On 12/01/2023 15:23, Patrik Peng via Exim-users wrote:> Is it somehow possible
to use TLS encrypted connections when using a remote Spamassassin instance while
scanning at ACL time with `spamd_address`?
I couldn't find any hints in Exim's docs.
If the docs don't say something is supported,
On 09/01/2023 12:38, Graeme Fowler via Exim-users wrote:
Although it's unclear if it'll fix the issue cleanly, because there are two
symlinks before the actual file!
Theory goes that it walks to the end of a symlink-chain
(max 20 deep) and watches the real file.
--
Cheers,
Jeremy
--
##
On 09/01/2023 17:39, Andreas Metzler via Exim-users wrote:
On 2023-01-09 Cyborg via Exim-users wrote:
please take this text as it is, a study for a fail you could avoid, no
fingerpointing, no flaming, only suggestions what to look for/change in your
toolchains.
In early December 2022 the
On 09/01/2023 11:30, Cyborg via Exim-users wrote:
It may be a good idea to check for a new solution inside exim like auto reloading the
used cert every 24h's the server is running, if openssl3 is causing this
"detection" bug.
It wouldn't be an OpenSSL change. Exim (since 4.95) on both Linux
On 06/01/2023 08:12, Julian Bradfield via Exim-users wrote:
From time to time I get this. I know what the message means, and why
it happens, but why does this message go into the paniclog and disturb
me, when I don't care at all about it and can't see why I should?
You could perhaps configure
On 02/01/2023 11:52, Chris Emerson via Exim-users wrote:
A "dsearch with default on fail"
would help.
${lookup {$original_domain-bounce} dsearch,ret=full \
{$home/.mail/alias} \
{$home/.mail/alias/default-bounce} \
}
Am I missing some better way to do this?
If this is
On 04/01/2023 05:32, tt-admin via Exim-users wrote:
What we tried:
#testrouter:
# driver = manualroute
# senders =import...@example.net
# domains = example.com
# transport = remote_smtp
# route_list = * 192.168.178.1
And what happened?
--
Cheers,
Jeremy
--
## List details at
On 04/01/2023 00:59, secure_1--- via Exim-users wrote:
Is it possible to use a condition statement to evaluate message size in the
routerstart?
Not sure what you mean by "routerstart", but yes, except where the documentation
says otherwise a variable that is valid in a transport will also be
On 02/01/2023 09:39, Laura Williamson via Exim-users wrote:
got a few of these the last couple of days, only to outlook365 servers. Looked
on google and it seems to be a random thing that happens with MS. I tried to
look in the docs how to move a message to another server for spooling but I
On 27/12/2022 20:06, Carlo via Exim-users wrote:
[<-] 250 OK id=1pAG1K-000ei8-1y
This response says that Exim accepted the message.
It'd better be subtly different for the each message.
What does the exim log say?
--
Cheers,
Jeremy
--
## List details at
On 27/12/2022 14:47, Daryl Richards via Exim-users wrote:
Perhaps time to file a bug?
Yes. Please include a copy of your config.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with
On 26/12/2022 04:12, Askhat Tokabay via Exim-users wrote:
I found in the documentation:
Delivery processes may be started as a
result of a message’s arrival, by a queue runner process,
or by an administrator using the -M option.
The question is the following:
Can you tell me who starts the
On 23/12/2022 12:32, Daniel Müller via Exim-users wrote:
Dec 23 13:23:50 dommaster fetchmail[546638]: SMTP connect to localhost failed
You broke something. Check the config syntax after your edit.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
On 23/12/2022 10:25, Mueller via Exim-users wrote:
But only internal emails are scanned. Emails fetched by fetchmail are not
scanned.
How do I configure rspamd/exim to scan incoming mails from fetchmail?
My config so far:
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
On 20/12/2022 20:40, Johnnie W Adams via Exim-users wrote:
In this particular case, the message is not deliverable because the address
no longer exists--but how would I know that if I hadn't seen the bounce
message? I have to learn that at some point in the cycle.
