Re: [Exim-users-de] Probleme mit DKIM unter Exim 4.70
Werner Berger wrote: Ich habe mich am Webformular auf der Exim-Seite angemeldet. Nachdem ich vergeblich auf die auf die Bestätigungsmail gewartet habe, sah ich in den Logs die Fehlermeldung. Es ist eine eingehende Mail. mail.**.** ist mein Server mit dem frisch aufgespielten Exim 4.70. Dann poste doch mal alle Logzeilen, die zu dem Sendeversuch gehören. Ohne das kann man nur rumraten... Und wie hast du dich überhaupt anmelden können, wenn die Bestätigungsmail abgewiesen wurde? ___ Exim-users-de mailing list Exim-users-de@exim.org http://lists.exim.org/mailman/listinfo/exim-users-de
Re: [Exim-users-de] Probleme mit DKIM unter Exim 4.70
Werner Berger, 2009-11-16 01:23: Ich habe mich auf der Internetseite von exim.org angemeldet, Bestätigungsmail kommt nicht an. Nur eine Zeile im Log. 2009-11-15 02:42:08 1N9U80-0002LE-19 H=tahini.csx.cam.ac.uk [131.111.8.192] rejected DKIM : 220 mein.server.de ESMTP Exim 4.70 Sun, 15 Nov 2009 02:42:07 +0100^ JH Sonst nichts, kein Sender oder sonstwas? Nein, habe das ganze mainlog nach der eximID durchsucht. Die Meldung an sich ist schon recht merkwürdig, weil die stark nach dem SMTP-Greeting aussieht, was eigentlich nichts mit DKIM zu tun hat... Ich schalte DKIM mit dem control in der exim.conf ab. Ich melde mich erneut auf der Internetseite von exim.org an, Bestätigungsmail kommt an, ich bestätige. JH Ähm, mit welchem control in der exim.conf schaltest du das ab bzw. hast JH du das vorher angeschaltet? In der acl_check_rcpt ganz am Anfang: warn ... control = dkim_disable_verify Naja, damit schaltest du wohl DKIM komplett ab. Aber auch wenn das nicht aktiv ist, also DKIM gemacht wird, lehnt Exim nicht einfach Mails ab, dafür mußt du schon acl_smtp_dkim definiert haben und dort kein accept drin haben. Bei mir sieht die config so aus: # main ... acl_smtp_dkim = acl_check_dkim ... dkim_verify_signers = $sender_address_domain:$dkim_signers ... acl_check_rcpt: (dkim_disable_verify wie in Beispielconfig ) ... acl_check_dkim: # erstmal nur testen... warn sender_domains = paypal.com : paypal.de : ebay.de : ebay.com #dkim_signers = paypal.com : paypal.de : ebay.de : ebay.com dkim_status = none:invalid:fail log_message = Message from $sender_address_domain with invalid or missing signature add_header = X-DKIM-Warning: Message from $sender_address_domain with invalid or missing signature add_header = X-DKIM: $dkim_verify_status ($dkim_verify_reason) accept Wenn du eine DKIM-ACL definiert hast, muß du (wie bei jeder anderen ACL auch) am Ende ein accept haben (wenn du nicht schon vorher ein accept zuschlagen läßt), ansonsten geht Exim implizit von einem deny aus. Das wäre evt. eine Erklärung für das Verhalten bei dir. ___ Exim-users-de mailing list Exim-users-de@exim.org http://lists.exim.org/mailman/listinfo/exim-users-de
Re: [Exim-users-de] Fallback MX und relay_domains
On 29.05.2012 18:12, mailing wrote: Wie sollte man so eine Userlist-Sync bewerkstelligen? Es liegen nicht genug Informationen über dein System vor, um das zu beantworten. Userverwaltung, Anzahl der Domains etc.? Am einfachsten ist es wohl, per cron rsync laufen lassen (ob der primary oder secondary das anstößt, ist egal) und damit eine (oder mehrere) Datei vom primary auf den secondary zu bringen. Dort baust du dann einen router ein, in dem die Datei ausgewertet wird. ___ Exim-users-de mailing list Exim-users-de@exim.org https://lists.exim.org/mailman/listinfo/exim-users-de
Re: [exim] Pass recipients to spamd (was: Include envelope_sender in Received-Header?, revived)
Marc Haber wrote: (CCing exim-dev for follow-ups) While Envelope-Sender is defined to be added by the last mail server in the transmission chain, it is probably a good thing to have that information available for servers earlier in the chain. That's why I think that it only makes sense if it is widely deployed. I agree that it's really nice for tracing/debugging. As for the spamd interface, there is something else: Only a single recipient will be listed in the Received: header. It's easy to change that, of course, but I think we don't want to end up having dozens of recipients there. Not to mention the privacy issues, as some of them may be bcc-recipients. Looking at the code in spam.c and the spamd interface, it seems easy to solve this: Send the recipients in a Envelope-To (or something else, spamd is quite tolerant there) to spamd right before the mbox_file, so spamd recognizes it as a header belonging to the message. (The same could've been done for the envelope-sender, but it's not of much relevance now.) Other env-to headers should probably be stripped before, but I'm not sure if that's really needed (will SA stop after the first found env-to header?). The added complexity (if there's not already code for it in Exim) is not worth it, I think. At worst, somebody would put a whitelisted address in there, but if these are known, you are lost anyway. Any concerns/comments about that? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Hiding paths in mailer-daemon error reponses
Chris Corbyn wrote: See the error message below whilst testing what happens when trying to deliver mail to a non-existent user on an exim setup using virtual domains in an UW-vIMAP style. When sending to a user that does exist it My crystal ball is broken, so you should probably write a little more about your config: - which exim version - the exact router/transport from your config file - how a file in the UW-vIMAP style look like (example line) If anyone sees that they'd be a little confused LOL :D ... The expansion of the string works fine with users that do exist, perhaps I can put some sort of if..else in there to avoid that mess being sent back? You could put the extract into the lookup (like ${lookup ... {extract...{$value}}}), but that depends on your config details... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Hiding paths in mailer-daemon error reponses
Chris Corbyn wrote: And you should really use a valid return address... --- snip --- This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] Unrouteable address --- snap --- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Hiding paths in mailer-daemon error reponses
Giuliano Gavazzi wrote: [EMAIL PROTECTED] Unrouteable address a temporary DNS problem perhaps? It worked fine here (manually tested on the primary using an empty envelope). I don't know, the message came from wumpus.mythic-beasts.com (sorry for stripping the headers): Subject:Mail delivery failed: returning message to sender From: Mail Delivery System [EMAIL PROTECTED] Date: Mon, January 9, 2006 14:47 To: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Random numbers
Ian Eiloart wrote: Does Exim have a random number generator? Recent versions have the modulo operator, so you can build yourself a poor man's RNG: ${if eq{${eval:($tod_epoch+$pid)%2}}{0}} will give you true with a 50% (= 0.5 = reciprocal value of 2) chance (over a sufficent long period). That's much less expensive than a regex, I'd say. Note that messages received within the same second over the same connection will have the same value assigned, but that's typically not a problem with spam. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] help on TLS for ext. connection
user therion wrote: a)server_advertise_condition checks if TLS is given?! if YES then allow connection?! b)server_condition = ${lookup{$2}dbm{/etc/exim/authdb}\ {${if eq{$value}{$3}{yes}{no}}}{no}} allows only to connect with the user/pass in the mentioned file!? For both: authentication, not connection. So external users have to use TLS for authentication, and have to authenticate to be allowed to relay. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: 2nd reply Re: [exim] using MX always
Jeff Lasman wrote: 1) send the welcome email 2) configure the DNS 3) add the new domain(s) to local_domains That should work. Messages may be deferred, so you should make sure that the mail is really sent out before you advance. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Virus confirmation to recipient
Slawomir Orlowski \(CYMPAK\) wrote: deny malware = */defer_ok message = Exim ClamAV this message contains a virus ($malware_name). Questions: How to configure exim (clamav) so error message is logged? (Right now is not). log_message = Message contains malware ($malware_name) How to configure exim so e-mail with message about virus would be send to would-be recipient ? control = fakereject/Message rejected because of infection: $malware_name (instead of message = ...) But I wouldn't do that for normal users. They will get many unnecessary mails (and keep telling you I have a virus!) and the sender address is usually faked, anyway. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: help on TLS for ext. connection
