From schimmer at cg.cs.tu-bs.de Wed Feb 2 13:41:39 2005 From: schimmer at cg.cs.tu-bs.de (Lars Schimmer) Date: Wed Feb 2 04:42:02 2005 Subject: [SA-exim] SA-Exim run condition problems... Message-ID: <4200CA83.1000000@cg.cs.tu-bs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I don't know what to do right now... I setup the run condition: SAEximRunCond: ${if or {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {def:sender_host_address} {!eq {mask: $sender_host_address/24}{1.1.1.0/24}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} And I try to send mail from a PC 1.1.1.34 out to the world. ~From MY point of view, spamassassin shouldn't act at all. But sa runs and tries to tag the mail :-( Any hint? Cya Amiga - -- - ----------------------------------------------------------------- Technische Universit?t Braunschweig, Institut f?r Computergraphik Tel.: +49 531 391-2109 E-Mail: schimmer@cg.cs.tu-bs.de PGP-Key-ID: 0xB87A0E03 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAMqCVguzrLh6DgMRAvmmAKCQ7o6OxwU3ys2HinLGG6khcGNmnACgrmcH wnqxD418bRDmU2oaGcVVuCI= =wffd -----END PGP SIGNATURE----- From schimmer at cg.cs.tu-bs.de Wed Feb 2 14:22:43 2005 From: schimmer at cg.cs.tu-bs.de (Lars Schimmer) Date: Wed Feb 2 05:22:53 2005 Subject: [SA-exim] SA-Exim run condition problems... In-Reply-To: <4200CA83.1000000@cg.cs.tu-bs.de> References: <4200CA83.1000000@cg.cs.tu-bs.de> Message-ID: <4200D423.2020909@cg.cs.tu-bs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lars Schimmer schrieb: | Hi! | | I don't know what to do right now... | I setup the run condition: | SAEximRunCond: ${if or {{def:sender_host_address} {!eq | {$sender_host_address}{127.0.0.1}} {def:sender_host_address} {!eq {mask: | $sender_host_address/24}{1.1.1.0/24}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } | {1}{0}} | | And I try to send mail from a PC 1.1.1.34 out to the world. | ~From MY point of view, spamassassin shouldn't act at all. | But sa runs and tries to tag the mail :-( | Any hint? Ok, One error found: I had to replace or with and :-) But the mask: operation doesn't work. This run condition works: SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{1.1.1.34}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} if I sent from 1.1.1.34, but this one: SAEximRunCond: ${if and{{def:sender_host_address} {!eq{mask:$sender_host_address/24} {1.1.1.0/24}}{!eq{$sender_host_address}{127.0.0.1}}}{1}{0}} doesn't. Why? Thx, bye Lars - -- - ----------------------------------------------------------------- Technische Universit?t Braunschweig, Institut f?r Computergraphik Tel.: +49 531 391-2109 E-Mail: schimmer@cg.cs.tu-bs.de PGP-Key-ID: 0xB87A0E03 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCANQjVguzrLh6DgMRAuHVAKDWMJDLuZ+NMfU1HGfHZhqV7LAmgACg040l NcBtsClMsDOm8pnTqCWcN0I= =3RGp -----END PGP SIGNATURE----- From Richard.Hall at ingenta.com Wed Feb 2 14:00:48 2005 From: Richard.Hall at ingenta.com (Richard.Hall) Date: Wed Feb 2 06:01:02 2005 Subject: [SA-exim] SA-Exim run condition problems... In-Reply-To: <4200D423.2020909@cg.cs.tu-bs.de> Message-ID: Lars, On Wed, 2 Feb 2005, Lars Schimmer wrote: [...] > Ok, One error found: I had to replace or with and :-) > But the mask: operation doesn't work. > This run condition works: > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{1.1.1.34}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} > > if I sent from 1.1.1.34, but this one: > > SAEximRunCond: ${if and{{def:sender_host_address} > {!eq{mask:$sender_host_address/24} > {1.1.1.0/24}}{!eq{$sender_host_address}{127.0.0.1}}}{1}{0}} > > doesn't. > > Why? I may be way off here (these things confuse me to hell!), but shouldn't {!eq{mask:$sender_host_address/24}{1.1.1.0/24}} be {!eq{${mask:$sender_host_address/24}}{1.1.1.0/24}} ? Otherwise you are comparing with the literal string "m a s k ... HTH, Richard From schimmer at cg.cs.tu-bs.de Wed Feb 2 15:13:19 2005 From: schimmer at cg.cs.tu-bs.de (Lars Schimmer) Date: Wed Feb 2 