[exim] Problem sending to google.com
Dear Colleagues, Has anyone had problems recently sending to aspmx.l.google.com ? Sending gets stuck with the following error: 2022-09-27 21:09:48 1od0Ew-002IUh-GS H=alt2.aspmx.l.google.com [64.233.171.27] TLS error on connection (recv): Error in the pull function. 2022-09-27 21:09:48 1od0Ew-002IUh-GS H=alt2.aspmx.l.google.com [64.233.171.27]: Remote host closed connection in response to end of data Below is a complete session log, any ideas what could be wrong? There is a very long waiting after "BDAT". "mail.X.com" is my host (Exim 4.94.2/Debian11). delivering 1od0Ew-002IUh-GS Connecting to aspmx.l.google.com [74.125.195.26]:25 ... TFO mode sendto, no data: EINPROGRESS connected TCP_FASTOPEN tcpi_unacked 2 SMTP<< 220 mx.google.com ESMTP jf4-20020a170903268400b00178a33f8bb4si3653473plb.328 - gsmtp SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> STARTTLS SMTP<< 220 2.0.0 Ready to start TLS SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> MAIL FROM: SIZE=126042 SMTP>> RCPT TO: will write message using CHUNKING SMTP>> BDAT 2461 SMTP<< 250 2.1.0 OK jf4-20020a170903268400b00178a33f8bb4si3653473plb.328 - gsmtp SMTP<< 250 2.1.5 OK jf4-20020a170903268400b00178a33f8bb4si3653473plb.328 - gsmtp SMTP<< 250 2.0.0 OK jf4-20020a170903268400b00178a33f8bb4si3653473plb.328 - gsmtp SMTP>> BDAT 122930 LAST LOG: MAIN H=aspmx.l.google.com [74.125.195.26] TLS error on connection (recv): Error in the pull function. SMTP(Connection reset by peer)<< LOG: MAIN H=aspmx.l.google.com [74.125.195.26]: Remote host closed connection in response to end of data SMTP(close)>> Connecting to alt1.aspmx.l.google.com [142.250.115.26]:25 ... TFO mode sendto, no data: EINPROGRESS connected TCP_FASTOPEN tcpi_unacked 2 SMTP<< 220 mx.google.com ESMTP ch9-20020a0568081c0900b0033a712a247fsi3588254oib.216 - gsmtp SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> STARTTLS SMTP<< 220 2.0.0 Ready to start TLS SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> MAIL FROM: SIZE=126042 SMTP>> RCPT TO: will write message using CHUNKING SMTP>> BDAT 2461 SMTP<< 250 2.1.0 OK ch9-20020a0568081c0900b0033a712a247fsi3588254oib.216 - gsmtp SMTP<< 250 2.1.5 OK ch9-20020a0568081c0900b0033a712a247fsi3588254oib.216 - gsmtp SMTP<< 250 2.0.0 OK ch9-20020a0568081c0900b0033a712a247fsi3588254oib.216 - gsmtp SMTP>> BDAT 122930 LAST LOG: MAIN H=alt1.aspmx.l.google.com [142.250.115.26] TLS error on connection (recv): Error in the pull function. SMTP(Connection reset by peer)<< LOG: MAIN H=alt1.aspmx.l.google.com [142.250.115.26]: Remote host closed connection in response to end of data SMTP(close)>> Connecting to alt2.aspmx.l.google.com [64.233.171.27]:25 ... TFO mode sendto, no data: EINPROGRESS connected TCP_FASTOPEN tcpi_unacked 2 SMTP<< 220 mx.google.com ESMTP u26-20020a056871009a00b001278ca86aaesi3664331oaa.13 - gsmtp SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> STARTTLS SMTP<< 220 2.0.0 Ready to start TLS SMTP>> EHLO mail.X.com SMTP<< 250-mx.google.com at your service, [54.148.163.217] 250-SIZE 157286400 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 SMTP>> MAIL FROM: SIZE=126042 SMTP>> RCPT TO: will write message using CHUNKING SMTP>> BDAT 2461 SMTP<< 250 2.1.0 OK u26-20020a056871009a00b001278ca86aaesi3664331oaa.13 - gsmtp SMTP<< 250 2.1.5 OK u26-20020a056871009a00b001278ca86aaesi3664331oaa.13 - gsmtp SMTP<< 250 2.0.0 OK u26-20020a056871009a00b001278ca86aaesi3664331oaa.13 - gsmtp SMTP>> BDAT 122930 LAST LOG: MAIN H=alt2.aspmx.l.google.com [64.233.171.27] TLS error on connection (recv): Error in the pull function. SMTP(Connection reset by peer)<< LOG: MAIN H=alt2.aspmx.l.google.com [64.233.171.27]: Remote host closed connection in response to end of data SMTP(close)>> Connecting to
Re: [exim] problem Tainted permission to file autoreply once
Hi, Am 27.09.22 um 11:54 schrieb Sławomir Dworaczek via Exim-users: heloo Yeah ! maybe not elegant, but it works!, once = /var/spool/db/autoreply_${lookup mysql{select localpart from users,domains where domain='${quote_mysql:$domain}' and localpart='${quote_mysql:$local_part}' and users.domain_id=domains.domain_id}}_${lookup mysql{select domain from users,domains where domain='${quote_mysql:$domain}' and localpart='${quote_mysql:$local_part}' and users.domain_id=domains.domain_id}}.db create file autoreply_username_domain.com.db from variouse points of views, this suggestion is the worst one you can have. a) you have a shitload of files laying around if more than a handfull of users is involved b) it's unclear, what happens, if the file