Exim4U General Discussion

help with DEFER errors

classic Classic list List threaded Threaded
13 messages Options
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

help with DEFER errors

Helmut Fritz

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Helmut Fritz

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

 

Input: 2223 files

Scan: 2223 files

 

I am sure it is not a coincidence.  The queue is empty.  The files names definitely seem to correspond between the two directories.  All the files in inpur are –D files (I believe that means body, -H is header).  Interestingly there are n o corresponding –H header files in input.

 

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

 

They do get a reject message on their end of:

 

Generating server: mx.sendinghost.com

[hidden email]
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

 

exim -bh xxx.xxx.xxx.xxx

 

and it ends up at an ACCEPT.

 

From: Helmut Fritz [mailto:[hidden email]]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

 

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Gordon Dickens
In reply to this post by Helmut Fritz
Hi Helmut,

For item 1, your server is not successfully completing the reverse dns lookup of your host.  With Exim4U 3.1.0, its on line 63 in exim.conf as follows:

MY_IP = ${lookup dnsdb{a=$smtp_active_hostname}}

This most likely is happening because your ISP's name servers are temporarily unavailable. If this happens alot then you should complain loudly to the ISP that hosts your IP address.  If this problem persists often on an installation which is ***not*** using multi-ip then you can hard code your IP address into this statement to avoid the reverse lookup but that is merely an industrial strength band aid.  Your ISP should get an earful about their servers that perform reverse lookups being unavailable.  I have seen this before but it is generally very rare with most ISP hosting companies.

For item 2, I have no idea what is going on.  I would need more info and log data, etc. to proffer a guess.

Gordon






On 07/11/2016 03:47 PM, Helmut Fritz wrote:

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Gordon Dickens
In reply to this post by Helmut Fritz
Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type.  Are the dates on the files recent?  Run "exim -bp" to see what messages that exim reports in your queue. 


On 07/11/2016 06:05 PM, Helmut Fritz wrote:

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

 

Input: 2223 files

Scan: 2223 files

 

I am sure it is not a coincidence.  The queue is empty.  The files names definitely seem to correspond between the two directories.  All the files in inpur are –D files (I believe that means body, -H is header).  Interestingly there are n o corresponding –H header files in input.

 

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

 

They do get a reject message on their end of:

 

Generating server: mx.sendinghost.com

[hidden email]
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

 

exim -bh xxx.xxx.xxx.xxx

 

and it ends up at an ACCEPT.

 

From: Helmut Fritz [[hidden email]]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

 

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Gordon Dickens
In reply to this post by Gordon Dickens
Sorry Helmut, I mis-spoke.  The problem is not a reverse lookup but an "A" record lookup which may not be your ISP's nameserver and is probably your nameserver.  I have no idea why it is not successfully completing the lookup 100% of the time but you can hard code the IP address as I mentioned earlier if the problem persists.

On 07/12/2016 08:02 AM, Gordon Dickens wrote:
Hi Helmut,

For item 1, your server is not successfully completing the reverse dns lookup of your host.  With Exim4U 3.1.0, its on line 63 in exim.conf as follows:

MY_IP = ${lookup dnsdb{a=$smtp_active_hostname}}

This most likely is happening because your ISP's name servers are temporarily unavailable. If this happens alot then you should complain loudly to the ISP that hosts your IP address.  If this problem persists often on an installation which is ***not*** using multi-ip then you can hard code your IP address into this statement to avoid the reverse lookup but that is merely an industrial strength band aid.  Your ISP should get an earful about their servers that perform reverse lookups being unavailable.  I have seen this before but it is generally very rare with most ISP hosting companies.

For item 2, I have no idea what is going on.  I would need more info and log data, etc. to proffer a guess.

Gordon






On 07/11/2016 03:47 PM, Helmut Fritz wrote:

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users





_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Helmut Fritz
In reply to this post by Gordon Dickens

Thx Gordon.  I will give them an earful!

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 5:03 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Hi Helmut,

For item 1, your server is not successfully completing the reverse dns lookup of your host.  With Exim4U 3.1.0, its on line 63 in exim.conf as follows:

MY_IP = ${lookup dnsdb{a=$smtp_active_hostname}}

This most likely is happening because your ISP's name servers are temporarily unavailable. If this happens alot then you should complain loudly to the ISP that hosts your IP address.  If this problem persists often on an installation which is ***not*** using multi-ip then you can hard code your IP address into this statement to avoid the reverse lookup but that is merely an industrial strength band aid.  Your ISP should get an earful about their servers that perform reverse lookups being unavailable.  I have seen this before but it is generally very rare with most ISP hosting companies.

