Re: [exim] exim 4.96 stopping because postfix is starting?

[Heiko Schlittermann via Exim-users]

Johnnie W Adams via Exim-users  (Mo 19 Dez 2022 18:22:34 
CET):
> Hi, folks,
> 
>  Twice recently, my outbound SMTP server has stopped working for no
> apparent reason. There's nothing in the logs but this:

Can you, please, provide the unit files for Exim and Postfix?

systemctl cat exim\* postfix\*


-- 
Heiko


signature.asc
Description: PGP signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Jeremy Harris via Exim-users]

On 20/12/2022 20:40, Johnnie W Adams via Exim-users wrote:

In this particular case, the message is not deliverable because the address
no longer exists--but how would I know that if I hadn't seen the bounce
message? I have to learn that at some point in the cycle.


Assuming this "you" with an Exim hat on rather than a sysadmin,
you find out when you try to deliver it.  That probably means
"in the routers chain" specifically.

Routing has to be done for delivery; it's how exim decides where
to deliver to.  But: you can ask for a additional run of the
routing from an ACL which is run earlier, before you agree
to accept the message from the sender and while the SMTP connection
is still open.  Based on that routing failing (here, because the
user account does not exist) you can reject the message.
Since it was never accepted, there is no need to generate a bounce
to tell the alleged sender; you just told the using the SMTP reject.

This is called "recipient verification".  I suggest you look it
up in the Exim documentation.
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Johnnie W Adams via Exim-users]

In this particular case, the message is not deliverable because the address
no longer exists--but how would I know that if I hadn't seen the bounce
message? I have to learn that at some point in the cycle.

On Tue, Dec 20, 2022 at 2:38 PM Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 20/12/2022 19:49, Johnnie W Adams via Exim-users wrote:
> > I'm tempted at this point to throw the bounces away rather than go out of
> > my way to process them. That rubs me the wrong way, though. What should I
> > be doing?
>
> As I said before: not accepting the original in the first place.
> Which means you need to work out why these particular messages
> are being bounced (it's generally because they're not deliverable,
> but you need to find out).
> --
> Cheers,
>Jeremy
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Jeremy Harris via Exim-users]

On 20/12/2022 19:49, Johnnie W Adams via Exim-users wrote:

I'm tempted at this point to throw the bounces away rather than go out of
my way to process them. That rubs me the wrong way, though. What should I
be doing?


As I said before: not accepting the original in the first place.
Which means you need to work out why these particular messages
are being bounced (it's generally because they're not deliverable,
but you need to find out).
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] bad memory reference; pool not found, at gstring_grow 1124

[Jasen Betts via Exim-users]

On 2022-12-19, Jeremy Harris via Exim-users  wrote:
> On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
>>logwrite = 
>> ${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
>
> Thanks for locating this so precisely.
> Fix pushed: 1ed24e36e279

Thanks for the fix.

-- 
  Jasen.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Johnnie W Adams via Exim-users]

I'm tempted at this point to throw the bounces away rather than go out of
my way to process them. That rubs me the wrong way, though. What should I
be doing?

On Tue, Dec 20, 2022 at 11:40 AM Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 20/12/2022 16:55, Johnnie W Adams via Exim-users wrote:
> >   but I don't see where
> > the bounce message has one, so I'm going to say "The failing bounce
> message
> > has an empty MailFrom"
>
> Bounces have an empty envelope from.  Always.
> You don't want the possibility of a bounce from a bounce, is why.
> --
> Cheers,
>Jeremy
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] bad memory reference; pool not found, at gstring_grow 1124

[Jeremy Harris via Exim-users]

On 20/12/2022 17:12, Andreas Metzler via Exim-users wrote:

Is there a security impact of the bug?


Nope.  Logging only... and only if you've written your
config to try and save an 8 kB (with the release size of
log buffer) log message.

I guess, if you have, an attacker could induce a lot of
process terminations.  Most systems won't have setuid-coredumps
enabled, so little issue there.
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] bad memory reference; pool not found, at gstring_grow 1124

[Andreas Metzler via Exim-users]

On 2022-12-19 Jeremy Harris via Exim-users  wrote:
> On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
> >logwrite = 
> > ${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz

> Thanks for locating this so precisely.
> Fix pushed: 1ed24e36e279

Hello,

Is there a security impact of the bug?

cu Andreas


signature.asc
Description: PGP signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Jeremy Harris via Exim-users]

On 20/12/2022 16:55, Johnnie W Adams via Exim-users wrote:

  but I don't see where
the bounce message has one, so I'm going to say "The failing bounce message
has an empty MailFrom"


Bounces have an empty envelope from.  Always.
You don't want the possibility of a bounce from a bounce, is why.
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Johnnie W Adams via Exim-users]

I believe the original message has a MailFrom value, but I don't see where
the bounce message has one, so I'm going to say "The failing bounce message
has an empty MailFrom" and ask how I would address that.

On Tue, Dec 20, 2022 at 10:39 AM Julian Bradfield via Exim-users <
exim-users@exim.org> wrote:

> On 2022-12-20, Johnnie W Adams via Exim-users  wrote:
> > What puzzles me about that is why this _doesn't_ pass SPF. The outbound
> > node is also mta.ualr.edu, which is right there in the SPF record:
> > "v=spf1 a:mta.ualr.edu include:_spf.google.com redirect=_spf.ualr.edu"
>
> > I also don't quite understand this from the log: What should be in the
> > empty set of brackets?
> >
> > SPF check for [] does not pass with ip: [144.167.8.120].
>
> Are you sending a message with an empty MailFrom ?
> In that case, the SPF check will be done against postmaster@EHLO,
> where EHLO is the name your server gave in EHLO. If that name isn't
> covered by your SPF records, it won't pass.
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Julian Bradfield via Exim-users]

On 2022-12-20, Johnnie W Adams via Exim-users  wrote:
> What puzzles me about that is why this _doesn't_ pass SPF. The outbound
> node is also mta.ualr.edu, which is right there in the SPF record:
> "v=spf1 a:mta.ualr.edu include:_spf.google.com redirect=_spf.ualr.edu"

> I also don't quite understand this from the log: What should be in the
> empty set of brackets?
>
> SPF check for [] does not pass with ip: [144.167.8.120].

Are you sending a message with an empty MailFrom ?
In that case, the SPF check will be done against postmaster@EHLO,
where EHLO is the name your server gave in EHLO. If that name isn't
covered by your SPF records, it won't pass.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] exim 4.96 stopping because postfix is starting?

[Johnnie W Adams via Exim-users]

What puzzles me about that is why this _doesn't_ pass SPF. The outbound
node is also mta.ualr.edu, which is right there in the SPF record:

"v=spf1 a:mta.ualr.edu include:_spf.google.com redirect=_spf.ualr.edu"

I also don't quite understand this from the log: What should be in the
empty set of brackets?

SPF check for [] does not pass with ip: [144.167.8.120].

On Mon, Dec 19, 2022 at 7:29 PM Jasen Betts via Exim-users <
exim-users@exim.org> wrote:


> it might be better to give exim the information it needs to pass SPF and
> do the DKIM signing.
>
> --
>   Jasen.
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/