| 2019-05-15 21:08:39 |
Hasse Hagen Johansen |
bug |
|
|
added bug |
| 2019-05-16 10:45:08 |
Paride Legovini |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925982 |
|
| 2019-05-16 10:45:08 |
Paride Legovini |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926952 |
|
| 2019-05-16 10:46:36 |
Paride Legovini |
nominated for series |
|
Ubuntu Eoan |
|
| 2019-05-16 10:46:36 |
Paride Legovini |
bug task added |
|
exim4 (Ubuntu Eoan) |
|
| 2019-05-16 10:46:59 |
Paride Legovini |
nominated for series |
|
Ubuntu Disco |
|
| 2019-05-16 10:46:59 |
Paride Legovini |
bug task added |
|
exim4 (Ubuntu Disco) |
|
| 2019-05-16 10:47:31 |
Paride Legovini |
exim4 (Ubuntu Eoan): status |
New |
Fix Released |
|
| 2019-05-16 10:49:06 |
Paride Legovini |
exim4 (Ubuntu Disco): status |
New |
Triaged |
|
| 2019-05-16 10:51:29 |
Paride Legovini |
exim4 (Ubuntu Disco): status |
Triaged |
Fix Committed |
|
| 2019-05-16 10:51:40 |
Paride Legovini |
tags |
19.04 |
19.04 server-next |
|
| 2019-05-16 10:57:20 |
Paride Legovini |
exim4 (Ubuntu Disco): status |
Fix Committed |
Triaged |
|
| 2019-05-17 01:25:12 |
Bryce Harrington |
description |
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low. The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases thus does not create any new issues, just restores behavior to what it has been in the past.
This is the only major change in debian right now (the only other change being a README note).
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-05-17 01:25:22 |
Bryce Harrington |
exim4 (Ubuntu Disco): importance |
Undecided |
High |
|
| 2019-05-17 01:25:24 |
Bryce Harrington |
exim4 (Ubuntu Disco): assignee |
|
Bryce Harrington (bryce) |
|
| 2019-05-17 01:25:30 |
Bryce Harrington |
exim4 (Ubuntu Disco): milestone |
|
disco-updates |
|
| 2019-05-23 20:41:31 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low. The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases thus does not create any new issues, just restores behavior to what it has been in the past.
This is the only major change in debian right now (the only other change being a README note).
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-05-30 01:37:09 |
Bryce Harrington |
attachment added |
|
Debdiff of SRU fix https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1829292/+attachment/5267510/+files/exim4_4.92-4ubuntu1.1.debdiff |
|
| 2019-05-30 01:37:51 |
Bryce Harrington |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-05-30 16:25:54 |
Robie Basak |
tags |
19.04 server-next |
19.04 regression-release server-next |
|
| 2019-05-30 18:23:53 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-04 04:34:51 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
TBD
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-006-1
$ lxc exec exim-19-006-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
# add-apt-repository -yu ppa:bryce/exim-19-006-1
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-04 18:01:40 |
Brian Murray |
exim4 (Ubuntu Disco): status |
Triaged |
Fix Committed |
|
| 2019-06-04 18:01:44 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2019-06-04 18:01:48 |
Brian Murray |
tags |
19.04 regression-release server-next |
19.04 regression-release server-next verification-needed verification-needed-disco |
|
| 2019-06-04 19:39:30 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-006-1
$ lxc exec exim-19-006-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
# add-apt-repository -yu ppa:bryce/exim-19-006-1
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-006-1
$ lxc exec exim-19-006-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-05 18:01:07 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-006-1
$ lxc exec exim-19-006-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-008-1
$ lxc exec exim-19-008-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-05 18:03:33 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-008-1
$ lxc exec exim-19-008-1 bash
### Pre-requisites ###
# apt update
# apt install -y exim4 exim4-daemon-light
# apt install -y spamassassin
# apt install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-008-1
$ lxc exec exim-19-008-1 bash
### Pre-requisites ###
# apt update
# apt-get install -y exim4 exim4-daemon-light
# apt-get install -y spamassassin
# apt-get install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-05 18:25:33 |
Bryce Harrington |
description |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-008-1
$ lxc exec exim-19-008-1 bash
### Pre-requisites ###
# apt update
# apt-get install -y exim4 exim4-daemon-light
# apt-get install -y spamassassin
# apt-get install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
Enable disco-proposed (Or: add-apt-repository -yu ppa:bryce/exim-19-006-1)
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.