For item 2, I have no idea what is going on.  I would need more info and log data, etc. to proffer a guess.

Gordon






On 07/11/2016 03:47 PM, Helmut Fritz wrote:

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Helmut Fritz
In reply to this post by Gordon Dickens

Ah – got it.  I will check out my resolv settings, etc.

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 6:03 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Sorry Helmut, I mis-spoke.  The problem is not a reverse lookup but an "A" record lookup which may not be your ISP's nameserver and is probably your nameserver.  I have no idea why it is not successfully completing the lookup 100% of the time but you can hard code the IP address as I mentioned earlier if the problem persists.

On 07/12/2016 08:02 AM, Gordon Dickens wrote:

Hi Helmut,

For item 1, your server is not successfully completing the reverse dns lookup of your host.  With Exim4U 3.1.0, its on line 63 in exim.conf as follows:

MY_IP = ${lookup dnsdb{a=$smtp_active_hostname}}

This most likely is happening because your ISP's name servers are temporarily unavailable. If this happens alot then you should complain loudly to the ISP that hosts your IP address.  If this problem persists often on an installation which is ***not*** using multi-ip then you can hard code your IP address into this statement to avoid the reverse lookup but that is merely an industrial strength band aid.  Your ISP should get an earful about their servers that perform reverse lookups being unavailable.  I have seen this before but it is generally very rare with most ISP hosting companies.

For item 2, I have no idea what is going on.  I would need more info and log data, etc. to proffer a guess.

Gordon






On 07/11/2016 03:47 PM, Helmut Fritz wrote:

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Helmut Fritz
In reply to this post by Gordon Dickens

The queue is empty”

 

Once I saw the messages I thought to see if they were in the queue. 

 

It is interesting that:

 

A message from the same host that forwarded one of the failed messages to my client went through.  So emails from a person were coming through – I have 2 instances of that in my logs.  The emails that are not making it and correspond with the reject message, the files in the input and scan directories, and the spam warning message.

 

I put that domain in my whitelist for spamassassin, and viola the message got through (it is a deposit confirmation for my client and his back – he runs a business that deposits almost daily – so not a long time to wait).  So the message says spam score of 1 and reject of 990, but I think one of those numbers is off by a magnitude of 10 or?  I have not really figured out the combined spam scoring methodology in exim4u.  it seems there are two and their order of magnitude as an integer are different?

 

So interesting that it seems to have been rejected by spam score.  Is there something I can do on my end to log better to help figure this out?  any docs to help me understand the spam scoring better?

 

Thx much!

 

Helmut

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 5:11 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type.  Are the dates on the files recent?  Run "exim -bp" to see what messages that exim reports in your queue. 


On 07/11/2016 06:05 PM, Helmut Fritz wrote:

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

 

Input: 2223 files

Scan: 2223 files

 

I am sure it is not a coincidence.  The queue is empty.  The files names definitely seem to correspond between the two directories.  All the files in inpur are –D files (I believe that means body, -H is header).  Interestingly there are n o corresponding –H header files in input.

 

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

 

They do get a reject message on their end of:

 

Generating server: mx.sendinghost.com

[hidden email]
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

 

exim -bh xxx.xxx.xxx.xxx

 

and it ends up at an ACCEPT.

 

From: Helmut Fritz [[hidden email]]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

 

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with DEFER errors

Gordon Dickens
Spamassassin calculates a Spam-Score and a Spam-Score-Integer where the Spam-Score-Integer = Spam_Score * 10.  If you google "spamassassin Spam-Score Spam-Score-Integer"  You will see lots of other folks discussing this.  Yes, it seems confusing but its just the way that Spamassassin does things.  Here is an explanation from a post that I found on a cPanel forum thread:

What happens is that the spam score people are used to dealing with are decimal values, and not integer values (e.g. 1.5, 30.9, 6.4, etc.). When SpamAssassin passes the value to whatever, it passes it as an integer, but to do that without losing any part of the score, it multiplies that decimal value, by 10. So when it does that, your score then becomes a 15 instead of 1.5, or a 309 instead of a 30.9 and so on.