06:13:28 2005 Subject: [SA-exim] SA-Exim run condition problems... In-Reply-To: References: Message-ID: <4200DFFF.3050604@cg.cs.tu-bs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | I may be way off here (these things confuse me to hell!), but shouldn't | | {!eq{mask:$sender_host_address/24}{1.1.1.0/24}} | | be | | {!eq{${mask:$sender_host_address/24}}{1.1.1.0/24}} | | ? Otherwise you are comparing with the literal string "m a s k ... Ouch. My brain hurts :-) Thx for this tip, now it works great. | HTH, | Richard Cya Lars - -- - ----------------------------------------------------------------- Technische Universit?t Braunschweig, Institut f?r Computergraphik Tel.: +49 531 391-2109 E-Mail: schimmer@cg.cs.tu-bs.de PGP-Key-ID: 0xB87A0E03 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAN/+VguzrLh6DgMRAtxaAKC2icHMPsVqXwRqrXRJdGh9aNI23wCg2RUi HYGeSvxHcDXhEKdj81nhY/w= =/Rbo -----END PGP SIGNATURE----- From tux.tan at gmail.com Mon Feb 7 13:21:18 2005 From: tux.tan at gmail.com (tux tan) Date: Sun Feb 6 23:21:28 2005 Subject: [SA-exim] repeated emails from mail gateway Message-ID: Hi I installed debian exim4, sa-exim, spamassassin as a gateway. recently I notice that my server usage has incresed ("top" command shows avarage of 15) And, from yesterday when an email comes to server it passes the same email to the mail boxes repeatedly. what could be the problem and how could I rectify ? thanks tan From tux.tan at gmail.com Mon Feb 7 21:32:53 2005 From: tux.tan at gmail.com (tux tan) Date: Mon Feb 7 07:33:05 2005 Subject: [SA-exim] SAEximRunCond expanded to false Message-ID: Hi My mail gateway having spamassassin Version: 3.0.2-1 and exim4 Version: 4.34-10 gives an error " 2005-02-07 21:11:47 1CyAYE-0008NR-AF SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id). From (host=a.net [IP]) for user@mydomain.com" With the same setting it worked fine, but recently I notice the error. Now It doen't stop spam mails. all spams mails come to mail boxes. Can you help me out!!!! Thanks tan From marc at merlins.org Mon Feb 7 08:52:57 2005 From: marc at merlins.org (Marc MERLIN) Date: Mon Feb 7 08:53:00 2005 Subject: [SA-exim] SAEximRunCond expanded to false In-Reply-To: References: Message-ID: <20050207165257.GO12883@merlins.org> On Mon, Feb 07, 2005 at 09:32:53PM +0600, tux tan wrote: > Hi > > My mail gateway having spamassassin Version: 3.0.2-1 and exim4 > Version: 4.34-10 gives an error > " > 2005-02-07 21:11:47 1CyAYE-0008NR-AF SA: Action: Not running SA > because SAEximRunCond expanded to false (Message-Id). From > (host=a.net [IP]) for user@mydomain.com" > > With the same setting it worked fine, but recently I notice the error. Now > It doen't stop spam mails. all spams mails come to mail boxes. > > Can you help me out!!!! Yes, you need to read _all_ the documentation that came with sa-exim, as well as the comments in the sa-exim.conf file If after having done that, you still can't get it to work, show us what you did and what you think is wrong Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From tux.tan at gmail.com Wed Feb 9 14:37:15 2005 From: tux.tan at gmail.com (tux tan) Date: Wed Feb 9 00:37:28 2005 Subject: [SA-exim] SAEximRunCond expanded to false In-Reply-To: <20050207165257.GO12883@merlins.org> References: <20050207165257.GO12883@merlins.org> Message-ID: Hi Marc On Mon, 7 Feb 2005 08:52:57 -0800, Marc MERLIN wrote: > On Mon, Feb 07, 2005 at 09:32:53PM +0600, tux tan wrote: > Yes, you need to read _all_ the documentation that came with sa-exim, as > well as the comments in the sa-exim.conf file > > If after having done that, you still can't get it to work, show us what you > did and what you think is wrong I'm using Debian 'Sarge' as my mail gateway with, Exim 4.34-10 Spamassassin 3.0.2-1 SA-Exim 4.2-1 We installed this few months ago and it was working fine. All the things happened recently after we did upgrade our linux box with 'apt-get upgrade'. We didn't change anything in our configuration but