Re: [exim] Upgrade blues...

[Marc Haber]

On Thu, 29 Sep 2005 18:10:29 +0800, Niclas Hedhman
<[EMAIL PROTECTED]> wrote:
>Well, that depends on which combo of encryption and authentication that is 
>tried from the client. Minimum expected was SSL + PLAIN which gives the 
>following...
>
>2005-09-29 09:43:06 no host name found for IP address 219.94.56.25
>2005-09-29 09:43:06 SMTP protocol violation: synchronization error (input sent 
>without waiting for greeting): rejected connection from H=[219.94.56.25] 
>input="\200g\001\003"

That looks, as it has already been said, that your client is directly
starting the SSL negotiation, which is inappropriate for connections
to the server's port 25/TCP.

>If I set No Encryption + PLAIN I get;
>2005-09-29 09:44:44 no host name found for IP address 219.94.56.25
>and the client says the server doesn't support PLAIN authentication 
>(expected).

Debian's exim doesn't advertise SMTP AUTH over unencrypted
connections. And since your serverf doesn't advertise STARTTLS, it
looks like you didn't enable TLS, probably by not having read the
chapter "Using TLS" in README.Debian.gz.

>see below. That is the 'compiled output' from the "update-exim4.conf" tool, 
>which I don't know whether it is Exim or Debian related.

Not knowing this is probably a sure sign of not having read the
copious amount of Debian specific documentation.

>support_broken_outlook_express_4_server:
>   driver = plaintext
>   public_name = "\r\n250-AUTH=PLAIN LOGIN"
>   server_prompts = User Name : Password
>   server_condition = no
>
>which I enabled (didn't make any difference for the KMail case).

If it would help for Kmail, that would have been documented. Actually,
Kmail is pretty good in protocol compliance and doesn't need any hand
holding to work.

Please note that this hack is only needed for Outlook _Express_ _4_,
and not for any later version of Outlook Express, nor for any version
of Outlook (without Express) that I am aware of.

>Well, I thought I can't have been the only one who use 'stock Debian' 
>configurations, which stopped working after an upgrade. I expected a "Oh, 
>that is because we have introduce XYZ, and you will need to enable/disable 
>the parameter ABC" or something like that.

If you used any Debian exim4 package before, then the failure is a
surprise to me. If you used exim 3 before, then please note that you
didn't do an upgrade, but you installed an entirely different package.
There is a chapter "Updating from exim 3" in README.Debian.gz, and the
very first sentence in that README file says that exim4 is an entirely
different package which does not offer a smooth upgrade path from exim
3.

>No, but I don't expect to be a programmer and a 6 RFCs expert to set up the 
>most basic outgoing mailserver either. Perhaps too much to ask for.

People running a mail server are widely expected to know their
protocols and basic debugging techniques.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Marc Haber]

On Thu, 29 Sep 2005 02:15:09 +0800, Niclas Hedhman
<[EMAIL PROTECTED]> wrote:
>I recently did the mistake of upgrading both my KMail client (to v1.7) and 
>Exim4 (whatever version is in Debian testing)...

From which exim version did you update? Did SMTP AUTH work before?

Did you read the docs, especially README.Debian.gz and
README.SMTP-AUTH, both in /usr/share/doc/exim4-base?

>Now, authenticated SMTP no longer works, no matter what I try. In KMail's 
>"Check what the server supports" also yields different results in KMail 1.7 
>and KMail 1.8, so I am utterly confused.

Did you try with other software, such as telnet, gnutls-cli and/or
swaks?

>On the server, I do an extraction of mail-users from /etc/shadow and creates a 
>new /etc/exim4/passwd for authentication.

If you insist on using system passwords for authentication (which
might be a bad idea because e-mail passwords are usually stored in the
client software and notoriously bad protected), there are methods to
have exim authenticate directly against the system passwords. These
methods are also mentioned in the docs.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] when are exim vars first available? and ...

[OpenMacNews]

hi all,

i'm migrating from a global DNSBL check to a per-user-specified list capability.

in summary, i've 3 questions

  (1) when in the mail transaction is each Exim variable FIRST 
available/defined?

  (2) what is the order of execution of acls?
  (3) how can do BOTH and acl_connect default/global DNSBL check, and a later 
acl_rcpt per-user spec?


the rather lengthy details/context leading up to these questions follows below 
...  perhaps they'll help another, as well =)


if you've got a few minutes, shared wisdom is, as always, is appreciated!

thx!

richard






1st, defining my DNSBL check in an aux acl:

 aux_check_dnsbl:
   deny set acl_m9  = REJECTED[dnsbl] - \
  BLACKLISTED:[$sender_host_address] \
  @ $dnslist_domain ${if def:dnslist_text 
{(\n$dnslist_text)}}

message = $acl_m9
log_message = LOG_HDR: $acl_m9
dnslists= MY_RBLS
   accept

i started with:

(1) a global list of RBLs,

 MY_RBLS = sbl-xbl.spamhaus.org : relays.ordb.org : relays.mail-abuse.org : 
list.dsbl.org

 ...
 acl_smtp_connect:
   require  acl = aux_check_dnsbl

works great.


(2) then adding an external per-user list of RBLs, with a fixed recipient

% cat LISTS/domains.dnsbls

   [EMAIL PROTECTED] list.dsbl.org
   [EMAIL PROTECTED]   relays.ordb.org
   *sbl-xbl.spamhaus.org : relays.ordb.org : 
relays.mail-abuse.org : list.dsbl.org


testing a lookup with:

   % exim -be '${lookup\
 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 {LISTS/domains.dnsbls}\
 }'

returns, as expected:

   relays.ordb.org

and, then,

 MY_RBLS = ${lookup\
   [EMAIL PROTECTED]
 [EMAIL PROTECTED]
   {LISTS/domains.dnsbls}\
 }
 ...
 acl_smtp_connect:
   require  acl = aux_check_dnsbl

ALSO works as expected ...

(3) finally, moving to a looked-up recipient

 MY_RBLS = ${lookup\
   {${lc:[EMAIL PROTECTED]
 [EMAIL PROTECTED]
   {LISTS/domains.dnsbls}\
}
 ...
 acl_smtp_connect:
   require  acl = aux_check_dnsbl


unfortunately, kept checking against the lsearch fallthrough key="*", resulting 
in the assigned RBL list of:


   sbl-xbl.spamhaus.org : relays.ordb.org : relays.mail-abuse.org : 
list.dsbl.org



it, unfortunately, took awhile for it to dawn on me that:

   $local_part
   $domain

are not yet available in the "connect" acl ... and that I have to move to a 
later ACL.



since i've defined/use policy of:

acl_smtp_connect = acl_check_connect
acl_smtp_helo= acl_check_helo
acl_smtp_mail= acl_check_mail_from
acl_smtp_mime= acl_check_mime
acl_smtp_rcpt= acl_check_rcpt
acl_smtp_data= acl_check_data

acls, i'm fairly certain that including & after acl_smtp_rcpt i'm ok  ...


so, yup. a huge waste of time.  i probably shoulda known better.  ESPECIALLY 
for something like user identity.  ANYWAY, i learned some lessons i won't 
forget.


that said, i've a couple of questions:

(1) does a good reference table exists somewhere amidst all these mountains of 
documentation that defines WHEN in the transaction each Exim variable is FIRST 
available/defined


(2) is there a statement/definition of the order of execution of acls?  i've 
found a number of messages that admit "it's sometimes hard to 
understand/remember", but haven;t (yet) found something definitive ...


(3) the obve example started with a global DNSBL check early, in _connect ACL, 
presuming that its a high-value check that trades exim condition/filter cycles 
for offloaded DNSBL checks ...


i'd STILL like to have the default behavior of my server be run the check early 
in connect UNLESS i've a user-defined exception list.  problem is, that the 
moment i add the per-user specs, i HAVE to wait for the ID of the user ... 
i.e., 'til the rcpt acl.


is there another approach that might give me BOTH the early default check, AND 
the later per-user checks?


cheers!

richard

pgpIgbcy1hI5H.pgp
Description: PGP signature
-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] Spammers and delays?

