Re: [exim] Getting Exim 4.94
On 2020-06-01 22:46, Mike Brown via Exim-users wrote: > Anyone know where I can find a F27 RPM for exim? Probably (and hopefully, to be frank) nowhere, because it has been out of support since November 2018, i.e. no security updates, no maintainance, nothing. The current version of Fedora is 32, which you should really upgrade to ASAP, otherwise your system is vulnerable to quite a lot of exploits (including some in Exim). Fedora has no long time support, the usual lifetime of a single Fedora version is about 13 months, there is a new Fedora version about every six months. So if you don't want to upgrade your distribution version regulary, Fedora is not right for you. For more information, see https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule e.g. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim regex limit length
On 18.04.2018 14:48, Emanuel Gonzalez via Exim-users wrote:
> I've been having no luck with a simple regex to match strings with 20 or less
> characters.
...
> Subject example: Unlock Your Account
>
>
> discardcondition = ${if match{$header_subject:}{.\{0,20\}Unlock Your
> Account\$}}
> logwrite = Rejected By SPAM - $header_subject - FROM:
> "$sender_address"
>
> I try to match the rule with other types of subjects used to steal data, but
> not work. (Example America Alert: Unlock Your Account)
What exactly does not work? Note that you can always test your config
with swaks (from http://www.jetmore.org/john/code/swaks/) piping into a
exim with debug enabled, e.g.
swaks --pipe "exim -bh 127.0.0.2 -d+expand"
Your condition will match with any number of characters before the
"Unlock..." string, because you didn't say the regex should match at the
beginning. But in general, it should work, as you can test yourself:
$ exim -be
> ${if match{America Alert: Unlock Your Account}{.\{0,20\}Unlock Your
Account\$}}
true
Usually you should not use "discard", because this will give no notice
to the sender (which is probably legit), "reject" is better suited.
If you really want to match 0 to 20 chars (which sounds a little
arbitrary to me), use this:
${if match{$header_subject:}{\N^.{0,20}Unlock Your Account$\N}}
Note that I used \N to prevent string expansion, so you don't have to
escape the regex special chars.
You will probably use more than only one or a few regexes, so it's more
convenient to put them into a textfile:
CFGDIR = /etc/exim
reject
condition = ${lookup {$header_subject:} nwildlsearch
{CFGDIR/reject_subjects} {yes} {no}}
and have the regexes in /etc/exim/reject_subjects like this (you need to
have ^ as the first character to indicate that it's a regex):
^.{0,20}Unlock Your Account$
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why does exim add @my.domain when using smtp auth
Hi, Daniel Müller wrote on 2015-09-18 09:28: > 2015-09-18 09:14:14 1Zcps6-0005AK-L1 <= "tes...@tplk.loc"@tplk.loc > H=edvabteilung2.tplk.loc (edvabteilung2) [192.168.135.39] P=esmtpsa > X=UNKNOWN:AES256-GCM-SHA384:256 A=dovecot_login:tes...@tplk.loc S=765 This looks weird, but IIRC this related to a missing "sender_retain" in the "control = submission". You should have something like this in your acl_check_rcpt: accept authenticated = * control = submission/sender_retain -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Extracting the last field
On 26.06.2013 19:13, soumya tr wrote:
a...@def.com g...@jkl.com
I need to extract the last field when delimiter is '@'.
Why not use the expansion operators that are made just for this purpose?
${domain:${address:a...@def.com g...@jkl.com}}
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim message thaw performance
Volker Schmelich, 22.08.2012 22:15: Thank you for the tip regarding strace. From a first glance it looks like server 2 loses time between Writing spool header file and LOG: MAIN unfrozen by root. Especially some fstat(), fsync(), close() call lines have higher times displayed when using strace with the -r param. E.g. one close() shows 0.000644 on server 1 and the same close() on server 2 shows 0.032874. close() of file read or written to? Maybe you could put the strace outputs (-o /tmp/strace) on some webserver... So my uneducated guess would be that ext4 is to blame. Is there a way to temporarily make ext4 behave like ext3 and re-run the test? It should be possible to mount the volume as ext3 (unless a non-backwards-compatible ext4 feature was enabled, obviously). Or just create a new ext3 partition, copy your spool there and mount it over /var/spool/exim. There are some ext4 options that may change performance, e.g. noauto_da_alloc, nobarrier, journal_data_writeback. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] run a command
Cyborg, 19.07.2012 11:36:
how can i make that visible ?
As always, just use
this is not working, because it's an example :
drop message= you have been blacklisted.
condition = ${run{/usr/bin/id /tmp/id}{yes}{yes}}
(id will try to id the term /tmp/id instead of reroute the output to
it.)
It's not working because the /tmp/id is a shell idiom. You have to use
${run{/bin/bash -c /usr/bin/id /tmp/id}{yes}{yes}}
But you don't need the redirection for what you want.
How do i get the output of id ( not to find that userdata ) and log it
to the mainlog ?
This is not working?
drop
condition = ${run{/usr/bin/id}{yes}{no}}
log_message = output of id: $value
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [Exim-users-de] Fallback MX und relay_domains
On 29.05.2012 18:12, mailing wrote: Wie sollte man so eine Userlist-Sync bewerkstelligen? Es liegen nicht genug Informationen über dein System vor, um das zu beantworten. Userverwaltung, Anzahl der Domains etc.? Am einfachsten ist es wohl, per cron rsync laufen lassen (ob der primary oder secondary das anstößt, ist egal) und damit eine (oder mehrere) Datei vom primary auf den secondary zu bringen. Dort baust du dann einen router ein, in dem die Datei ausgewertet wird. ___ Exim-users-de mailing list Exim-users-de@exim.org https://lists.exim.org/mailman/listinfo/exim-users-de
Re: [exim] lookup in and
On 02.12.2011 01:09, Klaus Ethgen wrote:
${if and{{={25}{$received_port}}{lookup ldap{...
That's because and requires conditions, and a lookup is not a
condition.
lookup ldap{...}{yes}{no} and voila, it is boolean
It may be boolean to you, but for Exim it's still only a string.
What may have confused is that Exim has different requirements for
condition depending on the contet. Conditions in ACLs and routers
require a string, conditions in string expansions require a expansion
condition as listed in
http://exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpcond
(or the combination conditions or{} and and{}, but obviously you were
able to find that by yourself).
What does your lookup return, anyway?
anything that exists for this account.
So you want the condition to be true if something is returned? Then
all you need to do is turn the result string into a string expansion
condition, in this case by comparing it to the empty string. Like I
already wrote: and { {...} {ne{}{${lookup ldap{...
But however, as I posted before I found another way.
Well then, good for you. :)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lookup in and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Klaus Ethgen, 2011-12-01 16:14:
I stumble over the problem that lookup is not possible inside of
an and construct.
...
${if and{{={25}{$received_port}}{lookup ldap{...
