Re: [exim] Getting Exim 4.94
On 01/06/2020 21:46, Mike Brown via Exim-users wrote: > I'm currently running fc27.x86_64. I'm trying to find a Fedora RPM for > version 4.94, but the exim wiki for downloading Fedora binaries is broken, > as it points to fedora.redhat.com, which can't be found. > > Anyone know where I can find a F27 RPM for exim? a) 4.94 was only published today. Expecting instant service from distros will lead to disappointment b) Fedora 27 is no longer on support, as far as I know. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] CNAME smarthost certificate name verification
Hello list. Exim doesn't compare CNAME with certificate names, for example smtp.mail.yahoo.com smtp.outlook.com It compares A/ hostnames with certificate names With OpenSSL: SSL verify error: certificate name mismatch With GnuTLS: TLS certificate verification failed: cert name mismatch Is it a bug that Exim not compare CNAME with certificate names? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Getting Exim 4.94
On Mon, Jun 01, 2020 at 10:26:13PM +0100, Graeme Fowler via Exim-users wrote: > On 1 Jun 2020, at 21:46, Mike Brown via Exim-users > wrote: > > Anyone know where I can find a F27 RPM for exim? > > > That would be > > https://apps.fedoraproject.org/packages/exim Looks like the latest build is 4.90, which I am currently running. Looks like I'll have to try and compile the source, which I have downloaded. MB -- e-mail: vid...@vidiot.com | vid...@vidiot.net/~\ The ASCII 6082066...@email.uscc.net (140 char limit) \ / Ribbon Campaign Visit - URL: http://vidiot.com/ X Against http://vidiot.net/ / \ HTML Email "VCR was in the closet. Still works. Can't get the clock to stop blinking, though." Angela - Animal Kingdom - 7/16/19 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
Here is a excerpt from my configuration that you can look through, and
possible use parts of.
Remember to replace all instances of my domain with yours.
hostlist relay_from_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
domainlist local_domains =
sebbe.eu:[185.86.106.232]:[193.187.91.106]:[2001:470:dff1:1:10::1]:[2001:470
:dff1:1:10::2]:dns1.sebbe.eu:dns2.sebbe.eu:mx.sebbe.eu:185.86.106.232:193.18
7.91.106
acl_check_mail:
accept
authenticated = *
senders = ^(sebastian|postmaster|abuse)@sebbe\\.eu\$
hosts = +relay_from_hosts
set acl_m0 = authorizedrelay
## This one ensures you need a valid password AND a valid IP to relay. Thus
hacked passwords is a no go here.
## Combined with auth_advertise_hosts, it will also not even offer
authentication to invalid hosts.
## This also requires sender adress to be within the local domain to be
considered authenticated relay,
## else this rule is never triggered, authorizedrelay isn't set and any
valid authenticated emails but with a sender of like
RolexWatches@GetRich.whatever will also get rejected.
deny
message = 5.7.14 You can't spoof the domains this server is authorative
for
sender_domains = ^(?i).*(sebbe\\.eu)\$ : +local_domains
## Prevents anyone from sending a email with a sender that is local to the
server in question, if they aren't authorized to do so (ergo logged in and
have right IP)
deny
message = 5.7.1 Local users must authenticate
hosts = +relay_from_hosts
## Prevents anyone that is already local network, from sending without
authenticating.
deny
message = 5.4.6 That would create a mail loop
sender_domains = localhost : ^\\[127.* : ^.*\\.local : ^.*\\.localdomain
: ^.*\\.localhost : ^127\\..*
## Prevent crude form of mail loops.
deny
message = 5.7.0 Banned TLD
sender_domains =
^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christ
mas|click|club|college|computer|country|cricket|date|design|download|email|f
aith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|ne
ws|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|re
n|rent|review|rocks|science|security|shop|site|solutions|space|storage|store
|stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|viv
idal|wang|webcam|website|win|work|works|world|xin|xyz|zip)\$
## TLD ban. Bans a lot of TLDs in sender adress. Those TLDs are the ICANN
new garbage shit that are 100% spam sources.
