On 21 Apr 2021, at 15:37, Wayne via Exim-users wrote:
Does this include lines in the body of the messages or just the
headers?
Both. See RFC5322 Section 2.1.1. MTAs can safely fix over-long header
lines by folding them, but to fix a body with over-long lines, they'd
need to either modify
On 21 Apr 2021, at 17:39, Wayne via Exim-users wrote:
Then I assume the body is being signed implicitly no matter what
headers
are selected?
Yes. A DKIM signature technically signs a selected set of headers and of
a hash of the body, both in a canonicalized form. Without the body hash,
it
On 4/22/21 5:39 AM, Wayne via Exim-users wrote:
> On Thu, Apr 22, 2021 at 05:11:30AM +0800, Gedalya via Exim-users wrote:
>> On 4/22/21 4:39 AM, Wayne via Exim-users wrote:
>>> I'm still confused as it seems like EXIM should be signing based on just
>>> headers content and not message body content
On Thu, Apr 22, 2021 at 05:11:30AM +0800, Gedalya via Exim-users wrote:
> On 4/22/21 4:39 AM, Wayne via Exim-users wrote:
> > I'm still confused as it seems like EXIM should be signing based on just
> > headers content and not message body content
>
> What makes you say that? DKIM normally signs
On 4/22/21 4:39 AM, Wayne via Exim-users wrote:
> I'm still confused as it seems like EXIM should be signing based on just
> headers content and not message body content
What makes you say that? DKIM normally signs the header and the body.
--
## List details at
On Thu, Apr 22, 2021 at 04:00:45AM +0800, Gedalya via Exim-users wrote:
> On 4/22/21 3:37 AM, Wayne via Exim-users wrote:
> > On Wed, Apr 21, 2021 at 08:21:02PM +0100, Jeremy Harris via Exim-users
> > wrote:
> >> On 21/04/2021 19:59, Wayne via Exim-users wrote:
> >>> 2021-04-21 14:34:48
On 21/04/2021 20:37, Wayne via Exim-users wrote:
Does this include lines in the body of the messages or just the headers?
Both. Body lines have to be processed for canonicalization before
adding into the hash value that becomes part of the signature.
The DKIM standard does not limit the
On 4/22/21 3:37 AM, Wayne via Exim-users wrote:
> On Wed, Apr 21, 2021 at 08:21:02PM +0100, Jeremy Harris via Exim-users wrote:
>> On 21/04/2021 19:59, Wayne via Exim-users wrote:
>>> 2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM: validation error: LONG_LINE
>>> 2021-04-21 14:34:48 1lZDwB-0003pb-TY
On Wed, Apr 21, 2021 at 08:21:02PM +0100, Jeremy Harris via Exim-users wrote:
> On 21/04/2021 19:59, Wayne via Exim-users wrote:
> > 2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM: validation error: LONG_LINE
> > 2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM: Error during validation,
> > disabling
On 21/04/2021 19:59, Wayne via Exim-users wrote:
2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM: validation error: LONG_LINE
2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM: Error during validation, disabling
signature verification: LONG_LINE
2021-04-21 14:34:48 1lZDwB-0003pb-TY <= XX@XXX
Greetings,
A certain device within our organization is relaying email via our EXIM
systems but EXIM is unable to sign the message. The vast majority of our
other messages are signed without issues.
Here is the corresponding error from the log.
2021-04-21 14:34:48 1lZDwB-0003pb-TY DKIM:
Am 17.04.21 um 13:49 schrieb Douba Samuel DIARRA via Exim-users:
Hello
I was using Exim 4, in office (differents sites) but I was using vsat system
for interconnecting sites. I put private adresses to configure exim in
differents sites.
Since I published my servers on internet, I have this
@Sebastian you now seem to be addressing a different
problem than the OP presented.
On Wed, Apr 21, 2021 at 4:37 PM Sebastian via Exim-users <
exim-users@exim.org> wrote:
> I would say it’s a benefit. Even if you restrict IPs to a bigger area like
> a country (geoIP restriction) or a whole ISP,
I would say it’s a benefit. Even if you restrict IPs to a bigger area like a
country (geoIP restriction) or a whole ISP, you still reduce the attack surface
with MANY times.
I before had problems with bots hacking my passwords. They guessed them all the
time.
After I added IP restrictions
@Sebastian,
If you live in a world where IPs are dynamic, then you will understand my
point.
There is no real benefit of restricting auth to particular IPs, IMHO.
If you must restrict AUTH to just a few IPs, then you actually don't need
that overhead.
Just put them in relay_from_hosts and you are
Dear Exim-Users and maintainers,
this is a *heads up* notice only. No action is required on your part
right now.
Abstract
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
We have prepared a security release, tagged as "exim-4.94.1".
This release contains
But its still good to use "auth_advertise_hosts" to restrict which hosts
that are permitted to authenticate in addition to this.
Else you will get bots that hack the password and then spam with your
server.
In auth_advertise_hosts, you can use CIDR notation (like 123.123.123.0/24)
to allow large
Douba Samuel DIARRA via Exim-users (Sa 17 Apr 2021
13:49:19 CEST):
> Hello
> I was using Exim 4, in office (differents sites) but I was using vsat system
> for interconnecting sites. I put private adresses to configure exim in
> differents sites.
> Since I published my servers on internet, I
On Wed, Apr 21, 2021 at 1:24 PM Douba Samuel DIARRA via Exim-users <
exim-users@exim.org> wrote:
> Hello
> I was using Exim 4, in office (differents sites) but I was using vsat
> system for interconnecting sites. I put private adresses to configure exim
> in differents sites.
> Since I published
Hello
I was using Exim 4, in office (differents sites) but I was using vsat system
for interconnecting sites. I put private adresses to configure exim in
differents sites.
Since I published my servers on internet, I have this kind of error message and
i cannot send mails. the message is : RELAY
On 21/04/2021 07:39, Luca Bertoncello via Exim-users wrote:
warn set acl_m_from = ${domain:${sg {$h_from:} {^\N(.*)?\<(.*)?\>$\N} {\$1}}}
Unfortunately, if the FROM-Header contains a comma (eg: "Tester, Test
") it fails.
acl_m_from is empty
# exim -d-all+expand -be
[...]
FOO=Tester,
On Wed, 21 Apr 2021, Evgeniy Berdnikov via Exim-users wrote:
On Tue, Apr 20, 2021 at 04:33:03PM -0600, The Doctor via Exim-users wrote:
Is there a way of telling mail server to send mail now?
On Saturday a Brute Force DoS
took down a bit of the network
and since
some severs like gmail and
On Tue, Apr 20, 2021 at 04:33:03PM -0600, The Doctor via Exim-users wrote:
> Is there a way of telling mail server to send mail now?
>
> On Saturday a Brute Force DoS
> took down a bit of the network
> and since
> some severs like gmail and megamailserver
> are delaying sending to this mail
Hi list!
In my exim.conf I have these statements:
warn set acl_m_from = ${domain:${sg {$h_from:}
{^\N(.*)?\<(.*)?\>$\N} {\$1}}}
warn set acl_m_froma = ${addresses:${sg {$h_from:}
{^\N(.*)?\<(.*)?\>$\N} {\$1}}}
warn set acl_m_from1 =
24 matches
Mail list logo
