I'm lost.
Please start again. State your problems clearly, and don't include your
config file - describe what you think it does in English. Where are you
spam messages going? Tell us what you think is causing the problem.
It's hard to find your text amongst all that quoted stuff. We can refer
back to the config file if neccessary.
Oh, and regarding the slow deliveries. WHERE is that problem occurring?
Inbound transport?
--On 21 March 2011 10:10:45 -0600 The Doctor <[email protected]>
wrote:
On Mon, Mar 21, 2011 at 09:23:49AM +0000, Ian Eiloart wrote:
--On 16 March 2011 22:00:47 -0600 The Doctor <[email protected]>
wrote:
Right number of issues.
You've got the correct number of issues? Or "Right, I've got a number of
issues?"
Would you care to tell us what the issues are?
Correct a number of issues.
Way down below this config file, you say inbound messages sometimes take
a while to arrive. Have you checked "Received" headers to determine
which step is taking the time? have you checked your log files to see
whether you are temporarily rejecting messages, or whether connections
are timing out (being dropped)?
Apparently when a huge number of spam, say N, hits the server,
it might take m hours for a message that is non-spam to be delivered.
N messages are frozen rather crippling exim in doing a proper job.
Now going below:
----------------------- ns2 config file -----------------
primary_hostname = ns2
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
0.0.0.0.587 domainlist local_domains = @
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 204.209.81.0/24 : 192.168.0.0/16
: 208.118.93.0/24: 208.118.94.0/24 acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:127.0.0.1 3310
spamd_address = 127.0.0.1 783
tls_advertise_hosts = *
tls_certificate = /usr/exim/ca.crt
tls_privatekey = /usr/exim/ca.key
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
auto_thaw = 1m
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do
# this
by # testing for an empty sending host field.
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
#
deny message = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
dnslists = sbl-xbl.spamhaus.org : \
dnsbl.njabl.org : \
combined.njabl.org : \
dev.null.dk : \
relays.visi.com : \
bl.spamcop.net : \
hostkarma.junkemailfilter.com=127.0.0.2
#
warn dnslists = sbl-xbl.spamhaus.org: \
dnsbl.njabl.org : \
combined.njabl.org : \
dev.null.dk : \
relays.visi.com : \
bl.spamcop.net : \
hostkarma.junkemailfilter.com=127.0.0.2
add_header = X-Warning: $sender_host_address is in a black
list at $dnslist_domain log_message = found in
$dnslist_domain
accept
acl_check_data:
accept authenticated = *
deny malware = *
message = This message contains a virus ($malware_name).
#
warn spam = nobody
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
# Accept the message.
accept
begin routers
check_dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
verify_only
pass_router = amavis
no_more
check_system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
pass_router = amavis
check_localuser:
driver = accept
check_local_user
verify_only
pass_router = amavis
failed_address_router:
driver = accept
verify_only
fail_verify
amavis:
driver = manualroute
# Do NOT run if received via 10025/tcp or if already spam-scanned
# or if bounce message ($sender_address="")
condition = "${if or {{eq {$interface_port}{10025}} \
{eq {$received_protocol}{spam-scanned}} \
{eq {$sender_address}{}} \
}{0}{1}}"
transport = amavis
route_list = "* localhost byname"
self = send
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
# Do NOT run if received via 10025/tcp or if already spam-scanned
# or if bounce message ($sender_address="")
begin transports
remote_smtp:
driver = smtp
hosts_avoid_tls=*
amavis:
driver = smtp
port = 10024
allow_localhost
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0600
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
PLAIN:
driver = plaintext
public_name = PLAIN
server_set_id = $auth2
server_prompts = :
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
public_name = LOGIN
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
---- end of conf file ----------------------------
I wish to add that if an e-mail is done via port 465 then do not subject
it to anti-viral tests.
Again, the above is working nicely wqith the exception of an e-mail
getting identified as a potentinal virus.
How do I tell exim anything ***authenticated*** on 465/587
should not be subjugated to anti-viral / anti-spam tests?
