From ed at resonantconsulting.com Fri Aug 24 12:55:36 2007 From: ed at resonantconsulting.com (Edward Brown) Date: Fri, 24 Aug 2007 12:55:36 -0700 Subject: [SA-exim] patch question for exim-4.42 and sa-exim-4.2.1 Message-ID: <46CF37B8.9010606@resonantconsulting.com> Patch is reporting failure for local_scan.c I'm not sure if I'm executing the patch correctly or not. Here are the details: System = FreeBSD 6.2 pwd = /usr/home/mail/src/exim-4.42/ patch -C -p1 < /usr/home/mail/src/sa-exim-4.2.1/localscan_dlopen_exim_4.20_or_better.patch executing thiscommand yields the following: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |The initial version of this patch was originally posted David Woodhouse, and |dman gets the credit for first integrating it with SA-Exim. | |I have since then maintained it by first making a few minor changes, and |later switching it to a major/minor number scheme to support upgrades in |the exim API that don't affect backward compatibility (you can rely on |a feature denoted by the minor number and be compatible with future versions |of exim until Philip has to break the API and increase the major number) | |Marc MERLIN | |diff -urN exim-4.14-0/src/EDITME exim-4.14-1/src/EDITME |--- exim-4.14-0/src/EDITME Tue Mar 11 04:20:18 2003 |+++ exim-4.14-1/src/EDITME Sun Mar 23 15:34:15 2003 -------------------------- Patching file src/EDITME using Plan A... Hunk #1 succeeded at 525 (offset 137 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -urNad 50_localscan_dlopen.tmp/src/config.h.defaults 50_localscan_dlopen/src/config.h.defaults |--- 50_localscan_dlopen.tmp/src/config.h.defaults Sun Dec 29 11:55:42 2002 |+++ 50_localscan_dlopen/src/config.h.defaults Sun Dec 29 11:56:44 2002 -------------------------- Patching file src/config.h.defaults using Plan A... Hunk #1 succeeded at 20 (offset 3 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -urN exim-4.14-0/src/globals.c exim-4.14-1/src/globals.c |--- exim-4.14-0/src/globals.c Tue Mar 11 04:20:20 2003 |+++ exim-4.14-1/src/globals.c Sun Mar 23 15:34:15 2003 -------------------------- Patching file src/globals.c using Plan A... Hunk #1 succeeded at 110 (offset 7 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -urN exim-4.14-0/src/globals.h exim-4.14-1/src/globals.h |--- exim-4.14-0/src/globals.h Tue Mar 11 04:20:20 2003 |+++ exim-4.14-1/src/globals.h Sun Mar 23 15:34:15 2003 -------------------------- Patching file src/globals.h using Plan A... Hunk #1 succeeded at 74 (offset 7 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -urN exim-4.14-0/src/local_scan.c exim-4.14-1/src/local_scan.c |--- exim-4.14-0/src/local_scan.c Tue Mar 11 04:20:20 2003 |+++ exim-4.14-1/src/local_scan.c Sun Mar 23 15:34:15 2003 -------------------------- Patching file src/local_scan.c using Plan A... Hunk #1 failed at 5. 1 out of 1 hunks failed--saving rejects to src/local_scan.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -urN exim-4.14-0/src/readconf.c exim-4.14-1/src/readconf.c |--- exim-4.14-0/src/readconf.c Tue Mar 11 04:20:22 2003 |+++ exim-4.14-1/src/readconf.c Sun Mar 23 15:34:15 2003 -------------------------- Patching file src/readconf.c using Plan A... Hunk #1 succeeded at 223 (offset 41 lines). done I haven't run the command without -C yet. If need be, I can run without -C and produce results in local_scan.c.rej -E From marc at merlins.org Sat Aug 25 11:50:55 2007 From: marc at merlins.org (Marc MERLIN) Date: Sat, 25 Aug 2007 11:50:55 -0700 Subject: [SA-exim] patch question for exim-4.42 and sa-exim-4.2.1 In-Reply-To: <46CF37B8.9010606@resonantconsulting.com> References: <46CF37B8.9010606@resonantconsulting.com> Message-ID: <20070825185055.GA12765@merlins.org> On Fri, Aug 24, 2007 at 12:55:36PM -0700, Edward Brown wrote: > Patching file src/local_scan.c using Plan A... > Hunk #1 failed at 5. > 1 out of 1 hunks failed--saving rejects to src/local_scan.c.rej Ok, so it looks like everything applied except one line. Look at the .rej, look at the .c, they should be easy to hand apply. If something changed in the recent exim source code tree, I can provide a new diff (I don't look anymore because many/most exim packages on linux seem to come with the patch already applied) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From ediaz at ultreia.es Thu Aug 30 13:50:04 2007 From: ediaz at ultreia.es (Eduardo Diaz Comellas) Date: Thu, 30 Aug 2007 22:50:04 +0200 Subject: [SA-exim] Feature request Message-ID: <46D72D7C.1090608@ultreia.es> Hi! I've been working with SA, Exim and sa-exim for a while. I can say I really love how it works. I've found some problems in very busy servers however. In very loaded scenarios I've found that SA triggers too much load (and sometimes, deadlocks at the bayes db), causing a DoS. To reduce the impact of the high load, I've managed to block (with iptables) IP address that send specially high score spam (20 or more) for a certain period. This is efective (> 2000 IP addresses blocked in a 30 minutes period), but still find that there are some spammers sending a lot of messages in the first connection. I think it would be very useful if sa-exim could implement another action (apart from teergrube), that would consist on closing the connection inmediately. This way, if a spammer sends a high scoring mail, the connection would be dropped inmediately and he would have no time to send more spam. Is there any way to do this? Regards From holmgren at lysator.liu.se Thu Aug 30 14:12:07 2007 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Thu, 30 Aug 2007 23:12:07 +0200 Subject: [SA-exim] Feature request In-Reply-To: <46D72D7C.1090608@ultreia.es> References: <46D72D7C.1090608@ultreia.es> Message-ID: <200708302312.14850@proffe.kibibyte.se> On Thursday 30 August 2007 22:50, Eduardo Diaz Comellas wrote: > I think it would be very useful if sa-exim could implement another > action (apart from teergrube), that would consist on closing the > connection inmediately. This way, if a spammer sends a high scoring > mail, the connection would be dropped inmediately and he would have no > time to send more spam. Unfortunately Exim's local_scan API doesn't support it (see http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html). It's only possible to accept, permreject and tempreject (with some variations). You have to submit a feature request (for a LOCAL_SCAN_DROP return code and the corresponding action) to Exim first. But I doubt that it would be very effective and/or efficient. By the time SA-Exim is run, the message has already been transmitted and stored to disk. The spammer doesn't lose much by having to reconnect. I think it would be better for SA-Exim to write a record to a file that can be checked in the ACLs in order to stop all further mail before DATA for some time period. -- Magnus Holmgren holmgren at lysator.liu.se (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070830/9f52223c/attachment.pgp