On Wed, 19 Apr 2006, joerg.pichel@??? wrote:
> Hm. The spool files are already corrupt in spool-in/ with is the
> location where only exim stores to and MailScanner reads (and removes)
> from. I know the point that exim 4.61 changes the ACL variables but
> the point is that e.g.
> 1FU1RG-00088G-E7-H
> root 0 0
> <sentto-16071460-1143-1144933219-someone=gmx.com@???>
> 1144933246 0
> -host_address 213.165.64.100.57990
> -helo_name mx0.gmx.net
> -aclm 0 0
> -host_name mx0.gmx.net
> -interface_address 192.76.162.229.25
> -received_protocol smtp
> XX
> -aclm 1 0
>
> is a spool file written by exim and it is corrupt even for exim
> because "-aclm 1 0" must not follow the "XX" line.
That is totally impossible. If you look at the code in spool_out.c, you
will see that all the writing of the lines starting with "-" happens
before the writing of the non-recipients, in this case, the XX line.
Something else is tampering with the spool file.
> If I disable
> MailScanner any only let exim spool the messages then the spool files
> are corrupted too. Herer is an example I produced some seconds ago. It
> seems to be a buffer overflow problem in the new ACL code.
> ###################################
> 1FWCnX-0008R4-8s-H
> root 0 0
> <TerriPearce@???>
> 1145453567 0
> -helo_name pjn.qsrch.net
> -host_address 59.187.229.192.3945
> -interface_address 192.76.162.230.25
> -received_protocol smtp
> -aclc 1 109
> X-sdm-Check-DNSbl-Warning: 59.187.229.192 is listed in list.dsbl.org (http://dsbl.org/listing?59.187.229.192)
> -aclm 0 0
>
> -aclm 1 109
> X-sdm-Check-DNSbl-Warning: 59.187.229.192 is listed in list.dsbl.org (http://dsbl.org/listing?59.187.229.192)
> -aclm 2 2
> 29
> -body_linecount 293
> -deliver_firsttime
> -host_lookup_failed
> XX
> 1
> someone@???
The only slight oddity there is -aclm 0 0 which indicates that a
variable was set to an empty string. But that is allowed. The file looks
fine to me.
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book