From jason-saexim at lixfeld.ca Wed Apr 18 09:23:35 2007 From: jason-saexim at lixfeld.ca (Jason Lixfeld) Date: Wed, 18 Apr 2007 12:23:35 -0400 Subject: [SA-exim] SA-exim issue or SA issue? Message-ID: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> Hi, I've got MX1 and MX2, both running SA-Exim 4.2/Exim 4.6.6/SA 3.1.8. MX1 is where all the mail ends up and where mail is POP'd/IMAP'd, etc. MX2 is simply a backup MX. I've got a couple of issues, but I'm not 100% sure if they are SA-Exim issues or SA issues, so forgive me if I'm off topic. First, I'm seeing an issue where mail tagged as spam by SA-Exim on MX2 is tagged again by MX1. This leads to the rewrite_header being applied twice; once on MX2 and again on MX1. I assume this is a SA issue, but I figure I'd see if anyone here can confirm that, or suggest it may be something obscure with SA-Exim. Secondly, I think this is more about clarification for me: I see some cases where the X-First-Run-Spamscore and the score in the X- Spam-Status are different. I haven't been able to find a pattern yet on when exactly that happens, but I'm wondering if anyone has seen this behavior before if they can give me an idea about where to look. Thanks in advance. From jon.armitage at hepworthband.co.uk Wed Apr 18 12:10:28 2007 From: jon.armitage at hepworthband.co.uk (Jonathan Armitage) Date: Wed, 18 Apr 2007 20:10:28 +0100 Subject: [SA-exim] SA-exim issue or SA issue? In-Reply-To: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> References: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> Message-ID: <46266D24.4020407@hepworthband.co.uk> Jason Lixfeld wrote: > First, I'm seeing an issue where mail tagged as spam by SA-Exim on > MX2 is tagged again by MX1. This leads to the rewrite_header being > applied twice; once on MX2 and again on MX1. > You need to tell sa-exim on MX1 not to scan mail from MX2. I do it like this, which is probably not the recommended way: Set up a hostlist of trusted IPs (trusted_hosts) in your main exim config file. Then, in your recipient acl, add a suitable header. # Do not run SpamAssassin on messages from these. warn message = X-SA-Trusted-Sender: Yes hosts = +trusted_hosts Then, in sa-exim.conf, define SAEximRunCond like this (should be all on one line): SAEximRunCond: ${if and {{def:sender_host_address} \ {!eq {$sender_host_address}{127.0.0.1}} \ {!eq {$h_X-SA-Trusted-Sender:}{Yes}} \ } {1}{0}} This sets the condition to false (0) for localhost and trusted_hosts, and true (1) for everyone else. Of course, I am as paranoid as the next man, and the example is not the actual header that I use :) > Secondly, I think this is more about clarification for me: I see > some cases where the X-First-Run-Spamscore and the score in the X- > Spam-Status are different I'm not quite sure what this means. If you are saying that the SA score on the two machines differs, there could be a number of reasons---the Bayes databases are different, an extra DNS blacklist could have kicked in between the checks, or you might simply be running different rulesets or are scoring rules differently. HTH Jon From ssmeenk at freshdot.net Thu Apr 19 12:59:34 2007 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Thu, 19 Apr 2007 21:59:34 +0200 Subject: [SA-exim] SA-exim issue or SA issue? In-Reply-To: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> References: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> Message-ID: <20070419195934.GC12643@freshdot.net> Quoting Jason Lixfeld (jason-saexim at lixfeld.ca): > Secondly, I think this is more about clarification for me: I see > some cases where the X-First-Run-Spamscore and the score in the X- > Spam-Status are different. Besides what Jonathan Armitage wrote, the 'X-First-Run-Spamscore'-header is not a header i have ever seen in the years i'm running sa-exim. Are you sure you are using sa-exim, and not the exiscan patch? (of which i have absolutely no knowledge) Regards, Sander. -- | "Weird. It doesn't need a license if you change 5 bytes at 0x8cec94 to 0x90!" | -- Someone on IRC about licensed software | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From jon.armitage at hepworthband.co.uk Thu Apr 19 13:31:01 2007 From: jon.armitage at hepworthband.co.uk (Jonathan Armitage) Date: Thu, 19 Apr 2007 21:31:01 +0100 Subject: [SA-exim] SA-exim issue or SA issue? In-Reply-To: <20070419195934.GC12643@freshdot.net> References: <0B6DAECD-6A0F-4817-AA12-1F10E55B3608@lixfeld.ca> <20070419195934.GC12643@freshdot.net> Message-ID: <4627D185.6090309@hepworthband.co.uk> Sander Smeenk wrote: > Quoting Jason Lixfeld (jason-saexim at lixfeld.ca): > >> Secondly, I think this is more about clarification