Re: [exim] Problem sending to google.com

2022-09-28 Thread Jeremy Harris via Exim-users
On 28/09/2022 10:59, Victor Sudakov via Exim-users wrote: Maybe I'd be better off setting hosts_try_fastopen to ":" in Exim only, just in case? No, because other services on your system would still suffer from the kernel bug. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/m

Re: [exim] Problem sending to google.com

2022-09-28 Thread Jeremy Harris via Exim-users
On 28/09/2022 08:40, Victor Sudakov via Exim-users wrote: I wonder what I will lose if I leave net.ipv4.tcp_fastopen=0 on the mail server (not very loaded)? Not much unless your system also runs a high rate of TCP connections for other services (eg. web). The bug (it's in the Linux firewall) m

Re: [exim] problem Tainted permission to file autoreply once

2022-09-27 Thread Jeremy Harris via Exim-users
On 27/09/2022 09:09, Sławomir Dworaczek via Exim-users wrote: nowhere else is it like creating a file Third paragraph of that reference: "not permitted (including acessing a file using a tainted name)." -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-us

Re: [exim] problem Tainted permission to file autoreply once

2022-09-26 Thread Jeremy Harris via Exim-users
On 26/09/2022 19:44, Sławomir Dworaczek via Exim-users wrote: option ONCE_FILE = /var/spool/exim/db/autoreply_${local_part}_${domain}.db In my logs I have the message defer (13) permission denied Tainted /var/spool/exim/db/autoreply_username_mydomian.eu.db http://exim.org/exim-html-current/do

Re: [exim] GnuTTS woes

2022-09-24 Thread Jeremy Harris via Exim-users
On 23 September 2022 06:50:29 BST, Jasen Betts via Exim-users wrote: >upgrading from 4.94 to 4.96 seems to have dramatically reduced the TLS >connectivity (as a server). > >I'm using libgnutls3.7.1 on debian 11 and the Exim package from >backports Did the GnuTLS version change? If so it could

Re: [exim] 4.96 reduce not working

2022-09-22 Thread Jeremy Harris via Exim-users
On 22/09/2022 13:48, Jeremy Harris via Exim-users wrote: We could code to stack $value during each evaluation of the condition for the reduce.  That feels better.  I'll have a go. Turn out that's not sufficient. The issue is not that the inlisti-output $value mucks up reduce, b

Re: [exim] 4.96 reduce not working

2022-09-22 Thread Jeremy Harris via Exim-users
On 21/09/2022 06:21, Jasen Betts via Exim-users wrote: I was using the follwing form to see how many elements of list 1 occur in list2 ${reduce{ a:p:p:l:e }{0}{${if inlisti{$item}{ p:e:z }{${eval:$value+1}}{$value but this has stopped working in 4.96 To be fair, it wouldn't have worked

Re: [exim] SMTPUTF8 Authentication and logging

2022-09-22 Thread Jeremy Harris via Exim-users
On 22/09/2022 10:24, Kai Bojens via Exim-users wrote: Hello there, I have a new server which now has SMTPUTF8 enabled. I'm not sure why but since then at least one Outlook client decided to stop using the IDN form (xn--dmin-moa0i.example) and now tries to authenticate with the UTF-8 domain. Re

Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"

2022-09-19 Thread Jeremy Harris via Exim-users
On 19/09/2022 13:14, Lasse Törngren via Exim-users wrote: OK, I understand. Sad from my point of view, as this means that I will never be able to upgrade Exim from now on? (Unless I pinpoint the bug myself.) Or convince someone else who has the expertise to work on it. -- Cheers, Jeremy -

Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"

2022-09-18 Thread Jeremy Harris via Exim-users
On 18/09/2022 20:36, Lasse Törngren via Exim-users wrote: I have tried to upgrade to Exim 4.95 on this machine, and to Exim 4.96 on a new server that I am setting up with MacOS Big Sur. On both servers I get Exim Panic with “setgroups: Invalid argument” at local (virtual) delivery. The users a

Re: [exim] Exim 4.96 compile fails on Devuan 4

2022-09-12 Thread Jeremy Harris via Exim-users
On 12/09/2022 19:53, Andrew C Aitchison via Exim-users wrote: Unfortunately your build logs seem to hide the link line arguments, so I cannot see how it is trying to include the pcre2 library. make FULLECHO='' should show the full compile & link lines (from memory). -- Cheers, Jeremy --

Re: [exim] SSL_renegotiate:wrong ssl version

2022-09-10 Thread Jeremy Harris via Exim-users
On 10/09/2022 12:59, Cyborg via Exim-users wrote: Verify return code: 21 (unable to verify the first certificate) b) fails ^^ These words return plenty of hits from my usual search engine. Exactly what trust-anchors and intermedi

