exim4 doesn't run the local_scan function after upgrade to 19.04

Bug #1829292 reported by Hasse Hagen Johansen on 2019-05-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
exim4 (Ubuntu)
Status tracked in Eoan
Disco
High
Bryce Harrington
Eoan
Undecided
Unassigned

Bug Description

[Impact]
Regression causing breakage of spam filtering for Exim4 users when using sa-exim for spamassassin integration.

[Test Case]
TBD

[Regression Potential]
Low. The 'local_scan' function was removed due to concerns it might allow rewriting of emails in invalid situations. However, this risk has been equally present in previous exim4 releases thus does not create any new issues, just restores behavior to what it has been in the past.

This is the only major change in debian right now (the only other change being a README note).

[Discussion]
Upstream dropped support for a 'local_scan' function in 4.92, that sa-exim requires; Debian restored support for this capability in 4.92-7, but disco is shipping 4.92-4ubuntu1 without the restored support.

The reason upstream dropped the support was out of concern that changes in how emails are handled internally will break rewriting in certain circumstances. Unfortunately this breaks compatibility with sa-exim, which uses local_scan to do spamassassin checking to reject spam emails pre-acceptance.

[Original Report]
It seems like after upgrade to 19.04 that exim is not running the local_scan function (in my case the sa-exim /usr/lib/exim4/local_scan/sa-exim.so)

So I now don't have the spam-scan I am used to(I have enabled scanning by the way of an RCPT_ACL for now)

Hope this can fixed despite sa-exim being very old

Description: Ubuntu 19.04
Release: 19.04

exim4-daemon-heavy:
  Installed: 4.92-4ubuntu1
  Candidate: 4.92-4ubuntu1
  Version table:
 *** 4.92-4ubuntu1 500
        500 http://dk.archive.ubuntu.com/ubuntu disco/main amd64 Packages
        100 /var/lib/dpkg/status

I expect to see in /var/log/exim4/mainlog lines like this as I saw before:
2019-05-12 20:01:54 1hPsnJ-000285-Jj SA: Debug: check succeeded, running spamc
2019-05-12 20:02:01 1hPsnJ-000285-Jj SA: Action: scanned but message isn't spam: score=2.5 required=5.0 (scanned in 7/7 secs | Message-Id: DuXuFV23y44bFKUePZ1f4NaeoavBH7Xtz_eS_RSBnDc<email address hidden>). From <email address hidden> (host=NULL [185.254.236.42]) for <masked email>

I don't see that after upgrading to 19.04 this saturday

Paride Legovini (legovini) wrote :

Thanks for your report. I've been able to reproduce the issue and by digging a bit deeper I found two relevant bugs in Debian [1,2]. Also relevant is the changelog of the Debian exim4 package [3].

In my understanding this is what happened:

 * exim4 4.92 broke the compatibility with sa-exim [4].
 * exim4 4.92-5 (Debian package) dropped the patch to enable local_scan and has been
   declared incompatible ("Conflicts:") with sa-exim [3].
 * By including api-limitation.patch sa-exim 4.2.1-17 is made compatible with exim4 4.92.
 * exim4 4.92-7 is uploaded to Debian unstable with local_scan enabled again and the
   incompatibility with sa-exim removed.

The newer packages are already in Ubuntu Eoan (currently in development).
This bug can be fixed in Disco by porting those packages back.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925982
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926952
[3] https://metadata.ftp-master.debian.org/changelogs//main/e/exim4/exim4_4.92-7_changelog
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926952#19

Changed in exim4 (Ubuntu Eoan):
status: New → Fix Released
Changed in exim4 (Ubuntu Disco):
status: New → Triaged
Changed in exim4 (Ubuntu Disco):
status: Triaged → Fix Committed
tags: added: server-next
Changed in exim4 (Ubuntu Disco):
status: Fix Committed → Triaged
Bryce Harrington (bryce) on 2019-05-17
description: updated
Changed in exim4 (Ubuntu Disco):
importance: Undecided → High
assignee: nobody → Bryce Harrington (bryce)
milestone: none → disco-updates
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.