user therion wrote: in advance another question. Do I need to allow a specific SMTP-header in my firewall to use TLS on exim?? You need to allow STARTTLS for TLS to work (obviously), but further traffic can not be inspected (as long as your firewall has no MITM ability), so you can also disable it. Firewalls are a constant source of grief (not only) for smtp, like the infamous Cisco f*ckup protocol smtp, which prevented ESMTP and therefore AUTH, STARTTLS etc. (I heard they changed this a while ago, though). ESMTP keyword AUTH, STARTTLS, and so on.or are these keywords just infos and are unimportant for the TLS-authentication? It's not clear to me what you mean. AUTH is seen twice on the wire: 1. The smtp client sends EHLO $whatever and Exim replies with it's capabilities: AUTH, STARTTLS etc. 2. The clients knows now what he can use, so does his AUTH If the clients uses STARTTLS, he has to send his EHLO again after the SSL handshake and get a new list of capabilities (discarding the first one). - TLS with AND without user/pass !? -- thought the server_condition (see below) will only allow auth WHEN a user/pass is delivered!!?? I don't understand this either. How could a client do authentication without any username/password? (Without a broken server config, that is) Do you mean your local clients can relay without authentication? That's because they are in relay_from_hosts. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Virus confirmation to recipient
Slawomir Orlowski \(CYMPAK\) wrote: fakereject - I have never heard about such key work, It's all in the spec. I have put it to my exim configure file and waiting for virus to come to check it out Send yourself the eicar testvirus (http://eicar.com/anti_virus_test_file.htm) or let somebody send it to you (http://www.webmail.us/testvirus). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Virus confirmation to recipient
Slawomir Orlowski \(CYMPAK\) wrote: Please keep list traffic on the list! I have run http://www.webmail.us/testvirus test (24 test) for [EMAIL PROTECTED] account 5 of them was cought and info about virus was added to rejectlog log 2 went through what happened to the rest of them in mystery, neither rejected nor deliver, Whatever happened to the message should be written in your logs. Do you have a MIME ACL with something like warn decode = default? I don't know if clamav detects and scans MIME attachments by default. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
[exim] Re: [exim-dev] Pass recipients to spamd
Jakob Hirsch wrote: Ok, since nobody objected (or nobody were interested), I made a small patch (attached) it ran fine on my system the last days. Looking at the code in spam.c and the spamd interface, it seems easy to solve this: Send the recipients in a Envelope-To (or something else, Even easier: There's already code for it in spool_mbox.c, but it put only a single recipient into the header ($received_for). I changed this to $recipients. The only problem is a probably very long line, but that seems to be no problem for spamd (at least in my tests). spamd recognizes it as a header belonging to the message. (The same could've been done for the envelope-sender, but it's not of much Even that is already there, so the changed Received: header was not necessary (for spamd). --- exim-snapshot/src/spool_mbox.c +++ exim-snapshot.jh1/src/spool_mbox.c @@ -90,11 +90,11 @@ }; }; /* Generate X-Envelope-To header */ -envelope_to = expand_string(US${if def:received_for{$received_for}}); +envelope_to = expand_string(US${recipients}); if (envelope_to != NULL) { if (envelope_to[0] != 0) { uschar *my_envelope_to; -my_envelope_to = string_sprintf(X-Envelope-To: %s\n, envelope_to); +my_envelope_to = string_sprintf(X-Envelope-To: %s\n, envelope_to); i = fwrite(my_envelope_to, 1, Ustrlen(my_envelope_to), mbox_file); if (i != Ustrlen(my_envelope_to)) { debug_printf(error/short write on writing in: %s, mbox_path); -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Regular expressions from file for match{
Jan-Piet Mens wrote: failed to expand ACL string ${if !={$acl_m0}{} }: executable files dangerous in email is not a number I'm using Exim 4.60. Is there something wrong in the equality? != should be !eq. =, etc. are for numeric comparisons. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Regular expressions from file for match{
Marc Sherman wrote: ${if def{acl_m0}} should work, too. that would be ${if def:acl_m0}. But it's nicer than eq with {}, that's right. Don't know why all the people use it. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Current solutions for smtp auth via pam
Jochen Gensch wrote: 22:10:19 51666 SMTP AUTH PLAIN AHN0YXR1cwB1Z2F1Z2E= I hope these are not the credentials you are going to use in production. 22:10:19 51666result: USER And after the line before there's no point in obfuscating. 22:10:19 51666 Answer 'NO PAM start error' received. sounds like a problem with saslauthd's interface to pam. stracing the saslauthd should reveal the problem, as somebody else pointed out. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Current solutions for smtp auth via pam
Jochen Gensch wrote: I hope these are not the credentials you are going to use in production. No, TLS is in use as well. By credentials, I meant the username and password, which you posted base64 encoded to this list. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Setup for authenticated submission
Bill Hacker wrote: bad idea. While RFC 2476 does not explicitly specify it, all installations I know of use STARTTLS. on this port, that is. We have the luxury of not having to cater to WinWoes or Apple 'native' alleged-MUA's, and use different SSL arrival ports for: - faster setup than STARTTLS I use the smtps port (465) for this. - helping 'ban' MUA's we don't want to support anyway By requiring immediate TLS instead of STARTTLS? Interesting. Last time I checked, OE supported only the former of both. - selecting different acl routing rules for different user groups Depending on the incoming port? Sounds not very reliable. Anyway, I'd rather use some arbitrary port for this than abuse a well-known port. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Setup for authenticated submission
Bill Hacker wrote: - selecting different acl routing rules for different user groups Depending on the incoming port? Sounds not very reliable. Why so? Incoming ports tend to stay where you put 'em. Sure, but client configurations tend to change all the time. And what stops people from using one the other many ports you provide? Helps with getting the correct outbound helo set up for a virtual-domain helo is not correlated to the sender domain (unless you want to disguise poorly). It should resolve to the connecting IP address, and vice versa, which could be nasty if use many different helos. Well, I hope your mail system works better than your homepage... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Setup for authenticated submission
Bill Hacker wrote: it is NOT required to use STARTTLS, many prefer to use CRAM-MD5 or similar schemes which aren't vulnerable to sniffing. How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable' than the current higher-level releases of SSL/TLS? It is surely not (and Kjetil did not write this), but MD5 is not compromised. There was a collision attack published in 2004, practical consequences are yet to be proven (AFAIK). I'd rather use TLS, of course. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] relay_from_domains
Marc Haber wrote: How do I implement a relay_from_domains that works exactly like relay_from_hosts just on domains. I want to do this so my clients can only send mail from their own domains. That's a really really really bad idea since everybody can happily spam anybody through your server just by forging one of your customers' domains. No. He wants additional restriction for relaying (both from_hosts and _domains must match), not loosening. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Setup for authenticated submission
Nigel Wade wrote: Of course. Look at server_advertise_condition Ah, I see. I can use this condition to ensure that AUTH is only advertised if the connection is encrypted? Is that correct? That's what the spec says, yes. The most simple form is: server_advertise_condition = ${if def:tls_cipher} and the wiki examples. I don't see any examples in the Wiki. http://exim.org/eximwiki/FAQ/Encryption_TLSSSL/Q1702 is at least for something similar. A search for server_advertise_condition would've also revealed some links. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Passing values between ACLs and Route - Addenda
Luca Bertoncello wrote: Use $acl_c[0-9] don't use acl_c, it sets variables for the whole connection and therefor may have side effects if you receive more than one message in a single connection. In fact, I'm not sure I understand what you try to do. Save the result of address verification from the ACL run so you don't need another db lookup for delivery? That's not easy, because a message may have multiple recipients, so you'd have to store the results for every recipient. And I think the results are cached, so there will be no effect, anyway. If the E-Mail comes from TCP it's work, if I try with exim -bt address I get always Unrouteable address. That's because the RCPT ACL is only run for SMTP connections. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Spamd + clamav and mail size check condition
