From timothy.arnold at uksolutions.co.uk Fri Sep 7 04:21:49 2007 From: timothy.arnold at uksolutions.co.uk (Timothy Arnold) Date: Fri, 07 Sep 2007 12:21:49 +0100 Subject: [SA-exim] Mail being permitted Message-ID: <46E1344D.1060907@uksolutions.co.uk> Hi, Having an interesting problem. Mail is being flagged by sa-exim but it is being permitted through X-Spam-Status: Yes, hits=19.0 required=5.0 tests=DRUGS_ERECTILE,IMPOTENCE, MISSING_HEADERS,MISSING_SUBJECT,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TO_CC_NONE,URIBL_BLACK,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.1.8 The perm reject is set to 5.0 so it should have blocked it at SMTP time? Thanks Tim From jon.armitage at hepworthband.co.uk Fri Sep 7 05:05:34 2007 From: jon.armitage at hepworthband.co.uk (Jonathan Armitage) Date: Fri, 07 Sep 2007 13:05:34 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E1344D.1060907@uksolutions.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> Message-ID: <46E13E8E.70704@hepworthband.co.uk> Timothy Arnold wrote: > Hi, > > Having an interesting problem. Mail is being flagged by sa-exim but it > is being permitted through > Maybe one of the recipients is postmaster---the default sa-exim config allows these messages through, and also delivers it to all the other recipients as a side effect. In the exim config: # Add header telling sa-exim not to reject messages for these recipients. warn message = X-SA-Do-Not-Rej: Yes local_parts = postmaster : abuse In sa-exim.conf: # X-SA-Do-Not-Rej should be set as a warn header if mail is sent to # postmaster and abuse (in the RCPT ACL), this way you're not bouncing # spam abuse reports sent to you. This is a RFC guideline. SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}} Jon Jon Armitage Web Infrastructure Support 365 Media Group 3rd Floor, Apsley House, Wellington Street, Leeds, LS1 2EQ From timothy.arnold at uksolutions.co.uk Fri Sep 7 05:41:40 2007 From: timothy.arnold at uksolutions.co.uk (Timothy Arnold) Date: Fri, 07 Sep 2007 13:41:40 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E13E8E.70704@hepworthband.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> Message-ID: <46E14704.9060407@uksolutions.co.uk> > Maybe one of the recipients is postmaster---the default sa-exim config allows > these messages through, and also delivers it to all the other recipients as a > side effect. > > Nope - it wasn't postmaster. Running exim4 -bhc 217.10.144.117, I get. LOG: 1ITd5r-000804-2i SA: Debug: SAEximRunCond expand returned: '1' LOG: 1ITd5r-000804-2i SA: Debug: check succeeded, running spamc LOG: 1ITd5r-000804-2i SA: Action: scanned but message isn't spam: hits=17.5 required=5.0 (scanned in 3/3 secs | Message-Id: 1ITd5r-000804-2i). From (host=NULL [217.10.144.117]) for tim at uksolutions.co.uk Thoughts? Tim From jon.armitage at hepworthband.co.uk Fri Sep 7 05:49:42 2007 From: jon.armitage at hepworthband.co.uk (Jonathan Armitage) Date: Fri, 07 Sep 2007 13:49:42 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E14704.9060407@uksolutions.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> Message-ID: <46E148E6.5030309@hepworthband.co.uk> Timothy Arnold wrote: > >> Maybe one of the recipients is postmaster---the default sa-exim config >> allows these messages through, and also delivers it to all the other >> recipients as a side effect. >> >> > Nope - it wasn't postmaster. > > Thoughts? What value do you have SApermreject set to? Jon From timothy.arnold at uksolutions.co.uk Fri Sep 7 05:56:01 2007 From: timothy.arnold at uksolutions.co.uk (Timothy Arnold) Date: Fri, 07 Sep 2007 13:56:01 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E148E6.5030309@hepworthband.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> <46E148E6.5030309@hepworthband.co.uk> Message-ID: <46E14A61.70104@uksolutions.co.uk> > > What value do you have SApermreject set to? > SApermreject: 5.0 Confusing! From timothy.arnold at uksolutions.co.uk Fri Sep 7 06:11:20 2007 From: timothy.arnold at uksolutions.co.uk (Timothy Arnold) Date: Fri, 07 Sep 2007 14:11:20 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E14A61.70104@uksolutions.