That's because and requires conditions, and a lookup is not a
condition. What does your lookup return, anyway? You can of course
check the result of your lookup:
${if and {{={25}{$received_port}} {ne{}{${lookup ldap{...}}
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJO17wBAAoJEANsCm3lNaE742gIAKn6hpoNShn5UPT3zzApInR9
Tja5zfcsE1tbAobqoOdKglCGQCSRrvEinPbMmH/FOoz9MtG9SEGNjPGSG/wJRtiX
QVSO0KZqUoPPyrmwpa/GisOckMNl14UpWp9HAxeuO0fui1sFrrV/I+mZqlvGqBg2
qzyFdzmQOXzZb34+xhsjYttCEKo7m9woc81eQxVLgRKrVZpltMu4wI9fVju2pUuP
4scKxguRmSn0VthqjAt3C/Rfx9472UGhirvkvB1d/SfmenCPix4W1ZUlKBSLZDo5
H2fTuOAr13KuRqC3l/g5ObMjUG0j/6zl6IgC4kKzqsLEjDKi+ANT74SgamHVgp8=
=2DGf
-END PGP SIGNATURE-
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SSL tunnel config
p cooper, 2011-11-22 22:37: ive got my TLS smarthost working , now I need to sort the SSL one. I don't know what your issue is, but from reading that: ive setup stunnel and can telnet to localhost 26 , which brings up the remote mail server I guess you want to send to a smarthost with smtps (port 465). Since 4.77 Exim supports smtps by itself, so you don't need stunnel for that any more. As for the necessary option when remote host = localhost: As Heiko noticed, it is self = send. And it's a router option, not a transport option. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to force exim to load file with whitelist IPs into memory
no@o2.pl, 2011-10-30 10:51: I would like to ask, if this is possible to force exim to load files with whitelist IPs into memory. You want exim to load lookup files once at startup? That's currently not possible. It also kind of contradicts the dynamic nature of lookup files, where you can update them and let exim use the new content without restart. What you can do is to use Exim's .include statement, e.g. hostlist my_whitelist = \ .include /etc/my_whitelist The file is included as-is, so it must adhere hostlist syntax, .e.g: 10.0.0.0/8 : \ 192.168.1.0/24 Apart from this: 10kb is not big and easy to keep in to OS's fs cache. net-iplsearch costs some CPU cycles, but Exim is usually IO-bound, not CPU bound. So I don't think this will help much with your (guessed) IO wait problem. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to force exim to load file with whitelist IPs into memory
Phil Pennock, 2011-11-03 04:31: I would be very interested in knowing of such a thing. One of the items already on my work on Exim at some point list of features is: Item: disk stable format write-infrequent read-often (a la CDB) binary trie storage designed to be useful for IP lookups against tables (PF style) to avoid walking lists. I did not look much for it, but a quick search turned up some C libs for that. I guess this is something nice to have, but I would not expect much from it. We usually don't have to look up thousands or millions of IP addresses like a router or firewall has to. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to force exim to load file with whitelist IPs into memory
Phil Pennock, 2011-10-31 08:41: You've mounted the filesystem with atime support, which reports last access time. While useful, for busy file-systems this default support in Unix has proven to be a historical mistake (in my opinion). The only reason the disk is being affected here is because the act of reading the file is updating the inode with a new atime, and this needs to be written back to the disk. Otherwise, assuming local disk and not NFS, the file would sit in buffer cache and all new reads would never go to disk, because the cache would still be valid. I second your opinion. atime is kind of a broken concept. OTOH, atime updates are cached (AFAIK), so the impact should only be visible on very busy systems with little RAM. Mount the filesystem noatime or move the file to a filesystem which is mounted noatime and see how that affects performance. btw, Linux uses relatime by default since 2.6.30. CDB is probably the way to go then. CDB (and DBM etc.) cannot be used with iplsearch. We would need a trie data structure for that. Don't know if there are widely used standard formats and tools for that... -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Recipient verify only for non-authenticated users
W B Hacker, 2011-10-31 05:15: Jakob, had this been written in Deutsch, I'd not be presuming to tell you about *my* dificulty understanding that language. Again, I don't know what you are trying to tell me. That I'm too stupid to understand your language? 'endpass' after an 'accept' can skip all remaining clauses in a given phase. Endpass after *anything* can so skip. What do you mean? After any verb? Surely not, as it is only defined for accept and discard. And again: endpass does not have anything to do with skipping anything. Yes, it happens that 'accept' carries it inherently, but no harm is done - for sake of consistency in style - in applying it to 'accept' as well as other needfuls. What do you mean? That one should put endpass after every accept? As I said ... So far, we agree in substance - even though you have twice contradicted yourself. Really? Where did I contradict myself? Not 'til you complexified it, anyway. Huh? _You_ were the one bringing endpass into the game in your reply to the OP. If you can explain, what it has to do with skipping, please do so. In _clear_ language, if you are able to. Otherwise, save your and my time and consider this the EOT. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Recipient verify only for non-authenticated users
On 28.10.2011 11:07, W B Hacker wrote:
A triggered 'accept' is not 'permanent' until end of DATA. Period.
A triggered 'deny' class verb is 'permanent' AT ONCE. WHEREVER it is.
btw, your terminology is (at least) uncommon, escpecially for email.
permanent and temporary are not quite appropriate to describe what
accept and deny do. But let's not get picky about that.
An 'endpass' is not needed by an 'accept', but is harmless and supports
consistency in style w/r slef-diocumenting 'reminders' of what is taking
place.
...
Circumstances may be better suited to a 'warn' that has to ascertain
things AND report them AND action others AND manipulate things - that do
not (yet) give rise to a deny, nor (yet) a 'final' accept - but may
have no further need for wasting resources in traversing the *remainder*
of the acl test clauses in a given phase.
Far easier to use an 'endpass' and rely on a stand-alone 'accept' at the
END of each phase to otherwise onpass the 'survivors'.
As I understand you nebulous words and the line from you previous posting:
'endpass' after an 'accept' can skip all remaining clauses in a given phase.
I have to say: This is nonsense. endpass can turn an accept into a
deny, but this has nothing to do with skipping the remaining clauses of
a phase. accept already does that. With or without endpass.
accept means, the ACL is finished successfully and that no more stanze
of the ACL will be evaluated.
Let me show you what endpass really does. First, accept without
endpass:
accept
condition = some_condition
could be written with pseudo code as:
function acl_check_connect {
if (some_condition) {
return true; // accept!
}
... // other stanze
}
Now with the use of endpass
accept
condition = some_condition
endpass
condition = ep_condition
would be in pseudo code:
function acl_check_connect {
if (some_condition) {
if (ep_condition) {
return true; // accept!
} else {
// failing endpass condition turns accept into deny
return false;
}
}
... // other stanze
}
Or, in a table:
some_condition | ep_condition | action
---+--+
falsefalse go to next stanza
falsetrue go to next stanza (endpass
does not matter)
true false deny
true true accept
Hope it's clearer now...
PS: Oh, and btw, a deny does not necessarily terminate a session, as
you wrote. If there are multiple recipients, you can deny all of them
but one and still get a message delivered.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Recipient verify only for non-authenticated users
W B Hacker, 2011-10-27 13:41: Works that way here... 'Course I DO run acl's on ALL phases of the smtp session, so... ... an 'accept' ain't final 'til the Fat Lady sings (end of DATA phase..) You are mixing two different things. An accept finishes the _current_ ACL, whether you use endpass or not. Other ACLs run after that can still deny, of course. Again, endpass has nothing to do with this. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Recipient verify only for non-authenticated users
W B Hacker, 2011-10-27 07:51: Ah - forgot to mention one of the BASIC conventions: Any 'deny class' verb is permanent. Session having been terminated, no later 'accept' could possibly act. An 'accept' OTOH is *temporary* .. ...unless it is the LAST one to act in acl_smtp_data. 'endpass' after an 'accept' can skip all remaining clauses in a given phase. This is not true. http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECID200 says: accept: If all the conditions are met, the ACL returns “accept”. i.e., a successful (i.e., all conditions were met) accept skips the remaining ACL entries. And just after that about endpass: If any of the conditions are not met, what happens depends on whether endpass appears among the conditions (for syntax see below). If the failing condition is before endpass, control is passed to the next ACL statement; if it is after endpass, the ACL returns “deny”. So, accept really means accept, for the current ACL. endpass may be handy for some situations, but it's just too mind-boggling (an accept turned into a deny, wtf?), so, as the spec says: current “best practice” is to avoid the use of endpass. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Recipient verify only for non-authenticated users
Colin, 2011-10-26 13:38: The default Exim configuration has require verify = recipient in acl_check_rcpt. ... Can anyone suggest what is needed to modify the line to do this, or alternatively a way to prevent the whole SMTP session from being rejected when only one recipient gets this error? Change the line to: deny ! authenticated = * ! verify = recipient -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 5.x
Odhiambo Washington, 2011-05-17 17:46: Yeah, Exim 5 I think is not so far away, Huh? What makes you think that? I don't see any sign of it. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Redirect route data variable expansion
On 13.03.2011 19:58, Matthias-Christian Ott wrote:
Everything seems to work so far except that I was not able to filter
addresses from the CC header in data. My idea was something like this:
${filter{a...@example.com, b...@example.com, c...@example.com}{and
{{def:h_Cc}}{{!eq{$item}{$h_Cc}
You did not state what you want to achieve. I guess you want to get
if the CC header contains one of the addresses. Some comments:
- As you already wrote, ${filter wants a colon separated list, but you
can change this in the usual way, e.g. ${filter {, a, b, c...
- you have too much closing braces } in your condition. It should look
like: ${filter {... list ...} {and {{condition1}{condition2}...}}}
- You should not put the def:h_CC in the filter condition, as it would
have to be checked for every list item this way (not a big deal, though,
just some wasted CPU cycles). That means you would have to put an ${if
around the filter
- when using $h_something, you should always add the terminating colon
:, as in $h_cc:. As the spec says:
Header names follow the syntax of RFC 2822, which states that they may
contain any printing characters except space and colon. Consequently,
curly brackets do not terminate header names, and should not be used to
enclose them as if they were variables. Attempting to do so causes a
syntax error. This is probably the reason you are getting the error
message. We should probably make the colon mandatory in a future version
and warn about it in the mean time...
- What you want to will not work this way.
First, the CC header contains RFC 2822 addresses (some person
s...@example.com), so you'd have to use ${address: to extract the
address itself.
Second, the CC header may contain more than one address. That means you
will have to use a inner loop where you iterate over the CC addresses.
You can use the ${addresses: operator to get a colon separated list.
Unfortunately, I don't know how to get the $item of the outer loop. You
could put your addresses in a file and use a lsearch lookup.
