The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apparent ACL failure with Exim

Discussion in 'E-mail Discussions' started by mudduck, Jun 8, 2007.

  1. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Has anyone seen anything like this before?

    2007-06-08 20:14:15 1HwpWx-000E52-5w H=exprod5mo2.postini.com (exprod5mo5.postini.com) [64.18.0.204] F=<> temporarily rejected after DATA: failed to expand ACL string "${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}": integer expected but "" found
    2007-06-08 20:14:18 1HwpX0-000E53-AJ H=exprod5mo2.postini.com (exprod5mo5.postini.com) [64.18.0.204] F=<> temporarily rejected after DATA: failed to expand ACL string "${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}": integer expected but "" found
    2007-06-08 20:14:55 1HwpXX-000E54-GS H=ukato.freeshell.org (freeshell.org) [192.94.73.7] U=jstretch F=<jstretch@freeshell.org> temporarily rejected after DATA: failed to expand ACL string "${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}": integer expected but "" found


    Suddenly Exim stopped allowing incoming mail. No special anti-relaying or such in place - all was working until yesterday. The only change made was to add an alias in the /valiases/domain_name file. (Took it out when I realized the forwarder in the client control panel did the same thing.)

    Read about a similar situation in the forums...

    did the following:

    mv /usr/local/cpanel/etc/exim /usr/local/cpanel/etc/exim.BROKEN

    /scripts/upcp --force
    /scripts/buildeximconf
    /scripts/restartsrv exim

    Still broken.

    cPanel tech looked at it from 12 - about 3:30, then disappeared with an escalation to Level 3. I'm still waiting for any sort of response from them.

    It appears the ACL is failing... rejected after DATA: failed to expand ACL string. The rule's expecting an integer, but getting a blank....

    I've commented out the rules in chunks, restarted Exim with each chunk and still get the same thing.

    Any ideas? I've got a client that could get really upset if his mail doesn't start working soon.

    I'd appreciate any assistance.

    Jerry
    (mudduck)
     
  2. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Try resetting your exim config in whm's exim config editor.
     
  3. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Your Exim configuration has been reset to the defaults.
    Enabled system filter options: fail_spam_score_over_200|attachments|spam_rewrite
    Enabled ACL options: deny_spam_score_over_200
    Detected spam handling in acls, disabling spamassassin in routers & transports!.
    SpamAssassin method remains unchanged
    Configured options list is:
    Provided options list is: spamd_address
    Exim Insert Regex is: address_pipe|localuser|lookuphost|virtual_aliases|virtual_user|virtual_userdelivery
    Exim Replace Regex is: virtual_sa_user|sa_localuser|virtual_sa_userdelivery|local_sa_delivery|central_filter|central_user_filter|democheck|fail_remote_domains|literal|localuser_spam|lookuphost|virtual_user_spam
    Exim Match Insert Regex is: maildir_format|quota_directory
    Exim Perl Load List is: boxtrapper|checkpass_cphulkd|checkspam|checkspam2|checkuserquota|fast_isdemo|spam_acl_support
    Skipping address_pipe insert as it requires maildir and it is not enabled.
    Exim version 4.64 #0 (FreeBSD 5.4) built 25-Dec-2006 01:57:32
    Copyright (c) University of Cambridge 2006
    Probably Berkeley DB version 1.8x (native mode)
    Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl OpenSSL Content_Scanning Old_Demime
    Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
    Authenticators: cram_md5 plaintext spa
    Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
    Fixed never_users: 0
    Size of off_t: 8
    Configuration file passes test! New configuration file was installed.
    /scripts/mailscannerupdate: This script should not be run manually. If you really wanted to do that, please add --force

    Attempting to restart exim
    Waiting for exim to restart.... . . . . . . . . . . finished.

    exim statusmailnull 39405 0.0 0.2 4756 4128 ?? S 11:46AM 0:00.99 eximstats (perl5.8.8)
    mailnull 54970 0.0 0.1 5712 2576 ?? Ss 9:02PM 0:00.00 /usr/local/sbin/exim -bd -q30m (exim-4.64-0)
    mailnull 54973 0.0 0.1 5712 2552 ?? Ss 9:02PM 0:00.00 /usr/local/sbin/exim -tls-on-connect -bd -oX 465 (exim-4.64-0)
    root 54979 0.0 0.1 2752 2084 ?? S 9:02PM 0:00.03 antirelayd (perl5.8.8)



    exim started ok
    Your configuration changes have been saved!

