Re: [exim] Exim 4.94.2 - security update released
The updated Exim pages from the EPEL project for RHEL 7 & 8 (and related distributions e.g. CentOS) as well as Fedora 34 are now in the process of being pushed to the stable repositories and should be there in the next few hours or so: https://bodhi.fedoraproject.org/updates/?packages=exim That said, anyone reading this ought to update as soon as possible, without waiting for them to reach the stable repositories. Tim -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
Am 06.05.21 um 14:54 schrieb Konstantin Boyandin via Exim-users: (yes, no problem building Exim package(s) for EPEL, once I understand the exact way to to that) fedpkg clone --anonymous exim cd exim git checkout epel8 # tweak exim.spec fedpkg mockbuild Felix -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
Am 06.05.21 um 14:54 schrieb Konstantin Boyandin via Exim-users: On 04.05.2021 20:40, Heiko Schlittermann via Exim-users wrote: We have prepared a security release, tagged as "exim-4.94.2". This release contains all changes on the exim-4.94+fixes branch plus security fixes. I wonder whether current Exim maintainer at EPEL reads this list. The last known EPEL Exim version is 4.94 #2, built on March 25, 2021. It wasn't difficult to build Exim from sources and replace insecure EPEL version, but it's not exactly my understanding of fun. (yes, no problem building Exim package(s) for EPEL, once I understand the exact way to to that) Go to Fedora koji and download your files manually. I have seen EL7 already on tuesday, but they are kept in the testfarm until they reach a good karma. Best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Redirecting via manualroute to possibly out-of-date Exim installations
Hello, Setup: Exim (updated to the latest version) accepts mail for several domains; for some of them it redirects messages to other (secondary) Exim-driven mail servers, via manualroute. Looks like not all these secondary Exim installations are up-to-date. Question: are these secondary mail servers still vulnerable to all the issues handled by 4.94.2 update (they aren't open to Internet directly)? -- Sincerely, Konstantin Boyandin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
On 06.05.2021 21:36, Tim Jackson via Exim-users wrote: > On 06/05/2021 14:54, Konstantin Boyandin via Exim-users wrote: > >> The last known EPEL Exim version is 4.94 #2, built on March 25, 2021. It >> wasn't difficult to build Exim from sources and replace insecure EPEL >> version, but it's not exactly my understanding of fun. > ... > > It is currently in the testing repository, meaning an update can be done > with "yum --enablerepo=epel-testing" . > > I've nudged the EPEL maintainer to suggest that it should be pushed > immediately to stable, given the severity. Thanks a lot for nudging - meanwhile I'll run the tests on sandbox installations, to raise the corresponding karma (if tests pass). -- Sincerely, Konstantin Boyandin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
Am 06.05.21 um 14:14 schrieb Paul Muster via Exim-users: Use fail2ban to detect these attempts in Exim's logfiles and ban the source on IP basis. Of course we do this too, but the point is, the logfile is written with a delay. If you have 10 connections in parallel, it would be easier if the server would handle it internally. Reading & parsing the logs also takes time, so, in the end, fail2ban kicks in late. Best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
On 06/05/2021 14:54, Konstantin Boyandin via Exim-users wrote: The last known EPEL Exim version is 4.94 #2, built on March 25, 2021. It wasn't difficult to build Exim from sources and replace insecure EPEL version, but it's not exactly my understanding of fun. An update was available for EPEL 7 & 8 (as well as Fedora) on Tuesday: EL8: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-beed69126f EL7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-dad1996f63 It is currently in the testing repository, meaning an update can be done with "yum --enablerepo=epel-testing" . I've nudged the EPEL maintainer to suggest that it should be pushed immediately to stable, given the severity. Tim -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
On 06/05/2021 14:54, Konstantin Boyandin via Exim-users wrote: > I wonder whether current Exim maintainer at EPEL reads this list. It is already in epel-testing. Greetings, Wolfgang -- Wolfgang Breyha | https://www.blafasel.at/ Vienna University Computer Center | Austria -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
