[exim] file_transport unset in virtual_user router

Hi, if you ever encountered this message: "Error in setting up pipe, file, or autoreply  "file_transport unset in virtual_user router" your configuration for a pop3/imap account lacks a "/" at the end. i.e. directory_transport = "/var//mailaccounts/username/Maildir" instead of

Re: [exim] Exim & DANE .. status ?

Am 22.05.2018 um 18:29 schrieb Kurt Jaeger: > Hi! > >> the german office of security ( BSI ) has given out a policy, that >> secure emailserver should have implemented DANE. > Can you elaborate ? Where / when did BSI say so ? > You can find it here:

[exim] Exim & DANE .. status ?

Hi Guys, the german office of security ( BSI ) has given out a policy, that secure emailserver should have implemented DANE. So, whats the status of DANE for Exim? Any usefull selfexplaning examples at hand ? :) best regards, Marius -- ## List details at

Re: [exim] Exim & DANE .. status ?

Am 23.05.2018 um 15:39 schrieb Viktor Dukhovni via Exim-users: > >> On May 23, 2018, at 3:14 AM, Kurt Jaeger via Exim-users >> wrote: >> >> Can you elaborate ? > We're getting into off-topic ratholes that are the subject of > much heated debate. Perhaps best to stop here? >

Re: [exim] Exim & DANE .. status ?

Am 22.05.2018 um 19:30 schrieb Viktor Dukhovni via Exim-users: > > This also checks that the hash is not the hash of an empty input, > due to failure of "openssl x509" and/or "openssl pkey". Oh yes.. i had those too with one of exim hashuing routine. Instead of returning NULL, if the string was

[exim] tons of brute force cracking events

Hi Guys, out of the blue, one particular exchange server generates tons of those messages: 2018-06-07 12:26:17 H=(XXX) [XXX] X=TLSv1.2:DHE-RSA-AES128-SHA:128 CV=no rejected AUTH LOGIN: blacklisted for bruteforce cracking attempt generated by this ACL : acl_check_auth:   drop  message =

Re: [exim] present client certificate on server->server connection

Am 01.06.2018 um 02:05 schrieb Adrian Zaugg via Exim-users: > 2018-06-01 00:22:34 1fOVxp-0005XP-S0 TLS error on connection to > ts6.checktls.com [104.131.23.181] (cert/key setup: > cert=/etc/ssl/letsencrypt/ente.limmat.ch/fullchain.pem > key=/etc/ssl/letsencrypt/ente.limmat.ch/privkey.pem): Error

Re: [exim] Creating local blacklist

Am 26.04.2018 um 03:25 schrieb Mike Brown via Exim-users: > > So, how does one set up the acl_check_rcpt section to use the exim_blacklist > that was defined to deny the incoming e-mail from the named domain? > you don't. acl_check_data: lots of other stuff ...   deny    condition  = ${if

Re: [exim] why so many synchronisation failures?

Am 30.04.2018 um 13:51 schrieb John via Exim-users: > I am seeing a large number of synchronisation errors in incoming mail > eg > rejected connection from H=[198.53.60.171] input="QUIT\r\n" > > The IP address varies but the QUIT\r\n is the commonest version, and > overwhelmingly from places with

Re: [exim] lowest numbered MX record points to local host

Am 14.02.2018 um 10:52 schrieb Sebastian Nielsen via Exim-users: > Easiest is to use local_domains but have a verification step for the > shared hosting, so your interface where user add their domain, will > verify that the MX is pointed to your server Before allowing the > domain to be added to

Re: [exim] lowest numbered MX record points to local host

Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users: > So what shoud I do to fix that? I can't use local_domains, becouse it's > shared hosting, and users can add domains by hand. > If someone will add domain 'gmail.com' exim will treat it as local domain. > > The only way is to check MX. >

[exim] TLS BEAST attack on exim

Hi, has anyone ever heared, that Beast worked against TLSv1 on mailservers ? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] HostEurope anybody

Am 17.02.2018 um 16:15 schrieb tech-lists via Exim-users: > An IP *cannot* resolve to a CNAME as per RFC 1034. It must resolve to an > A-record, hence the error "reverse dns failure". > CNAME PTR Chains are totally normal, due to the fact, that small providers in science centers get those CNAME