Re: [exim] malfunctioning email delivery after upgrade to Exim 4.96

2022-09-10 Thread Jeremy Harris via Exim-users
On 04/09/2022 22:09, Ján Lalinský via Exim-users wrote: ==r...@xyz.com R=xxx (-36): host lookup for did not complete (DNS timeout?) There is no problem with DNS resolution of the relevant domains on those MX servers whatsover, judging by using dig and host command in shell. But judging by th

Re: [exim] SMTP transport interface IPv4/IPv6

2022-09-06 Thread Jeremy Harris via Exim-users
On 06/09/2022 12:37, Kai Bojens via Exim-users wrote: Am 06.09.22 um 12:53 schrieb Jeremy Harris via Exim-users: The "interface" option says "use the interface that has this IP. It does not say "use this IP". Ah, I see – I didn't know that. Thanks. But, t

Re: [exim] SMTP transport interface IPv4/IPv6

2022-09-06 Thread Jeremy Harris via Exim-users
On 06/09/2022 11:28, Kai Bojens via Exim-users wrote: Host A: Has a transport with an explicit "interface = 1.2.3.4" IPv4 The "interface" option says "use the interface that has this IP. It does not say "use this IP". -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/li

Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?

2022-09-01 Thread Jeremy Harris via Exim-users
On 23/08/2022 17:18, Nick via Exim-users wrote: On 22/8/2022 Jeremy replied:     Which means I can't use a simple list lookup, nor a wildcard lookup, as these don't support capture In the current release of Exim, they do and you could. Note: It is not possible to capture substrings in a reg

Re: [exim] How to enable smtp verify in exim4?

2022-09-01 Thread Jeremy Harris via Exim-users
On 01/09/2022 04:02, 吴栋淦 via Exim-users wrote: I want to build a exim4 server with VRFY command supported You need to define a verify ACL in your configuration. See http://exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html -- Cheers, Jeremy -- ## List details at htt

Re: [exim] CVE-2022-37452

2022-08-24 Thread Jeremy Harris via Exim-users
On 24/08/2022 16:45, Ken Olum via Exim-users wrote: How serious is CVE-2022-37452: buffer overflow for the alias list in host_name_lookup? The associated bug, 2747, reported it as a segfault in the receive process. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listi

Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?

2022-08-22 Thread Jeremy Harris via Exim-users
On 22/08/2022 17:30, Nick wrote: Regarding Andrew's reply, "so I doubt that [quote_sqlite] is intended to detaint": I think it would help to be clear in the documentation whether or not it  detaints The rule is: if if doesn't say it detaints, it does not detaint. specifically here: This mea

Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?

2022-08-19 Thread Jeremy Harris via Exim-users
On 19 August 2022 17:04:22 BST, Nick via Exim-users wrote: >Hello Exim users, > >I've a problem with Sqlite lookups and tainting. >> My suspicion therefore is that it's actually the presence of >> |$local_part| in the query which is the problem, and not the >filename >Is anyone here able to hel

Re: [exim] Some Emails to gmail now hang

2022-08-15 Thread Jeremy Harris via Exim-users
On 15/08/2022 14:31, Viktor Dukhovni via Exim-users wrote: I strongly suspect this is a known issue with interactions between Exim and TFO causing machines to ignore packets, which was reported in this thread: https://lore.kernel.org/lkml/E1nZMdl-0006nG-0J@plastiekpoot/

Re: [exim] Some Emails to gmail now hang

2022-08-12 Thread Jeremy Harris via Exim-users
On 11/08/2022 22:23, Graeme Coates via Exim-users wrote: No problem - here's a link to the pcap file filtered down by port 44884. https://www.chromosphere.co.uk/wp-content/blogs.dir/1/files/2022/08/tfo.zip Attached is the time-sequence plot for that. I agree with Viktor: this is a problem in

Re: [exim] Some Emails to gmail now hang

2022-08-12 Thread Jeremy Harris via Exim-users
On 12/08/2022 08:31, Graeme Coates via Exim-users wrote: generic-segmentation-offload: on This might still be enabling transmit using >MTU from the kernel to the NIC. Get a pcap to check; any >1500 byte packets being sent? I agree with Viktor though - it's a

Re: [exim] exiqgrep requires one "Selection criteria" in 4.96

2022-08-11 Thread Jeremy Harris via Exim-users
On 11/08/2022 14:03, Patrick Boutilier via Exim-users wrote: Otherwise you just get the help message. This by design? Yes. See https://bugs.exim.org/show_bug.cgi?id=2821 -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.

