[SA-exim] greylisting

Marc MERLIN marc at merlins.org
Wed Nov 26 08:20:10 PST 2008


On Tue, Nov 25, 2008 at 12:04:36PM +0100, Marcin Krol wrote:
> Hello Marc,
> 
> Thanks for answer!
 
Sorry, I've been a bit passed out, battling a virus :-/
 
> Marc MERLIN wrote:
> > I should have put a die in there, but basically it says that it can't find a 
> > X-SA-Exim-Connect-IP header in there (or more specifically I think it means
> > it got an empty one).
> > 
> > Can you check in your Exim / Sa-Exim config whether that header is being
> > inserted correctly when you receive Emails?
> > (and I'll assume that you're not trying to retreive mails with fetchmail
> > and feed the back to smtp over localhost)
> 
> It seems that a header does get inserted, here's excerpt from mail in 
> SAtemprejectsave folder:
> 
> X-SA-Exim-Connect-IP: 87.204.147.140
> X-SA-Exim-Rcpt-To: mark at btw2.pl
> X-SA-Exim-Mail-From: mwehmqdv at trashmail.net
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on 
> fidkar.wbp.krakow.pl
> X-Spam-Level: ***************
> [...]
> X-Spam-Status: Yes, score=15.4 required=15.0 tests=DRUGS_ANXIETY,
> Subject: *****SPAM***** [score: 15.4] test
> X-Spam-Prev-Subject: test
> X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
> X-SA-Exim-Scanned: Yes (on fidkar.wbp.krakow.pl)
> 
> However, it seems that some info may be missing:
> 
> root at fidkar:/var/spool/sa-exim/tuplets/87/204/147# ls -l
> razem 4
> drwxrwx--- 2 Debian-exim Debian-exim 4096 2008-11-24 20:02 
> spa at agenturaspa.cz/
> 
> The mails that are temprejected sometimes are saved here and sometimes 
> they aren't, I have no idea under what is the dependency here. For 
> instance, the above mail that was temprejected did not get any info 
> saved under /var/spool/sa-exim/tuplets (I grepped all the files there).

Ok, I apologize for my brain not working too well. I can't think of what may
not be working too well right now, but you can do this to debug and know for
sure what on earth is happening:
spamassassin -t -D < /tmp/message
(pick a message that relates to undefined vars error in the exim logs)

> I also get mails from "nobody"'s cron complaining that 
> /usr/share/sa-exim/greylistclean cannot access /var/spool/sa-exim/tuplets.
> 
> I tweaked with (relaxing) rights but it seems to have no effect.
> 
> root at fidkar:/var/spool/sa-exim# ls -ld tuplets
> drwxrwxr-x 6 nobody Debian-exim 4096 2008-11-24 20:30 tuplets/

That's usually set by the package you install, here is what I have on my
machine:

magic:~# l -ld /var/spool/sa-exim/tuplets
drwxrwx--x 71 nobody Debian-exim 4096 2008-11-26 05:33 /var/spool/sa-exim/tuplets/
and:
-rw-rw---- 1 nobody nogroup 134 2008-11-21 20:47 /var/spool/sa-exim/tuplets/90/183/38/cfficefile at centrum.cz/nobody at merlins.org

magic:~# cat /etc/cron.d/greylistclean
# If you don't run spamd as nobody (you should), change the user below
# be smart and don't run this as root, it doesn't need those perms
33 * * * * nobody [ -x /usr/share/sa-exim/greylistclean ] && /usr/share/sa-exim/greylistclean

My guess is that nobody can't traverse /var/spool or /var/spool/sa-exim on
your machine.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  



More information about the SA-Exim mailing list