Hi,
John Smith (Mi 14 Jun 2017 07:41:03 CEST):
>Hello Heiko,
>
>When I used exim-gencert, I set the FQDN name of the Exim server in the
>field "Server name (eg. ssl.domain.tld; required!!!) [])". So here I
>think it's good.
I do not known exim-gencert, but
be uncomfortable with your self signed certificate.
Mail clients typically want to see a certificate with a matching
CN or SAN (matching the host's name they connect to).
You can debug it using tcpdump, to see if TB at least tries to use
TLS
Best regards from Dresden/Germany
Viele Grüße aus Dresd
cal
transports. This new instance reads the configuration file again,
which in turn may create confusing results.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl
Heiko Schlittermann via Exim-users <exim-users@exim.org> (Mi 07 Jun 2017
21:47:28 CEST):
> Hi Klaus,
I found it and will prepare a patch later.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked s
oo powerful!
Uhm… The return code?
You return the number of days as return code? What if the domain is
registered for >254 days?
I'd send the days to stdout, using the return code only to indicate some
error!
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlitter
Klaus Ethgen (Do 01 Jun 2017 07:37:16 CEST):
>
> But sometimes, it looks like the following (note the line break in the
> middle):
>|2017-05-30 11:22:38 1dFdMM-0001w2-Jo DKIM: d=powermtapro.com
> s=1494427074.powermtapro c=relaxed/relaxed a=rsa-sha1 b=1024
it.
PS: Please do not sent me a Cc of your messages, I'm reading the lists.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID
hould be a bit more clear, though.
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- k
t using a separator.
${lookup dnsdb{>\n,: txt=a.b.example}}
${lookup dnsdb{>\n; txt=a.b.example}}
${lookup dnsdb{spf=example.org}}
It is permitted to specify a space as the separator character. Further white
space is ignored.
Best regards from Dresden/Ger
Heiko Schlittermann <h...@schlittermann.de> (Mo 08 Mai 2017 22:36:50 CEST):
> Victor Ustugov <vic...@corvax.kiev.ua> (Mo 08 Mai 2017 18:37:56 CEST):
> …
> > Other examples:
> >
> > # exim -be '${lookup dnsdb{defer_never,txt=d201702._domainkey.e
Victor Ustugov (Mo 08 Mai 2017 18:37:56 CEST):
…
> Other examples:
>
> # exim -be '${lookup dnsdb{defer_never,txt=d201702._domainkey.exim.org}}'
> v=DKIM1; k=rsa;
>
versions of Exim the demime ACL condition isn't supported anymore (since
and including Exim 4.88).
You need to use MIME ACL (acl_smtp_mime).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & un
ing vital information. (An empty
envelope isn't a strong indication for spam.)
So, unconditional blocking empty envelope senders isn't a good idea.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet &
write meeting requests
> and other types of mails coming from and to an exchange server
This reads like content modification. In theory it's possible via
transport filters (or even in the DATA ACL (while this isn't officially
supported, as the ACL are designed for *evaluating*, not for m
e good,
that there is no BCC: header field.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted
your case.
And read carefully about spaces near the description of ${run{…}}
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}:
ast you could set an ACL variable in the DKIM ACL, and in the
DATA ACL you can check for this variable, as the DKIM ACL is run
*before* the DATA ACL, isn't it?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ----
_remove
headers_add = $acl_m_headers_add
But, please note, this solution has not been reviewed for a long time, but
it is in use currently and seems to work.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -
data = monitor...@domainone.com
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted
s from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
!
Alvaro Lacerda (Mi 05 Apr 2017 18:16:55 CEST):
> Hi Heiko,
>
> Thanks for the info and help. I installed exim from the yum command from a
> Centos 7.3.1611 machine.
>
> I talked to one of my coworkers and figured out that I was missing the sql
> plugin for exim, so that's
Tech Gurus via Exim-users (Di 04 Apr 2017 16:15:29 CEST):
> What is the best way to handle it at the door? . If sender is sending to
> list of recipients and one of them is not valid email .
You should check the recipient at SMTP time in your ACL (hint: verify =
recipient in
check for passwords or similiar stuff*.