Assuming this "you" with an
On 20/12/2022 19:49, Johnnie W Adams via Exim-users wrote:
I'm tempted at this point to throw the bounces away rather than go out of
my way to process them. That rubs me the wrong way, though. What should I
be doing?
As I said before: not accepting the original in the first place.
Which means
On 20/12/2022 17:12, Andreas Metzler via Exim-users wrote:
Is there a security impact of the bug?
Nope. Logging only... and only if you've written your
config to try and save an 8 kB (with the release size of
log buffer) log message.
I guess, if you have, an attacker could induce a lot of
On 20/12/2022 16:55, Johnnie W Adams via Exim-users wrote:
but I don't see where
the bounce message has one, so I'm going to say "The failing bounce message
has an empty MailFrom"
Bounces have an empty envelope from. Always.
You don't want the possibility of a bounce from a bounce, is why.
On 19/12/2022 22:18, Johnnie W Adams via Exim-users wrote:
What I am left not understanding
is how to route such messages to our inbound node rather than out to the
internet.
We'd need to know what the env-from on the original was. You seem to have
munged it, which makes it tricky to help.
On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
logwrite =
${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
Thanks for locating this so precisely.
Fix pushed: 1ed24e36e279
--
Cheers,
Jeremy
--
## List details at
On 19/12/2022 21:33, Johnnie W Adams via Exim-users wrote:
# exigrep R=1p7Hiz-00010h-3B main.log
Without the "R=".
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list -
On 19/12/2022 19:55, Johnnie W Adams via Exim-users wrote:
I shouldn't be, and I believe in fact I am not (except briefly in error).
What still puzzles me, though, is what my MUA is and why it's routing to
the wrong destination. I'd drawn the tentative conclusion the problem was
postfix, but I
On 19/12/2022 18:56, Johnnie W Adams via Exim-users wrote:
That's the thing. We have an inbound and an outbound server, each running
Exim as an MTA. DKIM signing happens at the inbound server, so all mail is
to pass through it. Local mail generated on the outbound server (the client
in this
On 19/12/2022 17:22, Johnnie W Adams via Exim-users wrote:
Dec 19 10:02:22 mailserver2 systemd: Stopping Exim Mail Transport Agent...
It's not Exim taking action, deciding to stop; it's systemd.
Perhaps systemd has decided that the two are exclusive?
I'm unsure why you'd ever want both,
On 17/12/2022 15:03, Mike Tubby via Exim-users wrote:
Hi All,
Has something changed w.r.t. FTP access to exim.org?
I have downloaded new versions of Exim for years using FTP CLI but now I can't
files from two different hosts and with 'active' or 'passive' modes.
Works for me; f36:
ftp> get
On 16/12/2022 04:41, Victor Sudakov via Exim-users wrote:
Like moving
the check into the routers somehow?
That is the simpler course, given you already have the affix-handling
in the routers. Just use a verify=recipients ACL condition (that runs
the router chain to test for routability)
On 14/12/2022 13:56, Mueller via Exim-users wrote:
is there a good howto making exim work with rspamd?
https://exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html#SECTscanspamass
--
Cheers,
Jeremy
--
## List details at
On 13/12/2022 16:10, The Doctor via Exim-users wrote:
what should I be looking for?
Logs. Both ends.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list -
On 13/12/2022 05:23, The Doctor via Exim-users wrote:
Should DB5 be replaced by tokyocabinet ?
There are already several alternatives. DBM isn't
even the default in the source these days.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim
On 11/12/2022 18:34, Slavko via Exim-users wrote:
In case of STARTTLS, it makes no sense for me in connect ACL,
but there it works. In helo ACL it makes sense for me, eg. to skip
checks for second EHLO (after STARTTLS), especially with the
same HELO (EHLO) name as before. What i miss here?
On 12/12/2022 09:21, Victor Sudakov via Exim-users wrote:
acl_check_dkim:
accept add_header = :at_start:${authresults {$primary_hostname}}
It's generally better to use ${authresults } in the data ACL, so that it
can pick up other results even when the message wasn't DKIM-signed.
