Hello,
Our exim config passes mail to spamassassin with a spamcheck_router router:
spamcheck_router:
no_verify
check_local_user
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
driver = accept
transport = spamcheck
The spamcheck transport feeds the scanned email back to exim as protocol
spam-scanned:
spamcheck:
debug_print = "T: spamassassin_pipe for $local_part@$domain"
driver = pipe
command = /usr/sbin/exim4 -oMr spam-scanned -bS
use_bsmtp
transport_filter = /usr/bin/spamc -u $local_part
home_directory = "/tmp"
current_directory = "/tmp"
user = Debian-exim
group = Debian-exim
log_output = true
return_fail_output
message_prefix =
message_suffix =
The next router after spamcheck is userforward, where the user's filter
file should delete or file the spam based on its rating:
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = blah blah blah...
This setup worked great for over a year until last Friday. It appears
that email is still being handled as expected at least by
spamcheck_router and spamassassin - the spam we receive is scored and
marked up by spamassassin but not filed or deleted. It appears that it
is not handled by either the userforward router or the exim filter in
.forward. The delivery is handled by local_user, the last available router.
Interestingly, the problem sometimes (but not always!) abates for a few
hours on a SIGHUP of exim4.
No packages or configurations have been identified as updated in the
weeks before the issue started, of course.
A successful spam handling might be logged like this:
3M <= r...@mail2.eff.org U=root P=local S=335 T="Fw: Fw:" from
<star...@mail2.eff.org> for star...@eff.org
2013-05-14 14:52:12 [5718] cwd=/var/spool/exim4 3 args: /usr/sbin/exim4
-Mc 1UcN8m-0001UD-3M
2013-05-14 14:52:12 [5720] cwd=/tmp 4 args: /usr/sbin/exim4 -oMr
spam-scanned -bS
2013-05-14 14:52:12 [5720] SMTP connection from Debian-exim
2013-05-14 14:52:12 [5720] 1UcN8m-0001UG-43 <= r...@mail2.eff.org
U=Debian-exim P=spam-scanned S=3241 id=e1ucn8m-0001ud...@mail2.eff.org
T="Fw: Fw:" from <r
o...@mail2.eff.org> for star...@mail2.eff.org
2013-05-14 14:52:12 [5720] no MAIL in SMTP connection from Debian-exim D=0s
2013-05-14 14:52:12 [5725] cwd=/var/spool/exim4 3 args: /usr/sbin/exim4
-Mc 1UcN8m-0001UG-43
2013-05-14 14:52:12 [5725] 1UcN8m-0001UG-43 =>
/home/starchy/Maildir/.maybespam/ <star...@mail2.eff.org>
F=<r...@mail2.eff.org> P=<r...@mail2.eff.org> R=use
rforward T=address_directory S=3357 QT=0s DT=0s
2013-05-14 14:52:12 [5725] 1UcN8m-0001UG-43 Completed QT=0s
2013-05-14 14:52:12 [5718] 1UcN8m-0001UD-3M => starchy <r...@eff.org>
F=<r...@mail2.eff.org> P=<r...@mail2.eff.org> R=spamcheck_router
T=spamcheck S=3118 QT
=0s DT=0s
2013-05-14 14:52:12 [5718] 1UcN8m-0001UD-3M Completed QT=0s
When spam is scanned and delivered improperly, it is logged like this:
2013-05-14 08:04:26 [28282] 1UcGm9-0007MA-5Y <= <> U=Debian-exim
P=spam-scanned S=4663 T="Special Report and Alert Coming Tonight" from
<> for star...@mail2.eff.org
2013-05-14 08:04:26 [28282] no MAIL in SMTP connection from Debian-exim D=1s
2013-05-14 08:04:26 [28320] cwd=/var/spool/exim4 3 args: /usr/sbin/exim4
-Mc 1UcGm9-0007MA-5Y
2013-05-14 08:04:26 [28286] H=17.newsletter.brandalley.co.uk
[62.210.183.17]:30417 I=[64.147.188.12]:25
F=<feedb...@newsletter.brandalley.co.uk> rejected RCPT <q...@eff.com>:
relay not permitted
2013-05-14 08:04:26 [28320] 1UcGm9-0007MA-5Y => starchy
<star...@mail2.eff.org> F=<> P=<> R=local_user T=maildir_home S=4759
QT=1s DT=0s
2013-05-14 08:04:26 [28320] 1UcGm9-0007MA-5Y Completed QT=1s
Thanks for any suggestions on how to fix or diagnose this, and standard
apologies if I missed something in the archives.
-Starchy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