    I had just thought about that and tried it. Thanks for the suggestion.

    Nevertheless, it seems mail isn't accepted at the server. I tried using telnet to talk to the server directly (we use Postini for MX deliveries) and this is the tail ofthe smtp conversation...

    [snip - ]
    rcpt to: mudduck@fun-shop.com
    250 Accepted
    data
    354 Enter message, ending with "." on a line by itself
    Test
    .
    451 Temporary local problem - please try later

    ====

    mainlog shows:

    2007-06-08 21:20:36 1HwqZ6-000ENe-4F H=ns2.industryinet.com (industryinet.com) [66.63.226.2] F=<sysadm@industryinet.com> temporarily rejected after DATA: failed to expand ACL string "${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}": integer expected but "" found

    No apparentl change...
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    It looks like the spam score isn't being set (perhaps spamassassin is broken on your server?)

    You can work around the problem by disabling the ACL that rejects mail if the spam score is above 20.0
     
  5. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I thought I had tried that. I commented out the ACL sections in the exim.conf and tested incrementally after restarting exim. Still got the same stuff.

    I'd appreciate any suggestions on how to go about that properly - apparently I didn't.
     
  6. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Did you uncheck this?

    Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0.

    Whats the ticket also?
     
  7. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Ticket submitted: Support Request Id 195048

    I just disabled spam assassin in the Service Manager and Tweak Settings. Restarted Exim tried the telnet again and got the same results.
     
  8. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I removed the domain added to remotedomains. Didn't see any change there either.
    Added it back to the local domains.
     
  9. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I went back and unchecked all the spam scores and removed the system filter file.

    I HAVE MAIL!

    Now ... suggestions to make it work right?

    Thanks for your response and your help in getting it working again.... even if it's still a little broke.

    Jerry
     
  10. rcmrulzz

    rcmrulzz Member

    Joined:
    Dec 14, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Where did you uncheck the spam scores? Am unable to find it. I have commented out the filter file. Some info on this would be appreciated.

    Thanks.
     
  11. mudduck

    mudduck Member

    Joined:
    Nov 23, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I removed the check marks on the ACLS section in the Servce Configuration/Exim Configuration Editor.

    ACLS
    Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0.
    Reject mail at SMTP time if the spam score from spamassassin is greater than 12.5.
    Reject mail at SMTP time if the spam score from spamassassin is greater than 15.0.
    Reject mail at SMTP time if the spam score from spamassassin is greater than 17.5.
    Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0.
    ** Reject mail at SMTP time if the sender host is in the zen.spamhaus.org, or bl.spamcop.net rbl

    And in the Mail section:

    I removed the System Filter File entry (made it blank) to disable it.
     
  12. rcmrulzz

    rcmrulzz Member

    Joined:
    Dec 14, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for that info....however my issue was a little diff, wen i enabled spam assassin for the particular domain the emails started coming in, I guess as in the error log at the end we see this "integer expected but "" found" spam assassin gives some value to each email and as it was not enabled in my case there was no value given for the emails and thus these were getting rejected as in the log it says it got a "" (null) value.

    Guess this was the case...anyway thank you very much for your reply :D
     
  13. ee99ee

    ee99ee Well-Known Member

    Joined:
    Aug 15, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Okay, we were having the same problem too after a cpanel tech was working on another issue and had to upgrade cPanel to 11.4.18-C14303 (from another 11.x build).

    We fixed the issue by turning off drop spam with a score of 20 or higher under the Exim configuration screen.

    What can we do to fix this and turn it back on?
     
  14. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Make sure you have exim 4.62 or better. If not you'll need to update exim from ports.
     
Loading...

Share This Page