4.94 worked, while 4.94.2 doesn't).
While we can cherry-pick that commit, I'm not sure, if we really want
it, until we know how it made its way into the OP's 4.94.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de --
Heiko Schlittermann via Exim-users (Di 04 Mai 2021
17:44:23 CEST):
> Odhiambo Washington via Exim-users (Di 04 Mai 2021
> 17:00:36 CEST):
> > On Tue, May 4, 2021 at 4:52 PM Heiko Schlittermann via Exim-users <
> > temporarily rejected after DATA: failed to expand
Kai Bojens via Exim-users (Di 04 Mai 2021 17:28:41 CEST):
> Am 04.05.21 um 15:40 schrieb Heiko Schlittermann via Exim-users:
> „These vulnerabilities were reported by Qualys via secur...@exim.org back in
> October 2020.”
>
> Please don't take this the wrong way - but I have to a
Odhiambo Washington via Exim-users (Di 04 Mai 2021
17:00:36 CEST):
> On Tue, May 4, 2021 at 4:52 PM Heiko Schlittermann via Exim-users <
> temporarily rejected after DATA: failed to expand ACL string "${lookup
> sqlite,file=/var/spool/exim/db/greylist.db {SELECT host from resen
you to turn the
taint errors into warnings. (Debian is set to include this "taintwarn"
patch in its Exim 4.94.2 release).
Thank you for using Exim.
Thanks to Qualys for reporting the issues.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
H
TLSA records)
Extended master secret: no
For the upcoming 4.94.2 a patch is part of the 4.94.2+fixes branch
already. It will be cherry-picked to master soon.
Thank you again for your fast response yesterday.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schl
Hi Viktor,
thanks for your answers so far. I can reproduce the issue locally with a
minimal config and I'll return as soon as I've more information.
(locally means: other version of OpenSSL, but same Exim version.)
--
Heiko
signature.asc
Description: PGP signature
--
## List details at
th older Exim 4.92.3 it works (openssl 1.1.0i)
Any idea? For what I understand about DANE, it shouldn't care about the
CA cert, should it? (The TLSA record uses 3 1 1)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -
hosts_require_tls = ${if match{$h_subject:}{\N^\[secure\]\N}{*}}
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax
t regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69
Thank you for spending your time :)
Andreas Metzler via Exim-users (So 25 Apr 2021 08:12:58
CEST):
> void
> -openlogs();
> +open_logs(const char *m);
> is the proper fix?
It is one possible fix. But the char* isn't used anymore (was there for
debugging). I updated the branch.
> log.c: In
+fixes+taintwarn
https://gitea.schlittermann.de/heiko/exim/src/branch/exim-4.94+fixes+taintwarn
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann,
can
pay for it.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages a
jradxl5--- via Exim-users (Mi 21 Apr 2021 14:59:20 CEST):
> I have Exim4 running on my Ubuntu 20.10 server and have successfully got
> local mail and SMTP outgoing to a SmartHost working fine. Thus, I now have
> the host and password stored in /etc/exim4/passwd.client
>
>
> Is it possible to
am to work on these reported issues in a timely manner.
We explicitly thank Qualys for reporting *and* for providing patches for
most of the reported vulnerabilities.
Thank you for using Exim.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLIT
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
signature.asc
Desc
ample.com
[exim]
...
hosts_proxy = x.x.x.x
daemon_smtp_ports = ... : 465
tls_on_connect_ports = 465
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko
AIN}}} {no}{yes}}\
> }}
server_condition = ${if or{\
{bool{{${lookup mysql {MYSQL_AUTH_GWUSERPLAIN}}} {no}{yes}}}\
{bool{{${lookup mysql {MYSQL_AUTH_PLAIN}}} {no}{yes}}}\
}}
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
Hi Andreas,
the problem isn't caused by the new allow_insecure_tainted_data, but
these warnings trigger the issue.
We're in progress fixing it.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
Heiko Schlittermann via Exim-users (So 11 Apr 2021
09:08:10 CEST):
> Hi Andreas,
>
> which commit ID your build is based on? I'd like to reproduce it
> locally.