I think that your concerns here are mostly all related to Spamassassin.  You will see alot more logging info from Spamassasssin in /var/log/maillog in addition to that which is included in the exim logs so I recommend that you watch /var/log/maillog as well. The only other recommendation that I would have is to learn all of the whitelisting options that are available in Spamassassin.   Also, keep in mind that greylisting is based (in part) on Spam-Score and that you can exempt a given email address or domain from greylisting based on Spam-Score by simply whitelisting in Spamassassin.

FYI,

Gordon


On 07/12/2016 12:31 PM, Helmut Fritz wrote:

The queue is empty”

 

Once I saw the messages I thought to see if they were in the queue. 

 

It is interesting that:

 

A message from the same host that forwarded one of the failed messages to my client went through.  So emails from a person were coming through – I have 2 instances of that in my logs.  The emails that are not making it and correspond with the reject message, the files in the input and scan directories, and the spam warning message.

 

I put that domain in my whitelist for spamassassin, and viola the message got through (it is a deposit confirmation for my client and his back – he runs a business that deposits almost daily – so not a long time to wait).  So the message says spam score of 1 and reject of 990, but I think one of those numbers is off by a magnitude of 10 or?  I have not really figured out the combined spam scoring methodology in exim4u.  it seems there are two and their order of magnitude as an integer are different?

 

So interesting that it seems to have been rejected by spam score.  Is there something I can do on my end to log better to help figure this out?  any docs to help me understand the spam scoring better?

 

Thx much!

 

Helmut

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 5:11 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type.  Are the dates on the files recent?  Run "exim -bp" to see what messages that exim reports in your queue. 


On 07/11/2016 06:05 PM, Helmut Fritz wrote:

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

 

Input: 2223 files

Scan: 2223 files

 

I am sure it is not a coincidence.  The queue is empty.  The files names definitely seem to correspond between the two directories.  All the files in inpur are –D files (I believe that means body, -H is header).  Interestingly there are n o corresponding –H header files in input.

 

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

 

They do get a reject message on their end of:

 

Generating server: mx.sendinghost.com

[hidden email]
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

 

exim -bh xxx.xxx.xxx.xxx

 

and it ends up at an ACCEPT.

 

From: Helmut Fritz [[hidden email]]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

 

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with files in input and scan directories, SA score integer vs. decimal

Helmut Fritz

Thx Gordon.  I think I got it.  So in my message my spam-score-int of 1 is actually 10 compared to the spam reject of 990?  Or is that 9.9?  if the former, I have no idea why it would be rejected and I find the body in the input directory (but no header) and a binary of the same message id in scan directory.

 

If the spam reject is 9.9 then I get it.

 

In exim4u_global_spam_virus my SpamRejectScore is set at 99.  So I believe that translates to 9.9, which compared to the 10 above then makes sense for the discard to /dev/null.  I am not sure why the log message shows 990, it should show 9.9 if I understand everything correctly.  990 is far higher than the default 100 that is in the exim4u_global_spam_virus file.

 

I will see if I can suss out some more about SpamAssassin, I am familiar with all the options but the way it works with exim in the smtp connection and the difference in scoring is new to me.  There seems to be something in that translation that is odd  (I.e. reporting 990 instead of 99 or 9.9).  I can deal with it, just want to really understand the integer vs decim score thing and how it is reported.

 

Any ideas on the files in the directories?  Why the header file is missing from input?  Should I check exim list/people for that?  I did not find much in my google searching for that.

 

I changed the subject in case it helps people find this discussion in the future.

 

Helmut

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 4:56 PM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Spamassassin calculates a Spam-Score and a Spam-Score-Integer where the Spam-Score-Integer = Spam_Score * 10.  If you google "spamassassin Spam-Score Spam-Score-Integer"  You will see lots of other folks discussing this.  Yes, it seems confusing but its just the way that Spamassassin does things.  Here is an explanation from a post that I found on a cPanel forum thread:


What happens is that the spam score people are used to dealing with are decimal values, and not integer values (e.g. 1.5, 30.9, 6.4, etc.). When SpamAssassin passes the value to whatever, it passes it as an integer, but to do that without losing any part of the score, it multiplies that decimal value, by 10. So when it does that, your score then becomes a 15 instead of 1.5, or a 309 instead of a 30.9 and so on.


