[Exim] How embarrasing (-N option and lists; long!)

Pàgina inicial
Delete this message
Reply to this message
Autor: John Horne
Data:  
A: Exim Users List
Assumpte: [Exim] How embarrasing (-N option and lists; long!)
Hello,

Well, it's Friday and I have little idea as to where to go with this
problem, so I'm sending it to the list for consideration :-)

We have configured exim to handle certain 'special' mailing lists. These
lists can only be posted to by the postmaster(s) as the lists contain all
the staff, all the students, all the Plymouth staff, etc. We don't want
students mailing to them. A message is sent to the list and is picked up by
a director calling a filter which freezes the message. The postmaster checks
the message and unfreezes it. The message then gets picked up by a
subsequent director and goes out to the list. The To: header for a list
looks like 'uop-plymstaff' - they all have the 'uop-' prefix.

This seemed to work fine. However, I have been getting reports that not
everyone on the lists is getting the messages. Checking the logs, I can see
that it is true. The last message sent to Plymouth staff (2200 people)
missed about 700 or so! The messages relate to health and safety, corporate
problems, etc. There were complaints about this one since it affected many
staff at the Uni.

I tested the 'process' by creating a list with just my name in it, and that
worked fine. (I added a bit to the director to prevent the message from being
frozen.) I tried one with a few more names and that worked okay. I used the
exim '-N' option to prevent the messages from being delivered. This too
worked okay. So, I thought go for it and try the Plymouth staff list. Well,
the message went to all the staff! Okay, so it seemed to show that the
special lists was working, but the -N option didn't stop the message from
actually being delivered :-) Hence my embarrasement. Needless to say
my manager wasn't exactly laughing at it!

We are using exim 3.16. The directors are:

special_filter:
  no_expn
  no_verify
  condition = "${if eq {$sender_address} {} {no} {yes}}"
  domains = PLYMOUTH                  (==plymouth.ac.uk)
  senders = POSTMASTER                (==postmaster@???)
  prefix = "uop-"
  local_parts = ! uop-replies : *
  driver = forwardfile
  no_check_local_user
  file = TABLES/specials_filter
  owners = exim:root
  errors_to = POSTMASTER
  allow_system_actions
  no_ignore_enotdir
  no_ignore_eacces
  user = exim
  filter



special_lists:
  no_expn
  no_verify
  condition = "${if eq {$sender_address} {} {no} {yes}}"
  domains = PLYMOUTH
  senders = POSTMASTER
  prefix = "uop-"
  local_parts = ! uop-replies : *
  driver = forwardfile
  no_check_local_user 
  headers_remove = "Reply-To:X-Confirm-Reading-To:Return-Receipt-To:X-pmrqc:\
                    Disposition-Notification-To:X-XFmail-Return-To: \
                    Resent-From:Resent-To:Resent-Date:Resent-Message-Id: \
                    Precedence:From"
  headers_add = "Reply-To: ${lookup {${lc:$local_part}} lsearch \
                  {TABLES/lists/special/replies} {$value} {POSTMASTER}}\n\
                 Precedence: Bulk\n\
                 From: POSTMASTER"
  file = TABLES/lists/special/${lc:$local_part}
  forbid_file
  forbid_pipe
  forbid_include
  forbid_filter_logwrite
  forbid_filter_reply
  one_time
  skip_syntax_errors
  syntax_errors_to = POSTMASTER
  owners = "exim:root"
  errors_to = POSTMASTER


(All the headers_remove bit was to prevent 'delivery notifications;
confirmation of reading' etc. It also removes any 'forwarding' headers
(resent-to) etc. The problem was that the wrong reply-to: header was being
picked up if a message was simply 'forwarded' to the list.)

I have put the filters at the end of the message if anyone wants them.

For the problem with the '-N' option the only thing I could think of was
that the message would have been (probably) split up since we use
'remote_max_parallel=8'. Does the '-N' option get passed on to the processes
that are forked by exim? The logs showed that all the messages had '*>'
which the manual says shows that the message is not actually delivered.

For the problem with users being missed from the list I cannot really say.
The situation is not that simple though, since we configure exim to allow
our users to have their mail 'redirected' to a different address (usually
their home ISP) - this could be local or remote. We also allow them to have
'copies' of their mail sent to any other address. In the instance of two
staff here who didn't get the message they both have copies of mail sent to
a remote address. The log does not show their addresses (any of them) at
all. It was simply as if they were not in the list - they are, I checked
that!

The only 'difference' between my sending the message and the postmasters, was
that the postmasters one would have gone through the director which freezes
the message. Perhaps there is some interaction between running a filter
(which uses the first_delivery and freeze options), a subsequent director
using the 'one_time' option and a forwardfile, and then a 'copies' director
using 'unseen' and then another director using an aliasfile. All of which
may have been forked as a seperate process due to the remote_max_parallel
option. Not a simple trail to follow as you can see! (However, it is nice
that exim *can* do all this stuff! :-) ) I should add that all mail passes
through a system_filter as well (!) which does some simple testing of
subject: lines for known viruses. It too uses the 'first_delivery' option
though. Also the act of 'unfreezing' the message is usually done through a
local utility which actually uses 'exim -qqRff plymouth.ac.uk'. Perhaps this
rather than just 'exim -Mt' is causing a problem?

You can see how this is such a problem to try and debug! Sigh.

So, does anyone have any ideas about the '-N' option and/or about forwardfile
missing out people? I thought about going back a version of exim, but 3.16
fixed some other problems for us so I can't really do that. Secondly,
testing this stuff is somewhat difficult since really we need to use a large
list. I shall try and create something which will :blackhole: the mail.

Thanks,

John.

---------------
(Some of the lines have been broken over more than one line)
System filter:

# Exim filter <= Do not edit or remove this line!

if first_delivery then
        if $h_Subject: contains "ILOVEYOU" or
           $h_Subject: contains "fwd: Joke" or
           $h_Subject: CONTAINS "Susitikim shi vakara kavos puodukui" or
           $h_Subject: CONTAINS "Mothers Day Order Confirmation" or
           $h_Subject: CONTAINS "NewLove-A" or
           $h_Subject: IS "Jokes" or
           $h_Subject: MATCHES "Funny(\\s+Text)?\\$" or
           $h_Subject: MATCHES "Life Stages(\\s+Text)?\\$" then
                logfile /usr/local/exim/logs/virus.log
                logwrite "$tod_log: $sender_host_address From:
              \"$sender_address\" To: \"$h_To:\" Subject:\"$h_Subject:\""


           seen finish
        endif
endif


finish

-------------------
Special list filter:

# Exim filter <= Do not edit or remove this line!

if first_delivery then
   logfile /usr/local/exim/logs/specials.log
   if $recipients_count is above 1 then
        logwrite "$tod_log: $sender_host_address To: $h_To: Reply-to:
             ${lookup {$local_part} lsearch
        {/usr/local/exim/tables/lists/special/replies} {$value} {postmaster}}
                    Subject: \"$h_Subject:\""
   else
        logwrite "$tod_log: $sender_host_address To: ${local_part:$h_To:}
              Reply-to: ${lookup {$local_part} lsearch
  {/usr/local/exim/tables/lists/special/replies} {$value}{postmaster}}
                  Subject: \"$h_Subject:\""
   endif


freeze text "Special list message"
endif

finish
----------------

------------------------------------------------------------------------
John Horne, University of Plymouth, UK           Tel: +44 (0)1752 233914
E-mail: jhorne@???
PGP key available from public key servers