deny
message = 5.1.8 Sender verification failed
!verify = sender
## Basic sender verification. (Does MX exist etc)
accept
condition = ${if eq {$sender_address}{}{yes}{no}}
## Auto-accept the blank sender adress.
deny
message = 5.7.23 SPF fail (phishing) -
(${sg{${sg{$spf_smtp_comment}{http\:\/\/www\.open-spf\.org\/Why}{https:\/\/w
ww.sebbe.eu\/spf.cgi}}}{=sebbe\.eu}{}})
log_message = SPF check failed: ($spf_header_comment)
spf = fail : softfail
## Reject all SPF=softfail and all SPF=hardfail messages.
accept
acl_check_rcpt:
deny
local_parts = ^[./|] : ^.*[@\$%`#&?/|] : ^.*/\\.\\./ : ^.*x24 :
^.*0.44
message = 5.1.7 Restricted characters in address
## Prevent certain security holes.
deny
message = 5.4.6 That would create a mail loop
domains = localhost : ^\\[127.* : ^.*\\.local : ^.*\\.localdomain :
^.*\\.localhost : ^127\\..*
## Prevent some crude mail loops.
accept
condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
control = submission/sender_retain
control = dkim_disable_verify
## If message is authorized relay - ergo authenticated and right IP, accept
it through at RCPT stage too.
require
message = 5.7.1 Relay not permitted
domains = +local_domains
## Message must be to a local mailbox if its not authenticated.
require
verify = recipient
## Basic recipient reachability check.
accept
acl_check_data:
warn
remove_header = date
remove_header = subject
add_header = Date: $tod_full
add_header = Subject:
${rfc2047:${length_100:${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${s
g{${sg{${sg{$h_subject:}{\\xE5}{\\xA5}}}{\\xC4}{\\x84}}}{\\xD6}{\\x96}}}{\\x
C5}{\\x85}}}{\\xF6}{\\xB6}}}{\\xE4}{\\xA4}}}{\N[^a-zA-Z0-9\xA5\xA4\xB6\x85\x
84\x96
!"\@#\$%&\/\{(\[)\]=\}?+\\\-_:.;,*><|^~]\N}{}}}{\N([\xA5\xA4\xB6\x85\x84\x96
])\N}{\\xC3\$1}}}{}{ }}}{ }{ }}}{ }{ }}}{^ }{}}}{ \$}{
## Scrub email. This replaces the Date header with a valid one, so if a mail
has its date set to 1970-01-01 the email doesn't get pushed to the very
bottom of the inbox.
## Also shortens subjects to 100 characters and removes invalid characters,
preventing certain bugs and quirks in Microsoft Outlook with subjects.
deny
message = 5.6.0 Message headers fail syntax check
!verify = header_syntax
## Basic header check.
deny
message = 5.6.0 No verifiable sender address in message headers
!verify =
Re: [exim] Getting Exim 4.94
On 1 Jun 2020, at 21:46, Mike Brown via Exim-users wrote: > Anyone know where I can find a F27 RPM for exim? That would be https://apps.fedoraproject.org/packages/exim Graeme -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Getting Exim 4.94
I'm currently running fc27.x86_64. I'm trying to find a Fedora RPM for version 4.94, but the exim wiki for downloading Fedora binaries is broken, as it points to fedora.redhat.com, which can't be found. Anyone know where I can find a F27 RPM for exim? Thanks. MB -- e-mail: vid...@vidiot.com | vid...@vidiot.net/~\ The ASCII 6082066...@email.uscc.net (140 char limit) \ / Ribbon Campaign Visit - URL: http://vidiot.com/ X Against http://vidiot.net/ / \ HTML Email "VCR was in the closet. Still works. Can't get the clock to stop blinking, though." Angela - Animal Kingdom - 7/16/19 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
On 01/06/2020 17:44, Jacques B. Siboni via Exim-users wrote: > It seems there are many ways to configure the acl part of exim4. Yes; essentially ACL code is a programming language. > I have tried > many options but, so far I can't get rid of spammers using our smtp to send > spam > mails. Your first problem is to identify and define patterns of spammer. Doing that will lead you inevitably to coding to block them. Your spammers are probably different to mine. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
Am 01.06.20 um 18:44 schrieb Jacques B. Siboni via Exim-users: > It seems there are many ways to configure the acl part of exim4. I have tried > many options but, so far I can't get rid of spammers using our smtp to send > spam > mails. (I receive a lot of spam mails as well but this nuisance I can deal > with.) Well, you use authentication for your users, do you? Do the spammers bypass this authentication or what exactly is the problem? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] A decent acl example please!
