Mailing List Archive

On 1/14/24 18:30, Ken via Exim-users wrote:
> Once in a while a legitimate sender manages to send an important message that really, really looks like spam, so it gets saved (for a little while) in /var/spool/sa-exim/SApermreject/new. I can adjust the filters so that sender's messages will pass in the future. Sometimes, it would be really convenient to be able to get exim to re-try delivery of that saved message after the filters have been adjusted. My search-fu seems to be weak today; I have not found a description of how to do this yet. Any suggestions? (exim4 4.96 running on Debian 12.4)

This will depend on the format of the file(s) for the message.

This is probably best explored in a Debian- or SpamAssassin-
specific forum, as Exim per.se. doesn't know home the message
was put in that directory nor in what format. You might be
ableto reverse-engineer that part from inspecting your logs
and your Exim configuration.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 14. januára 2024 19:16:17 UTC používate? Jeremy Harris via Exim-users <exim-users@lists.exim.org> napísal:
>On 1/14/24 18:30, Ken via Exim-users wrote:
>> Once in a while a legitimate sender manages to send an important message that really, really looks like spam, so it gets saved (for a little while) in /var/spool/sa-exim/SApermreject/new. I can adjust the filters so that sender's messages will pass in the future. Sometimes, it would be really convenient to be able to get exim to re-try delivery of that saved message after the filters have been adjusted. My search-fu seems to be weak today; I have not found a description of how to do this yet. Any suggestions? (exim4 4.96 running on Debian 12.4)

I have similar concept of "quarantine" or "spam archive", where
are mails stored by exim's appendfile transport (separate files,
not maildir). From time to time i need resend message (~ once
per year), and then i simple send it via nonTCP SMTP with little
modification.

The little modification of message is needed to switch it to SMTP
form, for that i have all needed info in it (as for MAIL FROM and
RCPT TO), and add DATA, final dot & QUIT commands, but as it
is really rare, i do not care and i do it manually.

If it will happen more often, one can store them bsmtp form
directly (but i never tried)... IIRC, the message has then extra
Received: header, but i it is no problem here...

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 1/14/24 20:01, Slavko via Exim-users wrote:
> If it will happen more often, one can store them bsmtp form
> directly (but i never tried)... IIRC, the message has then extra
> Received: header, but i it is no problem here...

Longterm, I'd think something like using the experimental
queuefile transport would be simplest. You can either manually
copy the spool file pair back to the main spooldir, or
just use a directory suitable for a named-queue operation.

For the former you might need a commandline macro to say
"yes really deliver this"; I've not thought about it too hard.
For the latter, $queue_name.

The advantage of these is you're not *re-introducing* the
message into the mailflow,
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 14. januára 2024 20:34:12 UTC používate? Jeremy Harris via Exim-users <exim-users@lists.exim.org> napísal:

>Longterm, I'd think something like using the experimental
>queuefile transport would be simplest. You can either manually
>copy the spool file pair back to the main spooldir, or
>just use a directory suitable for a named-queue operation.

That would be great, once it will be included in main, for real
quarantine, where releasing message can be (near to) daily task.

But for me this solution acts as SPAM archive, eg. to (re)learn/train
SPAM filter and to see/inspect content of SPAMs. Messages was
already rejected by fakerejct The archive is accessible via web
(for me), including decoding MIME. Especially for decoding of MIME
(but for training too) i need plain message format.

As i mentioned already, releasing message from it is really rare,
it happens only when i did some mistake in my SPAM filtering or
so...

>The advantage of these is you're not *re-introducing* the
>message into the mailflow,

Sure, on some systems it can be important, but on other side, that
"reintroducing" can be mark for user, that message was inspected
by someone other than recipient... I don't know how to describe it
properly in English. I even send extra mail after that release to user,
to he/she can know that ;-)

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 1/14/24 22:18, Slavko via Exim-users wrote:
> That would be great, once it will be included in main, for real
> quarantine, where releasing message can be (near to) daily task.

To be fair, I only leant in that direction so that additionally
delivering as a notification to the admon/reviewer would be
easy. If no notification, or not an actual copy, would do
then instead of the (not in main) queuefil transport, just
direct to the alternate queue in ACL. That's in main.

> "reintroducing" can be mark for user, that message was inspected
> by someone other than recipient

I agree, that can be a valid need.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 1/14/24 18:30, Ken via Exim-users wrote:
> Once in a while a legitimate sender manages to send an important message
that really, really looks like spam, so it gets saved (for a little while)
in /var/spool/sa-exim/SApermreject/new. I can adjust the filters so that
sender's messages will pass in the future. Sometimes, it would be really
convenient to be able to get exim to re-try delivery of that saved message
after the filters have been adjusted. My search-fu seems to be weak today;
I have not found a description of how to do this yet. Any suggestions?
(exim4 4.96 running on Debian 12.4)

On 1/14/24, Jeremy via Exim-users apparently wrote:

>This will depend on the format of the file(s) for the message.