[deleted 28 lines disclaimer]
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}:
Jeremy,
Jeremy Harris (So 02 Apr 2017 13:01:32 CEST):
…
> >>> will write message using CHUNKING
> >>> SMTP>> BDAT 10858271 LAST
> >>> LOG: MAIN
> >>> SSL_write: (from mout.kundenserver.de [212.227.17.24]:58868) syscall:
> >>> Broken pipe
> >>> SMTP(close)>>
> >>
> >> Does
Viktor Dukhovni (Do 30 Mär 2017 16:52:38 CEST):
…
> I don't know whether Exim needs to be restarted to change
> certificates, or picks up new certs automatically as clients
> connect. I suspect the latter, with the TLS context
> created and destroyed per connection.
it delivers to my server (provided that you con't carry
sensitive information in your message)
Can you force the delivery of the specific message using
`exim -d+transport -M ` and provide the last parts of the
log?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
s to my server (provided that you con't carry
sensitive information in your message)
Can you force the delivery of the specific message using
`exim -d+transport -M ` and provide the last parts of the
log?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlitterma
|Routers/Transports
-+---
add_header |headers_add
remove_header|headers_remove
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
H
plsearch is probably what you want, it seems to be simpler
than your condition.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}:
Hi,
Peter Rindfuss (Di 07 Mär 2017 10:28:59 CET):
> We are using Exim 4.88 on Debian with a non-Debian config. We deliver to
> our mailboxes on a separate Dovecot IMAP machine using LMTP over TCP
> (SMTP transport). A few times a day we see "Connection timed out" on the
>
Hi,
hamza elajimi via Exim-users (Di 07 Mär 2017 13:11:02
CET):
> Hi everyone,
>
> I already known about EXIM, and started to install it on solaris 10 SPARC,
> but when I launch the install I alaways get this error :
>
> mkdir -p /opt/csw
> sed -e \
>
Hi Daryl,
Daryl Richards via Exim-users (Mo 27 Feb 2017 22:16:17
CET):
> Hello,
>
> I don't know if this is related to any of the other crash issues reported
> lately, so I'll start a new message in case it isn't.
>
> Two different servers, both on FreeBSD 10.3, both with
Mikhail Golub (Do 23 Feb 2017 09:53:42 CET):
> Hello.
>
> Please help solve a problem with send mail to many users via smtp transport
> with TLS (Exim 4.88 or 4.89 RC5).
> == user@domain R=exchange_router_user T=exchange_transport
> defer (0) H=10.0.1.1
Heiko Schlittermann <h...@schlittermann.de> (Do 23 Feb 2017 10:03:36 CET):
> Hi,
>
> we're operating a legacy system with Exim 4.80 (the Debian build). It
> uses GnuTLS 2.12.20. We do *not* use the Debian configuration scheme but
> an own one.
If I build an Exim 4.88
_tidyup called
00:35:19 24960 child 24998 ended: status=0x100
00:35:19 24960 normal exit, 1
00:35:19 24960 0 SMTP accept processes now running
00:35:19 24960 Listening...
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---
Marc Haber (Mi 22 Feb 2017 20:58:47 CET):
> Hi,
>
> I have in an ACL:
>
> | deny
> |message = sender IP address $sender_host_address is locally blacklisted
> here. If you think this is wrong, get in touch with postmaster
> |!acl = acl_local_deny_exceptions
sages?
Do you have examples wher Exim doesn't set the $sender_host_address to
127.0.0.1?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fo
very attempt.
And, as a next step, you can insert a new router for forwarding your
messages to the new outbound server.
new_outbound:
driver = manualroute
condition =
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN
Hi,
Torsten Tributh via Exim-users (Di 07 Feb 2017 06:01:45
CET):
>
>
> I assume that an email address constructed like:
>mail+u...@example.org
> is legit.
Yes. To my knowlegde, it's legit.
> I have a very short DATA ACL
>
> deny
> message = No verifiable
ontains more than one address, the Sender: field
*must* be present. So, I believe, you should check From: *and* Sender:
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Sch
Jeremy Harris (Do 26 Jan 2017 20:21:13 CET):
> On 26/01/17 18:45, Thomas Hager wrote:
> > While binding its listen ports, Exim tries to set TCP_FASTOPEN via
> > setsockopt() on the sockets the daemon created. All of these calls fail
> > with ENOPROTOOPT.