it seems that Spamassassin is not working. When we tail /var/log/exim4/mainlog , 2005-02-09 14:14:53 1Cymzr-0002Jm-3v SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1Cymzr-0002Jm-3v). From (host=NULL [xx.xx.xx.xx]) for my_name@my_domain.com And message gets delivered but without scanning the mail. Due to this reason, now we are receiving lots of spam messages again. Can anyone tell us what could be the problem? Thanks! Tan From ssmeenk at freshdot.net Wed Feb 9 09:46:24 2005 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Wed Feb 9 00:47:00 2005 Subject: [SA-exim] SAEximRunCond expanded to false In-Reply-To: References: <20050207165257.GO12883@merlins.org> Message-ID: <20050209084624.GC15784@freshdot.net> Quoting tux tan (tux.tan@gmail.com): > We installed this few months ago and it was working fine. > We didn't change anything in our configuration but it seems that > Spamassassin is not working. > 2005-02-09 14:14:53 1Cymzr-0002Jm-3v SA: Action: Not running SA > because SAEximRunCond expanded to false > Due to this reason, now we are receiving lots of spam messages again. > Can anyone tell us what could be the problem? The problem is that the condition in SAEximRunCond returns 0 for some reason. You need to find out why. Dissect the condition and compare the tests against the SPAM message that came through. Check the output of grep "SAEximRunCond" /etc/exim4/sa-exim.conf and if you still cant find out why it fails, show us the output of that command. -- | Men are from earth. Women are from earth. Deal with it. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From dlugo at etherboy.com Sat Feb 12 13:25:21 2005 From: dlugo at etherboy.com (Dave Lugo) Date: Sat Feb 12 10:36:52 2005 Subject: [SA-exim] SApermrejectsave to a variable directory? Message-ID: Is there any way to have SApermrejectsave use the rcpt_to as part of the directory path? I have a number or users for which I provide a virus/spam filtered email address that forwards to their real address. Rather than bitbucket items that are being rejected, I'd like to let those users see what's been rejected, so they can whitelist if need be. I've tried this: SApermrejectsave: /var/exim/spool/SApermreject/$local_part@$domain ...but it doesn't work, since I see this: root@spot> ls -l /var/exim/spool/SApermreject/ total 1 drwxrwx--- 5 mail mail 120 Feb 12 13:21 $local_part@$domain fixes appreciated :) -- -------------------------------------------------------- Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins. From marc at merlins.org Sat Feb 12 10:44:37 2005 From: marc at merlins.org (Marc MERLIN) Date: Sat Feb 12 10:44:39 2005 Subject: [SA-exim] SApermrejectsave to a variable directory? In-Reply-To: References: Message-ID: <20050212184437.GB22803@merlins.org> On Sat, Feb 12, 2005 at 01:25:21PM -0500, Dave Lugo wrote: > Is there any way to have SApermrejectsave use the rcpt_to as > part of the directory path? I have a number or users for which > I provide a virus/spam filtered email address that forwards to > their real address. Without playing tricks with sym or hard links, not easily. You see, the problem is that you can have multiple rcpt-to's in one mail, so it would have to be in multiple places. > Rather than bitbucket items that are being rejected, I'd like > to let those users see what's been rejected, so they can whitelist > if need be. > > I've tried this: > > SApermrejectsave: /var/exim/spool/SApermreject/$local_part@$domain > ...but it doesn't work, since I see this: Right, it's not parsed like an exim condition, just a C string. Anyway, the idea behind saving rejected spam was twofold: 1) debugging rules and scores for you and me 2) allowing users to read their rejected mail via mutt or some maildir capable imap server For #2, I would recommend the following approach: Exim puts this header in the mail X-SA-Exim-Rcpt-To: marc@merlins.org You could run an hourly cron job that goes through the spool of rejected messages, and moves/hard