Re: [exim] suspected mail loop - Not

2023-02-17 Thread Viktor Dukhovni via Exim-users 
On Thu, Feb 16, 2023 at 01:54:23PM +, graeme vetterlein via Exim-users 
wrote:

> However, tracking the original message down, it was from IBM and contains e.g.
> 
>   *29 matches for "Received" in buffer: 
> 1670514307.H745399P3100673.ybox.xxx *
> 
> and they all appear legitimate** , it really did pass through 29 servers !

An impressive hop count, did it go through mailing lists and then get
forwarded from a user's portable email address (an alumni alias or
similar) to their current actual mailbox?

On Fri, Feb 17, 2023 at 10:13:28AM +0100, Heiko Schlichting via Exim-users 
wrote:

> That's hard to answer. The following is set on our servers:
> 
> $ exim -bP received_headers_max
> received_headers_max = 50

FWIW, this (50) matches the Postfix default:

http://www.postfix.org/postconf.5.html#hopcount_limit

-- 
Viktor.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] TLS authentication

2023-02-17 Thread Jeremy Harris via Exim-users 

On 17/02/2023 04:18, Ian Zimmerman via Exim-users wrote:

   what is a "variable of type certificate" in exim's proudly unityped
   macro language?


$tls_{in,out}_(our,peer)cert are all certificate-type variables.
They are not useable as text, but can be used by a "certextract"
expansion.

The documentation Concept Index has an entry for "certificate", "variables".
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] suspected mail loop - Not

2023-02-17 Thread Heiko Schlichting via Exim-users 
> The following address(es) have yet to be delivered:
>   graeme.h...@ybox.xxx:*Too many "Received" headers*  - suspected mail loop
> [...]
>   1:*Is there a tunable somewhere?*

received_headers_max

>   2:*Is the current default reasonable?*

That's hard to answer. The following is set on our servers:

$ exim -bP received_headers_max
received_headers_max = 50

In very rare cases, this limit is also reached. Without exception, however,
it is spam where someone has overdone it with the header forgery.

Heiko

Heiko SchlichtingFreie Universität Berlin
heiko.schlicht...@fu-berlin.de   Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin


smime.p7s
Description: S/MIME cryptographic signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] suspected mail loop - Not

2023-02-17 Thread graeme vetterlein via Exim-users 

I received a message frozen warning.

The following address(es) have yet to be delivered:
  graeme.h...@ybox.xxx:*Too many "Received" headers*  - suspected mail loop

So I took it at face value, maybe I have a mail loop?

However, tracking the original message down, it was from IBM and contains e.g.

*29 matches for "Received" in buffer: 
1670514307.H745399P3100673.ybox.xxx *

and they all appear legitimate** , it really did pass through 29 servers !

In the past (e.g. with ! style addressing) this used to happen, but less so 
with recent email.
So I guess the question is:

1:*Is there a tunable somewhere?*
2:*Is the current default reasonable?*


I can post the headers (or indeed the mail) but I'll need to redact a small bit 
as I suspect they've exposed a mail relay which was intended to be hidden.


--

Graeme


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/