Re: [exim] Getting Exim 4.94
On 01/06/2020 21:46, Mike Brown via Exim-users wrote: > I'm currently running fc27.x86_64. I'm trying to find a Fedora RPM for > version 4.94, but the exim wiki for downloading Fedora binaries is broken, > as it points to fedora.redhat.com, which can't be found. > > Anyone know where I can find a F27 RPM for exim? a) 4.94 was only published today. Expecting instant service from distros will lead to disappointment b) Fedora 27 is no longer on support, as far as I know. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] CNAME smarthost certificate name verification
Hello list. Exim doesn't compare CNAME with certificate names, for example smtp.mail.yahoo.com smtp.outlook.com It compares A/ hostnames with certificate names With OpenSSL: SSL verify error: certificate name mismatch With GnuTLS: TLS certificate verification failed: cert name mismatch Is it a bug that Exim not compare CNAME with certificate names? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Getting Exim 4.94
On Mon, Jun 01, 2020 at 10:26:13PM +0100, Graeme Fowler via Exim-users wrote: > On 1 Jun 2020, at 21:46, Mike Brown via Exim-users > wrote: > > Anyone know where I can find a F27 RPM for exim? > > > That would be > > https://apps.fedoraproject.org/packages/exim Looks like the latest build is 4.90, which I am currently running. Looks like I'll have to try and compile the source, which I have downloaded. MB -- e-mail: vid...@vidiot.com | vid...@vidiot.net/~\ The ASCII 6082066...@email.uscc.net (140 char limit) \ / Ribbon Campaign Visit - URL: http://vidiot.com/ X Against http://vidiot.net/ / \ HTML Email "VCR was in the closet. Still works. Can't get the clock to stop blinking, though." Angela - Animal Kingdom - 7/16/19 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
Here is a excerpt from my configuration that you can look through, and possible use parts of. Remember to replace all instances of my domain with yours. hostlist relay_from_hosts = 192.168.0.0/16 : 127.0.0.1 : 1 auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1 domainlist local_domains = sebbe.eu:[185.86.106.232]:[193.187.91.106]:[2001:470:dff1:1:10::1]:[2001:470 :dff1:1:10::2]:dns1.sebbe.eu:dns2.sebbe.eu:mx.sebbe.eu:185.86.106.232:193.18 7.91.106 acl_check_mail: accept authenticated = * senders = ^(sebastian|postmaster|abuse)@sebbe\\.eu\$ hosts = +relay_from_hosts set acl_m0 = authorizedrelay ## This one ensures you need a valid password AND a valid IP to relay. Thus hacked passwords is a no go here. ## Combined with auth_advertise_hosts, it will also not even offer authentication to invalid hosts. ## This also requires sender adress to be within the local domain to be considered authenticated relay, ## else this rule is never triggered, authorizedrelay isn't set and any valid authenticated emails but with a sender of like RolexWatches@GetRich.whatever will also get rejected. deny message = 5.7.14 You can't spoof the domains this server is authorative for sender_domains = ^(?i).*(sebbe\\.eu)\$ : +local_domains ## Prevents anyone from sending a email with a sender that is local to the server in question, if they aren't authorized to do so (ergo logged in and have right IP) deny message = 5.7.1 Local users must authenticate hosts = +relay_from_hosts ## Prevents anyone that is already local network, from sending without authenticating. deny message = 5.4.6 That would create a mail loop sender_domains = localhost : ^\\[127.* : ^.*\\.local : ^.*\\.localdomain : ^.*\\.localhost : ^127\\..* ## Prevent crude form of mail loops. deny message = 5.7.0 Banned TLD sender_domains = ^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christ mas|click|club|college|computer|country|cricket|date|design|download|email|f aith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|ne ws|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|re n|rent|review|rocks|science|security|shop|site|solutions|space|storage|store |stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|viv idal|wang|webcam|website|win|work|works|world|xin|xyz|zip)\$ ## TLD ban. Bans a lot of TLDs in sender adress. Those TLDs are the ICANN new garbage shit that are 100% spam sources. deny message = 5.1.8 Sender verification failed !verify = sender ## Basic sender verification. (Does MX exist etc) accept condition = ${if eq {$sender_address}{}{yes}{no}} ## Auto-accept the blank sender adress. deny message = 5.7.23 SPF fail (phishing) - (${sg{${sg{$spf_smtp_comment}{http\:\/\/www\.open-spf\.org\/Why}{https:\/\/w ww.sebbe.eu\/spf.cgi}}}{=sebbe\.eu}{}}) log_message = SPF check failed: ($spf_header_comment) spf = fail : softfail ## Reject all SPF=softfail and all SPF=hardfail messages. accept acl_check_rcpt: deny local_parts = ^[./|] : ^.