[Exim] exim-4.34/spamassassin looping

Góra strony
Delete this message
Reply to this message
Autor: Mark T. Valites
Data:  
Dla: exim-users
Temat: [Exim] exim-4.34/spamassassin looping
This past weekend I cut over my campus email server from one sendmail
server to two redundant exim servers with shared SAN home/maildir
directories. (Yeh!) Both new servers are mirror images of each other with
equal MX records and are comprised of:

solaris 9 (4/04, with all patches as of a week ago, on SunFire280Rs)
exim-4.34/exiscan-4.34-22, compiled from source
clamav-0.74.sol8, binary from http://clamav.or.id/
spamc installed from CPAN (perl-5.83 package from sunfreeware)

SpamAssassin runs remotely on a set of ~8 identical RedHat machines & is
accessed by pointing spamc at a Linux Virtual Server (LVS) director which
then connects to the least connected to RedHat machine. SA on the RH boxes
is version 2.63, compiled from CPAN, from perl-5.8.0, also compiled from
source.

I'd previously been using the same SpamAssassin setup for over a year.
During this time I also accessed it through the LVS by calling spamc from
procmail, which was acting as my LDA in the previous sendmail setup.

The new exim setup *almost* works perfectly - I'm estatic about how well
the cutover went. The only significant problem I've encountered is that
some messages appear to continuously get passed off to spamassassin from
my spamassassin transport, over and over until a loop is detected and
message delivery fails. I'd guesstimate over 99% of messages are delivered
just fine, but this happens on both machines. I've can reproduce this
symptom on demand by attaching a certain MS Word document to a test
message - from this and a couple other messages I've seen it happen to, I
suspect this is only happening to messages with attachments, but I'm not
positive. Digging through list archives turned up a handfull of somewhat
similar reports, but none that looked exactly the same as what I'm seeing.

My spamassassin router & transport look like this:

spamassassin_router:
  debug_print = "R: spamassasssin_router for $local_part@$domain"
  no_verify
  check_local_user
  condition = \
  "${if and { {!def:h_X-Spam-Status:} \
              {!eq {$received_protocol}{spamassassin-scanned}} \
            }\
            {1}{0}\
    }"
  driver = accept
  transport = spamassassin_transport


spamassassin_transport:
debug_print = "T: spamassassin_transport for $local_part@$domain"
driver = pipe
command = /path/to/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /path/to/spamc -d SPAMD_HOST -u $local_part
home_directory = "/tmp"
current_directory = "/tmp"
user = exim
group = exim
log_output = true
return_fail_output = true
return_path_add = false

trusted_users = exim : valites : mailman

received_headers_max is the default (30)

SPAMD_HOST = <IP of LVS Director>

The 2nd to last message ID from the bounce message below shows up only in
the mainlog as with these entries:

(Apologies ahead of time for the long lines)

grep 1BpF0o-00038F-6I *
mainlog:2004-07-26 18:36:07 1BpF0o-00038F-6I <= valites@??? U=exim P=spam-scanned S=987127 id=Pine.LNX.4.44.0407261935060.8123-101000@???
mainlog:2004-07-26 18:36:09 1BpF0o-00038F-6I => valites <valites@???> R=spamassassin_router T=spamassassin_transport
mainlog:2004-07-26 18:36:09 1BpF0o-00038F-6I Completed

The last message ID's log entries:

mainlog:2004-07-26 18:36:09 1BpF0p-00038L-5v <= valites@??? U=exim P=spam-scanned S=987277 id=Pine.LNX.4.44.0407261935060.8123-101000@???
mainlog:2004-07-26 18:36:09 1BpF0p-00038L-5v ** valites@???: Too many "Received" headers - suspected mail loop
mainlog:2004-07-26 18:36:09 1BpF0r-00038Q-3o <= <> R=1BpF0p-00038L-5v U=exim P=local S=112572
mainlog:2004-07-26 18:36:09 1BpF0p-00038L-5v Completed

For the messages that continuosly get sent to spamassassassin, I see no
entry in the spamassassin logs on my syslog system that the message has
been received for scanning. The sender of a problematic message gets this
failure message:

Date: Mon, 26 Jul 2004 18:36:09 -0500
From: Mail Delivery System <Mailer-Daemon@???>
To: valites@???
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  valites@???
    Too many "Received" headers - suspected mail loop


------ This is a copy of the message, including all the headers. ------
------ The body of the message is 982170 characters long; only the first
------ 106496 or so are included here.

