From erwin.ambrosch at xhostplus.at Tue May 1 02:46:28 2007 From: erwin.ambrosch at xhostplus.at (Erwin Ambrosch|XHOSTPLUS) Date: Tue, 01 May 2007 11:46:28 +0200 Subject: [SA-exim] Refering SARunCond Message-ID: <46370C74.40909@xhostplus.at> Hi all, is it possible to refer SARunCond. I would need something like this: SARunCond: ${if and { {!eq {$sender_address_domain}{${lookup pgsql {SELECT DISTINCT email_domain FROM xhost_email_domain WHERE email_domain='$sender_address_domain'}}}} } {1}{0}} SARunCond: ${if and { {eq {$SARunCond}{0}} {eq {$sender_host_address}{192.168.1.1}} } {1}{0}} Thanks in Advance Erwin From marc at merlins.org Wed May 2 17:47:44 2007 From: marc at merlins.org (Marc MERLIN) Date: Wed, 2 May 2007 17:47:44 -0700 Subject: [SA-exim] Refering SARunCond In-Reply-To: <46370C74.40909@xhostplus.at> References: <46370C74.40909@xhostplus.at> Message-ID: <20070503004744.GY30161@merlins.org> On Tue, May 01, 2007 at 11:46:28AM +0200, Erwin Ambrosch|XHOSTPLUS wrote: > Hi all, > > is it possible to refer SARunCond. I would need something like this: > > SARunCond: ${if and { {!eq {$sender_address_domain}{${lookup pgsql {SELECT DISTINCT email_domain FROM xhost_email_domain WHERE email_domain='$sender_address_domain'}}}} } {1}{0}} > > SARunCond: ${if and { {eq {$SARunCond}{0}} {eq {$sender_host_address}{192.168.1.1}} } {1}{0}} No, that won't work sorry, SARunCond is not a variable visible from the exim interpreter. You have to run everything from one line. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From christian at kieft.de Sat May 5 08:22:12 2007 From: christian at kieft.de (Christian Kieft) Date: Sat, 5 May 2007 17:22:12 +0200 Subject: [SA-exim] GREYLISTING: greylisting didn't run since the configuration wasn't setup to call us Message-ID: <200705051722.12775.christian@kieft.de> Hi list, i tried to set up sa-exim with greylisting - and everything except the greylisting part works fine so far (system: debian 3.1) For each mail which is passed on to spamd i get the following log entries in /var/log/mail.log: spamd[5524]: invalid rule: GREYLIST_ISWHITE spamd[5524]: debug: GREYLISTING: greylisting didn't run since the configuration wasn't setup to call us my local.cf: ------------------------------------------------------------------ loadplugin Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm header GREYLIST_ISWHITE reseval:greylisting("( 'dir' => '/var/spool/sa-exim/tuplets'; 'method' => 'dir'; 'greylistsecs' => '300'; 'dontgreylistthreshold'=> 11; 'connectiphdr' => 'X-SA-Exim-Connect-IP'; 'envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 0; 'greylis tfourthbyte' => 0 )") describe GREYLIST_ISWHITE The incoming server has been whitelisted for this receipient and sender score GREYLIST_ISWHITE -1.5 priority GREYLIST_ISWHITE 99999 ------------------------------------------------------------------ I couldn't even figure out the error when i had a look at Greylisting.pm It seems like the module is loaded but not run. Is anything wrong with my "header GREYLIST_ISWHITE... " definition? I noticed to keep the exact syntax and copy and pasted the line Has anyone also experienced these problems or does someone know a solution? My setup is quite similar to the descriptions in /usr/share/doc/README.greylisting spamd -V: SpamAssassin Server version 3.0.3 running on Perl 5.8.4 spamc -V: SpamAssassin Client version 3.0.3 compiled with SSL support (OpenSSL 0.9.7e 25 Oct 2004) (everything is installed from default debian 3.1 packages) Thanks in advance, Christian From marc at merlins.org Sat May 5 08:59:29 2007 From: marc at merlins.org (Marc MERLIN) Date: Sat, 5 May 2007 08:59:29 -0700 Subject: [SA-exim] GREYLISTING: greylisting didn't run since the configuration wasn't setup to call us In-Reply-To: <200705051722.12775.christian@kieft.de> References: <200705051722.12775.christian@kieft.de> Message-ID: <20070505155929.GB2303@merlins.org> On Sat, May 05, 2007 at 05:22:12PM +0200, Christian Kieft wrote: > Hi list, > > i tried to set up sa-exim with greylisting - and everything except the > greylisting part works fine so far (system: debian 3.1) > > For each mail which is passed on to spamd i get the following log entries > in /var/log/mail.log: > > spamd[5524]: invalid rule: GREYLIST_ISWHITE > spamd[5524]: debug: GREYLISTING: greylisting didn't run since the > configuration wasn't setup to call us > > my local.cf: > ------------------------------------------------------------------ > loadplugin > Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm > > header GREYLIST_ISWHITE reseval:greylisting("( 'dir' You want eval:greylisting, not reseval which was for the old SA 2.x patch. I re-read README.greylisting, and while the right info is there, it's ocnfusing. I need to remove the obsolete SA 2.x info in there. I'll go modify that doc in cvs now. