Re: [exim] Why "blackhole"?
Mike Brudenell via Exim-users schrieb: Hi Mike > The sample configuration you posted is just a set of ACLs entries. The This was NOT a sample configuration, but the real configuration we use to scan the E-Mail with Kaspersky... > *Specification* seems to be saying that when Exim calls the function > specified by *local_scan* then that function itself can delete recipients > from the list. If so and *that* is removing all the recipients but then > tells Exim to accept the message it ends up getting blackholed. It'd be very nice to check if that is the problem... Any idea? Regards Luca Bertoncello (lucab...@lucabert.de) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
On 12 March 2018 at 15:59, Luca Bertoncello via Exim-users < exim-users@exim.org> wrote: > > Yes! Kaspersky. And I must say, that I already had some suspect on that... > > If local_scan says to accept the message but it has no recipients left it >> is blackholed. >> > > OK, thanks. > But I really can't find any place in my configuration to delete the > recipients... > The sample configuration you posted is just a set of ACLs entries. The *Specification* seems to be saying that when Exim calls the function specified by *local_scan* then that function itself can delete recipients from the list. If so and *that* is removing all the recipients but then tells Exim to accept the message it ends up getting blackholed. However I've never used local_scan so might be entirely wrong. Can someone who knows more about it confirm? Cheers, Mike B-) -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
Zitat von Mike Brudenell via Exim-users : Hi Mike Have you added a local_scan function to your configuration? Yes! Kaspersky. And I must say, that I already had some suspect on that... https://www.exim.org/exim-html-current/doc/html/spec_html/ch-adding_a_local_scan_function_to_exim.html If so, then it sounds like it has decided to discard all the recipients for that incoming message. If you read the *Specification* it says (emphasis mine): The list of accepted recipients, held in a vector of length recipients_count. The recipient_item structure is discussed below. You can add additional recipients by calling receive_add_recipient() (see below). *You can delete recipients by removing them from the vector and adjusting the value in recipients_count. In particular, by setting recipients_count to zero you remove all recipients. If you then return the value LOCAL_SCAN_ACCEPT, the message is accepted, but immediately blackholed.* To replace the recipients, you can set recipients_count to zero and then call receive_add_recipient() as often as needed. If local_scan says to accept the message but it has no recipients left it is blackholed. OK, thanks. But I really can't find any place in my configuration to delete the recipients... warn set acl_m_klms_headers = set acl_m_klms_result = set acl_m_klms_answer = ${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}} condition = ${if def:h_X-Ciphermail {false}{true}} defer condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if eq {$acl_m_klms_answer}{}{yes}{no}} log_message = 451 PVC01 - LMS check failed (empty answer) $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile message = 451 PVC01 - Temporary local problem - please try later. ASSISTENCE_MESSAGE (PVC01) defer condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if match {$acl_m_klms_answer}{\N^451\N}{yes}{no}} log_message = 451 PVC02 - LMS check defer $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile message = 451 PVC02 - Temporary local problem - please try later. ASSISTENCE_MESSAGE (PVC02) defer condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if match {$acl_m_klms_answer}{\N^452\N}{yes}{no}} log_message = 451 PVC03 - LMS check defer $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile message = 451 PVC03 - Temporary local problem - please try later. ASSISTENCE_MESSAGE (PVC03) deny condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if match {$acl_m_klms_answer}{\N^550\N}{yes}{no}} log_message = 552 PVC04 - LMS check reject $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile message = 552 PVC04 - E-Mail contains Virus. ASSISTENCE_MESSAGE (PVC04) deny condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if match {$acl_m_klms_answer}{\N^554\N}{yes}{no}} log_message = 552 PDV01 - LMS check reject $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile message = 552 PDV01 - E-Mail contains Virus. ASSISTENCE_MESSAGE (PDV01) warn condition = ${if def:h_X-Ciphermail {false}{true}} condition = ${if match {$acl_m_klms_answer}{\N^250\N}{yes}{no}} logwrite= LMS check accept: $acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile set acl_m_klms_answer = Did I forgot something? Thanks Luca Bertoncello (lucab...@lucabert.de) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
Have you added a local_scan function to your configuration? https://www.exim.org/exim-html-current/doc/html/spec_html/ch-adding_a_local_scan_function_to_exim.html If so, then it sounds like it has decided to discard all the recipients for that incoming message. If you read the *Specification* it says (emphasis mine): The list of accepted recipients, held in a vector of length recipients_count. The recipient_item structure is discussed below. You can add additional recipients by calling receive_add_recipient() (see below). *You can delete recipients by removing them from the vector and adjusting the value in recipients_count. In particular, by setting recipients_count to zero you remove all recipients. If you then return the value LOCAL_SCAN_ACCEPT, the message is accepted, but immediately blackholed.* To replace the recipients, you can set recipients_count to zero and then call receive_add_recipient() as often as needed. If local_scan says to accept the message but it has no recipients left it is blackholed. Cheers, Mike B-) On 12 March 2018 at 15:30, Luca Bertoncello via Exim-users < exim-users@exim.org> wrote: > Hi list, > > I recently discovered this very curiously message in the mainlog: > > 2018-02-28 00:56:11 1eqp6G-0004wp-IR DKIM: d=email.microsoftemail.com > s=102420140131 c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] > 2018-02-28 00:56:12 1eqp6G-0004wp-IR LMS check accept: 250 OK > 2018-02-28 00:56:12 1eqp6G-0004wp-IR <= bounce-866153_HTML-528534629-5 > 439879-228974-...@bounce.e-mail.microsoft.com H=( > mta28.email.microsoftemail.com) [66.231.92.214] P=esmtps > X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 S=69286 > id=df627243-be0d-4776-9939-7408baf52...@xtinmta177.xt.local > 2018-02-28 00:56:12 1eqp6G-0004wp-IR => blackhole (local_scan discarded > recipients) > 2018-02-28 00:56:12 1eqp6G-0004wp-IR Completed > > I really can't understand why the E-Mail will be discarded. > Can someone help me? > > Thanks > Luca Bertoncello > (lucab...@lucabert.de) > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/