The whole thing would then look like this (untested and with line breaks
for readability):
${if {def:h_Cc} {
${filter
{${addresses:$h_cc:}}
{lsearch;/path/to/address/file}
}}
}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] error with exim conf - Unicode UTF-8 with BOM
Heiko Schlittermann, 2011-02-13 14:07: + if (config_lineno == 1 Ustrstr(s, \xef\xbb\xbf) == s) I would generalize that: A byte value 0x7f at this point means, that there's something wrong. So I'd prefer something like this: if (config_lineno == 1 (s[0] 0x20 || s[0] 0x7e )) (with logging something like invalid char '%hhc' at start of config file). This would catch all cases listed in http://en.wikipedia.org/wiki/Byte-order_mark#Representations_of_byte_order_marks_by_encoding, except UTF-32 (BE) (which is hard to handle with it's starting 0 octet, as we don't know the line length), but I guess that's good enough (or at least better that what we have right now). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] route from IP
Peter Kirk, 2011-02-14 09:37:
Tried it and it still does not work, any other ideas?
route_list is the wrong approach here. Try this:
r_smarthost_x_com:
driver = manualroute
transport = remote_smtp
senders = *@X.com
condition = ${if eq {$sender_host_address} {10.20.20.20}}
route_data = 10.10.10.10
(you could also integrate condition and route_data into a single
route_data statement, but it's more clear this way.)
If it does not work, you can find out the reason yourself by running a
fake smtp session:
# exim -d+expand -bh 10.20.20.20
...(lots of debug output)
EHLO example.com
...
MAIL FROM b...@x.com
...
RCPT TO whate...@example.net
...
At this point you should see the router r_smarthost_x_com matching (or
at least, why it declines).
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Logging IPv4 port numbers
Mike Cardwell, 2011-01-27 12:25: outgoing mail in case the Exim installation is behind NAT. Surely, if they're behind NAT, the NAT gateway will change the source port anyway as far as the destination server can see? Usually not, as long as the port is not already used. Ie, if two Exim installations behind NAT bind to their local port 1234 Exim does not bind to a specific port for outoing connections. You can, of course, get the address and port of the local end, after the connection is established, but I don't see the big benefit out of that, especially in the case where the NAT gateway has to change the port. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] address lookups stripping off plus-addresses
Eric A. Hall, 2010-07-24 17:40: I guess what I would like is to preserve the suffixes that were received for each address, and then append them to the final recipient addresses at transport time. As I wrote, if you want to keep the suffix, don't use the redirect router. Right now I have four redirect routers for local domains, which are /etc/aliases, LDAP aliases, LDAP groups, and finally LDAP users as the ultimate recipient addresses. These currently redirect the messages to generic file, generic pipe, or Cyrus LMTP, but I will add more transport mechanisms later. As long as you don't want something like root+suf...@your.domain (with root: someuser in your /etc/aliases) to be delivered to someuser+suffix, it should be straight forward: - use redirect for stuff like /etc/aliases - use accept when you have the final address. If you really need root+suffix, you could try adress_data = $local_part_suffix in the redirect router, but take care, as subsequent routers with this option may overwrite that (you'd need some fiddling to handle this). I've tried setting the rcpt_include_affixes option on the Cyrus LMTP transport definition but it doesn't seem to do anything, presumably because the original address has been replaced during routing. It should work with the accept router. You need to set rcpt_include_affixes in the transport, too. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] address lookups stripping off plus-addresses
Eric A. Hall, 2010-07-22 16:29:
I'm poking around at plus-addressing with exim+cyrus and it's not working
right. After some time I figured out that the extended address was not
being used for the envelope recipient. With --debug +all it seems that
that the recipient address is being rewritten by the redirect router.
A router does no rewriting, only routing. The redirect router changes
the recipient and starts a new new routing cycle, but that is not rewriting.
I've tried setting the rewrite = false on that router but the behavior
As the spec says, this option only specifies if the new recipient should
be run through the _rewriting_ rules, which have nothing to do with the
redirect router.
ldap_users:
driver = redirect
data = ${lookup ldap{LDAP_USER_LOOKUP}}
local_part_suffix = +* : -*
When the user is matched in ldap_users the response data includes the
destination address that should be used, but the suffix is gone. This
yes, that's what the redirect router is for: changing the destination
address. If you don't want that, don't use the redirect router.
You probably want to use the accept router and change data to
local_parts.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim TLS - problem
Dave Lugo, 2010-07-03 16:09: This is my complete acl for auth, nothing else needed in it: acl_check_auth: # # The following rules force auth to require STARTTLS. # accept encrypted = * denymessage = TLS encryption required I would strongly recommend against this. This does not stop Exim from announcing that AUTH PLAIN is supported, so clients would send AUTH PLAIN together with their login information, e.g. AUTH PLAIN AGZvbwBiYXI=, so it's too late to reject it. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim TLS - problem
Dave Lugo, 2010-07-05 13:54:
acl_check_auth:
accept encrypted = *
denymessage = TLS encryption required
I would strongly recommend against this. This does not stop Exim from
announcing that AUTH PLAIN is supported, so clients would send AUTH
PLAIN together with their login information, e.g. AUTH PLAIN
AGZvbwBiYXI=, so it's too late to reject it.
It works great for me.
My exim install doesn't offer AUTH PLAIN until STARTTLS
has kicked in.
This may be because I also have the near the
beginning of my config:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
You guessed right. :)
If Exim does not announce AUTH, it won't accept AUTH commands.
So, do you still disrecommend this config, which
doesn't offer AUTH until TLS is started? If yes,
can you tell me why?
It does not hurt, but it's also useless (and therefore give a wrong
feeling of security).
Or do you have any TLS encryption required message in your log?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] RCPT ACL being ignored from php
Mike Packer, 2010-06-30 01:27:
I have the following rule in my RCPT TO ACL: require recipients =
lsearch*@;/etc/exim/rcptto
it work great connecting to the server via SMTP but when php calls
exim -ti top send mail it ignores this rule. I need this rule to
apply to all mail being sent.
acl_smtp_rcpt is only used with smtp (as the name suggests). You can use
acl_not_smtp, but that won't help you much, because there is no way to
reject individual recipients, only the whole message.
I guess this is some spam prevention for a web mail form (it's always a
good idea to tell why you want something, btw). So you could just reject
the whole message if it contains unwanted recipients, e.g. with
reject
! condition = ${if forall{, $recipients} {bool{ ${lookup {$item}
lsearch {/path/to/okuser} {yes}{no }
log_message = $recipients contains unwanted recipient(s)
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
Chris Wilson, 2010-06-16 15:55: connected via the same physical network. Even in the very unlike case that there is a transient problem at the time of the connection attempt to the first address, which does not exist at the time of second attempt, the delivery will be retried again, multiple times. How do you know whether or not they tried and failed to connect to the primary MX before hitting the backup? I don't, but that doesn't matter. I suspect that we are just misunderstanding each other, but what I I guess so. understood from your email was that this could happen: client - primary MX (fails due to temporary network error, never seen by primary) client - secondary MX (succeeds and then client is blocked, mail refused) and later for another message: client - primary MX (mail refused due to client still being blocked) No. By block, I mean reject with '4xx use primary MX', not reject forever. The latter would be really dumb setup, because it is more complex and violates fundamental rules of system design (resilience, robustness). Could this be what happened to relay.rzone.de? You mean what happened to the OP? I can't think of any reason why they would do such a thing. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
Dr. Tilo Levante, 2010-06-15 15:58: we have the following log entry about the backup MX: 450 4.1.0 Don't use the Backup MX 'relay.rzone.de' while the Primary MX is available - please send your mail to ... Does exim use the Backup MX if the primary MX is available? Can I configure exim to prefer the primary MX? Can you post the rcpt domain of the message? rzone.de is the German ISP Strato, but I don't know any domains hosted there that have relay.rzone.de listed as a MX. Usually they only have this 10 mailin.rzone.de. Funny thing is, just two days ago a message from Strato's outbound relays was blocked on my mailserver because it connected to the second MX without trying the first one before... -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
Heiko Schlittermann, 2010-06-16 11:36: But it's quite stupid by second mx, to think that my (network) connectivity to the second mx is the same as to the first mx. This highly depends on the setup. I have only a single (private) mail server which has two IP addresses, so the connectivity, availability and everything of both MXs is just the same. Many spammers just send their crap to the lowest priority MX, so blocking stuff on the second MX that didn't try the first MX before is an easy anti-spam measure. btw, I also use this the other way round: Hosts that get greylisted (on the first MX) are immediately accepted on the second MX. This way, messages from the few hosts that get greylisted (which I only do sparsely) are delayed as little as possible. Most MTAs are decent enough to get through, the most prominent and notorious exception is qmail. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
W B Hacker, 2010-06-16 13:24: (sorry for repost) There is no MX RR for relay.rzone.de Exim appears to have found it by its A RR. You seem to think relay.rzone.de is the rcpt domain of the message the OP had a message for. But it's only a hostname listed as a MX for some domain. Either way, not really an Exim issue at all. ack. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
Chris Wilson, 2010-06-16 13:48: relays was blocked on my mailserver because it connected to the second MX without trying the first one before... For the reasons that Heiko and Graeme gave, I would strongly recommend against blocking anyone on this basis. (i.e. there could have been a temporary problem when they tried to contact your primary, so you might not have knowm that they tried). The things said about such a setup do not apply here. As I wrote, the two MXs resolve to IPs ending up on the same host. They are even connected via the same physical network. Even in the very unlike case that there is a transient problem at the time of the connection attempt to the first address, which does not exist at the time of second attempt, the delivery will be retried again, multiple times. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Strange log entry about backup MX
Chris Wilson, 2010-06-16 14:24: connected via the same physical network. Even in the very unlike case that there is a transient problem at the time of the connection attempt to the first address, which does not exist at the time of second attempt, the delivery will be retried again, multiple times. How do you know whether or not they tried and failed to connect to the primary MX before hitting the backup? I don't, but that doesn't matter. If you block them, as you said above, then what does it matter how many times they retry? Because on the next delivery retry they will first try the first MX again. Or did you think they would only retry the second MX? -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Proposal: $message_body_hash_sha1
On 11.06.2010 15:57, Heiko Schlittermann wrote:
Probable we only need to compute the hash if we see a reference to this
variable in the current config file. Is there any chance (inside the
code writing the message to the spool) to peek if there is some
reference to $message_size_body_hash?
