Mailing List Archive

On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
> When I try a test message it doesn’t show userfowrard router.

> user@domain.com
> router = spamcheck_director, transport = spamcheck

Run the exim that does the routing with debug turned on.
If this test message is smtp-fed, that'll be the daemon.
If commandline, it's the one you start.

Grab stderr to file, for later perusal.

Feed in the test message.

Find the bit of debug output that shows routing being done.
Look at the conditions on each router in the sequence getting
evaluated. You should discover why the router you expected
was not hit, and the router you observe was hit.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

I’m not an exim admin so I don’t have debugging permission.

Failing that I do have access to the mainlog file and I can see the different between how things were previously processed and how they are now.

So now an entry looks like his (heavy search and replace by me here)

2020-07-13 13:05:06 1jv4hG-0003kw-1L <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP2PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=199798 DKIM=senderdomain id=3278s0cdkx-23@PFFWRTP2PVAPP.fmr.c
om T=“Sender - Company News and Research" from <sender@senderdomain> for me@mydomain
2020-07-13 13:05:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jv4hG-0003kw-1L
2020-07-13 13:05:06 1jv4hG-0003kw-1L => domain <me@mydomain> F=<sender@senderdomain> SRS=<SRS0=nGmxsx=AY=senderdomain=sender@domain.com> R=localuser T=local_delivery S=199950
2020-07-13 13:05:06 1jv4hG-0003kw-1L Completed

whereas before this looked like this

2020-07-04 10:04:28 1jrlaV-0006k0-Ej <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP3PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=57226 DKIM=senderdomain id=202007041704.064H3CYB021613@PFFWRT
P3PVAPP.fmr.com T=“Sender - Company News and Research" from <sender@senderdomain> for user@domain.com
2020-07-04 10:04:28 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jrlaV-0006k0-Ej
2020-07-04 10:04:29 H=localhost (localhost.localdomain) [127.0.0.1] incomplete transaction (QUIT) from <domain@host>
2020-07-04 10:04:29 1jrlaV-0006k0-Ej => |nice -10 $home/perlscripts/filter.pl -runsa (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_pipe S=57285
2020-07-04 10:04:29 1jrlaV-0006k0-Ej => /home/domain/Maildir/.INBOX.intray.backup/ (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_directory S=57349
2020-07-04 10:04:29 1jrlaV-0006k0-Ej Completed

When I test this at the command line I see

I have a .forward file and it eventually uses a pipe. (or at least it use to)

exim -bt -bV user@domain

Exim version 4.94 #2 built 25-Jun-2020 07:25:17
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR SPF TCP_Fast_Open Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
user@host [srs = SRS0=6E5clp=AY=host=user@domain]
<— user@domain
router = localuser, transport = local_delivery

But is this something I can test at the command line?

Today my ISP introduce a new router earlier in the configuration where now the log entry in my .forward is at least executed as I can see entries added to the log file.

however, any pipe etc isn’t executed from that .forward file.


> On Jul 13, 2020, at 3:14 AM, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
>
> On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
>> When I try a test message it doesn’t show userfowrard router.
>
>> user@domain.com
>> router = spamcheck_director, transport = spamcheck
>
> Run the exim that does the routing with debug turned on.
> If this test message is smtp-fed, that'll be the daemon.
> If commandline, it's the one you start.
>
> Grab stderr to file, for later perusal.
>
> Feed in the test message.
>
> Find the bit of debug output that shows routing being done.
> Look at the conditions on each router in the sequence getting
> evaluated. You should discover why the router you expected
> was not hit, and the router you observe was hit.
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Some changes my ISP made from their perspective to simplify things.

They added

as the first router

#EDIT#48:

.include_if_exists /etc/exim.routers.pre.conf

that’s essentially a clone of userforward

defaultforward:
driver = redirect
domains = lsearch,ret=key;/etc/virtual/domainowners
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify

This was added well before the

.include_if_exists /etc/exim.spamassassin.conf

which looks like this

#1.4
# Spam Assassin
spamcheck_director:
driver = accept
condition = ${if !eq{$acl_m_spam_assassin_has_run}{1}}
condition = ${if !eq{$acl_c_spam_assassin_has_run}{1}}
condition = "${if and { \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassin/user_prefs}} \
{<{$message_size}{500k}} \
} {1}{0}}"
retry_use_local_part
headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
transport = spamcheck
no_verify

Prior to the most recent change my earlier -bV tests were showing the router spamcheck_director as the chosen one.


