Re: [exim] message has lines too long for transport
On 31.05.2022 13:40, Heiko Schlichting via Exim-users wrote: > Jarland Donnell wrote: >> A new variable was added in 4.95: message_linelength_limit >> >> This defaults to RFC spec which is 998 characters, but that's not where the >> conversation should end. Absolutely no one out there is creating software >> that adheres to the RFC standard. You can send an email from Outlook, >> Roundcube, Thunderbird, or whatever which violates this standard and it will >> be accepted by all major email providers with no issue. It should therefore >> be expected that exim admins will not demand everyone suddenly adopt this >> old standard, but instead that they'll increase the value of this variable >> in their configs to compensate. Personally, I set my servers to 52428800 for >> it. > > I was surprised that a value of 0 didn't completely disable this check. It was closed with "won't fix": https://bugs.exim.org/show_bug.cgi?id=2870 -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] message has lines too long for transport
On 1.06.2022 10:39, Arkadiusz Miśkiewicz wrote: > On 31.05.2022 13:40, Heiko Schlichting via Exim-users wrote: >> Jarland Donnell wrote: >>> A new variable was added in 4.95: message_linelength_limit >>> >>> This defaults to RFC spec which is 998 characters, but that's not where the >>> conversation should end. Absolutely no one out there is creating software >>> that adheres to the RFC standard. You can send an email from Outlook, >>> Roundcube, Thunderbird, or whatever which violates this standard and it will >>> be accepted by all major email providers with no issue. It should therefore >>> be expected that exim admins will not demand everyone suddenly adopt this >>> old standard, but instead that they'll increase the value of this variable >>> in their configs to compensate. Personally, I set my servers to 52428800 for >>> it. >> >> I was surprised that a value of 0 didn't completely disable this check. > > It was closed with "won't fix": > > https://bugs.exim.org/show_bug.cgi?id=2870 > Also worth mentioning that exim itself also creates byggy emails (bounces) if these are based on buggy original message: https://bugs.exim.org/show_bug.cgi?id=2827 -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] catching brute foce smtp auth - what condition?
Hello.
How to catch brute foce smtp auth attempts only? (== bad login or
password provided)
Condition like:
${if eq{$authentication_failed}{1}}
doesn't work because it also catches cases where client cancelled smtp
auth attempt (rfc2554 and "*").
Exim internally sees difference:
535 Incorrect authentication data
501 Authentication cancelled
Ideas?
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] exim maildirsize quota calculation in the face of symlinks
On 10.02.2022 13:06, Jasen Betts via Exim-users wrote: > On 2022-02-10, Maarten van Baarsel via Exim-users wrote: >> Currently, I'm also using a plugin in dovecot: >> >> https://wiki.dovecot.org/Plugins/MailboxAlias >> >> However, this plugin solves the alias problem with a symlink in the >> Maildir directory, which makes Exim count the mails twice when the >> appendfile transport is calculating quota sizes. > > Have you considered using OS-provided per-user disk quotas instead? > > https://www.linux.com/training-tutorials/step-step-using-user-quotas-linux/ > > this is just an idea, I don't know how well dovecot and exim interact with > quota. > Just a note. dovecot is not ready to handle filesystem quotas if control files are also under that quota. It just breaks in various ways (reported on dovecot mailing list). Workaround is to keep control files outside quota enabled filesystem... but that's only a workaround. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] too long line but which one?
Hi,
how to log that too long line(s), so it will be easy to point where the
problem is in case of mail incoming via smtp ?
deny
message = maximum allowed line length is 998 octets, \
got $max_received_linelength
condition = ${if > {$max_received_linelength}{998} }
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] selecting random ip from file
W dniu 12.05.2021 o 11:42, Jeremy Harris via Exim-users pisze:
> On 12/05/2021 10:11, Arkadiusz Miśkiewicz via Exim-users wrote:
>> example.com: 1.1.1.1, 2.2.2.2, 3.3.3.3
>>
>> The number of ip addresses can be different for each domain listed there.
>>
>> How to approach this in exim way?