Such functionality is not necessary. You could just make it an expansion
operator insted of variable. That would also give you the ability to
include arbitrary strings (such as message headers) in the hash, e.g.
with ${message_hash:$h_From:\n$h_Subject:\n}, which could return From,
Subject and body.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Proposal: $message_body_hash_sha1
Heiko Schlittermann, 2010-06-11 08:46:
So, to get the long story short: I thinking about having
$message_body_hash_sha1
(or something similar, the interface could be thought about)
What do you think? (I believe, the implementation shouldn't be too
difficult (\0 are already counted, thus some part of the code seems to
see the message stream).
Hm, do you really need the _whole_ body? Otherwise,
${sha1:$message_body} would do what you want (hash the first 500 bytes).
Otherwise I guess you could set message_body_visible to a high enough
number (like message_size_limit), but I'm not sure how efficient Exim is
handling such big strings. OTOH, it probably doesn't matter much on
todays machines, as long as you are not hitting some internal limits
(which I don't know of). If you care about efficiency, you could use dlfunc.
Or is this something useful for other Exim users, too?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Remvoing local IP address from headers of outbound mail
On 17.05.2010 11:53, Ron White wrote: On outbound mail I've noticed this header that, for my needs, is 'a bit too much detail' insofar as revealing the internal IP of the client: ... What is the best approach to removing the header line detailing from You should really not do that. Just set received_header_text to whatever you want revealed. An example is here: http://lists.exim.org/lurker/message/20070913.232709.17363da6.en.html -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Misunderstanding match_domain and sqlite ...
Jim Cheetham, 2010-04-06 00:34:
I'm using a sqlite query in a match_domain condition in an ACL for
check_rcpt, but it's failing.
I suspect that what's happening is not that the where clause is failing,
but the sql return is not a domain list.
domainlist active_domains = ${sg { ${sqlite; /etc/exim4/mta.db select name
from domains where status=active; }}{\\n}{:}}
Ah, indeed -- this seems to be exactly the problem, and solved. Thanks.
even easier and with less cpu cycles (not that it mattes much :) is this:
domainlist active_domains = \n ${lookup sqlite {/etc/exim4/mta.db
select name from domains where status=active}}
All the SQL lookups return a LF-separated list. Exim should probably
handle LF as a separator by default, I guess...
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Misunderstanding match_domain and sqlite ...
Jim Cheetham, 2010-04-06 12:21:
domainlist active_domains = \n ${lookup sqlite {/etc/exim4/mta.db
select name from domains where status=active}}
That is more elegant in the config file; and config file elegance is
IMHO one of Exim's main strengths ...
most of the time, yes :)
http://www.exim.org/exim-html-4.69/doc/html/spec_html/ch09.html#SECTsql
mentions that multiple rows come back separated by newline, but sadly
doesn't provide an example of fixing this for domain lists.
Maybe because the natural way of using domainlists would be this even
more elegant line:
domainlist active_domains = sqlite;/path/to/db select name from domains
where name='${quote_sqlite:$domain}'
(see spec 10.8)
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Run a Program from within Exim
David Cunningham, 2010-03-23 12:46:
The short of the story is that I need exim to execute another program
upon the delivery of an email and send that program the following
string:
/var/spool/maildirs/${substr_0_10:$tod_log}/${domain}/${local_part}/Maildir/new
What do you mean by send? Give as an argument? Write to its stdin?
For example, I tried adding a condition to my local_delivery transport
that looked like this:
condition = {run echo
/var/spool/maildirs/${substr_0_10:$tod_log}/${domain}/${local_part}/Maildir
/dev/shm/temp.file}{0}{1}
RTFM:
1. The syntax is
${run{command args}{string1}{string2}}
not
{run command ...}
2. As in other command executions from Exim, a shell is not used by
default. If you want a shell, you must explicitly code it.
As you use redirection in your test, you need to use a shell there.
3. You have to give the full path to the executable you want to run.
(Unfortunately, this is not documented in the spec of the ${run...}
expansion item. Should probably be added.)
So the expansion string would look like this:
${run {/bin/sh -c echo
/var/spool/maildirs/${substr_0_10:$tod_log/${domain}/${local_part}/Maildir
/dev/shm/temp.file}{0}{1}}
You really have to take care here that nobody can do shell injection
(e.g. by using ';' or other special shell chars in the local part). This
only applies when using a shell, so you should probably avoid that. Just
use a little script, that logs what your program would get, e.g.
#/bin/sh
echo $1 /tmp/bla.log
and use that instead of your real program.
In this example I am simply trying to echo that string to a file in
/dev/shm. I do not get an error in my logs, but I also do not get
this file.
Errors are hidden here. Look into $runrc to see what went wrong.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] EHLO loop
Christian Gregoire, 2010-03-19 11:26:
One of my clients' MTA is going mad from time to time, issuing 'EHLO
name' command in a never-ending loop. Exim politely answers with
the SMTP banner and the extensions available.
Is there an option equivalent to smtp_accept_max_per_connection to
limit the number of EHLO/HELO commands in a single SMTP connection ?
No, but as with most things, you can build that yourself. Put something
like that in your acl_check_helo:
deny
set acl_c_helo_count = ${eval10:0$acl_c_helo_count+1}
condition = ${if {$acl_c_helo_count}{2}}
message = Too many HELO/EHLOs
Note that this allows 3 HELOs and you should probably not increase it,
as clients will re-issue a HELO after STARTTLS and the counter is not reset.
Feel free to limit this to your internal network with hosts =
so.me.net.work/mask, slow down the client with sleep or use drop
instead of deny.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to solve the problem with multiple sender IPs and (selective) greylisting?!
l...@lena.kiev.ua, 2010-03-08 16:58:
I'd suggest to use ${mask:IP address/bit count} instead. regex is
not always the best solution.
In this case regex gives 5 bytes shorter result (without .0/24 at the end).
True, but that's only relevant if you are really short on storage.
This also works with IPv6 (one should use
a different bit count for that, though).
Did someone receive a spam via IPv6 not from a real MTA?
I heard of one case recently. With the rise of ipv6 we'll probably see
more, but it's not a problem right.
Or, don't greylist the whole world by default
The original poster wrote selective in Subject.
Yes, in parenthesis. Greylisting gmail does not sound very selective to
me, but depends on one's selection criteria, of course.
I attached excerpts from my config (including the whitelist) to
http://wiki.exim.org/DbLessGreyListingC
What's the big advantage over using the builtin sqlite support for
greylisting?
When I wrote that, I didn't know that sqlite is demonless. I run Exim
Too bad. One should check the available options before reinventing the
wheel :)
Please give a link to a sqlite greylisting implementation.
http://plonk.de/sw/exim/greylist.txt has been out for quite a while.
There's also one in the wiki: http://wiki.exim.org/SimpleGreylisting
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to solve the problem with multiple sender IPs and (selective) greylisting?!
l...@lena.kiev.ua, 2010-03-08 14:04:
and whitelist few senders which can resend a letter from other
IP-addresses in a block larger than /24.
I.e. use ${sg{$sender_host_address}{\N\.\d+$\N}{}}
I'd suggest to use ${mask:IP address/bit count} instead. regex is
not always the best solution. This also works with IPv6 (one should use
a different bit count for that, though).
for greylisting instead of $sender_host_address .
Or, don't greylist the whole world by default, but only suspicious
connections, e.g. hosts listed in some dnslist (you can be very generous
about choosing them then), with unusual HELO/EHLO or from IPs which seem
to be dynamic. Works very fine here.
