From pradeeper at eopensys.com Mon Apr 4 22:18:51 2005 From: pradeeper at eopensys.com (Pradeeper) Date: Tue, 05 Apr 2005 11:18:51 +0600 Subject: [SA-exim] Duplicate mails Message-ID: <1112678330.2970.10.camel@Deby.eopensys.com> Hi All We installed a new Mail Gateway for our Lotus Domino mail server for spam controlling, using following software, exim4 - 4.50-4 sa-exim - 4.2-2 spamassassin - 3.0.2-1 Debian - Sarge It simply scan all the in-coming mails and forward it to Domino server to delivery. It's working fine except a small problem. Problem is, after we place this gateway, we are getting duplicate emails from certain domains (most of the domains are ok). Specially from gmail.com and few of our customers. What could be the problem? Or where should I look in to? Thanks! Pradeeper From nomad at null.net Thu Apr 7 01:47:29 2005 From: nomad at null.net (Mark Lawrence) Date: Thu, 7 Apr 2005 10:47:29 +0200 (CEST) Subject: [SA-exim] Duplicate mails In-Reply-To: <1112678330.2970.10.camel@Deby.eopensys.com> References: <1112678330.2970.10.camel@Deby.eopensys.com> Message-ID: > Problem is, after we place this gateway, we are getting duplicate emails > from certain domains (most of the domains are ok). Specially from > gmail.com and few of our customers. What could be the problem? Or where > should I look in to? Funny that you should post this query to the sa-exim mailing list - because I sometimes get duplicate mails from Domino hosts :-) Little bit hard to solve without more information. I would suggest that you trace the path and actions of a known duplicate message through the system and see *who* it was that delivered it twice. It may be your box, but it could also be these domains... Checkout the manpage for 'exigrep' and use it on /var/log/exim4/mainlog. The messageid (something like 1DJSYZ-0000rU-Sx) is a pretty good search string. Cheers, Mark. -- Mark Lawrence From kristopher.austin at oc.edu Thu Apr 7 06:34:58 2005 From: kristopher.austin at oc.edu (Kristopher Austin) Date: Thu, 7 Apr 2005 08:34:58 -0500 Subject: [SA-exim] Duplicate mails Message-ID: <0B91381A437EEF49AA5ED37EC5EDD5550149B1AA@fsmail.oc.edu> I've also found it very useful to manually test sending an email manually and make sure your mail server is sending appropriate responses. Telnet to mail.yourdomain.com port 25 Helo somehostname Mail from: your address Rcpt to: your address Data [type an email including headers here] . You should get appropriate responses from your server. Make sure it looks clean. We were once getting duplicate email as well. After I did this, I discovered that the virus scanner was throwing some error back to the sending server. It did not comply with any standard response and different sending servers handled that differently. Kris -----Original Message----- From: sa-exim-bounces+kristopher.austin=oc.edu at lists.merlins.org [mailto:sa-exim-bounces+kristopher.austin=oc.edu at lists.merlins.org] On Behalf Of Pradeeper Sent: Tuesday, April 05, 2005 12:19 AM To: SA-Exim Subject: [SA-exim] Duplicate mails Hi All We installed a new Mail Gateway for our Lotus Domino mail server for spam controlling, using following software, exim4 - 4.50-4 sa-exim - 4.2-2 spamassassin - 3.0.2-1 Debian - Sarge It simply scan all the in-coming mails and forward it to Domino server to delivery. It's working fine except a small problem. Problem is, after we place this gateway, we are getting duplicate emails from certain domains (most of the domains are ok). Specially from gmail.com and few of our customers. What could be the problem? Or where should I look in to? Thanks! Pradeeper _______________________________________________ SA-Exim mailing list SA-Exim at lists.merlins.org http://lists.merlins.org/lists/listinfo/sa-exim From pradeeper at eopensys.com Thu Apr 7 19:19:42 2005 From: pradeeper at eopensys.com (Pradeeper) Date: Fri, 08 Apr 2005 08:19:42 +0600 Subject: [SA-exim] Duplicate mails In-Reply-To: References: <1112678330.2970.10.camel@Deby.eopensys.com> Message-ID: <1112926781.2871.10.camel@Deby.eopensys.com> Thanks Mark and Kris! Greatly Appreciate your help and I'll do it and inform you the results. Pradeeper On Thu, 2005-04-07 at 14:47, Mark Lawrence wrote: > > Problem is, after we place this gateway, we are getting duplicate emails > > from certain domains (most of the domains are ok). Specially from > > gmail.com and few of our customers. What could be the problem? Or where > > should I look in to? > > Funny that you should post this query to the sa-exim mailing list - > because I