You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2016/06/30 22:01:24 UTC
[Bug 7333] New: Header is written looply to /var/spool/exim4/scan
until hdd is full for one mail
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
Bug ID: 7333
Summary: Header is written looply to /var/spool/exim4/scan
until hdd is full for one mail
Product: Spamassassin
Version: 3.3.2
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: info@comfine.de
SpamAssassin writes
X-Spam-Score: 1.136
X-Spam-Level: *
X-Spam-Flag: NO
X-Spam-Score: 1.136
X-Spam-Level: *
X-Spam-Flag: NO
X-Spam-Score: 1.136
X-Spam-Level: *
X-Spam-Flag: NO
X-Spam-Score: 1.136
X-Spam-Level: *
....
to /var/spool/exim4/scan when we receive one special mail until the HDD is
full. i deleted the 5GB-file and it happened again (with a new message id, but
with the same message).
i now stopped spamassassin and wait for the mail to be delivered normally as
this is probaply no spam (i talked to the receiver and to the sender)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7333] Header is written looply to /var/spool/exim4/scan until
hdd is full for one mail
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
--- Comment #4 from Comfine GmbH <in...@comfine.de> ---
here are two config-files.
as this is long time ago, this may have changed - i cannot provide that mail
anymore now - sorry.
cat /etc/spamassassin/local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails
#
#rewrite_header Subject *****SPAM*****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
cat /etc/exim4/exim4.conf
# DIRECTORIES
FSC_CENTER_DIR = /scripts/center_slave
FSC_CONF_DIR = FSC_CENTER_DIR/exim/conf
BOX_DIR = /var/mail/
SCRIPTS_DIR = /var/lib/exim4/filters
AUTOREPLY_DIR = /var/lib/exim4/vacation_autoreply
# MYSQL
MYSQL_SERVER = localhost
MYSQL_DB = ***
MYSQL_USER = ***
MYSQL_PASSWORD = ***
MYSQL_TABLE_PREFIX = ***
FSC_QUALIFIED_NAME = ***
FSC_SMTP_ACCEPT_MAX = 500
FSC_SMTP_ACCEPT_PERCONN = 25
FSC_MESSAGE_SIZE_LIMIT = 40M
FSC_RCPT_PERMAIL = 80
FSC_ACL_VALIDATE_SENDER = 0
FSC_ANTI_SPAM_DB = MYSQL_DB
FSC_LOG_RELAY = 1
FSC_VERYFY_SENDER = 1
FSC_SPF_USE = 1
FSC_DENY_LOCALHOST_SMTP = 0
FSC_GEOIP_USE = 1
FSC_SPAMASSASSIN_USE = 1
FSC_SPAM_SCAN_LOCAL_MAILS = 1
FSC_SPAM_MAX_MSGSIZE = 2M
FSC_SPAMCHECK_RELAYED = 1
FSC_SPAMREQ_RELAYED = 80
FSC_SPAMCHECK_AUTHENTICATED = 1
FSC_SPAMREQ_AUTHENTICATED = 100
FSC_SPAM_LOG_REPORT = 10
FSC_SPAM_LOG_FILE = /var/log/exim4/spamlog
# tail -f /var/log/exim4/mainlog | sed 's/\\n/\n/g'
FSC_GREYLISTING_USE = 1
FSC_GREYLISTING_SPAMSCORE = 10
FSC_ANTIVIRUS_SOCKET = clamd:/var/run/clamav/clamd.ctl
FSC_ANTIVIRUS_NAME = ClamAV
# HOSTS
FSC_RELAY_FROM_HOSTS = ***
FSC_RELAY_TO_DOMAINS = ***
FSC_DNS_WHITELIST_DOMAINS = ***.** \
: ^.*\\.***\\.**\$
#FSC_NO_SPAMCHECK_HOSTS =
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
qualify_domain = FSC_QUALIFIED_NAME
qualify_recipient = FSC_QUALIFIED_NAME
exim_path = /usr/sbin/exim4
CONFDIR = /etc/exim4
.include "FSC_CONF_DIR/main.conf"
# TLS
tls_certificate = /etc/ssl/certs/www.****.**.crt.exim
tls_privatekey = /etc/ssl/private/www.****.**.key
#tls_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
tls_on_connect_ports = 465
#PORTS
daemon_smtp_ports = smtp : smtps : 587
# ETC
disable_ipv6 = true
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
.include "FSC_CONF_DIR/acl.conf"
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
.include "FSC_CONF_DIR/routers.conf"
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
.include "FSC_CONF_DIR/transports.conf"
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
.include "FSC_CONF_DIR/retry.conf"
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
.include "FSC_CONF_DIR/rewrite.conf"
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
.include "FSC_CONF_DIR/authentication.conf"
# End of Exim configuration file
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 25 # User können im Center selbst von 3 bis 8 einstellen - 5 ist
dabei standard
# Use Bayesian classifier (default: 1)
#
# use_bayes 1
use_bayes 0
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 0
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
# bayes_ignore_header X-Priority
# Some shortcircuiting, if the plugin is enabled
#
#ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
#endif # Mail::SpamAssassin::Plugin::Shortcircuit
# PB - 2016-04-06 MONEY
# 0.0 -> 2.5 - Huge... sums of money
score LOTS_OF_MONEY 2.5
# 0.3 -> 2.5 - BODY: money back guarantee
score ZMIde_MONEYBACK 2.5
# 2.0 -> 2.5 - X% of a lot of money for you
score T_MONEY_PERCENT 2.5
