 and Greylisting Message-ID: <0B91381A437EEF49AA5ED37EC5EDD555AB54EA@fsmail.oc.edu> Okay, I believe I have successfully converted Marc's greylisting patch into a plugin for SA 3.0. However, one ability was removed until I have time to do more research: all e-mail tuplets will be logged even if they are over "dontgreylistthreshold." I haven't figured out how to make the greylisting rules run last. Maybe Marc can figure it out when he has the time. Besides that, it really wasn't too difficult. I just had to change around a couple of variable names and make a couple of functions "Taint-Mode" happy. I've attached the two files necessary to make the plugin work. Just put them with all of your other *.cf files. Be sure to modify sa-exim.cf to use the variables you prefer. Let me know if you see any glaring problems. I've run it on a production server now for about an hour (it's gone through 300 messages) and haven't seen any problems. Kris -----Original Message----- From: sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org [mailto:sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org] On Behalf Of Kristopher Austin Sent: Thursday, November 11, 2004 8:12 AM To: Marc MERLIN Cc: sa-exim@lists.merlins.org Subject: RE: [SA-exim] SA 3.0 and Greylisting Okay, thanks for the response. I'll look and see if I can write the plugin. I'm a pretty decent programmer so I think I can figure it out. Do you happen to have an idea of where to start to get the information about writing Plugins for SA? Thanks for all of the work you've put into SA-Exim. Kris -----Original Message----- From: Marc MERLIN [mailto:marc@merlins.org] Sent: Wednesday, November 10, 2004 4:22 PM To: Kristopher Austin Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] SA 3.0 and Greylisting On Wed, Nov 10, 2004 at 02:55:52PM -0600, Kristopher Austin wrote: > I have looked everywhere I can think of to figure out how to get > SA-Exim's Greylisting to work with SA 3.0. > > The current CVS of SA-Exim is supposed to support SA 3.0, but I couldn't > find a new patch file to patch SA with. Am I missing something very > obvious? I have seen no mention of this anywhere so I suppose everyone > else has figured out how to get it to work. I'm afraid there is no secret. I haven't upgraded to SA 3.0 yet, and thus haven't written the module (it won't be a patch SA 3.0 supports modules, so it should be cleaner) The snow season having started, it may however mean that I'll be in cars and/or hotel rooms with my laptop and will hopefully have time to write this soon Of course, that doesn't stop someone else from doing it first, the code in question is not rocket science :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-exim.cf Type: application/octet-stream Size: 490 bytes Desc: sa-exim.cf Url : http://lists.merlins.org/archives/sa-exim/attachments/20041111/b84a3d59/sa-exim-0002.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-exim.pm Type: application/octet-stream Size: 8257 bytes Desc: sa-exim.pm Url : http://lists.merlins.org/archives/sa-exim/attachments/20041111/b84a3d59/sa-exim-0003.exe From kk at verfaction.de Fri Nov 12 00:43:32 2004 From: kk at verfaction.de (Kilian Krause) Date: Thu Nov 11 15:43:48 2004 Subject: [SA-exim] devnull relayed spam? In-Reply-To: <0FDB8273-3374-11D9-A586-0030656CF512@slett.net> References: <1097667346.3055.5.camel@mars> <20041104041906.GC1478@merlins.org> <1099573187.4704.3.camel@ganymede> <20041104155810.GB31918@merlins.org> <011A16EB-334C-11D9-B213-0030656CF512@slett.net> <1100114820.5094.14.camel@ganymede> <41929DFD.60509@slett.net> <1100128032.5094.22.camel@ganymede> <0FDB8273-3374-11D9-A586-0030656CF512@slett.net> Message-ID: <1100216612.4850.20.camel@ganymede> Hi Tor, > > so you say the magic is here to use fakereject instead of reject? I > > daresay that i tried to understand that from the URL given back in the > > thread and somewhat i still cannot see what the *FAKE* about this > > reject is. > > "fakereject" is a control (similar to "freeze") provided by the > Exiscan-ACL patch. It instructs Exim to issue a "550" response, even > if the mail is accepted. I use it, rather than a "deny" statement, > because I want to keep a copy of mail classified as spam in a separate > Junk folder. ok, so the fake is not about the reject being fake (in terms of not happening), but the fake refers to the message not being only rejected and gone ;) I guess somewhat i had from the term expected the first to happen, but it's clear now.. thanks! > > So maybe you can enlighten me how i with this can do a "whitelisting" > > but still scan my mails and then throw them silently into /dev/null > > without producing large backscatter with my mx being the one listed in > > the "he's to blame, he didn't accept it!".. > > I tried twice, here is a third time. Hehe, thanks for the patience ;) > First, use Exiscan-ACL rather than SA-Exim, for the reasons I have > described. -(snip)- > !hosts = /etc/mail/whitelist-hosts -(snip)- > - Check that the host is not in /etc/mail/whitelist-hosts, before > actually > deciding to reject the mail. Alright, i finally found the path you show me.. At least i have now finally been able to reproduce your proposal. Will try that and come back if there's something still fishy with it.. (Which i hope will not be the case *g*) Thanks again for the hint and patience ;) -- Best regards, Kilian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.merlins.org/archives/sa-exim/attachments/20041112/ebb20fc9/attachment.bin From kristopher.austin at oc.edu Fri Nov 12 11:07:18 2004 From: kristopher.austin at oc.edu (Kristopher Austin) Date: Fri Nov 12 09:07:33 2004 Subject: [SA-exim] SA 3.0 and Greylisting (new version) Message-ID: <0B91381A437EEF49AA5ED37EC5EDD555AB572A@fsmail.oc.edu> I've made a couple of small modifications. I figured out how to get "dontgreylistthreshold" to be useful again. It seems that the score is ready by the time the plugins are called and I just needed to find the new function call. I believe everything now works as everyone would expect. Let me know what you think. Kris -----Original Message----- From: sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org [mailto:sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org] On Behalf Of Kristopher Austin Sent: Thursday, November 11, 2004 4:17 PM To: sa-exim@lists.merlins.org Subject: RE: [SA-exim] SA 3.0 and Greylisting Okay, I believe I have successfully converted Marc's greylisting patch into a plugin for SA 3.0. However, one ability was removed until I have time to do more research: all e-mail tuplets will be logged even if they are over "dontgreylistthreshold." I haven't figured out how to make the greylisting rules run last. Maybe Marc can figure it out when he has the time. Besides that, it really wasn't too difficult. I just had to change around a couple of variable names and make a couple of functions "Taint-Mode" happy. I've attached the two files necessary to make the plugin work. Just put them with all of your other *.cf files. Be sure to modify sa-exim.cf to use the variables you prefer. Let me know if you see any glaring problems. I've run it on a production server now for about an hour (it's gone through 300 messages) and haven't seen any problems. Kris -----Original Message----- From: sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org [mailto:sa-exim-bounces+kristopher.austin=oc.edu@lists.merlins.org] On Behalf Of Kristopher Austin Sent: Thursday, November 11, 2004 8:12 AM To: Marc MERLIN Cc: sa-exim@lists.merlins.org Subject: RE: [SA-exim] SA 3.0 and Greylisting Okay, thanks for the response. I'll look and see if I can write the plugin. I'm a pretty decent programmer so I think I can figure it out. Do you happen to have an idea of where to start to get the information about writing Plugins for SA? Thanks for all of the work you've put into SA-Exim. Kris -----Original Message----- From: Marc MERLIN [mailto:marc@merlins.org] Sent: Wednesday, November 10, 2004 4:22 PM To: Kristopher Austin Cc: sa-exim@lists.merlins.org Subject: Re: [SA-exim] SA 3.0 and Greylisting On Wed, Nov 10, 2004 at 02:55:52PM -0600, Kristopher Austin wrote: > I have looked everywhere I can think of to figure out how to get > SA-Exim's Greylisting to work with SA 3.0. > > The current CVS of