sometimes get duplicate mails from Domino hosts :-) > > Little bit hard to solve without more information. I would suggest that > you trace the path and actions of a known duplicate message through the > system and see *who* it was that delivered it twice. It may be your box, > but it could also be these domains... > > Checkout the manpage for 'exigrep' and use it on /var/log/exim4/mainlog. > The messageid (something like 1DJSYZ-0000rU-Sx) is a pretty good search > string. > > Cheers, > Mark. From rootchaos at rootchaos.za.net Sun Apr 10 00:17:42 2005 From: rootchaos at rootchaos.za.net (RootChaos) Date: Sun, 10 Apr 2005 09:17:42 +0200 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install Message-ID: <20050410071742.B02A72E335@smtp02.isdsl.net> Hi, I installed freeBSD 5.3, Exim, SA-Exim, p5-Mail-Spamassassin from the ports collection on my newlt installed freeBSD server. For some or other reason, this keeps popping up on my exim logs :- 2005-04-10 06:34:19 1DKU9L-0000Rr-E8 SA: PANIC: Unexpected error on conf file open for /usr/local/etc/exim/sa-exim.conf (but message was accepted), file ../Local/sa-exim.c, line 645: Permission denied Does anyone have the same problem or can someone give me some pointers to the problem ?? Regards RC From marc at merlins.org Sun Apr 10 07:57:58 2005 From: marc at merlins.org (Marc MERLIN) Date: Sun, 10 Apr 2005 07:57:58 -0700 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install In-Reply-To: <20050410071742.B02A72E335@smtp02.isdsl.net> References: <20050410071742.B02A72E335@smtp02.isdsl.net> Message-ID: <20050410145758.GD5230@merlins.org> On Sun, Apr 10, 2005 at 09:17:42AM +0200, RootChaos wrote: > Hi, > > I installed freeBSD 5.3, Exim, SA-Exim, p5-Mail-Spamassassin from the ports > collection on my newlt installed freeBSD server. For some or other reason, > this keeps popping up on my exim logs :- > > 2005-04-10 06:34:19 1DKU9L-0000Rr-E8 SA: PANIC: Unexpected error on conf > file open for /usr/local/etc/exim/sa-exim.conf (but message was accepted), > file ../Local/sa-exim.c, line 645: Permission denied well, it's the message clear? sa-exim (running as exim/mail/whatever exim is configured on your machine) doesn't have the rights to traverse /usr/local/etc/exim/ and open sa-exim.conf Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From rootchaos at rootchaos.za.net Sun Apr 10 10:54:50 2005 From: rootchaos at rootchaos.za.net (RootChaos) Date: Sun, 10 Apr 2005 19:54:50 +0200 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install In-Reply-To: <20050410145758.GD5230@merlins.org> Message-ID: <20050410175446.A25232E1A7@smtp01.isdsl.net> Hi Marc Well, I throught that to be the problem. Fixed up some permissions, but it still comes up with the same error.... This is what my directory / file permissions looks like :- [root at freebsd etc]# ls -al /usr/local/etc drwxr--r-- 2 root wheel 512 Apr 8 19:44 exim/ [root at freebsd etc]# ls -al /usr/local/etc/exim/ -rw-rw-r-- 1 root wheel 16661 Apr 8 19:44 sa-exim.conf RC -----Original Message----- From: Marc MERLIN [mailto:marc at merlins.org] Sent: Sunday, April 10, 2005 4:58 PM To: RootChaos Cc: sa-exim at lists.merlins.org Subject: Re: [SA-exim] freeBSD, Exim, SA-Exim Ports Install On Sun, Apr 10, 2005 at 09:17:42AM +0200, RootChaos wrote: > Hi, > > I installed freeBSD 5.3, Exim, SA-Exim, p5-Mail-Spamassassin from the > ports collection on my newlt installed freeBSD server. For some or > other reason, this keeps popping up on my exim logs :- > > 2005-04-10 06:34:19 1DKU9L-0000Rr-E8 SA: PANIC: Unexpected error on > conf file open for /usr/local/etc/exim/sa-exim.conf (but message was > accepted), file ../Local/sa-exim.c, line 645: Permission denied well, it's the message clear? sa-exim (running as exim/mail/whatever exim is configured on your machine) doesn't have the rights to traverse /usr/local/etc/exim/ and open sa-exim.conf Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From marc at merlins.org Sun Apr 10 16:36:49 2005 From: marc at merlins.org (Marc MERLIN) Date: Sun, 10 Apr 2005 16:36:49 -0700 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install In-Reply-To: <20050410175446.A25232E1A7@smtp01.isdsl.net> References: <20050410145758.GD5230@merlins.org> <20050410175446.A25232E1A7@smtp01.isdsl.net> Message-ID: <20050410233649.GH5230@merlins.org> On Sun, Apr 10, 2005 at 07:54:50PM +0200, RootChaos wrote: > Hi Marc > > Well, I throught that to be the problem. Fixed up some permissions, but it > still comes up with the same error.... > > This is what my directory / file permissions looks like :- > > > [root at freebsd etc]# ls -al /usr/local/etc > drwxr--r-- 2 root wheel 512 Apr 8 19:44 exim/ Err, you may need to pick up a book or man page on unix permissions before becoming RootChaos :) if you don't set the 'x' bit on a directory, it is not traversable, so sa-exim will never be able to reach its config file > [root at freebsd etc]# ls -al /usr/local/etc/exim/ > -rw-rw-r-- 1 root wheel 16661 Apr 8 19:44 sa-exim.conf > > > > RC > > > > > -----Original Message----- > From: Marc MERLIN [mailto:marc at merlins.org] > Sent: Sunday, April 10, 2005 4:58 PM > To: RootChaos > Cc: sa-exim at lists.merlins.org > Subject: Re: [SA-exim] freeBSD, Exim, SA-Exim Ports Install > > On Sun, Apr 10, 2005 at 09:17:42AM +0200, RootChaos wrote: > > Hi, > > > > I installed freeBSD 5.3, Exim, SA-Exim, p5-Mail-Spamassassin from the > > ports collection on my newlt installed freeBSD server. For some or > > other reason, this keeps popping up on my exim logs :- > > > > 2005-04-10 06:34:19 1DKU9L-0000Rr-E8 SA: PANIC: Unexpected error on > > conf file open for /usr/local/etc/exim/sa-exim.conf (but message was > > accepted), file ../Local/sa-exim.c, line 645: Permission denied > > well, it's the message clear? > sa-exim (running as exim/mail/whatever exim is configured on your machine) > doesn't have the rights to traverse /usr/local/etc/exim/ and open > sa-exim.conf > > Marc > -- > "A mouse is a device used to point at the xterm you want to type in" - > A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to gourmet > cooking > Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP > key > > > -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From lazy at server.gwsh.gda.pl Sun Apr 10 11:16:31 2005 From: lazy at server.gwsh.gda.pl (lazy@server.gwsh.gda.pl) Date: Sun, 10 Apr 2005 20:16:31 +0200 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install In-Reply-To: <20050410175446.A25232E1A7@smtp01.isdsl.net> References: <20050410145758.GD5230@merlins.org> <20050410175446.A25232E1A7@smtp01.isdsl.net> Message-ID: <20050410181631.GA19401@server.gwsh.gda.pl> On Sun, Apr 10, 2005 at 07:54:50PM +0200, RootChaos wrote: > Hi Marc > > Well, I throught that to be the problem. Fixed up some permissions, but it > still comes up with the same error.... > > This is what my directory / file permissions looks like :- > > > [root at freebsd etc]# ls -al /usr/local/etc > drwxr--r-- 2 root wheel 512 Apr 8 19:44 exim/ ^ this is still wrong user exim has no rights to enter /usr/local/etc chmod 755 or 711 if you'r paranoid should help > > [root at freebsd etc]# ls -al /usr/local/etc/exim/ > -rw-rw-r-- 1 root wheel 16661 Apr 8 19:44 sa-exim.conf > -- lazy From rootchaos at rootchaos.za.net Mon Apr 11 12:04:11 2005 From: rootchaos at rootchaos.za.net (RootChaos) Date: Mon, 11 Apr 2005 21:04:11 +0200 Subject: [SA-exim] freeBSD, Exim, SA-Exim Ports Install In-Reply-To: <20050410181631.GA19401@server.gwsh.gda.pl> Message-ID: <20050411190403.1CD382E70C@smtp01.isdsl.net> How stupid of me. All seems to be running fine now... Thanx for all the help ! Regards RC -----Original Message----- From: lazy at server.gwsh.gda.pl [mailto:lazy at server.gwsh.gda.pl] Sent: Sunday, April 10, 2005 8:17 PM To: RootChaos Cc: sa-exim at lists.merlins.org Subject: Re: [SA-exim] freeBSD, Exim, SA-Exim Ports Install On Sun, Apr 10, 2005 at 07:54:50PM +0200, RootChaos wrote: > Hi Marc > > Well, I throught that to be the problem. Fixed up some permissions, > but it still comes up with the same error.... > > This is what my directory / file permissions looks like :- > > > [root at freebsd etc]# ls -al /usr/local/etc > drwxr--r-- 2 root wheel 512 Apr 8 19:44 exim/ ^ this is still wrong user exim has no rights to enter /usr/local/etc chmod 755 or 711 if you'r paranoid should help > > [root at freebsd etc]# ls -al /usr/local/etc/exim/ > -rw-rw-r-- 1 root wheel 16661 Apr 8 19:44 sa-exim.conf > -- lazy From christos at gnosys.de Fri Apr 22 08:17:49 2005 From: christos at gnosys.de (Christos Stieglitz) Date: Fri, 22 Apr 2005 17:17:49 +0200 Subject: [SA-exim] SA: PANIC: on Debian - please help Message-ID: <200504221717.49233@gnosys.de> Hi list members, after upgrading to the latest versions of exim4, spamassassin and sa-exim i cannot filter spam messages any more. As you can see in the mainlog below, sa-exim closes the file descriptors, forks spamc and then runs into a PANIC with "Bad file descriptor". I do not know, if closing the file descriptors before forking is a good or a bad thing. Do you have a suggestion please? Any help much appreciated - at the moment i drown in spam mails ;-( Many thanks Christos Stieglitz ------------------- Configuration information ------------------------ My versions: dpkg -l | grep exim ii ?exim4 ? ? ? ? ?4.50-5 ? ? ? ? metapackage to ease exim MTA (v4) installati ii ?exim4-base ? ? 