I attached excerpts from my config (including the whitelist) to
http://wiki.exim.org/DbLessGreyListingC
What's the big advantage over using the builtin sqlite support for
greylisting?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Lookup domain before delivery
Thierry Lavallee, 2010-03-04 20:58: Example (very far fetched example): if say I set a hotmail.com domain on my machine it will deliver any x...@hotmail.com message locally without verifying the real DNS setup. So the real x...@hotmail.com user will never receive the message. QUESTION: Is there a way to tell exim to lookup the domain before delivery? Sure. How to do it totally depends on your router configuration, especially the order. Exim's default config has a dnslookup router listed as the first one. If you remove the domains = ! +local_domains line and add self = pass, it should work. If you have the router for your local domains before the one for remote domains, you could probably use the dnslookup router instead of the accept router for your localuser and use self = send on it. (Don't know if that works, though). Both approaches depend on stable dns resolving, so you should take care of that. Exim defers the address on dns timeouts by default, so it's probably not that critical. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Special Relaying needed
Ron Lange, 2010-01-13 23:33: Hi, I want a machine with exim to act as smarthost for another machine in the same network. The first machine on the other hand also delivering by an master smarthost, and only this machine is allowed for relaying over the master smarthost. In principle this setup is running fine ;) but the mails from the machine, which is not allowed for direct usage of the master smarthost, aren't delivered (of course, its ip and hostname appearing in the helo). aren't deliverd is not much of a problem description. Please provide the details. As I understand, this is your setup: A (master smarthost) ^ | B (smarthost) ^ | C So, mail from C aren't delivered. But which host rejects them? The hostname in HELO is usually totally irrelevant for relaying, so I doubt that this is the problem. (N.B., there is no way to provide an IP _and_ a hostname in HELO.) C is probably not allowed to relay in B's config, so what you need is to put C's IP (or hostname, if you have proper A and PTR DNS records) in B's relay_from_hosts hostlist. But without log excerpt (at least from B, preferably also from C), this is only a wild guess. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] spam_score_int is not set even the mail is scanned
On 09.01.2010 23:54, Peter wrote:
thanks a lot Kirill, Heiko and Ted for your help. I got a little bit
deeper. I don't want to scan the email in the ACL because I can't train the
bayes-filter user-specific in ACL. In ACL I can only use a bayes-filter for
one system-wide user.
Using user-specific content scanning settings is a common problem, I
think there are some solutions in the wiki.
So I took Kirill's hint, that it's possible to read $spam_score_int
directly from the mail-header after the mail was scanned. I was trying
-
condition = ${if {$header_X-Spam-Score}{100}{1}{0}}
in the ditch_spam-Router but I got an error failed to expand condition.
RTFM: If the following character is white space, the terminating colon
may be omitted, but this is not recommended, because you may then forget
it when it is needed.
I.e., you need to use $h_X-Spam-Score:.
Note that SA's X-Spam-Score usually contains something like -2.0 (--),
so you need to extract the first value. And it's not the same as you
would get in $spam_score_int (Exim cannot handle float), so you have to
find a solution for that, too.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] 2GB limitation on Solaris
On 07.01.2010 19:22, Juan Bernhard wrote: Hi John, thanks for your answer, but Solaris 10 (this problem was on Solaris 9) can handle larger files than 2gb, the restriction isn't on the ufs. The first thing I tried was '$cat 500mb-file 2gb-file' I don't know much about Solaris, but on GNU/Linux you need to compile applications with -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE if they should be able to handle files 2GiB. These flags are already used in OS/Makefile-GNU, -Linux etc., so it depends on which Makefile you use to compile Exim. I really need to know what defer (27) means, so I can start looking to that. I couldn't find this on the user manual. This is already answered, but I doubt that it helps you with anything. It's just the code from errno, the human readable description is printed just after it (as received from strerror()). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Last access time
mail...@securitylabs.it, 2010-01-08 14:44:
Hello, I'd like to update a field in a MySQL DB with the last access
time (something like 2010-01-08 12:58:51) every time a user authenticate.
plain_login:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT '1' FROM users \
WHERE username = '${quote_mysql:$2}' \
AND type = 'local' AND pwd =
'${quote_mysql:$3}'} {yes}{no}}
server_set_id = $2
First, you should replace '$2' with '$auth2' (and all other $x too).
There are several ways to do this. You could put a string expansion that
does an UPDATE somewhere in your authenticator, e.g.
- put the query after the 'yes' in server_condition: ${lookup mysql
{INSERT INTO table (user, last_auth) values ('${quote_mysql:$auth2}',
NOW()) ON DUPLICATE KEY UPDATE last_auth=VALUES(last_auth)}{}{}}'
- or do this in server_set_id
Or do this in your MAIL ACL (which is not strictly to wish, but should
be good enough):
acl_check_mail:
warn
condition = ${if def:authenticated_id}
condition = query_as_above
If you want the UPDATE to be performed on authentication _attempts_, you
can put the query in your AUTH ACL:
acl_check_auth:
warn
condition = query_as_above
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] 2GB limitation on Solaris
On 08.01.2010 15:55, Juan Bernhard wrote: Thanks Jacob! Its working now. I also had to modify the line ARCHTYPE=i386 to ARCHTYPE=amd64 in the file build-SunOS5-5.10-i386/Makefile file. Oh, then scripts/arch-type gets your ARCHTYPE wrong. But you can override that when running make by setting ARCHTYPE=amd64. This whole makefile stuff is clumsy and error-prone and should probably replaced some time. autoconf/-make is not that bad after all... Opinions? (reply-to set to exim-dev) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SMTP AUTH - server_set_id
ja...@goodtimes.za.net schrieb: I have this situation where by enabling server_set_id = $1 in my LOGIN authentication makes exim believe this is my localpart in the senders address. As you can see in the exim logs below, exim goes on to add the change control = submission to control = submission/sender_retain (or to something more appropriate) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [Exim-users-de] Probleme mit DKIM unter Exim 4.70
Werner Berger, 2009-11-16 01:23: Ich habe mich auf der Internetseite von exim.org angemeldet, Bestätigungsmail kommt nicht an. Nur eine Zeile im Log. 2009-11-15 02:42:08 1N9U80-0002LE-19 H=tahini.csx.cam.ac.uk [131.111.8.192] rejected DKIM : 220 mein.server.de ESMTP Exim 4.70 Sun, 15 Nov 2009 02:42:07 +0100^ JH Sonst nichts, kein Sender oder sonstwas? Nein, habe das ganze mainlog nach der eximID durchsucht. Die Meldung an sich ist schon recht merkwürdig, weil die stark nach dem SMTP-Greeting aussieht, was eigentlich nichts mit DKIM zu tun hat... Ich schalte DKIM mit dem control in der exim.conf ab. Ich melde mich erneut auf der Internetseite von exim.org an, Bestätigungsmail kommt an, ich bestätige. JH Ähm, mit welchem control in der exim.conf schaltest du das ab bzw. hast JH du das vorher angeschaltet? In der acl_check_rcpt ganz am Anfang: warn ... control = dkim_disable_verify Naja, damit schaltest du wohl DKIM komplett ab. Aber auch wenn das nicht aktiv ist, also DKIM gemacht wird, lehnt Exim nicht einfach Mails ab, dafür mußt du schon acl_smtp_dkim definiert haben und dort kein accept drin haben. Bei mir sieht die config so aus: # main ... acl_smtp_dkim = acl_check_dkim ... dkim_verify_signers = $sender_address_domain:$dkim_signers ... acl_check_rcpt: (dkim_disable_verify wie in Beispielconfig ) ... acl_check_dkim: # erstmal nur testen... warn sender_domains = paypal.com : paypal.de : ebay.de : ebay.com #dkim_signers = paypal.com : paypal.de : ebay.de : ebay.com dkim_status = none:invalid:fail log_message = Message from $sender_address_domain with invalid or missing signature add_header = X-DKIM-Warning: Message from $sender_address_domain with invalid or missing signature add_header = X-DKIM: $dkim_verify_status ($dkim_verify_reason) accept Wenn du eine DKIM-ACL definiert hast, muß du (wie bei jeder anderen ACL auch) am Ende ein accept haben (wenn du nicht schon vorher ein accept zuschlagen läßt), ansonsten geht Exim implizit von einem deny aus. Das wäre evt. eine Erklärung für das Verhalten bei dir. ___ Exim-users-de mailing list Exim-users-de@exim.org http://lists.exim.org/mailman/listinfo/exim-users-de
Re: [Exim-users-de] Probleme mit DKIM unter Exim 4.70
Werner Berger wrote: Ich habe mich am Webformular auf der Exim-Seite angemeldet. Nachdem ich vergeblich auf die auf die Bestätigungsmail gewartet habe, sah ich in den Logs die Fehlermeldung. Es ist eine eingehende Mail. mail.**.** ist mein Server mit dem frisch aufgespielten Exim 4.70. Dann poste doch mal alle Logzeilen, die zu dem Sendeversuch gehören. Ohne das kann man nur rumraten... Und wie hast du dich überhaupt anmelden können, wenn die Bestätigungsmail abgewiesen wurde? ___ Exim-users-de mailing list Exim-users-de@exim.org http://lists.exim.org/mailman/listinfo/exim-users-de
Re: [exim] maildir_tag - appending size suitable for Dovecot
Andrew Hearn, 2009-09-16 16:08:
W=${eval:$message_size+$message_linecount}
In case you add headers in the router, you have to add their number
here as well, because adding headers does not change message_linecount.
I do add headers in ACL's, but seems $message_linecount includes headers
at ACL time... I'll try it out.