links them to other directories where your users can only get to the ones that were sent to them. If you write such a script please contribute it back so that I can include it in the main distro Thanks Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From dlugo at etherboy.com Sat Feb 12 14:04:31 2005 From: dlugo at etherboy.com (Dave Lugo) Date: Sat Feb 12 11:04:54 2005 Subject: [SA-exim] SApermrejectsave to a variable directory? In-Reply-To: <20050212184437.GB22803@merlins.org> References: <20050212184437.GB22803@merlins.org> Message-ID: On Sat, 12 Feb 2005, Marc MERLIN wrote: > > Without playing tricks with sym or hard links, not easily. You see, the > problem is that you can have multiple rcpt-to's in one mail, so it > would have to be in multiple places. > Yeah, there is that :) I've been looking at the 'only one recipient per mail' options mentioned here: http://www.timj.co.uk/linux/Exim-SpamAndVirusScanning.php Since this is for a rather low-volume mailserver, for domains which don't attract (except for spam) a lot of identical items sent to multiple recips, it's not too bad. > > Anyway, the idea behind saving rejected spam was twofold: > 1) debugging rules and scores for you and me > 2) allowing users to read their rejected mail via mutt or some maildir > capable imap server > > For #2, I would recommend the following approach: > Exim puts this header in the mail > X-SA-Exim-Rcpt-To: marc@merlins.org > > You could run an hourly cron job that goes through the spool of rejected > messages, and moves/hard links them to other directories where your users > can only get to the ones that were sent to them. > Oh, that's a thought I hadn't considered. Thanks! > If you write such a script please contribute it back so that I can include > it in the main distro > Will do. Regards, Dave -- -------------------------------------------------------- Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins. From nomad at null.net Mon Feb 21 14:10:44 2005 From: nomad at null.net (Mark Lawrence) Date: Mon Feb 21 05:11:52 2005 Subject: [SA-exim] Perl script for cleaning Greylist entries Message-ID: Hi all, If you are using the Greylist feature of sa-exim to temporarily reject messages you probably also have one or more cron commands in place to cleanup expired 'tuplets'. I have experienced problems with these cron commands (typically combinations of find, xargs and rm) due to funny file names. For this reason plus efficiency plus a desire for syslog reporting I wrote the included script. It has no dependencies other than the standard Perl installation. I have already sent it to Marc, but I thought I should post here as well in case he doesn't like to include it in the distribution or others would appreciate it today. Regards, Mark. -- Mark Lawrence #!/usr/bin/perl # ---------------------------------------------------------------------- # Copyright (C) 2005 Mark Lawrence # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # ---------------------------------------------------------------------- # greylistclean - remove expired SA-Exim greylist entries from the filesystem. # # This is basically a perl implementation of the following # commands combined with simple syslog reporting. # # find /var/spool/sa-exim/tuplets/ -type f -mmin +2880 -print0 \ # | xargs -0 grep "Status: Greylisted" \ # | sed "s/:Status: Greylisted//" | xargs -r rm # # find /var/spool/sa-exim/tuplets/ -type f -mtime +14 -print0 \ # | xargs -r0 rm # # find /var/spool/sa-exim/tuplets/ -type d -print0 \ # | xargs -r0 rmdir # # You can call this with '-d' to see what files and # directories are being removed (sent to STDERR). Otherwise during normal # operation there is no output. # # To use this in production you either: # # 1. Copy this file to your cron.hourly directory (if you have one) # # or # # 2. Copy this file to /usr/local/bin and create a crontab entry # that looks something like the following (this works on Debian): # # 33 * * * * root /usr/local/bin/greylistclean # # Changelog # --------- # 2005-02-14 Original version. Mark Lawrence # 2005-02-21 Added example cron entry comment. Mark Lawrence # # ---------------------------------------------------------------------- use strict; use warnings; use Sys::Syslog; use File::Find; use File::stat; my $tuplet_dir = '/var/spool/sa-exim/tuplets'; my $max_grey_age = 60*60*24*2; # seconds to keep greylisted entries (2 days) my $max_age = 60*60*24*14; # seconds to keep all entries (14 days) my $tcount = 0; # total number of tuplets my $rm_tcount = 0; # number of tuplets removed my $dircount = 0; # total number of directories my $rm_dircount = 0; # number of directories removed my @empty_dirs = (); # list of empty directories my $verbose = 0; my $now = time(); if (@ARGV == 1 and $ARGV[0] eq '-d') { $verbose = 1; print STDERR "$0 running at $now\n" } # # Open the reporting channel # openlog('sa-exim', 'pid,ndelay', 'mail'); # # Process the tuplets # find({wanted => \&prune, postprocess => \&dircheck}, $tuplet_dir); syslog('info', 'Removed %d of %d greylist tuplets in %d seconds', $rm_tcount, $tcount, time() - $now); # # Remove empty directories found by dircheck() # $now = time(); foreach my $dir (@empty_dirs) { rmdir $dir && $rm_dircount++; $verbose && print STDERR "removed empty directory $dir\n"; } syslog('info', 'Removed %d of %d greylist directories in %d seconds', $rm_dircount, $dircount, time() - $now); closelog(); exit; # # Called from File::Find::find() function with $_ set to filename/directory. # Search for the line 'Status: Greylisted' in files modified more than # $max_grey_age seconds ago and remove the files that contain it. # Remove any entry that is older than $max_age seconds ago. # sub prune { return if (-d $_); # we don't do directories $tcount++; my $file = $_; my $sb = stat($file); my $age = $now - $sb->mtime; # # Remove all old entries (older than $max_age) # if ($age > $max_age) { $verbose && print STDERR 'removing old entry ', "${File::Find::dir}/$file (age: ", $now - $sb->mtime, " seconds)\n"; unlink($file); $rm_tcount++; return; } # # Do nothing if not old enough to expire # return if ($age < $max_grey_age); # # Check if this tuplet has been 'greylisted'. Use the 3 argument # form of 'open', because a lot of these files have funny characters # in their names. # if (!open(FH, '<', $file)) { print STDERR "Could not open ${File::Find::name}: $!\n"; return; } while (my $line = ) { if ($line =~ /^Status: Greylisted$/) { $verbose && print STDERR 'removing greylisted ', "${File::Find::dir}/$file (age: ", $now - $sb->mtime, " seconds)\n"; unlink($file); $rm_tcount++; last; } } close FH; } # # Called from File::Find::find() function when all entries in a directory # have been processed. We check if there are any files left in the directory # and if not then add it to a list for later deletion # sub dircheck { return if ($File::Find::dir eq $tuplet_dir); # don't check top dir. $dircount++; # # Check if directory is empty and add to $empty_dirs hash # if (opendir(DIR, $File::Find::dir)) { my $files = grep {!/^\./} readdir(DIR); if ($files == 0) { push(@empty_dirs, $File::Find::dir); } closedir(DIR); } } From marc at merlins.org Mon Feb 21 07:01:21 2005 From: marc at merlins.org (Marc MERLIN) Date: Mon Feb 21 07:01:26 2005 Subject: [SA-exim] Perl script for cleaning Greylist entries In-Reply-To: References: Message-ID: <20050221150121.GA13294@merlins.org> On Mon, Feb 21, 2005 at 02:10:44PM +0100, Mark Lawrence wrote: > I have already sent it to Marc, but I thought I should post here as well > in case he doesn't like to include it in the distribution or others would > appreciate it today. I will include it, but not until the next version, which might take a little while, so it was a good idea to post it here. Again, thanks for writing this (I need to look at it in details to see what's wrong with mine, and may include yours by default instead) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From