[Wakko Warner]

I've been toying with the idea of slowing down spammers.  I tried this in my
exim.conf:
DELAY1=60s
DELAYCONN=10s
acl_smtp_auth = accept delay=DELAY1
acl_smtp_connect = accept delay=DELAYCONN
acl_smtp_data = accept delay=DELAY1
acl_smtp_helo = accept delay=DELAY1
acl_smtp_mail = accept delay=DELAY1
acl_smtp_mailauth = accept delay=DELAY1
acl_smtp_predata = accept delay=DELAY1
acl_smtp_quit = accept delay=DELAY1
acl_smtp_starttls = accept delay=DELAY1
acl_smtp_rcpt = accept delay=DELAY1
acl_smtp_etrn = accept delay=DELAY1
acl_smtp_expn = accept delay=DELAY1
acl_smtp_vrfy = accept delay=DELAY1

Before someone screems "OPEN RELAY" it's not.  There's only 1 router and the
transport for that delivers to a file, it does not have the ability to send
email via the network in any form.

I've noticed that they don't seem to want to try to send mail through it.
A few entries in my log:
2005-09-29 20:56:23 SMTP connection from [141.156.179.19]:1332
I=[]:25 (TCP/IP connection count = 1)
2005-09-29 20:57:37 SMTP connection from
pool-141-156-179-19.esr.east.verizon.net [141.156.179.19]:1332
I=[]:25 lost
2005-09-29 21:32:48 SMTP connection from [219.133.174.149]:4686
I=[]:25 (TCP/IP connection count = 1)
2005-09-29 21:32:49 no host name found for IP address 219.133.174.149
2005-09-29 21:34:01 SMTP connection from (216.98.75.12)
[219.133.174.149]:4686 I=[]:25 lost

I have plenty others in the log (hundreds actually).  The IP of the server
was removed to not expose the system.  It has many IPs assigned to it and
none of them are the server I'm using for this message nor my backup server. 
I didn't want the IPs listed as they would be searchable by goodle and other
engines and it could be ignored by the abusers (it's a honey pot actually)

Ok, with that out of the way, I had DELAY1 set to 49s and noticed that the
spammers would complete the message (Seems they are doing relay tests,
subject line is always BC_aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the local
IP)

What's the thoughts about doing this on a production system:
(Of course this will break call outs, can be adjusted to handle that
specifically)
On connect: delay 5-10 sec (not if you expect call outs)
HELO: delay 30 sec (same)
MAIL: delay 60 sec if the envelope sender is not NULL
RCPT: delay 60 sec if sender not NULL
DATA: delay 60 sec (pre and post) and if the sender IP has not hung up at
this point and did completely send the message, log the IP somewhere and
never delay this IP again (since it's now known to handle delays)

Just by looking at the logs on the abused machine, this seems like it would
work well.  On the other hand, I had AOL blocked due to issues with my rDNS
(I know, but if I can't report abuse, I don't accept any form of connections
from the other end) and had I think 90s or higher delays and they would
continue to hammer the server until blocked at the IP level.  I'd like to
know what the thoughts of others are on this.  I'm only concerned about
MTA(or random spammer)->MTA transactions not MUA->MTA transactions.

If anyone would like to verify this machine is not an open relay, you may
contact me off list and I'll give you the IPs of the system.  It's there to
take abuse but not to relay abuse.

-- 
 Lab tests show that use of micro$oft causes cancer in lab animals
 Got Gas???

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Steve Lamb]

Adam Funk wrote:
> Sooner or later, stuff needs to get out of that queue.  That's where MTA 
> functionality comes in.

Forwarding to a smarthost is not MTA functionality.  That's called a
client contacting the server.

-- 
 Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
   PGP Key: 8B6E99C5   | main connection to the switchboard of souls.
---+-


signature.asc
Description: OpenPGP digital signature
-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[Fred Viles]

On 29 Sep 2005 at 22:59, rich lott wrote about
"Re: [exim] long delays sending (not":

| On Thursday 29 September 2005 19:10, Fred Viles wrote:
|On 29 Sep 2005 at 18:46, rich lott wrote about
| 
|"Re: [exim] long delays sending (not":
||...
|| Thanks, I set primary_hostname directly and it seems to work!
| 
|You mean it fixed the delays sending to shinyblue.net as well?  Then
|they were probably doing an intentional delay due to the unresolvable
|HELO name you were giving them.
| 
| Aaargh! Now I can't send mail to shinyblue.net because it says 
| unroutable address, presumably because it thinks it owns shinyblue.net

Doesn't it?  Maybe you need to be more specific about what the 
definition of "it" is.

| and so 
| looks for a local user called xx for  [EMAIL PROTECTED] and fails.

That makes no sense.  You had no problem (other than the delay) using 
@shinyblue.net sender and recipient addresses before, right?  
Changing primary_hostname shouldn't affect that.

What did you set primary_hostname to?  If you set it to 
shinyblue.net, re-read my earlier post.

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[rich lott]

On Thursday 29 September 2005 19:10, Fred Viles wrote:
   On 29 Sep 2005 at 18:46, rich lott wrote about

   "Re: [exim] long delays sending (not":
   |...
   | Thanks, I set primary_hostname directly and it seems to work!

   You mean it fixed the delays sending to shinyblue.net as well?  Then
   they were probably doing an intentional delay due to the unresolvable
   HELO name you were giving them.

Aaargh! Now I can't send mail to shinyblue.net because it says 
unroutable address, presumably because it thinks it owns shinyblue.net and so 
looks for a local user called xx for  [EMAIL PROTECTED] and fails.

(close to giving up and going back to postfix...!)

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Alun]

Chris Edwards <[EMAIL PROTECTED]> said, in message
[EMAIL PROTECTED]:
> 
> Of course, the other reason for rejecting at RCPT time is the sender
> and  recipient addresses are in the logs, which can make hunting down
> problems  a little easier.
> 
> That said, I don't recall a single instance of genuine mail impacted
> by  "our HELO" test.

Nor me. Our MX hosts are firewalled off from on-campus machines, so 
garbage offered by buggy on-site MUAs etc aren't an issue. If there's 
anything else legitimate, it's either a MUA delivering direct-to-MX, in
which case I hope it shows them the message we gave them, or a deeply 
buggy MTA at another site, in which case they should have logged it...

Cheers,
Alun.

-- 
Alun Jones   [EMAIL PROTECTED]
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[John W. Baxter]

On 9/29/05 1:35 PM, "Fred Viles" <[EMAIL PROTECTED]> wrote:

> On 29 Sep 2005 at 20:48, Chris Edwards wrote about
> "Re: [exim] Exim rejects: syntactica":
> 
> |...
> | Of course, the other reason for rejecting at RCPT time is the sender and
> | recipient addresses are in the logs, which can make hunting down problems
> | a little easier.
> | 
> | That said, I don't recall a single instance of genuine mail impacted by
> | "our HELO" test.
> 
> FWIW, I do spoofed HELO name rejections at RCPT time for yet another
> reason - to allow me to give a pass to authenticated connections.  It
> is not unexpected for road-warrior machines to give HELO names in our
> domain.

Yet another convenience in having submissions from clients pass through a
different Exim than do transfers from the world's MTAs is that while in our
situation the former usually have bogus HELO names (thanks, Microsoft), the
latter shouldn't be allowed to (although I suspect we're still stuck
allowing _ [thanks, US and Washington State governments]).

  --John



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Fred Viles]

On 29 Sep 2005 at 20:48, Chris Edwards wrote about
"Re: [exim] Exim rejects: syntactica":

|...
| Of course, the other reason for rejecting at RCPT time is the sender and 
| recipient addresses are in the logs, which can make hunting down problems 
| a little easier.
| 
| That said, I don't recall a single instance of genuine mail impacted by 
| "our HELO" test.

FWIW, I do spoofed HELO name rejections at RCPT time for yet another 
reason - to allow me to give a pass to authenticated connections.  It 
is not unexpected for road-warrior machines to give HELO names in our 
domain.

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Fred Viles]

On 29 Sep 2005 at 12:58, John W. Baxter wrote about
"Re: [exim] Upgrade blues...":

|...
| Your description says you have the modern way enabled in your Exim
| configuration, and the obsolete way selected in KMail.  Change KMail's
| setting.

Actually, he doesn't describe having STARTTLS enabled in exim but he 
does say he tried using it in KMail without success.

While his exim -bV output shows GnuTLS, it doesn't appear to be 
enabled in his configuration.  At least, when I connect to the server 
he mentioned in the OP from here, the EHLO response does not include 
STARTTLS.

If the OP is still reading, he should check his TLS options starting 
with tls_advertise_hosts.