This is probably best explored in a Debian- or SpamAssassin-
specific forum, as Exim per.se. doesn't know home the message
was put in that directory nor in what format. You might be
ableto reverse-engineer that part from inspecting your logs
and your Exim configuration.
--
Cheers,
Jeremy

As far as I can tell this would be called RFC 5322 format. The file begins:

From long-messy-string@us-west-2.amazonses.com Thu Jan 1 00:00:01 1970

followed by message headers and the message body, ending with three
consecutive newlines.

FYI.

Ken



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 1/15/24 22:41, Ken via Exim-users wrote:
> The file begins:
>
> Fromlong-messy-string@us-west-2.amazonses.com Thu Jan 1 00:00:01 1970
>
> followed by message headers and the message body, ending with three
> consecutive newlines.

Exim with a "-t" option will swallow that file on stdin, taking the "from-space" line
and applying the "uucp_from_pattern" to it to obtain an envelope sender,
and getting envelope recipients from the To: Cc: and Bcc: headers
(or Resent- variants, but that gets tricky...). The default for that option
is almost certainly sufficient.

Bear in mind that the original sender had separate control over the actual
envelope recipient and those headers.

Those three blank lines will end up as part of the body.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

-----Original Message-----
From: exim-users@lists.exim.org [mailto:exim-users@lists.exim.org]
Sent: Monday, January 15, 2024 5:11 PM
To: exim-users@lists.exim.org
Subject: [exim] Re: How can I force redelivery of saved message?

On 1/15/24 22:41, Ken via Exim-users wrote:
> The file begins:
>
> Fromlong-messy-string@us-west-2.amazonses.com Thu Jan 1 00:00:01 1970
>
> followed by message headers and the message body, ending with three
> consecutive newlines.

Exim with a "-t" option will swallow that file on stdin, taking the
"from-space" line
and applying the "uucp_from_pattern" to it to obtain an envelope sender,
and getting envelope recipients from the To: Cc: and Bcc: headers
(or Resent- variants, but that gets tricky...). The default for that option
is almost certainly sufficient.

Bear in mind that the original sender had separate control over the actual
envelope recipient and those headers.

Those three blank lines will end up as part of the body.
--
Cheers,
Jeremy


--

Thank you for the prompt and helpful reply!

Ken


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Amazingly , a google search brought me to an email in a group I
subscribe to ...and it was recent (but I still missed it :-( )


I changed my /etc/mailname to let's say "badname" and a whole bunch of
mail got sent to users@badname  and the report on th failure to
postmaster@badname   ...I never saw any ... so time has passed but as it
happens I have a log ...


### transport/25_exim4-config_gpv_local_copy_outgoing
#################################

# This transport is used to make archival copies of all outgoing mail
# Other config in /etc/exim4/systemfilter.txt and
/etc/exim4/systemfilter.txt
#
local_copy_outgoing:
    driver = appendfile
    delivery_date_add

     ....


So I had a local copy of "lost email" ..so similar to OP.. I needed
creating this:


# !/bin/bash -u

# $1 is the filename containing original email (won't work with stdin) ,
it will be resent to the address we match below
#
# I use: X-Original-To: and From: as the key headers, you may want to
use different ones
#
#
genheader() {
    awk '
         /^X-Original-To:.*/ { gsub("^.*: ", ""); gsub(",.*", "");
print "RCPT TO: " $0 }
         /^From:/            { gsub("^.*: ", ""); print "MAIL FROM: " $0 }
    ' "${@:--}"
}

HEADERS=$(genheader ${1} | sort)  # "MAIL FROM" sorts before "RCPT TO"  :-)

FULLHEAD="${HEADERS}
DATA"

echo "Resending: ${1} " ${HEADERS} >&2

echo "$FULLHEAD"  | cat - $1 <(echo ".") | sendmail -bS
#echo "$FULLHEAD"  | cat - $1 <(echo ".") > /tmp/mail-with-header



And I used it like this:


find ${dir} -type f -mtime -1  | xargs grep -l "X-Original-To: graeme" |
xargs -L 1 bash ./resend-email.sh


(well , sadly I need -mtime 5 or 6 :-o )


It's not very clean ... it just drops any other addresses after the 1st
comma  and that sort is pure fluke  ... but it does the job , for me at
least YMMV.





--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/