Olaf Hopp via Exim-users-de (Do 23 Jan 2020 20:59:48
CET):
> Hallo Jutta,
>
> ich mach das mit /etc/aliases
> foo.bar: :blackhole:
> versenkt die Mail in /dev/null
…
> foo@example.com: :blackhole:
> Statt :blackhole: kannst Du auch :defer: oder :fail: verwenden
Ich empfehle sehr
Heiko Schlittermann via Exim-users (Di 14 Jan 2020
17:16:33 CET):
>
> I forwarded your message and a short explanation (about Jeremy's answer)
> to the mailscanner mailing list.
https://github.com/MailScanner/v5/issues/431
and another reponse on the mailing list there:
| He
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF76
of the exim-4.94+fixes branch of our Git
repo https://git.exim.org/exim.git
The tag and tarballs are signed with the same key as I use to sign this
announcement.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
Christian Balzer (Mo 23 Dez 2019 06:07:46 CET):
> >
> I've tried this with "openssl s_server" and it works either which way,
> unsurprisingly.
> "openssl s_server -cert wildcard.crt -key wildcard.key -CAfile ca.crt"
>
> I can't get gnutls_server to use/send the CA intermediate at all, only the
>
Christian Balzer (Fr 20 Dez 2019 14:49:27 CET):
> > > The testmail.do.main VIP is handled by smtp01 and 02, with being resident
> > > on smtp01 for most of the testing, but failing it over doesn't change the
> > > outcome.
> >
> > If connections to the indiviual servers work as expected but
tell?
Can you replace Exim for testing purpose by an openssl s_server?
(Important: On the same port as Exim would serve).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schli
d+(?:\.\d+)?)?# (minor(.patch))
+ (?:\.\d+(?:\.\d+(?:\.\d+)?)?)?# (minor(.patch.(fixes)))
)
(?:-RC\d+)?$/x; # -RCX
$+{version};
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko S
with the same key as I use to sign this
announcement.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
g
Jeremy Harris via Exim-users (Fr 13 Dez 2019 10:19:12
CET):
> Bug 2492, fix done but not in 4.93.0.2
4.93.0.3 is out and contains the fix.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet &am
Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked s
.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- ke
Frank Elsner via Exim-users (Mo 09 Dez 2019 09:06:37 CET):
> I've just replaced exim-4.93-RC7 by exim-4.93 and see in logfile:
> failed to open DB file /var/spool/exim/db/wait-smtp: Success
This is the original unmodified form of the error message?
--
Heiko
signature.asc
Description: PGP
Frank Elsner (Mo 09 Dez 2019 10:09:17 CET):
> > > # ls -la /var/spool/exim/db/
> > > total 8
> > > drwxr-x--- 2 exim exim 4096 Dec 9 08:56 .
> > > drwxr-x--- 7 exim exim 4096 Nov 11 18:01 ..
> > > -rw-r- 1 exim exim0 Dec 9 08:56 retry.lockfile
> > > -rw-r- 1 exim exim0 Dec 9
ns of the DB
directory?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are wel
crosscheck.
(The Exim website may not be updated yet.)
Best regards Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
g
Cyborg via Exim-users (Di 03 Dez 2019 10:19:33 CET):
> > With your approach this IP will be whitelisted, given that at least one
> > device is able to login sucessfully.
>
> I don't think, you thought this throu to the end... this is the consequence:
>
> "At my local network, I can bruteforce the
e Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 9
or more messages could not be delivered to you
> mailbox correctly.
These typos are really part of the original message? The Subject and the
Topic read strange. Like mix-up of error messages.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTER
may miss the point, but I do not understand, how the
dependency on emacs4 (configuration?) gives an easy way to block
it (what?).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support
(TLS-on-connect) as
a client. As a server, it does, but as a client?
Ah, the spec tells me, it does. There is a SMTP transport option
"protocol", it may be set to "smtps".
So, you'll need to fiddle with your configuration (or with the Debian
provided confi
field.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome
- defer.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome -
sin/whitelist{no}{yes}}
`--'
- The parens are not paired
- If you try this on the commandline with -be, what do you expect in
$local_part, $domain, $sender_address?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Jeremy Harris via Exim-users (Mo 18 Nov 2019 17:38:41
CST):
> On 18/11/2019 05:05, Heiko Schlittermann via Exim-users wrote:
> > Ok, considering the importance of the information, @Jeremy,
> > how big is the risk of braking anything, if we extend the default header
> > i
Jeremy Harris via Exim-users (So 17 Nov 2019 21:23:47
CST):
> Surely choosing implies not using the default? Which is possible, just
> by setting received_header_text to your choice.