[Test Case]
$ lxc launch ubuntu:19.04/amd64 exim-19-008-1
$ lxc exec exim-19-008-1 bash
### Pre-requisites ###
# apt update
# apt-get install -y exim4 exim4-daemon-light
# apt-get install -y spamassassin
# apt-get install -y sa-exim
### Startup spamassassin ###
# service spamassassin start
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
spamd 10552 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd 10552 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10553 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10553 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
spamd\x20 10554 root 5u IPv6 2384097 0t0 TCP ip6-localhost:spamd (LISTEN)
spamd\x20 10554 root 6u IPv4 2384099 0t0 TCP localhost:spamd (LISTEN)
# service spamassassin status | grep Active
Active: active (running) since [...]
### Configure exim4 for sa-exim ###
# ls -l /usr/lib/exim4/local_scan/sa-exim.so
-rw-r--r-- 1 root root 43576 Aug 2 2016 /usr/lib/exim4/local_scan/sa-exim.so
# OPTION="local_scan_path = \/usr\/lib\/exim4\/local_scan\/sa-exim\.so"
# sed -i.bak "/MAIN CONFIG/a ${OPTION}" /etc/exim4/exim4.conf.template
# sed -i.bak 's/^SAEximRunCond: 0/SAEximRunCond: 1/' /etc/exim4/sa-exim.conf
# update-exim4.conf || echo "Error"
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform RED test
# echo "test" | mail -s testing root
# ls -l /var/spool/mail/mail
-rw------- 1 mail mail 629 Jun 4 04:29 /var/spool/mail/mail
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog || echo "FAIL"
FAIL
### Install fix
# add-apt-repository -yu 'deb http://archive.ubuntu.com/ubuntu disco-proposed main'
### Or: add-apt-repository -yu ppa:bryce/exim-19-008-1
# apt install -y exim4 exim4-daemon-light
# service exim4 restart
# service exim4 status | grep Active
Active: active (running) since [...]
### Perform GREEN test
# echo "test" | mail -s testing root
# tail /var/log/exim4/mainlog
[...]
[...] 1hXwGX-00011P-Ay <= root@exim-19-006-1.lxd U=root P=local S=454
[...] 1hXwGX-00011P-Ay => /var/mail/mail <root@exim-19-006-1.lxd> R=mail4root T=address_file
[...] 1hXwGX-00011P-Ay Completed
# grep "SA: Action" /var/log/exim4/mainlog && echo "PASS"
[...] 1hY18c-000349-Vz SA: Action: scanned but message isn't spam: score=0.7 required=5.0 (scanned in 4/4 secs | Message-Id: [...]@exim-19-006-1.lxd). From <root@exim-19-006-1.lxd> (local) for root@exim-19-006-1.lxd
PASS
# exit
$ lxc stop exim-19-008-1
$ lxc delete exim-19-008-1
[Regression Potential]
Low.
The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases Ubuntu has shipped, thus does not create any new issues, just restores behavior to what it has been in the past.
This is not a default behavior, so whether it is enabled or not should have no impact on "regular" exim4 users.
Things to watch for in testing would be severe breakage when using the local_scan functionality in ways that worked properly in bionic. Note that with sa-exim no longer actively maintained, and with exim4 discouraging use of local_scan, it is to be expected that some irregularities may crop up in certain use cases, but general usage that has worked previously should be expected to continue similarly.
[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.
The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.
This SRU is a one-line change to enable HAVE_LOCAL_SCAN in exim4's template configuration file, "EDITME". Ubuntu has already been carrying the 90_localscan_dlopen.dpatch that implements the necessary functionality, however due to upstream changes it is now necessary to define HAVE_LOCAL_SCAN in the local config (it is off by default). With this change, the functionality of 90_localscan_dlopen.dpatch will again be effective.
[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)
So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)
Hope this can fixed despite sa-exim being very old
Description: Ubuntu 19.04
Release: 19.04
exim4-daemon-heavy:
Installed: 4.92-4ubuntu1
Candidate: 4.92-4ubuntu1
Version table:
*** 4.92-4ubuntu1 500
500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
100 /var/lib/dpkg/status
I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc.eRUR4y-B0k2Tn61YKllctSV6Z3yZr3HQkM9umV947CY@devotestream.icu). From <enzed@devotestream.icu> (host=NULL [185.254.236.42]) for <masked email>
I don't see that after upgrading to 19.04 this saturday |
|
| 2019-06-05 18:46:12 |
Bryce Harrington |
tags |
19.04 regression-release server-next verification-needed verification-needed-disco |
19.04 regression-release server-next verification-done-disco verification-needed |
|
| 2019-06-05 18:47:10 |
Bryce Harrington |
tags |
19.04 regression-release server-next verification-done-disco verification-needed |
19.04 regression-release server-next verification-done verification-done-disco |
|
| 2019-06-17 08:22:54 |
Launchpad Janitor |
exim4 (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-06-17 08:22:59 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