>
> expansions:
>
> listcount
> randint
> eval
> listextract
>
Thanks for hints, were helpful
${listextract{${eval:${randint:${listcount:<, ${lookup{example.com}
nwildlsearch{/tmp/x + 1} }{<, ${lookup{example.com}
nwildlsearch{/tmp/x
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] selecting random ip from file
Hello.
in smtp transport I'm doing something like:
interface = <; ${lookup{$sender_address_domain}
nwildlsearch{/etc/mail/custom_ip} }
which contains:
example.com: 1.1.1.1
That works fine but I would like to have few IPs assigned to a domain
and let exim choose these randomly like
example.com: 1.1.1.1, 2.2.2.2, 3.3.3.3
The number of ip addresses can be different for each domain listed there.
How to approach this in exim way?
(note file format can be easily changed like spaces instead of comas etc
if needed)
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Problem with tls_certificate and multiple domains
On 16/10/2019 07:58, Heiko Schlittermann via Exim-users wrote:
> Heiko Schlittermann via Exim-users (Mi 16 Okt 2019
> 06:48:25 CEST):
>> TLS_DOMAIN = ${if def:tls_in_sni {${lc:tls_in_sni}}{example.com}}
>>
>> tls_certificate = /etc/exim/private/certs/TLS_DOMAIN/cert.pem
>> tls_privatekey = /etc/exim/private/certs/TLS_DOMAIN/privkey.pem
>>
>> You need a "fallback", as there is a fair chance, that the client
>> doesn't send you a TLS SNI.
>
> The above is nonsens, missing '$' and breaks if $tls_in_sni doesn't
> match an existing file. Sorry for that. Now, after a cup of coffee:
>
> That's what I have in my working configuration.
>
> TLS_SNI = ${lc:${extract{-1}{/}{$tls_in_sni}}}
>
> tls_certificate = ${if exists{/var/lib/exim4/TLS_SNI-ssl.pem}\
> {/var/lib/exim4/TLS_SNI-ssl.pem}\
> {/var/lib/exim4/ssl.schlittermann.de-ssl.pem}}
>
> But now I'm asking myself, if I can be sure that $tls_in_sni doesn't
> contain ../../../ and what impact this could have. So, probably in a
> first step you should sanitize the $tls_in_sni.
You can use sha1 (or other) hashes as filenames. That makes the whole
problem go away but requires tool to setup filename with hashes.
tls_privatekey = ${if
exists{/etc/certs/letsencrypt/cert.${lc:${sha1:${lc:${tls_sni.pem}{/etc/certs/letsencrypt/cert.${lc:${sha1:${lc:${tls_sni.pem}{/etc/mail/exim-default-key.pem}}
tls_certificate = ${if
exists{/etc/certs/letsencrypt/cert.${lc:${sha1:${lc:${tls_sni.pem}{/etc/certs/letsencrypt/cert.${lc:${sha1:${lc:${tls_sni.pem}{/etc/mail/exim-default-cert.pem}}
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
signature.asc
Description: OpenPGP digital signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] MySQL Connection errors – SSL?
On Monday 14 of May 2018, Kai Bojens via Exim-users wrote: > Hello everybody. > I'am using MySQL for several lookups and everything worked fine for many > years with a „5.0.32-Debian_7etch12” MySQL Server. Today I switched the > backend to „10.2.14-MariaDB-10.2.14+maria~xenial” and everything seemed > to work fine again at first. But then I checked the logs and found these > connection errors on the SQL server: > > Aborted connection 17263 to db: 'XXX' user: 'XXX' host: 'XXX.XXX.XY' > (Got an error reading communication packets) > 2. Is there any other possivle explanation for this behaviour? Check max_allowed_packet setting on mysqld side -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.91: option "hosts_try_dane" unknown
On Monday 16 of April 2018, Max Kostikov via Exim-users wrote: > Is this option deprecated now? > Found nothing about this in ChangeLog and NewStuff. > (system is FreeBSD 11.1-RELEASE-p9) config variable name has changed to SUPPORT_DANE -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.91 released
On Monday 16 of April 2018, Heiko Schlittermann via Exim-users wrote: > Odhiambo Washington via Exim-users <exim-users@exim.org> (Mo 16 Apr 2018 > 11:27:06 CEST): … > > > gcc -o exim > > > > drtables.o(.text+0xea): In function `init_lookup_list': > > : undefined reference to `spf_lookup_module_info' > > > > *** Error code 1 > > Most likely due to change in the name of the EDITME configuration item > from EXPERIMENTAL_* to something else. > > That brings me to a whishlist item „upgrade-editme“. or just make "make" exit 1 if using obsolete directive -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Best way tls_certificate select
On Saturday 20 of January 2018, Sławek wrote:
> Ok i understand this variable cert.${lc:${tls_sni}}.pem =
> cert.mail.domain.com.pem yes ? via tls_sni not based on the directory?
