Re: [exim] ISP recently updated exim via DirectAdmin

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Robert Nicholson
Date:  
À: Jeremy Harris
CC: exim-users
Sujet: Re: [exim] ISP recently updated exim via DirectAdmin
Got some insight from the debug log.

Does anybody know what the 2 0 0 represents?

userforward router skipped: verify 2 0 0

There’s a suspicion that this is a bug introduced by the DirectAdmin folks into their configuration 4.5.26… previous 4.5.25 worked fine.

> On Jul 13, 2020, at 3:51 PM, Robert Nicholson <robert.nicholson@???> wrote:
>
> Some changes my ISP made from their perspective to simplify things.
>
> They added
>
> as the first router
>
> #EDIT#48:
>
> .include_if_exists /etc/exim.routers.pre.conf
>
> that’s essentially a clone of userforward
>
> defaultforward:
> driver = redirect
> domains = lsearch,ret=key;/etc/virtual/domainowners
> allow_filter
> check_ancestor
> check_local_user
> no_expn
> file = $home/.forward
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> directory_transport = address_directory
> no_verify
>
> This was added well before the
>
> .include_if_exists /etc/exim.spamassassin.conf
>
> which looks like this
>
> #1.4
> # Spam Assassin
> spamcheck_director:
>  driver = accept
>  condition = ${if !eq{$acl_m_spam_assassin_has_run}{1}}
>  condition = ${if !eq{$acl_c_spam_assassin_has_run}{1}}
>  condition = "${if and { \
>             {!eq {$received_protocol}{spam-scanned}} \
>             {!eq {$received_protocol}{local}} \
>             {exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassin/user_prefs}} \
>             {<{$message_size}{500k}} \
>         } {1}{0}}"
>  retry_use_local_part
>  headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
>  transport = spamcheck
>  no_verify

>
> Prior to the most recent change my earlier -bV tests were showing the router spamcheck_director as the chosen one.
>
>
>> On Jul 13, 2020, at 3:41 PM, Robert Nicholson <robert.nicholson@???> wrote:
>>
>> I’m not an exim admin so I don’t have debugging permission.
>>
>> Failing that I do have access to the mainlog file and I can see the different between how things were previously processed and how they are now.
>>
>> So now an entry looks like his (heavy search and replace by me here)
>>
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP2PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=199798 DKIM=senderdomain id=3278s0cdkx-23@???
>> om T=“Sender - Company News and Research" from <sender@senderdomain> for me@mydomain
>> 2020-07-13 13:05:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jv4hG-0003kw-1L
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L => domain <me@mydomain> F=<sender@senderdomain> SRS=<SRS0=nGmxsx=AY=senderdomain=sender@???> R=localuser T=local_delivery S=199950
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L Completed
>>
>> whereas before this looked like this
>>
>> 2020-07-04 10:04:28 1jrlaV-0006k0-Ej <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP3PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=57226 DKIM=senderdomain id=202007041704.064H3CYB021613@PFFWRT
>> P3PVAPP.fmr.com T=“Sender - Company News and Research" from <sender@senderdomain> for user@???
>> 2020-07-04 10:04:28 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jrlaV-0006k0-Ej
>> 2020-07-04 10:04:29 H=localhost (localhost.localdomain) [127.0.0.1] incomplete transaction (QUIT) from <domain@host>
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => |nice -10 $home/perlscripts/filter.pl -runsa (domain@host) <user@???> F=<sender@senderdomain> R=userforward T=address_pipe S=57285
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => /home/domain/Maildir/.INBOX.intray.backup/ (domain@host) <user@???> F=<sender@senderdomain> R=userforward T=address_directory S=57349
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej Completed
>>
>> When I test this at the command line I see
>>
>> I have a .forward file and it eventually uses a pipe. (or at least it use to)
>>
>> exim -bt -bV user@domain
>>
>> Exim version 4.94 #2 built 25-Jun-2020 07:25:17
>> Copyright (c) University of Cambridge, 1995 - 2018
>> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
>> Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
>> Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR SPF TCP_Fast_Open Experimental_SRS
>> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
>> Authenticators: cram_md5 dovecot plaintext spa
>> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
>> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
>> Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
>> Fixed never_users: 0
>> Configure owner: 0:0
>> Size of off_t: 8
>> user@host    [srs = SRS0=6E5clp=AY=host=user@domain]
>>   <— user@domain
>> router = localuser, transport = local_delivery

>>
>> But is this something I can test at the command line?
>>
>> Today my ISP introduce a new router earlier in the configuration where now the log entry in my .forward is at least executed as I can see entries added to the log file.
>>
>> however, any pipe etc isn’t executed from that .forward file.
>>
>>
>>> On Jul 13, 2020, at 3:14 AM, Jeremy Harris via Exim-users <exim-users@???> wrote:
>>>
>>> On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
>>>> When I try a test message it doesn’t show userfowrard router.
>>>
>>>> user@???
>>>> router = spamcheck_director, transport = spamcheck
>>>
>>> Run the exim that does the routing with debug turned on.
>>> If this test message is smtp-fed, that'll be the daemon.
>>> If commandline, it's the one you start.
>>>
>>> Grab stderr to file, for later perusal.
>>>
>>> Feed in the test message.
>>>
>>> Find the bit of debug output that shows routing being done.
>>> Look at the conditions on each router in the sequence getting
>>> evaluated. You should discover why the router you expected
>>> was not hit, and the router you observe was hit.
>>> --
>>> Cheers,
>>> Jeremy
>>>
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>