> On Jul 13, 2020, at 3:41 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>
> I’m not an exim admin so I don’t have debugging permission.
>
> Failing that I do have access to the mainlog file and I can see the different between how things were previously processed and how they are now.
>
> So now an entry looks like his (heavy search and replace by me here)
>
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP2PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=199798 DKIM=senderdomain id=3278s0cdkx-23@PFFWRTP2PVAPP.fmr.c
> om T=“Sender - Company News and Research" from <sender@senderdomain> for me@mydomain
> 2020-07-13 13:05:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jv4hG-0003kw-1L
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L => domain <me@mydomain> F=<sender@senderdomain> SRS=<SRS0=nGmxsx=AY=senderdomain=sender@domain.com> R=localuser T=local_delivery S=199950
> 2020-07-13 13:05:06 1jv4hG-0003kw-1L Completed
>
> whereas before this looked like this
>
> 2020-07-04 10:04:28 1jrlaV-0006k0-Ej <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP3PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=57226 DKIM=senderdomain id=202007041704.064H3CYB021613@PFFWRT
> P3PVAPP.fmr.com T=“Sender - Company News and Research" from <sender@senderdomain> for user@domain.com
> 2020-07-04 10:04:28 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jrlaV-0006k0-Ej
> 2020-07-04 10:04:29 H=localhost (localhost.localdomain) [127.0.0.1] incomplete transaction (QUIT) from <domain@host>
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => |nice -10 $home/perlscripts/filter.pl -runsa (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_pipe S=57285
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => /home/domain/Maildir/.INBOX.intray.backup/ (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_directory S=57349
> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej Completed
>
> When I test this at the command line I see
>
> I have a .forward file and it eventually uses a pipe. (or at least it use to)
>
> exim -bt -bV user@domain
>
> Exim version 4.94 #2 built 25-Jun-2020 07:25:17
> Copyright (c) University of Cambridge, 1995 - 2018
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
> Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
> Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR SPF TCP_Fast_Open Experimental_SRS
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
> Authenticators: cram_md5 dovecot plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> user@host [srs = SRS0=6E5clp=AY=host=user@domain]
> <— user@domain
> router = localuser, transport = local_delivery
>
> But is this something I can test at the command line?
>
> Today my ISP introduce a new router earlier in the configuration where now the log entry in my .forward is at least executed as I can see entries added to the log file.
>
> however, any pipe etc isn’t executed from that .forward file.
>
>
>> On Jul 13, 2020, at 3:14 AM, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
>>
>> On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
>>> When I try a test message it doesn’t show userfowrard router.
>>
>>> user@domain.com
>>> router = spamcheck_director, transport = spamcheck
>>
>> Run the exim that does the routing with debug turned on.
>> If this test message is smtp-fed, that'll be the daemon.
>> If commandline, it's the one you start.
>>
>> Grab stderr to file, for later perusal.
>>
>> Feed in the test message.
>>
>> Find the bit of debug output that shows routing being done.
>> Look at the conditions on each router in the sequence getting
>> evaluated. You should discover why the router you expected
>> was not hit, and the router you observe was hit.
>> --
>> Cheers,
>> Jeremy
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Got some insight from the debug log.

Does anybody know what the 2 0 0 represents?

userforward router skipped: verify 2 0 0

There’s a suspicion that this is a bug introduced by the DirectAdmin folks into their configuration 4.5.26… previous 4.5.25 worked fine.