Re: [exim] Some Emails to gmail now hang

2022-08-10 Thread Jeremy Harris via Exim-users
On 10 August 2022 17:12:55 BST, Marc MERLIN via Exim-users wrote: >> hosts_try_fastopen = !*.l.google.com >> >> into /etc/exim4/conf.d/transports/30_exim4-config_remote_smtp (or >whichever >> config the remote transport is in depending on how you have installed >Exim >> on Debian). > >Thank you

Re: [exim] Some Emails to gmail now hang

2022-08-09 Thread Jeremy Harris via Exim-users
Tricky to guess at. Turn off more features, I guess. You already tried chunking. Next would be fastopen, then pipelining. However, given it was right after all the data (even in non-chunking) one has to wonder if it's a content-check of theirs going wrong. Does a given failing message get throu

[exim] heimdal_gssapi authenticator

2022-08-02 Thread Jeremy Harris via Exim-users
Does anyone out there use the above? Build with it? My initial attempts to build (having not found an obvious fedora library package for heimdall, yet) are tripping over a possibly incompatible /usr/include/krb5.h There's also no testsuite coverage. Finding out if there are actually any users

Re: [exim] Exim Relay not sending undeliverable emails back to sender

2022-08-02 Thread Jeremy Harris via Exim-users
On 02/08/2022 16:15, Mark Elkins via Exim-users wrote: Any clues as to where to look? Always start with the mainlog. Find a delivery try for the message-id. If you can't find one - are you actually doing regular queue runs? If that doesn't give a clue then fire a try manually, with debug en

Re: [exim] Please help me with a Exim router condition

2022-08-01 Thread Jeremy Harris via Exim-users
On 14/07/2022 18:59, Sam via Exim-users wrote: I wish to use a "condition =" for my router section which should evaluate to true if either of $sender_address_domain or $original_domain exist in the file /etc/mydomains. If the domains are one-per-line in that file: ${if or { \ {bool {${look

Re: [exim] Authenticated relay using OAUTH2?

2022-08-01 Thread Jeremy Harris via Exim-users
On 26/07/2022 19:30, Mark H. Wood via Exim-users wrote: I need to relay to an Exchange server that's about to be configured to require "modern authentication," that is, OAUTH2. Is there some way to configure Exim to authenticate *as a client* using OAUTH2? I built an OAUTH2 plugin for Cyrus SAS

Re: [exim] Authenticated relay using OAUTH2?

2022-08-01 Thread Jeremy Harris via Exim-users
On 26/07/2022 19:30, Mark H. Wood via Exim-users wrote: it appears that Exim's Cyrus SASL driver doesn't have a client side at all? Correct. If you'd like to develop one, including testsuite support... -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-use

Re: [exim] dkim fail on forwarded messages

2022-07-23 Thread Jeremy Harris via Exim-users
On 23/07/2022 07:21, ozzloy via Exim-users wrote: is there a good tutorial for the exim configuration file language? http://exim.org/exim-html-current/doc/html/spec_html/ -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www

Re: [exim] drop connection on auth failure

2022-07-22 Thread Jeremy Harris via Exim-users
On 17/07/2022 12:16, Jeremy Harris via Exim-users wrote: On 16 July 2022 18:09:40 BST, Slavko via Exim-users IMO that is perfect job vor event system, to emit auth:failed event. But whole event systems seems to be only about outgoing mails/connections. Beside the auth failed event, i miss acl

Re: [exim] Tainted arg 2 for mailman_transport transport command

2022-07-21 Thread Jeremy Harris via Exim-users
On 20/07/2022 15:26, Jeremy Harris via Exim-users wrote: On 20/07/2022 15:09, Thomas Krichel via Exim-users wrote: https://www.exim.org/howto/mailman21.html Thanks for pointing this document out.  I can't locate the source right off; Now found (a .xsl file!) Not too hard to edit and

Re: [exim] Tainted arg 2 for mailman_transport transport command

2022-07-21 Thread Jeremy Harris via Exim-users
On 21/07/2022 07:27, Thomas Krichel via Exim-users wrote: 2022-07-21 06:19:30 1oEPWy-002t7O-0x == nep-t...@lists.repec.org R=mailman_router T=mailman_transport defer (0): Expansion of "${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}" from command "/var/l

Re: [exim] Tainted arg 2 for mailman_transport transport command

2022-07-20 Thread Jeremy Harris via Exim-users
On 20/07/2022 15:37, Kirill Miazine via Exim-users wrote: IIRC Mailman has some facility to generate aliases file, which Exim could be using. Mailman is able to generate those automatically, and that should make the taint checking happy, as there won't be any unsafe variables left. Getting a fi

Re: [exim] Tainted arg 2 for mailman_transport transport command

2022-07-20 Thread Jeremy Harris via Exim-users
On 20/07/2022 15:09, Thomas Krichel via Exim-users wrote: https://www.exim.org/howto/mailman21.html Thanks for pointing this document out. I can't locate the source right off; it's certainly not been on my radar and won't have been revised to match the last five years worth of tightening secu

Re: [exim] drop connection on auth failure

2022-07-17 Thread Jeremy Harris via Exim-users
On 16 July 2022 18:09:40 BST, Slavko via Exim-users >>I'm doing plain and login. > >IMO that is perfect job vor event system, to emit auth:failed event. >But whole event systems >seems to be only about outgoing mails/connections. > >Beside the auth failed event, i miss acl and error related event