>
> 4.next adds a (TLS1.x) comment to the default; we're too late
> in the release cycle to change the upcoming
Dave Restall - System Administrator, , , via Exim-users
(Di 12 Nov 2019 01:04:33 CST):
> > Hi,
> >
> > I'm somewhat unsure, is this the same output as got got before? I'm
> > asking, as I changed something in this area (mainly the URL of the spf
> > website)
>
> I can't say :-( This is the
ains", "search_parents", and
"qualify_single".
Viele Grüße
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are w
ning with uid=X gid=X euid=X egid=X
> 26659 Listening...
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3}
.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --
om
> *.co.uk : co\.uk
> *.uk : uk
Maybe the public suffix list can be of use here.
https://publicsuffix.org/
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlit
Heiko Schlittermann (Mi 30 Okt 2019 23:57:11 CET):
> Maybe the public suffix list can be of use here.
Sorry for the noise, I'm several hours late.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at h
no
> complaint.
Then -- you got the information you need. Start using it.
And you got the warnings :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlitter
extended by changing a compile-time variable. The use of domain and host lists
| is recommended for concepts such as local domains, relay domains, and relay
| hosts. The default configuration is set up like this.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schl
from a public CA, or even both.
Not impossible, but maybe PITA, depending on your ressources for setup,
maintainance, monitoring and debugging.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support
Heiko Schlittermann via Exim-users (Mi 16 Okt 2019
06:48:25 CEST):
> TLS_DOMAIN = ${if def:tls_in_sni {${lc:tls_in_sni}}{example.com}}
>
> tls_certificate = /etc/exim/private/certs/TLS_DOMAIN/cert.pem
> tls_privatekey = /etc/exim/private/certs/TLS_DOMAIN/privkey.pem
/exim/private/certs/TLS_DOMAIN/cert.pem
tls_privatekey = /etc/exim/private/certs/TLS_DOMAIN/privkey.pem
You need a "fallback", as there is a fair chance, that the client
doesn't send you a TLS SNI.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLI
Hi,
what harm can happen if we set tls_sni = $host for all outgoing
smtp connections?
Can't we make it defaulting to the remote host name?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet &
uot;VIRUS" as a macro in your
configuration already.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
ny
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF7
ed, I'd add some more comments and do some more
testing. But similiar implemntations we did for customers.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlitterma
** Exim 4.92.3 released (security release) **
CVE ID: CVE-2019-16928
Date: 2019-09-27 (CVE assigned)
Version(s): from 4.92 up to and including 4.92.2
Reporter: QAX-A-TEAM
Reference: https://bugs.exim.org/show_bug.cgi?id=2449
Issue: Heap-based buffer overflow in string_vformat,
grow(g, g->ptr, width);
lim = g->size - 1;
gp = CS g->s + g->ptr;
}
We thank you for using Exim.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Evgeniy Berdnikov via Exim-users (Do 26 Sep 2019 18:50:39
CEST):
> On Thu, Sep 26, 2019 at 07:47:55AM -0400, Heiko Schlittermann via Exim-users
> wrote:
> > as recently "discovered" by Ian Z and me, at least one MUA strips the
> > BCC headers before submitting the
Evgeniy Berdnikov via Exim-users (Do 26 Sep 2019 14:43:25
EDT):
> Bouncing and forwarding let you send an existing message to recipients that
> you
> specify. Bouncing a message sends a verbatim copy of a message to alternative
> addresses as if they were the message's original recipients
ards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F6
Jeremy Harris via Exim-users (Mi 25 Sep 2019 10:26:14
EDT):
> Problem A) you have a corrupt file. The message even advises what to
> do; did you do that?
While we still should consider external influence as a root cause for
this database corruption, I got reports of a major Exim user, that
Jeremy Harris via Exim-users (Do 26 Sep 2019 08:03:11
EDT):
> On 26/09/2019 12:47, Heiko Schlittermann via Exim-users wrote:
> > as recently "discovered" by Ian Z and me, at least one MUA strips the
> > BCC headers before submitting the message, but fails to
e default
"configuration file".)
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg
Jeremy Harris via Exim-users (Do 26 Sep 2019 04:04:22
EDT):
> On 26/09/2019 02:56, Richard James Salts via Exim-users wrote:
> > It's using the
> > $authenticated_id expansion from what I understand. Is there a way to alter
> > this? Would it be in the server_set_id on the authenticator?
>
>
ntication.
The challenge will be to find the right balance between being too sloppy
and too strict.
(Think about a mobile device, reconnecting serveral times over the
course of a day)
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlitter
Heiko Schlittermann (Mi 25 Sep 2019 13:12:45 EDT):
> Maybe we use ratelimit to restrict the numbers of distinct
> sender_host_addresses that are allowed to do (successful)
> authentication.
We can.
> The challenge will be to find the right balance between being too sloppy
>
istinct recipients
authenticated = *
ratelimit = 100/1d / per_addr / $authenticated_id
Not tested, not verified against the spec, may contain typos or other
errors. But you should get the idea.
