[exim] Re: delay not kicking in
On 01/06/2023 21:37, Julian Bradfield via Exim-users wrote: In response to the recent RCPT-flooding attacks, I changed my acl_check_rcpt verification check to say: deny domains = +local_domains !local_parts = postmaster !verify = recipient message = Unknown user delay = 5s When I test non-existent addresses with a dummy smtp session using exim -bh then I see the delay being applied: check delay = 5s delay modifier requests 5-second delay delay skipped in -bh checking mode However, in the exim log file I'm still seeing 99 denied RCPT commands all with the same timestamp. How can this be? acl_check_rcpt's deny applies to the RCPT not the connection. This is like if there is one non-existent recipient in a batch then only that is denied and the rest are delivered. In your case it tests 99 and denies 99. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: delay not kicking in
On 02/06/2023 10:41, James via Exim-users wrote: On 01/06/2023 21:37, Julian Bradfield via Exim-users wrote: In response to the recent RCPT-flooding attacks, I changed my acl_check_rcpt verification check to say: deny domains = +local_domains !local_parts = postmaster !verify = recipient message = Unknown user delay = 5s However, in the exim log file I'm still seeing 99 denied RCPT commands all with the same timestamp. How can this be? acl_check_rcpt's deny applies to the RCPT not the connection. This is like if there is one non-existent recipient in a batch then only that is denied and the rest are delivered. In your case it tests 99 and denies 99. That's missing his point; he's not seeing a delay between log lines for the denials. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: failure to transfer data from subprocess
Having done this and looking at all the timestamps that appear in the trace log relative to the exim mainlog I think I can safely conclude that these emails never make their way to my filter. since none of the timestamps are lining up for the offending emails when they are processed. > On Jun 1, 2023, at 5:14 AM, Evgeniy Berdnikov via Exim-users > wrote: > > Hi. > > On Wed, May 31, 2023 at 09:56:25AM -0500, Robert Nicholson via Exim-users > wrote: >> Does anybody have any more ideas as to how I investigate this >> further since I don’t have debug as I’m not an admin and the folks >> responsible for the exim build claim that this is all due to the >> fact that I’m using a custom filter which I am but it’s understood >> that my filter itself couldn’t be responsible for the errors I’m >> seeing when things error. > ... >> pipe "nice -10 $home/perlscripts/filter.pl" > > If you can modify this filter.pl (I assume it's your own script), > use a wrapper with strace/ltrace utilities to log syscalls. > > Your error message is 'No such file or directory', so pay attention > to file-related syscalls, such as open(2)/openat(2). > -- > Eugene Berdnikov > > -- > ## subscription configuration (requires account): > ## > https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ > ## unsubscribe (doesn't require an account): > ## exim-users-unsubscr...@lists.exim.org > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: failure to transfer data from subprocess
> On Jun 1, 2023, at 7:31 AM, Andrew C Aitchison wrote: > > On Wed, 31 May 2023, Robert Nicholson wrote: > >> So this issue hasn’t resolved itself unfortunately and so I still get the >> occasional email that just simply fails to deliver. >> >> Does anybody have any more ideas as to how I investigate this further since >> I don’t have debug as I’m not an admin and the folks responsible for the >> exim build claim that this is all due to the fact that I’m using a custom >> filter which I am but it’s understood that my filter itself couldn’t be >> responsible for the errors I’m seeing when things error. > > "my filter" means your .forward, or $home/perlscripts/filter.pl ? Yes correct. > "Understood" or verified ? Can you confirm that you perlscript is > running as the expected user and with the expected environment ? > Yes it is but remember and I’m assuming this is relevant. Not all mail consistently fails. Only some. >> failing that is there anyway I can force the delivery or something >> before my filter is invoked so that I can backup the message. >> >> If you remember I do this prior to my pipe but that doesn’t cause >> delivery to occur immediately >> >> save $home/Maildir/.INBOX.intray.backup/ This works for other emails ;-) > > Ah. I think you need to save to a