From Mark at atomicpark.com Mon Feb 5 08:28:19 2007 From: Mark at atomicpark.com (Mark Zbikowski) Date: Mon, 5 Feb 2007 10:28:19 -0600 Subject: [SA-exim] Can spamd process per-user user_prefs? In-Reply-To: <45BB9055.60401@hepworthband.co.uk> References: <9RmHcJvcwapi@burtonsys.com> <45BB9055.60401@hepworthband.co.uk> Message-ID: <4A28E5DD9634974BBE07BF7D5B47F33439137B@exchange1.ramint.ramdist.cc> Using sa-exim, is it possible to make spamd process individual $HOME/.spamassassin/user_prefs? I haven't been able to figure it out. On Debian, spamd always seems to use "Debian-exim" as the user, for example: Feb 4 10:34:33 mx2 spamd[14677]: spamd: setuid to Debian-exim succeeded Feb 4 10:34:33 mx2 spamd[14677]: info: user has changed Feb 4 10:34:33 mx2 spamd[14677]: config: using "/var/spool/exim4/.spamassassin" for user state dir So it always process the same user state dir. I assume this is because sa-exim always passes "Debian-exim" as the uid. I would like spamd to process per-user configuration files. My versions: exim4: Installed: 4.50-8sarge2 exim4-daemon-heavy: Installed: 4.63-12 spamassassin: Installed: 3.1.7-1 Any thoughts? Mark Z From marc at merlins.org Tue Feb 6 13:49:15 2007 From: marc at merlins.org (Marc MERLIN) Date: Tue, 6 Feb 2007 13:49:15 -0800 Subject: [SA-exim] SA-exim uses only tempreject In-Reply-To: <45AF3FAB.8030601@dac.hu> References: <45AF3FAB.8030601@dac.hu> Message-ID: <20070206214915.GL8853@merlins.org> On Thu, Jan 18, 2007 at 10:36:43AM +0100, DOMA Peter wrote: > Hi, > > I have a problem with an Exim 4.63 and SA-exim 4.2.1 installation. > > I set the following threshold levels: > > > SA: Debug3: expanded SAdevnull = 20.00 > SA: Debug3: expanded SApermreject = 12.00 > SA: Debug3: expanded SAtempreject = 9.00 > > However, the only action SA-exim does is tempreject: > > SA: Action: temporarily rejected message: score=26.0 required=5.5 > trigger=9.0 (scanned in 9/9 secs | Message-Id: > 000b01c73a57_17428670_6400a8c0@[...]). From <[...]> > (host=xxxxxxxx.xxxxxx.xxx [xxx.xxx.xxx.xxx]) for xxxxx at xxx.xx > > Is there any solution to get SAdevnull and SApermreject working ? Sorry for the delay. The reason tempreject is happening is because devnull and permreject didn't trigger for some reason. I looked at the code for you, and the only reason I could find was that isspam is not being set to 1 (i.e. spamassassin isn't flagging the message as spam). I'll admit that it's not super obvious, but sa-exim will not reject a message, regardless of the score, if SA doesn't say it's spam ( X-Spam-Status: yes ) If you tweak your SA config according, things should work. Admittedly, this restriction should go away: sa-exim should just not care whether SA says it's spam or not, and only look at the spam score Hope this helps. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From marc at merlins.org Tue Feb 6 13:51:02 2007 From: marc at merlins.org (Marc MERLIN) Date: Tue, 6 Feb 2007 13:51:02 -0800 Subject: [SA-exim] SA: Action: spamd took more than ... In-Reply-To: References: <45BA5595.3040305@ogd.nl> Message-ID: <20070206215102.GM8853@merlins.org> On Fri, Jan 26, 2007 at 02:01:08PM -0600, Jos? de Jes?s Guti?rrez Ram?rez wrote: > > Running spamassassin --lint -D The only suspicious I have is the following: > > dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 > > I this an error on my system? or I get this message because I run the test with the root user instead of the Debian-exim user? > > BTW the bayes files whitelist is 10mb and I have almost 20 expire files around 5mb, are these size files normal? > > I have to tell my system run on a Celeron 300mhz 96mb ram, I know is small but it was working fine for near 2 years until yersterday. Basically SA-Exim is telling you that SA is telling too long to run, so it can't wait forever. Unfortunately SA is not time bound, and I believe the SA guys removed the time profiling code I put in there, because it made SA slightly slower. My recommendation to you is to go on the spamassassin-users list, and work out with them why SA is taking so long to run for you Good luck, Marc > -----Mensaje original----- > De: sa-exim-bounces+jgtez=previtep.com.mx at lists.merlins.org > [mailto:sa-exim-bounces+jgtez=previtep.com.mx at lists.merlins.org]En > nombre de Jasper Capel > Enviado el: Viernes, 26 de Enero de 2007 01:25 p.m. > Para: sa-exim at lists.merlins.org > Asunto: Re: [SA-exim] SA: Action: spamd took more than ... > > > Have you checked /var/log/maillog for SpamAssassin output? Does the > "spamassassin --lint -D" command give you any useful leads? > > Kind regards, > > Jasper Capel > > Jos? de Jes?s Guti?rrez Ram?rez wrote: > > Hi, > > > > The message "SA: Action: spamd took more than 240 secs to run, > > accepting message" started to appears yesterday in the mainlog, but I > > don't know what do I have to check to eliminate this issue. I've > > restarted exim and updated spamassasin and still showing the message. > > > > Somebody can give me a clue? > > > > TIA > > > > Jesus Gutierrez > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > SA-Exim mailing list > > SA-Exim at lists.merlins.org > > http://lists.merlins.org/lists/listinfo/sa-exim > > > > > _______________________________________________ > SA-Exim mailing list > SA-Exim at lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim > > > _______________________________________________ > SA-Exim mailing list > SA-Exim at lists.merlins.org > http://lists.merlins.org/lists/listinfo/sa-exim -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From marc at merlins.org Tue Feb 6 14:05:41 2007 From: marc at merlins.org (Marc MERLIN) Date: Tue, 6 Feb 2007 14:05:41 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <783c3ee00701221459s7884d271ge34bfc7d2a00ce20@mail.gmail.com> References: <783c3ee00701221459s7884d271ge34bfc7d2a00ce20@mail.gmail.com> Message-ID: <20070206220541.GN8853@merlins.org> On Mon, Jan 22, 2007 at 11:59:14PM +0100, John Bro wrote: > Hello all, > > I just joined, because I just started using SA-Exim and spamd, > and greylisting on my home mail server (Debian Etch) > (where I'm the only user), and although it seems to be performing > quite nicely (i.e. spam is being blocked, greylisted messages get > through when they should, or get dumped when they're spam)... > > There are a couple complaints (documented below) that have me > stumped. Each message produces these complaints from perl: > > > Jan 22 21:02:03 jhbro spamd[3013]: Use of uninitialized value in > concatenation (.) or string at > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 176, > line 57. > > Jan 22 21:02:03 jhbro spamd[3013]: Use of uninitialized value in > concatenation (.) or string at > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 177, > line 57. > > > and each time, the same 2 messages 2 seconds later. > The lines of Greylisting.pm in question are as follows: > > 172: $connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/; > 173: my ($ipbyte1, $ipbyte2, $ipbyte3, $ipbyte4) = ($1, $2, $3, $4); > 174: my $ipdir1 = "$option{'dir'}/$ipbyte1"; > 175: # -------------------------- > 176: my $ipdir2 = "$ipdir1/$ipbyte2"; > 177: my $ipdir3 = "$ipdir2/$ipbyte3"; Mmmh, that's not supposed to happen, it means that you got half an IP, or something of the sort. Is there a chance you can get it to print out what the value of $connectip is when this happens? Actually, I should have the code say warn "Bad connectip: $connectip\n" if (not defined ($ipbyte1) or not defined ($ipbyte2) or not defined ($ipbyte3) or not defined ($ipbyte4)); Right after line 173 Do you mind adding that? > So clearly, something in the regexp coming up empty. > Also, sometimes, (although not at exactly the same time) > I see this problem: > > Jan 22 21:25:59 jhbro spamd[3013]: Couldn't get Connecting IP > header X-SA-Exim-Connect-IP for message > , > skipping greylisting call Yeah, that's typically because you run sa-exim on a locally generated message that doesn't have a connecting IP. > The absence of a connectip/Connect-IP seems to relate the two > complaints.. but I see headers for SA-Exim-Connect-IP in the message, > and the Received headers contain IP numbers.. I don't get it. Uh? Ok, can you print those headers from inside the Greylisting.pm code right before you get the warning (around line 101)? > I can't figure out how to configure things such that rejected > messages do not generate an attempt to bounce to the (? always) > bogus From: address. It would appear that I am accepting messages > rather than rejecting them at SMTP time, and thus exim things it has > to send back an "undeliverable". Where have I enabled this?? Mmmh, the only reason I can think for that is that you aren't running sa-exim on your outside MX, but you are accepting the message on some outside server, and then forwarding to an inside machine that runs sa-exim. Otherwise, there is no exim setting that I can think of, sa-exim tells exim to refuse the mail at smtp time, so exim should not generate a bounce message for it. I hope this helps. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From marc at merlins.org Tue Feb 6 14:12:31 2007 From: marc at merlins.org (Marc MERLIN) Date: Tue, 6 Feb 2007 14:12:31 -0800 Subject: [SA-exim] Can spamd process per-user user_prefs? In-Reply-To: <4A28E5DD9634974BBE07BF7D5B47F33439137B@exchange1.ramint.ramdist.cc> References: <9RmHcJvcwapi@burtonsys.com> <45BB9055.60401@hepworthband.co.uk> <4A28E5DD9634974BBE07BF7D5B47F33439137B@exchange1.ramint.ramdist.cc> Message-ID: <20070206221231.GO8853@merlins.org> On Mon, Feb 05, 2007 at 10:28:19AM -0600, Mark Zbikowski wrote: > Using sa-exim, is it possible to make spamd process individual > $HOME/.spamassassin/user_prefs? I haven't been able to figure it out. It's an FAQ and in a word, no. SA-Exim can receive a message on behalf of 5 or 10 users at the same time, and can't apply multiple preferences without playing tricks like temporarily rejecting all the users except a few with the same config, and wait for the mail to come back for the other users, and keep going. It's kind of messy to implement for many different reasons and not super reliable in some cases, so no one has implemented this yet, and I'm not sure anyone will (that said, I've been wrong before) Hope this helps. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From Mark at atomicpark.com Tue Feb 6 14:50:26 2007 From: Mark at atomicpark.com (Mark Zbikowski) Date: Tue, 6 Feb 2007 16:50:26 -0600 Subject: [SA-exim] Can spamd process per-user user_prefs? In-Reply-To: <20070206221231.GO8853@merlins.org> References: <4A28E5DD9634974BBE07BF7D5B47F33439137B@exchange1.ramint.ramdist.cc> <20070206221231.GO8853@merlins.org> Message-ID: <4A28E5DD9634974BBE07BF7D5B47F334391578@exchange1.ramint.ramdist.cc> Knowing is half the battle. Well in this case, I guess it's the entire battle. Thanks Marc! Mark -----Original Message----- From: Marc MERLIN [mailto:marc at merlins.org] Sent: Tuesday, February 06, 2007 4:13 PM To: Mark Zbikowski Cc: sa-exim at lists.merlins.org Subject: Re: [SA-exim] Can spamd process per-user user_prefs? On Mon, Feb 05, 2007 at 10:28:19AM -0600, Mark Zbikowski wrote: > Using sa-exim, is it possible to make spamd process individual > $HOME/.spamassassin/user_prefs? I haven't been able to figure it out. It's an FAQ and in a word, no. SA-Exim can receive a message on behalf of 5 or 10 users at the same time, and can't apply multiple preferences without playing tricks like temporarily rejecting all the users except a few with the same config, and wait for the mail to come back for the other users, and keep going. It's kind of messy to implement for many different reasons and not super reliable in some cases, so no one has implemented this yet, and I'm not sure anyone will (that said, I've been wrong before) Hope this helps. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From harroun at gmail.com Wed Feb 7 04:57:25 2007 From: harroun at gmail.com (John Bro) Date: Wed, 7 Feb 2007 13:57:25 +0100 Subject: [SA-exim] undefined vars in Greylisting.pm Message-ID: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> Mark, Below are a bunch of examples (edited for redundancy and verbosity) showing that sometimes the string that is supposed to be an IP address is a (local) email address (originating locally too), leaving regexes $2, $3, $4 quite empty. Other times it's 127.0.0.1 (for the same message?) and still other times it's a real external IP number. Yet there are always complaints about unitialized values anyway. BAD CONNECTIP l.175 is the warn() I added which only appears when the "connectip" is an email address instead of an ip number. So the other complaints are somehow at other steps in the process.. And there are more problems with: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message skipping greylisting call but this appears at a completely different step in the SA/greylisting routines. Some of this may be related to the fact that I am using fetchmail to get mail from outside servers and hand it off to my exim4.. but I don't understand *how* it's related (or what I'm going to be able to do about it.. ) kinda lost actually.. Anyway, here's more logs: I'm sure they're more than you need, but there they are.. thanks, j. =========================================================================== Feb 7 03:02:02 jhbro spamd[27961]: uninitialized value Greylisting.pm line 176, line 40. Feb 7 03:02:02 jhbro last message repeated 2 times Feb 7 03:02:02 jhbro spamd[27961]: connectip: 1: root at jhbro.fr, 2: , 3: , 4: at Greylisting.pm line 176, line 40. Feb 7 03:02:02 jhbro spamd[27961]: uninitialized value Greylisting.pm line 178, line 40. Feb 7 03:02:02 jhbro spamd[27961] last message repeated 2 times Feb 7 03:02:02 jhbro spamd[27961] BAD CONNECTIP l.176: 1: root at jhbro.fr, 2: , 3: , 4: Feb 7 03:02:02 jhbro spamd[27961]: uninitialized value Greylisting.pm line 181, line 40. Feb 7 03:02:02 jhbro spamd[27961]: uninitialized value Greylisting.pm line 182, line 40. Feb 7 03:02:03 jhbro spamd[27961]: uninitialized value Greylisting.pm line 176, line 65. Feb 7 03:02:03 jhbro last message repeated 2 times Feb 7 03:02:03 jhbro spamd[27961]: connectip: 1: root at jhbro.fr, 2: , 3: , 4: at Greylisting.pm line 176, line 65. Feb 7 03:02:03 jhbro spamd[27961]: uninitialized value Greylisting.pm line 178, line 65. Feb 7 03:02:03 jhbro last message repeated 2 times Feb 7 03:02:03 jhbro spamd[27961]: BAD CONNECTIP l.176: 1: root at jhbro.fr, 2: , 3: , 4: Feb 7 03:02:03 jhbro spamd[27961]: uninitialized value Greylisting.pm line 181, line 65. Feb 7 03:02:03 jhbro