Vahric MUHTARYAN wrote: can I put different conditions under each section like this yes. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Two Virus Scanners with exim
Sujit Choudhury wrote: Is there any way we can use another virus scanner (say clamav) without changing the config a great deal. I think MailScanner provides Don't know what a great deal is for you, but it's possible and explained in the fine manual, at the end of chapter 40.1. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] hotmail emails not reaching contacts
xyon wrote: IDENT request on tcp/113.. of course most of us drop connections on any port we don't use, so if they don't get a response, they drop your Why would anyone do that? DROP is a misbehaviour similar to the clueless ICMP blocking (and breaking things like PMTU discovery) which is even done on major sites. Of course it's reasonable to have rate-limiting for REJECT rules, just as for ACCEPT. message thinking you are someone bad. The recommended solution is to ... have an identd, even if it's only a fake one that always returns nobody (like I do). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Adding a header line to indicate ACL statement
Doug Jolley wrote: However, short of setting up a separate warn statement which mirrors the conditions for each of the accept statements, I'm not sure how I can use the warn verb to accomplish this objective. It thought that there's a way to add a header in an accept, but it seems not. Anyway, you can use this: warn message = X-Accepted: something set acl_m0 = ok accept condition = ${if def:acl_mo} or: accept cond1 ... set acl_m0 = the reason why ... your_router: ... headers_add = X-Accepted: ${if def:acl_m0 {$acl_m0}{unknown}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Need to generate a reject message with correct headers
Kenevel wrote: Is there a way of avoiding having to maintain identical code in two different places? I have only errors_to set in my VERP router. You only need return_path in the transport if you want to override errors_to. The errors_to address is saved in $return_path, btw. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Is there a way to automatically resend email through different gateway?
Daevid Vincent wrote: And Exim cannot do it (AFAIK). I don't see why it can't do it? If Exim tries to connect directly, then it First, because Exim is not programmed to do it. A permanent error means the message is not deliverable. Second, if the message gets discarded at the receiving site, there's obviously no way for Exim to detect that. There are major sites doing this, so if you want reliable mail service, you should not rely on such things. You've been told solutions for your problem before. If you want to stick with yours, you have to live with the limitations. Why are so many on this Exim list arrogant and elitist? It's really sad. Oops. You are really the first person accusing me of arrogance and elitism. You asked here about 2 months ago about the very same problem, were given advice, but ignorance. Arrogance is a bad thing, but ignorance is surely worse. People _tried_ to help you, there's nothing to complain about. You want a fix_remote_braindeadness switch? D'uh, there is no such thing. And no simple solution for your problem. And no _reliable_ solution with Exim or any other MTA. I assume you mean -- get a static IP or some such solution (which involves a financial investment)? As I understand, you are doing (at least partially) business over your line and you already pay for some obscurly limited mail-outbound service. There are surely services that will happily relay all your mail (probably up to a reasonable limit) for a few dollars per month. At least there are here in Germany, and as far as I know, the US hosting market has even lower pricing. Another solution is to find a company that offers you a tunnel with a static IP address. You could even get a server or vserver for running your own mail-outbound service, these things are not so expensive any more, i.e. starting from 15€ (about 18$) for a server, 5€ (7$) for a vserver. The last two solutions require some administrative work, so it might not be your first choice. Nothing new here, I wrote this before to you. If you think that's arrogant, you'd better start a reality check on your perception. charge me $500/month for a business network line with a static IP. If you're volunteering, I'm happy to take your donation. Begging a poor student for money? Shame on you! :) The solution that should be acceptable, Jakob, is to use a service that forwards mail on for me. That solution is working wonderfully, with the limitation of number of emails sent. My car is working wonderfully, with the limitation that it's stopping every half mile. Doesn't sound so well to me, but what do I know... So, to sum it up, there is no way to solve this technically on your side. What you're really asking for is a proper mail-relay service. Not really a topic for this list, although there might be somebody around who can offer you such a service for a reasonable price. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] AUTH over TLS only
Marco wrote: Can I send a custom SMTP error (ex. You must use an encrypted session!!), when exim4 reject an non-encrypted authentication session? No. If AUTH was not advertised, Exim will say something like AUTH not advertised. But proper smtp clients will not use AUTH unless it was advertised, so that's nothing to worry about. If you want to tell people that you need TLS for AUTH, you could use a custom smtp_banner, but few people will ever see (let alone read) it. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Is there a way to automatically resend email through different gateway?
Adam Funk wrote: I take your point, but I do think there is a bit of hypocrisy floating around here on this issue: people condemn what Daevid and I want as *wrong* -- even though I genuinely don't think it violates the RFC -- but condone (at least tacitly) violations on the receiving end. Surely not. Simply dropping mail without notification is one of the worst things a mail admin can do. Rejecting mail on the sole fact that the sender has a dynamic IP address is wrong and bad, IMO (and the net is more and more moving towards closed solutions...) But it's a too easy and too well working solution for many people. If it's more important to you to get your mail delivered than to them to get it received, you'll have to take the effort, unfortunately. That's the way it always was... PS: Accusing people of hypocrisy (or snobism and arrogance like somebody else) will surely not help your case. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: smtp authorization test via telnet?
[EMAIL PROTECTED] wrote: terminal window. Although I've telnetted to port 25 thousands of times on thousands of servers, I've seldom run across a session that didn't let me send mail outside the domain after authenticating with POP3. You can have that with Exim, too, but I'd rather not support obsolete hacks. With the other MTA's I test, I can emulate the account I'm mailing from and see the results in gory detail. I haven't found a way to do that yet using exim, so I thought I'd ask here since this group seems well-informed. exim -bh client.ip.ad.dress exim -f [EMAIL PROTECTED] -bt [EMAIL PROTECTED] Exim's man page lists a bunch of additional options... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] STARTTLS before EHLO?
Heiko Schlittermann wrote: should exim support receiving a STARTTLS *before* receiving an EHLO? no. Well, it wouldn't hurt (just like allowing AUTH before EHLO), but why? No proper client would do it. openssl s_client -connect ssl.schlittermann.de:25 -starttls smtp 503 STARTTLS command used when not advertised.. Which openssl version is this? 0.9.7f (on FC4) sends EHLO some.host.name before STARTTLS. Is this (exims) behaviour just a missing feature oder standard/RFC compliance? (a short look into RFC2487 just showed me an example with connect - EHLO - STARTTLS, but no hint if this is required.) I'd say: A server is not required to enforce EHLO before using extensions, but it is also not required to allow them before he has announced them through an ESMTP response. Anyway, RFC 821 says: The first command in a session must be the HELO command., changed by RFC 1869, 4.1.1: RFC 821 states that the first command in an SMTP session must be the HELO command. This requirement is hereby amended to allow a session to start with either EHLO or HELO. So, anything before HELO/EHLO is a RFC violation. Still, many servers even allow sending mail without EHLO/HELO, they are just more tolerant then they have to. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] STARTTLS before EHLO?