-------------- ns1 configuration -----------------------
primary_hostname = ns1
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
0.0.0.0.587 domainlist local_domains =
@:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca
:d octor.nl2k.ab.ca:lsearch;/usr/exim/vdom3 domainlist
relay_to_domains = hostlist relay_from_hosts = 204.209.81.0/24 :
127.0.0.1 :
208.118.93.0/24: 208.118.94.0/24 trusted_users = exim : majordomo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:127.0.0.1 3310
spamd_address = 127.0.0.1 783
tls_advertise_hosts = *
tls_certificate = /usr/exim/ca.crt
tls_privatekey = /usr/exim/ca.key
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2h
timeout_frozen_after = 6h
auto_thaw = 1m
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do
# this
by # testing for an empty sending host field.
accept hosts = :
control = dkim_enable_verify
#
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
#
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains:lsearch;/usr/exim/vdom3
# Deny unless the sender address can be verified.
## require verify = sender
accept domains = +local_domains:lsearch;/usr/exim/vdom3
endpass
/*
The above is commented out as virtual e-mail addresses are not
being recognised properly. I am using a dbm file.
How Do I get exim to realises that we have local and virtual that needs
supporting ?
*/
I doubt C comments exists in exim for its configure file.
Again here is what the above is saying:
The above is commented out as virtual e-mail addresses are not
being recognised properly. I am using a dbm file.
How Do I get exim to realise that we have local and virtual that needs
supporting ?
## Sender Verify on 'Recipient'
drop message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"\n\n\ The return address you are using for
this email message <$sender_address>\ does not seem to be a working
account. log_message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\" !hosts = +no_verify
!verify = sender/callout=2m,defer_ok
condition = ${if eq{recipient}{$sender_verify_failure}}
deny message = REJECTED - Recipient Verify Failed - User Not Found
domains = +all_mail_handled_locally
!verify = recipient/callout=2m,defer_ok,use_sender
warn domains = +local_domains:lsearch;/usr/exim/vdom3
!verify = recipient
set acl_c0 = ${eval: $acl_c0+1}
delay = ${eval: ($acl_c0 - 1) * 60}s
#
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
#
accept authenticated = *
control = submission
control = dkim_disable_verify
#
require message = relay not permitted
domains = +local_domains : +relay_to_domains
#
require verify = recipient
#
deny message = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
dnslists = sbl-xbl.spamhaus.org : \
dnsbl.njabl.org : \
combined.njabl.org : \
dev.null.dk : \
relays.visi.com : \
bl.spamcop.net : \
hostkarma.junkemailfilter.com=127.0.0.2
#
warn dnslists = sbl-xbl.spamhaus.org: \
dnsbl.njabl.org : \
combined.njabl.org : \
dev.null.dk : \
relays.visi.com : \
bl.spamcop.net : \
hostkarma.junkemailfilter.com=127.0.0.2
add_header = X-Warning: $sender_host_address is in a black
list at $dnslist_domain log_message = found in
$dnslist_domain
accept
acl_check_data:
#
deny malware = *
message = This message contains a virus ($malware_name).
#
warn spam = nobody
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
# Accept the message.
accept
begin routers
check_dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
verify_only
pass_router = amavis
no_more
check_system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
pass_router = amavis
check_localuser:
driver = accept
check_local_user
verify_only
pass_router = amavis
failed_address_router:
driver = accept
verify_only
fail_verify
domains_virtual:
domains = +local_domains
driver = redirect
data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}
domains_virtual_others:
domains = +local_domains
driver = redirect
data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
amavis:
driver = manualroute
# Do NOT run if received via 10025/tcp or if already spam-scanned
# or if bounce message ($sender_address="")
condition = "${if or {{eq {$interface_port}{10025}} \
{eq {$received_protocol}{spam-scanned}} \
{eq {$sender_address}{}} \
}{0}{1}}"
transport = amavis
route_list = "* localhost byname"
self = send
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
procmail:
driver = accept
check_local_user
require_files = $home/.procmailrc
transport = procmail_pipe
# Do NOT run if received via 10025/tcp or if already spam-scanned
# or if bounce message ($sender_address="")
lists:
driver = redirect
file = /usr/home/majordomo/lists/$local_part
forbid_pipe
forbid_file
errors_to = [email protected]
user = majordomo
no_more
begin transports
remote_smtp:
driver = smtp
procmail_pipe:
driver = pipe
command = /usr/bin/procmail -d $local_part
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
umask = 077
user = $local_part
group = mail
amavis:
driver = smtp
port = 10024
allow_localhost
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0600
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,1h,15m; G,10h,1h,1.5; F,1d,1h
begin rewrite
begin authenticators
PLAIN:
driver = plaintext
public_name = PLAIN
server_set_id = $auth2
server_prompts = :
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
public_name = LOGIN
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
-------------------------- end of ns1 ---------------
Also noticed mail taking about 1 minute to about several hours of days
to come in. How do I rectify this?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
If the ns1 questions can also be answered, then we should be a go.
Once established, what is the best CA authority reasonably priced
for EXIM SSL certificates?
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