Also,
On 10/12/2022 20:13, Slavko via Exim-users wrote:
Dňa 10. decembra 2022 17:01:52 UTC používateľ Jeremy Harris via Exim-users
napísal:
Yes, for SNI it have to be after the first bit of the TLS startup
exchange.
Now i am confused. I read that commit (docs changes), but it
is not clear for me
On 10/12/2022 16:27, Slavko via Exim-users wrote:
Dňa 8. decembra 2022 21:37:32 UTC používateľ Jeremy Harris via Exim-users
napísal:
We could just drop the connection at the TCP level, silently; that wouldn't
be hard to code. I don't think it'd make any difference to a client
that didn't
On 09/12/2022 10:43, Jeremy Harris via Exim-users wrote:
The message looks like a courtesy note only, saying "I'm no longer prepared to
TLS-renegotiate this sort of connection"; something that TLS endpoints have
always
been permitted to do for any class of TLS connection, and no
On 09/12/2022 10:33, Cyborg via Exim-users wrote:
since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:
TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled
For SMTP/TLS? Involving Exim?
The message looks like a courtesy note
On 08/12/2022 20:42, Slavko via Exim-users wrote:
Dňa 8. decembra 2022 14:33:01 UTC používateľ Jeremy Harris via Exim-users
napísal:
For those, use the main-config option "host_reject_connection" rather than the
connect ACL - it operates before the TLS startup for TLS-on-connect po
On 08/12/2022 13:26, The Doctor via Exim-users wrote:
tcp4 0 0 midwest.ab.ca.smtps5.34.207.58.62078 SYN_RCVD
tcp4 0 0 204.209.81.122.smtps 5.34.207.77.62962 SYN_RCVD
tcp4 0 0 204.209.81.102.smtps 5.34.207.195.9246 ESTABLISHED
tcp4 0
On 07/12/2022 15:34, The Doctor via Exim-users wrote:
How do you block a whole Class C like
5.34.207.0/24 using the configuration file?
Make a start by reading the manual, about ACLs
and hostlists.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
On 05/12/2022 23:31, Jasen Betts via Exim-users wrote:
I'm getting this error panic
"bad memory reference; pool not found, at gstring_grow 1124"
at a acl logwrite in an ${acl expansion in a router
the logwrite is over-size and thus truncated in the debug message
then it crashes.
it seems to
On 05/12/2022 15:38, Bill Cole via Exim-users wrote:
If you use relaxed instead of relaxed/relaxed, the unspecified body canonicalization is
"simple" which is never what anyone should use.
It shouldn't be. The docs say:
"the current implementation only supports signing with
the same
On 05/12/2022 05:46, Victor Sudakov via Exim-users wrote:
Can you give me an address to send a test mail to on one of your
Debian receivers?
I cannot; that was an internal-only test VM, not internet-facing.
The body-hash differing implies, I think, that the signature algorithm isn't
On 04/12/2022 06:33, Victor Sudakov via Exim-users wrote:
I have sent 10 short messages from the library.tomsk.ru host:
echo "test test" | mail -s "test test" vas@XX vas@YY
and its 10 times dkim=pass on FreeBSD and 10 times dkim=fail on Debian
so I guess it's consistent.
However,
On 04/12/2022 11:33, Michael Haardt via Exim-users wrote:
Is it possible that the failing system does not accept 8bitmime?
Reencoding the message would break DKIM.
Only if there's a non-exim gateway on the path we've
not been told about. Exim doesn't recode.
--
Cheers,
Jeremy
--
## List
On 03/12/2022 23:45, exim-users--- via Exim-users wrote:
I'll update the Ubuntu bug, when you have a bug reference or something similar.
