Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)

2021-05-04 Thread Heiko Schlittermann via Exim-users
4.94 worked, while 4.94.2 doesn't). While we can cherry-pick that commit, I'm not sure, if we really want it, until we know how it made its way into the OP's 4.94. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de --

Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)

2021-05-04 Thread Heiko Schlittermann via Exim-users
Heiko Schlittermann via Exim-users (Di 04 Mai 2021 17:44:23 CEST): > Odhiambo Washington via Exim-users (Di 04 Mai 2021 > 17:00:36 CEST): > > On Tue, May 4, 2021 at 4:52 PM Heiko Schlittermann via Exim-users < > > temporarily rejected after DATA: failed to expand

Re: [exim] Exim 4.94.2 - security update released

2021-05-04 Thread Heiko Schlittermann via Exim-users
Kai Bojens via Exim-users (Di 04 Mai 2021 17:28:41 CEST): > Am 04.05.21 um 15:40 schrieb Heiko Schlittermann via Exim-users: > „These vulnerabilities were reported by Qualys via secur...@exim.org back in > October 2020.” > > Please don't take this the wrong way - but I have to a

[exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)

2021-05-04 Thread Heiko Schlittermann via Exim-users
Odhiambo Washington via Exim-users (Di 04 Mai 2021 17:00:36 CEST): > On Tue, May 4, 2021 at 4:52 PM Heiko Schlittermann via Exim-users < > temporarily rejected after DATA: failed to expand ACL string "${lookup > sqlite,file=/var/spool/exim/db/greylist.db {SELECT host from resen

[exim] Exim 4.94.2 - security update released

2021-05-04 Thread Heiko Schlittermann via Exim-users
you to turn the taint errors into warnings. (Debian is set to include this "taintwarn" patch in its Exim 4.94.2 release). Thank you for using Exim. Thanks to Qualys for reporting the issues. Best regards from Dresden/Germany Viele Grüße aus Dresden H

Re: [exim] DANE vs unknown CA

2021-05-03 Thread Heiko Schlittermann via Exim-users
TLSA records) Extended master secret: no For the upcoming 4.94.2 a patch is part of the 4.94.2+fixes branch already. It will be cherry-picked to master soon. Thank you again for your fast response yesterday. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schl

Re: [exim] DANE vs unknown CA

2021-05-03 Thread Heiko Schlittermann via Exim-users
Hi Viktor, thanks for your answers so far. I can reproduce the issue locally with a minimal config and I'll return as soon as I've more information. (locally means: other version of OpenSSL, but same Exim version.) -- Heiko signature.asc Description: PGP signature -- ## List details at

[exim] DANE vs unknown CA

2021-05-02 Thread Heiko Schlittermann via Exim-users
th older Exim 4.92.3 it works (openssl 1.1.0i) Any idea? For what I understand about DANE, it shouldn't care about the CA cert, should it? (The TLSA record uses 3 1 1) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -

Re: [exim] Development Request for Selectable Opportunistic vs. Forced TLS

2021-04-30 Thread Heiko Schlittermann via Exim-users
hosts_require_tls = ${if match{$h_subject:}{\N^\[secure\]\N}{*}} Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax

Re: [exim] “condition check lookup defer”

2021-04-30 Thread Heiko Schlittermann via Exim-users
t regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-25 Thread Heiko Schlittermann via Exim-users
Thank you for spending your time :) Andreas Metzler via Exim-users (So 25 Apr 2021 08:12:58 CEST): > void > -openlogs(); > +open_logs(const char *m); > is the proper fix? It is one possible fix. But the char* isn't used anymore (was there for debugging). I updated the branch. > log.c: In

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-24 Thread Heiko Schlittermann via Exim-users
+fixes+taintwarn https://gitea.schlittermann.de/heiko/exim/src/branch/exim-4.94+fixes+taintwarn Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann,

Re: [exim] EXIM clusters and rate limiting

2021-04-22 Thread Heiko Schlittermann via Exim-users
can pay for it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages a

Re: [exim] Exim4 using libsecret, secret-tool or keyring?