file, not a directory. > > After this line, just for the sender that always fails, add the > "finish" command: > if $sender_address: contains ".." then finis endif > > You do have > if error_message then finish endif > near the top of your .forward file, as recommended by the filter.txt > section 3.25 ? I do now but my problem doesn’t relate to an actual error message per se. > >> after this here’s the pipe >> >> pipe "nice -10 $home/perlscripts/filter.pl" > > Just to be thorough, could you try putting the full path for nice > and hand-expanding $home ? > And check that the perl binary in the first line of filter.pl > exists. If it is set with /usr/bin/env try without that. > > my entire .foward looks like this right now # Exim filter if error_message then finish endif logfile $home/filter.log 0600 logwrite "$tod_full GOT $header_received: $header_date: message from $header_from: to $header_to: about $header_subject:" #pipe "nice -10 $home/perlscripts/filter.pl -runsa" #pipe "/usr/bin/nice -10 $home/perlscripts/filter.pl" pipe "$home/perlscripts/filter.sh" finish A reminder many emails go thru this filter without issue. This shell script is now running my filter using strace and I capture the log and for those emails that still error within exim I never see any activity in the strace log for those messages. #! /bin/sh TODAY=`date "+%Y%m%d"` TODAYTIME=`date "+%Y%m%d%H%M%S"` echo "filter.sh $TODAYTIME" >> /home/elastica/filter.log.$TODAY /usr/bin/strace -tt -o /home/elastica/filter.log.$TODAY -A nice -10 /usr/bin/perl /home/elastica/perlscripts/filter.pl for file in `/usr/bin/find /home/elastica -name "filter.log*" -print | grep -v $TODAY | grep -v "filter.log$"` do /usr/bin/gzip -q $file done > >> Still don’t see reasons why the errors still occur or anything about the >> messages impacted. >> >> But for at least one sender I can see _all_ their mail consistently fails. >> >> but that is not the case for all emails that fail. ie. there are some >> senders who’s emails fail but the same senders email won’t necessarily fail >> all the time. >> >> Does anybody know the signficance of the errno in this case? >> >> 2023-05-31 06:16:13 1q441n-0006Lk-3A internal problem in userforward router >> (recipient is elast...@lhvm02.lizardhill.com): failure to transfer data from >> subprocess: status=0100 readerror='No such file or directory' >> 2023-05-31 06:16:13 1q441n-0006Lk-3A == elast...@lhvm02.lizardhill.com >> R=userforward defer (-1): internal problem in >> userforward router (recipient is elast...@lhvm02.lizardhill.com): failure to >> transfer data from subprocess: status=0100 readerror='No such file or >> directory’ > > If 0100 is the permissions of a file in octal, you might need to add > execute permission, if the system allows it. > > Is this supposed to be running as user robert or elastica ? > >> without a sandbox to play in this is considerably difficult to resolve. >> >> >>> On May 14, 2023, at 3:35 AM, Andrew C Aitchison via Exim-users >>> wrote: >>> >>> On Sat, 13 May 2023, Robert Nicholson via Exim-users wrote: >>> What would a basic .forward file look like if all I wanted to do is to have a .forward file in place but for everything to go it’s default places? >>> >>> The single line: >>> # Exim filter <<== Do not edit or remove this line ! > > -- > Andrew C. Aitchison Kendal, UK > and...@aitchison.me.uk -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...
[exim] Re: failure to transfer data from subprocess
On Fri, Jun 02, 2023 at 09:56:16AM -0500, Robert Nicholson via Exim-users wrote: > Having done this and looking at all the timestamps that appear in > the trace log relative to the exim mainlog I think I can safely > conclude that these emails never make their way to my filter. since > none of the timestamps are lining up for the offending emails when > they are processed. Interesting. As far as I understand, you save a copy of each e-mail before pipe... Is this situation reproducible with this copy? Would this copy be lost if sent to destination address? -- Eugene Berdnikov -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: failure to transfer data from subprocess
On Fri, Jun 02, 2023 at 03:20:45PM -0500, Robert Nicholson via Exim-users wrote: > So the following .forward works ... > This is the one that breaks still. Well, it gives a straitforward way to locate point of failure. The logwrite statement should help to reduce number of steps. -- Eugene Berdnikov -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