Am 06.05.21 um 14:54 schrieb Konstantin Boyandin via Exim-users: The last known EPEL Exim version is 4.94 #2, built on March 25, 2021. It wasn't difficult to build Exim from sources and replace insecure EPEL version, but it's not exactly my understanding of fun. Exim updates are in epel-testing: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-dad1996f63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-beed69126f The pages above contain information on how to apply the update to your system. If you leave positive feedback ("karma") the update will reach all users faster (stable channel). Felix -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
Am 06.05.21 um 15:35 schrieb Heiko Schlittermann via Exim-users: (I got reports that Fedora's packages where stuck on some test server. (?)) Updates are not "stuck" but in a testing repo. This is meant to check that we only push actually working software to users. I'm not sure why the Fedora/EPEL maintainer chose to use testing also for that security release. As it is right now the updates will go to stable once there is enough positive feedback by users: https://bodhi.fedoraproject.org/updates/?packages=exim Fedora 33 already has this in stable as we had enough positive feedback. Felix -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
Hi Konstantin, Konstantin Boyandin via Exim-users (Do 06 Mai 2021 14:54:37 CEST): > On 04.05.2021 20:40, Heiko Schlittermann via Exim-users wrote: > > We have prepared a security release, tagged as "exim-4.94.2". > > > > This release contains all changes on the exim-4.94+fixes branch plus > > security fixes. > > I wonder whether current Exim maintainer at EPEL reads this list. The initial heads-up notification was sent to oss-security@openwall, , distros@vs.openwall and exim-maintainers. It contained a schedule. The announcement of the limited access to the security repo was sent to distros@… on Apr 27th, the announcement of the public release was sent to oss-security@…, and exim-users, and, with some delay to exim-announce. I'm not exactly sure how to notify the individual distros in a more reliable way. (I got reports that Fedora's packages where stuck on some test server. (?)) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.94.2 - security update released
On 04.05.2021 20:40, Heiko Schlittermann via Exim-users wrote: > We have prepared a security release, tagged as "exim-4.94.2". > > This release contains all changes on the exim-4.94+fixes branch plus > security fixes. I wonder whether current Exim maintainer at EPEL reads this list. The last known EPEL Exim version is 4.94 #2, built on March 25, 2021. It wasn't difficult to build Exim from sources and replace insecure EPEL version, but it's not exactly my understanding of fun. (yes, no problem building Exim package(s) for EPEL, once I understand the exact way to to that) -- Sincerely, Konstantin Boyandin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
On Thu, May 06, 2021 at 12:14:52PM +0200, Claus Assmann via Exim-users wrote: > On Thu, May 06, 2021, Cyborg via Exim-users wrote: > > > these are clients, that send "GET /..whatever HTTP/1.0"В as greeting. > > sendmail and postfix drop the connection at least on GET, POST, > CONNECT, e.g., > 421 4.7.0 Rejecting open proxy root@pve:~# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 pve.x.ru ESMTP Postfix (Debian/GNU) GET / HTTP/1.0 221 2.7.0 Error: I can break rules, too. Goodbye. Connection closed by foreign host. Postfix does not violate SMTP protocol (with "421 4.7.0" response), and its authors definitely have sense of humor. :) -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
Am 06.05.2021 um 11:43 schrieb Cyborg via Exim-users: Everyone of us sees this in their logsfiles : 2021-05-06 11:07:57 no host name found for IP address 68.183.80.168 2021-05-06 11:07:58 no host name found for IP address 68.183.80.168 2021-05-06 11:07:58 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:07:59 no host name found for IP address 68.183.80.168 2021-05-06 11:07:59 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:08:00 no host name found for IP address 68.183.80.168 2021-05-06 11:08:00 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:08:01 no host name found for IP address 68.183.80.168 2021-05-06 11:08:01 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") these are clients, that send "GET /..whatever HTTP/1.0" as greeting. I suggest: not to wait for the usual error treshhold of smtp related errors, but instead auto disconnect and block the IP for a few minutes , because, as seen, they come back as often as you let them. Use fail2ban to detect these attempts in Exim's logfiles and ban the source on IP basis. Regards, Paul -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