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> <46E148E6.5030309@hepworthband.co.uk> <46E14A61.70104@uksolutions.co.uk> Message-ID: <46E14DF8.7090102@uksolutions.co.uk> > SApermreject: 5.0 > > Confusing! > > Found the issue. I had this set in /etc/spamassassin/local.cf clear_headers add_header all Status _YESNO_, hits=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_version=_VERSION_ I am guessing that sa-exim doesn't like the modified header output. As soon as I removed these and restarted spamassassin, it worked. Don't know if it is worth adding something in to the docs? Thanks for your help! Cheers Tim From marc at merlins.org Fri Sep 7 11:19:07 2007 From: marc at merlins.org (Marc MERLIN) Date: Fri, 7 Sep 2007 11:19:07 -0700 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E14DF8.7090102@uksolutions.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> <46E148E6.5030309@hepworthband.co.uk> <46E14A61.70104@uksolutions.co.uk> <46E14DF8.7090102@uksolutions.co.uk> Message-ID: <20070907181907.GQ19005@merlins.org> On Fri, Sep 07, 2007 at 02:11:20PM +0100, Timothy Arnold wrote: > > > SApermreject: 5.0 > > > > Confusing! > > > > > Found the issue. I had this set in /etc/spamassassin/local.cf > > clear_headers > > add_header all Status _YESNO_, hits=_SCORE_ required=_REQD_ > tests=_TESTS_ autolearn=_AUTOLEARN_version=_VERSION_ > > I am guessing that sa-exim doesn't like the modified header output. As > soon as I removed these and restarted spamassassin, it worked. Mmmh, indeed, and it should also have been logging error messages that it couldn't parse the header. Did you get none? It failed because you had hits= instead of score= > Don't know if it is worth adding something in to the docs? Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer would have been in the logs Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From timothy.arnold at uksolutions.co.uk Sat Sep 8 04:06:15 2007 From: timothy.arnold at uksolutions.co.uk (Timothy Arnold) Date: Sat, 08 Sep 2007 12:06:15 +0100 Subject: [SA-exim] Mail being permitted In-Reply-To: <20070907181907.GQ19005@merlins.org> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> <46E148E6.5030309@hepworthband.co.uk> <46E14A61.70104@uksolutions.co.uk> <46E14DF8.7090102@uksolutions.co.uk> <20070907181907.GQ19005@merlins.org> Message-ID: <46E28227.1040902@uksolutions.co.uk> > > Mmmh, indeed, and it should also have been logging error messages that it > couldn't parse the header. Did you get none? > > It failed because you had hits= instead of score= > > I tried it with score= and didn't make a difference. > Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer > would have been in the logs > I turned debugging on and couldn't find anything in the logs - where should it have been? I've got another box which has the same issue... Thanks Tim From marc at merlins.org Sat Sep 8 11:16:54 2007 From: marc at merlins.org (Marc MERLIN) Date: Sat, 8 Sep 2007 11:16:54 -0700 Subject: [SA-exim] Mail being permitted In-Reply-To: <46E28227.1040902@uksolutions.co.uk> References: <46E1344D.1060907@uksolutions.co.uk> <46E13E8E.70704@hepworthband.co.uk> <46E14704.9060407@uksolutions.co.uk> <46E148E6.5030309@hepworthband.co.uk> <46E14A61.70104@uksolutions.co.uk> <46E14DF8.7090102@uksolutions.co.uk> <20070907181907.GQ19005@merlins.org> <46E28227.1040902@uksolutions.co.uk> Message-ID: <20070908181654.GA11510@merlins.org> On Sat, Sep 08, 2007 at 12:06:15PM +0100, Timothy Arnold wrote: > >It failed because you had hits= instead of score= > > > I tried it with score= and didn't make a difference. > > >Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer > >would have been in the logs > > I turned debugging on and couldn't find anything in the logs - where > should it have been? I've got another box which has the same issue... I looked at the code, and it ought to take both formats and to complain if something is wrong. Remotely, I'm not sure what's causing what you see. If putting debugging to 9 shows you what code gets or doesn't get run, it ought to narrow it to a small piece of code where something wrong is happening. If you find that, let me know. If not, don't worry about it. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/