Heiko Schlittermann wrote: OpenSSL 0.9.7e 25 Oct 2004 OpenSSL 0.9.8a 11 Oct 2005 both do not send 'EHLO'. (Debian) Looking at the sources, they put it into 0.9.7 starting with the f version, but not in 0.9.8/8a (for whatever reason). The change is trivial, it does not even check if the server supports STARTTLS. Anyway, you could bother the openssl people to put it into 0.9.8, for the good of all of us. Any while you are at it, they should also put in -starttls imap with something like OSSL STARTTLS. :) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: smtp authorization test via telnet?
[EMAIL PROTECTED] wrote: Jakob wrote: (in response to POP-before-SMTP) the pros and cons on this? Or, alternatively, can you give me a short version of your thinking on this? pop-before-smtp is merely hack, introduced because there smtp had no authentication facility. But that is long ago, the smtp auth RFC is dated March 99 and all today's email clients support smtp auth. Why is pop-before-smtp a hack? - does not work with some clients (e.g. OE, possible workarounds though) - misuses a protocol to submit information for another protocol - ... which can be submitted through the protocol itself - possible race-conditions (though mostly irrelevant in practice) - slower and more resource usage - involves online parsing of logfiles or a hacked pop3d daemon - needs a database or a special daemon to keep the login information - therefore generates more points of failure These are things that come to mind right now, there are possibly many more. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Check for domain in acl_check_notsmtp
Stian Jordet wrote: The server uses fetchmail and gotmail to receive mail from other pop3/imap servers and hotmail. This works fine, but I'd like to check the mails for spam. I do this in the notsmtp acl. This also works fine. Here's what I use. fetchmail is only run as an unprivileged user (which you should always do) named fetchmail, so I check for just that. acl_check_not_smtp: warn condition = ${if eq {$authenticated_id}{fetchmail}} condition = ${if {$message_size}{500k}} spam = nobody:true/defer_ok set acl_m0 = ${if ={$spam_score_int}{50} {Yes}{No}}, score=$spam_score set acl_m1 = $spam_report accept (settings acl_m0 and m1 is specific to my setup, only for adding the X-Spam headers in the system_filter) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] condition problem
Vahric MUHTARYAN wrote: warnspam = nobody:true condition = ${if {$message_size}{300K}} should be warncondition = ${if {$message_size}{300K}} spam = nobody:true order matters for conditional keywords. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Dealing with broken mta
Rafa wrote: control. My problem is, that server is configured to return 450 for invalid mailboxes, causing exim to interpret it as a temporary error. This is broken, wrong and stupid. 4xx tells other MTAs to retry, but as they'll never accept that mail, there is no point in doing so. 1. Tell the other admins to fix their server. I've already did that The only sane way. 2. Have them send me they user list and have exim check against it That's also a good thing. You won't have to accept mail that will be bounced. Synchronising should be automatic, but that's easy to do with scp, rsync, ftp... 3. Write my own recipient verification program and call it from an ACL using run or readsocket. I think I'm going to do this anyway as Which will not work if their server is down, and that's just the time a backup mx is needed. Except for some spammers using the lower priority MXs by default assuming that they have looser spam checking. 4. Setup a special transport for them (and maybe other broken mta I manage to run across. The problem (and the point of this mail): how There's no way to do that (AFAIK). And you shouldn't do it. 5. Stop providing secondary MX for them. This might be what's needed That depends on your relationship. I'd be reluctant in supporting such broken setups. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: Debian uucp
Brent Clark wrote: I was wondering if I shouldnt add something like require_files = $local_part:$home/.forward Your userforward router looks like it's debian-specific, so you probably want to take this to the debian-exim list (pkg-exim4-users). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Wildcard Certs
Josh Berry wrote: file=/share/admin/mailauth/STAR_plus.net.crt): error:02001002:system library:fopen:No such file or directory Is this file readable by the exim user? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Wildcard Certs
Josh Berry wrote: Have tried strace but really, having never used it before, I have no idea at all what the output means. Can you point me in the direction of a website that tries to explain the output or what sort of thing i will be looking for. No, but it's not that hard: - telnet 0 smtp - Attach to the exim process with strace -o exim.strace -p $exim-pid (pid of the exim process that handles your connection) - type ehlo world and starttls in your telnet window - Stop the strace and look into exim.strace. There should be something like this: read(10, starttls\r\n, 8192) = 10 alarm(0)= 298 rt_sigaction(SIGALRM, {0x805d30c, [], 0}, NULL, 8) = 0 open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3 fstat64(3, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 10) = 1 read(3, [EMAIL PROTECTED]..., 32) = 32 close(3)= 0 getuid32() = 100 time(NULL) = 1139492605 open(/etc/exim/cert, O_RDONLY)= 3 fstat64(3, {st_mode=S_IFREG|0600, st_size=1937, ...}) = 0 mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f54000 read(3, -BEGIN RSA PRIVATE KEY-\n..., 131072) = 1937 read(3, , 131072) = 0 close(3)= 0 [...] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] smtp authorization test via telnet?