I can reproduce it using a minimal config, going to check it now.
(The version I'm running on production systems does
Hi Andreas,
which commit ID your build is based on? I'd like to reproduce it
locally.
Andreas Metzler via Exim-users (So 11 Apr 2021 08:51:48
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_
Andreas Metzler via Exim-users (Sa 10 Apr 2021 18:06:05
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_insecure_tainted_data = yes
> > .endif
> [...]
> &g
Andreas Metzler via Exim-users (Sa 10 Apr 2021 17:37:56
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_insecure_tainted_data = yes
> > .endif
> [...]
ttps://git.exim.org/users/heiko/exim.git/shortlog/refs/heads/hs/wip/taintwarn
Same here, please expect rewrites of the Git history, as long as I'm
working on it.
Suggestions, question, remarks are welcome.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
Felipe Gasper (Mo 05 Apr 2021 22:46:31 CEST):
>
>
> On another note, I’ve noted via the same parse that this in exim.conf:
>
> -
> router_home_directory =
> ${extract{5}{::}{${lookup{${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value
> -
>
> …
stand this, but we can't do that yet and there are no plans yet to
implement it.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351
krzf83--- via Exim-users (Do 01 Apr 2021 01:58:43 CEST):
> I got remote mail server that for some reason don't accept connections
> from my IP this way:
> # nc mx.poczta.onet.pl 25
> 220-mx.poczta.onet.pl ESMTP
> 521 5.7.1 Service unavailable; client [5.9.116.9] blocked using
>
MRob via Exim-users (Di 23 Mär 2021 22:37:45 CET):
> > > Thankyou.
> >
> > Is your server a high volume server? Are there messages
> > relayed/received/transmitted during the cronjob's time?
>
> probably not so high volume compare to others but enough so yes we do have
> mail received during
MRob via Exim-users (Mo 22 Mär 2021 09:36:54 CET):
> Jeremy and Heiko thank you for replying. Mine was only a guess about
> exim_tidydb but I have no evidence. Its a guess because the error always
> occurr at cron time for a few messages per day. No NFS. I will look more
> research and try to
of -H or -D files may happen.
Do you use NFS?
Do you have multiple instances of Exim accessing the same directory?
How can you tell that's related to exim_tidydb and the cron job?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de --
t.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- k
un Mar 7 00:36:27 2021 +0100
Commit: Heiko Schlittermann (HS12-RIPE)
CommitDate: Sun Mar 7 00:39:31 2021 +0100
Docs: typos
commit 91738816c20ed0f456888ee7197024a5de3e44c9
Author: Jim Pazarena
AuthorDate: Thu Feb 18 21:23:08 2021 +
Commit: Jeremy Harris
Hi Rainer,
Rainer Dorsch via Exim-users (Di 02 Mär 2021 22:24:16
CET):
> 2021-03-02 22:18:06 1lHCP8-0004Ow-5K <= cont...@bokomoko.de H=(h370.localnet)
> [2a02:8070:898f:e400:1a31:bfff:fe52:1b1c] P=esmtpsa
> X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no A=login_saslauthd_server:rdx
>
I also get plenty of successful mail from outlook.com so its confusing. But
> some remote sender using microsoft reported getting mail returned due to
> expired retries/unable to connect.
That can be related, but doesn't have to be related.
Best regards from Dresden/Germany
how us your ACL.
> Could someone help me finding the problem?
There is the *fakereject* ACL verb, did you use it?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko
s, and then use "$domain_data", which will be untainted.
system_aliases:
…
domains = +local_domains
data =
${lookup{$local_part}lsearch*@{/etc/exim4/aliases.d/$domain_data}}
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHL
vious mail
doesn't seem to contain "invalid" use of relay_from_hosts, or, at least
I wasn't able to spot it.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schli
L seperately.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome -
se_condition = IS_TLS
-
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are we
Definitly.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --
Snippets from your
configuration?
(IMHO the DKIM signature verification is triggered always, but it is up
to your config to use/ignore the outcome of the verification)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---
on #Exim,
the mailing lists and via direct contacts.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
g
Andreas (Fr 04 Dez 2020 14:56:43 CET):
> > And you do not have any chance to direct the App to Port 465, where Exim
> > offers tls_con_connect (as you you configured it)?
