Hi there!
My friend told me, he suddenly can't send mails over my server.
I updated spamassassin a couple of days ago, may be he triggered the
new behaviour now. I don't know, if the problem ist at SA, though.
Please take a look, its on my produtction server and not well
running. That hurts :/
Mar 28 23:46:36 kermit spamd[18997]: connection from localhost [127.0.0.1] at port 57018
Mar 28 23:46:36 kermit spamd[15621]: checking message <GYFZGGTEITZIFABBNUJZHGAD@???> for nobody:1005.
==> /var/log/exim4/exim_paniclog <==
2004-03-28 23:46:35 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
2004-03-28 23:46:36 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
2004-03-28 23:46:36 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
==> /var/log/exim4/exim_rejectlog <==
2004-03-28 23:46:36 1B7i6z-00043q-LM H=natsmtp01.rzone.de [81.169.145.166]:41176 F=<LFEMJLJTKGW@???> temporarily rejected after DATA
Envelope-from: <LFEMJLJTKGW@???>
Envelope-to: <fred.koenemann@???>
P Received: from natsmtp01.rzone.de ([81.169.145.166]:41176)
by mail.ku-gbr.de with esmtp (Exim 4.24 #1 (Debian))
id 1B7i6z-00043q-LM
for <fred.koenemann@???>; Sun, 28 Mar 2004 23:46:33 +0200
P Received: from m179.net195-132-13.noos.fr (m179.net195-132-13.noos.fr [195.132.13.179])
by mailin.webmailer.de (8.12.10/8.12.10) with SMTP id i2SHddqr014156
for <root@???>; Sun, 28 Mar 2004 19:39:40 +0200 (MEST)
P Received: from 145.38.92.216 by 195.132.13.179; Sun, 28 Mar 2004 11:38:49 -0600
I Message-ID: <GYFZGGTEITZIFABBNUJZHGAD@???>
F From: "Everette Reaves" <LFEMJLJTKGW@???>
R Reply-To: "Everette Reaves" <LFEMJLJTKGW@???>
T To: root@???
Subject: You Goona Love This! ZfJL
Date: Sun, 28 Mar 2004 18:31:49 +0100
X-Mailer: AOL 5.0 for Windows US sub 102
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--5570423341838863162"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP: 55.24.33.113
==> /var/log/exim4/exim_mainlog <==
2004-03-28 23:46:35 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
2004-03-28 23:46:35 1B7i6z-00043q-LM H=natsmtp01.rzone.de [81.169.145.166]:41176 Warning: ACL "warn" statement skipped: condition test deferred:
2004-03-28 23:46:36 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
2004-03-28 23:46:36 1B7i6z-00043q-LM spam acl condition: cannot parse spamd output
2004-03-28 23:46:36 1B7i6z-00043q-LM H=natsmtp01.rzone.de [81.169.145.166]:41176 F=<LFEMJLJTKGW@???> temporarily rejected after DATA
2004-03-28 23:46:38 SMTP connection from natsmtp01.rzone.de [81.169.145.166]:41176 closed by QUIT
Looking at the From: Headers I think this are messages, which would be
classiefied as spam normally. I reject if above 10 points.
Here is the (long well working) acl:
begin acl
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
accept recipients = postmaster@* : \
*-admin@*
deny hosts = +rbl_hosts
message = host is listed in $dnslist_domain
dnslists = rbl.maps.vix.com:relays.mail-abuse.org
deny hosts = *
!verify = sender
deny message = unrouteable address
!verify = recipient
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
accept
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains an attachement of a type we do not accept (.$found_extension)
demime = bat:com:exe:pif:prf:scr:vbs
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
warn message = X-Spam-Score: $spam_score
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
deny message = This message scored $spam_score spam points.
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
accept
#!!# ACL that is used after the VRFY command
check_vrfy:
accept
How can I debug this?
I run spamassassin-2.63 debian packages, self compiled exim-4.24.
I chenged the config not for days and it feels the Problem occurs all
of a sudden, is that a bug triggered by a mail worm? It is happening
more and more often (watching tail -f now).
Konsti
--
2.6.3-rc2-mm1
Konstantin Kletschke <konsti@???>, <konsti@???>
GPG KeyID EF62FCEF
Fingerprint: 13C9 B16B 9844 EC15 CC2E A080 1E69 3FDA EF62 FCEF
keulator.homelinux.org up 8:29, 11 users