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/
Ian Zimmerman via Exim-users (Di 24 Sep 2019 15:53:27
EDT):
>
> Ok, never mind. I'll just enhance my module to read the body from
> $message_body if necessary. Even now, I never read the entire MIME
The message_body does not contain the full message body.
I believe, there is a related option.
Ian Zimmerman via Exim-users (Di 24 Sep 2019 14:43:52
EDT):
> On 2019-09-24 13:51, Heiko Schlittermann wrote:
>
> > Isn't that well defined enough?
> > /scan//.eml
> >
> > It gets created on the first malware condition.
> Are you sure?
No, as always, I'm
ed enough?
/scan//.eml
It gets created on the first malware condition.
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +4
anding: no. But the malware condition.
I'm not sure, if the decode condition (from the MIME ACL) would leave the
decoded files for the DATA ACL.
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix sup
demime gives you access to $mime_decoded_filename.
But - maybe I'm totally wrong here, it all are just assumptions (and as
these the mother of all fuckups)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
Ian Zimmerman via Exim-users (Fr 20 Sep 2019 20:31:58
CEST):
> Is acl_smtp_mime (or acl_not_smtp_mime) called at all for non-MIME
> messages, ie. those encoded as us-ascii with no MIME-Version: and
> Content-Type: headers? I expected they would be (with the whole body
> treated as a single
J. R. Okajima via Exim-users (Di 17 Sep 2019 21:36:55
CEST):
>
> I am developing a small external tool for exim. If possible, I'd ask
> you some comments. And if you are interested, I'd also ask some trial
> and tests. If anyone comes up, I will open a new project on github and
> make it
Claus Assmann via Exim-users (Mi 18 Sep 2019 16:50:16
CEST):
> On Wed, Sep 18, 2019, Evgeniy Berdnikov via Exim-users wrote:
>
> >sleep 1 ; echo "MAIL FROM: "
>
> Please read the fine RFCs: there is NO space after ':'!
> MAIL FROM:
Remote End is Exim, Exim accepts the space, even the RFC do
rtise_hosts main config option is empty or doesn't match the
current connection.
Do you have more output from the logs?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heik
Heiko Schlittermann via Exim-users (Mo 16 Sep 2019
08:57:19 CEST):
>
> The data ACL runs *once* per message. The message can have multiple
> recipients, so which domain do you expect in $domain?
I should have read your mail properly. You want to know the list of
recipient domains in
ain as a key for a policy lookup is left as an excercise
for the reader :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49
ACL settings discussed recently.
BTW, today I received a request on selling a working exploit for the
recent CVE. So somebody seems to be interested in using it (or testing,
if I'm serious about security).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHL
Richard Jones via Exim-users (Do 12 Sep 2019 14:36:41
CEST):
> On Sep 12, Heiko Schlittermann via Exim-users wrote
> > If you're out of luck, either upgrade your Debian system to a recent
> > one, or prepare to compile Exim on your own. (This is not as hard as it
> > seems,
Richard Jones via Exim-users (Do 12 Sep 2019 14:36:41
CEST):
> On Sep 12, Heiko Schlittermann via Exim-users wrote
> > If you're out of luck, either upgrade your Debian system to a recent
> > one, or prepare to compile Exim on your own. (This is not as hard as it
> > seems,
k, either upgrade your Debian system to a recent
one, or prepare to compile Exim on your own. (This is not as hard as it
seems, but you have to care about further updates manually).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITT
Heiko Schlittermann (Mi 11 Sep 2019 14:07:49 CEST):
> Pascal Rolle via Exim-users (Di 10 Sep 2019 14:41:15
> CEST):
> > I didnt see any announcement about the version 4.92.2. Is the package
> > provided on the 2019-09-06 06:01 the right one ? Is this suitable for
>
Pascal Rolle via Exim-users (Di 10 Sep 2019 14:41:15
CEST):
> I didnt see any announcement about the version 4.92.2. Is the package
> provided on the 2019-09-06 06:01 the right one ? Is this suitable for
> production purposes ?
4.92.2 is the current release, yes. It as stable as 4.92.1 was. It
Heiko Schlittermann via Exim-users (Di 10 Sep 2019
17:02:26 CEST):
> Cyborg via Exim-users (Di 10 Sep 2019 16:06:10 CEST):
> > can we limit those tries anywere or slow them down?
> >
> > 2019-09-10 16:02:37 plain authenticator failed for (a domainname)
> > [156
condition = $authentication_failed
ratelimit = 10/2h / badauth:$authenticated_fail_id / strict
accept
Completly untested, because when implementing it, I ran into another
issue.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHL
)
{ "tls_sni", vtype_stringptr, _in.sni },/* mind the
alphabetical order! */
#endif
I checked the original source, and didn't check the versions in between.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTER
Marco Gaiarin via Exim-users (Fr 06 Sep 2019 23:42:03
CEST):
> Mandi! Heiko Schlittermann via Exim-users
> In chel di` si favelave...
