On Mon, Nov 27, 2017 at 03:44:08PM +0000, Mike Brudenell via Exim-users wrote: > "The Doctor", > > Pulling together bits and pieces, and trying to add something of my own; > see if this makes sense??? > > The log entry for Exim message id 1eIGVs-000Ntb-OB shows the incoming > message has an RC5321.MailFrom address of <[email protected]>, > but either the "for" recipient list has been edited out of the log entry or > the logging level isn't high enough to show it. However these can be > inferred from the log lines that follow. > > The SMTP rejection error issued by impactofficeservices.ca > [173.254.28.40] clearly says that it's the RFC5321.MailFrom address that it > is unhappy with, which it is seeing as being the unqualified address > <root>. It is stating that it wants a fully qualified email address. > > This implies that something within the Exim configuration is altering the > RC5321.MailFrom address from the original <[email protected]> to > <root>. > > This is unlikely to be the aliases file as that is generally applied to > *recipient* addresses within your own domain: not applied to *sender* > addresses. (Although you can configure and set up pretty much anything!) >
All right given what was posted from the /etc/aliases from the system here, I fully concur. > So it could be something in Exim's rewrite section, or there might be some > other magic going on. For example I learned recently that some systems have > a /etc/email-addresses file set up to modify the sender address. We're > looking at using this to locally rewrite local accounts on end-nodes into > centrally recognisable email addresses, However this is *not* something > built into the standard Exim setup; it's either something you configure in > yourself, or might possibly be present in some Linux distros' > configurations, in which case it's really a question to ask that distro's > community. This is a FREEBSD box and there are no rewrite rules. > > The key thing is to be methodical and get more information. This doesn't > mean just copying and pasting chucks of logfiles, but to make sure that the > logging level is set to get relevant information ??? see log_selector. > > I useful technique I use on my test server is to stop the running Exim > daemon and instead invoke it manually with > > exim -v -d+all -bd > > > This starts Exim in daemon mode with verbose logging at all levels coming > out on my terminal. I then send a test message through it ??? either crafted > manually or by using the swaks utility ??? from another window, then read > through the very verbose logging. This lets you see exactly what's > happening, being rewritten, ACLs and routers that are firing, and so on. It > should help you locate what is changing the sender address between the > message arriving and it going out again. > All right, how do I redirect so that the log files can capture this information? > An alternative approach is to use Exim's "-bhc" command line to fake up a > message complete with setting the IP address of the sending host: useful if > your configuration file's logic does different things based on the source > IP address. > > Basically you need a good knowledge of your Exim configuration file in > order to work out what might be happening, and the above detailed logging > will help you work through it and confirm it's as you intend. We here in > the community can't do much to help without that intimate knowledge of your > configuration: both file and support files. I'd suggest rolling up your > metaphorical sleeves and use the debugging options and log levels. > > Mike B. > Will get back to you all soon. > On 24 November 2017 at 17:35, The Doctor <[email protected]> wrote: > > > On Fri, Nov 24, 2017 at 07:03:03AM -0700, The Doctor wrote: > > > On Fri, Nov 24, 2017 at 10:18:29AM +0000, Jeremy Harris wrote: > > > > On 24/11/17 03:30, The Doctor wrote: > > > > > 2017-11-23 13:00:00 1eHxbt-0008Sf-2W ** {legit e-mail address} > > R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1] > > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote > > mail server after pipelined MAIL FROM:<root> SIZE=13880523: 501 <root>: > > sender address must contain a domain > > > > > > > > > > What is happening? > > > > > > > > A remote system