From marc at merlins.org Sun May 2 14:51:34 2010 From: marc at merlins.org (Marc MERLIN) Date: Sun, 2 May 2010 14:51:34 -0700 Subject: [SA-exim] removing existing SA headers In-Reply-To: <9706A177-0E65-4A83-BA27-B4C5A3A8CF76@shire.net> References: <9706A177-0E65-4A83-BA27-B4C5A3A8CF76@shire.net> Message-ID: <20100502215134.GI2474@merlins.org> On Tue, Apr 27, 2010 at 10:01:38AM -0600, Chad Leigh -- Shire.Net LLC wrote: > > I know this was discussed before on the exim list (by me in fact many many moons ago), but I wanted to get clarification on what is supposed to happen. So first, that wasn't your question but I suppose it's not surprise to anyone here that SA-Exim is in maintenance mode at best. I actually only recently noticed that the Debian SA-Exim maintainer fixed some compilation problems between SA-Exim and newer versions of Exim (good) without even reporting them back to me and giving me a chance to fix them upstream (bad). That said, SA-Exim just works for me still, most people have gone with exiscan since it's built in into Exim, and while exiscan isn't as powerful as SA-Exim in what it does spam and spammer wise, it's good enough for most, so they don't bother looking for other options like SA-Exim (can't blame them I suppose). Anyway, all this to say that I had to go back and read my old code since I just don't even quite remember it :) > A friends server that I help run is also running mailman. > > A member of one of his mail lists posts and SA thinks it is a spam when it first is accepted by exim and then passed to mailman, which resends it. This resend is now originating from the server and so we do not rerun SA as we have a rule that all email that originates on the server do not run SA. However, the old SA headers are still being picked up by rules. I thought that sa-exim would remove the old headers Yep, the code says so. But my guess is that mailman resends your Email outside without filtering it through SA-Exim since it's local Email and therefore not spam. If you want to remove those SA-Exim headers, they'd have to be removed by Exim's remote_smtp transport before you send your mailman messages back out. remote_smtp: debug_print = "T: remote_smtp for $local_part@$domain" driver = smtp # This deals with misocnfigurations like this one that redirect mail to us # (i.e. 'mail' is unqualified and resolves back to us) # worldclasssportfishing.net MX 30 mail dns_qualify_single = false # This fixes a problem if TLS is enabled where a misunderstanding on the RFC # can cause comunication failure between two hosts hosts_nopass_tls = * hosts_avoid_tls = +hosts_avoid_tls hosts_try_auth = +hosts_try_auth # This is generally set on messages originating from local users and it tells # SA-Exim not to scan the message or that the message was scanned. # Let's remove these headers if the message is sent remotely headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned:X-SA-Exim-Rcpt-From:X-SA-Exim-Rcpt-To:X-SA-Exim-Ver sion" Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From chad at shire.net Mon May 3 15:23:13 2010 From: chad at shire.net (Chad Leigh -- Shire.Net LLC) Date: Mon, 3 May 2010 16:23:13 -0600 Subject: [SA-exim] removing existing SA headers In-Reply-To: <20100502215134.GI2474@merlins.org> References: <9706A177-0E65-4A83-BA27-B4C5A3A8CF76@shire.net> <20100502215134.GI2474@merlins.org> Message-ID: On May 2, 2010, at 3:51 PM, Marc MERLIN wrote: > On Tue, Apr 27, 2010 at 10:01:38AM -0600, Chad Leigh -- Shire.Net LLC wrote: >> >> I know this was discussed before on the exim list (by me in fact many many moons ago), but I wanted to get clarification on what is supposed to happen. > > So first, that wasn't your question but I suppose it's not surprise to > anyone here that SA-Exim is in maintenance mode at best. Sure. > I actually only recently noticed that the Debian SA-Exim maintainer fixed > some compilation problems between SA-Exim and newer versions of Exim (good) > without even reporting them back to me and giving me a chance to fix them > upstream (bad). That is not very nice. > That said, SA-Exim just works for me still, most people have gone with > exiscan since it's built in into Exim, and while exiscan isn't as powerful > as SA-Exim in what it does spam and spammer wise, it's good enough for most, > so they don't bother looking for other options like SA-Exim (can't blame > them I suppose). I have been using SA-exim since forever -- why "fix" something that isn't broke ;-) I have also been using the SA-exim greylisting as well snice like forever > > Anyway, all this to say that I had to go back and read my old code since I > just don't even quite remember it :) You're welcome ;-) > >> A friends server that I help run is also running mailman. >> >> A member of one of his mail lists posts and SA thinks it is a spam when it first is accepted by exim and then passed to mailman, which resends it. This resend is now originating from the server and so we do not rerun SA as we have a rule that all email that originates on the server do not run SA. However, the old SA headers are still being picked up by rules. I thought that sa-exim would remove the old headers > > Yep, the code says so. > > But my guess is that mailman resends your Email outside without filtering it > through SA-Exim since it's local Email and therefore not spam. > If you want to remove those SA-Exim headers, they'd have to be removed > by Exim's remote_smtp transport before you send your mailman messages back out. I will look at the stuff below and try it out or something similar. SA-exim does seem to get run again on the resend though, since the headers > x-sa-exim-connect-ip: 209.41.94.251 > x-sa-exim-mail-from: roselawn-bounces at object.com > x-sa-exim-scanned: No (on mail.object.com); SAEximRunCond expanded to false are there from the second time. It does not run the scanner, but sa-exim glue is run and it inserts the headers! Am I understanding it wrong? > > remote_smtp: > debug_print = "T: remote_smtp for $local_part@$domain" > driver = smtp > # This deals with misocnfigurations like this one that redirect mail to us > # (i.e. 'mail' is unqualified and resolves back to us) > # worldclasssportfishing.net MX 30 mail > dns_qualify_single = false > # This fixes a problem if TLS is enabled where a misunderstanding on the RFC > # can cause comunication failure between two hosts > hosts_nopass_tls = * > hosts_avoid_tls = +hosts_avoid_tls > hosts_try_auth = +hosts_try_auth > # This is generally set on messages originating from local users and it tells > # SA-Exim not to scan the message or that the message was scanned. > # Let's remove these headers if the message is sent remotely > headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned:X-SA-Exim-Rcpt-From:X-SA-Exim-Rcpt-To:X-SA-Exim-Ver > sion" > > > Marc > -- > "A mouse is a device used to point at the xterm you want to type in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to gourmet cooking > Home page: http://marc.merlins.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.merlins.org/archives/sa-exim/attachments/20100503/b2aba920/attachment-0001.htm From holmgren at lysator.liu.se Mon May 3 15:49:41 2010 From: holmgren at lysator.liu.se (Magnus Holmgren) Date: Tue, 4 May 2010 00:49:41 +0200 Subject: [SA-exim] removing existing SA headers In-Reply-To: <20100502215134.GI2474@merlins.org> References: <9706A177-0E65-4A83-BA27-B4C5A3A8CF76@shire.net> <20100502215134.GI2474@merlins.org> Message-ID: <201005040050.21775@proffe.kibibyte.se> On s?ndagen den 2 maj 2010, Marc MERLIN wrote: > On Tue, Apr 27, 2010 at 10:01:38AM -0600, Chad Leigh -- Shire.Net LLC wrote: > > I know this was discussed before on the exim list (by me in fact many > > many moons ago), but I wanted to get clarification on what is supposed to > > happen. > > So first, that wasn't your question but I suppose it's not surprise to > anyone here that SA-Exim is in maintenance mode at best. > I actually only recently noticed that the Debian SA-Exim maintainer fixed > some compilation problems between SA-Exim and newer versions of Exim (good) > without even reporting them back to me and giving me a chance to fix them > upstream (bad). Oh, sorry about that. I must have thought you were following the Debian package from time to time. -- Magnus Holmgren holmgren at lysator.liu.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.merlins.org/archives/sa-exim/attachments/20100504/ae0a79c1/attachment.pgp From marc at merlins.org Mon May 3 16:05:42 2010 From: marc at merlins.org (Marc MERLIN) Date: Mon, 3 May 2010 16:05:42 -0700 Subject: [SA-exim] removing existing SA headers In-Reply-To: <201005040050.21775@proffe.kibibyte.se> References: <9706A177-0E65-4A83-BA27-B4C5A3A8CF76@shire.net> <20100502215134.GI2474@merlins.org> <201005040050.21775@proffe.kibibyte.se> Message-ID: <20100503230542.GW6064@merlins.org> On Tue, May 04, 2010 at 12:49:41AM +0200, Magnus Holmgren wrote: > On s?ndagen den 2 maj 2010, Marc MERLIN wrote: > > On Tue, Apr 27, 2010 at 10:01:38AM -0600, Chad Leigh -- Shire.Net LLC wrote: > > > I know this was discussed before on the exim list (by me in fact many > > > many moons ago), but I wanted to get clarification on what is supposed to > > > happen. > > > > So first, that wasn't your question but I suppose it's not surprise to > > anyone here that SA-Exim is in maintenance mode at best. > > I actually only recently noticed that the Debian SA-Exim maintainer fixed > > some compilation problems between SA-Exim and newer versions of Exim (good) > > without even reporting them back to me and giving me a chance to fix them > > upstream (bad). > > Oh, sorry about that. I must have thought you were following the Debian > package from time to time. It gets installed on my machine, and it worked so I saw no problem :) I'm not mad BTW, just pointing out that it's a common debian fault wrt to upstream which causes fragmentation in some cases. In this case, it's pretty safe to say that only debian/ubuntu users use SA-Exim at this point since I got 0 complaint about building issues in the last 3 years, so there is really nothing to fix :) All that said, thanks for your work, just a reminder not to forget upstream. In this case it's mostly only debian, but upstreams can't be expected to follow bugs in 5+ different linux distributions if the core bugs aren't pushed back to them. Cheers, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 308 bytes Desc: Digital signature Url : http://lists.merlins.org/archives/sa-exim/attachments/20100503/53a31495/attachment.pgp