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From mail at peter-thomassen.de Thu May 10 13:21:31 2007 From: mail at peter-thomassen.de (Peter Thomassen) Date: Thu, 10 May 2007 22:21:31 +0200 Subject: [SA-exim] Greylisting doesn't work anymore Message-ID: <200705102221.36950.mail@peter-thomassen.de> Hi. For some reason, greylisting doesn't work anymore for some time now. I noticed in the rejectlog that the same e-mail (the same sender, recipient, server) has been rejected several times in many cases. To find the reason, I checked /var/spool/sa-exim/tuplets/ and found that this directory is empty and last modified in February, even though the server processes several thousand mails a day. (I now disabled the feature by setting SAtempreject to some huge value. This lets more spam in, but I can't help it at present.) I think that the tuplet saving doesn't work for some reason, so that e-mail is unknown again at later tries and therefore to be temporarily rejected. The tuplet directory belongs to nobody:Debian-exim, the mode is 771. Exim runs as root:Debian-exim, so I can't see any problem related to the mode. Marc proposed setting the tuplet directory to 777 which didn't help. Marc also proposed to add some debug code in the Perl module, which is /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm, I think. Unfortunately, I only know Perl from reading it a bit, but I tried to add open (TEST, ">/tmp/debug"); print TEST time."\n"; close TEST; to the beginning of the greylisting subroutine. I think this should create a /tmp/debug file, which wasn't the case. I don't know what to do. Do you have any ideas? Thanks! -- ? ? ? Peter Thomassen ? Steigerwaldstr. 4 ? 97076 W?rzburg ? Germany ? ? ? ? ?http://www.peter-thomassen.de/ ? mail at peter-thomassen.de ? ? ? ? ? ? ? ?fon +49-931-2705351 ? mobil +49-176-63159879 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/f028bd4d/attachment-0001.pgp From marc at merlins.org Thu May 10 13:37:32 2007 From: marc at merlins.org (Marc MERLIN) Date: Thu, 10 May 2007 13:37:32 -0700 Subject: [SA-exim] Greylisting doesn't work anymore In-Reply-To: <200705102221.36950.mail@peter-thomassen.de> References: <200705102221.36950.mail@peter-thomassen.de> Message-ID: <20070510203732.GA5416@merlins.org> On Thu, May 10, 2007 at 10:21:31PM +0200, Peter Thomassen wrote: > Hi. > > For some reason, greylisting doesn't work anymore for some time now. > > I noticed in the rejectlog that the same e-mail (the same sender, recipient, > server) has been rejected several times in many cases. To find the reason, I > checked /var/spool/sa-exim/tuplets/ and found that this directory is empty > and last modified in February, even though the server processes several > thousand mails a day. (I now disabled the feature by setting SAtempreject to > some huge value. This lets more spam in, but I can't help it at present.) > > I think that the tuplet saving doesn't work for some reason, so that e-mail is > unknown again at later tries and therefore to be temporarily rejected. The > tuplet directory belongs to nobody:Debian-exim, the mode is 771. Exim runs as > root:Debian-exim, so I can't see any problem related to the mode. > > Marc proposed setting the tuplet directory to 777 which didn't help. > > Marc also proposed to add some debug code in the Perl module, which is > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm, I think. > Unfortunately, I only know Perl from reading it a bit, but I tried to add > > open (TEST, ">/tmp/debug"); > print TEST time."\n"; > close TEST; > > to the beginning of the greylisting subroutine. I think this should create > a /tmp/debug file, which wasn't the case. Ah, that would explain it then, likely Greylisting.pm is not being run. Did you change/break your SA config? Is the Greylisting module still being called in your SA config? Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/560da43f/attachment.pgp From mail at peter-thomassen.de Thu May 10 13:49:52 2007 From: mail at peter-thomassen.de (Peter Thomassen) Date: Thu, 10 May 2007 22:49:52 +0200 Subject: [SA-exim] Greylisting doesn't work anymore In-Reply-To: <20070510203732.GA5416@merlins.org> References: <200705102221.36950.mail@peter-thomassen.de> <20070510203732.GA5416@merlins.org> Message-ID: <200705102249.56512.mail@peter-thomassen.de> Am Donnerstag, 10. Mai 2007 22:37:32 schrieb Marc MERLIN: > On Thu, May 10, 2007 at 10:21:31PM +0200, Peter Thomassen wrote: > > Marc also proposed to add some debug code in the Perl module, which is > > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm, I think. > > Unfortunately, I only know Perl from reading it a bit, but I tried to add > > > > open (TEST, ">/tmp/debug"); > > print TEST time."\n"; > > close TEST; > > > > to the beginning of the greylisting subroutine. I think this should > > create a /tmp/debug file, which wasn't the case. > > Ah, that would explain it then, likely Greylisting.pm is not being run. > > Did you change/break your SA config? Is the Greylisting module still being > called in your SA config? I think if the SA config were broken, there would occur some other error, or SpamAssassin wouldn't work at all. So I assume the config is not broken. It contains the following lines: # greylistsecs: how long you greylist a tuplet because whitelisting it # greylistnullfrom: set to 1 to also greylist mail with a null env from # greylistfourthbyte: keep the 4 bytes of the connecting host instead of 3 loadplugin Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm header GREYLIST_ISWHITE eval:greylisting("( 'dir' => '/var/spool/sa-exim/tuplets'; 'method' => 'dir'; 'greylistsecs' => '1800'; dontgreylistthreshold' => 12000000; 'connectiphdr' => 'X-SA-Exim-Connect-IP'; 'envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 1; 'greylistfourthbyte' => 0 )") describe GREYLIST_ISWHITE The incoming server has been whitelisted for this recipient and sender score GREYLIST_ISWHITE -1.5 # Run SpamAssassin last, after all other rules. # (lets us not greylist a host that is sending spam, otherwise this rule might # set a sufficiently negative score that the next spam would be allowed in) priority GREYLIST_ISWHITE 99999 Looks like the module is still called. Or is there something wrong? Thank you. -- ? ? ? Peter Thomassen ? Steigerwaldstr. 4 ? 97076 W?rzburg ? Germany ? ? ? ? ?http://www.peter-thomassen.de/ ? mail at peter-thomassen.de ? ? ? ? ? ? ? ?fon +49-931-2705351 ? mobil +49-176-63159879 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/134f84fb/attachment.pgp From mail at peter-thomassen.de Thu May 10 13:53:55 2007 From: mail at peter-thomassen.de (Peter Thomassen) Date: Thu, 10 May 2007 22:53:55 +0200 Subject: [SA-exim] Greylisting doesn't work anymore In-Reply-To: <200705102249.56512.mail@peter-thomassen.de> References: <200705102221.36950.mail@peter-thomassen.de> <20070510203732.GA5416@merlins.org> <200705102249.56512.mail@peter-thomassen.de> Message-ID: <200705102253.55887.mail@peter-thomassen.de> Am Donnerstag, 10. Mai 2007 22:49:52 schrieb Peter Thomassen: > GREYLIST_ISWHITE eval:greylisting("( > 'dir' => '/var/spool/sa-exim/tuplets'; > 'method' => 'dir'; > 'greylistsecs' => '1800'; > dontgreylistthreshold' => 12000000; ^ Of course, here also is an ' (it is in the file). -- ? ? ? Peter Thomassen ? Steigerwaldstr. 4 ? 97076 W?rzburg ? Germany ? ? ? ? ?http://www.peter-thomassen.de/ ? mail at peter-thomassen.de ? ? ? ? ? ? ? ?fon +49-931-2705351 ? mobil +49-176-63159879 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/f8c72599/attachment.pgp From marc at merlins.org Thu May 10 14:02:13 2007 From: marc at merlins.org (Marc MERLIN) Date: Thu, 10 May 2007 14:02:13 -0700 Subject: [SA-exim] Greylisting doesn't work anymore In-Reply-To: <200705102253.55887.mail@peter-thomassen.de> References: <200705102221.36950.mail@peter-thomassen.de> <20070510203732.GA5416@merlins.org> <200705102249.56512.mail@peter-thomassen.de> <200705102253.55887.mail@peter-thomassen.de> Message-ID: <20070510210213.GD5416@merlins.org> On Thu, May 10, 2007 at 10:53:55PM +0200, Peter Thomassen wrote: > Am Donnerstag, 10. Mai 2007 22:49:52 schrieb Peter Thomassen: > > GREYLIST_ISWHITE eval:greylisting("( > > 'dir' => '/var/spool/sa-exim/tuplets'; > > 'method' => 'dir'; > > 'greylistsecs' => '1800'; > > dontgreylistthreshold' => 12000000; > ^ Of course, here also is an ' (it is in the file). Ok, try this: 1) Check your syslog for possible error messages from spamd 2) ls -lu against you Greylisting.pm and see if the date changes or not after you restart SA and receive mails 3) spamassassin -D -t < /tmp/some_email check the debug output for 'dbg: GREYLISTING:' Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/765674d2/attachment.pgp From mail at peter-thomassen.de Thu May 10 14:24:32 2007 From: mail at