Re: [exim] Recipient verification

2023-01-20 Thread Jeremy Harris via Exim-users 

On 20/01/2023 19:50, Johnnie W Adams via Exim-users wrote:

Calling the ACL on all mail prevents bounces, correct?


An R-verify checks routability, and (with callout) acceptability
by the destination.  If your intent is to discover nonexistent
recipients *during SMTP reception* of a message, so that
you can reject at SMTP time and thereby not have to generate
a bounce - then yes, it'll do that.  But you should be
doing this check in your rcpt ACL, and it'll only cover
messages *you* receive using SMTP (as opposed to cmdline/stdin).

Also, if done for message-submission receptions by you
it will upset many MUAs (which have little notion that
a message being rejected is a thing, it seems).
So if that was your hope, you're onto a loser.


As to when this is called, I would put it on our egress node, which only
has acl_check_rcpt. I planned to put it after that. So more like this?

acl_check_vrfy:


I'm still trying to work out your intent.  Is that word "acl_check_vrfy"
never mentioned elsewhere (in your proposed config)?  If so, it will
have no effect.  ACL names are not magic.

When do you want it run?


--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Recipient verification

2023-01-20 Thread Johnnie W Adams via Exim-users 
Yes, the recipients are all non-local.

I was focused on preventing useless bounce messages, but now I think I take
your point: Calling the ACL on all mail prevents bounces, correct?

As to when this is called, I would put it on our egress node, which only
has acl_check_rcpt. I planned to put it after that. So more like this?

acl_check_vrfy:


  deny

!verify = recipient/callout

I didn't put a time-out on it when I was just doing senderless mail--that's
an unusual occurrence for us, so I wasn't as worried about the time it
takes--but perhaps I should.

On Fri, Jan 20, 2023 at 1:15 PM Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 20/01/2023 18:18, Johnnie W Adams via Exim-users wrote:
> >   I've been doing some research on recipient verification to
> eliminate
> > bounces, and am wondering if it's as simple something like this at the
> end
> > of my ACL list:
> >
> > acl_check_vrfy:
> >
> >deny
> >
> >  senders = ''
> >
> >  !verify = recipient/callout
> >
> >   Surely it's not that simple, but I'm at a loss as to what else is
> > needed
>
> You didn't say when you'd be calling this ACL, nor why you'd
> only be verifying bounces.  Not generating bounces yourself
> is also worthy, which means validating recipients of nonbounce
> messages; using the routers and possibly transports to do the
> validation (which is what "verify" does) is one way.
>
> I assume the recipients you are validating are non-local
> to this box, since you specify callout.  But you could be
> confused about the intent of recipient verification.
>
> --
> Cheers,
>Jeremy
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Recipient verification

2023-01-20 Thread Jeremy Harris via Exim-users 

On 20/01/2023 18:18, Johnnie W Adams via Exim-users wrote:

  I've been doing some research on recipient verification to eliminate
bounces, and am wondering if it's as simple something like this at the end
of my ACL list:

acl_check_vrfy:

   deny

 senders = ''

 !verify = recipient/callout

  Surely it's not that simple, but I'm at a loss as to what else is
needed


You didn't say when you'd be calling this ACL, nor why you'd
only be verifying bounces.  Not generating bounces yourself
is also worthy, which means validating recipients of nonbounce
messages; using the routers and possibly transports to do the
validation (which is what "verify" does) is one way.

I assume the recipients you are validating are non-local
to this box, since you specify callout.  But you could be
confused about the intent of recipient verification.

--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Recipient verification

2023-01-20 Thread Johnnie W Adams via Exim-users 
Hi, folks,

 I've been doing some research on recipient verification to eliminate
bounces, and am wondering if it's as simple something like this at the end
of my ACL list:

acl_check_vrfy:

  deny

senders = ''

!verify = recipient/callout

 Surely it's not that simple, but I'm at a loss as to what else is
needed

Thanks,

 John A

-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] failed expand ACL

2023-01-20 Thread Lena--- via Exim-users 
> From: S?awomir Dworaczek

> where is the error in the ACL
> 
> continue = ${run{SHELL -c "echo $sender_host_address 
> >>/var/spool/exim/blacklists/blocked_IPs;\N{\N echo Subject: 
> $sender_host_address blocked; echo; echo for bruteforce auth cracking 
> attempt.;\N}\N | EXIMBINARY WARNTO"}}{yes}{no}}

This is from an old version of my code. I never wrote "yes no" at the end,
it's the error.
Current version: https://github.com/Exim/exim/wiki/BlockCracking


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Blocking a Class C

2023-01-20 Thread Jeremy Harris via Exim-users 

On 19/01/2023 17:32, The Doctor via Exim-users wrote:

I assumed that you were blocking the pair
(src ip 46.148.40.108, target port 25)
and was checking that you are also blocking
(src ip 46.148.40.108, target port 465)


Could this cause a 601 error?


Possibly a typo?  SMTP does not define any 6xx error code.

Also, irrelevant.  Blocking done by a firewall would be
stopping TCP-level connection, so you won't get any SMTP
communication at all.  How a client reports that is up to it.

--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Blocking a Class C

2023-01-20 Thread The Doctor via Exim-users 
On Thu, Jan 19, 2023 at 11:57:04AM +, Andrew C Aitchison via Exim-users 
wrote:
> On Thu, 19 Jan 2023, The Doctor wrote:
> 
> > On Thu, Jan 19, 2023 at 08:44:30AM +, Andrew C Aitchison via Exim-users 
> > wrote:
> >> On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
> >>
>  On Thu, Jan 19, 2023, 00:33 The Doctor  wrote:
> 
> > Still having problems with
> >
> > /var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
> > connection from [46.148.40.108]:61402 I=[204.209.81.246]:465
> > (host_reject_connection)
> >
> > THere are still coming and not being dropped in a timely manner.
> >
> > can these packets be dropped in less than 0.01 ms?
> >
> > Legit e-mail is not getting through and costumers are complaining.
> >>>
>  On Thu, Jan 19, 2023 at 12:36:38AM +0300, Odhiambo Washington via 
>  Exim-users wrote:
>  Block at the firewall before they reach the server.
> 
> >>> Ateempted but not happening.  I wonder if the IPs are being faked.
> >>
> >> I don't think faked packets would get through the firewall if you are
> >> blocking the faked IP address.
> >>
> >> The logs indicate that the attacker is connecting to port 465.
> >> Are you blocking that as well as port 25 ?
> >>
> > I cannot block port 25 if I want mail from the outside world to get it.
> 
> I assumed that you were blocking the pair
>   (src ip 46.148.40.108, target port 25)
> and was checking that you are also blocking
>   (src ip 46.148.40.108, target port 465)
>

Could this cause a 601 error?

> -- 
> Andrew C. Aitchison  Kendal, UK
> and...@aitchison.me.uk
> 
> -- 
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

-- 
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 
Birthdate: 29 Jan 1969 Redhill, Surrey, England  Beware https://mindspring.com

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/