[SA-exim] SA-Exim Digest, Vol 93, Issue 1

MANUEL CANSECO GARCIA MCG at mpsistemas.es
Thu Mar 1 23:23:27 PST 2007
Previous message: [SA-exim] sig 11 problem
Next message: [SA-exim] Multiple SAspamcHost's? Possible Feature Request
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
**** Mensaje Automatico ***
Este usuario no se encuentra operativo, para cualquier asunto le ruego
se pongan en contacto con Leandro Gayango lgg at mpsistemas.es

***************************************************************************************

>>> sa-exim 03/02/07 08:21 >>>

Send SA-Exim mailing list submissions to
	sa-exim at lists.merlins.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.merlins.org/lists/listinfo/sa-exim
or, via email, send a message with subject or body 'help' to
	sa-exim-request at lists.merlins.org

You can reach the person managing the list at
	sa-exim-owner at lists.merlins.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of SA-Exim digest..."


Today's Topics:

   1. Re: undefined vars in Greylisting.pm (Marc MERLIN)
   2. Greylisting skipped due to bad header (Jamie Neil)
   3. Inodes being eaten by tuplets/ and SA* log directories
      (Matt Bostock)
   4. Re: Inodes being eaten by tuplets/ and SA* log directories
      (Marc MERLIN)
   5. Multiple SAspamcHost's? Possible Feature Request (Rocky Olsen)
   6. sig 11 problem (Martin Hierling)
   7. Re: sig 11 problem (Marc MERLIN)
   8. Re: sig 11 problem (Marc MERLIN)


----------------------------------------------------------------------

Message: 1
Date: Thu, 8 Feb 2007 08:37:50 -0800
From: Marc MERLIN <marc at merlins.org>
Subject: Re: [SA-exim] undefined vars in Greylisting.pm
To: Mike Pellatt <mike at pellatt.co.uk>
Cc: sa-exim at lists.merlins.org
Message-ID: <20070208163750.GK4314 at merlins.org>
Content-Type: text/plain; charset=iso-8859-1

On Thu, Feb 08, 2007 at 04:12:25PM +0000, Mike Pellatt wrote:
>  
> On 08 February 2007 15:12, Marc MERLIN [mailto:marc at merlins.org]
wrote:
> > On Thu, Feb 08, 2007 at 09:25:03AM +0100, Andreas V?gele wrote:
> > > > I still don't get how SA-Exim can ever be the right tool for the

> job 
> > > > as far as fetchmail is concerned. It can be made to work, but
I'm 
> > > > not sure why? :)
> > > 
> > > It doesn't make sense to use SA-Exim if fetchmail is the only
means 
> of 
> > > retrieving mail.  But if you would like to greylist SMTP
connections 
> 
> > > and also have to use fetchmail SA-Exim is a good choice.
> > 
> > That's true. And you must be the only person who does this :)
> 
> <waves>
> 
> No, he isn't :-)

Ok, you guys win :)

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" -
A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet
cooking
Home page: http://marc.merlins.org/  



------------------------------

Message: 2
Date: Thu, 22 Feb 2007 18:18:04 +0000
From: Jamie Neil <jamie at versado.net>
Subject: [SA-exim] Greylisting skipped due to bad header
To: sa-exim at lists.merlins.org
Message-ID: <45DDDE5C.2090006 at versado.net>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I've noticed a problem with greylisting recently where some messages are
continually temp rejected because the greylisting check is being
skipped. The affected messages _all_ seem to be legitimate NDRs from
Hotmail as far as I can tell. The reason that they are skipped is that
the "From" header has some bad characters in front of it, which causes
the greylisting code to fail (because it can't find the X-SA-Connect-IP
header).

This is what the header looks like (personal info changed):

----
Received: from [65.54.246.99] (helo=bay0-omc1-s27.bay0.hotmail.com)
  by hera.versado.net with esmtp (Exim 4.50)
  id 1HKHaa-0001C7-79
  for xxxx at xxxx.com; Thu, 22 Feb 2007 17:18:40 +0000
Received: from BAY124-W31 ([207.46.11.194]) by
bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
   Wed, 21 Feb 2007 11:12:51 -0800
Message-ID: <BAY124-W31BDB851597AB0C0A00890BA880 at phx.gbl>
From: <>
Bcc:
X-OriginalArrivalTime: 21 Feb 2007 19:12:51.0089 (UTC)
FILETIME=[47EFD010:01C755EC]
Date: 21 Feb 2007 11:12:51 -0800
???From: postmaster at mail.hotmail.com
To: xxxx at xxxx.com
Date: Wed, 21 Feb 2007 11:12:50 GMT
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
  boundary="9B095B5ADSN=_49712A76E52946209FB33E26D41?WOM1.labinte"
X-DSNContext: 7ce717b1 - 1196 - 00000002 - 00000000
X-SA-Exim-Connect-IP: 65.54.246.99
X-SA-Exim-Rcpt-To: xxxx at xxxx.com
X-SA-Exim-Mail-From:
X-Spam-Flag: YES
----