spamd[27961]: uninitialized value Greylisting.pm line 182, line 65. Feb 7 03:02:03 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 96. Feb 7 03:10:33 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:10:37 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 118. Feb 7 03:25:43 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:25:47 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 118. Feb 7 03:40:54 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:40:58 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 118. Feb 7 03:46:06 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:46:09 jhbro spamd[27962]: connectip: 1: 64, 2: 233, 3: 166, 4: 179 at Greylisting.pm line 176, line 99. Feb 7 03:46:13 jhbro spamd[27961]: connectip: 1: 64, 2: 233, 3: 166, 4: 179 at Greylisting.pm line 176, line 16077. Feb 7 03:46:16 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 124. Feb 7 03:56:04 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:56:08 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 118. Feb 7 03:57:43 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 03:57:45 jhbro spamd[27962]: connectip: 1: 64, 2: 233, 3: 184, 4: 227 at Greylisting.pm line 176, line 71. Feb 7 03:57:47 jhbro spamd[27961]: connectip: 1: 64, 2: 233, 3: 184, 4: 227 at Greylisting.pm line 176, line 88. Feb 7 03:57:49 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 97. Feb 7 04:00:24 jhbro spamd[27961]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 04:00:26 jhbro spamd[27962]: connectip: 1: 66, 2: 249, 3: 82, 4: 233 at Greylisting.pm line 176, line 85. Feb 7 04:00:29 jhbro spamd[27961]: connectip: 1: 66, 2: 249, 3: 82, 4: 233 at Greylisting.pm line 176, line 102. Feb 7 04:00:31 jhbro spamd[27962]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 120. ======================================================================================================== ======================================================================================================== Feb 7 12:02:02 spamd[15191]: uninitialized value Greylisting.pm line 176, line 39. Feb 7 12:02:02 last message repeated 2 times Feb 7 12:02:02 spamd[15191]: connectip: 1: root at jhbro.fr, 2: , 3: , 4: at Greylisting.pm line 176, line 39. Feb 7 12:02:02 spamd[15191]: uninitialized value Greylisting.pm line 178, line 39. Feb 7 12:02:02 last message repeated 2 times Feb 7 12:02:02 spamd[15191]: BAD CONNECTIP l.176: 1: root at jhbro.fr, 2: , 3: , 4: Feb 7 12:02:02 spamd[15191]: uninitialized value Greylisting.pm line 181, line 39. Feb 7 12:02:02 spamd[15191]: uninitialized value Greylisting.pm line 182, line 39. Feb 7 12:02:03 spamd[15191]: uninitialized value Greylisting.pm line 176, line 56. Feb 7 12:02:03 last message repeated 2 times Feb 7 12:02:03 spamd[15191]: connectip: 1: root at jhbro.fr, 2: , 3: , 4: at Greylisting.pm line 176, line 56. Feb 7 12:02:03 spamd[15191]: uninitialized value Greylisting.pm line 178, line 56. Feb 7 12:02:03 last message repeated 2 times Feb 7 12:02:03 spamd[15191]: BAD CONNECTIP l.176: 1: root at jhbro.fr, 2: , 3: , 4: Feb 7 12:02:03 spamd[15191]: uninitialized value Greylisting.pm line 181, line 56. Feb 7 12:02:03 spamd[15191]: uninitialized value Greylisting.pm line 182, line 56. Feb 7 12:02:03 spamd[15192]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 95. # ========================================================================== Feb 7 12:45:58 spamd[15190]: spamd: server killed by SIGTERM, shutting down # ========================================================================== Feb 7 12:45:59 spamd[23818]: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' Feb 7 12:45:59 spamd[23818]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message <1170848758.54795 at spamassassin_spamd_init>, skipping greylisting call # ========================================================================== Feb 7 12:51:18 spamd[23820]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message , skipping greylisting call Feb 7 12:51:21 spamd[23821]: uninitialized value Greylisting.pm line 176, line 78. Feb 7 12:51:21 spamd[23821]: connectip: 1: 204, 2: 15, 3: 82, 4: 124 at Greylisting.pm line 176, line 78. Feb 7 12:51:27 spamd[23820]: uninitialized value Greylisting.pm line 176, line 95. Feb 7 12:51:27 spamd[23820]: connectip: 1: 204, 2: 15, 3: 82, 4: 124 at Greylisting.pm line 176, line 95. Feb 7 12:51:30 spamd[23821]: uninitialized value Greylisting.pm line 176, line 108. Feb 7 12:51:30 spamd[23821]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 108. Feb 7 12:52:45 spamd[23820]: Couldn't get Connecting IP header [ X-SA-Exim-Connect-IP ] for message < spamid1217101454 at msgid.spamcop.net>, skipping greylisting call Feb 7 12:52:48 spamd[23821]: uninitialized value Greylisting.pm line 176, line 80. Feb 7 12:52:48 spamd[23821]: connectip: 1: 204, 2: 15, 3: 82, 4: 126 at Greylisting.pm line 176, line 80. Feb 7 12:52:51 spamd[23820]: uninitialized value Greylisting.pm line 176, line 97. Feb 7 12:52:51 spamd[23820]: connectip: 1: 204, 2: 15, 3: 82, 4: 126 at Greylisting.pm line 176, line 97. Feb 7 12:52:54 spamd[23821]: uninitialized value Greylisting.pm line 176, line 110. Feb 7 12:52:54 spamd[23821]: connectip: 1: 127, 2: 0, 3: 0, 4: 1 at Greylisting.pm line 176, line 110. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.merlins.org/archives/sa-exim/attachments/20070207/8564675d/attachment-0001.htm From marc at merlins.org Wed Feb 7 09:04:56 2007 From: marc at merlins.org (Marc MERLIN) Date: Wed, 7 Feb 2007 09:04:56 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> References: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> Message-ID: <20070207170456.GA4314@merlins.org> On Wed, Feb 07, 2007 at 01:57:25PM +0100, John Bro wrote: > Mark, > > Below are a bunch of examples (edited for redundancy and verbosity) > showing that sometimes the string that is supposed to be an IP address > is a (local) email address (originating locally too), > leaving regexes $2, $3, $4 quite empty. > > Other times it's 127.0.0.1 (for the same message?) > and still other times it's a real external IP number. > > Yet there are always complaints about unitialized values anyway. > > BAD CONNECTIP l.175 is the warn() I added which only appears when > the "connectip" is an email address instead of an ip number. > So the other complaints are somehow at other steps in the process.. I'll have to add a little more code to deal with totally unexpected values in there. > Some of this may be related to the fact that I am using > fetchmail to get mail from outside servers and hand it off to my > exim4.. but I don't understand *how* it's related (or what I'm Ahaha, now you fess up :) SA-Exim is mostly useless if you use fetchmail. Greylisting cannot work if you already accepted the Email. SMTP time filtering is irrelevant if you're feeding the mail from fetchmail. If you don't have access to your outside MX to run SA-Exim there, you should drop SA-Exim and just use spamassassin. Sorry, SA-Exim cannot do much of anything useful in your situation. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From harroun at gmail.com Wed Feb 7 10:37:00 2007 From: harroun at gmail.com (John Bro) Date: Wed, 7 Feb 2007 19:37:00 +0100 Subject: [SA-exim] undefined vars in Greylisting.pm Message-ID: <783c3ee00702071037x7ba9ccf7k664e64ce599d1b03@mail.gmail.com> > >* Some of this may be related to the fact that I am using *> >* fetchmail to get mail from outside servers and hand it off to my *> >* exim4.. but I don't understand *how* it's related (or what I'm * > Ahaha, now you fess up :) um.. yup.. mea culpa ;-} > SA-Exim is mostly useless if you use fetchmail. > Greylisting cannot work if you already accepted the Email. > SMTP time filtering is irrelevant if you're feeding the mail from fetchmail. OK. I can understand that once the mail is received somewhere, you can't treat it the same as if you were receiving it directly from the sender.. I'm doing about 1/2 and 1/2 right now.. My own domain/server is new, so I'm still getting stuff at old addresses.. and most of the spam is going to the old addys.. But I still don't understand what is causing perl to do so much whining.. I'm no guru, but I do use perl quite a bit, and I'm having a helluva time understanding what's going on here.. > If you don't have access to your outside MX to run SA-Exim there, you should > drop SA-Exim and just use spamassassin. > Sorry, SA-Exim cannot do much of anything useful in your situation. Too bad.. cuz apart from these perl complaints, it *feels* like sa-exim is doing what I want -- the spam is gone and the good mail is getting in! But, ok, I'll remove sa-exim from my config, and see if I can just get SA working alone.. Thanks for the help. cheers, John -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.merlins.org/archives/sa-exim/attachments/20070207/e9ca6b36/attachment.htm From marc at merlins.org Wed Feb 7 10:46:31 2007 From: marc at merlins.org (Marc MERLIN) Date: Wed, 7 Feb 2007 10:46:31 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <783c3ee00702071037x7ba9ccf7k664e64ce599d1b03@mail.gmail.com> References: <783c3ee00702071037x7ba9ccf7k664e64ce599d1b03@mail.gmail.com> Message-ID: <20070207184631.GH4314@merlins.org> On Wed, Feb 07, 2007 at 07:37:00PM +0100, John Bro wrote: > But I still don't understand what is causing perl to do so much whining.. > I'm no guru, but I do use perl quite a bit, and I'm having a helluva time > understanding what's going on here.. I think fetchmail is feeding random crap to exim, which in turn gets passed on to SA-Exim. Quite frankly, I didn't quite code for receiving an Email address in an IP field :) > Too bad.. cuz apart from these perl complaints, it *feels* like sa-exim > is doing what I want -- the spam is gone and the good mail is getting in! You could do that with just Spamassassin and a filter to /dev/null Also, SA-Exim is going to generate bounces that you don't want: you are joe jobbing inoccent people who never sent you spam but got faked as the sender. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From avo at trustsec.de Wed Feb 7 15:54:51 2007 From: avo at trustsec.de (Andreas =?iso-8859-1?Q?V=F6gele?=) Date: Thu, 08 Feb 2007 00:54:51 +0100 Subject: [SA-exim] undefined vars in Greylisting.pm References: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> <20070207170456.GA4314@merlins.org> Message-ID: <87wt2ted6c.fsf@worf.arundel.trustsec.de> Marc MERLIN writes: > SA-Exim is mostly useless if you use fetchmail. With the small patch that I posted a while ago, sa-exim works quite well with fetchmail. See http://thread.gmane.org/gmane.mail.exim.spamassassin/991/ > Greylisting cannot work if you already accepted the Email. SMTP > time filtering is irrelevant if you're feeding the mail from > fetchmail. Yes, that's true. You can neither greylist nor reject messages retrieved by fetchmail. From marc at merlins.org Wed Feb 7 16:20:19 2007 From: marc at merlins.org (Marc MERLIN) Date: Wed, 7 Feb 2007 16:20:19 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <87wt2ted6c.fsf@worf.arundel.trustsec.de> References: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> <20070207170456.GA4314@merlins.org> <87wt2ted6c.fsf@worf.arundel.trustsec.de> Message-ID: <20070208002019.GS22442@merlins.org> On Thu, Feb 08, 2007 at 12:54:51AM +0100, Andreas V?gele wrote: > Marc MERLIN writes: > > > SA-Exim is mostly useless if you use fetchmail. > > With the small patch that I posted a while ago, sa-exim works quite > well with fetchmail. See > > http://thread.gmane.org/gmane.mail.exim.spamassassin/991/ But how is that useful compared to a system wide spamassassin router unless you have a weird setup where your MX also gets mails injected via fetchmail, but does anyone really do that? I still don't get how SA-Exim can ever be the right tool for the job as far as fetchmail is concerned. It can be made to work, but I'm not sure why? :) The SA-Exim docs link to http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/ which would be the right way to go IMO Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From avo at trustsec.de Thu Feb 8 00:25:03 2007 From: avo at trustsec.de (Andreas =?iso-8859-1?Q?V=F6gele?=) Date: Thu, 08 Feb 2007 09:25:03 +0100 Subject: [SA-exim] undefined vars in Greylisting.pm References: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> <20070207170456.GA4314@merlins.org> <87wt2ted6c.fsf@worf.arundel.trustsec.de> <20070208002019.GS22442@merlins.org> Message-ID: <87bqk5vyxs.fsf@worf.arundel.trustsec.de> Marc Merlin writes: > On Thu, Feb 08, 2007 at 12:54:51AM +0100, Andreas V?gele wrote: >> Marc MERLIN writes: >> >> > SA-Exim is mostly useless if you use fetchmail. >> >> With the small patch that I posted a while ago, sa-exim works quite >> well with fetchmail. See >> >> http://thread.gmane.org/gmane.mail.exim.spamassassin/991/ > > But how is that useful compared to a system wide spamassassin router unless > you have a weird setup where your MX also gets mails injected via fetchmail, > but does anyone really do that? We have to use fetchmail in addition to SMTP on one of our MTAs. The great thing about Exim is that you can do weird things easily. In a perfect world, I'd use Postfix instead of Exim. > I still don't get how SA-Exim can ever be the right tool for the job > as far as fetchmail is concerned. It can be made to work, but I'm > not sure why? :) It doesn't make sense to use SA-Exim if fetchmail is the only means of retrieving mail. But if you would like to greylist SMTP connections and also have to use fetchmail SA-Exim is a good choice. Or is there another Greylisting solution for Exim (that greylists after DATA)? Debian's greylistd is no alternative since it is bug ridden. From zelin at dac.hu Thu Feb 8 00:58:48 2007 From: zelin at dac.hu (DOMA Peter) Date: Thu, 08 Feb 2007 09:58:48 +0100 Subject: [SA-exim] SA-exim uses only tempreject In-Reply-To: <20070206214915.GL8853@merlins.org> References: <45AF3FAB.8030601@dac.hu> <20070206214915.GL8853@merlins.org> Message-ID: <45CAE648.7050503@dac.hu> Hi, > Sorry for the delay. > > The reason tempreject is happening is because devnull and permreject > didn't trigger for some reason. > I looked at the code for you, and the only reason I could find was that > isspam is not being set to 1 (i.e. spamassassin isn't flagging the > message as spam). > I'll admit that it's not super obvious, but sa-exim will not reject a > message, regardless of the score, if SA doesn't say it's spam > ( X-Spam-Status: yes ) > If you tweak your SA config according, things should work. > > Admittedly, this restriction should go