peter-thomassen.de (Peter Thomassen) Date: Thu, 10 May 2007 23:24:32 +0200 Subject: [SA-exim] Greylisting doesn't work anymore In-Reply-To: <20070510210213.GD5416@merlins.org> References: <200705102221.36950.mail@peter-thomassen.de> <200705102253.55887.mail@peter-thomassen.de> <20070510210213.GD5416@merlins.org> Message-ID: <200705102324.38357.mail@peter-thomassen.de> Am Donnerstag, 10. Mai 2007 23:02:13 schrieb Marc MERLIN: > On Thu, May 10, 2007 at 10:53:55PM +0200, Peter Thomassen wrote: > 1) Check your syslog for possible error messages from spamd No error messages (I check time intervals when the server received mail without greylisting or rejected mail with greylisting). > 2) ls -lu against you Greylisting.pm and see if the date changes > or not after you restart SA and receive mails It is Jan 29, 23:46 and doesn't change. I don't know what I did at this date. > 3) spamassassin -D -t < /tmp/some_email > check the debug output for 'dbg: GREYLISTING:' I did: spamassassin | grep -i greylist [19457] dbg: plugin: loading Greylisting from /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm [19457] dbg: plugin: registered Greylisting=HASH(0x8fe5634) [19457] dbg: GREYLISTING: called function [19457] dbg: GREYLISTING: running greylisting on <200705101346.l4ADkVti001254 at nsi-robo.tmag.de>, since score is too low (0.55) and you configured greylisting to greylist anything under 12000000 [19457] warn: Couldn't get Rcpt To header X-SA-Exim-Rcpt-To for message <200705101346.l4ADkVti001254 at nsi-robo.tmag.de>, skipping greylisting call After looking around for X-SA-Exim-Rcpt-To, I found that SAmaxrcptlistlength must not be 0 when using greylisting, but it was 0. On Jan 28, there was an upgrade (compare the date above); I think it came with a new config file, and I didn't change that line back. My fault, sorry. Everything now works again. Thank you! Your support is great. :-)) -- ? ? ? Peter Thomassen ? Steigerwaldstr. 4 ? 97076 W?rzburg ? Germany ? ? ? ? ?http://www.peter-thomassen.de/ ? mail at peter-thomassen.de ? ? ? ? ? ? ? ?fon +49-931-2705351 ? mobil +49-176-63159879 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.merlins.org/archives/sa-exim/attachments/20070510/4c274bee/attachment.pgp From eric at lisaneric.org Thu May 17 10:25:32 2007 From: eric at lisaneric.org (Eric Sharkey) Date: Thu, 17 May 2007 13:25:32 -0400 Subject: [SA-exim] FAQ about forwarded mail? Message-ID: I've searched the sa-exim list archives and I've seen this issue brought up a few times, but never with what seemed to me to be a definitive clear answer about how to properly set up a system to handle forwarded mail. Forwarded mail is different from non-forwarded mail since rejecting such messages is likely to produce collateral damage, and grey listing such messages is actually counter-productive. Is there a simple guide to configuring sa-exim to never bounce or greylist forwarded mail? Eric From holmgren at lysator.liu.se Thu May 17 12:57:16 2007 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Thu, 17 May 2007 21:57:16 +0200 Subject: [SA-exim] FAQ about forwarded mail? In-Reply-To: References: Message-ID: <200705172157.21229@proffe.kibibyte.se> On Thursday 17 May 2007 19:25, Eric Sharkey wrote: > I've searched the sa-exim list archives and I've seen this issue brought > up a few times, but never with what seemed to me to be a definitive > clear answer about how to properly set up a system to handle forwarded > mail. > > Forwarded mail is different from non-forwarded mail since rejecting > such messages is likely to produce collateral damage, and grey listing > such messages is actually counter-productive. > > Is there a simple guide to configuring sa-exim to never bounce or > greylist forwarded mail? I think the easiest way is to set SAEximRejCond in sa-exim.conf to something like ${if eq{$acl_m0}{canreject}}. Then you use the power of the ACL system to determine whether spam can be rejected or must be quarantined. I have, after require verify = recipient, accept local_parts = postmaster : abuse accept hosts = +incoming_relays : ${lookup dnsdb{>:mxh=$domain}} then some anti-spam measures such as dnslists, then accept set acl_m0 = canreject The difficulty lies in identifying forwarded mail coming from many different places without letting in everything from Hotmail and AOL. -- Magnus Holmgren holmgren at lysator.liu.se (No Cc of list mail needed, thanks) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.merlins.org/archives/sa-exim/attachments/20070517/a17d7697/attachment.pgp