> I have, as I wrote. But if I give the port to the app, I only see the
> following in the log and not the line from above:
>
dn't tell us the App, did you?
One possible way would be to have Exim running on another IP address to
and use tls_on_connect there for port 25. Or at least (or even better)
use DNAT/REDIRECT on another IP:25 and redirect the traffic to Exim:465
Best regards from Dresden/Germany
Christian Eyrich via Exim-users (Mo 16 Nov 2020 16:57:31
CET):
> I've two hosts with an Exim installation. I want to get locally created
> mails send to my admin mailbox.
>
> That works if I create a mail via the pattern
> $ mail admin@domain
>
Can you provide the output of `exim -bP config`?
by specialized
functions.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are w
dkim_private_key =
/etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}}
or
dkim_private_key =
${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}}
This can give us flexibility where the current lookup based way of
untainting doesn't work.
Best regards from Dresden/G
deas ;)) My thoughts I'll present here later.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
Frank Elsner via Exim-users (Di 27 Okt 2020 20:32:06 CET):
> my eximstats output shows
>
> Top 20 temporarily rejected ips by message count
>
> Messages Temporarily rejected ip
> 23 local
>
> I'd like to know more about these
}{}{<…>}}
At "<…>" you need to insert the original received header text, which you
might retrieve via
exim -C /dev/null -bP received_header_text
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -
o_add option.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --
works-for-me script, not intended as a
reference for anything (scripting, Perl, Exim, style, security). But is
still activly used and maintained by me.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet &
Jeremy Harris via Exim-users (Fr 11 Sep 2020 18:15:28
CEST):
> >> Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51
> >> CEST):
> >>> Howdy,
> >>> I have Exim version 4.92 #3 built 07-May-2019 17:44:23
>
> Note that Buster, at least, is showing 4.92-8+deb10u4
My git repo on exim.org:
Heiko Schlittermann via Exim-users (Sa 26 Sep 2020
14:44:56 CEST):
> Jeremy Harris via Exim-users (Sa 26 Sep 2020 14:17:45
> CEST):
> I'm Working on a backport right now.
Please check
https://git.exim.org/users/heiko/exim.git
I pushed my backport to the branch "hs12
Jeremy Harris via Exim-users (Sa 26 Sep 2020 14:17:45
CEST):
> > 8f9adfd36222d4e9e730734e00dffe874073e5b4 ?
>
> Certainly the latter, probably both would be good to grab.
> Unfortunately they do not directly apply; a backport effort
> would be required.
>
> The regression testcase for it in
Jeremy Harris via Exim-users (Fr 25 Sep 2020 14:12:31
CEST):
> Debian Sid has a 4.94-related looking package version for Exim;
> I don't know if the 4.92-based one in Buster picks up this
> sort of change from the project.
I believe we offered support for backporting the Cork patch, but I
Christian Eyrich via Exim-users (Fr 25 Sep 2020 11:26:09
CEST):
> Hi there,
>
> sadly I didn’t make progress with my GMX problem. But during my tests I came
> across another problem.
> I’ve sent mails from @outlook.de to my server but the TLS encrypted
> communication just stops at one point
Henry Pootel via Exim-users (Fr 18 Sep 2020 10:13:08
CEST):
>
> I would like to deprecate find usernames for special uids and take default
> username(s) (if it necessary for exim). Is it possible?
No, Exim needs to "track" the origin of the local sender. And this is
done by a "reverse lookup"
Henry Pootel via Exim-users (Di 15 Sep 2020 11:27:48
CEST):
> I've some php scripts which start by uid without username and send
> mails. (It's not a spam.)
>
> exim panic and say "Failed to get user name for uid 2045 ..."
> Yes, the uid has not a user name in /etc/passwd.