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[John W. Baxter]

On 9/28/05 11:15 AM, "Niclas Hedhman" <[EMAIL PROTECTED]> wrote:

> 
> Hi,
> 
> I recently did the mistake of upgrading both my KMail client (to v1.7) and
> Exim4 (whatever version is in Debian testing)...
> 
> Now, authenticated SMTP no longer works, no matter what I try. In KMail's
> "Check what the server supports" also yields different results in KMail 1.7
> and KMail 1.8, so I am utterly confused.
> 
> On the server, I do an extraction of mail-users from /etc/shadow and creates a
> new /etc/exim4/passwd for authentication. I have also got the Outlook hack
> enabled, and Mailman mailing list in the mix, otherwise fairly stock config.
> www.hedhman.org on port 25 is where it is running.

For using SSL, KMail supports two options:

SSL is the old SSL upon connect (the client starts right off negotiating
SSL)

TLS is the modern form where the client sees STARTTLS in the capabilities
list that comes back after EHLO and starts the negotiation then.

Your description says you have the modern way enabled in your Exim
configuration, and the obsolete way selected in KMail.  Change KMail's
setting.

Right below those choices are the authentication method choices--you need to
select one your Exim configuration advertises to you (which I think I
remember from the discussion that you have.

Note:  I'm doing this from

as I don't have a modern-enough KMail to make such claims, and haven't used
it for a long time.  Page found by a Google search for
   kmail starttls
(along with several much less useful pages).

   --John



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Multiple Log Files - Feature Request

[Peter Bowyer]

On 29/09/05, Marc Perkel <[EMAIL PROTECTED]> wrote:
> >
> > Peter, I think you should look on the wiki to see how much work Marc
> > has done there - restructuring and posting tips that he got from this
> > list. Then you might feel less hostile toward him.
> >
> Thanks - there are too many people in this thist with an attitude.

Fair enough - I can take a wrist-slap. Apologies, Marc.

Peter

--
Peter Bowyer
Email: [EMAIL PROTECTED]
Tel: +44 1296 768003
VoIP: sip:[EMAIL PROTECTED]

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Chris Edwards]

On Thu, 29 Sep 2005, Alan J. Flavell wrote:

| For clarification please - is this at HELO time?  When we originally 
| set ours up (admittedly some years back now), we found that rejection 
| at HELO time would provoke some offering MTAs into repeated retries - 
| in some cases, very aggressively so. I suspect "drop" would be even 
| worse...?
| 
| So we deferred rejection until RCPT time, which seemed to be the most 
| effective way of getting them off our backs.

Of course, the other reason for rejecting at RCPT time is the sender and 
recipient addresses are in the logs, which can make hunting down problems 
a little easier.

That said, I don't recall a single instance of genuine mail impacted by 
"our HELO" test.



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Jakob Hirsch]

Niclas Hedhman wrote:

> www.hedhman.org on port 25 is where it is running.

It's likely to be a problem with your, no authenticators (besides the
fake auth) are announced:

250-AUTH
250-AUTH=PLAIN LOGIN

Seeing your other post, it seem that this

>  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>   .endif

is the problem, though CRAM-MD5 should be possible without TLS.
This looks like Debian-specific stuff, you'd better ask on Debian's exim
list.

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Multiple Log Files - Feature Request

[Marc Sherman]

Alun wrote:


I usually just jump into the Marc bashing, then back out of actually
sending a mail because I realise other people have already done it
:-)


Marc Haber and I haven't been agreeing on much these past couple weeks, 
but I think we can both agree that we'd appreciate you not jumping in to 
the Marc bashing. :)


- Marc

--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[Fred Viles]

On 29 Sep 2005 at 18:46, rich lott wrote about
"Re: [exim] long delays sending (not":

|...
| Thanks, I set primary_hostname directly and it seems to work!

You mean it fixed the delays sending to shinyblue.net as well?  Then 
they were probably doing an intentional delay due to the unresolvable 
HELO name you were giving them.

I do that here, delaying 40 seconds for unverifiable HELO names.  
It's an effective defence against some email worms (eg Bagle).

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[rich lott]

On Thursday 29 September 2005 17:08, Fred Viles wrote:
   | This causes rejection by some
   | servers, which may be part of the delay.

   AFAIK that can be the case only if the same message is being sent to
   both the slow and a failing recipient, and the rejecting server is
   intentionally delaying its rejection.

   | Why is my local hostname sent? Where
   | does exim get the value to send in HELOs? (see log snippet)

   RTFM primary_hostname and qualify_domain.  You need to set
   primary_hostname to a valid FQDN that, when its address is looked up
   in the DNS, will yield the public IP address connections from your
   server come from.  Since this name probably won't be the same as your
   email domain name, you'll probably also need to set qualify_domain.

Thanks, I set primary_hostname directly and it seems to work!

many thanks,
rich

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Multiple Log Files - Feature Request

[Alun]

Marc Perkel <[EMAIL PROTECTED]> said, in message
[EMAIL PROTECTED]:

> How would you do that with a separate program?
> 
> Basically I have different classes of customers and they use different
> 
> IP addresses in the same computer for my spam filtering service. So if
> I  could create separate log files I could monitor them with tail more
> easilly. It's so busy that the screen is a blur from scrolling so
> fast.  It's a convienence issue.

I usually just jump into the Marc bashing, then back out of actually sending 
a mail because I realise other people have already done it :-) 

But... quickly looking at the source code, I can't see why this isn't easily 
done. Admittedly I've not gone into it in detail, but couldn't the "open_log" 
function do the string expansions on log_file_path every time it's called and 
the "log_write" function always close the file afterwards if there's a dollar
sign in log_file_path? For most people, with log_file_path set to something not
needing expansion, there would be almost no overhead. For people with 
expansions,
there would be a whole pile of extra file open/close calls (and, Marc, I have 
worries about how much extra load this would cause on a busy system).

I suppose one gotcha would be if the expansion yielded different values at
different stages of processing a message. The log entry for the message 
would end up spread across multiple log files. But then, it would take a 
fairly stupid configuration to get this stupid effect!

Am I missing something, or is it just a matter of some fairly simple code 
changes? 

Cheers,
Alun.

-- 
Alun Jones   [EMAIL PROTECTED]
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] mysql list expansion and sending via isp smtp server

[Marc Sherman]

Bo Mellberg wrote:


lve_alla:
  driver = redirect
  domains = lundsvokalensemble.org
  condition = ${if eq{$local_part}{alla} {yes}{no}}
  data = ${lookup mysql{select emailaddress from lve.members where
members.active = 1}}


You could replace the condition with:
  local_parts = alle


lve_test:
  driver = manualroute
  domains = lundsvokalensemble.org
  condition = ${if eqi{$local_part}{test} {yes}{no}}
  data = ${lookup mysql{select emailaddress from lve.members where
members.first
name = 'bosse'}}
  transport = remote_smtp
  route_list = !+local_domains smtp.bredband.net

Exim wouldnt start, since "data" is not an option for this driver.


You're trying to do two unrelated things with one router.  Leave the 
lve_alla router unchanged, and instead modify your dnslookup router to 
use the manualroute to your smarthost.  That way all remote-bound 
messages, including but not limited to those redirected by the lve_alla 
router, will go out through the smarthost.


- Marc

--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] can "dnslists =" refer to an external list/lookup?

[OpenMacNews]

hi tony,


is it possible, though, to specify an external source, e.g. a named
list/lookup, for the LIST of dnslists?


It's expanded, so you can use ${lookup


argh. thinking abt it the wrong way again ... thx!

for those similarly interested, i did find this reference:

 1. RBL blacklists with opt-in/opt-out
 http://ws.edu.isoc.org/workshops/2005/pre-SANOG-VI/bc/mail/junkmail-conf.htm

cheers,

richard

pgpK8dyt5M0Q4.pgp
Description: PGP signature
-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Marc Sherman]

Oliver Kötter wrote:

2005-09-28 18:07:28 1EKeSt-0001ZE-Sw <= [EMAIL PROTECTED] 
H=dsl-084-060-040-005.arcor-ip.net
([192.168.1.75]) [84.60.40.5] P=esmtpa A=cram_md5_server:oliver S=609
[EMAIL PROTECTED]


[EMAIL PROTECTED]:~$ host mydomain.cc
;; Warning: ID mismatch: expected ID 35399, got 44095
;; Warning: ID mismatch: expected ID 35399, got 65267
;; connection timed out; no servers could be reached

There seems to be something wierd going on with your DNS, which could be 
the source of this problem.  Either that or you're obfuscating, in which 
case you should read:

http://www.exim.org/eximwiki/MailingListEtiquette#head-a6f7fb5ce8816568569a321f783315207ec38063


exiwhat | grep 1EKeSt-0001ZE-Sw showed this:

16805 running queue: waiting for 1EKeSt-0001ZE-Sw (16965)
16965 delivering 1EKeSt-0001ZE-Sw: waiting for a remote delivery subprocess to 
finish
17379 delivering 1EKeSt-0001ZE-Sw to domain.de [IP.Address.Anonymized.:-)] 
([EMAIL PROTECTED])


Here you're definitely obfuscating.