Return-path: <valites@???>
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0p-00038L-5v
        for valites@???; Mon, 26 Jul 2004 18:36:09 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0o-00038F-6I
        for valites@???; Mon, 26 Jul 2004 18:36:07 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0o-000389-3P
        for valites@???; Mon, 26 Jul 2004 18:36:06 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0n-000383-3k
        for valites@???; Mon, 26 Jul 2004 18:36:05 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0m-00037x-44
        for valites@???; Mon, 26 Jul 2004 18:36:05 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0l-00037r-6B
        for valites@???; Mon, 26 Jul 2004 18:36:04 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0l-00037l-3I
        for valites@???; Mon, 26 Jul 2004 18:36:03 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0k-00037f-3Z
        for valites@???; Mon, 26 Jul 2004 18:36:02 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0j-00037Z-3w
        for valites@???; Mon, 26 Jul 2004 18:36:02 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0i-00037R-4F
        for valites@???; Mon, 26 Jul 2004 18:36:01 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0h-00037L-4K
        for valites@???; Mon, 26 Jul 2004 18:36:00 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0g-00037F-5H
        for valites@???; Mon, 26 Jul 2004 18:35:59 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0f-000379-5d
        for valites@???; Mon, 26 Jul 2004 18:35:58 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0e-000373-5x
        for valites@???; Mon, 26 Jul 2004 18:35:57 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0d-00036w-6C
        for valites@???; Mon, 26 Jul 2004 18:35:56 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0d-00036q-3H
        for valites@???; Mon, 26 Jul 2004 18:35:55 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0c-00036d-3J
        for valites@???; Mon, 26 Jul 2004 18:35:54 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0b-00036R-3T
        for valites@???; Mon, 26 Jul 2004 18:35:53 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0a-00036L-3Z
        for valites@???; Mon, 26 Jul 2004 18:35:53 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0Z-00036F-3r
        for valites@???; Mon, 26 Jul 2004 18:35:52 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0Y-000368-43
        for valites@???; Mon, 26 Jul 2004 18:35:51 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0X-000362-4Q
        for valites@???; Mon, 26 Jul 2004 18:35:50 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0W-00035w-5g
        for valites@???; Mon, 26 Jul 2004 18:35:49 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0V-00035p-63
        for valites@???; Mon, 26 Jul 2004 18:35:48 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0U-00035i-6P
        for valites@???; Mon, 26 Jul 2004 18:35:47 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0U-00035c-3c
        for valites@???; Mon, 26 Jul 2004 18:35:46 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0T-00035T-3z
        for valites@???; Mon, 26 Jul 2004 18:35:46 -0500
Received: from exim by alpha.geneseo.edu with spam-scanned (Exim 4.34)
        id 1BpF0S-00035H-4D
        for valites@???; Mon, 26 Jul 2004 18:35:45 -0500
Received: from [137.238.1.104] (helo=mars.geneseo.edu)
        by alpha.geneseo.edu with esmtp (Exim 4.34)
        id 1BpF0O-000352-3t
        for valites@???; Mon, 26 Jul 2004 18:35:44 -0500
Received: from mars.geneseo.edu (localhost.localdomain [127.0.0.1])
        by mars.geneseo.edu (8.12.9/8.12.5) with ESMTP id i6QNZY5Y028919
        for <valites@???>; Mon, 26 Jul 2004 19:35:34 -0400
Received: from localhost (valites@localhost)
        by mars.geneseo.edu (8.12.9/8.12.9/Submit) with ESMTP id
i6QNZYvp028916
        for <valites@???>; Mon, 26 Jul 2004 19:35:34 -0400
Date: Mon, 26 Jul 2004 19:35:34 -0400 (EDT)
From: "Mark T. Valites" <valites@???>
To: "Mark T. Valites" <valites@???>
Subject: log me
Message-ID: <Pine.LNX.4.44.0407261935060.8123-101000@???>
X-Mailer: Pine - The BOFH's Mailer of Choice
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="-292984831-321473661-1090884934=:8123"


This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware
tools.
Send mail to mime@??? for more info.

---292984831-321473661-1090884934=:8123
Content-Type: TEXT/PLAIN; charset=US-ASCII

this will fail - how about a log entry


Mark T. Valites
Unix Systems Analyst
Computing & Information Technology
SUNY Geneseo
>--))> >--))>


---292984831-321473661-1090884934=:8123
Content-Type: APPLICATION/msword; name="chapExperiment.doc"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.44.0407261935340.8123@???>
Content-Description:
Content-Disposition: attachment; filename="chapExperiment.doc"

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAM
AAAA4AAAAAAAAAAAEAAAvQQAAAYAAAD+////AAAAAC8FAADhAAAA5gQAAOQA
AADlAAAAsAQAALEEAACyBAAA6AAAAOIAAAAABQAAgAUAAP//////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////

<snip>

Folks have been extremely understanding and this hasn't caused much of a
problem so far, but I can only imagine what the angry mob will look like
once the semester starts back up. If you've been able to bear with me this
far down the message, any suggestions are greatly appreciated. If I've
forgotten something relevant, please let me know what more information I
can provide.

Thanks,
-Mark

--
Mark T. Valites
Unix Systems Analyst
Computing & Information Technology
SUNY Geneseo
>--))> >--))>