Re: [exim] drop connection on auth failure

2022-07-15 Thread Jeremy Harris via Exim-users
On 15/07/2022 20:19, Julian Bradfield via Exim-users wrote: How do you do this? Abusing server_condition doesn't work, as it's only expanded if the base authentication succeeds. (My authentication method is cram-md5.) I'm doing plain and login. -- Cheers, Jeremy -- ## List details at https:/

Re: [exim] drop connection on auth failure

2022-07-15 Thread Jeremy Harris via Exim-users
On 15/07/2022 17:11, Julian Bradfield via Exim-users wrote: Not my experience. A large number of hosts try every hour or two - My practice, and I think it would help with this sort of attacker, is to delay the auth response for a fail. By 15 or 20 seconds. Most drop off by about ten, so a) you

Re: [exim] drop connection on auth failure

2022-07-15 Thread Jeremy Harris via Exim-users
On 15/07/2022 14:17, Jeremy Harris via Exim-users wrote: This will crash that exim process, hence dropping the connection. No, I'm mistaken. Could you set up your fail2ban to be less aggressive? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-

Re: [exim] drop connection on auth failure

2022-07-15 Thread Jeremy Harris via Exim-users
On 15/07/2022 13:54, Julian Bradfield via Exim-users wrote: However, I can't see a way to do this. Am I missing something in the docs? Sneaky: use an expansion in the server_condition, which when failing deliberately goes on to try to expand *the content of* a known-tainted variable ($sender_he

Re: [exim] Exim and sympa with DSN enabled lists

2022-07-07 Thread Jeremy Harris via Exim-users
On 07/07/2022 18:19, Sabahattin Gucukoglu via Exim-users wrote: your best option being immediately queueing such messages and then running them from a queue with some limited number of (dynamically or pre-spawned) queue runners at some fixed low interval. (See main options remote_max_parallel a

Re: [exim] Exim and sympa with DSN enabled lists

2022-07-07 Thread Jeremy Harris via Exim-users
On 07/07/2022 18:19, Sabahattin Gucukoglu via Exim-users wrote: You have another problem, though. Sympa controls parallelism of submissions by using the -odi option. Exim thinks it should be controlling that, being an MTA :) and also doesn’t allow an SMTP listener daemon to use the -odi opt

Re: [exim] Exim and sympa with DSN enabled lists

2022-07-06 Thread Jeremy Harris via Exim-users
On 06/07/2022 11:25, Olaf Hopp (SCC) via Exim-users wrote: On 7/6/22 11:29, Odhiambo Washington wrote: Out of curiosity, why do you need DSN for a mailing list? One of the list owners asked for it. One does wonder what value they see beyond traditional bounces. We don't have a way of reque

Re: [exim] How to debug when script calls exim via sendmail

2022-07-04 Thread Jeremy Harris via Exim-users
On 04/07/2022 09:42, Olaf Hopp (SCC) via Exim-users wrote: When the mails comes out of the sympa list manager it calls directly /usr/sbin/sendmail which is a symlink to the exim binary and I have only the usual logging, no -d+all Can you give me a hint how to enable debugging in this case ? You

Re: [exim] 4.96 and UUCP

2022-06-29 Thread Jeremy Harris via Exim-users
On 28/06/2022 12:22, Markus Reschke via Exim-users wrote: IIRC, the 'recommended' way to solve issues with tainted variables is to perform a database lookup. Actually, that is better phrased as "The requirement is to not use values provided by potential attackers in sensitive situations" - an

Re: [exim] Exim 4.96 doesn't build on EL7/8/9, drtables.c:739:54: error: ‘NUL’ undeclared

2022-06-29 Thread Jeremy Harris via Exim-users
On 27/06/2022 09:47, Christoph Schug via Exim-users wrote: drtables.c:739:54: error: ‘NUL’ undeclared (first use in this function); did you mean ‘NULL’? if (regex_match(regex_islookupmod, US name, len, NUL))   ^~~ Already fixed in git.

Re: [exim] dkim fail on forwarded messages

2022-06-29 Thread Jeremy Harris via Exim-users
DKIM breaks mailinglists. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] new release 4.96 and pcre2

2022-06-27 Thread Jeremy Harris via Exim-users
On 27/06/2022 05:42, Jim Pazarena via Exim-users wrote: 4.94.2 logs: Operation timed out H=mca2.emailh.ca [23.235.65.102]: SMTP timeout after initial connection and the 4.96 logs:  no MAIL in SMTP connection from emailh.ca [23.235.65.100] D=5m Run the server in debug mode. -- Cheers, Jeremy

Re: [exim] Closing off Port to non-SSL traffic

2022-06-26 Thread Jeremy Harris via Exim-users
On 26/06/2022 08:19, Andrew C Aitchison via Exim-users wrote: [ I should document CVE-2021-38371:  before exim 4.95 exim probably was exposed to a man-in-the  middle attack on STARTTLS when *sending* email, though it  it is not clear how it could have been exploited. Indeed, nobody that I am

[exim] Exim 4.96 released

2022-06-25 Thread Jeremy Harris via Exim-users
Dear Exim users and maintaers, We are pleased to announce the availability of release 4.96 of Exim. Thanks to everybody who tested release-candidates. There were no comments on the RC2 and so the final release has only a very minor documentation change from that. New stuff we've added since 4.

