logs archiveIRC Archive / Freenode / #exim / 2010 / July / 12 / 1
darix
hi, with postfix i could do postsuper -d ALL to remove messages from the queue. is there an equivalent for exim?
phx
yes
man exim
darix
you forgot man exiqgrep
henk
o_O
wise guy?!
saulo
hello all! My server is sendding spam from only 1 user account. And I don't know how stop this
2 things happens: 1) A lot of spam of the server is sendded 2) The user account exceds quota because returning mail
I have no experience with exim, somebody could help me?
oreo
Hey. Could someone explain to me why exim is cutting ACL error messages?
by ACL error I mean deny message
joschi
asdf123: suspend the offending acocunt
oreo
joschi: could you help me?
joschi
oreo: what exactly do you mean by "cutting"
         

henk
asdf123: perhaps eximstats helps?
oreo
joschi: it's only displaying the end of the message
henk
asdf123: or do you know which user it is and just don't know how to stop it?
oreo
Like if I have this message deny message = This message is found to be spam. Please notify postmaster@***** if it is legitimate.
it only shows "if it is legitimate."
asdf123
henk: yes
henk
asdf123: disable the user account...
joschi
oreo: maybe a special character in your message?
oreo
joschi: I didn't insert any...
asdf123
henk: this is the problem: I can't disable the user website :(
joschi
oreo: at least it's not the usual behavior to cut off the beginning of the messages
henk
asdf123: then only disable the mail user... who said anything about disabling the website? o_O
oreo: works just fine over. i don't use an '@' in that message though. perhaps you have to escape it. tried without it?
oreo
henk: let me try. escape with "\" ?
henk
probably. i'd just try with "notify postmaster if it is legitimate". they should know the domain anyway...
oreo
henk: you wouldn't believe the amount of people that are stupid
henk
i do support.
oreo
henk: then you should see how many don't know what postmaster means =)
henk
so i guess you rather mean: you wouldn't believe the amount of people who _aren't_ stupid.
oreo
henk: hehehe
henk
you'd be right, i'd probably say "that's 10 times more than i estimated" or similar
asdf123
henk
henk: ok xD
         

henk
but i see your point... then try postmaster AT domain DOT tld
oreo
henk: nope, escaping @ doesn't change anything as expected
henk
i guess spammers could parse your response and just spam that postmaster address as well, if it's explicitly mentioned anyway...
bbl
oreo
henk: i doubt they parse error messages; they're too busy sending
and postmaster is an RFC address
so the majority of servers have it
and all *should*
so spammers should already know this address is available for bombs, but they probably sense that no-one looks into this inbox
peitolm
§try enclosing it in quotes
oreo
peitolm: still cuts the same way, showing the final quote
peitolm
when you say it displays it, where's this? in the log file or at SMTP tile?
if the latter, try 'deny message = "This message is found to be spam \
oreo
peitolm: error message outlook gives me back, so probably SMTP title
peitolm
Please notify postmaster if it is legitimate"
oh dear, you said outlook
try doing the raw smtp conversation manually
oreo
why the backspace? They're in the same line in the config
peitolm
just to check it's not outlook trying to be helpful
oreo: to spit them onto two lines <80 chars
oreo
oh
ok works with telnet
so what to do with outlook?
(newline is right before "if it is legitimate")
peitolm
§try taking out the email
oreo
peitolm: ?
peitolm
just have "This message is found to be spam, please notify postmaster if it is legitimage"
oreo
peitolm: users won't understand though
peitolm
but it would tell you if that would work
oreo
peitolm: i know that's the problem now, since I previously took out the beginning (this message is spam) and it showed everything
peitolm
some places do something like the following "This message has been determined as Spam, please see
oreo
peitolm: that's even longer :p
peitolm
but, is it the length that's causing it to be truncated, or outlook's attempt at parsing the response?
oreo
peitolm: it seems exim automatically adds newline to long messages, and that outlook only shows the last line
peitolm
so setup a short url and do "This message has been determined as spam.\nHttp://myisp.com/emailproblem.html#spam"
or you could just blame it on outlook being outlook
oreo
peitolm: =)
peitolm
it's not really an exim problem though :)
oreo
yeah looks like
Pretty unfortunate; and it's outlook 2007 too!
peitolm
you think they updated the core email handling when they polished the GUI?
(Action) has no love for outlook
oreo
lol
perhaps people wouldn't have this problem though, cause their mail server sends them an email back
i'm sending an email to my server from my server
so it's giving my outlook client directly an smtp reply
by the way
what's the chance of getting false positives if the threshold is set to >5.0 ?
peitolm
that would depend entirely on your ruleset (I am assuming you're talking spamassassin here)
oreo
peitolm: yeah sorry. spamassassin
it's all default + bayes
peitolm
oreo: I can't say I can help you with that, I don't know what your inbound email is like, it could be very obviously spam/ham or you could have boarderline stuff coming in, only you can make that call
oreo
i have no idea how i should adjust the score
peitolm
oreo: if you're thinking of completely rejecting on spam score, i'd start it higher, and lower it, but you need to see what your own flow is
oreo: get spamassasin, or better yet, exim to log the spam score in the log file, and monitor it for a while, then do some analysis to look for obvious break points
oreo
maybe i can add a warn header and look at messages later and see if it's lowerable
also, how do i know bayes is being used while scanning?
what's the command to log?
rioting_pacifist
is anybody using exim4 on debian? I made some config changes in the /conf.d dir but they arn't being applied
local
did you run update-config thing?
update-exim4.conf
rioting_pacifist
yeah, i ran that, any other ideas maybe i have it set to not check conf.d?
rafl
a
rioting_pacifist: update-exim4.conf.conf says the config should be split, right?
local
honestly, i dunno, i always just cd /etc/exim4/ and rf -rf everything and then just make my own exim4.conf
rioting_pacifist
ahh that would be my problem it says split config = false
thanks for the help guys, sorry for being such a noob
asdf123
Today I'm was with a problem with Exim: a server sendding spam. The problem was discovered: the poor user password allowed somebody upload a PHP script at server. This script was controlled by this Windows machine: host170-205-149-62.serverdedicati.aruba.it (62.149.205.170)
The script was removed and the problem solved.
This machines continues sendding spam to other servers
peitolm
have you purged your local queue?
you need to make sure you aren't still getting email from the script or something else the user upload
« prev