I think that your concerns here are mostly all related to Spamassassin.  You will see alot more logging info from Spamassasssin in /var/log/maillog in addition to that which is included in the exim logs so I recommend that you watch /var/log/maillog as well. The only other recommendation that I would have is to learn all of the whitelisting options that are available in Spamassassin.   Also, keep in mind that greylisting is based (in part) on Spam-Score and that you can exempt a given email address or domain from greylisting based on Spam-Score by simply whitelisting in Spamassassin.

FYI,

Gordon


On 07/12/2016 12:31 PM, Helmut Fritz wrote:

“The queue is empty”

 

Once I saw the messages I thought to see if they were in the queue. 

 

It is interesting that:

 

A message from the same host that forwarded one of the failed messages to my client went through.  So emails from a person were coming through – I have 2 instances of that in my logs.  The emails that are not making it and correspond with the reject message, the files in the input and scan directories, and the spam warning message.

 

I put that domain in my whitelist for spamassassin, and viola the message got through (it is a deposit confirmation for my client and his back – he runs a business that deposits almost daily – so not a long time to wait).  So the message says spam score of 1 and reject of 990, but I think one of those numbers is off by a magnitude of 10 or?  I have not really figured out the combined spam scoring methodology in exim4u.  it seems there are two and their order of magnitude as an integer are different?

 

So interesting that it seems to have been rejected by spam score.  Is there something I can do on my end to log better to help figure this out?  any docs to help me understand the spam scoring better?

 

Thx much!

 

Helmut

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 5:11 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

 

Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type.  Are the dates on the files recent?  Run "exim -bp" to see what messages that exim reports in your queue. 


On 07/11/2016 06:05 PM, Helmut Fritz wrote:

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

 

Input: 2223 files

Scan: 2223 files

 

I am sure it is not a coincidence.  The queue is empty.  The files names definitely seem to correspond between the two directories.  All the files in inpur are –D files (I believe that means body, -H is header).  Interestingly there are n o corresponding –H header files in input.

 

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

 

They do get a reject message on their end of:

 

Generating server: mx.sendinghost.com

[hidden email]
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

 

exim -bh xxx.xxx.xxx.xxx

 

and it ends up at an ACCEPT.

 

From: Helmut Fritz [[hidden email]]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

 

Guys,

1.       I have a lot of these type of messages in my mainlog:

 

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

 

I am trying to look through the configs to see if I can determine where and why I am getting these.

 

Are they a cause for any real concer?  What causes them and can it be recified?

 

I am not running a multi-ip host, but do host multiple virtual domains.

 

2.       I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.  I (think I) do see the actual emails in the /var/spool/exim/scan directory though.  The only thing I find in the logs is this message:

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

Any help, ideas or thoughts would be welcome.  I did a google search that did not seem to provide an useful help.

 

Thx.

 

Helmut

 

P.S. not yet updated to latest release of exim4u.

 

 





_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with files in input and scan directories, SA score integer vs. decimal

Gordon Dickens
On 07/12/2016 11:49 PM, Helmut Fritz wrote:

So in my message my spam-score-int of 1 is actually 10 compared to the spam reject of 990?  Or is that 9.9?


If you specify a spam reject score of 9.9 in the web interface then "spamreject" will be 99 in the exim logs.

Any ideas on the files in the directories?  Why the header file is missing from input?  Should I check exim list/people for that?  I did not find much in my google searching for that.


Sorry but I'm not sure what's going on there....  You can surely post the question on the exim list.   Alternatively, you could just closely watch those directories to see if it happens again.  If it doesn't re-occur then you could just remove those files and periodically check back to ensure that everything is fine.

Gordon


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Helmut Fritz
Reply | Threaded
Open this post in threaded view
|

Re: help with files in input and scan directories, SA score integer vs. decimal

Helmut Fritz

Will do Gordon.

 

In the web interface, for now, they are all set the same.  Discard score of 99 and tag score of 5.  The 99 corresponds to what is set in the exim4u_global_spam_virus for the SpamRejectScore, 99.  Why does the log entry show 990?  If I understand things correctly, It should show 9.9 or 99, no?

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

 

I find zero log entries in maillog regarding the corresponding messages.  I will see if i can get SA to do some better logging, that may help me when things get dumped to /dev/null.

 

Thx much.