that you are trying to send a mail to, is rejecting > > that > > > > message. The tail end of that log line, starting "501", is what they > > > > said. > > > > > > > > My interpretation of what they said is that they don't like one of > > > > - the envelope from > > > > - the header From: (or possibly Sender:) > > > > but you'd need to verify their policies by asking them. > > > > -- > > > > Jeremy > > > > > > > > > > > > > Al right subsequent discoveries of followups of the symptoms were > > ignored. > > > > > > Let me describe step by step what is happening. > > > > > > 1) In order to bypass the annoying on behalf of header placed by > > > exim > > > > > > no_local_from_check > > > untrusted_set_sender = * > > > > > > 2) > > > > > > REmote non-LAN users can use either PLAIN or LOGIN without on the behalf > > of > > > and send through and is logged accordingly > > > > > > UNLESS > > > > > > 3) > > > > > > you show up as [email protected] then instead of [email protected] > > > something in exim says you are "root" without any domain and > > > > > > the info account trying to pass an e-mail gets > > > > > > This message was created automatically by mail delivery software. > > > > > > A message that you sent could not be delivered to one or more of its > > > recipients. This is a permanent error. The following address(es) failed: > > > > > > i) > > > intended recipient @ whereever > > > host doctor.nl2k.ab.ca [204.209.81.1] > > > SMTP error from remote mail server after pipelined MAIL FROM:<root> > > SIZE=26833: > > > 501 <root>: sender address must contain a domain > > > > > > ii) > > > > > > > > > [email protected] > > > host ma1-aaemail-dr-lapp03.apple.com [17.171.2.72] > > > SMTP error from remote mail server after pipelined MAIL FROM:<root>: > > > 553 5.1.7 <root>... Domain name required for sender address root > > > > > > iii) > > > > > > > > > [email protected] > > > host doctor.nl2k.ab.ca [204.209.81.1] > > > SMTP error from remote mail server after pipelined MAIL FROM:<root> > > SIZE=2890232: > > > 501 <root>: sender address must contain a domain > > > > > > and the case of iii) was a cc to self. > > > > > > > > > ARe you now getting this picture of a showstopper in virtual e-mail of > > thsoe > > > using [email protected] ? > > > > > > > <Snip> > > > > Some more relevant stuff from our logs > > > > 2017-11-24 09:07:36 1eIGVs-000Ntb-OB <= [email protected] > > H=d142-59-12 > > 3-92.abhsia.telus.net (ImpactLaptop) [142.59.123.92] P=esmtpsa > > X=TLSv1.2:ECDHE-R > > SA-AES256-GCM-SHA384:256 CV=no A=LOGIN:smosinfo S=149486 > > id=004201d3653e$5829d2b > > [email protected] > > 2017-11-24 09:07:43 Start queue run: pid=91860 > > 2017-11-24 09:07:46 1eIGVs-000Ntb-OB [23.103.157.10] SSL verify error: > > depth=1 e > > rror=unable to get local issuer certificate cert=/C=US/ST=Washington/L=Red > > mond/O > > =Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 > > 2017-11-24 09:07:46 1eIGVs-000Ntb-OB Received TLS cert status response, > > itself u > > nverifiable > > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error: > > depth=2 e > > rror=unable to get local issuer certificate cert=/C=GB/ST=Greater > > Manchester/L=S > > alford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority > > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error: > > certificate name mismatch: DN="/OU=Domain Control Validated/OU=Hosted by > > Just Host/OU=PositiveSSL Wildcard/CN=*.justhost.com" H=" > > impactofficeservices.ca" > > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB ** [email protected] > > <[email protected]> R=dnslookup T=remote_smtp H= > > impactofficeservices.ca [173.254.28.40] > > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > > CV=no: SMTP error from remote mail server after pipelined MAIL FROM:<root> > > SIZE=152662: 501 <root>: sender address must contain a domain > > 2017-11-24 09:07:56 1eIGVs-000Ntb-OB ** [email protected] > > R=dnslookup T=remote_smtp H=solutionsbi-ca.mail.protection.outlook.com > > [23.103.157.10] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no: SMTP error > > from remote mail server after pipelined sending data block: 501 5.1.7 > > Invalid address [QB1CAN01FT010.eop-CAN01.prod.protection.outlook.com] > > 2017-11-24 09:07:56 