Author: Evgeniy Berdnikov Date: To: exim-users Subject: Re: [exim] Very strange problem: E-Mail denied by ACL,
but send via router
On Tue, Mar 09, 2021 at 01:18:53PM +0100, Luca Bertoncello via Exim-users wrote: > > It can be finally confirmed with ltrace or gdb run,
> > and it should disappear if you remove library call.
>
> OK, I tried to start:
>
> ltrace exim -bh...
>
> But I don't see any call to/from Kaspersky... Since I don't really
> know this program, it could be, that I forgot some important
> parameters...
Line ${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
suggests that library entry point is called "scan".
> Could you suggest me how to call it? And maybe (since it logs a huge
> amount of lines...) what I should looking for?
Really it's not a easy task, you have to read man ltrace and add some
flags to ltrace such as -S to display syscalls...
However, I can propose another way: put a delay in acl chain after
reference to ${dlfunc{...}}, say,
warn delay = 5m
then your parent Exim process (exim -bh) should sleep for 5 minutes here.
If /usr/sbin/sendmail was executed almost at the same time, it proves that
nothing but library call can be the source of child process.
--
Eugene Berdnikov