Commit 44b6e099b76f in the exim project git.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details
On 03/12/2022 20:59, exim-users--- via Exim-users wrote:
Stripping down (removing the if and all quote) to following condition works:
condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
$sender_host_address --identity \
--scope mfrom
On 03/12/2022 16:39, exim-users--- via Exim-users wrote:
It fails on expanding the condition, which is part of the exim configuration
from Ubuntu/Debian:
deny
condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
${quote:$sender_host_address} --identity \
On 02/12/2022 16:54, Victor Sudakov via Exim-users wrote:
I have an exim 4.95 installation sending DKIM-signed mails to two
other exim servers. On one of the receiving servers (FreeBSD,exim-4.95_5),
I see that the DKIM check is successful:
Authentication-Results: XX;
iprev=pass
On 30/11/2022 10:02, DIARRA Douba Samuel via Exim-users wrote:
I would like to enable the "recall message in exim" feature.
Exim has no such feature.
The SMTP standards do not support any such feature.
You may be thinking of something supported within Microsoft-only
private enclaves.
--
On 29/11/2022 23:39, Adam Nielsen via Exim-users wrote:
Is there any sort of test mode I can use to see how exactly Exim is
passing the message to SA so I can further debug the problem?
Exim takes commandline options to request debug.
--
Cheers,
Jeremy
--
## List details at
On 23/11/2022 00:16, Dengler, Gabriel via Exim-users wrote:
I want to store the incoming e-mails using the Maildir file format encrypted by
using some symmetric encryption using the user's password
It seems like a generally valuable concept - but I'd think that assymetric
encryption
of the
On 21/11/2022 21:41, Julian Bradfield via Exim-users wrote:
Is there a way to get more information?
Oh, yes, do ensure you're running with Exim's debug facilities
enabled. Commandline option or ACL modifier.
--
Cheers,
Jeremy
--
## List details at
On 21/11/2022 21:41, Julian Bradfield via Exim-users wrote:
I should like to know what's happening here:
2022-11-21 21:10:42 TLS error on connection from r218.notifications.rbs.co.uk
[130.248.154.218] (gnutls_handshake): A TLS fatal alert has been received.
However, I can't see how to get any
On 21/11/2022 08:14, Laura Williamson via Exim-users wrote:
Have a bit of an issue. When sending out emails out exim select an interface
like this
interface = ${lookup sqlite {SQLITE_Q_USERINTERFACE select ip from interface
where active='Y' order by random() limit 1}{$value}}
helo_data =
On 17/11/2022 16:36, Martin Clayton via Exim-users wrote:
So, sorry to be a tainted dummy, but I'm still left wondering how to deal with
this.
Look at your line:
{exists{VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/${extract{1}{=!&/}{$item}{$value}{$item
The filename there is
On 16/11/2022 14:06, Martin Clayton via Exim-users wrote:
Removing the rhsbl services (i.e, $sender_address_domain) and all is well.
Looks like I guessed wrong. I'm wondering why this taint error isn't widespread
-- could it be $filter/exists specific?
Aha! (otherwise pronounced
On 16/11/2022 14:06, Martin Clayton via Exim-users wrote:
Moving an old system to exim 4.94.2 I'm hitting a taint error with
$dnslist_domain. That's a bit surprising as it's 100% internally defined --
there's nothing the outside world can do to change its possible values.
I'm not immediately
On 14/11/2022 12:31, Cyborg via Exim-users wrote:
The thought here is: Why was $acl_m9 escaped as it was inserted into itself and
i.e. $sender_address was not, when it was used in a string?
https://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#vi184
"If the option
On 11/11/2022 14:12, Adam Stackhouse via Exim-users wrote:
the sources simply keep a tag
release of 4.96 and any future changes are expected to be patched in by the
user building exim using the source?
This.
Another option for you, if you want bleeding-edge, would be a git tree.
--
Cheers,
On 10/11/2022 21:27, Victor Ustugov via Exim-users wrote:
# exim -be '${if match{abc}{\N^(\S+)\s*(\S.+)*$\N}{$2}{}}'
2022-11-10 23:14:51 [15433] SIGSEGV (fault address: 0x1)
Thanks for the report. Raised bug 2933.
--
Cheers,
Jeremy
--
## List details at
On 08/11/2022 15:17, Frank Richter via Exim-users wrote:
Does anybody has a hint how to keep the subaddress to the lmtp transport?