# PB - 2016-04-05 URIBL
# 0.0 -> 3.5 - Contains an URL listed in the URIBL redlist
score URIBL_RED 3.5
# 1.1 -> 4.5 - Contains an URL listed in the URIBL greylist
score URIBL_GREY 4.5
# x.x -> 7.5 - Contains an URL listed in the URIBL blacklist
score URIBL_BLACK 7.5
# PB - 2016-04-03 URIBL
# Erhöhung gleicht Minuswerte bei SPF_PASS und DKIM_VALID aus
# 0.0 -> 0.5 - RBL: Sender listed at http://www.dnswl.org/, no trust (default)
score RCVD_IN_DNSWL_NONE 0.5
# -0.7 -> -0.2 - RBL: Sender listed at http://www.dnswl.org/, low trust
score RCVD_IN_DNSWL_LOW -0.2
# PB - 2016-04-03
# 0.0 -> 2.0 - Message was received from an IP address
score TVD_RCVD_IP 2.0
# -1.0 -> -0.5 - Envelope sender domain matches handover relay domain
score RP_MATCHES_RCVD -0.5
# 2.5 -> 7.5 - Contains a spam URL listed in the DBL blocklist
score URIBL_DBL_SPAM 7.5
# 2.6 -> 7.0 - RBL: Received via a relay in Spamhaus SBL-CSS
score RCVD_IN_SBL_CSS 7.0
# 1.0 -> 2.5
score SPF_SOFTFAIL 2.5
# 0.3 -> 0.8 - HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_3 0.8
# 0.8 to 0.0 -> 1.6 to 0.4 - BODY: HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_02 1.6
score HTML_IMAGE_RATIO_04 1.2
score HTML_IMAGE_RATIO_06 0.8
score HTML_IMAGE_RATIO_08 0.4
# 0.3 -> 1.0 - HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_3 1.0
# 0.0 -> 1.0 - BODY: Multipart message mostly text/html MIME
score MIME_HTML_MOSTLY 1.0
# 0.0 -> 1.0 - BODY: HTML font color similar or identical to background
score HTML_FONT_LOW_CONTRAST 1.0
# 0.0 -> 0.2 - Message contains an external image
score T_REMOTE_IMAGE 0.2
# 1.0 -> 1.3 - Malformatted HTML
score HTML_TAG_BALANCE_CENTER 1.3
# 0.7 -> 1.2 - BODY: HTML and text parts are different
score MPART_ALT_DIFF 1.2
# 0.5 -> 5.0 - BODY: without Schufa (credit check germany)
score ZMIde_NOSCHUFA 5.0
# 0.4 -> 1.2 - Delivered to internal network by host with dynamic-looking rDNS
score RDNS_DYNAMIC 1.2
# 0.5 -> 1.5
score DATE_IN_PAST_24_48 1.5
# 0.0 -> 2.0 - X% of a lot of money for you
score T_MONEY_PERCENT 2.0
# PB - 2016-03-31
# 3.5 -> 0.0
score XPRIO 0.0
# 3.2 -> 2.0
score HELO_DYNAMIC_IPADDR 2.0
# 0.0 -> 1.5
score SPF_HELO_NEUTRAL 1.5
# 1.9 -> 5.0
score URIBL_ABUSE_SURBL 5.0
# 0.0 -> 0.7
score FREEMAIL_FROM 0.7
# 2.0 -> 1.0
score FROM_MISSPACED 1.0
# -0.1 -> -0.5
score DKIM_VALID -0.5
# -0.1 -> -0.5
score DKIM_VALID_AU -0.5
# PB - 2010-01-04
# Year 2010 Problem
score FH_DATE_PAST_20XX 0.0
# AT - 2016-10-31
#score HS_BODY_1139 3.0 <- HS hat mir geschrieben, dass er bei sich die Regel
auf 1 Punkt gesetzt hat... war wohl dort ein fehler... deswegen hier wieder
auskommentiert..
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7333] Header is written looply to /var/spool/exim4/scan until
hdd is full for one mail
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovanni@paclan.it
--- Comment #3 from Giovanni Bechis <gi...@paclan.it> ---
Can you provide some more info such as a config file and an email that triggers
the problem (as an attachment or via pastebin ) ?
I think it could be a local problem on Exim part rather than a spamassassin
bug.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7333] Header is written looply to /var/spool/exim4/scan until
hdd is full for one mail
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #5 from Kevin A. McGrail <km...@apache.org> ---
Without a spample and ability to recreate, this bug is invalid.
Additionally, the is likely to be an issue with Exim or Exim integration.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7333] Header is written looply to /var/spool/exim4/scan until
hdd is full for one mail
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
Comfine GmbH <in...@comfine.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |info@comfine.de
--- Comment #2 from Comfine GmbH <in...@comfine.de> ---
i sent you a copy of the mail to your email-address.
yes, the mail delivered successfully, if i remember correct.
what do you mean with "how is SA hooked into Exim?" - what exactly do you want
to know? can i provide you some logfile-content or some config-content?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7333] Header is written looply to /var/spool/exim4/scan until
hdd is full for one mail
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7333
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhardin@impsec.org
--- Comment #1 from John Hardin <jh...@impsec.org> ---
Need more information - how is SA hooked into Exim? Did the message get
delivered successfully when SA was disabled, and if so, is it possible to
provide a copy at this late date?
--
You are receiving this mail because:
You are the assignee for the bug.