It's really just an irritation rather that a major problem because we're
only seeing a handful of messages a week like this, and eventually the
Hotmail servers will give up, but I see them in my log reports every day
and they bug me. :)

Has anyone else seen this problem? Is there a fix/work around?

-- 
Jamie Neil | <jamie at versado.net> | 0870 7777 454
Versado I.T. Services Ltd. | http://versado.net/ | 0845 450 1254



------------------------------

Message: 3
Date: Mon, 26 Feb 2007 1:23:35 +0000
From: Matt Bostock <matt at mattbostock.com>
Subject: [SA-exim] Inodes being eaten by tuplets/ and SA* log
	directories
To: sa-exim at lists.merlins.org
Message-ID: <b4e277ad738206119e5792379d134918 at localhost>
Content-Type: text/plain; charset="UTF-8"

Hey all,

Just a suggestion: could a note be put in the documentation about the
greylisting tuplets and their possible effect on inodes?

I have no quibbles with the way tuplets or stored, but having never
before run out of inodes before, it was never something I really thought
about until I had none left :-) I'd forgotten to install the
greylist-clean script in my crontab and so had thousands of tuplets. The
/var/spool/exim/SA* directories that store copies of
rejected/teergrubbed/etc mail also have a (somewhat lesser) impact on
inodes.

On a more positive note, since I've been using SA-Exim the spam rate for
me and my users has dropped by about 80%. I've just installed the
FuzzyOCR plugin for SA too which is working really nicely :-)

Thanks for all of your hard work Marc,
Matt




------------------------------

Message: 4
Date: Sun, 25 Feb 2007 17:48:01 -0800
From: Marc MERLIN <marc at merlins.org>
Subject: Re: [SA-exim] Inodes being eaten by tuplets/ and SA* log
	directories
To: Matt Bostock <matt at mattbostock.com>
Cc: sa-exim at lists.merlins.org
Message-ID: <20070226014801.GJ19547 at merlins.org>
Content-Type: text/plain; charset=us-ascii

On Mon, Feb 26, 2007 at 01:23:35AM +0000, Matt Bostock wrote:
> Hey all,
> 
> Just a suggestion: could a note be put in the documentation about the
greylisting tuplets and their possible effect on inodes?

README.greylisting says:
- every x time (like 4 hours or two days), remove all greylist entries
that
  only saw one mail (i.e. still greylisted, not whitelisted yet).
  This is done with a find cron job
(...)
Then, setup a cron job to delete tuplets that are older than 14 days for
whitelisted entries, and 2 days for greylisted entries (or whatever
values you fancy).
(...)
FILE SETUP
----------
You should install greylistclean.cron in /etc/cron.d/ on your system to
call greylistclean and clean up greylisted entries and whitelisted
entries
that haven't been used in a while.
You can optionally modify it to tweak the cleanup times.
Note that you need to tweak greylistclean.cron to match the user spamd
runs
as if you aren't using the recommended --username=nobody


Did that not come in the documentation with the sa-exim you got?
Or did you use a package that wasn't setup properly to do this by
default?

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" -
A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet
cooking
Home page: http://marc.merlins.org/



------------------------------

Message: 5
Date: Wed, 28 Feb 2007 15:33:24 -0700
From: Rocky Olsen <rocky at mindphone.org>
Subject: [SA-exim] Multiple SAspamcHost's? Possible Feature Request
To: sa-exim at lists.merlins.org
Message-ID: <20070228223324.GA26881 at mindphone.org>
Content-Type: text/plain; charset=us-ascii

I've searched through most of the archives and haven't been able to find
an
answer to this question.  I'm wondering if it's been considered having
the
configuration value of SAspamcHost take multiple host names in csv
format?
and in doing so have it also pass the -H flag to spamc when it makes the
execl call to provide some sort of load balancing. 'spamc -d host1,host2
-H'

I tested this earlier today using 'SAspamcHost host1,host2' and it
resulted
in a configuration error. We are moving to having large backend
spamscanning machines with light edge mta's. Our other options are using
lvs or some other load balancer, but wanted to check here first.