As far as I
Heiko Schlittermann via Exim-users (Fr 11 Sep 2020
08:56:37 CEST):
> Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51
> CEST):
> > Howdy,
> > I have Exim version 4.92 #3 built 07-May-2019 17:44:23
> > on both the backup MX and the main MX (both running debian)
>
Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51 CEST):
> Howdy,
> I have Exim version 4.92 #3 built 07-May-2019 17:44:23
> on both the backup MX and the main MX (both running debian)
…
> MX sends to the main MX, and the mail gets delivered to my mailbox, but
> the transaction isn't finished
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- ke
t regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key
d there is no list of items to be
expanded or not expanded. But… I might be wrong.
Can you post the smallest working config that you use to reproduce the
behaviour?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
Frank Heydlauf via Exim-users (Mi 29 Jul 2020 11:48:55
CEST):
> My exim4.config sample:
> ```
> ...
> keep_environment = EH : EXIM_HOSTNAME : EXIM_HELONAME
> smtp_active_hostname = ${env{EXIM_HOSTNAME}{$value}{hostname-undefined}}
>
> ...
> begin transports
> ...
> remote_smtp:
>
Evgeniy Berdnikov via Exim-users (Do 16 Jul 2020 18:14:21
CEST):
> Unique mails MUST have unique Message-Id's. Some mail storage systems
> (Cyrus, for example) remove duplicates by message-id automatically.
And I'm looking for the cyrus option, that would disable exactly this.
Often I get
Jeremy Harris via Exim-users (Mi 01 Jul 2020 17:55:47
CEST):
> > 1) in a system filter file
> > 2) in ACL associated with the DATA command …
> >- acl_smtp_predata
> >- acl_smtp_data
> >- acl_smtp_mime
> >- acl_not_smtp_start
> >
rk arounds, but anyway… there
may be other use cases.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
g
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome -
you mind me
taking the keypoints of these notes to the Exim specification?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +4
Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
signature.asc
Description: PGP signa
" and enjoy more control using regular
expressions.
Please do not tell anybody if this works, as it invalidates the taint
checks completly and puts you back at the risk of getting a "pathname
attack" with an invalid domain name, or local part.
You should make sure to test all th
Ken,
I already started to prepare a section about the motivation of tainting
and about how to de-taint.
Maybe I can share it before we include it into the official docs.
(As it keeps biting me too ;)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
Mikhail Golub via Exim-users (Mi 03 Jun 2020 10:42:35
CEST):
> Hi.
>
> FreeBSD, Exim from ports.
> Exim version 4.94 #0 (FreeBSD 12.1) built 02-Jun-2020 17:33:19
>
> exim -d -q5m
>
> 42885 creating notifier socket
> 42885 /var/spool/exim/exim_daemon_notify
> 42885 LOG: MAIN PANIC
> 42885
Sebastian Nielsen via Exim-users (Mi 20 Mai 2020 10:15:43
CEST):
> I have got a little problem with my exim installation in debian.
>
> I have compiled exim from source and installed. However, since I don't want
> to compile all libraries aswell, I have chosen to install the corresponding
>
ding from accounts that have aligment set to strict.
Because you changed the "origin" of the message, didn't you?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko
Jeremy Harris via Exim-users (So 05 Apr 2020 14:05:01
CEST):
> On 05/04/2020 12:49, Heiko Schlittermann via Exim-users wrote:
> > Maybe we're talking about the same, bot I didn't get your point.
> > That's what I think:
> >
> > systemd Type=forking
&
Jeremy Harris via Exim-users (So 05 Apr 2020 12:33:58
CEST):
> On 05/04/2020 11:13, Heiko Schlittermann via Exim-users wrote:
> >
> > And in forking mode? I *think*, as soon as the forking process returns,
> > systemd assumes the service is available, doesn't it? Thus, th
> >
> > True, you do not have to have the service running in foreground mode.
> > But it would make systemd happier.
>
> Is there any specific advantage?
For what I understood - the main advantage is, that systemd doesn't have
to guess the PID if the main process. And can do a better job in
adWriteDirectories=/var/log/exim4
[Install]
WantedBy=multi-user.target
Alias=exim4.service
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlitterm
ace to ask for help in situations like
yours. I'll remove this pull request later and we can continue this
conversation on the exim-users@exim.org mailing list.