- Marc



--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Multiple Log Files - Feature Request

[Marc Perkel]

Ian Eiloart wrote:




--On 28 September 2005 16:54:45 +0100 Peter Bowyer 
<[EMAIL PROTECTED]> wrote:



On 28/09/05, Marc Perkel <[EMAIL PROTECTED]> wrote:


How would you do that with a separate program?



You were told this in the othe other thread you've got running on the
same subject.



That's just not true. He only has one thread running on this, though 
he did change the subject to make a feature request out of it.


He's had two helpful replies to his questions, but they came after 
your reply.


Peter, I think you should look on the wiki to see how much work Marc 
has done there - restructuring and posting tips that he got from this 
list. Then you might feel less hostile toward him.



Thanks - there are too many people in this thist with an attitude.

--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] can "dnslists =" refer to an external list/lookup?

[Tony Finch]

On Thu, 29 Sep 2005, OpenMacNews wrote:
>
> is it possible, though, to specify an external source, e.g. a named
> list/lookup, for the LIST of dnslists?

It's expanded, so you can use ${lookup

Tony.
-- 
<[EMAIL PROTECTED]>   <[EMAIL PROTECTED]>   http://dotat.at/   ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] can "dnslists =" refer to an external list/lookup?

[OpenMacNews]

hi all,

i use

  dnslists = f.q.d.n : a.b.c.d : ...

in my check of various RBLs.  no problem.

is it possible, though, to specify an external source, e.g. a named 
list/lookup, for the LIST of dnslists?


any variation i've tried, e.g.

  dnslists = +some_named_list

complains about 'unknown data' in dnslists ... :-/

the spec, and the google examples i've found, seem only to refer to literal 
domains/ip's.


my _goal_ is to be able to check DIFFERENT lists of RBLs for different domains, 
prefereably user -- or at least domain 'owner' -- specified.


thanks as always!

cheers,

richard

pgp7DL9WjjiqD.pgp
Description: PGP signature
-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] mysql list expansion and sending via isp smtp server

[Bo Mellberg]

Hi!

My ISP recently changed my connection to a dynamic ip one. As I host an
organizations web-page and mailing lists (www.lundsvokalensemble.org) I have
used exim for expanding mailing list messages using mysql like this:

(router)

lve_alla:
  driver = redirect
  domains = lundsvokalensemble.org
  condition = ${if eq{$local_part}{alla} {yes}{no}}
  data = ${lookup mysql{select emailaddress from lve.members where
members.active = 1}}

As you can see, mail sent to "[EMAIL PROTECTED]" is sent to all
active members in the "members" table.

This has worked nicely for about 4 years, but as I now have a dynamic ip
address, some email servers around the globe has now blacklisted the ip
addresses because of earlier usage for spamming. An example is here:
http://spamblock.outblaze.com/81.224.106.142

As the note on the previous link says, the only way to be sure of mail not
being rejected is to send it either from a static ip address (which is not
an option for me) OR using the ISP:s smtp server, in my case
"smtp.bredband.net"

When I tried this:

(router)

lve_test:
  driver = manualroute
  domains = lundsvokalensemble.org
  condition = ${if eqi{$local_part}{test} {yes}{no}}
  data = ${lookup mysql{select emailaddress from lve.members where
members.first
name = 'bosse'}}
  transport = remote_smtp
  route_list = !+local_domains smtp.bredband.net

Exim wouldnt start, since "data" is not an option for this driver.

Is there a way for me to be able to keep my mysql-lookups but send the
postings to the mailing list using smtp.bredband.net?

/Bo Mellberg


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Alun]

"Alan J. Flavell" <[EMAIL PROTECTED]> said, in message
[EMAIL PROTECTED]:

> On Thu, 29 Sep 2005, Alun wrote:
> 
> > My ACL says:
> 
> For clarification please - is this at HELO time?  

Yes.

I can't say I've noticed particularly aggressive retries, but 
then my numbers do seem to be rather higher than others have 
quoted. Hang on, I'll look through the logs...

OK... 10,628 unique IPs have been hit by the ACL this week. 

7383 tried once only.

9947 tried 4 or less times (we have 4 IPs involved in our MX record,
so I think that's a reasonable threshold for a hit and run spammer).

I don't know what would count as aggressive, but taking a threshold 
of 100 or more attempts this week gives us only 29 hosts, accounting 
for 7783 attempts. 

One host has tried 784 times this week, but that's been 
spread over the entire week. 

The most aggressive retries from a single host came at the rate of 23 per
minute, but only lasted for one minute, and I can live with that :-)

> I have to admit that we didn't review what would happen nowadays if we
> moved the rejection back to the earlier phase.  We just left it where 
> it was.

It looks to me like things have changed. On the figures above, I reckon
we're probably wasting less local resources dropping after HELO than we 
would rejecting after each RCPT.

Cheers,
Alun.

-- 
Alun Jones   [EMAIL PROTECTED]
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Oliver Kötter]

> exigrep 1EKeSt-0001ZE-Sw /var/log/exim4/mainlog*

ups, logs were mixed up in my previous mail, mainlog.1 was after mainlog, so 
please watch the time...

-- 
Oliver Kötter



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Oliver Kötter]

Marc Sherman schrieb:
>> The mainlog says: 2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is
>> locked (another process is handling this message)
>
> That's not all the mainlog says.  Use exigrep to find all the mainlog
> messages so we can see how the message got into this state in the first
> place:
>
> exigrep 1EKeSt-0001ZE-Sw /var/log/exim4/mainlog*

Here's the output:
+++ 1EKeSt-0001ZE-Sw not completed +++
2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 02:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 03:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 03:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 04:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 04:39:31 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 05:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 05:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 06:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 06:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 07:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 07:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 08:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 08:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 09:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 09:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 10:09:36 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 10:39:36 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 11:09:36 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 11:39:37 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 12:09:36 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 12:39:36 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 15:25:51 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 15:55:51 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 16:25:50 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 16:55:50 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 17:25:50 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 17:55:50 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 18:07:28 1EKeSt-0001ZE-Sw <= [EMAIL PROTECTED] 
H=dsl-084-060-040-005.arcor-ip.net
([192.168.1.75]) [84.60.40.5] P=esmtpa A=cram_md5_server:oliver S=609
[EMAIL PROTECTED]
2005-09-28 18:34:57 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 19:04:57 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 19:34:57 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 19:55:59 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 20:00:12 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 20:26:00 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 20:55:59 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 21:25:59 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 21:55:59 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 22:25:59 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 23:09:29 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-28 23:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 00:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 00:39:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 01:09:28 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)
2005-09-29 01:

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[Fred Viles]

On 29 Sep 2005 at 8:26, rich lott wrote about
"Re: [exim] long delays sending (not":

| Fred, very much appreciate your time, thanks.
| 
| On Wednesday 28 September 2005 20:43, Fred Viles wrote:
|...
|Are you seeing the same 30s delay with delivery to lots of different
|hosts, or just this one?
| 
| Ah, thnks. penny might be dropping. shinyblue.net is hosted elsewhere, and so 
| maybe because I've set my exim up to report it's from shinyblue.net,

But you haven't, according to what you show below.

| I think 
| the shinyblue.net server may be getting a time out because  it it trying  to 
| look up itself? Could that be it?

I wouldn't think so, why should it be slow to look up its own name?

| There's another strangeness too in that it seems to be sending my localhost 
| name as a fqd which it obviously isn't.

Ah, that should be fixed.

| This causes rejection by some 
| servers, which may be part of the delay.