2021-04-22 Thread Heiko Schlittermann via Exim-users
jradxl5--- via Exim-users (Mi 21 Apr 2021 14:59:20 CEST): > I have Exim4 running on my Ubuntu 20.10 server and have successfully got > local mail and SMTP outgoing to a SmartHost working fine. Thus, I now have > the host and password stored in /etc/exim4/passwd.client > > > Is it possible to

[exim] Exim security release ahead

2021-04-21 Thread Heiko Schlittermann via Exim-users
am to work on these reported issues in a timely manner. We explicitly thank Qualys for reporting *and* for providing patches for most of the reported vulnerabilities. Thank you for using Exim. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLIT

Re: [exim] RELAY NOT PERMITED exim4

2021-04-21 Thread Heiko Schlittermann via Exim-users
Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Desc

Re: [exim] haproxy smtps problem

2021-04-16 Thread Heiko Schlittermann via Exim-users
ample.com [exim] ... hosts_proxy = x.x.x.x daemon_smtp_ports = ... : 465 tls_on_connect_ports = 465 Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko

Re: [exim] Combining server_condition

2021-04-16 Thread Heiko Schlittermann via Exim-users
AIN}}} {no}{yes}}\ > }} server_condition = ${if or{\ {bool{{${lookup mysql {MYSQL_AUTH_GWUSERPLAIN}}} {no}{yes}}}\ {bool{{${lookup mysql {MYSQL_AUTH_PLAIN}}} {no}{yes}}}\ }} Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann --

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-12 Thread Heiko Schlittermann via Exim-users
Hi Andreas, the problem isn't caused by the new allow_insecure_tainted_data, but these warnings trigger the issue. We're in progress fixing it. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-11 Thread Heiko Schlittermann via Exim-users
Heiko Schlittermann via Exim-users (So 11 Apr 2021 09:08:10 CEST): > Hi Andreas, > > which commit ID your build is based on? I'd like to reproduce it > locally. I can reproduce it using a minimal config, going to check it now. (The version I'm running on production systems does

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-11 Thread Heiko Schlittermann via Exim-users
Hi Andreas, which commit ID your build is based on? I'd like to reproduce it locally. Andreas Metzler via Exim-users (So 11 Apr 2021 08:51:48 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-10 Thread Heiko Schlittermann via Exim-users
Andreas Metzler via Exim-users (Sa 10 Apr 2021 18:06:05 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > > allow_insecure_tainted_data = yes > > .endif > [...] > &g

Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-10 Thread Heiko Schlittermann via Exim-users
Andreas Metzler via Exim-users (Sa 10 Apr 2021 17:37:56 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > > allow_insecure_tainted_data = yes > > .endif > [...]

[exim] "allow_insecure_tainted_data = yes" - was: tainted data issues

2021-04-06 Thread Heiko Schlittermann via Exim-users
ttps://git.exim.org/users/heiko/exim.git/shortlog/refs/heads/hs/wip/taintwarn Same here, please expect rewrites of the Git history, as long as I'm working on it. Suggestions, question, remarks are welcome. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann

Re: [exim] normalized config format?

2021-04-05 Thread Heiko Schlittermann via Exim-users
Felipe Gasper (Mo 05 Apr 2021 22:46:31 CEST): > > > On another note, I’ve noted via the same parse that this in exim.conf: > > - > router_home_directory = > ${extract{5}{::}{${lookup{${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value > - > > …

Re: [exim] normalized config format?

2021-04-05 Thread Heiko Schlittermann via Exim-users
stand this, but we can't do that yet and there are no plans yet to implement it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351

Re: [exim] remote smtp 521. Exim drops email silently! Bug?