needed has not been created. c) but worst of all: it's producing a filename to a filebased db file, from a mysql database select, which could do all of this in a query and an insert skip responder if true: ... condition = check if respondertext exists at all for $header_to condition = ${lockup mysql{select '1' from responsedb where ( rcpt ='${quote_mysql:$header_to)' and ' sender='${quote_mysql:$local_part}@${quote_mysql:$domain} and now() < ( lasttime + 7*86400 ) ) }} < this part depends on how you implemented it. It could be i.e. filling a variable to reuse its content in the responder router > ... continue with warn condition = check if respondertext exists at all for $header_to condition = ${lockup mysql{insert into responsedb set rcpt ='${quote_mysql:$header_to)' , sender = '${quote_mysql:$local_part}@${quote_mysql:$domain}' , lasttime = now(); select '1';}} log_message = "adding to responder database" This does not involve any further files and just needs the database, you already have in use, which is way faster. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Suggestion for Antivirus to use with Exim
Luca Bertoncello via Exim-users (Di 27 Sep 2022 14:19:01 CEST): > Currently, at office, we use Kaspersky, Avast and ClamAV as Antivirus > programs. > All these programs will be used within Exim, to check all inbound and > outbound E-Mails. > Now, we know, Kaspersky/Russia/problem/etc... > So, we must search an alternative to Kaspersky. I do not see any relation between the items above. But that is another topic. virustotal provides an API, it should require only little effort to integrate this with Exim. (I'm not sure about implications for privacy.) > Now the question to you: can someone suggest me one (or more!) product to > use in enteprise context to protect our E-Mails? > Very important: the scan _must_ be done within Exim to allow us to reject > infected E-Mails. "Within" Exim should work almost everything you can control via a simple command line. Plus the some scanners that have a client built into Exim. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Suggestion for Antivirus to use with Exim
Am 27.09.2022 14:59, schrieb Patrick Cernko via Exim-users: Hi Patrick I have successfully integrated WithSecure (F-Secure for Bussiness) Scanner a few weeks ago. Integration was done using the cmdline interface. I have a small shell script that does some additional analysis/logging but basically, I just use OK, I'm trying now to find how much the program costs... I think, I have to ask the people of withsecure.com Getting WithSecure installed on our servers was the harder part. Let me know, if you need help there. What were the problems? Thanks Luca Bertoncello (lucab...@lucabert.de) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Suggestion for Antivirus to use with Exim
Hi Luca, On 27.09.22 14:19, Luca Bertoncello via Exim-users wrote: Hi list! Currently, at office, we use Kaspersky, Avast and ClamAV as Antivirus programs. All these programs will be used within Exim, to check all inbound and outbound E-Mails. Now, we know, Kaspersky/Russia/problem/etc... So, we must search an alternative to Kaspersky. Unfortunately, I didn't found anything that works good on Linux and have a good recognition rate. Now the question to you: can someone suggest me one (or more!) product to use in enteprise context to protect our E-Mails? Very important: the scan _must_ be done within Exim to allow us to reject infected E-Mails. I tried ESET, and it seems to work good, but unfortunately is not available anymore... I have successfully integrated WithSecure (F-Secure for Bussiness) Scanner a few weeks ago. Integration was done using the cmdline interface. I have a small shell script that does some additional analysis/logging but basically, I just use WITHSECURE_SOCKET = cmdline:\ /opt/f-secure/linuxsecurity/bin/fsanalyze %s:\ result=(infected|suspected):\ infection=([^ ]*) There are still some few mails only recognized by KLMS. I think you can always find a thread that is first recognized by one engine and only later by others. Also I had to tune the WithSecure settings a bit about archives. Getting WithSecure installed on our servers was the harder part. Let me know, if you need help there. Best, -- Patrick Cernko +49 681 9325 5815 Joint Scientific IT and Technical Service Max-Planck-Institute für Informatik & Softwaresysteme smime.p7s Description: S/MIME Cryptographic Signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Suggestion for Antivirus to use with Exim