 

Helmut

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Wednesday, July 13, 2016 5:29 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with files in input and scan directories, SA score integer vs. decimal

 

On 07/12/2016 11:49 PM, Helmut Fritz wrote:

So in my message my spam-score-int of 1 is actually 10 compared to the spam reject of 990?  Or is that 9.9?


If you specify a spam reject score of 9.9 in the web interface then "spamreject" will be 99 in the exim logs.


Any ideas on the files in the directories?  Why the header file is missing from input?  Should I check exim list/people for that?  I did not find much in my google searching for that.


Sorry but I'm not sure what's going on there....  You can surely post the question on the exim list.   Alternatively, you could just closely watch those directories to see if it happens again.  If it doesn't re-occur then you could just remove those files and periodically check back to ensure that everything is fine.

Gordon


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Gordon Dickens
Reply | Threaded
Open this post in threaded view
|

Re: help with files in input and scan directories, SA score integer vs. decimal

Gordon Dickens
The log entries are correct for the discard score of 99 that you put in the web interface.  A discard score of 99 in the web interface corresponds to a spamreject score of 990 in the exim logs.  A discard score of 10 is recommended and is the default value which would correspond to a spamreject score of 100 in the exim logs.

My FreeBSD systems have lots of spamd entries for spamassassin such as this:

Jul 13 02:20:01 hostname spamd[79255]: spamd: result: . -7 - HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_MED,RCVD_IN_JMF_W,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD scantime=1.4,size=6139,user=spamd,uid=58,required_score=0.0,rhost=localhost,raddr=127.0.0.1,rport=47334,mid=[hidden email],autolearn=ham autolearn_force=no

So, please check your spamassassin config.

Also, please read and understand all of the spamassassin documentation both from spamassassin itself and within the Exim4U docs.  For example, this is cut and pasted from /etc/exim/exim4u_global_spam_virus:

# DISCUSSION OF HOW EXIM4U PROCESSES MAIL WITH SPAMASSASSIN
# Exim4u offers three levels of spamassassin customization.
# First, Exim4u rejects all spam scores >= SpamRejectScore at SMTP time. The
# SpamRejectScore value is global and applies to all local domains, all relay domains
# and all individual user accounts.  The recommended SpamRejectScore value is 10 and
# is specified in this file. The individual users and relay domains can then be more
# aggressive on an individual basis with the second level criteria (discard score)
# and third level criteria (tag score) which are specified for each individual email
# account and/or each individual relay domain using the Exim4U web interface. For
# example, Exim4u discards (to blackhole) all spam scores >= discard values after the
# SMTP connection is closed. Exim4u also tags all spam scores > tag values upon delivery.
# The discard values and tag values for relay domains are specified under the Domain
# Administration menu in the web interface by the site administrator. Likewise, the
# discard values and tag values for individual email accounts are specified under
# "manage POP/IMAP accounts" within each domain in the web interface. The recommended
# range of values for individual discard scores is 8 to 10. The recommended range
# of values for tag scores is 4 to 6.

FYI,

Gordon



On 07/13/2016 12:26 PM, Helmut Fritz wrote:

Will do Gordon.

 

In the web interface, for now, they are all set the same.  Discard score of 99 and tag score of 5.  The 99 corresponds to what is set in the exim4u_global_spam_virus for the SpamRejectScore, 99.  Why does the log entry show 990?  If I understand things correctly, It should show 9.9 or 99, no?

 

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

 

 

I find zero log entries in maillog regarding the corresponding messages.  I will see if i can get SA to do some better logging, that may help me when things get dumped to /dev/null.

 

Thx much.

 

Helmut

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Wednesday, July 13, 2016 5:29 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with files in input and scan directories, SA score integer vs. decimal

 

On 07/12/2016 11:49 PM, Helmut Fritz wrote:

So in my message my spam-score-int of 1 is actually 10 compared to the spam reject of 990?  Or is that 9.9?


If you specify a spam reject score of 9.9 in the web interface then "spamreject" will be 99 in the exim logs.


Any ideas on the files in the directories?  Why the header file is missing from input?  Should I check exim list/people for that?  I did not find much in my google searching for that.


Sorry but I'm not sure what's going on there....  You can surely post the question on the exim list.   Alternatively, you could just closely watch those directories to see if it happens again.  If it doesn't re-occur then you could just remove those files and periodically check back to ensure that everything is fine.

Gordon



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Free forum by Nabble Edit this page