[EMAIL PROTECTED] wrote: Notice that the string produced by gen-auth is different from the string produced by normal base64 encoders: AGp1Z3NAZ29vZnl3ZXJrcy5jb20AQm9pbmdCMDFuZw== decodes to: $ base64decode AGp1Z3NAZ29vZnl3ZXJrcy5jb20AQm9pbmdCMDFuZw== | hexdump -C 00 6a 75 67 73 40 67 6f 6f 66 79 77 65 72 6b 73 |[EMAIL PROTECTED]| 0010 2e 63 6f 6d 00 42 6f 69 6e 67 42 30 31 6e 67 |.com.BoingB01ng| anVnc0Bnb29meXdlcmtzLmNvbSBCb2luZ0IwMW5n decodes to: 6a 75 67 73 40 67 6f 6f 66 79 77 65 72 6b 73 2e |[EMAIL PROTECTED]| 0010 63 6f 6d 20 42 6f 69 6e 67 42 30 31 6e 67|com BoingB01ng| The first of these is valid for AUTH PLAIN, the second one would be valid for AUTH LOGIN if the space was replaced by \0. Interestingly enough, the string I get back from mimencode works also: printf '[EMAIL PROTECTED]' |./mimencode dXNlcgBqdWdzQGdvb2Z5d2Vya3MuY29tAEJvaW5nQjAxbmc= for AUTH PLAIN, that'll work, because the usual exim authenticators don't use the first parameter (user). Is there a trick to generating the Authentication code in other encoders hat will work with exim? I used this perl script for several years: #!/usr/bin/perl -w use strict; use MIME::Base64; my $unenc = join (\000, @ARGV); print AUTH LOGIN . encode_base64($unenc, '') . \n; print AUTH PLAIN . encode_base64(\000$unenc, '') . \n; -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] fatal errors in BSMTP transport
Marco Herrn wrote: 2006-02-09 13:19:49 1F7Am3-0008Uf-W1 = [EMAIL PROTECTED] H=fmmailgate01.web.de [217.72.192.221] P=esmtp S=30388 [EMAIL PROTECTED] 2006-02-09 13:24:49 1F7Am3-0008Uf-W1 [EMAIL PROTECTED]: spamcheck transport output: An error was detected while processing a file of BSMTP input. 5 minute timeout of spamc/spamd? Anyway, I'd strongly suggest using Exim's builtin spamd interface so you don't have to use such kludges. You'll have to do a bunch of changes in you exim config. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: Debian uucp
Joerg Sommer wrote: require_files = $local_part:$home/.forward I don't think this helps. Why not? It's a precondition, so the router will not run (and therefore not defer) if ~/.forward is not accessible. The fault is the user uucp is created by the default installation, but not his home. No, the fault is not having users with invalid home directories in /etc/aliases. Or a userforward router with possible failure that is run before the system aliases router. Both are not faults of Exim or Debian. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: Debian uucp
Joerg Sommer wrote: require_files = $local_part:$home/.forward I don't think this helps. Why not? It's a precondition, so the router will not run (and therefore not defer) if ~/.forward is not accessible. As I understand the spec the check is only if the user exists (in /etc/passwd). This is always valid, because uucp is part of the default No, it will check if the user has access rights to the specified file. If the user does not exist, the precondition will fail. If the user exists but has no read rights for the file, the precondition will also fail (this is what require_files is for, after all). I would say Debian should add uucp to its alias file. Otherwise the default installation would fail. Actually, uucp: root _is_ in the aliases file of the Debian system I have access to. The file was generated by eximconfig. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] nested conditions
Marten Lehmann wrote: { eq{{true}{true}} } \ the correct syntax is { eq {true}{true}} condition = ${if or{ \ { eq{{true}{true}} } \ { eq{{true}{true}} } \ } \ \ {true} \ {false} \ } The result of this expansion is true } } {true} {false} }, which is the same as true for condition. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] 30 second wait for protocol timeout exceeded
Mike Jones wrote: Is this something I need to set, or is this something they've changed on their mail server ? The former. Well, you don't need to, but it's likely to fix the problem. They probably changed their firewall settings. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] 30 second wait for protocol timeout exceeded
Nigel Metheringham wrote: I'm not sure that having a 30 second RFC1413 timeout is useful in any normal circumstances nowadays. Best bet is to reduce it down to (say) 5 seconds. I agree. Then again if you have never used RFC1413 information or don't know what it is you could just switch it off without problems (set timeout to 0s). As I understand, ident information was not intended to be useful for the requesting system, but for the requested system. Unix systems with shell access for many users seem to be not very common any more. But I'd say it can still be useful without much effort. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] 30 second wait for protocol timeout exceeded
Philip Hazel wrote: Do you think I should change the default to 5s? Yes. 5s should be enough for 99% of the connections, for the remainder: Ident is (usually) non-critical for smtp. I agree with the others that it would even not do big harm if ident would be disabled by default, but I'm reluctant to give up a possible diagnostic help, even if the probability for helpfulness is quite low nowadays. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Logging to stderr/stdout for multilog
Casey Allen Shobe wrote: Is there a TODO for logging to stdout? I doubt that you really want to log to stdout. tcpserver would send that to the remote end. Maybe something like log_file_path = /dev/stderr, otherwise you'll have to change the sources. Should not be that hard... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Different hostname for different IPs (addenda)
Luca Bertoncello wrote: How can I set a differente Hostname for HELO for different Transports? Set helo_data to whatever you want in your transports. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] When to use dns block lists
W B Hacker wrote: You may 'think it is OK..' but RFC's aside, mail to 'postmaster' is more often generated by a 'daemon', not a human, so the chance of it Not that I'd patronise blocking the postmaster address, but why do you think that? The postmaster address is specifically for humans to contact when something goes wrong. I'd really be not amused when some daemon would start sending mail to my postmaster account. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Logging to stderr/stdout for multilog
Casey Allen Shobe wrote: I doubt that you really want to log to stdout. tcpserver would send that to the remote end. Umm, no. I'm not using tcpserver. Oh. Then I wonder why you wrote in your original post: I've just set up exim (4.54) for the first time on one of our servers, and am running the service using tcpserver (part of daemontools), -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Monitoring sent emails of a user
Sub Zero wrote: and it is working okay. But I want to remove the header line Return-Receipt-To: ... only in this unseen delivery filter (if you call Section 42.6 of the Exim spec tells you how to do that. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Not frozing on unexistent user
Maykel Moya wrote: Given that the condition of unexistent will remain on B, how can I say A that generate a bounce when B reject the message, instead of frozing it. That is the default operation, so the config must have been changed in some strange way. Maybe there's no dnslookup router, so A does not know how to handle the bounce. But it would be better to replicate B's user list to A, so A will not accept such mail any more. Otherwise you'll create colleral spam. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Monitoring sent emails of a user
Sub Zero wrote: if ($sender_address MATCHES [EMAIL PROTECTED]) then unseen deliver [EMAIL PROTECTED] headers remove Return-Receipt-To endif It's not that easy, because headers remove will work on both copies, I think. Maybe(!) something like this could work: if ($sender_address MATCHES [EMAIL PROTECTED]) then if $h_Return-Receipt-To: is not then headers add X-Save-Return-Receipt-To: $h_Return-Receipt-To: headers remove Return-Receipt-To unseen deliver [EMAIL PROTECTED] headers add Return-Receipt-To: $h_X-Save-Return-Receipt-To: headers remove X-Save-Return-Receipt-To else unseen deliver [EMAIL PROTECTED] endif endif btw, this whole thing smells like your newcomer should not even notice that his mail is monitored. I hope that's not true... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Logging to stderr/stdout for multilog
Casey Allen Shobe wrote: Oh. Then I wonder why you wrote in your original post: I've just set up exim (4.54) for the first time on one of our servers, and am running the service using tcpserver (part of daemontools), Because I wasn't thinking clearly. Sorry for that. Never mind. Afterwards I noticed that the way you said you invoke exim does not fit to tcpserver, so I could've guessed it myself. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] (no subject)
Rob Bernabe wrote: Im a newbie to the list and to exim, so be gentle :) Welcome. First, please read the list ettiquette in wiki, particularly the part don't start a new thread by replying to a list post and use meaningful subjects (virtually there). That's as a gentle advice, of course. :) Im trying to force mail from senders that match a What do you mean by force? senders = (prefix-)[EMAIL PROTECTED] Read exim spec, 10.18. To be recognized as a regex, it has to start with a caret. And in general, regexs should be enclosed in \N to prevent them from expansion. And you regex means match zero or more times 'prefix-', which is certainly not what you want. Try this: senders = [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: Sending mail through a smarthost with TLS
Matthew Ford wrote: When I telnet to my remote host on port 465, I just get the following, and nothing more... Does this confirm that my host is using ssl-on-connect? (NB I know the It's likely, but it does only confirm that the port is not closed. To test for SSL, use: openssl s_client -connect the.host:465 Are you positive that the remotehost does not provide TLS on either the SMTP (25) or message-submission (587) port? On port 25, yes - but that is blocked by my ISP (I am receiving my incoming mail on another non-standard port via a relay service). There is no response on port 587. You could ask the admin of the remote server to listen additionally on port 587 (usually a simple config change). Also, many servers listen on non-well-known-ports like 2525 to circumvent ISP blockings. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] DNS Blacklist/DNS Whitelist
Pascal wrote: accept message= X-Blacklist-Whitelisted: $sender_host_address warn message = X-Blacklist-Warning: $sender_host_address is The accept matches before the warn, so the warn will not be used. Reverse the two statements. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Problem sending Mail to comcast
Tom Fischer wrote: It is artedona.de. The Domain exist. They relay about our Mail-Server Yes, but the resolving is not only overly indirect (artedona.de - ns{1,2}.ebuz-kunden.de - ns{1,2}.dns-resolver.net), the TTL for the MX and NS RR is 1 (one!) second. You should really fix both of that. Glue records are a good thing. i mean is that exim transmits the Mail FROM:, SIZE, RCPT TO and DATA in one piece without waiting for the return code from comcast Server and so That's perfectly legal, as comcast's server is announcing the PIPELINING extension. Only that Exim does not send DATA before the response to the last RCPT TO is received. valid sender Domain. I think the Problem here is that my exim waits near to Time-Out from TCP Protocol because comcast Server doesn't answer. What makes you think that? Anyway, comcast is notorious for its broken POP3 server, and they use the same software for smtp, so it wouldn't suprise me, if they have some strange setup on them. There's no indication for a problem in Exim. If your problem persists after you fix your dns, you should complain to their postmaster. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Problem sending Mail to comcast
Tom Fischer wrote: Fixed the 1s TTL-Problem, i think i need vacation. This was only for Vacation is always good :) What makes you think that? Because when i do a telnet connection to comcast mail gateway i have to wait for about 4 minutes until it gives the return codes (maybe this is You mean the initial 220 greeting? That is way too long. Could be some network/firewall issue (ECN, icmp filtering). Is your rdns-setup ok? Hm, but even then it shouldn't take 4 minutes. related to pipeline, don't know) No, PIPELINE just means, that the remote servers can handle multiple (MAIL and RCPT) commands at once instead of one by one. It's there to make things faster. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] SA causing Exim 421 timeout/frozen messages
Bradley Walker wrote: Currently most all mail that is coming through that is getting frozen (which is 85% spam) was around 80k at the largest. The average size I would say is around 15-30k. So you could safely add a 100k (see below). This will especially help if your users receive large emails. each with about 5-10 users each so the total volume of email is probably 1000-2000 emails per month. That's really not much. condition = ${if and { \ {!def:h_X-Spam-Flag:} \ {!eq {$received_protocol}{spam-scanned}} \ {!eq {$received_protocol}{local}} \ Insert this: {{$message_size}{100k}} \ Apart from that, you'll have to analyze why is SA timing out. The SA list can help you more on that. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Opposite of ${time_interval:string} ?