guillermo.llenas at team.ar.inter.net Tue Feb 22 11:49:14 2005 From: guillermo.llenas at team.ar.inter.net (Guillermo Llenas) Date: Tue Feb 22 06:49:30 2005 Subject: [SA-exim] Greylisting consult Message-ID: <421B466A.508@team.ar.inter.net> Hi all, I implemented exim 4.5 with sa-exim 4.2 and spamassassin 3.0. in Fedora Core 3. The idea is use your Greylisting stile (good work) Evrything seems fine, when a mail arrives the localscan do the work with spamassassin but I don't see any generated tuplets as you describe in Greylisting.readme: "'dir' => '/var/spool/sa-exim/tuplets'". I checked the permissions, same user as spamassassin is running (777) Could you help me with any idea ? Thanks in advance, I 'll copy the logs Feb 22 11:30:58 fes07 spamd[8131]: connection from fes07.lc-2.la.inter.net [127.0.0.1] at port 33237 Feb 22 11:30:58 fes07 spamd[8131]: processing message <20050222133025.57400.qmail@web61105.mail.yahoo.com> for exim:99. Feb 22 11:30:59 fes07 spamd[8131]: invalid rule: GREYLIST_ISWHITE Feb 22 11:30:59 fes07 spamd[8131]: clean message (17.1/20.0) for exim:99 in 0.8 seconds, 4416 bytes. Feb 22 11:30:59 fes07 spamd[8131]: result: . 17 - DRUGS_ANXIETY,DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_ERECTILE,DRUGS_ER ECTILE_OBFU,DRUGS_MANYKINDS,DRUGS_MUSCLE,DRUGS_PAIN,DRUGS_PAIN_OBFU,INFO_TLD,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL sca ntime=0.8,size=4416,mid=<20050222133025.57400.qmail@web61105.mail.yahoo.com>,autolearn=no in mainlog: 2005-02-22 11:33:49 1D3b6j-00028K-7H SA: Debug: SAEximRunCond expand returned: '1' 2005-02-22 11:33:49 1D3b6j-00028K-7H SA: Debug: check succeeded, running spamc 2005-02-22 11:33:51 1D3b6j-00028K-7H SA: Action: temporarily rejected message: score=17.1 required=20.0 trigger=15.0 (scanned in 2/2 secs | Message-Id: 20050222133317.8856.qmail@web61110.mail.yahoo.com). From (host=web61110.mail.yahoo.com [216.155.196.112]) for gllenas@compras.com.ar 2005-02-22 11:33:51 1D3b6j-00028K-7H F=cerberof@yahoo.com.ar H=web61110.mail.yahoo.com [216.155.196.112]:26962 I=[203.176.88.116]:25 P=smtp temporarily rejected by local_scan(): Please try again later 2005-02-22 11:33:51 SMTP connection from web61110.mail.yahoo.com [216.155.196.112]:26962 I=[203.176.88.116]:25 closed by QUIT And in sa-exim.conf I have SApermreject: 20.0 SAtempreject: 15.0 SAgreylistiswhitestr: GREYLIST_ISWHITE SAgreylistraisetempreject: 8.0 -- Guillermo Llenas From marc at merlins.org Thu Feb 24 00:33:40 2005 From: marc at merlins.org (Marc MERLIN) Date: Thu, 24 Feb 2005 00:33:40 -0800 Subject: [SA-exim] Greylisting consult In-Reply-To: <421B466A.508@team.ar.inter.net> References: <421B466A.508@team.ar.inter.net> Message-ID: <20050224083340.GF28337@merlins.org> On Tue, Feb 22, 2005 at 11:49:14AM -0300, Guillermo Llenas wrote: > > > > Hi all, > > > I implemented exim 4.5 with sa-exim 4.2 and spamassassin > 3.0. in Fedora Core 3. The idea is use your Greylisting stile (good work) > > Evrything seems fine, when a mail arrives the localscan do the work > with spamassassin but I don't see any generated tuplets as you describe > in Greylisting.readme: "'dir' => '/var/spool/sa-exim/tuplets'". I checked > the permissions, same user as spamassassin is running (777) My guess is that you don't have the SA-Exim SA plugin working. Did you read http://marc.merlins.org/linux/exim/files/sa-exim-cvs/README.greylisting SA PLUGIN (SA 3.x) Do you have loadplugin? Does it work? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From marc at merlins.org Thu Feb 24 08:43:06 2005 From: marc at merlins.org (Marc MERLIN) Date: Thu, 24 Feb 2005 08:43:06 -0800 Subject: [SA-exim] Greylisting consult In-Reply-To: <421DCEA5.6040106@team.ar.inter.net> References: <421B466A.508@team.ar.inter.net> <20050224083340.GF28337@merlins.org> <421DCEA5.6040106@team.ar.inter.net> Message-ID: <20050224164306.GI28337@merlins.org> [re-added the list] On Thu, Feb 24, 2005 at 09:55:01AM -0300, Guillermo Llenas wrote: > >My guess is that you don't have the SA-Exim SA plugin working. > > > >Did you read > >http://marc.merlins.org/linux/exim/files/sa-exim-cvs/README.greylisting > >SA PLUGIN (SA 3.x) > >Do you have loadplugin? Does it work? > > I would like believe that yes, but please and sorry for my > ignorance: how do you install the Greylisting.pm ? Which is the correct > way to do that ? Err, did you look at the page I just gave you? It says: loadplugin Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm Odd are that if you put the plugin in the same place, or fix the path to reference the plugins location, it will work Of course, you could also switch to debian, where this is all done for you :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From marc at merlins.org Thu Feb 24 10:57:12 2005 From: marc at merlins.org (Marc MERLIN) Date: Thu, 24 Feb 2005 10:57:12 -0800 Subject: [SA-exim] Greylisting consult In-Reply-To: <421E1CE8.3090607@team.ar.inter.net> References: <421B466A.508@team.ar.inter.net> <20050224083340.GF28337@merlins.org> <421DCEA5.6040106@team.ar.inter.net> <20050224164306.GI28337@merlins.org> <421E0707.4040205@team.ar.inter.net> <20050224170716.GK28337@merlins.org> <421E1CE8.3090607@team.ar.inter.net> Message-ID: <20050224185712.GF15961@merlins.org> On Thu, Feb 24, 2005 at 03:28:56PM -0300, Guillermo Llenas wrote: > Marc, Please stop dropping the sa-exim list, that's the 3rd time in a row > perhaps I did not explain it well. I installed myself the > plugin (from sa-exim-4.2.tar.gz downloaded from your page) into > > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Greylisting.pm > > and then made the call into the local.cf file, pointing exactly to the same > route: > > loadplugin Greylisting > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Greylisting.pm > > it didn't work. So I tried the other two locations making the > appropiates changes to the routes in the local.cf. > It didn't work too. > > Or maybe I'm not understanding well what you say to me, and I must use the > exact location (creating the dirs what I need) that you describe in the > Readme.Greylisting: > > loadplugin Greylisting > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm Ok, at this point, I would debug spamassassin. Take a spam and run it through it: spamassassin -D -t < /tmp/msg You should get output like this: pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] -1.5 GREYLIST_ISWHITE The incoming server has been whitelisted for this receipient and sender also, read all the debugging in the middle, and look for something like this debug: registering glue method for greylisting (Greylisting=HASH(0x90040d0)) debug: GREYLISTING: called function debug: GREYLISTING: running greylisting on <20041220041009.GC6988 at thunk.org>, since score is too low (-2.6) and you configured greylisting to greylist anything under 11 debug: GREYLISTING: computed greylisting on tuplet, saved info in /var/spool/sa-exim/tuplets/199/184/165/blah at blah/bar at bar and whitelist status is 1 Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From guillermo.llenas at team.ar.inter.net Thu Feb 24 11:18:08 2005 From: guillermo.llenas at team.ar.inter.net (Guillermo Llenas) Date: Thu, 24 Feb 2005 16:18:08 -0300 Subject: [SA-exim] Greylisting consult In-Reply-To: <20050224185712.GF15961@merlins.org> References: <421B466A.508@team.ar.inter.net> <20050224083340.GF28337@merlins.org> <421DCEA5.6040106@team.ar.inter.net> <20050224164306.GI28337@merlins.org> <421E0707.4040205@team.ar.inter.net> <20050224170716.GK28337@merlins.org> <421E1CE8.3090607@team.ar.inter.net> <20050224185712.GF15961@merlins.org> Message-ID: <421E286F.7050801@team.ar.inter.net> Marc MERLIN wrote: >On Thu, Feb 24, 2005 at 03:28:56PM -0300, Guillermo Llenas wrote: > > >> Marc, >> >> > >Please stop dropping the sa-exim list, that's the 3rd time in a row > > > I don't understand what you mean with this, but thanks for the patience. It wasn't my intention and I 'll not bother anymore. -- Guillermo Llenas