Thanks in advance

-Rocky
-- 
______________________________________________________________________


what's with today, today?

Email:	rocky at mindphone.org



------------------------------

Message: 6
Date: Thu, 1 Mar 2007 18:35:38 +0100
From: Martin Hierling <martin.hierling at fh-luh.de>
Subject: [SA-exim] sig 11 problem
To: sa-exim at lists.merlins.org
Message-ID: <20070301173538.GA27604 at cc.fh-luh.de>
Content-Type: text/plain; charset="us-ascii"

Hi,

i have a bunch of sig11 message in my exim log.

2007-03-01 01:01:49 1HMYk1-0002om-0h local_scan() function crashed with
signal 11 - message temporarily rejected (size 1021)
2007-03-01 02:04:42 1HMZir-0002uA-RE local_scan() function crashed with
signal 11 - message temporarily rejected (size 2311)
2007-03-01 05:37:32 1HMd2o-0003Ca-Rc local_scan() function crashed with
signal 11 - message temporarily rejected (size 28221)

Any suggestion how to track this down? Setting SAEximDebug to some
higher level? I have sniffed some smtp traffic while this happens. It
seems to be all spam that triggers the sig 11, so it is not so
important. I have attached 2 smtp session logs. 

Any ideas?
What kind of data do you need (or i) to debug this?

regards Martin

-- 
----------------------------------------------------------------
  Will the information superhighway have any rest stops?
----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smtp1_sig11.dat
Type: chemical/x-mopac-input
Size: 3959 bytes
Desc: not available
Url :
http://lists.merlins.org/archives/sa-exim/attachments/20070301/39e606a9/attachment-0002.dat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smtp2_sig11.dat
Type: chemical/x-mopac-input
Size: 2761 bytes
Desc: not available
Url :
http://lists.merlins.org/archives/sa-exim/attachments/20070301/39e606a9/attachment-0003.dat


------------------------------

Message: 7
Date: Thu, 1 Mar 2007 10:37:01 -0800
From: Marc MERLIN <marc at merlins.org>
Subject: Re: [SA-exim] sig 11 problem
To: Martin Hierling <martin.hierling at fh-luh.de>
Cc: sa-exim at lists.merlins.org
Message-ID: <20070301183701.GD8082 at merlins.org>
Content-Type: text/plain; charset=us-ascii

On Thu, Mar 01, 2007 at 06:35:38PM +0100, Martin Hierling wrote:
> Hi,
> 
> i have a bunch of sig11 message in my exim log.

So, does that happen for all mails, or just some?

Did you build your own sa-exim? did you use a package?

What platform/architecture are you on?

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" -
A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet
cooking
Home page: http://marc.merlins.org/  



------------------------------

Message: 8
Date: Thu, 1 Mar 2007 23:21:47 -0800
From: Marc MERLIN <marc at merlins.org>
Subject: Re: [SA-exim] sig 11 problem
To: Martin Hierling <martin.hierling at fh-luh.de>
Cc: sa-exim at lists.merlins.org
Message-ID: <20070302072147.GA3606 at merlins.org>
Content-Type: text/plain; charset=us-ascii

On Fri, Mar 02, 2007 at 07:52:22AM +0100, Martin Hierling wrote:
> Hi Marc,
> 
> > > i have a bunch of sig11 message in my exim log.
> > 
> > So, does that happen for all mails, or just some?
> 
> No, only just some, about 8%.
> 
> > Did you build your own sa-exim? did you use a package?
> i am using the sa-exim ebuld for gentoo.
> http://bugs.gentoo.org/show_bug.cgi?id=47106
> 
> > What platform/architecture are you on?
> 
> Gentoo, x86 inside a Xen DomU, kernel 2.6.16.29, gcc-4.1.1, exim-4.62

Ok.

Can you enable coredumps and run bt against the core to see where the
code
died?
Or are the last sa-exim log lines before it dies always the same (at
debug
level 10). If so, what are they?

Thanks
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" -
A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet
cooking
Home page: http://marc.merlins.org/  



------------------------------

_______________________________________________
SA-Exim mailing list
SA-Exim at lists.merlins.org
http://lists.merlins.org/lists/listinfo/sa-exim


End of SA-Exim Digest, Vol 93, Issue 1
**************************************
Previous message: [SA-exim] sig 11 problem
Next message: [SA-exim] Multiple SAspamcHost's? Possible Feature Request
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the SA-Exim mailing list