See also http://bugs.exim.org/show_bug.cgi?id=490
I always wanted to write a patch for this, but never got around to
actually do it...
Right now I can live without the W tag, as I don't use POP3 and I'm not
sure about the benefit for IMAP. It's probably better to use dovecot's
deliver then, but the last time I used that it didn't run very stable
(and there was no perceivable benefit), so I a stay with Exim's maildir
delivery for now.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Change IP address in Received header
Jonny_77, 2009-07-15 10:18:
Due to privacy issues I want to change IP address of some users from the
received header to 127.0.0.1. I want to make it only for some users. I have
found received_header_text variable, but I do not understand how to change
this variable for defined users. Thanks.
Here's what I use:
received_header_text = Received: \
${if !def:authenticated_id \
{${if def:sender_rcvhost \
{from $sender_rcvhost\n\t} \
{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if
def:sender_helo_name {(helo=$sender_helo_name)\n\t\
}}\
by $smtp_active_hostname \
${if def:received_protocol {with $received_protocol}} \
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim $version_number)\n\t\
id $message_exim_id
The key part is the ${if !def:authenticated_id ...}, i.e. if the
sender is authenticated, the complete from ... is skipped.
You can replace the condition by some lookup and add whatever text you
want if the lookup succeeds, e.g.
received_header_text = Received: \
${lookup {$authenticated_id} lsearch {/etc/exim/users_with_hidden_ip} \
{by 127.0.0.1} \
{${if def:sender_rcvhost \
...
} \
...
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Default enabling of dnsdb
Mike Cardwell wrote: Does anyone other than Bill have an opinion? I still contend that there I vote for yes. Though I don't use it and I think it's only useful for some special routing cases and some spam blocking tricks (which are often arbitrary, dangerous or wrong), I understand that some people need it. Distributions tend to use the default Makefile settings, so these people don't need a custom build package. Anyway, maybe you can provide some practical examples where dnsdb is needed? As for Bill: Mostly I skip his messages, as I see only see alleged huge real world experience mixed with half-baked exim and email knowledge, wrapped in obscure language. No insult intended, just my personal opinion... -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] MX name with _ : all relevant MX records point to non-existent hosts
mbneto wrote:
Some clever admin configured the MX of a domain pointing to
server_01.domain.com.
Never ever use other people's domain names for examples. That's what
example.{com,net,org} is for.
And if you want help on this mailing list, don't obfuscate things (apart
from passwords). This is both well explained in the mailing list etiquette.
Ok, now to the issue. Underscore in host names is quite common in the
windows world. But most of that poeple with internet connectivity
learned that it's better not to use it, because many people will not be
able to reach you because many software blocks _ in host names.
If you are more interested in operability than than compliance to
arbitrary decisions, you can allow it in Exim by overriding
dns_check_names_pattern in the config's main section. The default is, as
stated in the spec:
(?i)^(?(?(1)\.|())[^\W_](?[a-z0-9/-]*[^\W_])?)+$
The regex is probably not easy to understand (took me also a while). It
should be ok to add the _ in the middle list:
(?i)^(?(?(1)\.|())[^\W_](?[a-z0-9/-_]*[^\W_])?)+$
PS: I'm a little embarrassed by my list fellows. 7 replies, but no
solution, that's not something I would have expected...
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] MX name with _ : all relevant MX records point to non-existent hosts
Rafał Kupka wrote: (?i)^(?(?(1)\.|())[^\W_](?[a-z0-9/-_]*[^\W_])?)+$ There is small error in regexp above. Character '-' in regexp ranges have to be last one before closing ']'. (?i)^(?(?(1)\.|())[^\W_](?[a-z0-9/_-]*[^\W_])?)+$ Um, right, of course. But helo_allow_chars = _ in main section of exim.conf is much simpler solution (as someone else said already). Yes, but to a different problem (incoming vs. outgoing), which hasn't anything to do with DNS. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Bind to IP address for outgoing mail
Alain Williams wrote: The mail server hosts several domains (web and mail). It has one IP address where the reverse DNS has nothing to do with the domain that is causing problems. I have been offered an extra IP address - I could make that have a reverse IP address that was in the domain. However: I don't believe that there is a way of getting exim to bind to a particular address for a specific router or transport. Why not? Look at the smtp transport's interface option. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] callout ACLs
Ian P. Christian wrote:
The only way I can think of doing it is to use a warn, rather than
accept, and then store the result of the callout in a variable - but
I'm pretty sure I must be doing something wrong.
Try this:
accept
domains = +routed_domains
verify = recipient/callout=1m,...,random,defer_ok
condition = ${if !def:acl_verify_message}
I think you can remove the second stanza, because callout's random
option first tries a random random recipient and then the real one (if
the random was rejected).
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Question about ACL condition syntax with and and or
John M Collins wrote:
So I'd like to reject mail over a certain size if it doesn't have a
To: line in the header or if it does but it goes to a domain which we
What about Cc and Bcc? I guess you will loose legit mail with such a check.
host but don't usually take mail for.
What do you mean by that? Either you take mail for them or you do not.
If you don't, reject it (in the smtp rcpt ACL).
{or {
{!def:h_To: {1}}
Where did you get this syntax from? It should simply be
{!def:h_To:}
{${lookup{$h_To:}
nwildlsearch{CONFDIR/Rare-domains}{1}}
This won't work. To can contain multiple addresses and every address
can contain a human readable part (e.g. John M Collins
j...@xisl.com), so you cannot simply match on j...@xisl.com.
My recommandation: Test for envelope addresses.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] global .forward file
Yan Seiner wrote: What I really need is a simple filter that does this: if $h_X-DSPAM-Result: is Spam then save mail/Junk for all virtual users. The only other complication is that the above is for mbox files; I want to use maildir, but I think the idea is the That's a transport setting (maildir_format), not a router setting. same. I need to be able to put any suspected spam into the spambox, for all users, without a .forward file for each user. Use the data option of the redirect router like the spec says: data = #Exim filter\n\ if $h_to: contains Exim then save $home/mail/exim endif -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Mixing Manualroute and Redirect router skills
Federico Tomassini wrote:
Exim eats a mail and, if $header_foo == 'bar', then it forwards the mail
to a remote smart host.
This should do what you want:
smtp_bla:
driver = manualroute
transport = remote_smtp
route_data = ${if def:h_X-Bla: {bla.example.com}}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Rewrite From
Klassen Torben (Gem. Leopoldshöhe) wrote: Im sitting here for days now and I dont get along with my simple setup. ... 1. Don't obfuscate and don't misuse other people's domains and email adresses. example.(com|net|org) is free for examples. 2. You use the obscure debian config stuff. Read /usr/share/doc/exim4/README.Debian.gz to see how and where to get support for that. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] def:acl var with strict_acl_vars=true
Kjetil Torgrim Homme wrote:
this is a bit inaccurate. def on a variable whose contents is 0 will
still return a truth value.
True. The meaning of def: is not is it defined?, but more like is
there something in in?. So def:var is short for !eq{$var}{}.
I don't see the harm in making the change Brian asks for -- it will
It's a change of behaviour. strict_acl_vars was introduced to protect
against typos, like Perl's use strict. If there is a use case for such
a check, it should be done with a new expansion condition, e.g. isset:var.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] def:acl var with strict_acl_vars=true
Brian Blood wrote:
My particular use is the following:
We have the ability in our solution to allow per message max message
size and that value is set in a acl_m variable.
This value is made use of in our local user transport like so:
message_size_limit = ${if def:acl_m_pref_msg_maxsize
{$acl_m_pref_msg_maxsize}{DEFAULT_MESSAGE_SIZE_LIMIT} }
Ok, but AFAICS, it would be sufficient for you to pre-set
acl_m_pref_msg_maxsize to the emtpy string early in your ACLs, e.g. in
acl_smtp_connect and acl_not_smtp_start.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to filter for _complete_ _original_ envelope recipient?
Marc Haber wrote: A complete list of the available variables is given in the Exim documentation. This shortened list contains the ones that are most likely to be useful in personal filter files: So, all expansion variables are available in a user filter? Sure. filter.c simply uses expand_string(). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to filter for _complete_ _original_ envelope recipient?
Marc Haber wrote: and $local_part_prefix are changed when a message runs through an redirect router, and there is only $original_local_part which is offered in the filter. There's also $original_domain, so you can check [EMAIL PROTECTED] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to filter for _complete_ _original_ envelope recipient?
Marc Haber wrote: [EMAIL PROTECTED] Interesting, thanks. That one is not documented in filter.txt, but it works. I'll file a bug. Why? filter.txt does not claim completeness: 3.4 Some useful general variables - A complete list of the available variables is given in the Exim documentation. This shortened list contains the ones that are most likely to be useful in personal filter files: -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] (bez temata)
Matiss wrote:
My question is - can exim do multiple user authentication lookups?
