[Exim] Saving rejected messages to a file

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MPhilip Hazel at ->
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: exim-users
Subject: [Exim] Saving rejected messages to a file
Mainly out of curiosity, I want to save messages rejected by the system
filter somewhere. After much fiddling and head-scratching, I came
across this in the manual:

If either `freeze' or `fail' is obeyed in a system filter file, no
deliveries are done, not even those set up by `mail' commands in the
filter. See the `freeze_tell_mailmaster' option for a way of having a
message sent when a message is frozen.

To be diplomatic, the reasoning behind that decision escapes me. It
seems like an arbitrary judgment for the filtering mechanism to say, "If
you do X, I won't let you do Y". Grumble.

For the record, here's the relevant snippet from /etc/exim.conf:

message_filter = /etc/exim/system_filter
message_body_visible = 5000

message_filter_file_transport = address_file
message_filter_pipe_transport = address_pipe
message_filter_reply_transport = address_reply

And here's the snippet from system_filter (an addition of my own
devising to Nigel Metheringham's Windows virus filter): 

  # Try to spot the Sircam worm -- a bit tricky since the subject line
  # and attachment are random; only the body of the message is predictable
  # (and even that has a random component).
  if $message_body contains "I send you this file in order to have your advice" or
     $message_body contains "I hope you can help me with this file that I send" or
     $message_body contains "I hope you like the file that I send you" or
     $message_body contains "This is the file with the information that you ask for" then
    save /var/log/exim/rejected-mail
    logwrite "$tod_log $message_id rejected"
    logwrite "$tod_log subject: $header_subject"
    logwrite "$tod_log recipients: $recipients"
    fail text "This message has been rejected because it matches\n\
               the signature of a known e-mail worm (SirCam).  This\n\
               probably means that your PC has been infected with this\n\
               worm; see\n\
               \thttp://www.zdnet.com/zdnn/stories/news/0,4586,5094633,00.html\n\
               for more information."
    seen finish
  endif


Annoying behaviours I have observed with this setup (exim 3.12 on Debian
2.2 stable):

* if the logwrite commands follow the fail command, nothing is logged 

  * if the fail command runs (ie. is not commented out), the save
    command has no effect (as documented) -- I can only save
    rejected messages if I comment out the fail command


Is the only solution to use the "mail" command to craft a failure
message? 

        Greg



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] route_fileRe: [Exim] Saving rejected messages to a file->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)