Heiko Schlichting wrote: First, please read the list etiquette before posting again, esp. the paragraph about thread stealing. How can I convert 1d10h17m36s into 123456 with exim? Although exim does cumbersome (but with the right regex probably much easier) but feasible: ${eval:\ ${if match {1d10h17m36s} {\N(\d+)w\N} {$1*7*24*60*60+}}\ ${if match {1d10h17m36s} {\N(\d+)d\N} {$1*24*60*60+}}\ ${if match {1d10h17m36s} {\N(\d+)h\N} {$1*60*60+}}\ ${if match {1d10h17m36s} {\N(\d+)m\N} {$1*60+}}\ ${if match {1d10h17m36s} {\N(\d+)s\N} {$1+}}\ 0} have a function for this (readconf_readtime), I'm unable to find an expansion operator to convert as I demand. Better to put that into a string expansion function then. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] transport to another smtp
Stan Novogroudski wrote: I'll have a list of mail adresses, which have to be redirected to another smtp's [EMAIL PROTECTED] another-smtp-ONE.my-domain.foo [EMAIL PROTECTED] another-smtp-THO.my-domain.foo this should work: smtp_route: driver = manualroute transport = remote_smtp route_data = ${lookup [EMAIL PROTECTED] lsearch {/your/file}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Copy of any relayed messagges to a local user
Marco Mescoli wrote: I would use exim as relay server (SMTP server in LAN email clients) and i need a copy of any relayed messagges to a local user. Anyone can Something like this in the routers section of your config should work: local_copy: driver = redirect domains = !local_domains data = your_spy_user unseen Just make sure that mail to your_spy_user is always deliverable or the original sender will get a bounce. Setting errors_to to some administrator's address (e.g. postmaster) should prevent that. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] howto modify received_header_text
Chris Purves wrote: I would like to add a custom received_header_text as described at http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived You don't have to, because Exim sets a X-Envelope-From in the spool file which is sent to spamd. Which file do I edit/create to do this? I am using exim 4.50 with split configuratin on debian. If you still want to change the Received header then better ask on debian's Exim list. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] exim listen only on some IP's
Marc Haber wrote: Marc, who has been unsubscribed from my own mailing lists once for spamassassin rejects Are there really mailing list handlers out there that are _that_ draconic? I happily use SA on all lists (with exim-users as the only exception, but I don't really remember why). From time to time I get a probe message telling me I rejected some message(s), but only from mailing lists with loose policies (no spam filter, send without subscription). A little annoying, but still better than getting all the spam sorted in the folders. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] exim listen only on some IP's
Marc Haber wrote: For a mailing list manager, a 550 is a bounce. If you reject too much spam (which easily happens on lists with a low S/N ratio), you'll get unsubscribed. That might be true for some, but I know at least one (mlmmj) which sends out a probe and unsubscribes people only if that bounces, too. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim4 condition, need help
Jeremy Harris wrote: warn set acl_m9 = ${lookup mysql{stuff} {$value}} {$value} is not necessary here. if acl_m9 contains 1 then That isn't acl syntax either. Perhaps No, but filter syntax (same as below). Perhaps you should buy the book. It's all in the spec. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim4 condition, need help
Michael Bordignon wrote: I'm trying to have exim look at the sender address for all incoming mail, if it matches more than one row (via a mysql query) then prepend the subject with 'foo'. I've come this far; -- set acl_m9 = mysql;SELECT COUNT(*) FROM prospect_addresses WHERE email you don't need to fiddle in ACLs (and it wouldn't work with that, anyway). LIKE '$sender_address' if acl_m9 contains 1 then That would be $acl_m9. But as said, it's not needed. Just use if ${lookup mysql {SELECT COUNT(*)...}} is above 1 ... Untested, I never used lookups in a filter. Oh, and use '${quote_mysql:$sender_address}'. headers add New-Subject: [foo] ${escape:$h_subject:} probably better use ${rfc2047 than ${escape here. put the if ... endif stuff into a file (e.g. /etc/exim/system-filter) and the following lines at the top of your exim.conf: system_filter = /etc/exim/system-filter system_filter_user = your_exim_user But you should really read (at least) the documentation of Exim's filtering facilities. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: Conditional address rewriting
Jürgen Herz wrote: Ah, and the envelope from can't be rewritten in transport. return_path -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] How reject HELLO with my IP
Frank Elsner wrote: drop message = REJECTED - Bad HELO - IP address not allowed [$sender_helo_name] condition = ${if isip {$sender_helo_name}} An IP is definitly allowd, Only if in square brackets [], so isip is a good check. Most (if not all) spammers with EHLO x.x.x.x use the IP of my host, btw, but I don't check for that explicitely. but it must be the IP of the sendung host. My MUA (Thunderbird) uses the private IP inside the NATed network. I don't know a way to change that. condition = ${if eq {${lc:$sender_helo_name}}{${lc:$primary_hostname}}\ You could use eqi instead of eq ... lc And the following is more effective, I think: condition = ${if !eq {$interface_address}{$sender_host_address}} condition = ${if match_domain {$sender_helo_name}{+local_domains}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim4 condition, need help
Michael Bordignon wrote: if ${lookup mysql {SELECT COUNT(*) FROM addresses WHERE email LIKE However, it merely returns Filter error: unrecognized condition word mysql near line 10 of filter file Try surrounding the lookup with double quotes: ${lookup mysql ...} Oh, and please honour my Reply-To/Mail-Followup-To headers. No need to CC me privately. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Most Lenient RBL implimentation?