Sure. server_condition is expanded, so you can use the power of Exim's
string expansion to use there as many lookups as you like (and as fit in
your memory), e.g. if you want to authenticate [EMAIL PROTECTED] with ldap
and everything else with mysql (using the LOGIN authenticator):
server_condition = ${if eq{${domain:$auth1}{example.com}} \
{ldap-lookup...} \
{mysql-lookup...} }
or even write the lookups you want into a file like
example.com: ${ldap-lookup...}
example.net: ${mysql-lookup...}
and use
server_condition = ${lookup {/path/to/auth-lookup-file} \
lsearch {${domain:$auth1}} \
{${expand:$value}} fail}
(all untested, of course)
Don't forget to check the corner cases (empty user or password,
non-existant user etc.) so nobody can send mail without proper
authentication.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] which config file is being read?
andys wrote:
Im running exim 4.69 on FreeBSD and Im trying to correct a problem with a
mysql statement that is being broken by an email address with a ' in the
local part. But I dont think that its reading the config file that is listed
...
Anyway I think it was a different
line specifying $local_part that was causing the prob, after replacing the
single quotes with double quotes in all instances its fixed my issue.
You should really use ${quote_mysql:$local_part} then (see
http://exim.org/exim-html-current/doc/html/spec_html/ch11.html#id511579).
Replacing the single with double quotes will help you only until
somebody uses an email address containing double quotes...
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bounce rules
Searcher wrote: Say I am sending an email to [EMAIL PROTECTED] and I want my MTA to attempt the delivery only ONCE. In case the email has been bounced back discard that particular email from the queue and move on. All other emails on the system should use the default resending options. Uhm, do you really mean bounce (i.e., accept message and send a bounce message to the sender) or reject (i.e., reject message in smtp dialog, the sending MTA will usually create the bounce message). In either case, use the empty sender address (the message will be frozen then, but you can disable that) or to something like [EMAIL PROTECTED] and discard mail for this address (e.g. devnull: discard in your aliases file). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] catching newlines with ${sg {}{}{}}
Marten Lehmann wrote:
I need to extract the value X-purgate-ID from $spam_report:
X-purgate: Spam
X-purgate-ID: 150741::080616223818-6C9786C0-73CE72D8/2129941411-0/0-3
X-purgate-Ad: For more information about eXpurgate please visit
http://www.expurgate.net/
Does this work?
${extract {X-purgate-ID:} {$spam_report}}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SMTP timeout while connected to x after sending data block
Hi, this likely to be an issue at the receiving end, or a networking issue between the two hosts, or is it a simple misconfiguration at my end? could be - the notorious MTU issue, caused by dumb ICMP filtering (on your side or the remote, but then they'd have this problem with most sites). Try to reduce your MTU and see if it helps (e.g. on Linux ifconfig eth0 mtu 1400 or ip link set eth0 mtu 1400) - broken firewall that cannot handle tcp window scaling, see http://kerneltrap.org/node/6723, if you're using Linux. Try setting /proc/sys/net/ipv4/tcp_window_scaling to 0 - some other network related problem. Try to capture the sesssion with tcpdump and analyze the dump with wireshark. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Logging to SysLog just some events
Quoting Luca Bertoncello: Just another question: is it possibile to DROP the connection if the authenticator fails? AFAIK not immediately, because that would need something like acl_smtp_postauth, which is not implemented in exim. But you can drop it after the next command (which could be AUTH or MAIL) by adopting the second scheme I proposed. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Logging to SysLog just some events
Quoting Luca Bertoncello:
Unfortunately, I can't do it from Exim, because there is no ACL called after
an
authentication failure.
There are possibilities to work around this:
- instead of fail at the end of your server_condition, use ${lookup
your_db {INSERT INTO ... ON DUPLICATE KEY UPDATE...} {no}{no}}. You can
put that into a macro to use it nicely with multiple auth types.
- set an ACL variable (like acl_c_tried_auth) in your acl_smtp_auth ACL
and check it in acl_smtp_quit and acl_smtp_notquit (and acl_smtp_mail or
_rcpt). If it is set and $authenticated_id is not set, do the stuff you
want (see above).
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Using alternate SMTP server for certain domains.
CR wrote: What I want to do is setup Exim to take an incoming message destined for Excite.com and have it use the SMTP server from the DNS provider to get the job done. Ideally, I would have a text file with domains where this operation would be necessary to deliver mail, as I am positive that Excite.com is not the only organization that is this bad. I don't want to tell all of my users to use the other SMTP server as it will just cause confusion, and I would have to give out the one and only uname/passwd combo that I am given for it. put something like this before your dnslookup router: smarthost: driver = manualroute domains = /etc/exim/smarthost_domains route_data = your.smart.host transport = remote_smtp in the remote_smtp transport: hosts_require_auth = your.smart.host and in the authenticators section: plain: driver = plaintext public_name = PLAIN client_send = ^your_login_name^your_login_password login: driver = plaintext public_name = LOGIN client_send = : your_login_name : your_login_secret that should work. you can look into the wiki or the list archive for more sophisticated examples (esp. regarding the auth config). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] remote_max_parallel by domain?
Quoting Marten Lehmann: we have used remote_max_parallel = 20 for a long time and it worked fine. But currently we cannot deliver emails to a big German ISP (t-online), because their mailservers respond with 421 IP:x.x.x.x - Maximum parallel connections for your IP-Address reached It seems, that are allowed to use only one connection at a time. Thats It seems to me that there are two parallel connections allowed. Not much for a busy mail server, but you could try to contact their postmasters and get them to raise the limit. remote_max_parallel is probably not what you think it is. It controls the maximum number of connections a single message initiates, nothing more, as there is no central queue manager in Exim. If you are using queue_only, it controls the maximum number of connections a single queue runner will start. This is all written down in detail in the spec. The spec also tells you to use queue_smtp_domains (and run a queue runner fairly often) if you want multiple messages to be delivered in a single connection. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How does exim (as sender) handle timeouts on large+ recipient lists? (was: How to set exim to manage the number of CC or BCC addresses?)
Quoting Heiko Schlittermann:
Couldn't it be a kind of smart behaviour, if Exim (as sending MTA)
would detect the fact, that the connection died at some point during the
RCPT TO phase? And then for the next attempt Exim could reduce some
internal max_rcpt to higher the chance that at least one copy of the
message gets through? (And the other cop{y/ies} with other connections?)
I guess it wouldn't be that hard to implement (maybe it could even be
done with the system filter).
But I don't see how that would be useful. Did you ever encounter a
system with such behaviour?
The default for max_rcpt is 100, btw, so the case you described would
not be triggered by the default config.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] ipv6 dnsbl errors
Quoting Phil Pennock: droplog_message = REJECT mail from rbl message = rejected because $sender_host_address is \ in a black list at \ $dnslist_domain\n$dnslist_text dnslists = blackholes.mail-abuse.org I actually set up the isip4 check early so hadn't noticed any IPv6 problems with the lookup code but it looks suspiciously like list-separation is happening on the IP address using the default list-separator of :; that would definitely be a bug, if so. Huh? Which list? The only list involved here is dnslists, and there's no ipv6 address given. For dnslists and ipv6, read 40.31 in den the spec: If Exim is asked to do a dnslist lookup for an IPv6 address, it inverts it nibble by nibble. For example, if the calling host's IP address is 3ffe::836f:0a00:000a:0800:200a:c031, Exim might look up 1.3.0.c.a.0.0.2.0.0.8.0.a.0.0.0.0.0.a.0.f.6.3.8. f.f.f.f.e.f.f.3.blackholes.mail-abuse.org It seems that the used dnslist server simply takes the first 4 elements, which in most (if not all) cases will be 2.0.0.1. I would consider that a flaw. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] ipv6 dnsbl errors
Phil Pennock wrote: Huh? Which list? The only list involved here is dnslists, and there's no ipv6 address given. (2) There clearly is an IPv6 address given, since the default lookup value is $sender_host_address which, in the given case, was IPv6. So you think $sender_host_address is implicitly added to the dnslist entries, then expanded and then again split by the list separator? I don't think so. It seems that the used dnslist server simply takes the first 4 elements, which in most (if not all) cases will be 2.0.0.1. I would consider that a flaw. No, it's worse than that, since it complained about the IP address 2.0.0.0 for an IP address in 2001::/8; Randy posted: Probably because the message simply prints the blocks network address, which happens to be 2.0.0.0. But that's only wild guessing and (as you pointed out) totally Randy's problem (and his customers). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Regex documentation question
Quoting Neil Youngman:
When trying to decide whether a match was case sensitive or not, all
I could find in the documentation was the PCRE_CASELESS option is
set when the matching is required to be case-insensitive. It seems
that PCRE_CASELESS is set for this condition
condition=${if or {{match{$header_subject:}{Out of Office Autoreply}}
{match{$header_subject:}{Auto Reply Message}}} {true}{false} }
Are you sure? I didn't test, but I'd think that caseless matching is
only done for domain and local_part.
$ exim -be
${if match{out of office autoreply}{Out of Office Autoreply}
{matching}{no match} }
no match
but:
${if match{out of office autoreply}{(?i)Out of Office Autoreply}
{matching}{no match} }
matching
I can't tell from the documentation whether PCRE_CASELESS should be
set for match conditions and i had to determine that experimentally.