4.50-5 ? ? ? ? support files for all exim MTA (v4) packages ii ?exim4-config ? 4.50-5 ? ? ? ? configuration for the exim MTA (v4) ii ?exim4-daemon-h 4.50-5 ? ? ? ? exim MTA (v4) daemon with extended features, ii ?eximon4 ? ? ? ?4.50-5 ? ? ? ? monitor application for the exim MTA (v4) (X rc ?exiscan ? ? ? ?2.4-4 ? ? ? ? ?an email virus scanner for exim ii ?sa-exim ? ? ? ?4.2-2 ? ? ? ? ?Use SpamAssassin at SMTP time with the Exim System ist Debian with 2.6.10 kernel. Here the relevant part from the mainlog: 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug9: Did not find X-Spam- in X-SA-Exim-Mail-From: cochran_mary2003 at yahoo.gr 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug9: forked spamc 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug9: closed filehandles 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug7: sent headers to spamc pipe. Sending body... 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: PANIC: Unexpected error on read body (but message was accepted), file sa-exim.c, line 984: Bad file descriptor 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug: Writing message to /var/spool/sa-exim/SAerrorsave/new/1114163585_1DOuqO-0002l5-Ug 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: Debug9: Archive body write starts: writing up to 1073741824 bytes in 16384 byte blocks 2005-04-22 11:53:05 1DOuqO-0002l5-Ug SA: PANIC: Error in error handler while trying to save mail to /var/spool/sa-exim/SAerrorsave/1114163585_1DOuqO-0002l5-Ug, file sa-exim.c, line 1470: Bad file descriptor Here the sa-exim.conf # Options for spamassassin running in exim's local_scan (SA Exim) # By Marc MERLIN - Initial version: April 2002 # Sander Smeenk - Improvements: March 2004 # # Sample file version 1.16 for SA-Exim 4.1 - 2005/01/10 # # The parse routine is minimalistic. It expects "option: value" (exactly # one space after the colon, and none before). You should put long lines # on one line. The parser isn't capable of parsing multiline values. # # SA threshold values are parsed as floats and other numerical options # are ints. String options have to be set. To unset them, comment out the # variable, don't set it to nothing. # # READ THIS: # --------- # Watch your logs, you will get errors and your messages will get # temporarily bounced if expansions fail. Watch your logs! # # If you are afraid that spammers might use a header that is used here # as a default, have exim set it to another value than 'Yes' and check # here for that other value. # # For every expansion, anything that doesn't expand to "" or "0" # (without quotes) will be considered true. If you set the string to 1, # it will be true without going through exim's condition evaluator (and # if you leave it unset, it will default to 0) # # You should not put double quotes around expressions! # --- snip --- # Enable basic verbose output by default. Watch your logs! SAEximDebug: 10 # Default path is /usr/bin/spamc, but you can change it here SAspamcpath: /usr/bin/spamc # Which characters are retained from a Message-Id header (for safety, we # remove characters that might cause problems with shell parsing) # Change the default at your own risk (you also have to change this in # the SA greylisting patch if you use that) #SAsafemesgidchars: !#%( )*+,-.0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~ # If SAspamcSockPath is set spamc uses socket to connect to spamd, # use --socketpath pathname as argument to spamd (new in SA 2.60). # Leave it unset if you want spamc to connect(AF_INET) to spamd at # 127.0.0.1 (this is the default shown in the options below), but if # you set it, it will override the two TCP connect options below #SAspamcSockPath: /var/run/spamd.sock # SAspamcHost / SAspamcPort: TCP socket where your spamd is listening # Shown below are the defaults: SAspamcHost: 127.0.0.1 SAspamcPort: 783 # Exim configuration string to run before running SA against the message # This decides whether SA gets run against the message or not. ?This # default will not reject messages if the message had SA headers but # they weren't added by us. SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address} {127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} # Remove or