Re: [exim] Hostname and TLD drops

Am 25.08.2018 um 21:27 schrieb scout--- via Exim-users: > Hi, newbi questions please.. > > I can't figure out how to drop certain hostname connects. I get > thousands of these types of connects per day: > > 2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru > (sex.com)

[exim] interessting misconfiguration @PayPal.com

Hi guys, paypal seems to have a "small" problem to maintain it's servers with the same patch level: 2018-03-11 13:47:14 1ev0Nd-0006bI-Ss <= serv...@paypal.de H=mx0.slc.paypal.com (mx2.slc.paypal.com) [173.0.84.225] P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=39287

[exim] TLS 1.3

Hi, when TLS 1.3 is released, will Exim automatically able to use it if openssl supports it ? Do we have to make config changes to prefer 1.3 over 1.2 ( just in case ;) ) ? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

Am 28.03.2018 um 09:10 schrieb Konstantin Boyandin via Exim-users: > Hello, > > After having scanned 4.90.1 installation with OpenVAS, the below was > reported: > > 'Weak' cipher suites accepted by this service via the > TLSv1.0/TLSv1.1/TLSv1.2 protocols: TLS_RSA_WITH_SEED_CBC_SHA > > Default

Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

Am 28.03.2018 um 11:21 schrieb Mike Brudenell via Exim-users: > But given that most MTA to MTA traffic uses *opportunistic* encryption, > falling back to cleartext transfers if no encryption can be agreed between > the servers, isn't it better to continue to offer and use in such > situations a

Re: [exim] [exim-dev] "25 lost" is giving me useful clues

Hi all, Am 03.09.2018 um 23:03 schrieb Phil Pennock via Exim-users: > > 2018-09-03 00:09:00 [19598] > no MAIL in SMTP connection from XYZ (smtpdane.invalid) [2001:db8::1]:35490 > I=[2001:db8::2]:25 D=0s > X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no SNI="mx.spodhuis.org" >

Re: [exim] How to block using exim re:[doc...@nk.ca: Your account has been hacked! You need to unlock.]

Am 27.01.19 um 14:42 schrieb Graeme Fowler via Exim-users: > On 27 Jan 2019, at 12:33, The Doctor via Exim-users > wrote: >> am certain many of you have seen this, but how do you block / bounce said >> below e-mail via exim using spamassassin / clamd ? > Install at least the ‘phish’ database

Re: [exim] Expiriences with TLS 1.3

Am 28.01.19 um 12:56 schrieb Jeremy Harris via Exim-users: > On 28/01/2019 10:50, Cyborg via Exim-users wrote: >> is anyone of you running TLS 1.3 already ? > It functions fine in the Exim regression-test suite, > on systems having suitable library support. > > I've not seen

Re: [exim] Expiriences with TLS 1.3

Am 28.01.19 um 17:55 schrieb Wolfgang Breyha via Exim-users: > On 28/01/2019 17:09, Jeremy Harris via Exim-users wrote: >> On 28/01/2019 15:43, Viktor Dukhovni via Exim-users wrote: >>> univie.ac.at >> Univie, at least, are claiming Exim 4.91 in their banner. I don't >> know if they run patches,

Re: [exim] Header question, X-Relay-User

Am 04.03.19 um 17:53 schrieb jan-jun.2019--- via Exim-users: Try exim -bP config | grep -i x-relay-user and check, if this header is part of your Exim configuration at all. >>> Hi, not clear what you mean by "config", >> The actual literal word 'config', which is one

[exim] bypassing exim string expansion with invalid addresses

Hi, if you use the expansion operator  "${address:}" to filter spammers, they can evade this, by using halve open adresses, a mailclient would fix. Example: some sql ... "${quote_mysql:${lc:${address:$reply_address}}}" regexp entry If you use a valid reply-to address i.e. "A To B" the

Re: [exim] bypassing exim string expansion with invalid addresses

Hi all, I forgot to add the "attack" pattern:  From: "ONLINE PHARMACY"   R="CANADA-DRUGSTORE" gucl...@yopmail.com>" So the used a "valid" address in the From: Line and a halve open in Reply-To: best regards, Marius -- ## List details at

Re: [exim] bypassing exim string expansion with invalid addresses

Am 13.03.19 um 13:20 schrieb Jeremy Harris via Exim-users: >>> R="CANADA-DRUGSTORE" gucl...@yopmail.com>" >> Invalid per RFC5322. If it’s invalid, addresses cannot be extracted. We can >> only code against the valid format, as forms of invalidity are for all >> practical purposes

[exim] deadlock ?