away: sa-exim should just not > care whether SA says it's spam or not, and only look at the spam score > I wrote a mail to the list just a couple of hours later, i came to the very same conclusion as I looked at the source, and I reconfigured SA accordingly. Due to historical reasons i couldn't use the default headers from SA, and that caused this fault. However, when I have time I'm willing to create a patch which solves this problem and handles this case in a more elegant way. Thanks for your reply and again, thanks for this very smart piece of code, it helped to handle spams in a way I never dreamt of while I was working with other mailers. Best regards, Peter From marc at merlins.org Thu Feb 8 07:12:23 2007 From: marc at merlins.org (Marc MERLIN) Date: Thu, 8 Feb 2007 07:12:23 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <87bqk5vyxs.fsf@worf.arundel.trustsec.de> References: <783c3ee00702070457x52360619q573cf182710c8a67@mail.gmail.com> <20070207170456.GA4314@merlins.org> <87wt2ted6c.fsf@worf.arundel.trustsec.de> <20070208002019.GS22442@merlins.org> <87bqk5vyxs.fsf@worf.arundel.trustsec.de> Message-ID: <20070208151223.GJ4314@merlins.org> On Thu, Feb 08, 2007 at 09:25:03AM +0100, Andreas V?gele wrote: > > I still don't get how SA-Exim can ever be the right tool for the job > > as far as fetchmail is concerned. It can be made to work, but I'm > > not sure why? :) > > It doesn't make sense to use SA-Exim if fetchmail is the only means of > retrieving mail. But if you would like to greylist SMTP connections > and also have to use fetchmail SA-Exim is a good choice. That's true. And you must be the only person who does this :) > Or is there another Greylisting solution for Exim (that greylists > after DATA)? Debian's greylistd is no alternative since it is bug > ridden. There might be, but I wouldn't know. That said, if it works for you, it's all good :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From mike at pellatt.co.uk Thu Feb 8 08:12:25 2007 From: mike at pellatt.co.uk (Mike Pellatt) Date: Thu, 8 Feb 2007 16:12:25 +0000 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <20070208151223.GJ4314@merlins.org> Message-ID: <"L8E18AB88551C44dcB90611C57425A1C5.1170951131.scalix1.ppmi-consultants.co.uk*"@MHS> On 08 February 2007 15:12, Marc MERLIN [mailto:marc at merlins.org] wrote: > On Thu, Feb 08, 2007 at 09:25:03AM +0100, Andreas V?gele wrote: > > > I still don't get how SA-Exim can ever be the right tool for the job > > > as far as fetchmail is concerned. It can be made to work, but I'm > > > not sure why? :) > > > > It doesn't make sense to use SA-Exim if fetchmail is the only means of > > retrieving mail. But if you would like to greylist SMTP connections > > and also have to use fetchmail SA-Exim is a good choice. > > That's true. And you must be the only person who does this :) No, he isn't :-) I'm soooo impressed with SA-Exim, it really has revolutionised our mail handling. I played with MailScanner years ago. Then I realised I wasn't being a good netizen...... Exim, of course, is the One True MTA. Mike From marc at merlins.org Thu Feb 8 08:37:50 2007 From: marc at merlins.org (Marc MERLIN) Date: Thu, 8 Feb 2007 08:37:50 -0800 Subject: [SA-exim] undefined vars in Greylisting.pm In-Reply-To: <"L8E18AB88551C44dcB90611C57425A1C5.1170951131.scalix1.ppmi-consultants.co.uk*"@MHS> References: <20070208151223.GJ4314@merlins.org> <"L8E18AB88551C44dcB90611C57425A1C5.1170951131.scalix1.ppmi-consultants.co.uk*"@MHS> Message-ID: <20070208163750.GK4314@merlins.org> On Thu, Feb 08, 2007 at 04:12:25PM +0000, Mike Pellatt wrote: > > On 08 February 2007 15:12, Marc MERLIN [mailto:marc at merlins.org] wrote: > > On Thu, Feb 08, 2007 at 09:25:03AM +0100, Andreas V?gele wrote: > > > > I still don't get how SA-Exim can ever be the right tool for the > job > > > > as far as fetchmail is concerned. It can be made to work, but I'm > > > > not sure why? :) > > > > > > It doesn't make sense to use SA-Exim if fetchmail is the only means > of > > > retrieving mail. But if you would like to greylist SMTP connections > > > > and also have to use fetchmail SA-Exim is a good choice. > > > > That's true. And you must be the only person who does this :) > > > > No, he isn't :-) Ok, you guys win :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From jamie at versado.net Thu Feb 22 10:18:04 2007 From: jamie at versado.net (Jamie Neil) Date: Thu, 22 Feb 2007 18:18:04 +0000 Subject: [SA-exim] Greylisting skipped due to bad header Message-ID: <45DDDE5C.2090006@versado.net> Hi, I've noticed a problem with greylisting recently where some messages are continually temp rejected because the greylisting check is being skipped. The affected messages _all_ seem to be legitimate NDRs from Hotmail as far as I can tell. The reason that they are skipped is that the "From" header has some bad characters in front of