comment out the following line to enable sa-exim #SAEximRunCond: 0 # If and only if SAEximRunCond was true, and we did run SA, this # expression decides whether we actually consider acting upon SAdevnull, # SApermreject, and SAtempreject if you have them set. # # Use this to tag messages that you shouldn't reject (messages sent to # abuse or postmaster for instance). # # X-SA-Do-Not-Rej should be set as a warn header if mail is sent to # postmaster and abuse (in the RCPT ACL), this way you're not bouncing # spam abuse reports sent to you. This is a RFC guideline. SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}} # How much of the body we feed to spamassassin (in bytes) # Default is 250KB SAmaxbody: 16384000 # Do you want to feed SAmaxbody's worth of the message body if it is too big? # Either, you skip messages that are too big and not scan them, or you can # truncate the body and feed that to SA. # Note that SA will sometimes raise the spam score if it can't parse # the message correctly (since the end is missing, decoding will fail) # Default is 0: do not scan messages that are too big # (note that this is parsed as a condition) SATruncBodyCond: 1 # If you want SA to report_safe you need sa-exim to rewrite the body of # the message since SA encapsulates the spam as a mime attachment. # You probably want SATruncBodyCond to be 0 or else you'll end up with a # partial message if it's larger than SAmaxbody and it's spam # # Also note that if you enable this option, any saved message will be saved # after the body has been modified by SA. # (this is not a condition as SA's report_safe is not conditional) SARewriteBody: 0 # Prepend saved messages with an fake From-header to make the file look like a # valid mbox file SAPrependArchiveWithFrom: 1 # If you are archiving messages that are rejected, how much do you want # to archive? Default is 20MB. SAmaxarchivebody: 20971520 # On errors, if you are saving messages, you probably want the entire message # Default size saved (if you are saving errors) is 1GB SAerrmaxarchivebody: 1073741824 # You can have SA-Exim add a X-SA-Exim-Rcpt-To header, which will list all # the receipients for the Email, unless the list gets bigger than # SAmaxrcptlistlength bytes. # The default value of 0 disables the header for privacy reasons (the header # exposes Bcced receipients) # Any value bigger than 8000 will be ignored because there is a limit on the # size of headers that you can have and exim's string_sprintf # Note that if you are planning to use greylisting, you should set this # value to 8000 since SA's greylisting code needs the recipients. SAmaxrcptlistlength: 0 # Add X-SA-Exim-Rcpt-To and X-SA-Exim-Mail-From headers before SA scans # the message. # If this option is enabled, SARewiteBody is true, and safe_mode is # enabled in SA, you end up with the X-SA-Exim-Rcpt-To/X-SA-Exim-Mail-From in # the attatched message as well without the ability to remove them later in an # exim transport (think privacy). # In real life this is usually not a problem because the message is spam anyway, # and if you turn this off, you lose the option to use those headers to score # the message with SA. SAaddSAEheaderBeforeSA: 1 # How many seconds you want to allow spamc to run. Exim 4.04 and better will # kill us after a default of 5 minutes. This however is not great, because the # mail gets temporarily rejected # You should set this and have SA Exim handle the timeout itself and accept the # message if spamc takes too long (instead of timing out) # A value of 0 means no timeout, and we run until exim stops us. # I know of at least one mail server (nanog's merit.edu) that will not # wait a full 5mn (which causes tempreject and resends), so the default is 4mn #SAtimeout: 240 # Do you want to save mails that were accepted because spamc timed out? # Specify a directory to enable the feature. # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAtimeoutsave: /var/spool/sa-exim/SAtimeoutsave # You can optionally save or not save messages that matched the above rule SAtimeoutSavCond: 1 # You should really create this directory for local_scan to save messages that # created an error. If you don't want this, comment out this variable # Make sure all these directories are owned by the exim user # SA-Exim will try to ?create the directory if it has ?the permissions to do # so, check your maillog for failures ?