Hi guys, we have an interessting case found (partly anonymised ) : 2019-02-06 11:19:51 1grKJ5-0007Eh-3Z H=localhost (localhost.localdomain) [127.0.0.1] Warning: processing file "" for "To: cluboffice@senderdomain, tourenwart@senderdomain, beisitzer@senderdomain, recipi...@recipent.org -> From:

[exim] postmaster addresses was The Google Lie

Am 13.02.19 um 11:36 schrieb Niels Dettenbach via Exim-users: > rfcs. Without DKIM i'm not sure as i did not tested that yet - but > without > DKIM it seems difficult to get a "reliable" email service up today. not really. The best you can do is : not to relay messages for domains to gmail and

Re: [exim] Expiriences with TLS 1.3

Am 28.01.19 um 22:29 schrieb exim-users--- via Exim-users: > Hi, > > On 28.01.19 11:50, Cyborg via Exim-users wrote: >> is anyone of you running TLS 1.3 already ? > I am using it on stock Ubuntu 18.10 (Exim is version 4.91-6ubuntu1, > gnutls is 3.6.4-2ubuntu1) on a relatively

[exim] Expiriences with TLS 1.3

Hi, is anyone of you running TLS 1.3 already ? If so, any problems ? best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Am 06.06.19 um 14:07 schrieb Heiko Schlittermann via Exim-users: > Hi, > > Cyborg via Exim-users (Do 06 Jun 2019 13:24:21 CEST): >> As the Advisiory is a bit unspecific for a protection, shouldn't a check >> for  "$" in >> >>   deny    messa

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Am 05.06.19 um 17:17 schrieb Heiko Schlittermann via Exim-users: > The fix for CVE-2019-10149 is public now. > As the Advisiory is a bit unspecific for a protection, shouldn't a check for  "$" in   deny    message   = Restricted characters in address      domains   =

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Hi Jeremy, Am 06.06.19 um 13:40 schrieb Jeremy Harris via Exim-users: > exim -bV | grep -i support Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open Does that "Event" mean, the code is in it or is it part of another

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Am 06.06.19 um 14:25 schrieb Spencer Marshall via Exim-users: > why is this only being applied to +local_domains? why not everything? > denymessage = Restricted characters in address >local_parts = ^[.] : ^.*[\$@%!/|] > > Because there are two Restricted Char rules,

Re: [exim] The most used Exim version is the vulnerable one

Am 12.06.19 um 09:50 schrieb Heiko Schlittermann via Exim-users: > I'll not give more details, as I think, it's not worth having arguments > about good and bad distros. At least not here on this list :) You know about the RHEL reaction to the bugreport ? "our exim is so old, it's not a bug

Re: [exim] The most used Exim version is the vulnerable one

Am 12.06.19 um 13:01 schrieb Gary Stainburn via Exim-users: > On Wednesday 12 June 2019 06:56:34 Konstantin Boyandin via Exim-users wrote: >> I maintain several CentOS 6-based servers. They will finally be replaced >> by CentOS 7-based, but it's out of my control to upgrade the >> distributions

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 02:10 schrieb Calum Mackay via Exim-users: >

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 08:27 schrieb Odhiambo Washington via Exim-users: > On Tue, 11 Jun 2019 at 03:19, Calum Mackay via Exim-users < > exim-users@exim.org> wrote: > >> hi all, >> >> My mail system has just been hacked; it's running Debian unstable exim >> 4.91-9 >> >> Could it be CVE-2019-10149? I don't