dear colleagues It seems there are many ways to configure the acl part of exim4. I have tried many options but, so far I can't get rid of spammers using our smtp to send spam mails. (I receive a lot of spam mails as well but this nuisance I can deal with.) Can some of you can send a decent example of acl config solving most of the problems encountered. I signal I have already added the spf record, a dkim signature and dmarc data. But nonetheless I believe some bots manage to pass through the net. exim4 version is 4.93-16 on debian Thanks in advance Jacques -- Jacques B. Siboni mailto:jac...@lutecium.org 8 pass. Charles Albert, F75018 Paris, France Tel: +33 142 287 678 Port: +33 612 536 959 Home Page: http://jacsib.lutecium.org/ Lutecium pages: http://www.lutecium.org -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.93 published - actually 4.94
On 01/06/2020 16:24, Jeremy Harris via Exim-users wrote: > Today we released Exim 4.94. > > There are no significant changes since RC2. > > > For changes in 4.94 that ARE LIKELY TO AFFECT existing runtime > configurations please see: > https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING > > For new features and new options in 4.94 please see: > https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/NewStuff > > For changes that could affect an existing runtime configuration > please see: > https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/ChangeLog > > > > You can find Exim 4.94 in the following locations: > > - Git repository: git://git.exim.org/exim.git > https://git.exim.org/exim.git > > tagged as exim-4.94 > (https://git.exim.org/exim.git/tag/refs/tags/exim-4.94) > > - Tarballs and Docs: https://ftp.exim.org/pub/exim/exim4/ > > The tagged commit, the tag, the tarballs, and the checksum files are > signed with my GPG key. The key can be found e.g. here: > http://exim.org/static/keys/jgh%40wizmail.org.asc and in many other > places. Please crosscheck. > > (The Exim website may not be updated yet.) > -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim 4.93 published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Today we released Exim 4.94. There are no significant changes since RC2. For changes in 4.94 that ARE LIKELY TO AFFECT existing runtime configurations please see: https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING For new features and new options in 4.94 please see: https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/NewStuff For changes that could affect an existing runtime configuration please see: https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/ChangeLog You can find Exim 4.94 in the following locations: - Git repository: git://git.exim.org/exim.git https://git.exim.org/exim.git tagged as exim-4.94 (https://git.exim.org/exim.git/tag/refs/tags/exim-4.94) - Tarballs and Docs: https://ftp.exim.org/pub/exim/exim4/ The tagged commit, the tag, the tarballs, and the checksum files are signed with my GPG key. The key can be found e.g. here: http://exim.org/static/keys/jgh%40wizmail.org.asc and in many other places. Please crosscheck. (The Exim website may not be updated yet.) - -- Cheers, Jeremy -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAl7VHZAACgkQvOWMjOQf Mt8Glgf+PdVx950i20o5mg+5Ae/jVSTJwZss4SAyTkzKqpLqLcMk5OE8cK4XUHlL 6CwjnMlAZWBm3nOQqjaKIrTFmSGCEMBdrq/t6mw54uPgCARIh0GoLjg2RilS1Azl FWxzNwNqu5oXm8yQ3tu/BJb8q2S14EAYNKlBCp44yQ4Xb4JikauMrrDf/ra7shpW ZIFaUS2ril2gXL9e3QrI/OUnHUNPO8qjBfzb1mCnrm4+RaTGGPnAVFl1/N1kYuNX sdcxffrHsfRDF9LUMrxGBmi1hNBnS3iD98HNU1hPzjEsZCqUlBWq5UuZDn3ZR1H0 dJc5xbTmjOQpvkPtXYzZAh9L3xW4DQ== =bD/4 -END PGP SIGNATURE- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Includecontent not updated
On 31/05/2020 00:34, Cyborg via Exim-users wrote: > .include_if_exists /etc/exim/forwarder_dl.conf > > it contains a domainlist : > > domainlist local_domains = @ : localhost : localhost.localdomain : QUERY > > > Is there any particular reason, why the content of domainlist is only > loaded once after server restart and not on every email handled, > as it should? The config file, and any includes, are only loaded when an exim process starts up. For messages received by processes forked from a daemon, the usual way of handling SMTP reception, that means when the daemon is started (or restarted, or told to reload). You can get per-use updates by using a filename as the list (or part of the list). See http://exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html#SECTfilnamlis Obviously there is a performance cost to doing that. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Includecontent not updated
Exim version 4.92.3 #3 built 30-Sep-2019 11:25:19 Hi, Exim has this entry in it's main.conf: .include_if_exists /etc/exim/forwarder_dl.conf it contains a domainlist : domainlist local_domains = @ : localhost : localhost.localdomain : Is there any particular reason, why the content of domainlist is only loaded once after server restart and not on every email handled, as it should? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