To avoid "../../something" as tls_sni.
>
> Regards
> Sławomir Dworaczek
>
> Oryginalna wiadomość
> Od: Sławek <sla...@dworaczek.info>
> Data: 20.01.2018 16:22 (GMT+01:00)
> Do: exim-users@exim.org
> Temat: RE: Best way tls_certificate select
>
>
>
> Niw i settings tls_certificate = ${if
> exists{/etc/letsencrypt/live/${tls_sni}/fullchain.pem}{/etc/letsencrypt/li
> ve/${tls_sni}/fulkchain.pem}{/etc.exim.certc/certificate.crt}} Where
> ${$tls_sni} as directory mail.domain.com
> tls_sni what value does it return ?domain name ?mx record name ?
> all clients , outlook, thunderbird, windows Live settings smtp server as
> mail.domain.com divecot correctly chooses the certificate by
> mail.domain.com
> Exim not
> regardsSławomir Dworaczek
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Best way tls_certificate select
On Saturday 20 of January 2018, Sławek wrote:
> Niw i settings tls_certificate = ${if
> exists{/etc/letsencrypt/live/${tls_sni}/fullchain.pem}{/etc/letsencrypt/li
> ve/${tls_sni}/fulkchain.pem}{/etc.exim.certc/certificate.crt}} Where
> ${$tls_sni} as directory mail.domain.com
> tls_sni what value does it return ?domain name ?mx record name ?
> all clients , outlook, thunderbird, windows Live settings smtp server as
> mail.domain.com divecot correctly chooses the certificate by
> mail.domain.com
Be aware that $tls_sni is remote user controlled thus can contain
malicious content. tls_sni is in most cases a hostname that's set in
email client as smtp server.
tls_sni works fine here but we use safe hash ${lc:${sha1:${lc:${tls_sni
tls_certificate = ${if
exists{/etc/certs/letsencrypt/cert.${lc:${tls_sni}}.pem}{/etc/certs/letsencrypt/cert.${lc:${tls_sni}}.pem}{/etc/openssl/certs/default.crt}}
> Exim not
> regardsSławomir Dworaczek
>
> Oryginalna wiadomość
> Od: Sławek <sla...@dworaczek.info>
> Data: 20.01.2018 12:46 (GMT+01:00)
> Do: exim-users@exim.org
> Temat: Best way tls_certificate select
>
>
>
> Its possible select tls_certificate with variable tls_certificate=
> /etc/letsencrypt/live/mail.$domain_sender/fullchain.pem ?beacause tls_sni
> not works
>
>
> regatds
> Sławomir Dworaczek
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SRS-hash with ".."
On Friday 10 of November 2017, Richard Salts via Exim-users wrote: > On 10 November 2017 9:13:53 pm LHDT, Jeremy Harris <j...@wizmail.org> wrote: > >Please, no direct responses. I read the ML. > > > >On 10/11/17 09:55, Niels Kobschaetzki wrote: > >> experimental one that is based on the libsrs_alt. I didn't know that > >> there is another way to do SRS with exim and I can't find > > > >documentation > > > >> for it. > > > >I think any use of dots in the libsrs_alt version is buried in there > >and Exim has no visibility of it. > > There is a compile time option for libsrs-alt to turn this option on. It's --with-base64compat, was hit by it some time ago (and with gmail). So it is broken since two dots are not allowed by RFC. > It's > not the default, but is there for servers which blacklist the / and = in > local parts iirc. And without that option it is also problematic due to use of "/". So both options are bad :) -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim and MySQL with UTF-8 encoding
On Wednesday 08 of November 2017, Yves Goergen wrote:
> Hello,
>
> How can I tell Exim to talk to the MySQL server with UTF-8 encoding?
