Happy New Year to ye all!
I am running exim-4.60.
I have been seeing a funny output on my mainlog for some time. Today I
decided to track it down. The addresses are obfuscated to protect me
from being taken to court!
What has been happening is that I've seen the following on my mainlog,
and paniclog:
2006-01-05 18:33:07 1EuRkR-0002Dm-Lb Error in system filter: internal problem in system filter: failure to transfer data from subproces
s: status=0000 readerror='Operation not supported by device'
Today, I decided to see what causes it. I looked at the log file written
by my system_filter, but there was no mention of the $message_id above.
Looking at the mainlog using exigrep, I found this:
18$ exigrep 1EuRkR-0002Dm-Lb /var/log/exim/2006-01/main.20060105.log
+++ 1EuRkR-0002Dm-Lb not completed +++
2006-01-05 12:49:42 1EuRkR-0002Dm-Lb H=web31606.mail.mud.yahoo.com [68.142.198.152] I=[62.8.64.4]:25 Warning: ATTACHMENTS "05GMB5149 ��
��,ͭ����.xls"=MD5:MD5 (/var/spool/exim/scan/1EuRkR-0002Dm-Lb/1EuRkR-0002Dm-Lb-00000) = d11d0d2b26d6ed62672d0aec50706f6b\n;SIZE:19KB
2006-01-05 12:49:42 1EuRkR-0002Dm-Lb <= ljsen@??? H=web31606.mail.mud.yahoo.com [68.142.198.152] I=[62.8.64.4]:25 P=smtp S=2
9972 id=20060105094841.12562.qmail@??? T="Fwd: PI" from <ljsen@???> for mlt@???
2006-01-05 18:33:07 1EuRkR-0002Dm-Lb internal problem in system filter: failure to transfer data from subprocess: status=0000 readerror
='Operation not supported by device'
2006-01-05 18:33:07 1EuRkR-0002Dm-Lb Error in system filter: internal problem in system filter: failure to transfer data from subproces
s: status=0000 readerror='Operation not supported by device'
I looked at the message headers using exim -Mvh and this is what is
there:
1EuRkR-0002Dm-Lb-H
root 0 0
<ljsen@???>
1136454571 0
-helo_name web31606.mail.mud.yahoo.com
-host_address 68.142.198.152.34551
-host_name web31606.mail.mud.yahoo.com
-interface_address 62.8.64.4.25
-received_protocol smtp
-acl 1 1
5
-acl 10 9
off # off
-acl 11 5
false
-acl 12 144
"05GMB5149 �ǰ�,ͭ����.xls"=MD5:MD5 (/var/spool/exim/scan/1EuRkR-0002Dm-Lb/1EuRkR-0002Dm-Lb-00000) = d11d0d2b26d6ed62672d0aec50706f6b
;SIZE:19KB
-body_linecount 484
XX
1
mlt@???
214P Received: from web31606.mail.mud.yahoo.com ([68.142.198.152])
by ns2.wananchi.com with smtp (Exim 4.60 #0 (FreeBSD 4.11-STABLE))
id 1EuRkR-0002Dm-Lb
for <mlt@???>; Thu, 05 Jan 2006 12:49:42 +0300
072P Received: (qmail 12564 invoked by uid 60001); 5 Jan 2006 09:48:41 -0000
351 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=dDpmXfuiD/NdiDc0ZtFVckh+mQH0VfwSP1wog3KdStt8gCR7h+3DwdHlrmwxjXJ+qOP0dQNhaRi6vqymlVY4jAy+EnqmTTcwxdM+RX3Sya0aey/90FQuSxdlhhFU9CiDoU43eZTVj7md3Pev7LvSMuljmAZMje0E6g/buqJ2s/4= ;
069I Message-ID: <20060105094841.12562.qmail@???>
101P Received: from [218.12.46.61] by web31606.mail.mud.yahoo.com via HTTP; Thu, 05 Jan 2006 01:48:41 PST
043 Date: Thu, 5 Jan 2006 01:48:41 -0800 (PST)
041F From: Lan Jsen <ljsen@???>
017 Subject: Fwd: PI
042T To: "H. Lak" <mlt@???>
018 MIME-Version: 1.0
072 Content-Type: multipart/mixed; boundary="0-1278385614-1136454521=:9528"
032 Content-Transfer-Encoding: 8bit
077 X-Virus-Scanned: Clear (ClamAV devel-20051230/1229/Wed Jan 4 18:08:11 2006)
051 X-Scan-Signature: 7a17fd3b40549fa3b2fd7daef6da6043
Now, it turns out that mlt@??? has got a .forward file which
tells Exim to forward all e-mails to another@???.
host -tmx address.CCTLD yields SERVFAIL at certain times but not always!
A manual delivery using `exim -d -M $message_id` at the time you get a
SERVFAIL obviously takes forever, which is expected.
Now, why does it happen that a DNS lookup failure makes exim to talk
about system_filter where (hopefully) the system filter is not even
involved?
cheers
- wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) |
wash () WANANCHI ! com . 1ere Etage, Loita Hse, Loita St., |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
--from a /. post