2021-04-01 Thread Heiko Schlittermann via Exim-users
krzf83--- via Exim-users (Do 01 Apr 2021 01:58:43 CEST): > I got remote mail server that for some reason don't accept connections > from my IP this way: > # nc mx.poczta.onet.pl 25 > 220-mx.poczta.onet.pl ESMTP > 521 5.7.1 Service unavailable; client [5.9.116.9] blocked using >

Re: [exim] Spool file not found - related to exim_tinydb?

2021-03-23 Thread Heiko Schlittermann via Exim-users
MRob via Exim-users (Di 23 Mär 2021 22:37:45 CET): > > > Thankyou. > > > > Is your server a high volume server? Are there messages > > relayed/received/transmitted during the cronjob's time? > > probably not so high volume compare to others but enough so yes we do have > mail received during

Re: [exim] Spool file not found - related to exim_tinydb?

2021-03-22 Thread Heiko Schlittermann via Exim-users
MRob via Exim-users (Mo 22 Mär 2021 09:36:54 CET): > Jeremy and Heiko thank you for replying. Mine was only a guess about > exim_tidydb but I have no evidence. Its a guess because the error always > occurr at cron time for a few messages per day. No NFS. I will look more > research and try to

Re: [exim] Spool file not found - related to exim_tinydb?

2021-03-21 Thread Heiko Schlittermann via Exim-users
of -H or -D files may happen. Do you use NFS? Do you have multiple instances of Exim accessing the same directory? How can you tell that's related to exim_tidydb and the cron job? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de --

Re: [exim] string_sprintf expansion was longer than 32768

2021-03-19 Thread Heiko Schlittermann via Exim-users
t. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- k

Re: [exim] documentation corrections

2021-03-06 Thread Heiko Schlittermann via Exim-users
un Mar 7 00:36:27 2021 +0100 Commit: Heiko Schlittermann (HS12-RIPE) CommitDate: Sun Mar 7 00:39:31 2021 +0100 Docs: typos commit 91738816c20ed0f456888ee7197024a5de3e44c9 Author: Jim Pazarena AuthorDate: Thu Feb 18 21:23:08 2021 + Commit: Jeremy Harris

Re: [exim] T=remote_smtp: message is too big (transport limit = 1)

2021-03-02 Thread Heiko Schlittermann via Exim-users
Hi Rainer, Rainer Dorsch via Exim-users (Di 02 Mär 2021 22:24:16 CET): > 2021-03-02 22:18:06 1lHCP8-0004Ow-5K <= cont...@bokomoko.de H=(h370.localnet) > [2a02:8070:898f:e400:1a31:bfff:fe52:1b1c] P=esmtpsa > X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no A=login_saslauthd_server:rdx >

Re: [exim] syscall: Connection reset by peer (outlook.com)

2021-02-27 Thread Heiko Schlittermann via Exim-users
I also get plenty of successful mail from outlook.com so its confusing. But > some remote sender using microsoft reported getting mail returned due to > expired retries/unable to connect. That can be related, but doesn't have to be related. Best regards from Dresden/Germany

Re: [exim] Very strange problem: E-Mail denied by ACL, but send via router

2021-02-24 Thread Heiko Schlittermann via Exim-users
how us your ACL. > Could someone help me finding the problem? There is the *fakereject* ACL verb, did you use it? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko

Re: [exim] Problem with lookup an alias for a domain

2021-02-15 Thread Heiko Schlittermann via Exim-users
s, and then use "$domain_data", which will be untainted. system_aliases: … domains = +local_domains data = ${lookup{$local_part}lsearch*@{/etc/exim4/aliases.d/$domain_data}} Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHL

Re: [exim] no IP address found for host

2021-02-08 Thread Heiko Schlittermann via Exim-users
vious mail doesn't seem to contain "invalid" use of relay_from_hosts, or, at least I wasn't able to spot it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schli

Re: [exim] Exim authentication on port 465, 587

2021-02-07 Thread Heiko Schlittermann via Exim-users
L seperately. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome -

Re: [exim] Exim authentication on port 465, 587

2021-02-07 Thread Heiko Schlittermann via Exim-users
se_condition = IS_TLS - Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are we

