Re: [Exim] acl drop bug ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jean-Louis Bergamo
Datum:  
To: exim-users
Betreff: Re: [Exim] acl drop bug ?
On Fri, 14 May 2004, Philip Hazel wrote:

Hello Philip,

> I've just checked the code. Exim should send the response, then
> immediately close. The way to check this is to run Exim in debug mode
> and see if this shows it sending the response. I am in Dakar at the
> moment, and do not have time to test this myself.


you're right Philip,

i can see this in debug mode :
[cut because very verbose :-)]
14:08:00  5192 processing "drop"
14:08:00  5192 check demime = *
14:08:00  5192 check malware = */defer_ok
14:08:00  5192 ---0 Get 0x811d248    32         exim.c   32
14:08:00  5192 ---0 Get 0x811d268   104       string.c  852
14:08:00  5192 ---0 Rst 0x811d2b6    **       expand.c 4264 41000
14:08:00  5192 expanding: This message contains a virus or other harmful
content ($malware_name)
14:08:00  5192    result: This message contains a virus or other harmful
content (Eicar-Test-Signature)
14:08:00  5192 drop: condition test succeeded
14:08:00  5192 ---0 Get 0x811d2b8    80       string.c  345
14:08:00  5192 unspool_mbox(): unlinking
'/var/spool/exim4/scan/1BObTp-0001Lk-EV/1BObTp-0001Lk-EV.eml'
14:08:00  5192 unspool_mbox(): unlinking
'/var/spool/exim4/scan/1BObTp-0001Lk-EV/1BObTp-0001Lk-EV-00000.com'
14:08:00  5192 ---0 Get 0x811d308     8       string.c  345
14:08:00  5192 ---0 Get 0x811d310    24       string.c  345
14:08:00  5192 --Malloc 0x811f9b8  8200        store.c  139 49200 5535
14:08:00  5192 ---0 Get 0x811f9c0    80       string.c  345
14:08:00  5192 SMTP>> 550-This message contains a virus or other harmful
content
14:08:00  5192 SMTP>> 550 (Eicar-Test-Signature)
14:08:00  5192 LOG: MAIN REJECT
14:08:00  5192   H=me (me) [x.x.x.x]
F=<jlb@???> rejected after DATA: This message contains a virus or
other harmful content (Eicar-Test-Signature)
14:08:00  5192 ---0 Get 0x811fa10    64       string.c  345
14:08:00  5192 LOG: smtp_connection MAIN
14:08:00  5192   SMTP connection from me (me) [x.x.x.x] closed by DROP in
ACL
14:08:00  5192 search_tidyup called
14:08:00 26686 child 5192 ended: status=0x0
14:08:00 26686 0 SMTP accept processes now running
14:08:00 26686 Listening...


but in my telnet session for this test i never see the 550 code :
[cut again]
Subject: test virus

(eicar string)
.
Connection closed by foreign host.

and on mailer (on which i can see the queue) which talking to this mailer
with drop configured, a lot of mail is waiting to be delivered because the
connection was close before receiving the 550 code. And on mailer i can't
see the queue, i'm seeing a lot of refused and sent again and again.

Maybe it may help if you wait few seconds (an option in configuration
file can set this time ) after sending the 550 code and before closing
connection. It's just an idea.

thanks for you help, and i hope your holydays will be good :-)

Jean-Louis