*[@\$%`#&?/|] : ^.*/\\.\\./ : ^.*x24 : ^.*0.44 message = 5.1.7 Restricted characters in address ## Prevent certain security holes. deny message = 5.4.6 That would create a mail loop domains = localhost : ^\\[127.* : ^.*\\.local : ^.*\\.localdomain : ^.*\\.localhost : ^127\\..* ## Prevent some crude mail loops. accept condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}} control = submission/sender_retain control = dkim_disable_verify ## If message is authorized relay - ergo authenticated and right IP, accept it through at RCPT stage too. require message = 5.7.1 Relay not permitted domains = +local_domains ## Message must be to a local mailbox if its not authenticated. require verify = recipient ## Basic recipient reachability check. accept acl_check_data: warn remove_header = date remove_header = subject add_header = Date: $tod_full add_header = Subject: ${rfc2047:${length_100:${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${s g{${sg{${sg{$h_subject:}{\\xE5}{\\xA5}}}{\\xC4}{\\x84}}}{\\xD6}{\\x96}}}{\\x C5}{\\x85}}}{\\xF6}{\\xB6}}}{\\xE4}{\\xA4}}}{\N[^a-zA-Z0-9\xA5\xA4\xB6\x85\x 84\x96 !"\@#\$%&\/\{(\[)\]=\}?+\\\-_:.;,*><|^~]\N}{}}}{\N([\xA5\xA4\xB6\x85\x84\x96 ])\N}{\\xC3\$1}}}{}{ }}}{ }{ }}}{ }{ }}}{^ }{}}}{ \$}{ ## Scrub email. This replaces the Date header with a valid one, so if a mail has its date set to 1970-01-01 the email doesn't get pushed to the very bottom of the inbox. ## Also shortens subjects to 100 characters and removes invalid characters, preventing certain bugs and quirks in Microsoft Outlook with subjects. deny message = 5.6.0 Message headers fail syntax check !verify = header_syntax ## Basic header check. deny message = 5.6.0 No verifiable sender address in message headers !verify =
Re: [exim] Getting Exim 4.94
On 1 Jun 2020, at 21:46, Mike Brown via Exim-users wrote: > Anyone know where I can find a F27 RPM for exim? That would be https://apps.fedoraproject.org/packages/exim Graeme -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Getting Exim 4.94
I'm currently running fc27.x86_64. I'm trying to find a Fedora RPM for version 4.94, but the exim wiki for downloading Fedora binaries is broken, as it points to fedora.redhat.com, which can't be found. Anyone know where I can find a F27 RPM for exim? Thanks. MB -- e-mail: vid...@vidiot.com | vid...@vidiot.net/~\ The ASCII 6082066...@email.uscc.net (140 char limit) \ / Ribbon Campaign Visit - URL: http://vidiot.com/ X Against http://vidiot.net/ / \ HTML Email "VCR was in the closet. Still works. Can't get the clock to stop blinking, though." Angela - Animal Kingdom - 7/16/19 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
On 01/06/2020 17:44, Jacques B. Siboni via Exim-users wrote: > It seems there are many ways to configure the acl part of exim4. Yes; essentially ACL code is a programming language. > I have tried > many options but, so far I can't get rid of spammers using our smtp to send > spam > mails. Your first problem is to identify and define patterns of spammer. Doing that will lead you inevitably to coding to block them. Your spammers are probably different to mine. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] A decent acl example please!
Am 01.06.20 um 18:44 schrieb Jacques B. Siboni via Exim-users: > It seems there are many ways to configure the acl part of exim4. I have tried > many options but, so far I can't get rid of spammers using our smtp to send > spam > mails. (I receive a lot of spam mails as well but this nuisance I can deal > with.) Well, you use authentication for your users, do you? Do the spammers bypass this authentication or what exactly is the problem? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] A decent acl example please!