>
> Aha, right. You're
Hi Thomas,
Thomas Hager (Mi 25 Jan 2017 22:09:33 CET):
> On Wed, 2017-01-25 at 08:19 +0100, Andreas Metzler wrote:
> > Thomas Hager wrote:
> > > I updated Exim on my jessie box to 4.88-4~bpo8+1 a few days ago and
> > > discovered about now that the update broke
st".
Does anybody have more information on that?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1
not need (and should not) deal with DNS and Webhosting. Just
mail.
I'm lacking experience… VExim - is it still maintained?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
H
Jeremy Harris <j...@wizmail.org> (Do 19 Jan 2017 01:03:37 CET):
> On 18/01/17 21:50, Heiko Schlittermann wrote:
> > Side note: we should have:
> >
> > --> MAIL FROM:<>
> > <-- 250 OK
> > --> VRFY f...@example.co
> Sounds funny, yes, but can be implemented in Exim as conditional "drop"
> in acl_smtp_bdat (to be executed on first BDAT command).
Both can probably be combined, send the illegal 4xx response after the first
BDAT
chunk AND drop the connection *if* the client continues sendin
l...@lena.kiev.ua <l...@lena.kiev.ua> (Mi 18 Jan 2017 15:07:01 CET):
> > From: Heiko Schlittermann
>
> > Just of curiosity: What use case do you have for your pre-data ACL?
> Greylisting of all messages to postmaster and abuse.
Why can't you do this in RCPT on a
Jasen Betts (Mi 18 Jan 2017 05:06:38 CET):
..
> # run predata acl if haven't already. (eg: bdat)
> require
> acl = ${if!bool{$acl_m_need_predata_acl}{accept}{my_predata_acl}}
> # "!bool" above because spaces break it
>
> thus all my pre-data variables
sent according to the
DELIVER_OUT_BUFFER_SIZE, defined in config.h.defaults:
#define DELIVER_OUT_BUFFER_SIZE 8192
So, 8k per chunk. But as always, I may be wrong.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de
d by default,
> for example Gmail issues BDAT commands.
Hm. What do you do in your pre-data ACL. Would one expect that the
pre-data ACL should run right before the first BDAT command? Or would
one expect a pre-first-bdat command?
Best regards from Dresden/Germany
Viele Grüße
<<<<<<<<<<<<<<
>>> using ACL "acl_check_data"
>>> processing "accept"
>>> accept: condition test succeeded in ACL "acl_check_data"
LOG: [28856] 1cT32p-0007VQ-8q <= <> H=google-public
Hi,
Luca Bertoncello <lucab...@lucabert.de> (So 15 Jan 2017 19:16:58 CET):
> Heiko Schlittermann <h...@schlittermann.de> schrieb:
> > > > http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_processing.html#SECID237
> > > First, maybe you can write s
le configuration. All other
security issues are due to configuration errors. (Thus you *can* run
commands on VRFY or EXPN via acl expansions. This *can* create security
issues.)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---
Heiko Schlittermann <h...@schlittermann.de> (Do 22 Dez 2016 13:41:42 CET):
…
> > temporarily rejected after DATA: failed to expand ACL string
> > "${if >{$spam_score_int}{${eval:10*{${lookup mysql{ SELECT DISTINCT
> > spam_threshold FROM user WHERE
> &g
Heiko Schlittermann <h...@schlittermann.de> (So 25 Dez 2016 11:41:15 CET):
> I've uploaded Exim 4.87.1 to:
>
> ftp://ftp.exim.org/pub/exim/exim4/old/
> git://git.exim.org/exim.git (tag exim-4_87_1)
For easy checking the integrity of the package files
I provi
N messages (and be sent offsite).
For details about the CVE please see
https://exim.org/static/doc/CVE-2016-9963.txt
The release files for 4.87.1 are signed with the PGP key 0xF69376CE,
which has a uid "Heiko Schlittermann (HS12-RIPE) <h...@schlittermann.de>".
Please use your own di
Hello,
in case you missed this on one of the other channels:
Heiko Schlittermann <h...@schlittermann.de> (Fr 16 Dez 2016 00:36:45 CET):
…
> Product:Exim
> Versions: 4.69 -> 4.87
> Impact: Possible leak of private information to a remote attacker
> Reference:
Hi,
Forum <fo...@decotrain.de> (Do 22 Dez 2016 17:29:35 CET):
> Am 22.12.2016 um 16:59 schrieb Heiko Schlittermann:
> >
> >> Here is all i can find for this:
> >> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>
body else will need
the same help and therefore would be happy to read the answer *here*,
not in private mail.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlitte
-bdf -q30m -C /etc/exim4/exim-user1.conf
Ohm. Exim is delivering, but not logging. Not nice. Bug?