Try something like:
${lookup mysql{SET NAMES utf8}{}}${lookup mysql{....}}
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] date/time when ratelimit "expires"
Hi. How to show when particular ratelimit goes below threshold? Can that be extracted/calculated from exim? For example, with these rules: https://lists.gt.net/exim/users/94666#94666 I would like to change message to contain ratelimit expiry date like: drop message = Too many failed authentication attempts (blockade expires: $HERE_DATE_WHEN) How to do that? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] safe handling of $tls_sni
On Monday 17 of October 2016, Phil Pennock wrote:
> On 2016-10-12 at 14:50 +0200, Arkadiusz Miśkiewicz wrote:
> > Docs say that $tls_sni has raw data from client:
> >
> > "Great care should be taken to deal with matters of case, various
> > injection attacks in the string (../ or SQL), and ensuring that a valid
> > filename can always be referenced; it is important to remember that
> > $tls_sni is arbitrary unverified data provided prior to authentication."
>
> Someone read the text I wrote! Woohoo!
>
> (It only took a few years ...)
>
> > What is safest approach to handle $tls_sni when trying
> > to expand it to file on filesystem?
>
> Use a cryptographic hash for the filename.
Sounds smart.
> Or base64-encode it.
"/" is part of base64 alphabet, so would have to replace that with other
character, too.
[...]
> exists{/etc/mail/ssl/${sha1:${lc:tls_sni}}.pem}{/etc/mail/ssl/${sha1:${lc:
> tls_sni}}.pem}{/etc/mail/default-cert.pem}
I wonder how big performance impact will be there on each connection when
using sha1. sha will be calculated even twice for single connection.
I'm guessing no big impact as various hashing is already used in other places
like SMTP AUTH etc.
> -Phil
Thanks,
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] decode exim srs From
Hi. Host A is using exim internal SRS capability to rewrite From and then forward email to other host B. Now on host B I would like to rewrite From back to original form and then make exim all message processing (ACL, routers etc). srs key is known to both hosts. Can exim do that? Thanks, -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] safe handling of $tls_sni
Hi.
Docs say that $tls_sni has raw data from client:
"Great care should be taken to deal with matters of case, various injection
attacks in the string (../ or SQL), and ensuring that a valid filename can
always be referenced; it is important to remember that $tls_sni is arbitrary
unverified data provided prior to authentication."
What is safest approach to handle $tls_sni when trying
to expand it to file on filesystem?
Rule like:
${if
exists{/etc/mail/ssl/${tls_sni}.pem}{/etc/mail/ssl/${tls_sni}.pem}{/etc/mail/default-cert.pem}
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] address rewritting when "yielded unparseable address: empty address in address" happens
On Thursday 14 of July 2016, Jeremy Harris wrote:
> On 13/07/16 21:45, Arkadiusz Miśkiewicz wrote:
> > Scenario:
> >
> > ^test@$primary_hostname "$h_from:"Ffs
> > ^test@$primary_hostname "<z...@gdzies.pl>" Ffs
> >
> > First rule in some cases will return "yielded unparseable address:
> > empty address in address" which is fine and expected.
> >
> > But exim will stop rewritting in such case. It won't go to next rule
> > (which I wanted to be a fallback rule). And that's unexpected.
> >
> > Docs (
> > http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewr
> > iting.html ) don't seem to mention anything about such case, so I assumed
> > next rewrite rule to be applied.
> >
> >
> > For now I have a workaround for such problem:
> > ^test@$primary_hostname "${if !eq {${address:$h_from:}}{}
> > {${address:$h_from:}}fail }"Ffs ^test@$primary_hostname
> > "<z...@gdzies.pl>" Ffs
> > When "fail" is returned then exim uses next rule.
> >
> > I wonder if that's (stopping when unparseable address occurs) a bug (and
> > exim should try next rule)
>
> Exim has applied your first rule, which gave an empty result.
Resulting headers didn't end up with empty result, so it didn't apply it.
> How
> will any subsequent rule match the now-empty address?
This is rather about:
if no success -> stop rewritting
vs
if no success -> try next rule
especially that there is no 'q' flag being used.
> > or a feature (if feature then would be nice to see it documented) ?
But ok, that may be desired result from exim people point of view, so the only
missing thing is mentioning this in docs.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] address rewritting when "yielded unparseable address: empty address in address" happens
Scenario:
^test@$primary_hostname "$h_from:"Ffs
^test@$primary_hostname "<z...@gdzies.pl>" Ffs
First rule in some cases will return "yielded unparseable address:
empty address in address" which is fine and expected.
But exim will stop rewritting in such case. It won't go to next rule (which
I wanted to be a fallback rule). And that's unexpected.