The spec says that PCRE's default options are used, which means none are
set (except for the cases above). If you want to set it explicitely, you
can use (?i) or (?-i) at the beginning of the pattern. As the spec says,
this is described in doc/pcrepattern.txt.
Also, it would be nice if chapter 8 referred us to 'man pcre' instead
of just a book for the pcre syntax. It seems obvious, but i didn't
This would be the man page of the system's pcre installation, which is
not necessarily the same as the one Exim uses.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Skipping local delivery, a good idea?
Quoting [EMAIL PROTECTED]: Local deliveries are just a low percentage of all the e-mail traffic and I consider to skip them and deliver all e-mails via smtp. For example I could comment out the following line from the lookup-router: domains = ! +local_domains You can do that, but you'll have to set self = pass (and probably no_more) in your dnslookup router(s). Otherwise mail for the local host will always be frozen. You should really read the exim spec about that! I'm not sure if this is very good idea, anyway. But I think it should work. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Help with expansion condition for an autenticator with server_condition.
Robert Bannocks wrote:
As said both work on their own. However when I try to combine them with
an or statement things break. I am missing something here quite
fundamental. Can anyone assist?
What was the exact expansion you tried?
Something like
${if or { \
{crypteq {...}} \
{ldapauth {...}} \
}}
should work.
I thought a or{{Condition1}{Condition2}} would do the trick but it
appears not to work. but combining them with this gives result of the
or has only a special meaning inside ${if ...}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Heads up: Beware pipelining + delay command
Quoting Dave Pooser: Until I discovered that if pipelining_advertise_hosts is set to all (as per default) and the sending server is pipelining to 3 users, there's no response until all three delays have occurred-- and in this case 60s was enough for the sending server to timeout. This was changed in 4.67, see the mailing list archive and the changelog: PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Transport directory based on sender address
Brent Jones wrote:
directory = ${lookup{$sender_host_address}lsearch{/etc/storetable}}
And here is what the /etc/storetable contains
10.0.0.1: /var/mail/catch/main/
appendfile: file or directory name is not absolute
I'd say it should, but it seems that the lookup returns nothing, so the
resulting string is .
Run a debug session with exim -d+expand -bh 10.0.0.1 (or use the swaks
tool) to see what's going wrong.
Oh, and what do you expect to happen when the sender's host address has
no match in /etc/storetable?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Wrong documentation for server_set_id?
Quoting Roland Illig: Return-Path: [EMAIL PROTECTED]@server.de See http://exim.org/exim-html-current/doc/html/spec_html/ch40.html#id2712900 and http://exim.org/exim-html-current/doc/html/spec_html/ch44.html#SECTsubmodnon and http://exim.org/exim-html-current/doc/html/spec_html/index.html#toc0394 You probably have control = submission somewhere in your ACLs. The easy fix is to change this to control = submission/sender_retain. I agree that the spec is a little unclear about all that... Oh, and please don't use domains you don't own in your examples (like client.de and server.de). There are the well-known domains example.com/net/org for this purpose. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] I'm off this list
Quoting Philip Hazel: Just so you all know: this is my last day at work before retiring. I am about to unsubscribe from the exim-users list. However, I will stay on the exim-dev list for the moment and I am continuing to maintain PCRE. It's been fun interacting with all you over the years! Thanks for all the great work! It's a pity to see you leaving for retirement, even though it's well-deserved. Have a good time and all the best for you future. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Making Exim does not include IPs of the original sender....
Alejandro Lengua wrote:
Is there a way to make EXIM, not include the original IP of the sender?
I use this modified received_header_text on my private server:
received_header_text = Received: \
${if !def:authenticated_id \
{${if def:sender_rcvhost \
{from $sender_rcvhost\n\t} \
{${if def:sender_ident {from ${quote_local_part:$sender_ident}
}}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t\
}}\
...
One should take care when modifying such tracking information, though.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sign-key solution for backscatter-spam?
Quoting Johann Spies: I don't want to use SPF and don't want to start a flame war on it (again) but I want to stop backscatter-spam. Isn't that what Exim's builtin BATV prvs is about? Note that it assumes (as probably all solutions like that) that all mail is sent through systems controlled by you. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Try next router, on defer
Mike Cardwell wrote: I have a manualroute router that connects to a server that quite often sends 45x responses at the end of the data phase, for periods of a few hours. What I would like if this happens, is for the next router to be tried instead (dnslookup). Because of the way Exim works, I don't think that's possible. After the message is routed and the transport runs, there's no way back to the routing. Maybe you can work around that with fallback_hosts. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Condition for senders domain for use in a router
[EMAIL PROTECTED] wrote:
I need to add a condition to a router that is triggered by the
senders domain. I am struggling to find an example in the Wiki and
the specification. All of the examples for routers seem to be based
on destination rather than source :-(
See http://www.exim.org/exim-html-current/doc/html/spec_html/ch15.html
You can test for virtually anything with the condition option. If you
want to test for a specific domain, you can use
senders = [EMAIL PROTECTED]
I have a file called xxx-domains.txt that lists 20-50 domains owned
by 1 customer. Mail sent by any user at this customer needs to be
Ok, then you're probably better of using condition, e.g. like
condition = ${lookup {$sender_address_domain} \
lsearch {/path/to/customer-domains.txt} {yes}}
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Greylisting - how do you implement?
Quoting Peter Bowyer: My big worry about this is that you're completely dependent on the behaviour of the other MTA - you've no logging, nothing to tweak, can't whitelist, just have to trust that the people sending you wanted mail are going to do the 'right thing'. That alone has kept me from trying it. You can put these IPs on your usual MX and tell Exim to handle them specially. So you can do with these connections whatever you like. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Undefined variable in eval: (string expansion)
Quoting Toralf Lund:
What do I get if I do something like
${eval:$some_variable+1}
when some_variable is not actually defined?
An undefined variable expands to nothing (except for acl_m/acl_c
variables, if you have the strict_acl_vars option set), so this is the
same as ${eval:+1}, which expands to 1.
Note that there was a change (which was reverted later) recently
regarding empty variables in numeric comparison operators (see the
changelog of 4.66).
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] smtp authentication using default domain
alexis wrote:
server_condition = ${if and { \
{eq {${domain:$1}}{}{defaultdomain.com}} \
Um? That doesn't make any sense.
Move the default domain stuff into the query:
... domain='${quote_mysql:${if !eq {${domain:$auth1}} {}
{${domain:$auth1}} {DEFAULT_DOMAIN}}}'
(you could also do it entirely in SQL, but that'd look even more
complicated.)
btw, you are aware that you should quote_mysql for every externally
provided string in your query, otherwise you are prone for sql injection?
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] smtp authentication using default domain
alexis wrote:
sounds dangerous.
What sounds dangerous? Please use proper quoting.
If you meant the sql injection stuff: Just use quote_mysql with every
externally provided string. In your query, it would be $auth1, which is
already quoted in my example for the domain part. Just do the same with
local_part:
... WHERE username='${quote_mysql:${local_part:$1}}' ...
and what about to define a variable before (pseudo code) i cannot
realize how to do this with exim yet, im new using it.
There's no such thing in exim. There's no real need for it, anyway.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] System Filter regex problem.
Quoting Michael Strauss:
Why? The Regex is the same above ...
. matches everything but \n. To change that, use the s modifier:
$ exim -be
${sg{bla\nblub}{\N^.+$\N}{ersetzt}}
bla
blub
${sg{bla\nblub}{\N(?s)^.+$\N}{ersetzt}}
ersetzt
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Just for your information
Quoting Christopher Glanville:
server_condition = ${lookup{$1}lsearch{/etc/exim/passwd.client}{${if
eq {$value }{$2}{yes}{no{no}}
Besides the issues that Philip pointed out, you will probably act as an
open relay with this config. You will authenticate anybody with an
invalid username (i.e., one that is not in passwd.client) and a single
space password. This is a somewhat common error (and there is a warning
in the wiki about that, IIRC).
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Max messages per SMTP connection
Quoting James Price: I'm seeing these errors in my logs: no immediate delivery: more than 10 messages received in one connection I have what I thought was the correct setting to alleviate this problem: smtp_accept_max_per_connection = 1000 This is only a notification. What you set is the hard limit. I guess what you were looking for was smtp_accept_queue_per_connection, which is more like a soft limit. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] line length detection
John Jetmore wrote:
has anyone found a clever way to detect line lengths from inside of exim?
No, but something like that might do it for you:
warn
regex = \N^.{1000,}\N
log_message = long line detected
set acl_m_longline = 1
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] EHLO unavailable from remote host?
Quoting Thomas Hochstein: Any ideas what I've done wrong here, Nothing. You should contact the PIX operator and ask him to disable SMTP fixup. FWIW JFTR: This was fixed a while ago, don't know in which version of the PIX software. If it does not work with you, it means you have very old software running on your PIX (with some vulnerabilities, AFAIR). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