for me: I see >> some cases where the X-First-Run-Spamscore and the score in the X- >> Spam-Status are different. > > Besides what Jonathan Armitage wrote, the 'X-First-Run-Spamscore'-header > is not a header i have ever seen in the years i'm running sa-exim. Are > you sure you are using sa-exim, and not the exiscan patch? (of which i > have absolutely no knowledge) > Sorry, my first reply wasn't clear. What I meant to say was that I'd never seen it either, so I really didn't understand the question, but was guessing that sa-exim on his two MXs inserts different headers. Perhaps Jason could let the list know if he's satisfied with the answers. I don't think they will help him much if he is using exiscan. Jon From holmgren at lysator.liu.se Sun Apr 22 06:01:15 2007 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Sun, 22 Apr 2007 15:01:15 +0200 Subject: [SA-exim] smtp_printf() and smtp_fflush() Message-ID: <200704221501.19185@proffe.kibibyte.se> The comment to the teergrube code states that "we can't use exim's smtp_printf because it doesn't return an error code if the write gets an EPIPE". Wasn't smtp_fflush() available at the time or doesn't it work the way we want? I note that the old local_scan.h in eximinc/ doesn't declare smtp_printf() either, but both declares are present in the initial revision in Exim's CVS (which doesn't go back too far). -- Magnus Holmgren holmgren at lysator.liu.se (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070422/42e824c7/attachment.pgp From marc at merlins.org Sun Apr 22 20:44:21 2007 From: marc at merlins.org (Marc MERLIN) Date: Sun, 22 Apr 2007 20:44:21 -0700 Subject: [SA-exim] smtp_printf() and smtp_fflush() In-Reply-To: <200704221501.19185@proffe.kibibyte.se> References: <200704221501.19185@proffe.kibibyte.se> Message-ID: <20070423034421.GA10782@merlins.org> On Sun, Apr 22, 2007 at 03:01:15PM +0200, Magnus Holmgren wrote: > The comment to the teergrube code states that "we can't use exim's smtp_printf > because it doesn't return an error code if the write gets an EPIPE". Wasn't > smtp_fflush() available at the time or doesn't it work the way we want? I > note that the old local_scan.h in eximinc/ doesn't declare smtp_printf() > either, but both declares are present in the initial revision in Exim's CVS > (which doesn't go back too far). Either smtp_fflush wasn't there, or I somehow missed it. Either way, if you get smtp_fflush to do the right thing wrt to EPIPE and the return code, I'm all for switching to it. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20070422/dbb532fa/attachment.pgp From ssmeenk at freshdot.net Mon Apr 23 01:09:52 2007 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Mon, 23 Apr 2007 10:09:52 +0200 Subject: [SA-exim] sa-exim & exim 4.67 -> sa-exim.so: undefined symbol: primary_hostname Message-ID: <20070423080952.GI12643@freshdot.net> Hello! After updating to Exim 4.67 yesterday, my sa-exim config failed to work properly. A recompile with the exim4-dev-4.67 did not help much. | 2007-04-23 06:27:10 1Hfq8q-0005Hd-Q9 local_scan() library open failed - | message temporarily rejected | 2007-04-23 06:27:10 1Hfq8q-0005Hd-Q9 F=root at dot.freshdot.net U=root | P=local temporarily rejected by local_scan(): Local configuration error | - local_scan() library failure /usr/lib/exim4/local_scan/sa-exim.so: | undefined symbol: primary_hostname Any ideas? :) Regards, Sander. -- | Found on a forum: "What allergies do you have?" "That would be fire. | Makes my skin turn red or black and it often oozes and blisters after | exposure." | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From holmgren at lysator.liu.se Mon Apr 23 02:25:20 2007 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Mon, 23 Apr 2007 11:25:20 +0200 Subject: [SA-exim] sa-exim & exim 4.67 -> sa-exim.so: undefined symbol: primary_hostname In-Reply-To: <20070423080952.GI12643@freshdot.net> References: <20070423080952.GI12643@freshdot.net> Message-ID: <200704231125.21490@proffe.kibibyte.se> On Monday 23 April 2007 10:09, Sander Smeenk wrote: > After updating to Exim 4.67 yesterday, my sa-exim config failed to work > properly. A recompile with the exim4-dev-4.67 did not help much. > > | 2007-04-23 06:27:10 1Hfq8q-0005Hd-Q9 local_scan() library open failed - > | message temporarily rejected > | 2007-04-23 06:27:10 1Hfq8q-0005Hd-Q9 F=root at dot.freshdot.net U=root > | P=local temporarily rejected by local_scan(): Local configuration error > | - local_scan() library failure /usr/lib/exim4/local_scan/sa-exim.so: > | undefined symbol: primary_hostname > > Any ideas? :) Yes. See http://bugs.debian.org/413602 (what changed in exim4) and http://bugs.debian.org/420443 (why this doesn't go well with sa-exim). Right now I'm trying to figure out whether smtp_fflush() will work (AFAICT it should), and also whether there is any point recalculating ($)body_linecount, but not message_size or other variables. -- Magnus Holmgren holmgren at lysator.liu.