[exim] Discarding a message without reason?

Góra strony
Delete this message
Reply to this message
Autor: Richard Hopkins
Data:  
Dla: exim-users
Temat: [exim] Discarding a message without reason?

Hi all,

First off the context...

Solaris 9, exim 4.34+exiscan-acl-4.34-21, SpamAssassin 3.0.1 and McAffee's
virus scan for UNIX 4.4.00

(PS I know, I know - I thought I had already upgraded this server to exim
4.43. I'd built 4.43 but hadn't installed it. Sigh!)

The server is configured to discard/blackhole under 2 circumstances.
Firstly, if the message is found to be virus infested and secondly if the
SpamAssassin score is "very high"...

  # Discard virus infested messages.
  warn log_message = Discarding message with virus $malware_name
         malware = *
  discard malware = *



  # Discard spam messages with score over 25
  warn  log_message = Message rejected as spam (scored $spam_score points)
        condition = ${if <{$message_size}{100k}{1}{0}}
        spam = nobody:true
        condition = ${if >{$spam_score_int}{250}{1}{0}}
  discard condition = ${if >{$spam_score_int}{250}{1}{0}}



A couple of days ago, though, it was brought to my attention that a locally
originated message passing through this server had vanished. Checking the
logs I found that the message had indeed been discarded, but no reason was
logged.

This obviously got me very worried.

I ran a little job to see what other messages we'd discarded (that day) but
found absolutely no others (21,712 discarded - good grief! - 21,711 of
which has the reason for discarding logged).

(The message which was discarded was over the SA size limit, by the way,
and my logs confirm that it wasn't run through SA)

There's nothing relating to the discarded message in the paniclog, nor the
rejectlog and there are no indications that the system itself was in any
kind of trouble at the time of the discard.

So, I'm a bit stuck now (in explaining why the message was discarded to our
understandably concerned user). Does anyone have any idea where I can look
further (or have an explanation for what might have gone wrong)?

Cheers,

Richard