Don't have your global-aliases strip them?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
On 08/11/2022 10:30, Mark Elkins via Exim-users wrote:
mje+e...@posix.co.za - rather than my usual address of m...@posix.co.za
https://exim.org/exim-html-current/doc/html/spec_html/ch-generic_options_for_routers.html
local_part_suffix
--
Cheers,
Jeremy
--
## List details at
On 31/10/2022 21:57, Dengler, Gabriel via Exim-users wrote:
Currently unsolved is a problem regarding the LD_LIBRARY_PATH: in Gramine, you
can define which libraries have to be loaded.
If that operates by setting an LD_LIBRARY_PATH env var,
you could try adding that to the main-config option
On 01/11/2022 06:28, Brent Clark via Exim-users wrote:
I would like to run exim to use MariaDB's inherent TLS / SSL functions.
Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to
define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem
to.
I
On 30/10/2022 15:37, Andreas Metzler via Exim-users wrote:
a) Yes, but. It would be very nice if the whole exim distribution had
correct per-file attribution/copyright/license. However it is going to
be quite a bit of work and it is the type of work with - well - limited
appeal for many.
Would
Does anyone have opinions on the licensing of Exim?
The project front-page ( https://exim.org/index.html )
says "under the terms of the GNU General Public Licence",
and links to the GPL page (which primarily promotes GPLv3,
though older versions are present deeper in that site).
The earliest
On 26/10/2022 05:20, Ronaldo Luiz via Exim-users wrote:
I'm getting messages locked on Exim Queue for a lot of hours, usually for
days and I need to restart Exim to clean the queue.
Is there one message, locked by one process, for all that time?
Or is the issue just that you see messages
On 25/10/2022 09:10, Cyborg via Exim-users wrote:
2022-10-25 07:36:45 1onCcF-002IAu-0b malware acl condition: clamd : unable to
send file body to socket (83.x.x.x): Broken pipe
That "broken pipe" is from the "malware" ACL condition code sending
the mail message data to clamd via a TCP
On 17/10/2022 22:58, Heiko Schlittermann via Exim-users wrote:
how do you deal whith incoming messages having a Thread-Index header (an
other header indicates that the originating MUA was MS Outlook 16.0)
with about 1200 chars.
As a longterm goal in handling this and the References: header,
On 20/10/2022 22:07, Ian Kelling via Exim-users wrote:
I've had yahoo return a temporary error which says roughly "don't
email any of our mx hosts for a while".
As Gedalya says, it makes a difference whether you're getting
an error applying to the message or one applying to the host
you're
On 20/10/2022 22:07, Ian Kelling via Exim-users wrote:
I want to run queue runners fast (like every minute) in
order to send a lot of mail fast (but slower than I receive it)
If you run two-phase queue-runners, they ramp up *fast*
when significant numbers of spooled messages appear.
--
Cheers,
On 20/10/2022 20:01, Lena--- via Exim-users wrote:
I propose to include in default Exim config (in rcpt ACL)
a code which checks whether the server is blocked by t-online.de
I don't think it should be the Exim project doing that,
in the default configuration of the Exim release,
if that's what
On 18/10/2022 13:58, Patrick Porteous via Exim-users wrote:
I've recently started receiving the following message in my log files when
sending to one host:
2022-10-18 07:12:45 H=example.com [###.###.###.199]: a TLS session is required,
but an attempt to start TLS failed
2022-10-18 07:12:45
On 16/10/2022 11:06, Heiko Schlittermann via Exim-users wrote:
a recent change in the dmarc.c makes your animals failing the DMARC
checks for tests using HEAD (default branch "master").
If you link against the 1.3.x libopendmarc, you need an additional
Local/Makefile option "DMARC_API=100300"
On 16/10/2022 11:24, Patrick Porteous via Exim-users wrote:
I am trying to troubleshoot a sending issue on my server. I have a few hundred
messages that are stuck in the /var/spool/exim/input queue. Can I shutdown the
exim server process and move those files to another location and then move
On 14/10/2022 10:18, Mikhail Golub via Exim-users wrote:
What is meant by "normalized content"?
Interpreting the sourcecode, it looks like:
stuff up to the first ; is dropped, then a 2047-decode is done.
--
Cheers,
Jeremy
--
## List details at
On 13/10/2022 20:41, Mikhail Golub via Exim-users wrote:
Content-Disposition: attachment;
filename="=?windows-1251?B?wevg7eog7/Du7+7n6Pazvy5kb2N4?="; size=48777;
Here: ^
creation-date="Wed, 25 Aug 2021 08:33:00 GMT";
On 13/10/2022 17:57, Mikhail Golub via Exim-users wrote:
How can I get "raw" $mime_filename ?
In Exim - "headers_charset = UTF-8".
And if file name of attachment not in utf8 i have a problem with log display.
Example from log, $mime_filename:
"▒▒ ▒▒▒ 12_10_22.xlsx"
Have a look at
On 11/10/2022 13:26, Urs Janßen via Exim-users wrote:
I run an outbound gateway (4 nodes) behind a F5 which shall (sic) be
relocated into a diffrent network and the new LB can't preserve the senders
IP but can do proxy protocol...
Currently I do use smtp_accept_reserve / smtp_reserve_hosts to
On 09/10/2022 16:39, Andrey via Exim-users wrote:
Nginx and Exim on the same host, Nginx runs as a smtp proxy for exim.
How to make proxy support work in exim?
Looking at the nginx docs pages I suspect that nginx is only
being an smtp forwarding MTA, talking SMTP to the eventual
On 07/10/2022 14:21, Dave Mal via Exim-users wrote:
DNS lookup of s1._domainkey.sendgrid.com. (TXT) gave TRY_AGAIN
s1._domainkey.sendgrid.com. in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: MAIN
PDKIM: d=sendgrid.com s=s1 [failed key import]
PDKIM [sendgrid.com]
On 05/10/2022 21:50, Dave Mal via Exim-users wrote:
Is it the fact I'm getting CNAME's back instead of a TXT causing this to fail
or is it the lack of the V field or something else I'm missing ?
I don't think either of those should matter.
Suggest enabling targeted debug for these domains,
On 07/10/2022 10:54, Luca Bertoncello via Exim-users wrote:
Unfortunately, both headers are not set...
I'm really puzzled, since on other server I can add an header in acl_check_data with
"warn message = ..."...
Any idea?
How are you testing it? Have you use the debug facilities?
--
Cheers,
On 03/10/2022 18:08, Jeremy Harris via Exim-users wrote:
Could the min/max protocol stuff mentioned in
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
be affecting it?
Exim has no SSL_CONF_* calls currently; probably never has in it's
history.
Bingo. The value given
On 30/09/2022 21:33, Viktor Dukhovni via Exim-users wrote:
On Fri, Sep 30, 2022 at 09:18:08PM +0100, Jeremy Harris via Exim-users wrote:
On 30/09/2022 20:28, Viktor Dukhovni via Exim-users wrote:
Does "s_client -tls1_1 -cipher ALL:@SECLEVEL=0" work? Let's first
sort that out.
On 30/09/2022 20:28, Viktor Dukhovni via Exim-users wrote:
Does "s_client -tls1_1 -cipher ALL:@SECLEVEL=0" work? Let's first
sort that out.
It does not. The same Fatal Alert.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
On 30/09/2022 19:17, Viktor Dukhovni via Exim-users wrote:
openssl_options = -no_sslv3 -no_tlsv1_1 -no_tlsv1
doesn't change the result.
That sets a floor, rather than clearing it. You're explicitly
turning off SSL 3.0, TLS 1.0 and TLS 1.1.
No. This is the exim option not an s_client
On 30/09/2022 18:34, Viktor Dukhovni via Exim-users wrote:
Do you also have a TLS version floor? "protocol version" sure sounds
like it.
Not as far as I know, and
openssl_options = -no_sslv3 -no_tlsv1_1 -no_tlsv1
doesn't change the result.