Paul Johnson wrote: bl.spamcop.net This one is good, but I strongly suggest implementing SpamAssassin at Funny. Esp. spamcop is notorious for listing arbitrary hosts with opaque reasoning and unwilling to unlist. There's also one I operate[2] and use on my mail servers that you might find useful. Right now, it's the only DNSBL I use for flat-out rejection. I'd say that's the only blacklist one should use if doing serious business. For everything else I follow what Herb Martin wrote: Use dnslists only with greylisting or scoring (e.g. SA). I do both. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] conditional whitelisting
Jeff Lasman wrote: snip accept sender_domains = +whitelist_domains domains = +local_domains /snip I think that'll do it. Am I missing something? Depending on how you check your clients' authenticity (smtp auth, allowed IP addresses etc.), you could add that also to this ACL to stop the often seen spam with a faked sender being in the same domain. That'll only work if your clients only use your hosts for sending out mail, though. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Modify headers based on MySQL lookup
Michael Bordignon wrote: I want to modify the message headers (prepend some text to the subject) based on whether or not the $sender_address is in a database. I've tried There's really no need to start a new thread for this topic, just because your message was not answered within 5 hours. I've tried a router, but it lacks the ability to add/remove headers. headers_add/remove works both in routers and transports. But it takes only effect at transport time. This is all written in the spec file... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim timeout?
Bradley Walker wrote: I posted this to the SpamAssassin mailing list and they suggested that it would be an Exim problem, due to SpamAssassin child process possibly taking a few minutes to run various spamtests on it, but Exim times out waiting for the message to come back, kills the SA child process and goes forward from there. transport_filter_timeout, default is 5 minutes. But this will not help you. Just think how many messages you can process per day if scanning a single one takes more than 5 minutes. Some advice were already given to you, without any feedback, so I guessed you just ignored it. The problem may be your exim config (rather than exim itself, else this would mean there is a flaw in Exim which has to be fixed), but the source is SA itself. SA is slow and puts a lot of load on your system. So you should stop as much garbage as possible before it hits SA. There were a bunch of discussion on the list about that and there are some hints in the Wiki. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim timeout?
Bradley Walker wrote: I didn't ignore your first message, in fact I read it, have it archived in a folder here to continue to try and discern helpful information from. Being I'm working 14-17 hours a day as a business owner, replies sometimes can't always come in due time. Sorry if I seemed rude, but the only thing that can be seen is you constantly asking about this problem, without giving feedback. appropriately. However the system itself is not under a stressful load at this point. Load averages throughout the day sometimes can even be 0.0/0.0/0.0 while email is continually being processed. It's still strange that 5 minutes is not enough for SA to process a single message. This is usually a sign of an overloaded system or very heave rulesets. What's your hardware and mail volume? btw, if you don't need user-specific rulesets and bayes-db, you should switch to content scanning at ACL time. It's less complex, more stable and lowers system load. And if you trust your users a little bit (after all, you have a contract), you can exclude authenticated senders from spam scanning. Several people on the SpamAssassin list have commented that the spamc child process has been terminated created the error that I orginially posted. That may be true, but 5 minutes should be really enough for SA to scan a message. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim timeout?
Bradley Walker wrote: - In regards to the rulesets, this is where I'm quite a bit unfamiliar about what truly is best. On one side I've been taught that the more stringent If you have a default install of SA, you use the default rulesets, which is ok I'd say (at least I am happy with them). You also said that some messages get freezed. This should normally never happen, so you should look into the exim log why this happens. For other messages that got stuck, you should look if there's a pattern. There's not much more I can tell you without further information. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim timeout?
Jeff Lasman wrote: That said, what I read seems to have boiled down to don't use spamd; instead use SA-SpamAssassin. I don't know what SA-SpamAssassin is, but using spamd is the most efficient way of using SA (if one can use efficient and SA in the same sentence at all). Recent versions of Exim have a builtin interface to spamd, using it is the best you can get. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Delivering mail for one user on two hosts
Jan-Piet Mens wrote: Any ideas how to best accomplish this with Exim ? Would an 'unseen' router help me further? Yes, if you want to preserve the envelope recipient. If not, redirect is probably better: spread: driver = redirect domains = +local_domains data = ${quote_local_part:[EMAIL PROTECTED],\ ${quote_local_part:[EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Delivering mail for one user on two hosts
Jan-Piet Mens wrote: driver = redirect data = ${quote_local_part:[EMAIL PROTECTED],\ ${quote_local_part:[EMAIL PROTECTED] If the original message were addressed to two recipients that would probably result in two distinct messages being routed to b.example.com right? routed yes, but not transported, I'd say. The exim spec says: If a message contains a number of different addresses, all those with the same characteristics (for example, the same envelope sender) that resolve to the same set of hosts, in the same order, are sent in a single SMTP transaction, But you should test it if you want to rely on it. Actually mail for these users is delivered to a central hub in Europe and I have to then forward these messages to the remote destinations keeping a copy of the message on the mail hub. So a.example.com is the same host as example.com and you want to get a copy on this host? You should have said that from the beginning. Then it's better to use a simple router, with unseen, for a local transport. Don't forget to set the return_path or errors_to option. There are lots of examples in the list archive and the wiki. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] receive emails from t-online.de
Martin Windfuhr wrote: Hello NG, This is a mailing list, not a newsgroup. how can I set up exim to receive emails from a t-online - address each 10min and forward these emails to [EMAIL PROTECTED] Just like receiving mail from any other address: Set up an MX and/or A RR pointing at your host. Restricting Exim to only receive every ten minutes is surely possible, but I don't get the point in doing so. emails from t-online should be deleted. Oh. You probably want fetchmail or getmail. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] receive emails from t-online.de
Tim Jackson wrote: scope of Exim. Use some software called fetchmail: http://www.catb.org/~esr/fetchmail/ Sorry for drifting even more into offtopic, but the ESR's original version is unmaintained and contains critical bugs. Use the new project at http://fetchmail.berlios.de/. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] greylisting builtin to exim?
