Re: [Exim] double rejection entries in syslog

Top Page
Delete this message
Reply to this message
Author: Anand Buddhdev
Date:  
To: Suresh Ramasubramanian
CC: exim-users
Subject: Re: [Exim] double rejection entries in syslog
On Wed, Feb 18, 2004 at 08:14:14AM +0530, Suresh Ramasubramanian wrote:

> >*.emerg                        *

>
> Is a spam reject treated as an emergency?


Is this a joke?

Of course a spam reject is NOT treated as an emergency. If it were,
I'd be seeing messages on my consoles too. I repeat, the problem is
that of duplicate syslog entries by exim, when it rejects a message. I
don't read C very well, so I'm not skilled enough to read the source
code to see where these double entries might be getting generated. So
I'm hoping someone (maybe Philip) will be able to spot the problem,
and solve it (if it is a bug), or tell me that I'm the only one seeing
this problem, and that I must have some misconfiguration somewhere.

My ACLs look like this:

begin acl

acl_check_rcpt:
  accept  hosts = :
  deny    senders       = lsearch;/etc/exim/bad_senders
          message       = Sender is blacklisted at this site
  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  accept  local_parts   = postmaster
          domains       = +local_domains
  drop    message       = Host is listed in $dnslist_domain ($dnslist_text)
          dnslists      = bl.spamcop.net : sbl-xbl.spamhaus.org :\
                          dsn.rfc-ignorant.org/$sender_address_domain :\
                          bogusmx.rfc-ignorant.org/$sender_address_domain :\
                          dnsbl.sorbs.net :\
                          rhsbl.sorbs.net/$sender_address_domain :\
                          opm.blitzed.org : relays.ordb.org
  require verify        = sender
  accept  domains       = +local_domains
          endpass
          verify        = recipient
  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient
  accept  hosts         = +relay_from_hosts
  accept  authenticated = *
  drop    message       = relay not permitted


acl_check_content:

  deny  message = This message contains a MIME error ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}
  deny  message = This message contains an unwanted file extension ($found_extension)
        demime = scr:vbs:bat:lnk:pif
  drop  message = This message matches a blacklisted regular expression ($regex_match_string)
        regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]
  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = nobody:true
        condition = ${if <{$message_size}{100k}{yes}{no}}
  warn  message = X-Spam-Report: $spam_report
        spam = nobody
        condition = ${if <{$message_size}{100k}{yes}{no}}
  warn  message = X-Spam-Flag: YES
        spam = nobody
        condition = ${if <{$message_size}{100k}{yes}{no}}
  warn  message = X-New-Subject: **SPAM** $h_subject:
        spam = nobody
        condition = ${if <{$message_size}{100k}{yes}{no}}
  drop  message = This message was classified as spam
        spam = nobody:true
        condition = ${if >{$spam_score_int}{100}{yes}{no}}
        condition = ${if <{$message_size}{100k}{yes}{no}}
  accept



--
Anand Buddhdev