(or create the directory yourself and # make it writeable by exim) SAerrorsave: /var/spool/sa-exim/SAerrorsave # You can optionally save or not save messages that matched the above rule # You should not put double quotes around the expression SAerrorSavCond: 1 # If you set to 1, SA will temporarily reject messages that generated an error # while they were processed (they'll still be saved if SAerrorsave is set). # Otherwise (0 = false), the messages are just accepted, which seems like a # more sensible default SAtemprejectonerror: 0 ############################################################################### # NOTE: Spamd needs to tell sa-exim that the message SA-Exim gave spamd # is spam before sa-exim will consider the SA tresholds. # In other words, you cannot reject mails on SA scores if you set that # threshold to a lower threshold than SA's required_hits value. # The one exception to this rule is SAtempreject (in order to let you # temporarily reject mail when you are doing greylisting, see # README.greylisting in the documentation for details) ############################################################################### # SA score when you start stalling the sender by sending many continuation # lines for up to SAteergrubetime # This is now a string (without quotes) that gets evaluated at runtime by exim # but you can still assign a simple float value to it # Note that this is an obvious abuse of SMTP, but eh, they started it :-) # Of course, this means that each incoming spam with the right score threshold # will keep an exim process busy on your machine. Make sure you can afford it. # Default value is 2^20, which should disable the behavior # Please, don't teergrube people who relay for you or your own MXes :-) # This option is left behind for backward compatibility, but you can now # get the same result by putting a condition string in SAteergrube # The trick is to list your score if the condition succeeds, and a really # high score otherwise. #SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {25}{1048576}} # SAteergrubecond is deprecated (replaced by SAteergrube) # You used to be say whether you would apply the teergrubing score with this # condition, but now that scores are conditions, it is obsolete #SAteergrubecond: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {1}{0}} # How long do you want to stall the sender (in seconds) # If you set the value too high, you might get too many exim processes running # and run out of process slots # Remember, don't come crying if playing with this "feature" causes your mail # server to catch fire :-) SAteergrubetime: 900 # You can optionally save or not save messages that matched the above rule SAteergrubeSavCond: 1 # Do you want to save mails that you stalled for later analysis? # Specify a directory to enable the feature. # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAteergrubesave: /var/spool/sa-exim/SAteergrube # When you stall the sender, you will probably get the mail again. # By default, we'll ?only save messages by message ID so ?that we don't save # multiple copies every time the sender tries again. # Of course, this means someone could fake someone else's message ID to # overwrite the saved copy of another spam. Such is life :-) SAteergrubeoverwrite: 1 # If you reach this score, the mail is accepted and tossed (/dev/nulled). # The default value is 2^20 which should ensure this never happens. # This is now a string (without quotes) that gets evaluated at runtime by exim # but you can still assign a simple float value to it # You should be really sure that the message is spam because the sender will # get no notification #SAdevnull: 20.0 # You can optionally save or not save messages that matched the above rule SAdevnullSavCond: 1 # Do you want to save mails that are tossed? # Specify a directory to enable the feature. # This is just in case you do want to keep a copy of the alledge spams somewhere # Messages are saved by unixdate_Message-Id or just unix date if there is no # Message-Id. # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAdevnullsave: /var/spool/sa-exim/SAdevnull # SA score when you start rejecting Emails (this is better than the above as # it can notify the sender in case you reject non-spam by mistake) # This is now a string (without quotes) that gets evaluated at runtime by exim # but you can still assign a simple float value to it # Default value is 2^20, which should disable the behavior if you comment out # the line below SApermreject: 12.0 # You can optionally save or not save messages that matched the above rule SApermrejectSavCond: 1 # Do you want to save mails that are rejected? # Specify a directory to