On 06/05/2021 10:43, Cyborg via Exim-users wrote: these are clients, that send "GET /..whatever HTTP/1.0" as greeting. I think, that exim could be reliable Nothing is reliable when dealing in that level of bogosity. Please raise a wishlist-level bug for this. I'm thinking in terms of an acl_smtp_unrecognised, to permit such custom policy handling. I don't think it should be hardwired. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
On Thu, May 06, 2021, Cyborg via Exim-users wrote: > these are clients, that send "GET /..whatever HTTP/1.0"?? as greeting. sendmail and postfix drop the connection at least on GET, POST, CONNECT, e.g., 421 4.7.0 Rejecting open proxy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Feature Request: react on HTTP
Cyborg via Exim-users (Do 06 Mai 2021 11:43:58 CEST): > > 2021-05-06 11:07:58 no host name found for IP address 68.183.80.168 > 2021-05-06 11:07:58 SMTP call from [68.183.80.168] dropped: too many > unrecognized commands (last was "Accept-Encoding: gzip, deflate") … > I suggest: > > not to wait for the usual error treshhold of smtp related errors, but > instead auto disconnect and block the IP for a few minutes , because, as > seen, they come back as often as you let them. Shouldn't the enforcement of syncronisation already prevent this? Hm, maybe we've a mid-air collision of our banner and their HTTP request. Don't we have a max_invalid_smtp_commands threshould? Or what point I'm missing here? -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Feature Request: react on HTTP
Hi, Everyone of us sees this in their logsfiles : 2021-05-06 11:07:57 no host name found for IP address 68.183.80.168 2021-05-06 11:07:58 no host name found for IP address 68.183.80.168 2021-05-06 11:07:58 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:07:59 no host name found for IP address 68.183.80.168 2021-05-06 11:07:59 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:08:00 no host name found for IP address 68.183.80.168 2021-05-06 11:08:00 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") 2021-05-06 11:08:01 no host name found for IP address 68.183.80.168 2021-05-06 11:08:01 SMTP call from [68.183.80.168] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip, deflate") these are clients, that send "GET /..whatever HTTP/1.0" as greeting. I suggest: not to wait for the usual error treshhold of smtp related errors, but instead auto disconnect and block the IP for a few minutes , because, as seen, they come back as often as you let them. I think, that exim could be reliable detect and implement this without breaking any existing config. As a result, the world will be a better place and less hamsters got wasted in the cpus around the world. This also is a small benefit for the worlds climate, by lesser consumption of energy ;) best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] tainted filname issue
On 06/05/2021 02:31, Dan Egli via Exim-users wrote: 20095 LOG: MAIN PANIC DIE 20095 unable to set gid=12 or uid=8 (euid=1002): system filter That's a basic syscall failure. My initial guess would be that your use of symlinks, or maybe of setuid bits on binaries, is the problem. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Outgoing mail : how to remove tags/keywords from the subjet header ?
On 06/05/2021 01:32, 32.yves.roux--- via Exim-users wrote: we have a spam/virus filtering system that add spam score and other info with keywords at the beginning of the subject header to inform the end-user and help him write sort-rules in his mail-client. Example : {spam: 43} {newsletter} {SPF: pass} {DKIM: No signature}, etc... But when an end-user answers to that mail we would *remove* all these tags I did search and did find how to do this for *incoming* subject header rewrite ( typically sequences like : headers_add "New-Subject: {spam}: $h_subject:" headers_remove subject headers_add "Subject: $h_new-subject:" headers_remove new-subject } but I could *not* find something to do this for *outgoing* mail There are two issues here: - identify the messages to be operated on - do the header manipulation Be aware that ACLs apply to messages being received, which includes both what you are calling "incoming" and "outgoing". If you do this operation in ACL you'll need to suitably condition it. Doing it in suitable routers or transports may be simpler, if you already have a clear distinction between those use for "incoming" and "outgoing" messages. For the "outgoing" modification, you'd be using a similar sequence of header-change operations, but for the replacement Subject: instead of creating one by prepending text to the existing one you'd be creating one using an edited version of the existing one. Look into the ${sg } string-expansion operator: http://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/