Re: [exim] error 421 on a new exim4 server

2021-01-08 Thread Heiko Schlittermann via Exim-users
Definitly. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --

Re: [exim] dkim

2021-01-04 Thread Heiko Schlittermann via Exim-users
Snippets from your configuration? (IMHO the DKIM signature verification is triggered always, but it is up to your config to use/ignore the outcome of the verification) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---

[exim] Postponed release of Exim 4.94+

2020-12-28 Thread Heiko Schlittermann via Exim-users
on #Exim, the mailing lists and via direct contacts. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - g

Re: [exim] Android Outlook App

2020-12-04 Thread Heiko Schlittermann via Exim-users
Andreas (Fr 04 Dez 2020 14:56:43 CET): > > And you do not have any chance to direct the App to Port 465, where Exim > > offers tls_con_connect (as you you configured it)? > I have, as I wrote. But if I give the port to the app, I only see the > following in the log and not the line from above: >

Re: [exim] Android Outlook App

2020-12-04 Thread Heiko Schlittermann via Exim-users
dn't tell us the App, did you? One possible way would be to have Exim running on another IP address to and use tls_on_connect there for port 25. Or at least (or even better) use DNAT/REDIRECT on another IP:25 and redirect the traffic to Exim:465 Best regards from Dresden/Germany

Re: [exim] qualify_domain ignored

2020-11-16 Thread Heiko Schlittermann via Exim-users
Christian Eyrich via Exim-users (Mo 16 Nov 2020 16:57:31 CET): > I've two hosts with an Exim installation. I want to get locally created > mails send to my admin mailbox. > > That works if I create a mail via the pattern > $ mail admin@domain > Can you provide the output of `exim -bP config`?

Re: [exim] tainted data issues

2020-11-12 Thread Heiko Schlittermann via Exim-users
by specialized functions. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are w

Re: [exim] tainted data issues

2020-11-10 Thread Heiko Schlittermann via Exim-users
dkim_private_key = /etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}} or dkim_private_key = ${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}} This can give us flexibility where the current lookup based way of untainting doesn't work. Best regards from Dresden/G

[exim] tainted data issues

2020-11-09 Thread Heiko Schlittermann via Exim-users
deas ;)) My thoughts I'll present here later. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -

Re: [exim] local rejects

2020-10-27 Thread Heiko Schlittermann via Exim-users
Frank Elsner via Exim-users (Di 27 Okt 2020 20:32:06 CET): > my eximstats output shows > > Top 20 temporarily rejected ips by message count > > Messages Temporarily rejected ip > 23 local > > I'd like to know more about these

Re: [exim] Don't add received header for scanned mails

2020-10-20 Thread Heiko Schlittermann via Exim-users
}{}{<…>}} At "<…>" you need to insert the original received header text, which you might retrieve via exim -C /dev/null -bP received_header_text Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -

Re: [exim] Don't add received header for scanned mails

2020-10-20 Thread Heiko Schlittermann via Exim-users
o_add option. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --

Re: [exim] Remove

2020-10-03 Thread Heiko Schlittermann via Exim-users
works-for-me script, not intended as a reference for anything (scripting, Perl, Exim, style, security). But is still activly used and maintained by me. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet &

Re: [exim] SMTP timeout after pipelined end of data (5334 bytes written), hang at DAT 7247 LAST. Local_scan vs chunking issue?