AFAIK that can be the case only if the same message is being sent to 
both the slow and a failing recipient, and the rejecting server is 
intentionally delaying its rejection.

| Why is my local hostname sent? Where 
| does exim get the value to send in HELOs? (see log snippet)

RTFM primary_hostname and qualify_domain.  You need to set 
primary_hostname to a valid FQDN that, when its address is looked up 
in the DNS, will yield the public IP address connections from your 
server come from.  Since this name probably won't be the same as your 
email domain name, you'll probably also need to set qualify_domain.

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Fred Viles]

On 29 Sep 2005 at 18:10, Niclas Hedhman wrote about
"Re: [exim] Upgrade blues...":

| On Thursday 29 September 2005 16:45, Odhiambo G. Washington wrote:
|... 
| Arrogant sarcasm isn't appreciated, and if that is the general tone of this 
| community I won't stay long. That said...

We won't miss you, I think.  That said...

|...
| > > Now, authenticated SMTP no longer works, no matter what I try.
| >
| > What did you try? What do you see in mainlog related to the problem?
| 
| Well, that depends on which combo of encryption and authentication that is 
| tried from the client. Minimum expected was SSL + PLAIN which gives the 
| following...
| 
| 2005-09-29 09:43:06 no host name found for IP address 219.94.56.25

There is no "reverse DNS" set up for this address.  IOW, there is no 
PTR record named 25.56.94.219.in-addr.arpa.  Unless your config does 
something different in such cases (like introducing an intentional 
delay), this message is just informational and is not related to your 
problems. 

| 2005-09-29 09:43:06 SMTP protocol violation: synchronization error (input 
sent 
| without waiting for greeting): rejected connection from H=[219.94.56.25] 
| input="\200g\001\003"

As already pointed out, this looks like a client config issue.  The 
client appears to be trying SSL-on-connect to a port (25?) that you 
haven't configured that way.

| And client says the server closed the connection.
| 
| If I set No Encryption + PLAIN I get;
| 2005-09-29 09:44:44 no host name found for IP address 219.94.56.25
| and the client says the server doesn't support PLAIN authentication 
| (expected).
|
| For TLS+PLAIN I get the message from the client that TLS is not supported, 
and 
| the same "no host name found"

And nothing further?  The interesting log lines, if any, would follow 
that one.

Your -Bv output shows you have GNUtls support compiled in, so 
STARTTLS *should* be advertised.  If you telnet to your server and 
issue an EHLO, what do you get in response?  If STARTTLS is included, 
this seems like a client issue.

- Fred





-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] sendmail - exim

[Christian Schmidt]

Hello Talles,

Talles A. Mesquita, 29.09.2005 (d.m.y):

> Greetings list, can give some tip to me or know some tutorial one on
> migration of the sendmail for exim? Details as virtusertable, aliases...
> thanks,

I would recommend to read the exim docs, zhe comments in the standard
configuration file coming with the souce distribution, follow the
discussions here on the list and maybe buy the exim book.

And setup a machine to do some testing with (if possible).

Regards,
Christian Schmidt

-- 
Miteinander zu sprechen ist besser als gegeneinander zu schweigen.
-- Ignazio Silone

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] OK response without checking

[Matthew Byng-Maddick]

On Thu, Sep 29, 2005 at 04:10:25PM +0200, Israel Cardenas wrote:
[> I wrote:]
>> On Thu, Sep 29, 2005 at 12:35:58PM +0200, Israel Cardenas wrote:
>>> Can Exim return an OK response without verifying the receiver is correct?
>>> How can Exim do it?
>> Yes.
>> By the correct application of ACL rules.
>> I'm not going to comment on the wisdom of such a policy.
> I need this because I have an Exim server that send mails to another Exim
> server, and sometimes both Exim servers queue the same message. I want
> second Exim server always respond OK to first, so firsts Exim only queues a
> message when it fails...

If you read some of the archives, you'll see multiple discussions of why you
want to be able to 550 at RCPT/DATA time, rather than sending a bounce if you
can possibly avoid it. There is a reason for this.

> What ACL rules are needed?

That was your cue to read:
http://www.exim.org/exim-html-4.50/doc/html/spec_39.html

Cheers

MBM

-- 
Matthew Byng-Maddick  <[EMAIL PROTECTED]>   http://colondot.net/
  (Please use this address to reply)

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

RE: [exim] OK response without checking

[Israel Cardenas]

 
On Thu, Sep 29, 2005 at 12:35:58PM +0200, Israel Cardenas wrote:
>> Can Exim return an OK response without verifying the receiver is correct?
>> How can Exim do it?

>Yes.
>By the correct application of ACL rules.

>I'm not going to comment on the wisdom of such a policy.

I need this because I have an Exim server that send mails to another Exim
server, and sometimes both Exim servers queue the same message. I want
second Exim server always respond OK to first, so firsts Exim only queues a
message when it fails...

What ACL rules are needed?


>Cheers

>MBM

-- 
Matthew Byng-Maddick  <[EMAIL PROTECTED]>
http://colondot.net/
  (Please use this address to reply)



__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Niclas Hedhman]

On Thursday 29 September 2005 21:13, Marc Sherman wrote:

Thanks to you and everyone else pointing out that Debian mangle the Exim4 
"native" dist too much for everyone's liking...

> Please apologize to Wash 

For what?

> and send the appropriate log messages and 
> details of what's failing next time you ask for free support:
> http://exim.org/eximwiki/MailingListEtiquette#head-d6891f257f551d68b29d00e4
>ccdbb58c3fc501cf

FYI, I am not a noob user trying to steal my way through open/free software. 
Active in various Java projects at Apache Software Foundation 
([EMAIL PROTECTED]) and deal with user questions on a daily basis, and we 
don't shout RTFM, pissing over "ask smart questions" and bickering new users 
over "this is free support, so behave".

My gosh...

Good bye, this wasn't pleasant.

Niclas Hedhman.

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Steven Wayne]

On Thu, Sep 29, 2005 at 02:36:30PM +0100, Philip Hazel wrote:
 
> 
> > Well, I thought I can't have been the only one who use 'stock Debian' 
> > configurations, which stopped working after an upgrade. I expected a "Oh, 
> > that is because we have introduce XYZ, and you will need to enable/disable 
> > the parameter ABC" or something like that.
> 
> You'll need to consult Debian experts for that kind of comment. There is 
> a separate mailing list that was set up for Debian users[*], because the 
> 'stock Debian' configurations are so very different from what is 
> distributed with Exim. Non-Debian-ites don't feel they can help Debian 
> users.
> 
> [*] Sorry, I can't offhand remember the details, but no doubt somebody 
> will post them.
> 

Useful info can be found here: /usr/share/doc/exim4-base/README.Debian.gz

Mailing list is here: [EMAIL PROTECTED]

Steven.

-- 
Yesterday I was a dog.  Today I'm a dog.
Tomorrow I'll probably still be a dog.
Sigh!  There's so little hope for advancement.
-- Snoopy

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Philip Hazel]

On Thu, 29 Sep 2005, Niclas Hedhman wrote:

> Arrogant sarcasm isn't appreciated, and if that is the general tone of this 
> community I won't stay long. That said...

It isn't. However, the community (a) is a busy one and (b) contains 
plenty of people whose first language is not English. You may have seen 
sarcasm where it was not intended.

> > > I recently did the mistake of upgrading both my KMail client (to v1.7)
> > > and Exim4 (whatever version is in Debian testing)...
> >
> > Mistake?

I read that as shorthand for "Why do you say that was a mistake?".

> Well, I thought I can't have been the only one who use 'stock Debian' 
> configurations, which stopped working after an upgrade. I expected a "Oh, 
> that is because we have introduce XYZ, and you will need to enable/disable 
> the parameter ABC" or something like that.

You'll need to consult Debian experts for that kind of comment. There is 
a separate mailing list that was set up for Debian users[*], because the 
'stock Debian' configurations are so very different from what is 
distributed with Exim. Non-Debian-ites don't feel they can help Debian 
users.

[*] Sorry, I can't offhand remember the details, but no doubt somebody 
will post them.