Docs (
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html
)
don't seem to mention anything about such case, so I assumed next rewrite rule
to be applied.
For now I have a workaround for such problem:
^test@$primary_hostname "${if !eq {${address:$h_from:}}{}
{${address:$h_from:}}fail }"Ffs
^test@$primary_hostname "<z...@gdzies.pl>" Ffs
When "fail" is returned then exim uses next rule.
I wonder if that's (stopping when unparseable address occurs) a bug (and exim
should try next rule) or a feature (if feature then would be nice to see it
documented) ?
jgh_ on #exim suggests that this is a feature.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Segfault in 4.86 (mail queue handleing)
On Monday 05 of October 2015, Heiko Schlittermann wrote: > Yes, +fixes was the fastest possible way to distribute the important > fixes w/o starting a new release cycle and without forcing the > package/self-builders to backport/cherrypick the relevant patches by > themself. Too bad that this branch contains hunks that do not apply to released tarballs. git magic is required to make a patch that applies: git log -p exim-4_86..exim-4_86+fixes --reverse \ -- . ":(exclude)doc/doc-*" ":(exclude)test" ":(exclude).*" > exim-git.patch Ugly. Partial solution for tarball users could be to simply publish such patch on ftp in 4.86-fixes dir etc. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Segfault in 4.86 (mail queue handleing)
On Saturday 03 of October 2015, Andreas Metzler wrote: > This sounds like <https://bugs.exim.org/show_bug.cgi?id=1671> which is > fixed in GIT head and GIT exim-4_86+fixes. 4.87 (or 4.86.1) is really needed it seems :-/ -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] local time based rule (tod_zulu, tod_zone)
Hi.
How to create time based rules using local time zone?
For example:
condition = ${if
or{{{${substr_8_4:$tod_zulu}}{2300}}{{${substr_8_4:$tod_zulu}}{0300}}} {1}{0}}
but localtime instead of UTC?
Somehow calculate tod_zulu + $tod_zone, but how?
Thanks,
--
Arkadiusz Miśkiewicz, arekm / maven.pl
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] local time based rule (tod_zulu, tod_zone)
On Monday 07 of April 2014, Arkadiusz Miśkiewicz wrote:
Hi.
How to create time based rules using local time zone?
For example:
condition = ${if
or{{{${substr_8_4:$tod_zulu}}{2300}}{{${substr_8_4:$tod_zulu}}{0300}}}
{1}{0}}
but localtime instead of UTC?
Somehow calculate tod_zulu + $tod_zone, but how?
ended up with macro:
M_gethour = ${sg{$tod_full}{\N.* (\d+):(\d+):(\d+) .*\N}{\$1}}
--
Arkadiusz Miśkiewicz, arekm / maven.pl
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] exim_tidydb doesn't make databases smaller
On Friday 23 of November 2012, Graeme Fowler wrote: On Fri, 2012-11-23 at 13:32 +0100, Arkadiusz Miśkiewicz wrote: Shouldn't exim_tidydb make databases physically smaller? You'd like to think so, wouldn't you? However for reasons which are historical but mostly related to performance, Exim prefers to use the Berkeley DB library for its databases. These are grow only files - data is appended to them by allocating new leaves or pages in the file. Well, There is compact method + DB_FREE_SPACE that can do some freeing. http://docs.oracle.com/cd/E17276_01/html/api_reference/C/dbcompact.html When data is removed, the leaves or pages may be re-used if they are empty but they are never deleted. The recommendation from the developers has always been to dump the DB and create a new one if the size is too big. In Exim's case, most of the time simply deleting it will suffice - they're designed to hold transient data such as retry information which will be regenerated after deletion. Ok. Doing such daily cron job now [...] /usr/bin/exim_tidydb $t $SPOOLDIR $db /dev/null toobig=$(/usr/bin/find $SPOOLDIR/db/$db -size +300M) if [ -n $toobig ]; then /usr/bin/exim_dumpdb $SPOOLDIR $db | /usr/bin/exim_dbmbuild -nowarn - $SPOOLDIR/db/$db.new /dev/null chown exim:exim $SPOOLDIR/db/$db.new chmod 640 $SPOOLDIR/db/$db.new mv $SPOOLDIR/db/$db.new $SPOOLDIR/db/$db fi Graeme -- Arkadiusz Miśkiewicz, arekm / maven.pl -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] exim_tidydb doesn't make databases smaller