Re: [exim] Closing off Port to non-SSL traffic

2022-06-25 Thread Jeremy Harris via Exim-users
On 24/06/2022 21:45, Sebastian Nielsen via Exim-users wrote: Best way here is to add your users primary country to the auth_advertise_hosts list. Could be quite a IP list There exists a DNSBL which converts IPs to countries. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mai

Re: [exim] Router for bounce...

2022-06-23 Thread Jeremy Harris via Exim-users
On 23/06/2022 14:52, Marco Gaiarin via Exim-users wrote: Could be. Can i setup a 'negative' router, eg a router that reject if a query (does not) return a value? You could. But you might just as well do it in ACL, eg a "require" verb with a condition doing the ldap lookup looking for an active

Re: [exim] google bounce messages

2022-06-22 Thread Jeremy Harris via Exim-users
On 22/06/2022 16:19, Robert Steinmetz via Exim-users wrote: That's what I think I'm doing. I do not have any IPv6 records so no IPv6 address should be included. The error from G gave the IPv6 address they think you're talking from. -- Cheers, Jeremy -- ## List details at https://lists.exim.

Re: [exim] Router for bounce...

2022-06-17 Thread Jeremy Harris via Exim-users
On 17/06/2022 17:42, Marco Gaiarin via Exim-users wrote: I need to bounce It's generally better to reject. (also in verify, indeed) some user/mailbox; there's a 1:1 relation between mailboxes and users, and simply some 'alias' are queried via LDAP and 'normalized' to users/logins: I can re

Re: [exim] Routing based on source address for a specific IP

2022-06-15 Thread Jeremy Harris via Exim-users
On 15/06/2022 19:37, Johnnie W Adams via Exim-users wrote: I need to route traffic from one sending address from one IP address to a different next hop than other traffic. Can this be done? If so, where would I begin? With the docs. A router, conditioned on this source IP. Probably a "ma

Re: [exim] Eximm Bounce Subject add original Subject of failing e-mail

2022-06-15 Thread Jeremy Harris via Exim-users
On 15/06/2022 11:10, tt-admin via Exim-users wrote: is there a way to add the original subject to a bounce e-mail instead of just "Mail delivery.."? There's a docs chapter on customizing bounce messages. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-use

Re: [exim] Ubuntu 20.04 and CONFDIR

2022-06-14 Thread Jeremy Harris via Exim-users
On 10/06/2022 22:19, Elliot Finley via Exim-users wrote: I've been trying to get exim4 up and running on Ubuntu 20.04. There is the standard: # Macro defining the main configuration directory. # We do not use absolute paths. .ifndef CONFDIR CONFDIR = /etc/exim4 .endif which is a little confusi

[exim] Exim 4.96-RC2 released

2022-06-09 Thread Jeremy Harris via Exim-users
The next Release Candidate for 4.96, RC2, is now available from - as tarball:https://ftp.exim.org/pub/exim/exim4/test - directly from Git: https://git.exim.org tag exim-4.96-RC2 The signatures on the release tarballs (and this mail) should be mine, key ID 0xBCE58C8CE

Re: [exim] Blocking a Class C

2022-06-06 Thread Jeremy Harris via Exim-users
On 06/06/2022 23:18, The Doctor via Exim-users wrote: Just going over my spam and I find this IP 195.133.39.99 sending a lot of junk. How can you block such a class C? Multiple possible ways. One would be a deny hosts= 195.133.39.0/24 acl verb (assuming you really want the class-C). You

Re: [exim] Resource temporarily unavailable - how to debug?

2022-06-06 Thread Jeremy Harris via Exim-users
On 06/06/2022 19:46, Kamil Jońca via Exim-users wrote: Failed to create child process This would be the response from the OS to a request to fork a process. Are you running in a constrained environment? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-us

Re: [exim] 4.96-RC1 srs issue

2022-06-05 Thread Jeremy Harris via Exim-users
On 03/06/2022 15:43, Laura Williamson via Exim-users wrote: hope this is better Thanks. So: - the return-path was indeed empty - so the "real fix" I mentioned elsewhere, to have srs_encode return an empty result for that, would be active for your case - there was a separate deficiency in