-- 
Philip HazelUniversity of Cambridge Computing Service,
[EMAIL PROTECTED]  Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:http://www.uit.co.uk/exim-book

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] sendmail - exim

[Talles A. Mesquita]

Greetings list, can give some tip to me or know some tutorial one on
migration of the sendmail for exim? Details as virtusertable, aliases...
thanks,

---
Talles A. Mesquita
Serviço Social do Comércio
Gerência da Tecnologia da Informação
[EMAIL PROTECTED]
Fone: +55 (85) 3452-9022 

 

-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://linux.bitdefender.com/
-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Marc Sherman]

Niclas Hedhman wrote:


2005-09-29 09:43:06 no host name found for IP address 219.94.56.25 
2005-09-29 09:43:06 SMTP protocol violation: synchronization error

(input sent without waiting for greeting): rejected connection from
H=[219.94.56.25] input="\200g\001\003"


That looks like you're connecting with TLS-on-connect (ie: old style 
SSL) to an unencrypted port that expects STARTTLS to turn on encryption.


> For TLS+PLAIN I get the message from the client that TLS is not
> supported, and the same "no host name found"

The client is claiming it doesn't support TLS?  It looks like your 
upgrade to KMail broke the client, then.  Either install a working 
KMail, or configure your exim to run TLS-on-connect on port 465:


> daemon_smtp_ports = 25 : 465
> tls_on_connect_ports = 465

Please apologize to Wash and send the appropriate log messages and 
details of what's failing next time you ask for free support:


http://exim.org/eximwiki/MailingListEtiquette#head-d6891f257f551d68b29d00e4ccdbb58c3fc501cf

Also, from the looks of your config file, it's not a stock config at 
all, but rather a debian config.  If you have any questions about 
modifying that config file, they belong on the debian exim list.


- Marc



--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] rewrite "from" depending on "to" or recipient

[Tony Finch]

On Thu, 29 Sep 2005, Hardy wrote:
>
> i want to create a mini mail-list just by putting some (externe)
> addresses into aliases. on every post to "[EMAIL PROTECTED]" i want the
> sender to be rewritten to the same name "[EMAIL PROTECTED]" (not only
> reply-to). is this easy to be done in exim.conf? how?

Set errors_to on the list alias router.

Tony.
-- 
<[EMAIL PROTECTED]>   <[EMAIL PROTECTED]>   http://dotat.at/   ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Marc Sherman]

Oliver Kötter wrote:


Everything works fine for some months now, but since last week I am
unable to send mails to one specific guy. When I type "mailq" I see
these mails which do not get send. I am able to send mail to any
other address I have tested.

The mainlog says: 2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is
locked (another process is handling this message)


That's not all the mainlog says.  Use exigrep to find all the mainlog 
messages so we can see how the message got into this state in the first 
place:


exigrep 1EKeSt-0001ZE-Sw /var/log/exim4/mainlog*


Does anybody have any idea what this may be? I cannot think which
other process this could be. I use clamav and spamassassin which are
scanning incoming messages but these are outgoing messages and any
other receipient works.


If it's an exim queue runner process holding the lock, exiwhat will show 
it.  In that case, killing the process should release it, I think.


- Marc

--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] An interesting problem (apparent duplicate delivery)

[Ian FREISLICH]

> On Tue, 27 Sep 2005, Ian Freislich wrote:
> >
> > I've got an interesting problem where users are complaining that
> > mail sent to them is delivered twice into their mailbox.
> > I've seen message headers that users claim belong to at least 2
> > distinct messages that were downloaded, but I've not yet been able
> > to verify that the messages appeared twice in their mailbox because
> > they keep deleting the evidence.
> 
> IMAP? POP? Perhaps your message access server doesn't have a reliable
> seen-mesages database.

POP and IMAP, but in this case, it's POP.  The POP server is qmail-pop3d
(don't ask why).  It was never a problem in the past when the MTA
was qmail, but then maybe nobody noticed or everyone brushed off
the problem because if multiple recipients expand to the same mailbox
qmail delivers multiple messages.

Ian

--
Ian Freislich

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] An interesting problem (apparent duplicate delivery)

[Ian FREISLICH]

> Ian Freislich wrote:
> 
> > This phenomenon doesn't appear to be confined to one server or to
> > a particular user and it happens to random messages (or at least I
> > haven't found a pattern yet).
> 
> Do you use AV or spam scanning after DATA? If yes, the cause may be a 
> post-data timeout on the sending host. Exim may then send his 220 to a 
> dead channel and queue the message, while the sending host has timed out 
> the SMTP session and will retry sending the message later.
> 
> That would explain the randomness. It typically only happens when the 
> machine is well-loaded.

Spam scanning happens on a different cluster of servers.  AV happens
on the same server.  The spamassassin timeout (in Exim) is 2 minutes,
but I haven't paid much attention to the clamav connection.  I'll
add some debugging an see if that's taking too long.

Our spamd servers are pretty heavily loaded, but the interesting
thing is the the messages are _identicle_.  If the above scenario
was happening, I'd at least expect different Recieved: headers from
our server.

Ian

--
Ian Freislich

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Andreas Barth]

Hi,

* Adam Funk ([EMAIL PROTECTED]) [050928 16:29]:
> On Wednesday 28 September 2005 14:23, Steve Lamb wrote:
> > Why should I when the program has to handle failure anyway?  The
> > argument always seems to be "The MTA can handle failures."  OK, and
> > when the MTA fails what, the program sending mail is just supposed to
> > route it to /dev/null? Even mutt, the current MUA de jour of the
> > die-hard unixeistas has it's own primative queuing in place in case of
> > MTA failure.
> 
> Every MUA I've seen has an "outbox" where mail sits until it can be SMTP'd 
> away.  Is that what you mean by primitive queueing?

I can't remember that mutt has such an feature. Also programs like mail
usually don't have that, but just give back an error ...


Cheers,
Andi

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Oliver Kötter]

Oliver Kötter wrote:
> The mainlog says:
> 2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
> handling this
> message)
>
> which is of course repeated every 30 seconds.

Sorry, of course it is repeated every 30 _minutes_

Oliver


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Andreas Barth]

* Steve Lamb ([EMAIL PROTECTED]) [050928 23:51]:
> Call me crazy but I generally configure the programs so mail is
> deliverable to the proper person.  10 years, not one address rewrite.  Address
> rewriting isn't need to do that, it is only the most difficult and needless
> way to do it.

I guess you don't look exactly like the normal desktop user.


Cheers,
Andi

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

RE: [exim] OK response without checking

[jori.hamalainen]

> On Thu, Sep 29, 2005 at 12:35:58PM +0200, Israel Cardenas wrote:
> > Can Exim return an OK response without verifying the receiver is
> correct?
> > How can Exim do it?
> 
> Yes.
> By the correct application of ACL rules.

I guess that question can also be about removing "verify = recipient", it 
doesn't mean that other checks are not done.

> I'm not going to comment on the wisdom of such a policy.

You did :)

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Alan J. Flavell]

On Thu, 29 Sep 2005, Alun wrote:

> My ACL says:

For clarification please - is this at HELO time?  When we originally 
set ours up (admittedly some years back now), we found that rejection 
at HELO time would provoke some offering MTAs into repeated retries - 
in some cases, very aggressively so. I suspect "drop" would be even 
worse...?

So we deferred rejection until RCPT time, which seemed to be the most 
effective way of getting them off our backs.  OK, true, some peer 
MTA-like objects (a certain majority vendor comes to mind) then have a 
habit of hiding our actual error report, and lying to the would-be 
sender that the intended recipient does not exist - but that's not our 
responsibility...

I have to admit that we didn't review what would happen nowadays if we 
moved the rejection back to the earlier phase.  We just left it where 
it was.

>   drop condition = ${if or {\
> {eq {$sender_helo_name}{[$interface_address]}}\
> {eq {$sender_helo_name}{$interface_address}}\
> {eq {$sender_helo_name}{$primary_hostname}}\
> {eq {$sender_helo_name}{aber.ac.uk}}\
> {eq {$sender_helo_name}{mailserv.aber.ac.uk}}\
> {eq {$sender_helo_name}{mailserv2.aber.ac.uk}}\
> }{yes}{no}}
> 
> This happens before greylisting and has matched 28,565 attempts since 
> Sunday

Have you been looking-out specifically for retry patterns in response 
to that stanza, could you say, please?


By the way, if we're doing numbers, I should stress that the numbers 
which I mentioned, were basically for one department (even though I 
mentioned several domains within).

I could add that (rather obviously) the fakers who present a 
particular domain of ours in the HELO are also presenting a recipient 
address in that specific domain.  At least, that appears to be the 
regular pattern of their behaviour.  So I suppose the proportion of 
each domain that's presented in HELO ought to be measured against the 
number of attempts to spam addresses in that respective domain.

cheers

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] OK response without checking

[Matthew Byng-Maddick]

On Thu, Sep 29, 2005 at 12:35:58PM +0200, Israel Cardenas wrote:
> Can Exim return an OK response without verifying the receiver is correct?
> How can Exim do it?