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 14:46 schrieb Konstantin Boyandin via Exim-users: > I don't know where to report such things. To malware/antivirus > manufacturers, perhaps? > > But the proper question is, IMHO, "why I haven't hardened my Exim > installations while I could". > The Hoster: #whois 1.2.3.4 | grep -i

[exim] The most used Exim version is the vulnerable one

Hi Guys, at the end of this article, is a shodan graph of exim servers in the wild : https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/ Guess which versions are 90% of all exims out there? ;) best regards, Marius -- ## List details at

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 19:34 schrieb Calum Mackay: > I'm still catching up, but… > > On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote: >> Why didn't you harden your exim with the "allowed chars" change we >> posted here on the list, or did you? > > Is that still necessary/advised, now I'm

Re: [exim] CVE-2019-10149: already vulnerable ?

Am 24.06.19 um 19:55 schrieb Ian Zimmerman via Exim-users: > On 2019-06-24 17:23, Jeremy Harris wrote: > For instance, if I say this in the -bh dialog: > > RCPT TO: > > the local part being tested, according to the >>> output, is just "itz", > which of course ends up being accepted. > > I think

Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users: > > Hello Marius, > > would you mind explaining this? There are many differences between > these rules Yes .. > J ^.*\\0?44 > M ^.*0.44 > > J tries to match on \044 or \44, M on 0.44 and 0a44, ... 0z44 Yes, it does. It circumvented the

Re: [exim] eximon remote display

Am 17.06.19 um 18:02 schrieb Calum Mackay via Exim-users: > In fact, I can't even get eximon to work properly, when remotely > displayed via X to my Mac. > > e.g. shift-click doesn't seem to give me a context menu when used in > the queue area. shift-click. You have xauth installed on the remote

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 19:34 schrieb Calum Mackay via Exim-users: > I'm still catching up, but… > > On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote: >> Why didn't you harden your exim with the "allowed chars" change we >> posted here on the list, or did you? > > Is that still necessary/advised,

Re: [exim] CVE-2019-10149: already vulnerable ?

Am 21.06.19 um 16:29 schrieb Benoît PELISSIER via Exim-users: >> root@old-mai:~# exim -Mvl 1hdwsf-0006h5-EE >> 2019-06-20 15:13:33 Received from <> H=(.de) >> [89.248.171.57] P=smtp S=1114 >> 2019-06-20 15:13:33 routing failed for >>

[exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Am 23.06.19 um 21:02 schrieb Jeremy Harris via Exim-users: > deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N > message = no mate > > Thie is perhaps over-broad - a dollar sign in a local-part > is strictly legitimate per the standards. However, it's > not something most

[exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Am 23.06.19 um 21:02 schrieb Jeremy Harris via Exim-users: > > deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N > message = no mate > > Thie is perhaps over-broad - a dollar sign in a local-part > is strictly legitimate per the standards. However, it's > not something most

Re: [exim] [Urgent] - Unable to block domains

Am 23.05.19 um 14:49 schrieb Isuru Rupasinghe via Exim-users: > Hi Guys, > > I just followed the below steps: > > 1. add the following line after acl_check_data: > > Code: Select all > > deny senders = /etc/deny_senders > > 2. create the following file /etc/deny_senders with the following line > >

Re: [exim] SSL forcing

Am 19.05.19 um 22:42 schrieb The Doctor via Exim-users: > On Sun, May 19, 2019 at 01:17:51PM -0600, The Doctor via Exim-users wrote: >> On Sun, May 19, 2019 at 02:42:56PM +0100, Jeremy Harris via Exim-users wrote: >>> On 19/05/2019 14:31, The Doctor via Exim-users wrote: ow can I force e-mail

Re: [exim] SSL forcing

Am 19.05.19 um 20:17 schrieb Richard Jones via Exim-users: > # egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort > -n | tail > 82 X=TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128 > 167 X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256 > 272 X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 >

Re: [exim] SSL forcing

Am 19.05.19 um 19:24 schrieb Jeremy Harris via Exim-users: > On 19/05/2019 18:00, Cyborg via Exim-users wrote: >> Problem is, that even if tls_1.2 is out since 2008, a communication >> partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" , >> you

