Re: [Exim] log_message ignored in deny?

Top Page
Delete this message
Reply to this message
Author: Kevin W. Reed
Date:  
To: exim-users
Subject: Re: [Exim] log_message ignored in deny?
Finally got time to try this again...

I figured that after Phillip tried it and said it was okay, I was just
seeing things. However, right after seeing another in the log I did a
test...

Actual log entry:

2003-09-11 19:55:42 H=pcp097191pcs.audubn01.nj.comcast.net [68.45.131.116]
F=<fccfbg@???> rejected RCPT <soldo@???>: SPAM BLOCK: Host or
Netblock is listed in bl.spamcop.net

ACL Rule:

 #  Deny Spam Block and Dynamic IP sites
 deny    hosts = +rbl_hosts : !+exempt_lookup_hosts
         log_message = SPAM BLOCK: RBL-ANTISPAM ($dnslist_domain)
         message = SPAM BLOCK: Host or Netblock is listed in
$dnslist_domain\n \
                Please contact postmaster@??? with any questions.
         dnslists =      hil.habeas.com : \
                         bl.spamcop.net : \
                         dnslb.ngabl.org : \
                         sbl.spamhaus.org : \
                         dynablock.easynet.nl


Testing with:

exim -d -bh 68.45.131.116

...

helo pcp097191pcs.audubn01.nj.comcast.net

...

mail from: test@???

rcpt to: kreed@???

...

DNS list check: bl.spamcop.net
new DNS lookup for 116.131.45.68.bl.spamcop.net
DNS lookup of 116.131.45.68.bl.spamcop.net (A) succeeded
DNS lookup for 116.131.45.68.bl.spamcop.net succeeded (yielding 127.0.0.2)
DNS lookup of 116.131.45.68.bl.spamcop.net (TXT) succeeded
=> that means 68.45.131.116 is listed at bl.spamcop.net
deny: condition test succeeded
SMTP>> 550-SPAM BLOCK: Host or Netblock is listed in bl.spamcop.net

550-SPAM BLOCK: Host or Netblock is listed in bl.spamcop.net
SMTP>> 550 Please contact postmaster@??? with any questions.

550 Please contact postmaster@??? with any questions.
LOG: MAIN REJECT
H=pcp097191pcs.audubn01.nj.comcast.net [68.45.131.116]
F=<test@???> rejected RCPT
kreed@???: SPAM BLOCK: RBL-ANTISPAM (bl.spamcop.net)


Strange... The testing shows that it will use the correct log_message
entry... in the log.... But in reality, it uses the message entry instead.

Again.. the real log entry that occurred just prior to trying the test
with the same IP.

2003-09-11 19:55:42 H=pcp097191pcs.audubn01.nj.comcast.net [68.45.131.116]
F=<fccfbg@???> rejected RCPT <soldo@???>: SPAM BLOCK: Host or
Netblock is listed in bl.spamcop.net

Perhaps the test is doing some thing that reality it not?

#exim -bV

Exim version 4.22 #2 built 07-Sep-2003 20:29:49
Copyright (c) University of Cambridge 2003
Probably ndbm
Support for: iconv()
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Contains exiscan-acl patch revision 12 (c) Tom Kistner
[http://duncanthrax.net/exiscan/]
Configuration file is /usr/local/exim/configure

--
Kevin