Hi. Shouldn't exim_tidydb make databases physically smaller? # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:25 /var/spool/exim/db/callout # exim_tidydb -t 2d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:25 /var/spool/exim/db/callout # exim_tidydb -t 1d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:26 /var/spool/exim/db/callout # exim_tidydb -t 0d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677593088 11-23 13:27 /var/spool/exim/db/callout and no, no errors, after few calls it made db empty: # exim_tidydb -t 0d /var/spool/exim/ callout Tidying Exim hints database /var/spool/exim//db/callout Tidying complete but still -rw-r- 1 exim exim 677593088 11-23 13:28 /var/spool/exim/db/callout The problem is that it grows and grows filling my /var. How to make it shrink db? Thanks, -- Arkadiusz Miśkiewicz, arekm / maven.pl -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] exim_tidydb doesn't make databases smaller
On Friday 23 of November 2012, Warren Baker wrote: On Fri, Nov 23, 2012 at 2:32 PM, Arkadiusz Miśkiewicz ar...@maven.pl wrote: Hi. Shouldn't exim_tidydb make databases physically smaller? Have a look at http://www.exim.org/exim-html-current/doc/html/spec_html/ch52.html#SECID26 2 Right. So how to make it smaller without loosing records? Only db dump restore? Ugly ;/ -- Arkadiusz Miśkiewicz, arekm / maven.pl -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] ratelimit based on invalid authentication
Hi, Is there a way to rate limit host based on invalid authentication? I'm limiting on lack of auth but how to do the similar thing for invalid auth? 2012-07-08 22:09:33 login authenticator failed for (aabb) [x.x.x.x]: 535 Incorrect authentication data (set_id=...) -- Arkadiusz Miśkiewicz, arekm / maven.pl -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] storing email when DKIM fails
Hi. I'm looking for a way to store intact incoming email on disk when acl_smtp_dkim verification fails (to be able to verify that exim does its DKIM job correctly). Is there a way to do that? -- Arkadiusz Miśkiewicz, arekm / maven.pl -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] counting number of adresses in From
On Friday 06 of April 2012, Phil Pennock wrote: On 2012-04-05 at 13:55 +0200, Arkadiusz Miśkiewicz wrote: $h_from failed on something, so now using $rh_from and that works well but there are emails like this: Date: Wed, 4 Apr 2012 08:14:35 -0500 From: s...@aaa.pl, someot...@.pl User-Agent: Mozilla/5.0 A continuation line *MUST* start with whitespace. This is fundamental to email parsing. If you insert a space at the start of the someother.. line, then $rh_from: and $h_from: both include the full data. If you don't, then neither does. Neither one sees more content than the other. How to catch emails with such invalid header? -Phil -- Arkadiusz MiśkiewiczPLD/Linux Team arekm / maven.plhttp://ftp.pld-linux.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] counting number of adresses in From
On Tuesday 06 of September 2011, Todd Lyons wrote:
On Tue, Sep 6, 2011 at 1:11 AM, Arkadiusz Miskiewicz ar...@maven.pl wrote:
exim doesn't have any builtin way to count number of elements.
Yeah, would be nice. For your particular query, there is a recipient
count, but not a sender count, which is what you want.
Looking for something like:
deny message = you are bad
condition = ${if count(${addresslist:$h_From:}) 1}
This works for me:
# DEBUG #
warnset acl_m_sender_count = ${reduce \
{, ${addresses:$h_from:} } \
{ 0 } \
{${eval:$value+1}} \
}
logwrite = Found $acl_m_sender_count senders in From
header
$h_from failed on something, so now using $rh_from and that works well but
there are emails like this:
Date: Wed, 4 Apr 2012 08:14:35 -0500
From: s...@aaa.pl,
someot...@.pl
User-Agent: Mozilla/5.0
and unfortunately rh_from doesn't contain both addresses - only first one
like:
s...@aaa.pl,\n
The newline that terminates a header line is not included in the expansion,
but internal newlines (caused by splitting the header line over several
physical lines) may be present.
So IMO both lines should be there in $rh_from, right?
--
Arkadiusz MiśkiewiczPLD/Linux Team
arekm / maven.plhttp://ftp.pld-linux.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