> the logs related to the delivery operations are printed to the console
> instead of the mainlog.
Hm.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
not supporting PRDR you can single out every recipient after
the first, using $recipients_count and defer. After this you're sure,
that your DATA ACL needs to care about a single recipient only.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITT
> Here you can see the complete result from an actual spam mail.
> My Thunderbird only shows the original subject without the "***SPAM" remark.
OTOH I wouldn't change/replace existing headers. You may break thinks,
e.g. DKIM.
Best regards from Dresden/Germany
Viele Grüß
es were sent. This has been fixed, thanks for the
> assessment.
Thank you for your feedback.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (T
Heiko Schlittermann <h...@schlittermann.de> (Mi 21 Dez 2016 00:25:42 CET):
> Twilek <twi...@gmx.de> (Mi 21 Dez 2016 00:12:54 CET):
> …
> > I have to admit that your answers are a bit beyond the horizon of my
> > knowledge of the SMTP protocol (or other mail protocols
Heiko Schlittermann <h...@schlittermann.de> (Mi 21 Dez 2016 10:45:24 CET):
> Hello,
>
> some SSL experts around? I got a "legacy" Exim (4.80), linked with GNUTLS
> libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26, and installed new
> certificat
e aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are r
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC
Hi Twileg,
how do you manage to break the thread always?
Anyway…
Twilek (Di 20 Dez 2016 21:04:52 CET):
> I sent a Test message with your logging parameters and the output was
> (sanitized for peronal data):
…
> 17155 Process 17155 is handling incoming connection from [127.0.0.1]
k you for a pcap dump of the unencrypted connection
between your SMTP client (horde) and the MTA.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU)
d.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome ---
88.
Currently after expansion there has to be *one* curve specifier, or
"auto".
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.3
tgoing, as I stated above. BUT, there is one exception:
the event interface. And I believe, you can call a custom ACL through
the event interface. Maybe the configured it in Cpanel. Or they did some
other addtion to Exim I'm not aware of.
Best regards from Dresden/Germany
Viele Grüße aus Dre
Jasen Betts (Do 08 Dez 2016 21:40:55 CET):
…
> > What are "hdr.xx" files?How can I check if queue is corrupted?Anyway,
> > exim -bpc returns 88 messages in queueThank you very much
> Assuming you've already checked drive health.
> it could be directory bloat. if you've had
Heiko Schlittermann <h...@schlittermann.de> (Fr 02 Dez 2016 14:40:34 CET):
…
> now tls_eccurve = auto is the default and should work in any OpenSSL
> version. For OpenSSL < 1.0.2 it falls back to prime256v1. For more
> recent OpenSSL versions it uses the librar
est regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F
a private option for the lmtp transport that told Exim to
> follow through with callouts? Something like force_callouts.
I'm lost. I'm not sure, how to understand it.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---
Hi,
> On 11/28/2016 11:51 PM, Heiko Schlittermann wrote:
...
> > lmtp_transport:
> > driver = smtp
> > protocol = lmtp
> > socket = /run/dovecot/lmtp # or whatever
> > …
Sorry for the confusion, I checked my config not goo
there is some trick
lmtp_transport:
driver = smtp
protocol = lmtp
socket = /run/dovecot/lmtp # or whatever
…
BTW …
> > # Get the local part minus any suffixes
> > warn set acl_m9 = ${sg{${lc:$local_part}}{[+-].+\$}{}}
We have named acl variables
yy>
> syntactically correct header?
In case you trust Exim:
Compare
exim -be '${address:x...@zzz.de <a...@xyz.de>}'
exim -be '${address:"x...@zzz.de" <a...@xyz.de>}'
Best regards from Dresden/Germany
Viele Grüße au
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF
Heiko Schlittermann <h...@schlittermann.de> (Fr 25 Nov 2016 00:21:01 CET):
>
> The first smarthost mailhub1 refused right after the TCP connect with
> 4xx. The second refused right after the TCP connect with 5xx.