it, which causes the greylisting code to fail (because it can't find the X-SA-Connect-IP header). This is what the header looks like (personal info changed): ---- Received: from [65.54.246.99] (helo=bay0-omc1-s27.bay0.hotmail.com) by hera.versado.net with esmtp (Exim 4.50) id 1HKHaa-0001C7-79 for xxxx at xxxx.com; Thu, 22 Feb 2007 17:18:40 +0000 Received: from BAY124-W31 ([207.46.11.194]) by bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 21 Feb 2007 11:12:51 -0800 Message-ID: From: <> Bcc: X-OriginalArrivalTime: 21 Feb 2007 19:12:51.0089 (UTC) FILETIME=[47EFD010:01C755EC] Date: 21 Feb 2007 11:12:51 -0800 ???From: postmaster at mail.hotmail.com To: xxxx at xxxx.com Date: Wed, 21 Feb 2007 11:12:50 GMT MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_49712A76E52946209FB33E26D41?WOM1.labinte" X-DSNContext: 7ce717b1 - 1196 - 00000002 - 00000000 X-SA-Exim-Connect-IP: 65.54.246.99 X-SA-Exim-Rcpt-To: xxxx at xxxx.com X-SA-Exim-Mail-From: X-Spam-Flag: YES ---- It's really just an irritation rather that a major problem because we're only seeing a handful of messages a week like this, and eventually the Hotmail servers will give up, but I see them in my log reports every day and they bug me. :) Has anyone else seen this problem? Is there a fix/work around? -- Jamie Neil | | 0870 7777 454 Versado I.T. Services Ltd. | http://versado.net/ | 0845 450 1254 From matt at mattbostock.com Sun Feb 25 17:23:35 2007 From: matt at mattbostock.com (Matt Bostock) Date: Mon, 26 Feb 2007 1:23:35 +0000 Subject: [SA-exim] Inodes being eaten by tuplets/ and SA* log directories Message-ID: Hey all, Just a suggestion: could a note be put in the documentation about the greylisting tuplets and their possible effect on inodes? I have no quibbles with the way tuplets or stored, but having never before run out of inodes before, it was never something I really thought about until I had none left :-) I'd forgotten to install the greylist-clean script in my crontab and so had thousands of tuplets. The /var/spool/exim/SA* directories that store copies of rejected/teergrubbed/etc mail also have a (somewhat lesser) impact on inodes. On a more positive note, since I've been using SA-Exim the spam rate for me and my users has dropped by about 80%. I've just installed the FuzzyOCR plugin for SA too which is working really nicely :-) Thanks for all of your hard work Marc, Matt From marc at merlins.org Sun Feb 25 17:48:01 2007 From: marc at merlins.org (Marc MERLIN) Date: Sun, 25 Feb 2007 17:48:01 -0800 Subject: [SA-exim] Inodes being eaten by tuplets/ and SA* log directories In-Reply-To: References: Message-ID: <20070226014801.GJ19547@merlins.org> On Mon, Feb 26, 2007 at 01:23:35AM +0000, Matt Bostock wrote: > Hey all, > > Just a suggestion: could a note be put in the documentation about the greylisting tuplets and their possible effect on inodes? README.greylisting says: - every x time (like 4 hours or two days), remove all greylist entries that only saw one mail (i.e. still greylisted, not whitelisted yet). This is done with a find cron job (...) Then, setup a cron job to delete tuplets that are older than 14 days for whitelisted entries, and 2 days for greylisted entries (or whatever values you fancy). (...) FILE SETUP ---------- You should install greylistclean.cron in /etc/cron.d/ on your system to call greylistclean and clean up greylisted entries and whitelisted entries that haven't been used in a while. You can optionally modify it to tweak the cleanup times. Note that you need to tweak greylistclean.cron to match the user spamd runs as if you aren't using the recommended --username=nobody Did that not come in the documentation with the sa-exim you got? Or did you use a package that wasn't setup properly to do this by default? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From rocky at mindphone.org Wed Feb 28 14:33:24 2007 From: rocky at mindphone.org (Rocky Olsen) Date: Wed, 28 Feb 2007 15:33:24 -0700 Subject: [SA-exim] Multiple SAspamcHost's? Possible Feature Request Message-ID: <20070228223324.GA26881@mindphone.org> I've searched through most of the archives and haven't been able to find an answer to this question. I'm wondering if it's been considered having the configuration value of SAspamcHost take multiple host names in csv format? and in doing so have it also pass the -H flag to spamc when it makes the execl call to provide some sort of load balancing. 'spamc -d host1,host2 -H' I tested this earlier today using 'SAspamcHost host1,host2' and it resulted in a configuration error. We are moving to having large backend spamscanning machines with light edge mta's. Our other options are using lvs or some other load balancer, but wanted to check here first. Thanks in advance -Rocky -- ______________________________________________________________________ what's with today, today? Email: rocky at mindphone.org