Re: [exim] 4.96-RC1 srs issue

2022-06-03 Thread Jeremy Harris via Exim-users
On 03/06/2022 17:08, Laura Williamson via Exim-users wrote: thank you very much for this patch (I assume it'll be permanent in future releases). It will be, as will the actual fix for empty-sender encoding avoidance (c2ef5d7e9f). SRS can't do anything (and should not have to) with an empty se

Re: [exim] 4.96-RC1 srs issue

2022-06-03 Thread Jeremy Harris via Exim-users
On 03/06/2022 16:13, Laura Williamson via Exim-users wrote: No sure what you mean? On 03/06/2022 16:03, Jeremy Harris via Exim-users wrote: 3aa5fb00be might help here. https://git.exim.org/exim.git/commit/3aa5fb00be821a198f42c69924ae02b393ac2b4b -- Cheers, Jeremy -- ## List details at

Re: [exim] 4.96-RC1 srs issue

2022-06-03 Thread Jeremy Harris via Exim-users
3aa5fb00be might help here. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] 4.96-RC1 srs issue

2022-06-03 Thread Jeremy Harris via Exim-users
On 03/06/2022 15:08, Laura Williamson via Exim-users wrote: hope this helps 16:01:16 25709    âcanning: HIDDENPWD} {$return_path} {$original_domain 16:01:16 25709    text: HIDDENPWD 16:01:16 25709    scanning: } {$return_path} {$original_domain No; you trimmed the start of it. -- Cheer

Re: [exim] 4.96-RC1 srs issue

2022-06-03 Thread Jeremy Harris via Exim-users
On 03/06/2022 10:56, Laura Williamson via Exim-users wrote:  T=remote_forwarded_smtp defer (-1): Failed to expand return path "${if def:return_path {${srs_encode {whateverpassword} {$return_path} {$original_domain": empty address I'll need to see debug output for that expansion. -- Cheer

Re: [exim] configure exim4 against incoming rogue local parts

2022-06-02 Thread Jeremy Harris via Exim-users
I don't see that your config actually uses CHECK_RCPT_REMOTE_LOCALPARTS, having defined it. Perhaps the Debian documentation might have notes on its use? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please

Re: [exim] Additional line in body when submitting?

2022-06-02 Thread Jeremy Harris via Exim-users
On 02/06/2022 15:06, Kamil Jońca via Exim-users wrote: But ... why such default walue? I have no idea. It goes back to Exim version 4.00, in 2002. Presumably the common usage of a pipe transport wanted that in the most common case. -- Cheers, Jeremy -- ## List details at https://lists.exim.

Re: [exim] configure exim4 against incoming rogue local parts

2022-06-02 Thread Jeremy Harris via Exim-users
On 01/06/2022 16:28, Alessandro via Exim-users wrote: I installed exim4 4.94.2 on a debian 11.3 machine. I configured it using exim4-config as straight smtp mta. I have just declared a few macros on the exim4.conf.localmacros, so basically I'm using the default configuration created by exim4-co

Re: [exim] Additional line in body when submitting?

2022-06-02 Thread Jeremy Harris via Exim-users
Doh. I am so stupid. I finally looked at the docs for the pipe transport, and there is the answer staring at me. === message_suffix Use: pipe Type: string† Default: see below The string specified here is expanded and output at the end of every message. The de

Re: [exim] Additional line in body when submitting?

2022-06-01 Thread Jeremy Harris via Exim-users
On 01/06/2022 16:46, Evgeniy Berdnikov via Exim-users wrote: Strace of Debian bsd-mailx (my version is 8.1.2-0.20180807cvs-2) shows that it does not append newline writing to MTA child process, it only converts "\n" to "\r\n". Is bsd-mailx talking SMTP-on-TCP to exim, or stdin? If the lat

Re: [exim] SMTP errors with google

2022-06-01 Thread Jeremy Harris via Exim-users
On 01/06/2022 12:05, Rory Campbell-Lange via Exim-users wrote: Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57 The error seems unique to sending to google; we are sending around 12.5k messages/day to a wide variety of recipients. The error is along the following lines: 2022-06-01

Re: [exim] 4.96-RC1 srs issue

2022-06-01 Thread Jeremy Harris via Exim-users
On 01/06/2022 09:14, Laura Williamson via Exim-users wrote: remote_forwarded_smtp defer (-1): Failed to expand return path "${srs_encode {thepassword} {$return_path} {$original_domain}}": empty address Is it possible you are forwarding a message with an empty return_path (a bounce) ? If that'

Re: [exim] Additional line in body when submitting?

2022-06-01 Thread Jeremy Harris via Exim-users
On 01/06/2022 04:42, Kamil Jońca via Exim-users wrote: - "mail" command is the same in both cases. Obviously since one case runs exim and the other postfix, they cannot be. But given this: But there is another thing: Normally, when message is delivered I use pipe transport: --8<

Re: [exim] message has lines too long for transport

2022-05-31 Thread Jeremy Harris via Exim-users
On 31/05/2022 22:06, Randy Bush via Exim-users wrote: 2022-05-31 21:02:45 Exim configuration error in line 67 of /usr/local/etc/exim/configure: main option "message_linelength_limit" unknown message_linelength_limit is an option for the smtp transport. -- Cheers, Jeremy -- ## Li

Re: [exim] Additional line in body when submitting?

