Re: [exim] ISP recently updated exim via DirectAdmin

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Robert Nicholson
Date:  
À: Jeremy Harris
CC: exim-users
Sujet: Re: [exim] ISP recently updated exim via DirectAdmin
Some changes my ISP made from their perspective to simplify things.

They added

as the first router

#EDIT#48:

.include_if_exists /etc/exim.routers.pre.conf

that’s essentially a clone of userforward

defaultforward:
driver = redirect
domains = lsearch,ret=key;/etc/virtual/domainowners
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify

This was added well before the

.include_if_exists /etc/exim.spamassassin.conf

which looks like this

#1.4
# Spam Assassin
spamcheck_director:
  driver = accept
  condition = ${if !eq{$acl_m_spam_assassin_has_run}{1}}
  condition = ${if !eq{$acl_c_spam_assassin_has_run}{1}}
  condition = "${if and { \
            {!eq {$received_protocol}{spam-scanned}} \
            {!eq {$received_protocol}{local}} \
            {exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassin/user_prefs}} \
            {<{$message_size}{500k}} \
        } {1}{0}}"
  retry_use_local_part
  headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
  transport = spamcheck
  no_verify


Prior to the most recent change my earlier -bV tests were showing the router spamcheck_director as the chosen one.


> On Jul 13, 2020, at 3:41 PM, Robert Nicholson <robert.nicholson@???> wrote:
>
> I’m not an exim admin so I don’t have debugging permission.
>
> Failing that I do have access to the mainlog file and I can see the different between how things were previously processed and how they are now.
>
> So now an entry looks like his (heavy search and replace by me here)
>
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP2PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=199798 DKIM=senderdomain id=3278s0cdkx-23@???
> om T=“Sender - Company News and Research" from <sender@senderdomain> for me@mydomain
> 2020-07-13 13:05:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jv4hG-0003kw-1L
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L => domain <me@mydomain> F=<sender@senderdomain> SRS=<SRS0=nGmxsx=AY=senderdomain=sender@???> R=localuser T=local_delivery S=199950
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L Completed
>
> whereas before this looked like this
>
> 2020-07-04 10:04:28 1jrlaV-0006k0-Ej <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP3PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=57226 DKIM=senderdomain id=202007041704.064H3CYB021613@PFFWRT
> P3PVAPP.fmr.com T=“Sender - Company News and Research" from <sender@senderdomain> for user@???
> 2020-07-04 10:04:28 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jrlaV-0006k0-Ej
> 2020-07-04 10:04:29 H=localhost (localhost.localdomain) [127.0.0.1] incomplete transaction (QUIT) from <domain@host>
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => |nice -10 $home/perlscripts/filter.pl -runsa (domain@host) <user@???> F=<sender@senderdomain> R=userforward T=address_pipe S=57285
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => /home/domain/Maildir/.INBOX.intray.backup/ (domain@host) <user@???> F=<sender@senderdomain> R=userforward T=address_directory S=57349
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej Completed
>
> When I test this at the command line I see
>
> I have a .forward file and it eventually uses a pipe. (or at least it use to)
>
> exim -bt -bV user@domain
>
> Exim version 4.94 #2 built 25-Jun-2020 07:25:17
> Copyright (c) University of Cambridge, 1995 - 2018
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
> Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
> Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR SPF TCP_Fast_Open Experimental_SRS
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
> Authenticators: cram_md5 dovecot plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> user@host    [srs = SRS0=6E5clp=AY=host=user@domain]
>    <— user@domain
>  router = localuser, transport = local_delivery

>
> But is this something I can test at the command line?
>
> Today my ISP introduce a new router earlier in the configuration where now the log entry in my .forward is at least executed as I can see entries added to the log file.
>
> however, any pipe etc isn’t executed from that .forward file.
>
>
>> On Jul 13, 2020, at 3:14 AM, Jeremy Harris via Exim-users <exim-users@???> wrote:
>>
>> On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
>>> When I try a test message it doesn’t show userfowrard router.
>>
>>> user@???
>>> router = spamcheck_director, transport = spamcheck
>>
>> Run the exim that does the routing with debug turned on.
>> If this test message is smtp-fed, that'll be the daemon.
>> If commandline, it's the one you start.
>>
>> Grab stderr to file, for later perusal.
>>
>> Feed in the test message.
>>
>> Find the bit of debug output that shows routing being done.
>> Look at the conditions on each router in the sequence getting
>> evaluated. You should discover why the router you expected
>> was not hit, and the router you observe was hit.
>> --
>> Cheers,
>> Jeremy
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>