There is indeed a "protocol version" fatal alert
On 30/09/2022 16:46, Viktor Dukhovni via Exim-users wrote:
00C0C6000800:error:0A0C0103:SSL
routines:tls_process_key_exchange:internal error:ssl/statem/statem_clnt.c:2254:
I'll try to find some time to file a bug. Feel free to beat me to it.
Actually, this is expected behaviour:
On 30/09/2022 15:48, Jeremy Harris wrote:
OpenSSL 3.0.5 5 Jul 2022 running on Fedora 36
I think using the distro standard package
openssl-1:3.0.2-4.fc36.x86_64
(though I note the numbers don't exactly line up)
Correction: openssl-1:3.0.5-1.fc36.x86_64
probably from the Fedora "up
On 30/09/2022 15:33, Viktor Dukhovni via Exim-users wrote:
On Fri, Sep 30, 2022 at 02:04:51PM +0100, Jeremy Harris via Exim-users wrote:
Note that this client won't work against current OpenSSL
default builds.
When you say "current" you mean 3.1-dev? What is the observed fa
On 30/09/2022 09:14, Jeremy Harris via Exim-users wrote:
On 30/09/2022 06:06, Jasen Betts via Exim-users wrote:
It seems to be ALPN causing the problem.
this was the commit that "broke" it...
commit f50a063dc0b96ac95b3a7bc0aebad3b3f2534c02 (HEAD)
Curious, given that the testsuite
On 30/09/2022 09:11, Jasen Betts via Exim-users wrote:
Testssl.sh primes its ALPN requests based on the port number used
What does it use for 25/465/567 ? I don't know of an actual Standard;
I just picked the obvious for Exim.
--
Cheers,
Jeremy
--
## List details at
On 30/09/2022 06:06, Jasen Betts via Exim-users wrote:
It seems to be ALPN causing the problem.
this was the commit that "broke" it...
commit f50a063dc0b96ac95b3a7bc0aebad3b3f2534c02 (HEAD)
Curious, given that the testsuite makes non-ALPN connections
all over the place. I'll try to
On 29/09/2022 19:11, Johnnie W Adams via Exim-users wrote:
So my next step, I think, is
to add a DKIM header for the second pass through our SMTP servers.
I'd be tempted to add that signature and not add the other two.
You should not be removing any that you were not responsible
for adding.
On 29/09/2022 16:28, Johnnie W Adams via Exim-users wrote:
tell Exim to remove any DKIM signatures from inbound mail. That
way, when mail leaves our data center, it'll be signed only at the point of
departure.
Can this be done? It's not obvious from the documentation.
On 29/09/2022 05:59, Viktor Dukhovni via Exim-users wrote:
But does the server support TLS 1.1 and
below? Perhaps Exim (or GnuTLS) defaults to TLS 1.2 or higher?
This will depend on the main-config option "tls_require_ciphers",
which for GnuTLS is a "priority string". See the Gnutls docs,
On 29/09/2022 01:37, Jasen Betts via Exim-users wrote:
The documentation for ${run gives conflicting guidance on tainted values.
The "conflicting" sections are for different options on the expansion.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
On 28/09/2022 21:10, Viktor Dukhovni via Exim-users wrote:
You need to analyse some failed handshake full-packet captures with
"tshark", and collected detailed logs from the clients that are having
problems.
For Exim, that's "-d-all+tls" as a minimum.
--
Cheers,
Jeremy
--
## List details
On 28/09/2022 13:30, Eric Grammatico via Exim-users wrote:
Yes, but don't know where to look. I tested pwauth with no success until now...
So, does this "pwauth" thing log anything? Could you modify it to do that?
--
Cheers,
Jeremy
--
## List details at
On 26/09/2022 19:05, Eric Grammatico via Exim-users wrote:
2022-09-26 16:15:24 [10] 1ocotI-0A-0g <= #xxx'uuss+...@grammatico.me
H=(localhost) [45.123.190.53] P=esmtpsa X=TLS1.2:AES256-GCM-SHA384:256 CV=no
A=login_server:#xxx'uuss+zzz S=736
The A= (and also the a on the end of
101 - 200 of 3189 matches
Mail list logo