2020-10-01 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (Fr 11 Sep 2020 18:15:28 CEST): > >> Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51 > >> CEST): > >>> Howdy, > >>> I have Exim version 4.92 #3 built 07-May-2019 17:44:23 > > Note that Buster, at least, is showing 4.92-8+deb10u4 My git repo on exim.org:

Re: [exim] TLS connection with Microsoft server stalls

2020-09-26 Thread Heiko Schlittermann via Exim-users
Heiko Schlittermann via Exim-users (Sa 26 Sep 2020 14:44:56 CEST): > Jeremy Harris via Exim-users (Sa 26 Sep 2020 14:17:45 > CEST): > I'm Working on a backport right now. Please check https://git.exim.org/users/heiko/exim.git I pushed my backport to the branch "hs12

Re: [exim] TLS connection with Microsoft server stalls

2020-09-26 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (Sa 26 Sep 2020 14:17:45 CEST): > > 8f9adfd36222d4e9e730734e00dffe874073e5b4 ? > > Certainly the latter, probably both would be good to grab. > Unfortunately they do not directly apply; a backport effort > would be required. > > The regression testcase for it in

Re: [exim] TLS connection with Microsoft server stalls

2020-09-25 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (Fr 25 Sep 2020 14:12:31 CEST): > Debian Sid has a 4.94-related looking package version for Exim; > I don't know if the 4.92-based one in Buster picks up this > sort of change from the project. I believe we offered support for backporting the Cork patch, but I

Re: [exim] TLS connection with Microsoft server stalls

2020-09-25 Thread Heiko Schlittermann via Exim-users
Christian Eyrich via Exim-users (Fr 25 Sep 2020 11:26:09 CEST): > Hi there, > > sadly I didn’t make progress with my GMX problem. But during my tests I came > across another problem. > I’ve sent mails from @outlook.de to my server but the TLS encrypted > communication just stops at one point

Re: [exim] Absent username and "Failed to get user name for uid"

2020-09-18 Thread Heiko Schlittermann via Exim-users
Henry Pootel via Exim-users (Fr 18 Sep 2020 10:13:08 CEST): > > I would like to deprecate find usernames for special uids and take default > username(s) (if it necessary for exim). Is it possible? No, Exim needs to "track" the origin of the local sender. And this is done by a "reverse lookup"

Re: [exim] Absent username and "Failed to get user name for uid"

2020-09-18 Thread Heiko Schlittermann via Exim-users
Henry Pootel via Exim-users (Di 15 Sep 2020 11:27:48 CEST): > I've some php scripts which start by uid without username and send > mails. (It's not a spam.) > > exim panic and say "Failed to get user name for uid 2045 ..." > Yes, the uid has not a user name in /etc/passwd. As far as I

Re: [exim] SMTP timeout after pipelined end of data (5334 bytes written), hang at DAT 7247 LAST. Local_scan vs chunking issue?

2020-09-11 Thread Heiko Schlittermann via Exim-users
Heiko Schlittermann via Exim-users (Fr 11 Sep 2020 08:56:37 CEST): > Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51 > CEST): > > Howdy, > > I have Exim version 4.92 #3 built 07-May-2019 17:44:23 > > on both the backup MX and the main MX (both running debian) >

Re: [exim] SMTP timeout after pipelined end of data (5334 bytes written), hang at DAT 7247 LAST. Local_scan vs chunking issue?

2020-09-11 Thread Heiko Schlittermann via Exim-users
Marc MERLIN via Exim-users (Do 10 Sep 2020 21:24:51 CEST): > Howdy, > I have Exim version 4.92 #3 built 07-May-2019 17:44:23 > on both the backup MX and the main MX (both running debian) … > MX sends to the main MX, and the mail gets delivered to my mailbox, but > the transaction isn't finished

Re: [exim] Help with Mailman3

2020-08-25 Thread Heiko Schlittermann via Exim-users
Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- ke

Re: [exim] using environment ${env {}} for helo_data

2020-07-30 Thread Heiko Schlittermann via Exim-users
t regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key

Re: [exim] using environment ${env {}} for helo_data

2020-07-30 Thread Heiko Schlittermann via Exim-users
d there is no list of items to be expanded or not expanded. But… I might be wrong. Can you post the smallest working config that you use to reproduce the behaviour? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de