Yes.
By the correct application of ACL rules.

I'm not going to comment on the wisdom of such a policy.

Cheers

MBM

-- 
Matthew Byng-Maddick  <[EMAIL PROTECTED]>   http://colondot.net/
  (Please use this address to reply)

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Adam Funk]

On Wednesday 28 September 2005 22:54, Steve Lamb wrote:
> Adam Funk wrote:
> > So you don't run logcheck and don't want output from cron or at jobs?
> >  I think that's unusual among Debian users.
>
> No logcheck and on a *desktop* machine know how much I use cron and
> at? Tha answer lies somewhere between -1 and 1 and has no decimal
> place.

Fair enough.  I use all three very regularly, and I doubt I'm the only 
one.

> > Good point, but that mail is still going to sit there *until* the MTA
> > starts working again.  I thought you were arguing against the
> > necessity of having one there at all?
>
> If you read carefully I constantly say "no matter what the
> interface used to connect to it."  That's the cluebat sized hint that
> SMTP is an interface which could fail.  If one handles failures for
> SMTP, as one must, then one could just as easily handle failures for a
> local MTA.
>
> A basic queue != "MTA functionality".  Sorry.

Sooner or later, stuff needs to get out of that queue.  That's where MTA 
functionality comes in.

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Adam Funk]

On Wednesday 28 September 2005 22:50, Steve Lamb wrote:
> Adam Funk wrote:
> > That tenet is respected in the Unix tradition by using distinct tools
> > that have well-defined, debuggable interfaces between them (e.g. SMTP
> > and sendmail's handling of stdin).
>
> Ah yes, SMTP.  And when that fails.  Like the network isn't
> connectable? Do we just throw the message away.  "Sorry, the remote
> queue isn't available, we'll just /dev/null it and have you guess at
> why your cron job didn't work. G'luck!"

No, we queue it locally in the MTA queue until we can shift it from there.

> > Without it, the batch job mail will be from and to
> > [EMAIL PROTECTED], which is probably not the
> > right address for receiving it or for replies and bounces.
>
> Call me crazy but I generally configure the programs so mail is
> deliverable to the proper person.  10 years, not one address rewrite. 
> Address rewriting isn't need to do that, it is only the most difficult
> and needless way to do it.

If you prefer to do it that way, it's a matter of personal taste, but I 
find that for cron and at, rewriting and using ~/.forward are the easiest 
way to generalize the mail handling -- rather than configuring it over 
again in each job.

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Adam Funk]

On Wednesday 28 September 2005 22:47, Steve Lamb wrote:
> Marc Haber wrote:
> > Only because it is a M_U_A which needs to have the Postpone function
> > anyway and knows how to handle local persistent mail stores as well.
> > cron, as a fairly small programm, shouldn't have to worry about its
> > mail output.
>
> Cron is one of the ones that should since when something screws up
> with cron people *NEED* to know what happened.  Failing to report a
> screw up is a pretty big problem IMHO.

Without an MTA, where will that failure report go?  A local logfile is the 
only other choice.

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Spool file is locked (another process is handling this message)

[Oliver Kötter]

Oliver Kötter wrote:
> The mainlog says:
> 2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
> handling this
message)
>
> which is of course repeated every 30 seconds.

Sorry, of course it is repeated every 30 _minutes_

Oliver



-- 
Oliver Kötter
[EMAIL PROTECTED]


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] OK response without checking

[Israel Cardenas]

Hi!

Can Exim return an OK response without verifying the receiver is correct?
How can Exim do it?

Thanks.

Israel.


__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] Spool file is locked (another process is handling this message)

[Oliver Kötter]

Hi,

I am relatively new to exim and have a big problem.
I am using Exim 4.50 on Debian Sarge on my personal mail server which is a 
virtual server. It is
the exim4-daemon-heavy package.

Everything works fine for some months now, but since last week I am unable to 
send mails to one
specific guy. When I type "mailq" I see these mails which do not get send. I am 
able to send mail
to any other address I have tested.

The mainlog says:
2005-09-29 02:09:29 1EKeSt-0001ZE-Sw Spool file is locked (another process is 
handling this message)

which is of course repeated every 30 seconds.

Does anybody have any idea what this may be? I cannot think which other process 
this could be. I
use clamav and spamassassin which are scanning incoming messages but these are 
outgoing messages
and any other receipient works.

Thanks for any help,

Oliver



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Niclas Hedhman]

On Thursday 29 September 2005 16:45, Odhiambo G. Washington wrote:

Arrogant sarcasm isn't appreciated, and if that is the general tone of this 
community I won't stay long. That said...

> * On 29/09/05 02:15 +0800, Niclas Hedhman wrote:
> > Hi,
> >
> > I recently did the mistake of upgrading both my KMail client (to v1.7)
> > and Exim4 (whatever version is in Debian testing)...
>
> Mistake?

Yes. Only upgrade one thing at a time, so when something breaks, you know at 
which end to look.

> Whatever version???
> /path/to/exim -bV will tell you the version.

srv01:~# exim4 -bV
Exim version 4.52 #1 built 21-Aug-2005 09:46:54
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis 
nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated

> > Now, authenticated SMTP no longer works, no matter what I try.
>
> What did you try? What do you see in mainlog related to the problem?

Well, that depends on which combo of encryption and authentication that is 
tried from the client. Minimum expected was SSL + PLAIN which gives the 
following...

2005-09-29 09:43:06 no host name found for IP address 219.94.56.25
2005-09-29 09:43:06 SMTP protocol violation: synchronization error (input sent 
without waiting for greeting): rejected connection from H=[219.94.56.25] 
input="\200g\001\003"

And client says the server closed the connection.

If I set No Encryption + PLAIN I get;
2005-09-29 09:44:44 no host name found for IP address 219.94.56.25
and the client says the server doesn't support PLAIN authentication 
(expected).

For TLS+PLAIN I get the message from the client that TLS is not supported, and 
the same "no host name found"


> > In KMail's "Check what the server supports" also yields different
> > results in KMail 1.7  and KMail 1.8, so I am utterly confused.
>
> Same to us here. What is KMail and what does it have to do with Exim
> and ASMTP?

KMail is the default mail client in KDE. Mail clients are often used to send 
mail with via SMTP servers such as EXIM4 (sarcasm for you only.)

> > On the server, I do an extraction of mail-users from /etc/shadow and
> > creates a new /etc/exim4/passwd for authentication.
>
> What does your authenticators look like?

see below. That is the 'compiled output' from the "update-exim4.conf" tool, 
which I don't know whether it is Exim or Debian related.

> > I have also got the Outlook hack enabled,
>
> What is Outlook hack? Where can I find it?

This was in the /etc/exim4/exim4.conf.template

# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
# 
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.htm
l
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.

support_broken_outlook_express_4_server:
   driver = plaintext
   public_name = "\r\n250-AUTH=PLAIN LOGIN"
   server_prompts = User Name : Password
   server_condition = no

which I enabled (didn't make any difference for the KMail case).

> > and Mailman mailing list in the mix, otherwise fairly stock config.
>
> You sound mixed up yourself, because you are not sure of the problem
> you need assistance with!

Well, I thought I can't have been the only one who use 'stock Debian' 
configurations, which stopped working after an upgrade. I expected a "Oh, 
that is because we have introduce XYZ, and you will need to enable/disable 
the parameter ABC" or something like that.

> You want us to administer your server for you, yes?

No, but I don't expect to be a programmer and a 6 RFCs expert to set up the 
most basic outgoing mailserver either. Perhaps too much to ask for.


Cheers
Niclas


Copied from /var/lib/exim4/config.autogenerated

begin authenticators

plain_server:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if crypteq{$3}{${extract{1}{:}
{${lookup{$2}lsearch{CONFD
IR/passwd}{$value}{*:*}{1}{0}}"
  server_set_id = $2
  server_prompts = :
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

login_server:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if crypteq{$2}{${extract{1}{:}
{${lookup{$1}lsearch{CONFD
IR/passwd}{$value}{*:*}{1}{0}}"
  server_set_id = $1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

support_broke

Re: [exim] Multiple Log Files - Feature Request

[Ian Eiloart]

--On 28 September 2005 16:54:45 +0100 Peter Bowyer <[EMAIL PROTECTED]> 
wrote:



On 28/09/05, Marc Perkel <[EMAIL PROTECTED]> wrote:

How would you do that with a separate program?