Re: [exim] SSL forcing

Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users: > On 19/05/2019 14:31, The Doctor via Exim-users wrote: >> ow can I force e-mail from the Internet At large to be only accepted >> if and only if done by SSL/TLS methods? > ACL condition "encrypted". > Problem is, that even if tls_1.2 is

Re: [exim] unable to send mails to subdomains - dnslookup defer

Am 20.05.19 um 11:14 schrieb necktwi via Exim-users: > I just reply all the senders. Now I'm manually sending to the mailing list > alone. Is that all you meant by basic mail etiquette? Please let me know. > Below are the dig queries you've asked > > > host1:~ Necktwi$ dig MX host2.mydomain.com

Re: [exim] Block spam at smtp time, but then still forward to users spam box

Am 20.05.19 um 09:41 schrieb Brent Clark via Exim-users: > Good day Guys > > Just want to check with the community. > > My colleague has proposed that at smtp time, if a mail is deemed as > spam, the server issues a reject code, but then to too accept the mail > and forward the mail the user for

Re: [exim] SSL forcing

Am 21.05.19 um 12:54 schrieb Graeme Fowler via Exim-users: > On 20 May 2019, at 19:22, Phil Pennock via Exim-users > wrote: >> For me, the only pre-1.2 senders over the past few days are >> lists.gnu.org, an anti-spam mailing-list, and the IPv6-Ops mailing-list. > Looking at the logs at work, in

Re: [exim] CVE-2019-10149: already vulnerable ?

Am 05.07.19 um 06:26 schrieb Jasen Betts via Exim-users: > > It looks to me like it matches any string, it should probably be ^.*\$ > which would match any astring contailnin literal '$' It's a crude, brutal protection rule against a root exploit, of course it shall block *any* $ in that string :)

Re: [exim] Matching RFC 2047 encoded text

Am 17.04.19 um 14:30 schrieb Lena--- via Exim-users: > =?UTF-8?B?VXMgY29uZ3Jlc3MgaGVhcmluZyBvZiBtYWFuIGFsc2FhbiBNb25leSBsYXVuZHJ5INmC?= > > =?UTF-8?B?2LbZitipINin2YTZg9mI2YbYutis2LHYsyDZhNi62LPZitmEINin2YTYo9mF2YjYp9mEINmE2YTZhdmE?= >

[exim] Exim, Dovecot, mdir and hardlinks - a true story

Hi all, too make yourself aware of an exim-dovecot-quota problem you may run into, we need: https://wiki.dovecot.org/MailLocation/Maildir which states: Optimizations * maildir_copy_with_hardlinks=yes (default): When copying a message, do it with hard links whenever possible.

Re: [exim] Exim, Dovecot, mdir and hardlinks - a true story

Am 14.08.19 um 18:24 schrieb Phil Pennock via Exim-users: > On 2019-08-14 at 12:54 +0100, Jeremy Harris via Exim-users wrote: >> Do we need a fast/poor quota method for cases where the size-file >> cannot be used? > Just to raise the possibility to see if others can spot approaches which > make

Re: [exim] TLS unsupported protocol?

Am 03.09.19 um 01:01 schrieb Mike Tubby via Exim-users: > I have someone connecting to me repeatedly and failing on TLS/SSL > start up, thus: > > 2019-09-02 23:57:30 CONNECT: New connection from 80.82.32.21:62950 -> > 195.171.43.32:25 > 2019-09-02 23:57:30 CONNECT: Accepting connection from:

Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

Am 06.09.19 um 20:50 schrieb Sebastian Nielsen via Exim-users: > Shouldn't this be in connect ACL? > How would the deny in MAIL FROM prevent the exploit? What I have understand > is that there is exploit in the SNI of the TLS negotiation, thus the whole > connect attempt must be rejected right?