What to do now?
Simply kill all the processes that block your port.
fuser -kv 25/tcp
might help. Or use any other tool suitable
ure if we're flexible enough
with the ACL
begin acl
acl_auth:
require =
require =
require =
accept
begin authenticators
PLAIN:
driver = plaintext
server_condition = acl_auth
Best regards from Dresden/Germany
Viele Grüße aus
ig-using-Perl-Mail::SRS
How did you test your setup. Please, if possible, do not obfuscate the
used domains.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlitt
arrior) system.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are wel
ne banner.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome -
tanding and handling this well.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages
Mark Elkins via Exim-users (So 16 Feb 2020 16:44:49 CET):
> Hi,
>
> I run a few machines with exim - for both Submission (SMTP relay) and for
> receiving emails for quite a few email addresses in numerous domains.
> My users are stored in a database for ease of configuration.
> I run Gentoo and
Martin Reising via Exim-users-de (So 16 Feb 2020
17:00:12 CET):
> In meinem /usr/local/sbin/dehydrated-renew benutze ich nur -enddate
>
># get cert enddate Not After
>endzert=$(openssl x509 -enddate -noout -in ${zert}/cert.pem | cut -d"="
> -f2)
># convert to epoch -15 days
>
die Files lesen können.
-rw-r- root Debian-exim ssl.pem
wäre das, was ich hier empfehle.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann
Kai Bojens via Exim-users (Do 13 Feb 2020 13:03:22 CET):
> I was reading this article[1] which was featured on LWN[2] some days
> ago. The blog post is about the systemd sandboxing and a possible way to
> prevent remote code execution as recently with the OpenSMTPD bug. In
> order to secure a
Jutta Wrage via Exim-users-de (Di 11 Feb 2020 22:48:12
CET):
> Hallo!
>
> Am 11.02.2020 um 11:15 schrieb Heiko Schlittermann via Exim-users-de:
>
> > condition = ${if gt{$acl_m_list_seen}{1}}
>
> Ich habe noch mal nachgedacht. Es gibt doch Variablen, die währen
Jutta Wrage via Exim-users-de (Di 11 Feb 2020 22:47:48
CET):
> Hallo Heiko,
>
> Am 11.02.2020 um 11:15 schrieb Heiko Schlittermann via Exim-users-de:
>
> > deny message= no crossposting for $local_part@$domain
> > recipients = lsearch;$config_di
= ${eval:$acl_m_list_seen + 1}
condition = ${if gt{$acl_m_list_seen}{1}}
Vielleicht geht es auch einfacher. Aber die Richtung etwa wäre das
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
Hello,
we're asked to analyze a DMARC failure from Feb 3rd, please contact me
privately. It seems you're using Exim on your MXs.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix sup
l
|
`-> acl_check_rcpt:
accept hosts = :
…
Das spec enthält auch Beispiele bzw. des gibt eine kommentierte Example
Konfiguration. /usr/share/doc/exim4-base/..
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de --
nger bereits zugestimmt.
Also ein Flag setzen, wenn der Böse sichtbar wird, und dann in der
DATA ACL ablehnen.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlitt
ort
Exim allows you to manipulate the report
… = X-Spam-Report: ${sg{$spam_report}{\N^\s*$\N}{}}
** untested, but that's the way I'd take. See the spec.txt for the "sg"
operator.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLIT
gards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID
Jutta Wrage via Exim-users-de (So 26 Jan 2020 16:09:48
CET):
>
> ... verwalten muß. Aber hoffentlich nicht allein.
>
> Ich denke, ich brauche mehr Informationen zu TLS/SSL auf einem Server.
> Da das wohl auch andere interessiert frage ich hier:
>
> Gib es etwas neueres als das O'Reilly-Buch von
> verloren.
Dann musst Du diese Quellen noch mal lesen. Beides ist sehr vernünftig
geschrieben und müsste so ziemlich alle Information enthalten, die Du
benötigst. Plus etwas Fachwissen, das aber mit Exim nichts zu tun hat.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
101 - 200 of 1482 matches
Mail list logo