Re: [exim] using environment ${env {}} for helo_data

2020-07-29 Thread Heiko Schlittermann via Exim-users
Frank Heydlauf via Exim-users (Mi 29 Jul 2020 11:48:55 CEST): > My exim4.config sample: > ``` > ... > keep_environment = EH : EXIM_HOSTNAME : EXIM_HELONAME > smtp_active_hostname = ${env{EXIM_HOSTNAME}{$value}{hostname-undefined}} > > ... > begin transports > ... > remote_smtp: >

Re: [exim] Disable deduplication

2020-07-16 Thread Heiko Schlittermann via Exim-users
Evgeniy Berdnikov via Exim-users (Do 16 Jul 2020 18:14:21 CEST): > Unique mails MUST have unique Message-Id's. Some mail storage systems > (Cyrus, for example) remove duplicates by message-id automatically. And I'm looking for the cyrus option, that would disable exactly this. Often I get

Re: [exim] Scope of $recipients variable

2020-07-01 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (Mi 01 Jul 2020 17:55:47 CEST): > > 1) in a system filter file > > 2) in ACL associated with the DATA command … > >- acl_smtp_predata > >- acl_smtp_data > >- acl_smtp_mime > >- acl_not_smtp_start > >

[exim] Scope of $recipients variable

2020-07-01 Thread Heiko Schlittermann via Exim-users
rk arounds, but anyway… there may be other use cases. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - g

Re: [exim] av_scanner and Sophos 9

2020-07-01 Thread Heiko Schlittermann via Exim-users
Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome -

Re: [exim] av_scanner and Sophos 9

2020-07-01 Thread Heiko Schlittermann via Exim-users
you mind me taking the keypoints of these notes to the Exim specification? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +4

[exim] av_scanner and Sophos 9

2020-06-26 Thread Heiko Schlittermann via Exim-users
Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signa

Re: [exim] 4.94 - De-tainting without lookup?

2020-06-26 Thread Heiko Schlittermann via Exim-users
" and enjoy more control using regular expressions. Please do not tell anybody if this works, as it invalidates the taint checks completly and puts you back at the risk of getting a "pathname attack" with an invalid domain name, or local part. You should make sure to test all th

Re: [exim] De-tainting

2020-06-19 Thread Heiko Schlittermann via Exim-users
Ken, I already started to prepare a section about the motivation of tainting and about how to de-taint. Maybe I can share it before we include it into the official docs. (As it keeps biting me too ;) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann

Re: [exim] Exim 4.94 - daemon_notifier_socket bind: Address already in use

2020-06-03 Thread Heiko Schlittermann via Exim-users
Mikhail Golub via Exim-users (Mi 03 Jun 2020 10:42:35 CEST): > Hi. > > FreeBSD, Exim from ports. > Exim version 4.94 #0 (FreeBSD 12.1) built 02-Jun-2020 17:33:19 > > exim -d -q5m > > 42885 creating notifier socket > 42885 /var/spool/exim/exim_daemon_notify > 42885 LOG: MAIN PANIC > 42885

Re: [exim] What process are changing the rights of all files to Debian-exim?

2020-05-20 Thread Heiko Schlittermann via Exim-users
Sebastian Nielsen via Exim-users (Mi 20 Mai 2020 10:15:43 CEST): > I have got a little problem with my exim installation in debian. > > I have compiled exim from source and installed. However, since I don't want > to compile all libraries aswell, I have chosen to install the corresponding >

Re: [exim] Replace From with To for forwarded mails and also encapsulate email.

2020-04-21 Thread Heiko Schlittermann via Exim-users
ding from accounts that have aligment set to strict. Because you changed the "origin" of the message, didn't you? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko

Re: [exim] socket bind() to port 25 for address (any IPv4) failed (#76)

2020-04-05 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (So 05 Apr 2020 14:05:01 CEST): > On 05/04/2020 12:49, Heiko Schlittermann via Exim-users wrote: > > Maybe we're talking about the same, bot I didn't get your point. > > That's what I think: > > > > systemd Type=forking &

Re: [exim] socket bind() to port 25 for address (any IPv4) failed (#76)