Hi list! Currently, at office, we use Kaspersky, Avast and ClamAV as Antivirus programs. All these programs will be used within Exim, to check all inbound and outbound E-Mails. Now, we know, Kaspersky/Russia/problem/etc... So, we must search an alternative to Kaspersky. Unfortunately, I didn't found anything that works good on Linux and have a good recognition rate. Now the question to you: can someone suggest me one (or more!) product to use in enteprise context to protect our E-Mails? Very important: the scan _must_ be done within Exim to allow us to reject infected E-Mails. I tried ESET, and it seems to work good, but unfortunately is not available anymore... Thanks a lot for your suggestion! Luca Bertoncello (lucab...@lucabert.de) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] problem Tainted permission to file autoreply once
heloo Yeah ! maybe not elegant, but it works!, once = /var/spool/db/autoreply_${lookup mysql{select localpart from users,domains where domain='${quote_mysql:$domain}' and localpart='${quote_mysql:$local_part}' and users.domain_id=domains.domain_id}}_${lookup mysql{select domain from users,domains where domain='${quote_mysql:$domain}' and localpart='${quote_mysql:$local_part}' and users.domain_id=domains.domain_id}}.db create file autoreply_username_domain.com.db thanks for help regards Slawek - Original Message - From: "Jasen Betts" To: "Sławomir Dworaczek" Sent: Tuesday, September 27, 2022 11:22 AM Subject: Re: problem Tainted permission to file autoreply once In gmane.mail.exim.user, you wrote: From: "Jeremy Harris via Exim-users" To: Sent: Tuesday, September 27, 2022 10:16 AM Subject: Re: [exim] problem Tainted permission to file autoreply once On 27/09/2022 09:09, Sławomir Dworaczek via Exim-users wrote: nowhere else is it like creating a file Third paragraph of that reference: "not permitted (including acessing a file using a tainted name)." ok, that's right, just how detainted the record that creates the file for the responed database and should be unique for each user regards What is a user? If you know that they are a user use the lookup that identifies them to get an untainted value. -- Jasen. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] problem Tainted permission to file autoreply once
On Mon, 26 Sep 2022, Sławomir Dworaczek via Exim-users wrote: I wanted to limit the reflection of mail with the autoresponder turned on, but after adding the option ONCE_FILE = /var/spool/exim/db/autoreply_${local_part}_${domain}.db What happens if you change that to ONCE_FILE = /var/spool/exim/db/autoreply_${local_part_data}_${domain_data}.db ? In my logs I have the message defer (13) permission denied Tainted /var/spool/exim/db/autoreply_username_mydomian.eu.db exim runs with user exim and group exim, I have set the permissions for the group and user for the db directory -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] problem Tainted permission to file autoreply once
ok, that's right, just how detainted the record that creates the file for the responed database and should be unique for each user regards Slawek - Original Message - From: "Jeremy Harris via Exim-users" To: Sent: Tuesday, September 27, 2022 10:16 AM Subject: Re: [exim] problem Tainted permission to file autoreply once On 27/09/2022 09:09, Sławomir Dworaczek via Exim-users wrote: nowhere else is it like creating a file Third paragraph of that reference: "not permitted (including acessing a file using a tainted name)." -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] problem Tainted permission to file autoreply once
heloo it describes everywhere how to use safe strings in a search, but nowhere else is it like creating a file regadrs slawek - Original Message - From: "Jeremy Harris via Exim-users" To: Sent: Tuesday, September 27, 2022 12:42 AM Subject: Re: [exim] problem Tainted permission to file autoreply once On 26/09/2022 19:44, Sławomir Dworaczek via Exim-users wrote: option ONCE_FILE = /var/spool/exim/db/autoreply_${local_part}_${domain}.db In my logs I have the message defer (13) permission denied Tainted /var/spool/exim/db/autoreply_username_mydomian.eu.db http://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html Third and fourth paragraphs. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] problem Tainted permission to file autoreply once
On 27/09/2022 09:09, Sławomir Dworaczek via Exim-users wrote: nowhere else is it like creating a file Third paragraph of that reference: "not permitted (including acessing a file using a tainted name)." -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/