Re: [exim] Why "blackhole"?
Mike Brudenell via Exim-users schrieb: Hi Mike > The sample configuration you posted is just a set of ACLs entries. The This was NOT a sample configuration, but the real configuration we use to scan the E-Mail with Kaspersky... > *Specification* seems to be saying that when Exim calls the function > specified by *local_scan* then that function itself can delete recipients > from the list. If so and *that* is removing all the recipients but then > tells Exim to accept the message it ends up getting blackholed. It'd be very nice to check if that is the problem... Any idea? Regards Luca Bertoncello (lucab...@lucabert.de) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
On 12 March 2018 at 15:59, Luca Bertoncello via Exim-users < exim-users@exim.org> wrote: > > Yes! Kaspersky. And I must say, that I already had some suspect on that... > > If local_scan says to accept the message but it has no recipients left it >> is blackholed. >> > > OK, thanks. > But I really can't find any place in my configuration to delete the > recipients... > The sample configuration you posted is just a set of ACLs entries. The *Specification* seems to be saying that when Exim calls the function specified by *local_scan* then that function itself can delete recipients from the list. If so and *that* is removing all the recipients but then tells Exim to accept the message it ends up getting blackholed. However I've never used local_scan so might be entirely wrong. Can someone who knows more about it confirm? Cheers, Mike B-) -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
Zitat von Mike Brudenell via Exim-users :
Hi Mike
Have you added a local_scan function to your configuration?
Yes! Kaspersky. And I must say, that I already had some suspect on that...
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-adding_a_local_scan_function_to_exim.html
If so, then it sounds like it has decided to discard all the recipients for
that incoming message. If you read the *Specification* it says (emphasis
mine):
The list of accepted recipients, held in a vector of length
recipients_count. The recipient_item structure is discussed below. You can
add additional recipients by calling receive_add_recipient() (see
below). *You
can delete recipients by removing them from the vector and adjusting the
value in recipients_count. In particular, by setting recipients_count to
zero you remove all recipients. If you then return the value
LOCAL_SCAN_ACCEPT, the message is accepted, but immediately blackholed.* To
replace the recipients, you can set recipients_count to zero and then call
receive_add_recipient() as often as needed.
If local_scan says to accept the message but it has no recipients left it
is blackholed.
OK, thanks.
But I really can't find any place in my configuration to delete the
recipients...
warn set acl_m_klms_headers =
set acl_m_klms_result =
set acl_m_klms_answer =
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
condition = ${if def:h_X-Ciphermail {false}{true}}
defer condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if eq {$acl_m_klms_answer}{}{yes}{no}}
log_message = 451 PVC01 - LMS check failed (empty answer)
$acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile
message = 451 PVC01 - Temporary local problem -
please try later. ASSISTENCE_MESSAGE (PVC01)
defer condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if match {$acl_m_klms_answer}{\N^451\N}{yes}{no}}
log_message = 451 PVC02 - LMS check defer
$acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile
message = 451 PVC02 - Temporary local problem -
please try later. ASSISTENCE_MESSAGE (PVC02)
defer condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if match {$acl_m_klms_answer}{\N^452\N}{yes}{no}}
log_message = 451 PVC03 - LMS check defer
$acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile
message = 451 PVC03 - Temporary local problem -
please try later. ASSISTENCE_MESSAGE (PVC03)
deny condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if match {$acl_m_klms_answer}{\N^550\N}{yes}{no}}
log_message = 552 PVC04 - LMS check reject
$acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile
message = 552 PVC04 - E-Mail contains Virus.
ASSISTENCE_MESSAGE (PVC04)
deny condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if match {$acl_m_klms_answer}{\N^554\N}{yes}{no}}
log_message = 552 PDV01 - LMS check reject
$acl_m_klms_answer $acl_m_klms_result $acl_m_klms_tempfile
message = 552 PDV01 - E-Mail contains Virus.
ASSISTENCE_MESSAGE (PDV01)
warn condition = ${if def:h_X-Ciphermail {false}{true}}
condition = ${if match {$acl_m_klms_answer}{\N^250\N}{yes}{no}}
logwrite= LMS check accept: $acl_m_klms_answer
$acl_m_klms_result $acl_m_klms_tempfile
set acl_m_klms_answer =
Did I forgot something?
Thanks
Luca Bertoncello
(lucab...@lucabert.de)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why "blackhole"?
Have you added a local_scan function to your configuration? https://www.exim.org/exim-html-current/doc/html/spec_html/ch-adding_a_local_scan_function_to_exim.html If so, then it sounds like it has decided to discard all the recipients for that incoming message. If you read the *Specification* it says (emphasis mine): The list of accepted recipients, held in a vector of length recipients_count. The recipient_item structure is discussed below. You can add additional recipients by calling receive_add_recipient() (see below). *You can delete recipients by removing them from the vector and adjusting the value in recipients_count. In particular, by setting recipients_count to zero you remove all recipients. If you then return the value LOCAL_SCAN_ACCEPT, the message is accepted, but immediately blackholed.* To replace the recipients, you can set recipients_count to zero and then call receive_add_recipient() as often as needed. If local_scan says to accept the message but it has no recipients left it is blackholed. Cheers, Mike B-) On 12 March 2018 at 15:30, Luca Bertoncello via Exim-users < exim-users@exim.org> wrote: > Hi list, > > I recently discovered this very curiously message in the mainlog: > > 2018-02-28 00:56:11 1eqp6G-0004wp-IR DKIM: d=email.microsoftemail.com > s=102420140131 c=relaxed/relaxed a=rsa-sha1 b=1024 [verification succeeded] > 2018-02-28 00:56:12 1eqp6G-0004wp-IR LMS check accept: 250 OK > 2018-02-28 00:56:12 1eqp6G-0004wp-IR <= bounce-866153_HTML-528534629-5 > 439879-228974-...@bounce.e-mail.microsoft.com H=( > mta28.email.microsoftemail.com) [66.231.92.214] P=esmtps > X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 S=69286 > id=df627243-be0d-4776-9939-7408baf52...@xtinmta177.xt.local > 2018-02-28 00:56:12 1eqp6G-0004wp-IR => blackhole (local_scan discarded > recipients) > 2018-02-28 00:56:12 1eqp6G-0004wp-IR Completed > > I really can't understand why the E-Mail will be discarded. > Can someone help me? > > Thanks > Luca Bertoncello > (lucab...@lucabert.de) > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