1eIGWC-000Nth-8I <= <> R=1eIGVs-000Ntb-OB U=exim > > P=local S=3083 > > 2017-11-24 09:07:56 1eIGVs-000Ntb-OB Completed > > > > Note the sender was an info@ ... > > > > > > 2017-11-24 08:21:06 1eIFms-000NV7-4e <= [email protected] H= > > s0106c82a14027763.ed.shawcable.net ([192.168.1.122]) [70.74.151.156] > > P=esmtpsa X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no A=PLAIN:integration > > S=3447 [email protected] > > 2017-11-24 08:21:40 Start queue run: pid=90342 > > 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error: > > depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The > > Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority > > 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error: > > certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca" > > H="doctor.nl2k.ab.ca" > > 2017-11-24 08:21:42 1eIFmU-000NV3-7g => [email protected] R=dnslookup > > T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1] > > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK > > id=1eIFnR-000ANH-66" > > 2017-11-24 08:21:42 1eIFmU-000NV3-7g Completed > > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Spool file is locked (another process > > is handling this message) > > 2017-11-24 08:21:42 1eIFms-000NV7-4e H=gmail-smtp-in.l.google.com > > [2607:f8b0:400e:c04::1a] No route to host > > 2017-11-24 08:21:42 1eIFms-000NV7-4e [74.125.28.26] SSL verify error: > > depth=2 error=unable to get local issuer certificate cert=/C=US/O=GeoTrust > > Inc./CN=GeoTrust Global CA > > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h == [email protected] R=dnslookup > > T=remote_smtp defer (-46) H=doctor.nl2k.ab.ca [204.209.81.1]: SMTP error > > from remote mail server after end of data: 451 Temporary local problem - > > please try later > > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h ** [email protected]: retry timeout exceeded > > 2017-11-24 08:21:42 1eIFnS-000NVF-Vw <= <> R=1eIB4O-000BMZ-6h U=exim > > P=local S=1927 > > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Completed > > 2017-11-24 08:21:43 1eIFms-000NV7-4e Spool file is locked (another process > > is handling this message) > > 2017-11-24 08:21:43 End queue run: pid=90305 > > 2017-11-24 08:21:43 1eIFms-000NV7-4e ** [email protected] > > R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.28.26] > > X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no: SMTP error from remote > > mail server after pipelined end of data: 553 5.1.2 The sender address > > <root> is not a valid RFC-5321 address. p17si18545031pgq.130 - gsmtp > > 2017-11-24 08:21:43 1eIFnT-000NVI-1i <= <> R=1eIFms-000NV7-4e U=exim > > P=local S=5022 > > 2017-11-24 08:21:43 1eIFms-000NV7-4e Completed > > 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error: > > depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The > > Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority > > 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error: > > certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca" > > H="doctor.nl2k.ab.ca" > > 2017-11-24 08:21:55 1eIFnT-000NVI-1i => [email protected] > > R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1] > > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK > > id=1eIFnT-000ANW-Aj" > > 2017-11-24 08:21:55 1eIFnT-000NVI-1i Completed > > 2017-11-24 08:21:55 End queue run: pid=90342 > > > > > > This is backed up by http://ns2.nk.ca/eximstats.html > > > > Solution needed as of 2 days ago. > > > > -- > > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@ > > nl2k.ab.ca > > Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist > > rising! > > https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on > > Atheism > > Happy Christmas 2017 and Merry New Year 2018 > > > > -- > > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > > ## Exim details at http://www.exim.org/ > > ## Please use the Wiki with this list - http://wiki.exim.org/ > > > > > > -- > Systems Administrator & Change Manager > IT Services, University of York, Heslington, York YO10 5DD, UK > Tel: +44-(0)1904-323811 <01904%20323811> > > Web: www.york.ac.uk/it-services > Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Happy Christmas 2017 and Merry New Year 2018 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