>
> Now Exim gave up and sent a bounce (actually didn't sen
on a
server right after TCP connect handled the same way as TCP reset,
considered as a host problem, that is recoverable.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
H
Hi Marcin,
Marcin Mirosław (Do 24 Nov 2016 15:26:40 CET):
> Hi!
> I just found in exim log something strange for me.
> This is snippet from log:
> 2016-11-24 15:17:11 [32497] 1c9upo-0008S9-2c H=([37.255.216.195])
> [37.255.216.195] I=[81.4.122.249]:25 Warning: testing rspamd:
Yves <exi...@yalis.fr> (Fr 18 Nov 2016 16:39:06 CET):
> On Fri, 18 Nov 2016, Heiko Schlittermann wrote:
> >Current log format:
> >2016-11-18 16:30:28 [32758] SMTP connection from mta22.cp20.com
> >[216.24.225.22]:22582 I=[84.19.194.2]:25 closed by QUIT
> >
>
ele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and
ld?
What for?
Yes, you got $h_to: and $h_replay-to:
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1
Nmz (So 23 Okt 2016 00:42:53 CEST):
>
> I`m spending some time to figure out why sometimes exim "drops" MAIL FROM
> field after helo server.
>
> Communication example:
>
> SMTP<< 220 SERVER_in ESMTP Exim 4.87 Sat, 22 Oct 2016 22:00:55 +
> SMTP>> EHLO SERVER_out
> SMTP<<
Arkadiusz Miśkiewicz (Mo 17 Okt 2016 22:43:10 CEST):
> Host A is using exim internal SRS capability to rewrite From and then forward
> email to other host B.
>
> Now on host B I would like to rewrite From back to original form and then
> make
> exim all message processing
condition = ${if first_delivery}
…
fallback:
driver = …
…
(Probably a fallback_transport would be good, but currently it doesn't
exist.)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- k
Jeremy Harris (Mo 26 Sep 2016 14:39:51 CEST):
> On 26/09/16 01:17, The Doctor wrote:
> > Was trying out Exim 4.88 RC 1 .
…
> The problem here looks like the database interface used by Exim depends
> on environment variable(s), and for security reasons - exactly this sort
> of
Tony Meyer (Mo 26 Sep 2016 09:53:31 CEST):
> I was wondering whether you were intending to create & maintain a 4.87+fixes
> branch as you did with 4.86?
> I thought it was a very useful resource & would love to see a 4.87 version -
> but if it’s not useful for you any more
pabilities
(CAP_CHOWN), as a work around.
And I do not see any reason, why -1 shouldn't work.
According to the comments in appendfile.c the transport w/o setuid is
(or was) expected. Probably needs further investigation.
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de -
Ednardo Lobo <edna...@lobo.eti.br> (Di 30 Aug 2016 19:51:07 CEST):
> On 30-08-2016 11:39, Heiko Schlittermann wrote:
> >Did you try it? Setting the transport option group= to the
> >value, the file has right after creation, inherited from the directory.
>
> Do you
Ednardo Lobo (Di 30 Aug 2016 03:43:07 CEST):
…
> >Maybe the generic transport option group = nogroup (or whatever
> >group name 65536 relates to) helps. It doesn't avoid the chown, but it
> >should chown the group to the group the file already has. The group
> >option is
Ednardo Lobo (Fr 26 Aug 2016 01:33:21 CEST):
> >So the exim user has write access …, the directories are sgid .
> >So, any file created in this directory should be owned by the creator
> >and the group .
>
> Correct, just as I imagined. In other words, the file uid must be
Hi,
Ednardo Lobo (Do 25 Aug 2016 16:18:33 CEST):
…
> Exim is running with a non-root user (UID: exim) and group (GID: exim) and
> the exim binary is without setuid permission: -rwxr-xr-x.
>
> The transport configuration is:
>
> maildir:
> driver = appendfile
>
Phillip Carroll <domainmana...@enablingsimplicity.com> (Mo 22 Aug 2016 18:50:32
CEST):
> On 8/22/2016 3:57 AM, Heiko Schlittermann wrote:
> >Directories 0777? Sounds dangerous. I think, Exim doesn't do extensive
> >checks to ensure system security, but I'd remove the the
501 - 600 of 1482 matches
Mail list logo