2020-04-05 Thread Heiko Schlittermann via Exim-users
Jeremy Harris via Exim-users (So 05 Apr 2020 12:33:58 CEST): > On 05/04/2020 11:13, Heiko Schlittermann via Exim-users wrote: > > > > And in forking mode? I *think*, as soon as the forking process returns, > > systemd assumes the service is available, doesn't it? Thus, th

Re: [exim] socket bind() to port 25 for address (any IPv4) failed (#76)

2020-04-05 Thread Heiko Schlittermann via Exim-users
> > > > True, you do not have to have the service running in foreground mode. > > But it would make systemd happier. > > Is there any specific advantage? For what I understood - the main advantage is, that systemd doesn't have to guess the PID if the main process. And can do a better job in

Re: [exim] socket bind() to port 25 for address (any IPv4) failed (#76)

2020-04-04 Thread Heiko Schlittermann via Exim-users
adWriteDirectories=/var/log/exim4 [Install] WantedBy=multi-user.target Alias=exim4.service Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlitterm

Re: [exim] [Exim/exim] socket bind() to port 25 for address (any IPv4) failed (#76)

2020-04-03 Thread Heiko Schlittermann via Exim-users
ace to ask for help in situations like yours. I'll remove this pull request later and we can continue this conversation on the exim-users@exim.org mailing list. What to do now? Simply kill all the processes that block your port. fuser -kv 25/tcp might help. Or use any other tool suitable

Re: [exim] Dovecot style Authentication Policy Server for Exim?

2020-03-17 Thread Heiko Schlittermann via Exim-users
ure if we're flexible enough with the ACL begin acl acl_auth: require = require = require = accept begin authenticators PLAIN: driver = plaintext server_condition = acl_auth Best regards from Dresden/Germany Viele Grüße aus

Re: [exim] Configure SRS for mail fowarding issues with SPF

2020-03-03 Thread Heiko Schlittermann via Exim-users
ig-using-Perl-Mail::SRS How did you test your setup. Please, if possible, do not obfuscate the used domains. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlitt

Re: [exim] selective relaying

2020-02-28 Thread Heiko Schlittermann via Exim-users
arrior) system. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are wel

Re: [exim] Problem with iPhone and Exim

2020-02-25 Thread Heiko Schlittermann via Exim-users
ne banner. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome -

Re: [exim] Problem with iPhone and Exim

2020-02-25 Thread Heiko Schlittermann via Exim-users
tanding and handling this well. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages

Re: [exim] exim & mysql-connector-c

2020-02-17 Thread Heiko Schlittermann via Exim-users
Mark Elkins via Exim-users (So 16 Feb 2020 16:44:49 CET): > Hi, > > I run a few machines with exim - for both Submission (SMTP relay) and for > receiving emails for quite a few email addresses in numerous domains. > My users are stored in a database for ease of configuration. > I run Gentoo and

Re: [Exim-users-de] Lösung: exim.crt und key

2020-02-16 Thread Heiko Schlittermann via Exim-users-de
Martin Reising via Exim-users-de (So 16 Feb 2020 17:00:12 CET): > In meinem /usr/local/sbin/dehydrated-renew benutze ich nur -enddate > ># get cert enddate Not After >endzert=$(openssl x509 -enddate -noout -in ${zert}/cert.pem | cut -d"=" > -f2) ># convert to epoch -15 days >

Re: [Exim-users-de] Lösung: exim.crt und key

2020-02-16 Thread Heiko Schlittermann via Exim-users-de
die Files lesen können. -rw-r- root Debian-exim ssl.pem wäre das, was ich hier empfehle. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann

Re: [exim] Systemd sandboxing, syscalls etc.