2022-05-31 Thread Jeremy Harris via Exim-users
On 31/05/2022 15:39, Kamil Jońca via Exim-users wrote: Andrew C Aitchison via Exim-users writes: Is this a blank line after every real line or just the last one ? Last one. As I wrote elsewhere postfix did not add this. Just tested, and I don't see any extra line. Are you certain your "ma

Re: [exim] Additional line in body when submitting?

2022-05-31 Thread Jeremy Harris via Exim-users
On 31/05/2022 14:28, Kamil Jońca via Exim-users wrote: I have some instances, which generates mail from stdin (ie something like "echo bla|mail root") and recently I found that there exists additional empty line in such emails, ie instead of --8<---cut here---start

Re: [exim] 4.96-RC1 issue

2022-05-28 Thread Jeremy Harris via Exim-users
On 24/05/2022 10:02, Laura Williamson via Exim-users wrote: in the central_filter, removing those delivers the message correctly, appears that there is an array that is not emptied after each message_body compare and therefore goobles up memory and fails when reaching 2gb? I'm thinking more i

Re: [exim] 4.96-RC1 issue

2022-05-28 Thread Jeremy Harris via Exim-users
On 24/05/2022 06:25, Laura Williamson via Exim-users wrote: willing to do some source code mods to try to solve this, are stuck with 4.94.2  now as 4.95 does the same. Please apply this patch, so we can tell which of the two possible places is detecting the odd alloc size: -- Cheers, JeremyFr

Re: [exim] message has lines too long for transport

2022-05-28 Thread Jeremy Harris via Exim-users
On 28/05/2022 19:24, Randy Bush via Exim-users wrote: rancid is an automaton sweeping hardware devices and sending emails of any diffs. ra...@psg.com (generated from rancid-psg...@work0.psg.com) message has lines too long for transport uh, how do i whack it? Fix the message sourc

Re: [exim] How to access pgsql client cert when running suid ?

2022-05-24 Thread Jeremy Harris via Exim-users
On 24/05/2022 16:58, Axel Rau via Exim-users wrote: Am 24.05.2022 um 00:37 schrieb Jeremy Harris via Exim-users : On 23/05/2022 20:38, Axel Rau via Exim-users wrote: After turning on setuid bit on exim binary, it could no longer access the DB (error=‚valid client cert required‘) It looks

Re: [exim] Hi, Can you help me ? How to config the mailman3 and exim4 when i use arc?

2022-05-24 Thread Jeremy Harris via Exim-users
On 24/05/2022 10:23, 朱超 via Exim-users wrote: The receive email show two Authentication-Results, What should i do? Nothing different, with respect to these headers. eg: Authentication-Results: tomtoworld.xyz; dkim=pass header.d=163.com; arc=none (Message is not ARC signed); dmarc=pass (Used

Re: [exim] Hi, When i use exim4 and mailman3, There happen body hash did not verify in dkim , what should i do ?

2022-05-24 Thread Jeremy Harris via Exim-users
On 24/05/2022 13:42, 朱超 via Exim-users wrote: Hi, When i use exim4 and mailman3, There happen body hash did not verify in dkim , what should i do ? detail msg: dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=XzEAxlSN It is common for a mailing-list-manage

Re: [exim] How to access pgsql client cert when running suid ?

2022-05-23 Thread Jeremy Harris via Exim-users
On 23/05/2022 20:38, Axel Rau via Exim-users wrote: After turning on setuid bit on exim binary, it could no longer access the DB (error=‚valid client cert required‘) setuid to what (I assume root, but...)? Access during what phase of operation? -- Cheers, Jeremy -- ## List details at https:/

Re: [exim] 4.96-RC1 issue

2022-05-23 Thread Jeremy Harris via Exim-users
On 23/05/2022 16:04, Laura Williamson via Exim-users wrote: Have another one (in queue, undelivered) that I can test with. # exim -d+all -M 2>&1 | tee my_debug_log_file should get us debug for an attempt to deliver a message that is queued. With luck that will help locate where it's doing th

Re: [exim] 4.96-RC1 issue

2022-05-23 Thread Jeremy Harris via Exim-users
On 23/05/2022 15:10, Laura Williamson via Exim-users wrote: bad memory allocation requested (2147483632 bytes) at string_catn 1167 Hmm. That's 0x7fff fff0. There's two possible places for that log line to be generated. It'd help a lot to know which; I feel a little tweak coming on. Are you l

