It looks like many of us who haven't been using system filters are now
getting into it and so a few questions.
I am having problems with logwrite
I have a system filter which currently looks like this
===========================================
# Exim filter
logfile /var/spool/exim/log/filter_log
if (first_delivery and not error_message and $message_size is above 6k)
then
if ($h_subject: IS ILOVEYOU) then
freeze text "Suspected ILOVEYOU virus"
# logwrite "$tod_log $message_id \
# $sender_address ($sender_host_name[$sender_host_address]) \
# => $recipients (recipients=$recipients_count) \
# subject=\"$header_subject\" \
# reason=Suspected ILOVEYOU virus"
elif
$message_body matches
"\\\\b(?:file)?name=(\"[^\"]+|\\\\S+)\\\\.txt\\\\.vb[se]\\\\b"
then
freeze text "May contain surrupticious VBscript attachment"
# logwrite "$tod_log $message_id \
# $sender_address ($sender_host_name[$sender_host_address]) \
# => $recipients (recipients=$recipients_count) \
# subject=\"$header_subject\" \
# reason=Surrepticious VBScript attachment"
elif
$message_body matches
"\\\\b(?:file)?name=(\"[^\"]+|\S+)\\\\.vb[se]\\\\b" then
freeze text "May contain VBScript attachment"
# logwrite "$tod_log $message_id \
# $sender_address ($sender_host_name[$sender_host_address]) \
# => $recipients (recipients=$recipients_count) \
# subject=\"$header_subject\" \
# reason=VBScript attachment"
endif
endif
===========================================
Until recently the bits that are commented out, were not commented out.
During that time, nothing was written to the filter log, and the
messages that had been frozen this way were not showing up on the queue
(at least not via eximon). Once I commented out the logwrites the
messages appeared frozen on the queue and all is well.
Obvious questions: Do I have the right file/path/permission for the
filter_log ?
Answer:
# ls -l /var/spool/exim/log/filter_log
-rw-r--r-- 1 exim exim 0 May 5 12:39 /var/spool/exim/log/filter_log
(I created the empty file with touch hoping that would help).
There is nothing in the panic log to indicate problems writing to this.
-j
--
Jeffrey Goldberg +44 (0)1234 750 111 x 2826
Cranfield Computer Centre FAX 751 814
J.Goldberg@??? http://WWW.Cranfield.ac.uk/public/cc/cc047/
Relativism is the triumph of authority over truth, convention over justice.