You were told this in the othe other thread you've got running on the
same subject.


That's just not true. He only has one thread running on this, though he did 
change the subject to make a feature request out of it.


He's had two helpful replies to his questions, but they came after your 
reply.


Peter, I think you should look on the wiki to see how much work Marc has 
done there - restructuring and posting tips that he got from this list. 
Then you might feel less hostile toward him.



(Hint: 1 thread is generally enough - especially when you don't read them)





Peer

--
Peter Bowyer
Email: [EMAIL PROTECTED]
Tel: +44 1296 768003
VoIP: sip:[EMAIL PROTECTED]




--
Ian Eiloart
Servers Team
Sussex University ITS


--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] rewrite "from" depending on "to" or recipient

[Hardy]

Hi,

i want to create a mini mail-list just by putting some (externe) addresses into 
aliases.
on every post to "[EMAIL PROTECTED]" i want the sender to be rewritten to the same name 
"[EMAIL PROTECTED]" (not only reply-to).

is this easy to be done in exim.conf? how?

tia
Hardy




--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] exim4 smtp authentication

[Odhiambo G. Washington]

* On 29/09/05 09:48 +0200, Klaus Boehm wrote:
> Hi,
> 
> i have a question about smtp authentication.
> Is it possible to check a part of the user about ip address
> an the other part of the user about smtp authentication at the same time?
> If someone has the right ip its ok and if someone has the right login and
> password its ok.

Yes, it is very possible, but please elaborate on the aspects of the IP
address side.
Generally, smtp authentication is applied to connections from
"untrusted" IP addresses - those that are outside your relay_from_hosts
hostlist definition.
I am wondering why you also want to restrict the authentication to
specific IP addresses. Once you explain that, we will put aside our
crystal balls and give you the answers.

For me, I believe a rule like this is enough: the skks

accept authenticated = * 
   condition = ${if eq{$authenticated_id}{$sender_address}{yes}{no}}

If a user has given out their password to their spammer friends, then
that's a whole new ball game.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash () WANANCHI ! com  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] An interesting problem (apparent duplicate delivery)

[Tom Kistner]

Ian FREISLICH wrote:


Our spamd servers are pretty heavily loaded, but the interesting
thing is the the messages are _identicle_.  If the above scenario
was happening, I'd at least expect different Recieved: headers from
our server.


I see. Then there's not much chance that Exim is the culprit.

/tom

--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[exim] exim4 smtp authentication

[Klaus Boehm]

Hi,

i have a question about smtp authentication.
Is it possible to check a part of the user about ip address
an the other part of the user about smtp authentication at the same time?
If someone has the right ip its ok and if someone has the right login and
password its ok.

Thanks for any help.

By,

Klaus
--
-
Klaus Boehm
Systemadministrator
ewt multimedia GmbH & Co. KG
D-86152 Augsburg, Volkhartstr. 4-6
Phone:  +49.(0)821.3106-319
Fax: +49.(0)821.310660-319
mailto:[EMAIL PROTECTED]
http://www.ewt.de
http://www.surf-club.de
-




--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Exim rejects: syntactically invalid argument

[Alun]

Marc Sherman <[EMAIL PROTECTED]> said, in message
[EMAIL PROTECTED]:

> > is very different for the different domains, as it turns out.  So
> > far  this week: 35 for one, 573 for another, and 3 for a third.
> 
> That's bizarre.  I see similar (lack of) patterns.  I checked the
> other  3 domains I host; one has 0 hits at all, another has only 4
> hits, all of  them rejected by clamav, and the last one has 11 hits,
> all of them  rejected by spamassassin.  Still none of the messages got
> delivered, though.

Since we're quoting figures...

My ACL says:

  drop condition = ${if or {\
{eq {$sender_helo_name}{[$interface_address]}}\
{eq {$sender_helo_name}{$interface_address}}\
{eq {$sender_helo_name}{$primary_hostname}}\
{eq {$sender_helo_name}{aber.ac.uk}}\
{eq {$sender_helo_name}{mailserv.aber.ac.uk}}\
{eq {$sender_helo_name}{mailserv2.aber.ac.uk}}\
}{yes}{no}}

This happens before greylisting and has matched 28,565 attempts since 
Sunday (I've not checked for duplicates where people bang on all three
servers repeatedly). During the same time we've accepted 68,940 
external mails.

Cheers,
Alun.

-- 
Alun Jones   [EMAIL PROTECTED]
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Upgrade blues...

[Odhiambo G. Washington]

* On 29/09/05 02:15 +0800, Niclas Hedhman wrote:
> 
> Hi,
> 
> I recently did the mistake of upgrading both my KMail client (to v1.7) and 
> Exim4 (whatever version is in Debian testing)...

Mistake?

Whatever version???

/path/to/exim -bV will tell you the version.


> Now, authenticated SMTP no longer works, no matter what I try.


What did you try? What do you see in mainlog related to the problem?

> In KMail's "Check what the server supports" also yields different
> results in KMail 1.7  and KMail 1.8, so I am utterly confused.

Same to us here. What is KMail and what does it have to do with Exim
and ASMTP?

> On the server, I do an extraction of mail-users from /etc/shadow and creates 
> a 
> new /etc/exim4/passwd for authentication.

What does your authenticators look like?

> I have also got the Outlook hack enabled,

What is Outlook hack? Where can I find it?

> and Mailman mailing list in the mix, otherwise fairly stock config. 

You sound mixed up yourself, because you are not sure of the problem
you need assistance with!


> www.hedhman.org on port 25 is where it is running.


So?

> Does anyone have any pointers about this? 

While you really need to read this:

http://www.catb.org/~esr/faqs/smart-questions.html#beprecise



.. the following entry from the wiki might help you:

http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730


You want us to administer your server for you, yes?


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash () WANANCHI ! com  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] long delays sending (not ident related) (mypost: rl3sept27)

[rich lott]

Fred, very much appreciate your time, thanks.

On Wednesday 28 September 2005 20:43, Fred Viles wrote:
   No, it turns off ident lookups.  Actually, since your problem is in
   *sending* mail, this can't help.  There is the possibility that the
   remote site is doing an ident call to your server, and you have a
   firewall dropping the packet (instead of rejecting it).

   Or there may be lots of other reasons why the remote is delaying the
   transaction.  Some admins introduce delays intentionally to cause
   poorly written ratware to cause a protocol violation when it doesn't
   wait for the response.

   Are you seeing the same 30s delay with delivery to lots of different
   hosts, or just this one?

Ah, thnks. penny might be dropping. shinyblue.net is hosted elsewhere, and so 
maybe because I've set my exim up to report it's from shinyblue.net, I think 
the shinyblue.net server may be getting a time out because  it it trying  to 
look up itself? Could that be it?

There's another strangeness too in that it seems to be sending my localhost 
name as a fqd which it obviously isn't. This causes rejection by some 
servers, which may be part of the delay. Why is my local hostname sent? Where 
does exim get the value to send in HELOs? (see log snippet)

-8<---
005-09-29 08:20:14 1EKsi9-00041V-LQ ** [EMAIL PROTECTED] 
F=<[EMAIL PROTECTED]>P=<[EMAIL PROTECTED]> R=dnslookup T=remote_smtp: SMTP 
error from remote mail server after HELO reech: host a.mx.peopleandplanet.org 
[217.204.203.154]: 504 : Helo command rejected: need fully-qualified 
hostname
2005-09-29 08:20:14 1EKsiE-00041Z-7J <= <> R=1EKsi9-00041V-LQ U=Debian-exim 
P=local S=1248 from <> for [EMAIL PROTECTED]
-8<---

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Re: [exim] Re: Debian exim

[Marc Haber]

On Wed, 28 Sep 2005 14:45:22 -0700, Steve Lamb <[EMAIL PROTECTED]> wrote:
>Marc Haber wrote:
>> No. We are also talking about the messages being sent passing sender
>> verification, and optionally being replyable.
>
>Yes... and?  *pokes at his nullmailer install*  Works fine.  Your point?

You might have a valid domain name on your box, have your own e-mail
domain you don't share with somebody else, and are in control of your
smarthost. Joe Normal DSLuser does not.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/