dear colleagues It seems there are many ways to configure the acl part of exim4. I have tried many options but, so far I can't get rid of spammers using our smtp to send spam mails. (I receive a lot of spam mails as well but this nuisance I can deal with.) Can some of you can send a decent example of acl config solving most of the problems encountered. I signal I have already added the spf record, a dkim signature and dmarc data. But nonetheless I believe some bots manage to pass through the net. exim4 version is 4.93-16 on debian Thanks in advance Jacques -- Jacques B. Siboni mailto:jac...@lutecium.org 8 pass. Charles Albert, F75018 Paris, France Tel: +33 142 287 678 Port: +33 612 536 959 Home Page: http://jacsib.lutecium.org/ Lutecium pages: http://www.lutecium.org -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.93 published - actually 4.94
On 01/06/2020 16:24, Jeremy Harris via Exim-users wrote: > Today we released Exim 4.94. > > There are no significant changes since RC2. > > > For changes in 4.94 that ARE LIKELY TO AFFECT existing runtime > configurations please see: > https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING > > For new features and new options in 4.94 please see: > https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/NewStuff > > For changes that could affect an existing runtime configuration > please see: > https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/ChangeLog > > > > You can find Exim 4.94 in the following locations: > > - Git repository: git://git.exim.org/exim.git > https://git.exim.org/exim.git > > tagged as exim-4.94 > (https://git.exim.org/exim.git/tag/refs/tags/exim-4.94) > > - Tarballs and Docs: https://ftp.exim.org/pub/exim/exim4/ > > The tagged commit, the tag, the tarballs, and the checksum files are > signed with my GPG key. The key can be found e.g. here: > http://exim.org/static/keys/jgh%40wizmail.org.asc and in many other > places. Please crosscheck. > > (The Exim website may not be updated yet.) > -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim 4.93 published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Today we released Exim 4.94. There are no significant changes since RC2. For changes in 4.94 that ARE LIKELY TO AFFECT existing runtime configurations please see: https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING For new features and new options in 4.94 please see: https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/NewStuff For changes that could affect an existing runtime configuration please see: https://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/ChangeLog You can find Exim 4.94 in the following locations: - Git repository: git://git.exim.org/exim.git https://git.exim.org/exim.git tagged as exim-4.94 (https://git.exim.org/exim.git/tag/refs/tags/exim-4.94) - Tarballs and Docs: https://ftp.exim.org/pub/exim/exim4/ The tagged commit, the tag, the tarballs, and the checksum files are signed with my GPG key. The key can be found e.g. here: http://exim.org/static/keys/jgh%40wizmail.org.asc and in many other places. Please crosscheck. (The Exim website may not be updated yet.) - -- Cheers, Jeremy -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAl7VHZAACgkQvOWMjOQf Mt8Glgf+PdVx950i20o5mg+5Ae/jVSTJwZss4SAyTkzKqpLqLcMk5OE8cK4XUHlL 6CwjnMlAZWBm3nOQqjaKIrTFmSGCEMBdrq/t6mw54uPgCARIh0GoLjg2RilS1Azl FWxzNwNqu5oXm8yQ3tu/BJb8q2S14EAYNKlBCp44yQ4Xb4JikauMrrDf/ra7shpW ZIFaUS2ril2gXL9e3QrI/OUnHUNPO8qjBfzb1mCnrm4+RaTGGPnAVFl1/N1kYuNX sdcxffrHsfRDF9LUMrxGBmi1hNBnS3iD98HNU1hPzjEsZCqUlBWq5UuZDn3ZR1H0 dJc5xbTmjOQpvkPtXYzZAh9L3xW4DQ== =bD/4 -END PGP SIGNATURE- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Includecontent not updated
On 31/05/2020 00:34, Cyborg via Exim-users wrote: > .include_if_exists /etc/exim/forwarder_dl.conf > > it contains a domainlist : > > domainlist local_domains = @ : localhost : localhost.localdomain : QUERY > > > Is there any particular reason, why the content of domainlist is only > loaded once after server restart and not on every email handled, > as it should? The config file, and any includes, are only loaded when an exim process starts up. For messages received by processes forked from a daemon, the usual way of handling SMTP reception, that means when the daemon is started (or restarted, or told to reload). You can get per-use updates by using a filename as the list (or part of the list). See http://exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html#SECTfilnamlis Obviously there is a performance cost to doing that. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Includecontent not updated
Exim version 4.92.3 #3 built 30-Sep-2019 11:25:19 Hi, Exim has this entry in it's main.conf: .include_if_exists /etc/exim/forwarder_dl.conf it contains a domainlist : domainlist local_domains = @ : localhost : localhost.localdomain : Is there any particular reason, why the content of domainlist is only loaded once after server restart and not on every email handled, as it should? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/