Re: [exim] Exim proxy / relay for disaster recovery for lost connectivity

2022-05-23 Thread Jeremy Harris via Exim-users
On 23/05/2022 14:02, Sebastian Arcus via Exim-users wrote: [internet] <-> [relay Exim] <-> [inhouse Exim] Can the smtp router or transport on the relay Exim be configured to keep the connection open for inbound email until the inhouse Exim accepts or rejects the email? Yes. Look for "cutthr

Re: [exim] 4.95 failed to stat log directory /var/spool/exim/log:

2022-05-22 Thread Jeremy Harris via Exim-users
On 22/05/2022 15:57, Bill Cole via Exim-users wrote: I'm unclear on why the option even exists. It seems crippling. See also http://exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECTrunexiwitpri and (separately) think about what might be feasible if inetd or sy

Re: [exim] 4.95 failed to stat log directory /var/spool/exim/log:

2022-05-22 Thread Jeremy Harris via Exim-users
On 22/05/2022 10:30, Axel Rau via Exim-users wrote: So it is a standard FreeBSD ports installation and therefor not setuid root. If that is standard for FreeBSD then you need to ask them why it's nonfunctional. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/

Re: [exim] 4.95 failed to stat log directory /var/spool/exim/log:

2022-05-21 Thread Jeremy Harris via Exim-users
On 21/05/2022 19:25, Bill Cole via Exim-users wrote: Do you have AppArmor or SELinux enabled? What user and group is Exim running as? Also, is this a "vanilla" Exim installation, with the Exim binary setuid root (Exim usually needs that so it can deliver to local user mailbox files. But it run

Re: [exim] 4.95 failed to stat log directory /var/spool/exim/log:

2022-05-21 Thread Jeremy Harris via Exim-users
On 21/05/2022 10:53, Odhiambo Washington via Exim-users wrote: On Sat, May 21, 2022 at 11:26 AM Axel Rau via Exim-users < exim-users@exim.org> wrote: Recently my mailman 3 servers began spamming with tons of such log messages: cannot accept message: failed to stat log directory /var/spool/exim

Re: [exim] Exim 4.96-RC1 released

2022-05-17 Thread Jeremy Harris via Exim-users
On 17/05/2022 08:04, Laura Williamson via Exim-users wrote: I have trouble compiling this with SRS support and I can see that the src/srs.h and .c are missing. I do have SUPPORT_SRS=yes in the makefile and also have the  latest libsrs2 libs installed, am I missing something? The old EXPERIMEN

Re: [exim] Exim 4.96-RC1 released

2022-05-16 Thread Jeremy Harris via Exim-users
On 16/05/2022 07:50, David Restall via Exim-users wrote: The next Release Candidate for 4.96, RC1, is not available from Where is it available from then ? :-) Yeah, yeah. Spotted ten minutes too late... -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-us

Re: [exim] The No Certificate Warning and the Right Way to Stop it

2022-05-15 Thread Jeremy Harris via Exim-users
On 15/05/2022 18:03, Martin McCormick via Exim-users wrote: Andreas Metzler via Exim-users writes: Where is the key? /etc./exim4/exim.key ^ That doesn't look quite right... What is the output of "exim4 -bP tls_certificate tls_privatekey" ? -- Cheers, Jeremy -- ## List details at

[exim] Exim 4.96-RC1 released

2022-05-15 Thread Jeremy Harris via Exim-users
The next Release Candidate for 4.96, RC1, is not available from - as tarball:https://ftp.exim.org/pub/exim/exim4/test - directly from Git: https://git.exim.org tag exim-4.96-RC1 The signatures on the release tarballs (and this mail) should be mine, key ID 0xBCE58C8CE

Re: [exim] The No Certificate Warning and the Right Way to Stop it

2022-05-14 Thread Jeremy Harris via Exim-users
On 14/05/2022 21:53, Martin McCormick via Exim-users wrote: Then I did dpkg-reconfigure exim4-config What ended up in your actual running config after this stage? Us non-Deb users don't know what Deb does for you at this stage. Also, does it tell the daemon to reload the config just changed? --

Re: [exim] Spurious "BDAT command used when CHUNKING not advertised"?

2022-05-12 Thread Jeremy Harris via Exim-users
On 12/05/2022 18:45, Ian Kelling wrote: * We are running an older exim: 4.90.1-1ubuntu1.8+9.0trisquel4 Well, at least it's not something I broke this year, then... With 4.96 you can set up speculative debug, using ACL. Anybody want to try getting a capture? -- Cheers, Jeremy -- ## List deta

Re: [exim] smarthost Outsmarting me so Far

2022-05-11 Thread Jeremy Harris via Exim-users
On 11/05/2022 14:34, Martin McCormick via Exim-users wrote: #Banner once again but the script marches on Actually, it should have been different, no longer advertising STARTTLS once you are using TLS. Mind, they advertised cleartext AUTH methods *on a cleartext connection* so they are obviousl

<    1   2   3   4   5   6   7   8   9   10   >