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070423/530675ba/attachment-0001.pgp From i.am at jimramsay.com Mon Apr 23 10:13:18 2007 From: i.am at jimramsay.com (Jim Ramsay) Date: Mon, 23 Apr 2007 11:13:18 -0600 Subject: [SA-exim] Documentation on SAEximRunCond Message-ID: <20070423111318.30598f5d@sed-192.sedsystems.ca> I'm curious if there's a list somewhere of exactly which exim variables are defined at the point that sa-exim is run - What can I check in SAEximRunCond? -- Jim Ramsay "Me fail English? That's unpossible!" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070423/283473e0/attachment.pgp From ssmeenk at freshdot.net Mon Apr 23 10:19:24 2007 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Mon, 23 Apr 2007 19:19:24 +0200 Subject: [SA-exim] Documentation on SAEximRunCond In-Reply-To: <20070423111318.30598f5d@sed-192.sedsystems.ca> References: <20070423111318.30598f5d@sed-192.sedsystems.ca> Message-ID: <20070423171924.GA29904@freshdot.net> Quoting Jim Ramsay (i.am at jimramsay.com): > I'm curious if there's a list somewhere of exactly which exim variables > are defined at the point that sa-exim is run - What can I check in > SAEximRunCond? I'd say any variable that is available in Exim at the moment the DATA-ACL reaches it's end. For all i know, local_scan() is called after the data-acl has ran. So any variable defined before that (including the useful $acl_mN variables) are available... But i haven't checked to be sure. :) -- | Two blondes walk into a building. | You'd think at least one of them would have seen it. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20070423/79409697/attachment.pgp From holmgren at lysator.liu.se Mon Apr 23 10:32:24 2007 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Mon, 23 Apr 2007 19:32:24 +0200 Subject: [SA-exim] Documentation on SAEximRunCond In-Reply-To: <20070423111318.30598f5d@sed-192.sedsystems.ca> References: <20070423111318.30598f5d@sed-192.sedsystems.ca> Message-ID: <200704231932.25585@proffe.kibibyte.se> On Monday 23 April 2007 19:13, Jim Ramsay wrote: > I'm curious if there's a list somewhere of exactly which exim variables > are defined at the point that sa-exim is run - What can I check in > SAEximRunCond? Chapter 11 of the specification describes the variables pretty comprehensively. For most of them, it's pretty obvious whether they make sense at the time of local_scan() running. For example, $domain isn't available even if there's just one recipient. Note: $recipients is available from version 4.67. -- Magnus Holmgren holmgren at lysator.liu.se (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070423/ab3ccfed/attachment.pgp From webmaster at beautytech.com Thu Apr 26 19:58:42 2007 From: webmaster at beautytech.com (Debbie D) Date: Thu, 26 Apr 2007 22:58:42 -0400 Subject: [SA-exim] Sender verify failed - need to allow particular mail in Message-ID: One of my hosted clients is receiving efax's that does not come FROM a verified address. These mails are getting trashed as unverified sender 2007-04-26 22:37:35 H=(spserver2.kwcharlotte.local) [66.255.39.113] sender verify fail for : unrouteable mail domain "fax" 2007-04-26 22:37:35 H=(spserver2.kwcharlotte.local) [66.255.39.113] F= rejected RCPT : Sender verify failed How can I edit exim config to allow this one through with out turning off the sender verify feature?? FC4 Exim 4.63 SpamAssassin 3.1.8 on a Cpanel box thanks From marc at merlins.org Thu Apr 26 23:16:30 2007 From: marc at merlins.org (Marc MERLIN) Date: Thu, 26 Apr 2007 23:16:30 -0700 Subject: [SA-exim] Sender verify failed - need to allow particular mail in In-Reply-To: References: Message-ID: <20070427061630.GB26752@merlins.org> On Thu, Apr 26, 2007 at 10:58:42PM -0400, Debbie D wrote: > One of my hosted clients is receiving efax's that does not come FROM a > verified address. These mails are getting trashed as unverified sender > > 2007-04-26 22:37:35 H=(spserver2.kwcharlotte.local) [66.255.39.113] sender > verify fail for : unrouteable mail domain "fax" > 2007-04-26 22:37:35 H=(spserver2.kwcharlotte.local) [66.255.39.113] > F= rejected RCPT : Sender verify failed > > > How can I edit exim config to allow this one through with out turning off > the sender verify feature?? This is not an sa-exim question, you should ask on the exim-users list. Cheers, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/