SA-Exim is supposed to support SA 3.0, but I couldn't > find a new patch file to patch SA with. Am I missing something very > obvious? I have seen no mention of this anywhere so I suppose everyone > else has figured out how to get it to work. I'm afraid there is no secret. I haven't upgraded to SA 3.0 yet, and thus haven't written the module (it won't be a patch SA 3.0 supports modules, so it should be cleaner) The snow season having started, it may however mean that I'll be in cars and/or hotel rooms with my laptop and will hopefully have time to write this soon Of course, that doesn't stop someone else from doing it first, the code in question is not rocket science :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key _______________________________________________ SA-Exim mailing list SA-Exim@lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-exim.pm Type: application/octet-stream Size: 8259 bytes Desc: sa-exim.pm Url : http://lists.merlins.org/archives/sa-exim/attachments/20041112/06f2a4da/sa-exim.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-exim.cf Type: application/octet-stream Size: 450 bytes Desc: sa-exim.cf Url : http://lists.merlins.org/archives/sa-exim/attachments/20041112/06f2a4da/sa-exim-0001.exe From brian at brie.com Sat Nov 27 14:40:13 2004 From: brian at brie.com (Brian Lavender) Date: Sat Nov 27 14:40:37 2004 Subject: [SA-exim] Build for Debian Woody help In-Reply-To: <20041101110245.52d2181e@concord.bghflt.org> References: <20041101110245.52d2181e@concord.bghflt.org> Message-ID: <20041127224013.GA346@brie.com> Mathieu, I wrote a script that will install SA-Exim on Debian Woody. Only thing is, I wrote it in June before Marc released the latest SA-Exim. Feel free to give it a try though. brian On Mon, Nov 01, 2004 at 11:02:45AM +0100, mollo wrote: > Hello, > > I'm using for my Debian Woody the exim backport packages from > http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/woody/ > > it's release 4.34 of Exim. > > I'm now using SpamAssassin 3.0, an update of sa-exim is needed. > > I build with patching the sources, but I got : > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() library doesn't contain > local_scan_version_major() function - message temporarily rejected > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed with > signal 11 - message temporarily rejected (size 2241) > > Has anyone builded sa-exim.so for woody, thanks. > > Build Notes: > -I extract exim4.34 somewhere > -I patch using localscan_dlopen_exim_4.20_or_better.patch > -Because updating the SA-exim Makefile with > EXIM_SRC=/home//exim-4.34/src don't work (make don't see any file), I > just copy the files local_scan.h, and so from exim tree. > -Build work with some warning and give the 'sa-exim' > > -Using files provided in eximinc give the same error when run. > > > Ciao' > Mathieu > > -- > > _______________________________________________ > SA-Exim mailing list > SA-Exim@lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim -- Brian Lavender http://www.brie.com/brian/ -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-exim.sh Type: application/x-sh Size: 4053 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20041127/cb59fc5e/sa-exim-0001.sh From brian at brie.com Sat Nov 27 20:00:11 2004 From: brian at brie.com (Brian Lavender) Date: Sat Nov 27 20:00:31 2004 Subject: [SA-exim] Build for Debian Woody help In-Reply-To: <20041127224013.GA346@brie.com> References: <20041101110245.52d2181e@concord.bghflt.org> <20041127224013.GA346@brie.com> Message-ID: <20041128040011.GA2010@brie.com> It turns out my script doesn't work anymore. SpamAssassin wants dpatch, and so on.... I imagine you may have knew this already. brian On Sat, Nov 27, 2004 at 02:40:13PM -0800, Brian Lavender wrote: > Mathieu, > > I wrote a script that will install SA-Exim on Debian Woody. Only thing > is, I wrote it in June before Marc released the latest SA-Exim. Feel > free to give it a try though. > > brian > > On Mon, Nov 01, 2004 at 11:02:45AM +0100, mollo wrote: > > Hello, > > > > I'm using for my Debian Woody the exim backport packages from > > http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/woody/ > > > > it's release 4.34 of Exim. > > > > I'm now using SpamAssassin 3.0, an update of sa-exim is needed. > > > > I build with patching the sources, but I got : > > > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() library doesn't contain > > local_scan_version_major() function - message temporarily rejected > > > > 2004-11-01 10:28:08 1COYTw-0007Cl-RW local_scan() function crashed with > > signal 11 - message temporarily rejected (size 2241) > > > > Has anyone builded sa-exim.so for woody, thanks. > > > > Build Notes: > > -I extract exim4.34 somewhere > > -I patch using localscan_dlopen_exim_4.20_or_better.patch > > -Because updating the SA-exim Makefile with > > EXIM_SRC=/home//exim-4.34/src don't work (make don't see any file), I > > just copy the files local_scan.h, and so from exim tree. > > -Build work with some warning and give the 'sa-exim' > > > > -Using files provided in eximinc give the same error when run. > > > > > > Ciao' > > Mathieu > > > > -- > > > > _______________________________________________ > > SA-Exim mailing list > > SA-Exim@lists.merlins.org > > http://lists.merlins.org/lists/listinfo/sa-exim > > -- > Brian Lavender > http://www.brie.com/brian/ > _______________________________________________ > SA-Exim mailing list > SA-Exim@lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim -- Brian Lavender http://www.brie.com/brian/ From marc at mclemente.net Sat Nov 27 23:25:10 2004 From: marc at mclemente.net (Marc F. Clemente) Date: Sat Nov 27 21:25:29 2004 Subject: [SA-exim] SA 3.0 and Greylisting (new version) Message-ID: <41A96136.70705@mclemente.net> I assume that the patch is Greylisting.pm in the CVS... How does it work? I compiled and installed the CVS version of sa-exim. I copied Greylisting.pm to /usr/share/perl5/Mail/SpamAssassin/Plugin I added "loadplugin Mail::Spamassassin::Plugin::Greylisting" to /etc/spamassassin/init.pre Now what do I do? What are the important config options in sa-exim.conf? Do I still need "header GREYLIST_ISWHITE ..." in /etc/spamassassin/local.cf? What configuration changes do I need to make, as I upgrade from spamassassin 2.x to 3.x? Thanks, Marc From marc at merlins.org Sat Nov 27 23:58:55 2004 From: marc at merlins.org (Marc MERLIN) Date: Sat Nov 27 23:58:59 2004 Subject: [SA-exim] SA 3.0 and Greylisting (new version) In-Reply-To: <41A96136.70705@mclemente.net> References: <41A96136.70705@mclemente.net> Message-ID: <20041128075855.GD1429@merlins.org> On Sat, Nov 27, 2004 at 11:25:10PM -0600, Marc F. Clemente wrote: > I assume that the patch is Greylisting.pm in the CVS... How does it work? Damn, people are actually watching CVS :) I haven't checked in the docs yet. > I compiled and installed the CVS version of sa-exim. > > I copied Greylisting.pm to /usr/share/perl5/Mail/SpamAssassin/Plugin > > I added "loadplugin Mail::Spamassassin::Plugin::Greylisting" to > /etc/spamassassin/init.pre > > Now what do I do? What are the important config options in > sa-exim.conf? Do I still need "header GREYLIST_ISWHITE ..." in > /etc/spamassassin/local.cf? What configuration changes do I need to > make, as I upgrade from spamassassin 2.x to 3.x? This is what I use: # Be careful to put numbers between double quotes, or they won't be passed on loadplugin Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm header GREYLIST_ISWHITE eval:greylisting("( 'dir' => '/var/spool/sa-exim/tuplets'; 'method' => 'dir'; 'greylistsecs' => '1800'; 'dontgreylistthreshold' => 11; 'connectiphdr' => 'X-SA-Exim-Connect-IP'; 'envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 1; 'greylistfourthbyte' => 0 )") describe GREYLIST_ISWHITE The incoming server has been whitelisted for this receipient and sender score GREYLIST_ISWHITE -1.5 # Run SpamAssassin last, after all other rules. # (lets us not greylist a host that is sending spam, otherwise this rule might # set a sufficiently negative score that the next spam would be allowed in) priority GREYLIST_ISWHITE 99999 There is still a -T dependency buglet that I'm working on, which is why I haven't announced it yet :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key