2020-02-13 Thread Heiko Schlittermann via Exim-users
Kai Bojens via Exim-users (Do 13 Feb 2020 13:03:22 CET): > I was reading this article[1] which was featured on LWN[2] some days > ago. The blog post is about the systemd sandboxing and a possible way to > prevent remote code execution as recently with the OpenSMTPD bug. In > order to secure a

Re: [Exim-users-de] Crosspostings an bestimmte adressen verhindern

2020-02-11 Thread Heiko Schlittermann via Exim-users-de
Jutta Wrage via Exim-users-de (Di 11 Feb 2020 22:48:12 CET): > Hallo! > > Am 11.02.2020 um 11:15 schrieb Heiko Schlittermann via Exim-users-de: > > > condition = ${if gt{$acl_m_list_seen}{1}} > > Ich habe noch mal nachgedacht. Es gibt doch Variablen, die währen

Re: [Exim-users-de] Crosspostings an bestimmte adressen verhindern

2020-02-11 Thread Heiko Schlittermann via Exim-users-de
Jutta Wrage via Exim-users-de (Di 11 Feb 2020 22:47:48 CET): > Hallo Heiko, > > Am 11.02.2020 um 11:15 schrieb Heiko Schlittermann via Exim-users-de: > > > deny message= no crossposting for $local_part@$domain > > recipients = lsearch;$config_di

Re: [Exim-users-de] Crosspostings an bestimmte adressen verhindern

2020-02-11 Thread Heiko Schlittermann via Exim-users-de
= ${eval:$acl_m_list_seen + 1} condition = ${if gt{$acl_m_list_seen}{1}} Vielleicht geht es auch einfacher. Aber die Richtung etwa wäre das Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de

[exim] antispamcloud anybody | DMARC failure

2020-02-04 Thread Heiko Schlittermann via Exim-users
Hello, we're asked to analyze a DMARC failure from Feb 3rd, please contact me privately. It seems you're using Exim on your MXs. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix sup

Re: [Exim-users-de] Deny, wenn bestimmter Empfänger und Sender keine Relay-domain

2020-02-03 Thread Heiko Schlittermann via Exim-users-de
l | `-> acl_check_rcpt: accept hosts = : … Das spec enthält auch Beispiele bzw. des gibt eine kommentierte Example Konfiguration. /usr/share/doc/exim4-base/.. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de --

Re: [Exim-users-de] Deny, wenn bestimmter Empfänger und Sender keine Relay-domain

2020-02-02 Thread Heiko Schlittermann via Exim-users-de
nger bereits zugestimmt. Also ein Flag setzen, wenn der Böse sichtbar wird, und dann in der DATA ACL ablehnen. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlitt

Re: [exim] Avoid blank lines of the spamassassin spam report

2020-01-28 Thread Heiko Schlittermann via Exim-users
ort Exim allows you to manipulate the report … = X-Spam-Report: ${sg{$spam_report}{\N^\s*$\N}{}} ** untested, but that's the way I'd take. See the spec.txt for the "sg" operator. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLIT

Re: [Exim-users-de] SLS/SSL

2020-01-26 Thread Heiko Schlittermann via Exim-users-de
gards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID

Re: [Exim-users-de] SLS/SSL, war: TLS in gesplitteter Debian-Config

2020-01-26 Thread Heiko Schlittermann via Exim-users-de
Jutta Wrage via Exim-users-de (So 26 Jan 2020 16:09:48 CET): > > ... verwalten muß. Aber hoffentlich nicht allein. > > Ich denke, ich brauche mehr Informationen zu TLS/SSL auf einem Server. > Da das wohl auch andere interessiert frage ich hier: > > Gib es etwas neueres als das O'Reilly-Buch von

Re: [Exim-users-de] TLS in gesplitteter Debian-Config

2020-01-24 Thread Heiko Schlittermann via Exim-users-de
> verloren. Dann musst Du diese Quellen noch mal lesen. Beides ist sehr vernünftig geschrieben und müsste so ziemlich alle Information enthalten, die Du benötigst. Plus etwas Fachwissen, das aber mit Exim nichts zu tun hat. Best regards from Dresden/Germany Viele Grüße aus Dresden

<    1   2   3   4   5   6   7   8   9   10   >