Jeremy C. Reed wrote: Has there been any discussion of patching exim to add greylisting support (so outside programs are not needed)? Probably, but I don't think it's worth the hassle. You can do it more easily and much more flexible with Exim's ACLs, so there's no good to code this in the main C code. But also needed would be a way for Exim to keep time and expire the greylisted entries. (Or is that already doable?) sure, just use warn condition = ${lookup sqlite {delete from bla where ...}} but that's not really needed for _every_ connection. running this once a hour or day should be sufficient. Also, it would be interesting to have greylisting within exim so you could choose when it is used based on the dialog or host. You have the full power of Exim's ACL, you'll hardly get something better. Any examples on doing a greylist within exim without SQL server (like a cdb, dbm, or sqlite)? http://plonk.de/sw/exim/greylist.txt p.s. Anyone using spamd spam deferral daemon and available to review a chapter I am writing about it? I'm using spamd but I don't know what a spam deferral daemon is. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] HELO verification
Quoting Jerry Stuckle: However, more of the spam getting through has a HELO/EHLO name containing a random string of characters. Most spam here has ehlo/helo - numeric only (like 134965176 or -1270794688) - unqualified (like friend or localhost) - IP address without [] condition = ${if isip {$sender_helo_name}} and condition = ${if match {$sender_helo_name} {\N^[^.:]+$\N}} blocks these things here. So I'd like to check for basically anything which has one or more periods non-consecutive periods. Also, following the last period should be two to four (or is it 5? I don't remember offhand all the possibilities) characters. Longest I know of is .museum, so it's 6. To check this, you could use something like condition = ${if !match {$sender_helo_name} {\N^([a-z0-9][-_a-z0-9]*\.)+[a-z]{2,6}$\N}} But there are certainly more complete regexes on the web, bla-.example.com is also not valid AFAIK. I don't think it'll catch much spam, though. So the above two would work, but something like asderg or 14509284 would not. Neither would sdfkeoi.llsowwg. Do you have much of the .? fo89vfu4.pco6jp4.adelphia.net (real example) is also gibberish, but it's not obvious. On a similar topic - I'm considering rejecting mail from certain country TLD's which would never send mail. Not to mention any names, but I get a fair amount from .cn, .pl, .br and a few others. How could I reject mail based on a list of TLD's? cn, pl and br never send mail? That's not true. And are absolutely really sure you'll and/or your clients will never have business with them? Anyway, I think it's absolutely wrong to block whole countries. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] HELO verification
Quoting Tony Marques: I would just like to add to remember to reject your own domain names unless you like to talk you yourself. Also very popular among viruses. The OP wrote he's already doing that, so I skipped that rules: Block EHLO [my.ip.add.ress]: condition = ${if eq {[$interface_address]}{$sender_helo_name}} condition = ${if !eq {$interface_address}{$sender_host_address}} Block EHLO my.dom.ain: condition = ${if !eq {$interface_address}{$sender_host_address}} condition = ${if match_domain {$sender_helo_name}{+local_domains}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] HELO verification
Quoting Jakob Hirsch: condition = ${if !match {$sender_helo_name} {\N^([a-z0-9][-_a-z0-9]*\.)+[a-z]{2,6}$\N}} This should have been case-insensitive: condition = ${if !match {$sender_helo_name} {\N^(?i)([a-z0-9][-_a-z0-9]*\.)+[a-z]{2,6}$\N}} I have it now running with warn/log_message, but there was no host triggering it yet, so I guess it's really not useful. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: HELO verification
Quoting Jerry Stuckle: I appreciate your concern. However, you do not understand my company, my needs or my situation. Please do not think to advise me as to what I should or should not do. Nobody is doing that, but still everybody is allowed to express his opinion. If you see this as an insult on your sapience, you probably should not ask on public lists; there are surely lots of people that'll tell you only what you like for a few bucks. Unless you ante up some money for the people on the list, you are not in the position to tell anybody here to do anything. CEO. It is a small company which has only a local clientelle. We have no clients outside the local area, and no distributors outside the United States. With this attitude, this will not change. Despite the filters in place, we still get a significant amount of spam. Some people get up to 50 spams per day, even with the filters in place. So your filters are not good. Blocking countries will not solve your problems. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: HELO verification
Quoting Jerry Stuckle: I'm sorry. Yes, they are. I was not asking for advice as to whether or not I should block other countries. I was asking how to do it should I do so. It doesn't matter much. Starting a thread neither means owning the thread nor having control over it. Everybody is free the give his opinion about it. Just to give an example: If somebody ask how can redirect all mail to postmaster to /dev/null there will surely be people advising against it, even if the questioner didn't ask if it's a good idea. And frankly speaking, I'm very reluctant on helping people doing things that are plain wrong (in my opinion). Reminds me of a lot of consultants I ran into when I was an IT consultant. They knew what the customer needed better than the customer. Consultants are just like lawyers: 97% of them give the rest a bad name. But often enough, the consultant _does_ know better, because the customer does not even know what he really wants. But it depends on whether you hire somebody to solve a single, well-specified issue, or ask somebody help me make more money. Anyway, often enough I advised customers coming up with some half-baked idea not to do it, and I'd say almost all of them were happy with it afterwards. no clients outside the local area, and no distributors outside the United States. With this attitude, this will not change. Again, you know nothing about me, my company nor even what line of business I am in. Yet you already know how much my company will grow. No, I don't know anything about you or your company. And I could not care less about it. This is about blocking mail. Pointing out your great company, you being the big boss of it, your 400 years of IT experience or whatever doesn't add any relevant facts to the discussion. spam. Some people get up to 50 spams per day, even with the filters in So your filters are not good. Blocking countries will not solve your problems. Our filters are good. But we need them better. And it is up to Obviously, they are not good, but that depends on your definition of good, of course. The spam volume in my inbox is 3 messages per day (maximum, most of the time it's 0 or 1), without blindy blocking hosts based on some far correlation. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Re: HELO verification
Quoting Mar Matthias Darin: save /dev/null sorry, but this turns a wrong idea into a stupid one. If you don't like mail, be polite enough to reject it at smtp time. Exim's ACLs are powerful enough to do that. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim rewrites Return-Path when it shouldn't
Quoting daniel: control = submission This should probably be control = submission/sender_retain Otherwise, Exim seems to take $authenticated_id and adds the default domain. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Exim rewrites Return-Path when it's configured to
Quoting Marc Sherman: control = submission/sender_retain Otherwise, Exim seems to take $authenticated_id and adds the default domain. Actually, the best solution is: control = submission/domain= In this special case, yes, if the authenticated id is guaranteed to be a valid email address. But many setups allow authentication with the @ replaced by %, ! or other characters like that. I'd prefer to block spoofed sender addresses instead of silently applying such magic, at least unless there are many users with badly set up clients. benefit is that when a user sends a message From: a shared role address (such as [EMAIL PROTECTED]), bounces will go to the actual sender, not to everyone subscribed to the role address. Good point. Personally, I'd prefer to do that explicitely (errors_to/return_path), I think it's more obvious, but that's kind of personal taste. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] setup Exim to improve SMTP performance
Quoting Olivier Bonvalet: I haven't got enough entropy on my servers, and /dev/random is blocking. Now, I'll search to a true solution : Do you really need TLS for sending out your newsletter? If not: hosts_avoid_tls is expanded, so you could use it for disabling TLS when sending out the newsletter (detected by sender address, header, subject etc.). If yes: I think there's not much you can do in Exim, it's caused by the system itself. You can try to get more entropy, either by using a script as the one on the page you posted, or by patching the kernel. As the page mentions, there was a change somewhere between 2.6.9 and 2.6.12 (AFAIR), where the network interface was removed as an entropy source for security reasons. I saw a kernel patch to change that back a while ago. Other possible ways are: - a hardware RNG, either in the chipset (supported by the kernel) or from a cheap microphone (kernel patch available) - Entropy Gathering Daemon (EGD) or similar user space tools, must be supported by your software (patched openssl?) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] Problem Owner, group or Mode of Exim4
Quoting Jason Meers: Usual Permissions required on Config Files owner:exim, group:exim, permissions:644 This should be 640, at least if you have secret information like passwords (e.g. for db access) or private keys in your config. The exim binary is usually SUID, so it will have sufficient rights to read its config, even if called by an unprivileged user. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] feature request: set authenticated
Quoting Steffen Heil: I know, I can do all this using $ack_cX, but I have a lot of rules, all of is it really so hard? set a macro, e.g. ACL_AUTHENTICATED = acl_c99 In some acl (e.g. mail from, that's usually the first one used after authentication): warn authenticated = * set ACL_AUTHENTICATED = $authenticated_id warn condition = ... set ACL_AUTHENTICATED = $authenticated_id and replace all authenticated = * lines with condition = ${if def:ACL_AUTHENTICATED}. Or am I missing something? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: [exim] What are the options?
Quoting Tony Finch: it won't hurt and it will tell the clueful ones that the spam is not sent by It will hurt: you will no longer be able to email a significant proportion of the users at many sites. In theory, maybe, but you'll get notified (as long as nobody's blackholing). In pratice, I didn't get a single notification of such an event in the time I have a SPF record published (which was not long after the SPF introduction, but I don't remember either date). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/