From mrkafk at gmail.com Mon Nov 24 08:19:02 2008 From: mrkafk at gmail.com (Marcin Krol) Date: Mon, 24 Nov 2008 17:19:02 +0100 Subject: [SA-exim] greylisting Message-ID: <492AD3F6.6010200@gmail.com> Hello, My greylisting for mails with score > SAtempreject doesn't work - the mails are getting 451 all the time, long after greylistsecs passes, excerpt from local.cf: loadplugin Greylisting /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm header GREYLIST_ISWHITE eval:greylisting("( 'dir' => '/var/spool/sa-exim/tuplets'; 'method' => 'dir' ; 'greylistsecs' => '60'; 'dontgreylistthreshold' => 15; 'connectiphdr' => 'X-SA-Exim-Connect-IP'; ' envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 1; ' greylistfourthbyte' => 0 )") describe GREYLIST_ISWHITE The incoming server has been whitelisted for this recipient and sender score GREYLIST_ISWHITE -1.5 I'm getting this in mail.info when any mail is sent through SA: Nov 24 17:00:17 fidkar spamd[4069]: Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 176, line 46. Nov 24 17:00:17 fidkar spamd[4069]: Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 177, line 46. spamassassin -D --lint produces warning: [23037] warn: Couldn't get Connecting IP header X-SA-Exim-Connect-IP for message <1227542531 at lint_rules>, skipping greylisting call I'm using standard Debian Etch packages. My sa-exim.conf: SAEximDebug: 1 SAspamcpath: /usr/bin/spamc SAspamcHost: 127.0.0.1 SAspamcPort: 783 SAEximRunCond: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Rej:}{Yes}} } {1}{0} } SAmaxbody: 256000 SATruncBodyCond: 0 SARewriteBody: 0 SAPrependArchiveWithFrom: 1 SAmaxarchivebody: 20971520 SAerrmaxarchivebody: 1073741824 SAmaxrcptlistlength: 8000 SAaddSAEheaderBeforeSA: 1 SAtimeoutsave: /var/spool/sa-exim/SAtimeoutsave SAtimeoutSavCond: 1 SAerrorsave: /var/spool/sa-exim/SAerrorsave SAerrorSavCond: 1 SAtemprejectonerror: 0 SAteergrubetime: 900 SAteergrubeSavCond: 1 SAteergrubesave: /var/spool/sa-exim/SAteergrube SAteergrubeoverwrite: 1 SAdevnullSavCond: 1 SAdevnullsave: /var/spool/sa-exim/SAdevnull SApermreject: 30.0 SApermrejectSavCond: 0 SApermrejectsave: /var/spool/sa-exim/SApermreject SAtempreject: 16.0 SAtemprejectSavCond: 1 SAtemprejectsave: /var/spool/sa-exim/SAtempreject SAtemprejectoverwrite: 1 SAgreylistiswhitestr: GREYLIST_ISWHITE SAgreylistraisetempreject: 13.0 SAspamacceptsave: /var/spool/sa-exim/SAspamaccept SAspamacceptSavCond: 0 SAnotspamsave: /var/spool/sa-exim/SAnotspam SAnotspamSavCond: 0 SAmsgteergrubewait: Wait for more output SAmsgteergruberej: Please try again later SAmsgpermrej: Rejected as SPAM, contact BTW to whitelist SAmsgtemprej: Please try again later SAmsgerror: Temporary local error while processing message, please contact postmaster. From marc at merlins.org Mon Nov 24 08:39:16 2008 From: marc at merlins.org (Marc MERLIN) Date: Mon, 24 Nov 2008 08:39:16 -0800 Subject: [SA-exim] greylisting In-Reply-To: <492AD3F6.6010200@gmail.com> References: <492AD3F6.6010200@gmail.com> Message-ID: <20081124163916.GE7858@merlins.org> On Mon, Nov 24, 2008 at 05:19:02PM +0100, Marcin Krol wrote: > Hello, > > My greylisting for mails with score > SAtempreject doesn't work - the > mails are getting 451 all the time, long after greylistsecs passes, > excerpt from local.cf: > > loadplugin Greylisting > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm > > header GREYLIST_ISWHITE eval:greylisting("( 'dir' => > '/var/spool/sa-exim/tuplets'; 'method' => 'dir' > ; 'greylistsecs' => '60'; 'dontgreylistthreshold' => 15; 'connectiphdr' > => 'X-SA-Exim-Connect-IP'; ' > envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => > 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 1; ' > greylistfourthbyte' => 0 )") > > Nov 24 17:00:17 fidkar spamd[4069]: Use of uninitialized value in > concatenation (.) or string at > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 176, > line 46. I should have put a die in there, but basically it says that it can't find a X-SA-Exim-Connect-IP header in there (or more specifically I think it means it got an empty one). Can you check in your Exim / Sa-Exim config whether that header is being inserted correctly when you receive Emails? (and I'll assume that you're not trying to retreive mails with fetchmail and feed the back to smtp over localhost) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From mrkafk at gmail.com Tue Nov 25 03:04:36 2008 From: mrkafk at gmail.com (Marcin Krol) Date: Tue, 25 Nov 2008 12:04:36 +0100 Subject: [SA-exim] greylisting In-Reply-To: <20081124163916.GE7858@merlins.org> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> Message-ID: <492BDBC4.9070403@gmail.com> Hello Marc, Thanks for answer! Marc MERLIN wrote: > I should have put a die in there, but basically it says that it can't find a > X-SA-Exim-Connect-IP header in there (or more specifically I think it means > it got an empty one). > > Can you check in your Exim / Sa-Exim config whether that header is