Wow Andreas Swaks is great. Running the following swaks --to [email protected] --from [email protected] -pipe "exim -bh 64.142.111.80" was very revealing and adds to my understanding.
Looking through the 150+ lines of output I see the many checks like "host_reject_connection?" and ""helo_verify_hosts?" and "acl_check_rcpt" etc. BUT I do not see anything that I interpret as a local_host_blacklist check. I do see the zen.spamhous.org check and spamcop.net check. Is there suppose to be a "local_host_blacklist" check in the output? I'm thinking that some config file is missing something. On Fri, Feb 12, 2016 at 5:38 AM, Andreas Metzler <[email protected]> wrote: > [redirecting with full-quote to ML - please do not take discussions > off-list without good reason] > > On 2016-02-11 Amanda Giarla <[email protected]> wrote: > > Sorry for the lack of clarity. > > > I'm working on a training server with the general goal of managing email. > > The specific task at this moment is understanding email blacklisting. > > The server is set up withUbuntu, VestaCP, exim4, dovecot, clamAV, > > spamassassin etc. > > The exim4 log file is located at* /var/log/exim4/mainlog* > > I can > > > *tail -f /var/log/exim4/mainlog* > > > and watch exim make log entries on inbound emails > > For example the following test message was sent from my iphone via > sonic.net > > and the following appeared in the log file > > > 2016-02-10 18:56:51 1aTect-0003kd-Gx <= [email protected] H=c.mail.sonic.net > > [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781 > id= > > [email protected] > > 2016-02-10 18:56:51 1aTect-0003kd-Gx => jane <[email protected]> > > R=localuser T=local_delivery > > 2016-02-10 18:56:51 1aTect-0003kd-Gx Completed > > > Notice that the log entry of the email includes the *From: IP Address of > > [64.142.111.80]* > > > So I created the following file > > > */etc/exim4/local_host_blacklist* > > > and placed the the IP address 64.142.111.80 in the file. > > Note: That IP address is the only thing in the file. > > > did a > > > *service exim4 restart* > > > Resent a message from my iPhone and the following was logged in* > > /var/log/exim4/mainlog* > > Nothing was entered in* /var/log/exim4/rejectlog* > > > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM <= [email protected] H=c.mail.sonic.net > > [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781 > id= > > [email protected] > > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM => jane <[email protected]> > > R=localuser T=local_delivery > > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM Completed > > > If the black list mechanism is working then I expected to see a > difference > > in log entries. > > But I did not. > > So clearly EITHER the exim4 blacklist mechanism is broken* (not likely)* > OR > > I have miss interpreted the documentation and messed something up (Which > of > > course is the most likely thing that has happened). > [...] > > This should work and you should be able to find the cause with > swaks --to [email protected] --from [email protected] -pipe "exim -bh > 64.142.111.80" > > cu Andreas > -- > `What a good friend you are to him, Dr. Maturin. His other friends are > so grateful to you.' > `I sew his ears on from time to time, sure' > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