Re: [exim] CVE-2019-15846 ..Exim Vulnerability

Am 12.09.19 um 15:40 schrieb Heiko Schlittermann via Exim-users: > Richard Jones via Exim-users (Do 12 Sep 2019 14:36:41 > CEST): >> On Sep 12, Heiko Schlittermann via Exim-users wrote >>> If you're out of luck, either upgrade your Debian system to a recent >>> one, or prepare to compile Exim on

[exim] auth attempts

Hi, can we limit those tries anywere or slow them down? 2019-09-10 16:02:37 plain authenticator failed for (a domainname) [156.223.90.207]: 535 Incorrect authentication data (set_id=nonsense) best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim

Re: [exim] Exim hostlist in the exim config - related to CVE-2019-15846

Am 10.09.19 um 13:33 schrieb Michael Love via Exim-users: > Hi All, > Question: > We have a restricted hostlist of only other servers able to email exim 4.86. > For this new vulnerability, is the TLS handshake executed before the > whitelist hostlist lookup, or is the whitelist hostlist queried

Re: [exim] SSL encryption rejected

Am 17.09.19 um 03:19 schrieb Viktor Dukhovni via Exim-users: > > OpenSSL 0.9.8 has been unsupported for more than 5 years now. It > has substantial security issues, and must be used. Since that time *not* be used... best regards, Marius -- ## List details at

Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

Am 07.09.19 um 03:16 schrieb Phil Pennock via Exim-users: > On 2019-09-06 at 22:04 +0200, Heiko Schlittermann via Exim-users wrote: >> The HELO ACL doesn't help either, as the first EHLO comes before >> STARTTLS, and the second EHLO doesn't have to come, the client may send > Oh pox. My memory is

[exim] Exim usage numbers?

Hi, several press publications about the exim exploit give different exim installation numbers. The Hacker News: "...which runs almost 60% of the internet's email servers today..."     "...leaving at least over half a million email servers vulnerable to remote

[exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846

Hi, this post is only relevant for European Corps or Organisations WITH mailerservers in or outside of the EU.  if you are not based in the EU, you can skip this. As a possible Mitigation for  CVE-2019-15846 stopping to use TLS in form of tls_advertise_hosts = in your config, is a bigger

[exim] OT/2: TLS on gnu.org, better named: the insecured gnu.org mailserver

Hi, this message is not about exim problems, it's about problems involving exim. As you all heared, Richard Stallmann as resigned from it's positions. Not the topic here, but it caused me to send him a letter, which I do once in a while. Unfortunately, the admins at gnu don't think much about

Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846

Am 06.09.19 um 16:05 schrieb Sebastian Nielsen: > No thats not entirely true that you need to disable cleartext transmission. > You must however according to GDPR support encrypted transmission if you > operate a business where personal details more sensitive than a name + email > adress MAY

Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.

Am 06.09.19 um 13:14 schrieb Heiko Schlittermann via Exim-users: > An Update to the mitigation for the current CVE: > > Add - as part of the mail ACL (the ACL referenced by the main config > option "acl_smtp_mail"): > > denycondition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni >

Re: [exim] CVE-2019-13917

Am 25.07.19 um 13:32 schrieb Jeremy Harris via Exim-users: > >> $: exim --version >> Exim version 4.86_2 #1 built 10-Feb-2018 19:18:40 > Yes, that facility was only added for 4.87 and I > forgot that many people would be running a distro > based on something that old. Sorry. 4.63 .. once very

Re: [exim] New compromise...?

Am 25.09.19 um 21:50 schrieb Sebastian Nielsen via Exim-users: > Sebastian Nielsen via Exim-users (Mi 25 Sep 2019 > 05:49:26 EDT): >> Another way to deal with compromises is to IP-restrict the user accounts so >> they can only login from where they are supposed to login from. >> If ALL of your

Re: [exim] Unstoppable spam

Am 24.09.19 um 11:07 schrieb Odhiambo Washington via Exim-users: > 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= benson.ku...@ourdomain.tld > H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > A=plain:benson.ku...@ourdomain.tld S=153471

Re: [exim] SRS still experimental?