being > inserted correctly when you receive Emails? > (and I'll assume that you're not trying to retreive mails with fetchmail > and feed the back to smtp over localhost) It seems that a header does get inserted, here's excerpt from mail in SAtemprejectsave folder: X-SA-Exim-Connect-IP: 87.204.147.140 X-SA-Exim-Rcpt-To: mark at btw2.pl X-SA-Exim-Mail-From: mwehmqdv at trashmail.net X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on fidkar.wbp.krakow.pl X-Spam-Level: *************** [...] X-Spam-Status: Yes, score=15.4 required=15.0 tests=DRUGS_ANXIETY, Subject: *****SPAM***** [score: 15.4] test X-Spam-Prev-Subject: test X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000) X-SA-Exim-Scanned: Yes (on fidkar.wbp.krakow.pl) However, it seems that some info may be missing: root at fidkar:/var/spool/sa-exim/tuplets/87/204/147# ls -l razem 4 drwxrwx--- 2 Debian-exim Debian-exim 4096 2008-11-24 20:02 spa at agenturaspa.cz/ The mails that are temprejected sometimes are saved here and sometimes they aren't, I have no idea under what is the dependency here. For instance, the above mail that was temprejected did not get any info saved under /var/spool/sa-exim/tuplets (I grepped all the files there). I also get mails from "nobody"'s cron complaining that /usr/share/sa-exim/greylistclean cannot access /var/spool/sa-exim/tuplets. I tweaked with (relaxing) rights but it seems to have no effect. root at fidkar:/var/spool/sa-exim# ls -ld tuplets drwxrwxr-x 6 nobody Debian-exim 4096 2008-11-24 20:30 tuplets/ Regards, Marcin Krol From marc at merlins.org Wed Nov 26 08:20:10 2008 From: marc at merlins.org (Marc MERLIN) Date: Wed, 26 Nov 2008 08:20:10 -0800 Subject: [SA-exim] greylisting In-Reply-To: <492BDBC4.9070403@gmail.com> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> <492BDBC4.9070403@gmail.com> Message-ID: <20081126162010.GA20946@merlins.org> On Tue, Nov 25, 2008 at 12:04:36PM +0100, Marcin Krol wrote: > Hello Marc, > > Thanks for answer! Sorry, I've been a bit passed out, battling a virus :-/ > Marc MERLIN wrote: > > I should have put a die in there, but basically it says that it can't find a > > X-SA-Exim-Connect-IP header in there (or more specifically I think it means > > it got an empty one). > > > > Can you check in your Exim / Sa-Exim config whether that header is being > > inserted correctly when you receive Emails? > > (and I'll assume that you're not trying to retreive mails with fetchmail > > and feed the back to smtp over localhost) > > It seems that a header does get inserted, here's excerpt from mail in > SAtemprejectsave folder: > > X-SA-Exim-Connect-IP: 87.204.147.140 > X-SA-Exim-Rcpt-To: mark at btw2.pl > X-SA-Exim-Mail-From: mwehmqdv at trashmail.net > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on > fidkar.wbp.krakow.pl > X-Spam-Level: *************** > [...] > X-Spam-Status: Yes, score=15.4 required=15.0 tests=DRUGS_ANXIETY, > Subject: *****SPAM***** [score: 15.4] test > X-Spam-Prev-Subject: test > X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000) > X-SA-Exim-Scanned: Yes (on fidkar.wbp.krakow.pl) > > However, it seems that some info may be missing: > > root at fidkar:/var/spool/sa-exim/tuplets/87/204/147# ls -l > razem 4 > drwxrwx--- 2 Debian-exim Debian-exim 4096 2008-11-24 20:02 > spa at agenturaspa.cz/ > > The mails that are temprejected sometimes are saved here and sometimes > they aren't, I have no idea under what is the dependency here. For > instance, the above mail that was temprejected did not get any info > saved under /var/spool/sa-exim/tuplets (I grepped all the files there). Ok, I apologize for my brain not working too well. I can't think of what may not be working too well right now, but you can do this to debug and know for sure what on earth is happening: spamassassin -t -D < /tmp/message (pick a message that relates to undefined vars error in the exim logs) > I also get mails from "nobody"'s cron complaining that > /usr/share/sa-exim/greylistclean cannot access /var/spool/sa-exim/tuplets. > > I tweaked with (relaxing) rights but it seems to have no effect. > > root at fidkar:/var/spool/sa-exim# ls -ld tuplets > drwxrwxr-x 6 nobody Debian-exim 4096 2008-11-24 20:30 tuplets/ That's usually set by the package you install, here is what I have on my machine: magic:~# l -ld /var/spool/sa-exim/tuplets drwxrwx--x 71 nobody Debian-exim 4096 2008-11-26 05:33 /var/spool/sa-exim/tuplets/ and: -rw-rw---- 1 nobody nogroup 134 2008-11-21 20:47 /var/spool/sa-exim/tuplets/90/183/38/cfficefile at centrum.cz/nobody at merlins.org magic:~# cat /etc/cron.d/greylistclean # If you don't run spamd as nobody (you should), change the user below # be smart and don't run this as root, it doesn't need those perms 33 * * * * nobody [ -x /usr/share/sa-exim/greylistclean ] && /usr/share/sa-exim/greylistclean My guess is that nobody can't traverse /var/spool or /var/spool/sa-exim on your machine. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/