Discussion:
[SA-exim] Mail being permitted
Timothy Arnold
2007-09-07 11:21:49 UTC
Permalink
Hi,

Having an interesting problem. Mail is being flagged by sa-exim but it
is being permitted through

X-Spam-Status: Yes, hits=19.0 required=5.0 tests=DRUGS_ERECTILE,IMPOTENCE,
MISSING_HEADERS,MISSING_SUBJECT,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TO_CC_NONE,URIBL_BLACK,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.1.8

The perm reject is set to 5.0 so it should have blocked it at SMTP time?

Thanks
Tim
Jonathan Armitage
2007-09-07 12:05:34 UTC
Permalink
Post by Timothy Arnold
Hi,
Having an interesting problem. Mail is being flagged by sa-exim but it
is being permitted through
Maybe one of the recipients is postmaster---the default sa-exim config allows
these messages through, and also delivers it to all the other recipients as a
side effect.

In the exim config:

# Add header telling sa-exim not to reject messages for these recipients.
warn message = X-SA-Do-Not-Rej: Yes
local_parts = postmaster : abuse

In sa-exim.conf:

# X-SA-Do-Not-Rej should be set as a warn header if mail is sent to
# postmaster and abuse (in the RCPT ACL), this way you're not bouncing
# spam abuse reports sent to you. This is a RFC guideline.
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}

Jon

Jon Armitage
Web Infrastructure Support
365 Media Group
3rd Floor, Apsley House, Wellington Street, Leeds, LS1 2EQ
Timothy Arnold
2007-09-07 12:41:40 UTC
Permalink
Post by Jonathan Armitage
Maybe one of the recipients is postmaster---the default sa-exim config allows
these messages through, and also delivers it to all the other recipients as a
side effect.
Nope - it wasn't postmaster.

Running exim4 -bhc 217.10.144.117, I get.


LOG: 1ITd5r-000804-2i SA: Debug: SAEximRunCond expand returned: '1'
LOG: 1ITd5r-000804-2i SA: Debug: check succeeded, running spamc
LOG: 1ITd5r-000804-2i SA: Action: scanned but message isn't spam:
hits=17.5 required=5.0 (scanned in 3/3 secs | Message-Id:
1ITd5r-000804-2i).
Jonathan Armitage
2007-09-07 12:49:42 UTC
Permalink
Post by Timothy Arnold
Post by Jonathan Armitage
Maybe one of the recipients is postmaster---the default sa-exim config
allows these messages through, and also delivers it to all the other
recipients as a side effect.
Nope - it wasn't postmaster.
Thoughts?
What value do you have SApermreject set to?

Jon
Timothy Arnold
2007-09-07 12:56:01 UTC
Permalink
Post by Jonathan Armitage
What value do you have SApermreject set to?
SApermreject: 5.0

Confusing!
Timothy Arnold
2007-09-07 13:11:20 UTC
Permalink
Post by Timothy Arnold
SApermreject: 5.0
Confusing!
Found the issue. I had this set in /etc/spamassassin/local.cf

clear_headers

add_header all Status _YESNO_, hits=_SCORE_ required=_REQD_
tests=_TESTS_ autolearn=_AUTOLEARN_version=_VERSION_

I am guessing that sa-exim doesn't like the modified header output. As
soon as I removed these and restarted spamassassin, it worked.

Don't know if it is worth adding something in to the docs?

Thanks for your help!

Cheers
Tim
Marc MERLIN
2007-09-07 18:19:07 UTC
Permalink
Post by Timothy Arnold
Post by Timothy Arnold
SApermreject: 5.0
Confusing!
Found the issue. I had this set in /etc/spamassassin/local.cf
clear_headers
add_header all Status _YESNO_, hits=_SCORE_ required=_REQD_
tests=_TESTS_ autolearn=_AUTOLEARN_version=_VERSION_
I am guessing that sa-exim doesn't like the modified header output. As
soon as I removed these and restarted spamassassin, it worked.
Mmmh, indeed, and it should also have been logging error messages that it
couldn't parse the header. Did you get none?

It failed because you had hits= instead of score=
Post by Timothy Arnold
Don't know if it is worth adding something in to the docs?
Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer
would have been in the logs

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Timothy Arnold
2007-09-08 11:06:15 UTC
Permalink
Post by Marc MERLIN
Mmmh, indeed, and it should also have been logging error messages that it
couldn't parse the header. Did you get none?
It failed because you had hits= instead of score=
I tried it with score= and didn't make a difference.
Post by Marc MERLIN
Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer
would have been in the logs
I turned debugging on and couldn't find anything in the logs - where
should it have been? I've got another box which has the same issue...

Thanks
Tim
Marc MERLIN
2007-09-08 18:16:54 UTC
Permalink
Post by Timothy Arnold
Post by Marc MERLIN
It failed because you had hits= instead of score=
I tried it with score= and didn't make a difference.
Post by Marc MERLIN
Well, if SA-Exim didn't log anything, that's a bug. If it did, the answer
would have been in the logs
I turned debugging on and couldn't find anything in the logs - where
should it have been? I've got another box which has the same issue...
I looked at the code, and it ought to take both formats and to complain if
something is wrong.

Remotely, I'm not sure what's causing what you see.

If putting debugging to 9 shows you what code gets or doesn't get run, it
ought to narrow it to a small piece of code where something wrong is
happening. If you find that, let me know.
If not, don't worry about it.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Loading...