Am 02.10.19 um 10:39 schrieb Gedalya via Exim-users: > You might consider this: > > https://github.com/roehling/postsrsd/blob/master/README.exim.md Sweet..  looks easy to implement. Does anyone have this running? Does it work in dynamic multi-domain environments? best regards, Marius -- ##

Re: [exim] 2 problems (exim-4.92.3/Fedora 31/config from 4.85)

Am 11.11.19 um 17:30 schrieb Frank Elsner via Exim-users: > tls_certificate = /usr/local/etc/m28a.crt > tls_privatekey = /usr/local/etc/m28a-exim.key > tls_dhparam = /usr/local/etc/m28a-2048.dh > tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP >

Re: [exim] Exim 4.93 Received Header tls clause

Am 13.11.19 um 18:27 schrieb Wolfgang Breyha via Exim-users: > I think it's no good idea to change the default in favor of that RFC while > dropping important information like the TLS Version used. > Those informations are vital to make checks for contacts, using old and broken tls versions.

Re: [exim] Exim 4.93 Received Header tls clause

Am 17.11.19 um 14:24 schrieb Jeremy Harris via Exim-users: > On 14/11/2019 00:10, Cyborg via Exim-users wrote: >> Also, the data protection agencies in Germany have gained vital knowlage >> about tls usage via those >> brilliant logfiles of exim. > There's a dif

Re: [exim] Exim 4.93 Received Header tls clause

Am 18.11.19 um 10:38 schrieb Jeremy Harris via Exim-users: > On 18/11/2019 05:05, Heiko Schlittermann via Exim-users wrote: >> Ok, considering the importance of the information, @Jeremy, >> how big is the risk of braking anything, if we extend the default header >> information to include the TLS

Re: [exim] protecting privileged users from SMTP-AUTH attacks

Am 03.12.19 um 09:38 schrieb Heiko Schlittermann via Exim-users: > > After a password change, a "forgotten" device may cause blocking that > official IP, the "forgotten" device is masquerading as. This will > prevent other successfully configured devices to login from that IP. > > With your

Re: [exim] Problem with tls_certificate and multiple domains

Am 16.10.19 um 17:13 schrieb Mike Tubby via Exim-users: > All of my users connect to post.thorcom.com as their server (outgoing > SMTP; or incoming IMAP) and neither Exim or Dovecot needs SNI or > handle multiple certificates. > > I think Nospam2k is making it too complex? > > > Mike Yes, I

Re: [exim] Problem with tls_certificate and multiple domains

Am 16.10.19 um 19:25 schrieb Nospam2k via Exim-users: > Ok, so. In order to simplify. Let’s say I have several domains being hosted > by a server called maindomain.com providing > dovecot/exim as the mail servers. I want to be able to use each domain name > as the name

Re: [exim] How to suspend user to send emails, even to local domain?

Am 18.10.19 um 14:26 schrieb ersrpca001 ersrpca001 via Exim-users: > > Should I create a rule? > > Or should I create a limit to these 2 users, of sending zero emails? make SQL based authentication for SMTP-AUTH, enforce SMTP-AUTH, filter both user ids out in your sql query. Marius -- ## List

Re: [exim] data timeout on connection

Am 18.10.19 um 14:38 schrieb Jeremy Harris via Exim-users: > On 18/10/2019 13:06, Hardy via Exim-users wrote: >> And NOW: >> 2019-10-18T13:56:03.718183+02:00 mailfass exim[4587]: SMTP data timeout >> (message abandoned) on connection from hummus.csx.cam.ac.uk >> [131.111.8.88] F= >> >> Perhaps

Re: [exim] Problem with tls_certificate and multiple domains

Nospam2k (Mi 16 Okt 2019 08:05:05 CEST): >> Perhaps I should go about this a different way. I am going to be hosting >> multiple domains. Since it seems that $tls_in_sni is returning blank and/or >> can be unreliable, what is the best way to handle things? To just use a >> default domain for

Re: [exim] Problem with tls_certificate and multiple domains

Am 17.10.19 um 00:17 schrieb Viktor Dukhovni via Exim-users: > >> You will never know what to provide, as the servername is part of the >> initial greeting HELO. Your setup will fail every time, because it's too >> late when you find out what to use. See below why . > This is false, neither the

Re: [exim] All mail to gmail address goes to spam. Everywhere else is fine

Am 17.10.19 um 18:23 schrieb Nospam2k via Exim-users: > I have disabled IPv6 on Exim. Is this necessary for gmail? IPv6 ? no. Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list -

Re: [exim] $tls_in_sni is blank

Am 17.10.19 um 21:41 schrieb Nospam2k via Exim-users: > > TLS error on connection from (openssl.client.net) [76.14.5.213]:57315 > I=[107.180.239.134]:587 (SSL_CTX_use_certificate_chain_file > file=/etc/letsencrypt/live//fullchain.pem): error:0200100D:system > library:fopen:*Permission denied* >

[exim] protecting privileged users from SMTP-AUTH attacks

Look who is trying to break into our system and how he does try it ... 2019-11-29 12:23:19 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "root" H=[117.4.84.45] next input="default\r\n" 2019-11-29 12:23:20 SMTP protocol synchronization

Re: [exim] protecting privileged users from SMTP-AUTH attacks

Am 02.12.19 um 11:08 schrieb Jeremy Harris via Exim-users: >> Is it possible to detect it in an ACL before exim itself rejects the >> client by the default number of protocol violations? > Detect what, precisely? That an ip is trying to abuse the auth mechanics and producing a lot of  "protocol

Re: [exim] protecting privileged users from SMTP-AUTH attacks

Am 01.12.19 um 14:48 schrieb Jeremy Harris via Exim-users: > On 29/11/2019 17:43, Cyborg via Exim-users wrote: >> which brings me to a quick question: has exim any build in support to >> protected privileged users like root from getting brute forced by this? > Exim provides

Re: [exim] remote access vulnerability in version 4.92-8+deb10u3

Am 30.11.19 um 19:41 schrieb Haines Brown via Exim-users: > >> The following address(es) have yet to be delivered: >>dng-boun...@lists.dyne.org: SMTP error from remote mail server >> after pipelined >> MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is >> prohibited through this

Re: [exim] protecting privileged users from SMTP-AUTH attacks

Am 02.12.19 um 11:48 schrieb Jeremy Harris via Exim-users: > On 02/12/2019 10:23, Cyborg via Exim-users wrote: >> That an ip is trying to abuse the auth mechanics and producing a lot of  >> "protocol synchronization error" messages, >> as normal clients won't do.

Re: [exim] New compromise...?

Am 25.09.19 um 11:49 schrieb Sebastian Nielsen via Exim-users: > Another way to deal with compromises is to IP-restrict the user accounts so > they can only login from where they are supposed to login from. > If ALL of your users "belong" to the same country - for example i fits a >

Re: [exim] New compromise...?

Am 25.09.19 um 12:11 schrieb Julian Bradfield via Exim-users: > Um, some people do occasionally travel, you know. > Solution: VPN.  Makes SMTP indirectly a 2FA ;) It also helps against surveilance and hacks. best regards, Marius -- ## List details at

Re: [exim] New compromise...?

Am 25.09.19 um 11:21 schrieb Heiko Schlittermann via Exim-users: > > In MAIL ACL (or later) you can block messages from authenticated users > if authenticated ID does not match the sender address, or you can > ratelimit on the authenticated ID > ehm.. we are talking about a hacked mail account,

Re: [exim] very large messages

Am 19.12.19 um 21:57 schrieb Jack Bailey via Exim-users: > Hello, > > I'd like to know if anyone else is getting these: > > In this message, this last line occurs over 191M times.  The message > is over 8GB.  I deleted a message earlier today that was over 45GB, > > Jack > If you did not add a 

Re: [exim] Problem with iPhone and Exim

Am 26.02.20 um 18:12 schrieb Rory Campbell-Lange via Exim-users: > > We've never had a problem with iPhones and exim. > Apple did cause problems with all sorts of clients and servers(exim,dovecot etc.. ), rangeing from desktop to mobile. In most cases, after a while it corrects itself. best

[exim] quick question to ipv6 and "not a valid ip address for the interface"

Hi, i have a ipv6 ip running, which starts with 2a02: as soon as i set a "interface = 2a02:."  in the remote transport, it get this: R=remoteusers T=remote_smtp defer (-1): "2a02" is not a valid IP address for the "interface" option for remote_smtp transport exim cuts the ip to the

  1   2   3   >