suggestions (untested):
Maybe use log_message or logwrite instead?
You may also want to look towards the end of section 40.17
in spec.txt.
On Mon, 7 Nov 2011, Chris Knipe wrote:
Date: Mon, 7 Nov 2011 08:19:53
From: Chris Knipe <[email protected]>
To: [email protected]
Subject: Re: [exim] What the...
Hmm,
Of course, I should have thought about that after being an exim user
for 15 odd years :)
Attempting full verification using callout
callout cache: found domain record
callout cache: domain rejects random addresses
callout cache: found address record
callout cache: address record is negative
----------- end verify ------------
require: condition test failed
LOG: H=ext-smtp11.eu.battle.net [80.239.186.47] sender verify fail for
<[email protected]>
Yet - that is not the message I get in the logs. Also from my configuration:
require verify = sender/callout=2m,defer_ok,random
hosts = !80.239.186.0/24:!41.183.0.19
message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"\n\nThe return address you are using for
this email message <$sender_address> does not seem to be a working
account.
Should 80.239.186.47 not be excepted from the callout check,
considering the hosts statement in the ACL?
[root@netsonic /var/log/exim]# exim_dumpdb /var/spool/exim callout |grep battle
07-Nov-2011 07:43:58 [email protected] callout=accept
07-Nov-2011 07:43:58 battle.net callout=accept postmaster=unknown
random=reject (07-Nov-2011 07:43:57)
Surely the above indicates that the callout was successfull? I'm
still baffled here as to why it is failing, and even more so why it is
not logging the error correctly.
[root@netsonic /var/log/exim]# exim -bV
Exim version 4.76 #1 built 07-Oct-2011 08:57:48
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() use_setclassresources OpenSSL
Content_Scanning DKIM Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm
dbmnz dnsdb mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/exim.conf
--
Chris.
On Mon, Nov 7, 2011 at 2:57 PM, Dave Lugo <[email protected]> wrote:
While I don't know why it's not working, this will
help you get more debug data:
exim -bhc 80.239.186.47
... and simulate the connection. Use the HELO (H=)
shown in the log snippet, and the same from/to that
are there.
The debug output produced should provide some clues.
On Mon, 7 Nov 2011, Chris Knipe wrote:
Date: Mon, 7 Nov 2011 07:45:50
From: Chris Knipe <[email protected]>
To: [email protected]
Subject: [exim] What the...
Hi,
I'm a bit in the dark here... For the love of me, I cannot determine
why this (and only this specific email from battle.net) are being
rejected by exim. All emails from this specific host seems to be
rejected for some reason, but I cannot determine why? :( All my
rejects in my ACLs have a message specified, but according to the log
the email is rejected without an message...
I have log_selector = +all -pid in my config, and the only entries in
the log is below (together with my acls)...
main.log:
2011-11-07 07:37:45 SMTP connection from [80.239.186.47]:36044
I=[64.16.211.38]:25 (TCP/IP connection count = 1)
2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
I=[64.16.211.38]:25 F=<[email protected]> rejected RCPT
<[email protected]>
2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
I=[64.16.211.38]:25 incomplete transaction (RSET) from
<[email protected]>
2011-11-07 07:37:48 SMTP connection from ext-smtp11.eu.battle.net
[80.239.186.47]:36044 I=[64.16.211.38]:25 closed by QUIT
reject.log:
2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
I=[64.16.211.38]:25 F=<[email protected]> rejected RCPT
<[email protected]>
ACLs:
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_data:
deny message = Hiding of file extensions is not allowed!
regex =
^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
deny message = Message SHOULD have Message-ID: but does not
condition = ${if !def:h_Message-ID: {1}}
hosts = !+relay_from_hosts
deny message = Message SHOULD have Date: but does not
condition = ${if !def:h_Date: {1}}
hosts = !+relay_from_hosts
deny message = This message contains a virus or other
harmful content ($malware_name)
malware = *
accept condition = ${if >={$message_size}{256k}{yes}{no}}
warn message = X-SA-Score: $spam_score
hosts = !+relay_from_hosts
spam = spamd
add_header = X-Spam_score: $spam_score\n\
X-Spam_bar: $spam_bar
warn message = X-SA-Report: $spam_report
hosts = !+relay_from_hosts
spam = spamd
condition = ${if >{$spam_score_int}{0}{true}{false}}
add_header = X-Spam_score: $spam_score\n\
X-Spam_bar: $spam_bar
warn message = X-SA-Status: Yes
hosts = !+relay_from_hosts
spam = spamd
condition = ${if >{$spam_score_int}{10}{true}{false}}
add_header = X-Spam_score: $spam_score\n\
X-Spam_bar: $spam_bar
hosts = !+relay_from_hosts
deny message = Message not accepted, scored $spam_score spam
points.
hosts = !+relay_from_hosts
spam = spamd
condition = ${if >{$spam_score_int}{70}{true}{false}}
accept
acl_check_helo:
deny message = Im afraid I need your name before I can let you
in.
hosts = !+relay_from_hosts
condition = ${if match {$sender_helo_name}{none} {yes}{no}}
deny message = Invalid HELO/EHLO. You are either spam/a
virus, or your system administrator has incorrectly configured your
network.
condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
hosts = !+relay_from_hosts
deny message = HELO/EHLO with my hostname. You are not me.
hosts = !+relay_from_hosts
condition = ${if or { \
{eq {${lc:$sender_helo_name}}{127.0.0.1}}
\
{eq {${lc:$sender_helo_name}}{localhost}}
\
{eq
{${lc:$sender_helo_name}}{64.16.211.38}} \
{eq
{${lc:$sender_helo_name}}{netsonic.savage.za.org}} \
} {true}{false} }
deny message = Your message was rejected because
$sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
for an explanation
hosts = !+relay_from_hosts
dnslists =
bl.spamcop.net:sbl.spamhaus.org:xbl.spamhaus.org:zombie.dnsbl.sorbs.net:blackholes.mail-abuse.org:\
smtp.dnsbl.sorbs.net:web.dnsbl.sorbs.net:nomail.rhsbl.sorbs.net:badconf.rhsbl.sorbs.net:http.dnsbl.sorbs.net:\
socks.dnsbl.sorbs.net:misc.dnsbl.sorbs.net
accept
acl_check_rcpt:
accept hosts = :
deny message = Suspected Faked Yahoo Account, E-mail Rejected.
log_message = Fake Yahoo
senders = *@yahoo.com
condition = ${if
match{$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
deny message = Suspected Faked Hotmail Account, E-mail Rejected.
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match
{$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
deny message = Suspected Faked MSN Account, E-mail Rejected.
log_message = Fake MSN
senders = *@msn.com
condition = ${if match
{$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
deny message = Suspected Faked AOL Account, E-mail Rejected.
log_message = Fake AOL
senders = *@aol.com
condition = ${if match
{$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
accept hosts = +relay_from_hosts
require verify = sender/callout=2m,defer_ok,random
hosts = !80.239.186.0/24:!41.183.0.19
message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"\n\nThe return address you are using for
this email message <$sender_address> does not seem to be a working
account.
deny message = REJECTED - Recipient Verify Failed - User Not
Found
domains = +local_domains
!verify = recipient/callout=2m,defer_ok,use_sender
accept authenticated = *
control = submission
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
--
--------------------------------------------------------
Dave Lugo [email protected] No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
--------------------------------------------------------
Dave Lugo [email protected] No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