enable the feature. # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SApermrejectsave: /var/spool/sa-exim/SApermreject # SA score when you start returning a temporary reject. # There are few reasons to use this, except if you're reading your tempreject # save folder (see below) and ajusting scores on the fly, or if you are using # greylisting # This is now a string (without quotes) that gets evaluated at runtime by exim # but you can still assign a simple float value to it # Default value is 2^20, which should disable the behavior SAtempreject: 9.0 # You can optionally save or not save messages that matched the above rule SAtemprejectSavCond: 1 # Do you want to save mails that are temporarily rejected? # Specify a directory to enable the feature. # You could use this to analyse what SA is bouncing and adding an allow rule # to accept the mail next time it is sent back to you # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAtemprejectsave: /var/spool/sa-exim/SAtempreject # When you send back a temp reject code, you will get the mail again. # By default, we'll only save messages by message ID so that we don't save # multiple copies every time the sender tries again. # Of course, this means someone could fake someone else's message ID to # overwrite the saved copy of another spam. Such is life :-) SAtemprejectoverwrite: 1 # See README.greylisting in the documentation for the following options # This is the string that SpamAssassin adds if the message is whitelisted # We use this to optionally increase the score needed for a tempreject # (in order to let a message through when it would otherwise have been # temprejected) # Default value is "GREYLIST_ISWHITE" (as used in the patch provided by SA-Exim) SAgreylistiswhitestr: GREYLIST_ISWHITE # By how much do we temporarly raise tempreject to allow a mail in when it # would otherwise have been temp rejected (because SA flagged it was whitelisted # by the greylisting code provided as a patch to SA in the SA-Exim distro) # Note that greylisting will not work in until you patch SA with the greylist # function # Note that you most likely want # SAtempreject + SAgreylistraisetempreject <= SApermreject # Default value is 3.0 but you'd probably to lower the tempreject score and # increase this one (see README.greylisting) SAgreylistraisetempreject: 3.0 # Do you want to save mails that are flagged as spam by SA, but not rejected by # any of the above thresholds? ?Specify a directory to enable the feature. # That's one way to track mails thare are going through even though they were # flagged by SA (note that you could also save them in exim's system_filter, # although copies saved here happen before exim makes modification to the # message like rewriting) # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAspamacceptsave: /var/spool/sa-exim/SAspamaccept # You can control which messages you want saved if you only want a subset SAspamacceptSavCond: 0 # Do you want to save mails that are not flagged as spam by SA # Specify a directory to enable the feature. # This is only here for completeness, if you want to save all messages not # flagged as spam by SA (you could also do this in system_filter) # SA-Exim will try to create the directory if it has the permissions to do so, # check your maillog for failures (or create the directory yourself and make it # writeable by exim) SAnotspamsave: /var/spool/sa-exim/SAnotspam # You can control which messages you want saved if you only want a subset SAnotspamSavCond: 0 # All the following strings can take one '%s' which will be replaced by # spamstatus: "SA score, trigger score" SAmsgteergrubewait: Wait for more output SAmsgteergruberej: Please try again later SAmsgpermrej: Rejected SAmsgtemprej: Please try again later # This string is a static string, do not include "%s" SAmsgerror: Temporary local error while processing message, please contact postmaster. From jerry at cheesymouse.com Mon Apr 25 10:42:03 2005 From: jerry at cheesymouse.com (Jerry Rasmussen) Date: Mon, 25 Apr 2005 13:42:03 -0400 Subject: [SA-exim] Send email marked as Spam to special spam address Message-ID: <217D777D3789FC4591199BA41FB0617AB153@nemo.scriptthis.net> I am using SA-Exim as an email gateway to block spam. I would like to configure my server to send emails that are marked as spam to a particular email address. (i.e. spam at domain.com) This is a requirement for me as people get worried that an email then want might be blocked as spam. I am using Exim 4.x , SA-Exim 4.2 and SpamAssassin 3.0 Thanks Jerry