Re: [exim-dev] [Bug 2376] New: log_message doesn't log if c…

Góra strony
Delete this message
Reply to this message
Autor: Arkadiusz Miśkiewicz
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] [Bug 2376] New: log_message doesn't log if connection is interrupted (which is quite unexpected) while other rules in the same acl are applied
On 18/02/2019 17:20, Heiko Schlittermann via Exim-dev wrote:
> admin--- via Exim-dev <exim-dev@???> (Mo 18 Feb 2019 07:30:24 CET):
>> For example:
>>
>> acl_notquit:
>>         accept authenticated = *

>>
>>         warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
>>                 log_message = "Connection Ratelimit - $sender_fullhost because
>> of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period
>> max:$sender_rate_limit)"
>>                 logwrite = "LOGWRITE: $tod_log $message_id Connection Ratelimit
>> - $sender_fullhost because of notquit: $smtp_notquit_reason
>> ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
>>                 ratelimit = BADNOAUTH_LIMIT / strict / per_conn

>>
>>         accept

>>
>
>
> I'm replying here, until I'm sure that we're talking about a bug :)
>
> I believe, it is clearly documented:
> From the spec.txt:
>
> log_message = <text>
>
>     This modifier sets up a message that is used as part of the log message if
>     the ACL denies access or a warn statement's conditions are true. For
>     example:

>
>
> How do you know, that the "ratelimit" fired (returned TRUE, because it was hit?)
> The output from your log doesn't indicate it:
>
> 2019-02-15 16:09:49.000 [26467] "LOGWRITE: 2019-02-15 16:09:49.000 Connection Ratelimit - (mztyg.com) [49.86.182.22]:53541 because of failed SMTP AUTH without QUIT: connection-lost (/ max:)
>
> I'd have expected something like:
>
> LOG: H=(ME) [1.1.1.1] Warning: non-polite client: connection-lost [1.7/1m max:1]


I think you are right.

Is there a way to do ratelimit counting but make it return true, so
entire acl will fire?

Then my log_message should end up being logged (since it is supposed to
be "I counted here" type of message).


Have to still check what happens if connection is interrupted before acl
finishes (according to irc conversations acl won't finish then and
log_message won't get logged)

--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )