Re: [exim] Perl integration - context?
On Wed, 9 Jun 2021, Felipe Gasper via Exim-users wrote: The idea is more to prevent message delivery during a backup or account reconfiguration. exim_lock is the tool you are looking for. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Perl integration - context?
> On Jun 9, 2021, at 3:00 PM, Andrew C Aitchison wrote: > > On Wed, 9 Jun 2021, Felipe Gasper via Exim-users wrote: > >> Hello, >> >> Is it possible with Eximâ??s Perl integration to create a reference >> that will last throughout a messageâ??s delivery and then be reaped? >> >> Iâ??d like to explore an flock-based lock for mail delivery that >> would allow an external process to suspend delivery by holding a >> lock on a designated path: if Exim/Perl does flock($fh, LOCK_SH) >> and fails EAGAIN, then Exim will defer acceptance of the message. >> >> When the flock() succeeds, ideally that flock()ed Perl $fh will >> last until delivery is done and then be reaped. Is it safe to >> store that in a Perl global, then call something else at the end >> of the routing that deletes/undefs that global? Or is there some >> cleaner way to give Exim such a reference and have Exim hold onto >> it for me until routing/delivery is over? > > I am reminded of the exim_lock utility, though that is an external process. > > I'm a bit confused. > Are you trying to stop a second message from being accepted *into the > exim queue* whilst the first is being routed/delivered ? The idea is more to prevent message delivery during a backup or account reconfiguration. I specifically want to avoid this: 1. External process suspends user’s mail delivery. 2. External process gets SIGKILL. 3. User gets no more mail until user complains ($$) and someone manually ($$) reenables the user’s mail. Using flock() for this would cause the mail suspension to go away automatically once whatever holds that lock goes away: 1. External process flock(EX)s user’s special designated file. 2. Exim tries to flock(SH) that same file, gets EAGAIN. 3. Exim tells clients :defer: 4. External process finishes or gets SIGKILL. 5. User can receive mail again, no manual intervention needed. Alternatively: 1. Exim flock(SH)s the user’s special file. 2. External process tries to flock(EX), gets EAGAIN. Either retries later or just fails. -FG -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim (aoom) named in context of new TLS cross-protocol attack
Am 09.06.21 um 22:03 schrieb Heiko Schlittermann via Exim-users: Cyborg via Exim-users (Mi 09 Jun 2021 21:13:43 CEST): Don#t get me wrong, exim is at the top of this "best of the worse" list, because it stops after 3 retriesm but other server like proftpd have already reacted to this by implementing countermeasures. This can also be seen in the mentioned figure. The "3" is configurable: |smtp_max_synprot_errors|Use: main|Type: integer|Default: 3| So, if you worry about the abuse of your bandwidth and your Exim server, then set this to zero. Should be enough to not be a part of this attack vector, shouldn't it? In the article, a reflextion attack is mentioned, so i may be important what's coming back from the server. It may not be enough to just react only once, but we will see, when more information is revealed. I'm trying to get more infos about that attack vector from the german universities which found it, and will make some tests if possible, so we see what we actually have to defend against. best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim (aoom) named in context of new TLS cross-protocol attack
Cyborg via Exim-users (Mi 09 Jun 2021 21:13:43 CEST):
> Don#t get me wrong, exim is at the top of this "best of the worse" list,
> because it stops after 3 retriesm but other server like proftpd have already
> reacted to this by implementing countermeasures. This can also be seen in
> the mentioned figure.
The "3" is configurable:
|smtp_max_synprot_errors|Use: main|Type: integer|Default: 3|
So, if you worry about the abuse of your bandwidth and your Exim server,
then set this to zero. Should be enough to not be a part of this attack
vector, shouldn't it?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Disable Links in Body
Hello, I would like to set up a filter to disable all external links in received messages. Can someone point me to where to to start looking into that type of filtering? -Patrick -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim (aoom) named in context of new TLS cross-protocol attack
Context: https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html? See figure 1 right column line #2 -- A few weeks ago, I suggested to take care of these freaks, that redirect HTTP requests to SMTP Ports, spamming logs and wasting valueable hamstertime. As it looks, this redirects can now be used to do reflection attacks and other cross-protocol attacks on servers, that use the same tls cert for different services. I think, this is a pretty good reason to end this, by silently dropping those connections as the garbage they are and sendout a press release about it. It has three benefits: it's good pr, it's good for security and reduces waste traffic on exim mailservers. Don#t get me wrong, exim is at the top of this "best of the worse" list, because it stops after 3 retriesm but other server like proftpd have already reacted to this by implementing countermeasures. This can also be seen in the mentioned figure. Best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Perl integration - context?
On Wed, 9 Jun 2021, Felipe Gasper via Exim-users wrote: Hello, Is it possible with Eximâ??s Perl integration to create a reference that will last throughout a messageâ??s delivery and then be reaped? Iâ??d like to explore an flock-based lock for mail delivery that would allow an external process to suspend delivery by holding a lock on a designated path: if Exim/Perl does flock($fh, LOCK_SH) and fails EAGAIN, then Exim will defer acceptance of the message. When the flock() succeeds, ideally that flock()ed Perl $fh will last until delivery is done and then be reaped. Is it safe to store that in a Perl global, then call something else at the end of the routing that deletes/undefs that global? Or is there some cleaner way to give Exim such a reference and have Exim hold onto it for me until routing/delivery is over? I am reminded of the exim_lock utility, though that is an external process. I'm a bit confused. Are you trying to stop a second message from being accepted *into the exim queue* whilst the first is being routed/delivered ? A message is often accepted and delivered by separate exim processes (it may sit in the queue until some remote event happens) so I'm not sure that exim can hold a lock through the whole delivery. Another way the delivery flow is modified is to move a message between two queues ... -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Perl integration - context?
Hello, Is it possible with Exim’s Perl integration to create a reference that will last throughout a message’s delivery and then be reaped? I’d like to explore an flock-based lock for mail delivery that would allow an external process to suspend delivery by holding a lock on a designated path: if Exim/Perl does flock($fh, LOCK_SH) and fails EAGAIN, then Exim will defer acceptance of the message. When the flock() succeeds, ideally that flock()ed Perl $fh will last until delivery is done and then be reaped. Is it safe to store that in a Perl global, then call something else at the end of the routing that deletes/undefs that global? Or is there some cleaner way to give Exim such a reference and have Exim hold onto it for me until routing/delivery is over? Thank you! cheers, -Felipe Gasper -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