>
> > Add - as part of the mail ACL (the ACL referenced by the main config
> > option "acl_smtp_mail"):
> > denyc
ion of $tls_sni and $tls_peerdn (later renamed to
$tls_in_sni, $tls_in_peerdn).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.8
rds from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F693
Heiko Schlittermann (Fr 06 Sep 2019 22:40:19 CEST):
> #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
> { "tls_sni", vtype_stringptr, _in.sni },/* mind the
> alphabetical order! */
> #endif
>
> But nevertheless, your Exim is vulnerable. U
vertheless, your Exim is vulnerable. Unfortunnatly the ACL trick
doesn't work. You can do "binary patching".
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schl
Jay Sekora (Fr 06 Sep 2019 20:49:21 CEST):
> > For that reason I've published another mitigation method
> >
> > # to be prepended to your mail acl (the ACL referenced
> > # by the acl_smtp_mail main config option)
> > denycondition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni
> >
eed to check in the MAIL ACL anyway.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg en
Sebastian Nielsen via Exim-users (Fr 06 Sep 2019 21:37:41
CEST):
> Ooo just that, forgot that...
>
> But still the question remains, how does it prevent the exploit? Doesn't the
> exploit (root command) get executed immidiately when TLS negotiation is
> done?
This is left as an exercise to the
)
denycondition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni
denycondition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
-4.92.1+fixes branch is being functionally
replaced by the new exim-4.92.2+fixes branch.
¹) We've indication, that only versions starting with 4.80 up to and
including 4.92.1 are affected.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
his should prevent the currently known attack vector.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
g
Heiko Schlittermann (Fr 06 Sep 2019 12:20:39
CEST):
> Mitigation
> ==
>
> Do not offer TLS for incomming connections (tls_advertise_hosts).
> This mitigation is *not* recommended!
This should block the most popular attack vector:
In your MAIL ACL:
denycond
Schlittermann (HS12-RIPE)
Date: Fri Sep 6 06:57:11 2019 +0200
commit 66935633816a88460f5222f40dc29d1a4e877978
Author: Heiko Schlittermann (HS12-RIPE)
Date: Thu Sep 5 14:56:22 2019 +0200
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
Heiko Schlittermann (Mi 04 Sep 2019 11:22:48
CEST):
> *** Note: EMBARGO is still in effect! ***
> *** Distros must not publish any detail yet ***
As I saw blocked accesses to our security repo:
If you're entitled to access our non-public security repository, please
update your &
lly
replaced by the new exim-4.92.2+fixes branch.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg en
backs… and
will finally reject the message, if your hosts is unwilling to accept
RCPT TO: nou...@example.com.)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, D
add a Sender: header, if there is any descrepancy
between the envelope-from and the From: header.
Keep in mind, that the recipient may do checks on the From: and
Envelope-Sender too.
To be more helpful we need more details.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
He
DB files Exim uses as (non critical)
"hint" files.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{
the majority of internet connected hosts, being the default MTA of at
least one Linux distribution, etcpp
A Postfix user pointed out: If Postfix is like Playmobil, then Exim is
like Lego.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHL
et me know.
Yes, if you've a recent Exim version, the output from
exim -bP config
would be helpful. Dakujem.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko S
Jasen Betts via Exim-users (Di 27 Aug 2019 12:06:32 CEST):
>
> I have taken MK which seems to be original line art an pushed its
> shading in the direction of the origial bitmap.
Who or what is MK?
But anyway, thanks, I'll forward it to the cPanel staff.
It looks best, IMHO.
Thank you a lot.
--
Sławomir Dworaczek via Exim-users (Do 22 Aug 2019
14:43:51 CEST):
> Thanks for responding
> i solved problem, remove sendmail and create symlnik sendmail to exim binary
You're welcome.
signature.asc
Description: PGP signature
--
## List details at
Sławomir Dworaczek via Exim-users (Mi 21 Aug 2019
18:35:29 CEST):
> Helo
> After reinstall server my ACL
>
> drop message = "No you are Me or OURS (HELO was $sender_helo_name and
> equal my local domains or my domains relay)"
>condition = ${if
>
a vector version of
the Exim logo, being as as similar as possible to the pixled version?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon
ards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE
is
signed with my GPG key. The old exim-4.92+fixes branch is being functionally
replaced by the new exim-4.92.1+fixes branch.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
H
Andreas Metzler via Exim-users (So 21 Jul 2019 18:53:29
CEST):
> does the exim testsuite work in a lxc container?
Not sure, Once I got it running in docker containers, this reached a
state "workes for me". But I didn't complete this WIP.
But definitivly it's worth trying.
--
Heiko
201 - 300 of 1482 matches
Mail list logo