> On Jul 13, 2020, at 3:51 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>
> Some changes my ISP made from their perspective to simplify things.
>
> They added
>
> as the first router
>
> #EDIT#48:
>
> .include_if_exists /etc/exim.routers.pre.conf
>
> that’s essentially a clone of userforward
>
> defaultforward:
> driver = redirect
> domains = lsearch,ret=key;/etc/virtual/domainowners
> allow_filter
> check_ancestor
> check_local_user
> no_expn
> file = $home/.forward
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> directory_transport = address_directory
> no_verify
>
> This was added well before the
>
> .include_if_exists /etc/exim.spamassassin.conf
>
> which looks like this
>
> #1.4
> # Spam Assassin
> spamcheck_director:
> driver = accept
> condition = ${if !eq{$acl_m_spam_assassin_has_run}{1}}
> condition = ${if !eq{$acl_c_spam_assassin_has_run}{1}}
> condition = "${if and { \
> {!eq {$received_protocol}{spam-scanned}} \
> {!eq {$received_protocol}{local}} \
> {exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassin/user_prefs}} \
> {<{$message_size}{500k}} \
> } {1}{0}}"
> retry_use_local_part
> headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
> transport = spamcheck
> no_verify
>
> Prior to the most recent change my earlier -bV tests were showing the router spamcheck_director as the chosen one.
>
>
>> On Jul 13, 2020, at 3:41 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>>
>> I’m not an exim admin so I don’t have debugging permission.
>>
>> Failing that I do have access to the mainlog file and I can see the different between how things were previously processed and how they are now.
>>
>> So now an entry looks like his (heavy search and replace by me here)
>>
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP2PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=199798 DKIM=senderdomain id=3278s0cdkx-23@PFFWRTP2PVAPP.fmr.c
>> om T=“Sender - Company News and Research" from <sender@senderdomain> for me@mydomain
>> 2020-07-13 13:05:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jv4hG-0003kw-1L
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L => domain <me@mydomain> F=<sender@senderdomain> SRS=<SRS0=nGmxsx=AY=senderdomain=sender@domain.com> R=localuser T=local_delivery S=199950
>> 2020-07-13 13:05:06 1jv4hG-0003kw-1L Completed
>>
>> whereas before this looked like this
>>
>> 2020-07-04 10:04:28 1jrlaV-0006k0-Ej <= sender@senderdomain H=ltm-fwus209m-210m.senderdomain (PFFWRTP3PVAPP.fmr.com) [IP] P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=57226 DKIM=senderdomain id=202007041704.064H3CYB021613@PFFWRT
>> P3PVAPP.fmr.com T=“Sender - Company News and Research" from <sender@senderdomain> for user@domain.com
>> 2020-07-04 10:04:28 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jrlaV-0006k0-Ej
>> 2020-07-04 10:04:29 H=localhost (localhost.localdomain) [127.0.0.1] incomplete transaction (QUIT) from <domain@host>
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => |nice -10 $home/perlscripts/filter.pl -runsa (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_pipe S=57285
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej => /home/domain/Maildir/.INBOX.intray.backup/ (domain@host) <user@domain.com> F=<sender@senderdomain> R=userforward T=address_directory S=57349
>> 2020-07-04 10:04:29 1jrlaV-0006k0-Ej Completed
>>
>> When I test this at the command line I see
>>
>> I have a .forward file and it eventually uses a pipe. (or at least it use to)
>>
>> exim -bt -bV user@domain
>>
>> Exim version 4.94 #2 built 25-Jun-2020 07:25:17
>> Copyright (c) University of Cambridge, 1995 - 2018
>> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
>> Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
>> Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR SPF TCP_Fast_Open Experimental_SRS
>> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
>> Authenticators: cram_md5 dovecot plaintext spa
>> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
>> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
>> Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
>> Fixed never_users: 0
>> Configure owner: 0:0
>> Size of off_t: 8
>> user@host [srs = SRS0=6E5clp=AY=host=user@domain]
>> <— user@domain
>> router = localuser, transport = local_delivery
>>
>> But is this something I can test at the command line?
>>
>> Today my ISP introduce a new router earlier in the configuration where now the log entry in my .forward is at least executed as I can see entries added to the log file.
>>
>> however, any pipe etc isn’t executed from that .forward file.
>>
>>
>>> On Jul 13, 2020, at 3:14 AM, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
>>>
>>> On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote:
>>>> When I try a test message it doesn’t show userfowrard router.
>>>
>>>> user@domain.com
>>>> router = spamcheck_director, transport = spamcheck
>>>
>>> Run the exim that does the routing with debug turned on.
>>> If this test message is smtp-fed, that'll be the daemon.
>>> If commandline, it's the one you start.
>>>
>>> Grab stderr to file, for later perusal.
>>>
>>> Feed in the test message.
>>>
>>> Find the bit of debug output that shows routing being done.
>>> Look at the conditions on each router in the sequence getting
>>> evaluated. You should discover why the router you expected
>>> was not hit, and the router you observe was hit.
>>> --
>>> Cheers,
>>> Jeremy
>>>
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 13/07/2020 22:46, Robert Nicholson via Exim-users wrote:
> Got some insight from the debug log.
>
> Does anybody know what the 2 0 0 represents?
>
> userforward router skipped: verify 2 0 0
>
> There’s a suspicion that this is a bug introduced by the DirectAdmin folks into their configuration 4.5.26… previous 4.5.25 worked fine.

The comment on the code block for that debug output is:

/* Skip this router if verifying and it hasn't got the appropriate
verify flag
set. */

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/