[exim] A couple questions about strings expansion using ${addresses} from header
Hi, Firstly I wish all the best in 2021 year! I have a couple of cases which makes me scratching the head. 1. Difference in behaviour when I use "-be" vs "-bem": # cat /tmp/test2 From: =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= # exim -bem /tmp/test2 '${addresses:$h_from:}' -:bb...@jowisz.mejor.pl # exim -be '${addresses:$h_from:From: =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= }' =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= Why exim -bem adds hostname to parsed header? I expect exim should not add anything. Why exim doesn't add hostname in invocation with "-be"? Shouldn't behave in the same way? 2. comma in addresses: # cat /tmp/test2 From: =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= # exim -bem /tmp/test2 '${addresses:$h_from:}' -:a@a.a Why exim sees two addresses? There is no literally coma, comma is encoded with base64. There is in doc "It does not see the comma because it’s still encoded as "=2C" ", so meseems it still shouldn't interpret comma also for base64 3. "-be" vs "-bem". The same header as above. # cat /tmp/test2 From: =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= # exim -bem /tmp/test2 '${addresses:$h_from:}' -:a@a.a vs # exim -be '${addresses:$h_from:From: =?utf-8?B?YWFhYS1hYWFhLCBiYmJiYg==?= }' a@a.a Shouldn't be result of expansion the same in both cases? 4. All above was because I wanted to reject messages when header From is more than once in email:) I did: ${if >{${listcount:${addresses:$h_from:}}}{1}{yes}{no}} which triggered a couple of problems described earlier. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Question about header syntax
W dniu 28.11.2016 o 16:27, Heiko Schlittermann pisze: > Marcin Mirosław <mar...@mejor.pl> (Mo 28 Nov 2016 14:31:23 CET): >> Hi! >> Because my understanding of english language isn't enough to correctly >> read RFC5322 I'd like to ask you about syntax of address-list used in >> header. >> Is header: >> To: x...@zz.yy <x...@zz.yy> >> syntactically correct header? > > In case you trust Exim: I wanted to check if exim does it correctly:) > Compare > > exim -be '${address:x...@zzz.de <a...@xyz.de>}' > exim -be '${address:"x...@zzz.de" <a...@xyz.de>}' Thank you for all answers! Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Question about header syntax
Hi! Because my understanding of english language isn't enough to correctly read RFC5322 I'd like to ask you about syntax of address-list used in header. Is header: To: x...@zz.yysyntactically correct header? Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] What (= in log means?
W dniu 24.11.2016 o 16:04, Heiko Schlittermann pisze: > Hi Marcin, > > Marcin Mirosław <mar...@mejor.pl> (Do 24 Nov 2016 15:26:40 CET): >> Hi! >> I just found in exim log something strange for me. >> This is snippet from log: >> 2016-11-24 15:17:11 [32497] 1c9upo-0008S9-2c H=([37.255.216.195]) >> [37.255.216.195] I=[81.4.122.249]:25 Warning: testing rspamd: rspamd:: >> X-Rspamd_score_int: 396 X-rspamd_action: reject ; spamassassin:: X-Spa >> m_score_int: 331 X-Spam_action: reject >> 2016-11-24 15:17:11 [32497] 1c9upo-0008S9-2c (= at...@occbs.com > … > > is it possible to send it w/o linebreaks? > What log options do you use? Some of the new ones (syslog_pid, > syslog_timestamp)? I just found it. It was exim-4.88-rc2, so I looked into doc inside repository: JH/17 Fakereject: previously logged as a norml message arrival "<="; now distinguished as "(=". Thanks!:) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] What (= in log means?
Hi! I just found in exim log something strange for me. This is snippet from log: 2016-11-24 15:17:11 [32497] 1c9upo-0008S9-2c H=([37.255.216.195]) [37.255.216.195] I=[81.4.122.249]:25 Warning: testing rspamd: rspamd:: X-Rspamd_score_int: 396 X-rspamd_action: reject ; spamassassin:: X-Spa m_score_int: 331 X-Spam_action: reject 2016-11-24 15:17:11 [32497] 1c9upo-0008S9-2c (= at...@occbs.com H=([37.255.216.195]) [37.255.216.195] I=[81.4.122.249]:25 P=esmtp S=5569 M8S=0 id=41BA8E3D2F75099C6753E0F2A8D441BA@D3471I2WA for marcin@mejor.p l 2016-11-24 15:17:14 [32668] 1c9upo-0008S9-2c => marcinR=spam_fakereject_kopia T=spam_transport_kopia ST=spam_transport_sc QT=6s 2016-11-24 15:17:14 [32668] 1c9upo-0008S9-2c Completed I don't know what "(= at...@occbs.com" means. I quickly looked at http://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html but I can't find the answer. exim -bV Exim version 4.88 #1 built 10-Oct-2016 13:51:40 Copyright (c) University of Cambridge, 1995 - 2016 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016 Berkeley DB: Berkeley DB 4.8.30: (2014-12-18) Support for: crypteq iconv() IPv6 Expand_dlfunc OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR Experimental_SRS Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd pgsql Authenticators: cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/exim/exim.conf Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] 2nd Stage DNS blocking
W dniu 11.10.2016 o 17:18, Hardy pisze: > Thanks for all your input. But some of you missed my point. I admit, the > subject is OT, and I was too lengthy in explanation. > > Shorter > We DO accept mail from a trusted host, not under our control. THAT hosts > was tricked to accept spam. To identify this, we have no other choice > than to look at data, and I was especially thinking about "Received > from" headers. > Okay, I think this thread is exhausted, unless you still have some > exceptional idea now. > > Sorry for the initial confusion, thanks for your feedback. Hi! Why don't you use Spamassin for identify a spam? In SA configuration you should add addresses of "trusted host not under your control" in "trusted_networks" options. It makes SA to ignore last Received line beacuse this is trusted host. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] 2nd Stage DNS blocking
W dniu 07.10.2016 o 12:59, Hardy pisze: > Hi folks, > > 2nd Stage DNS blocking > I could imagine I am not the first with this idea, and there is already > a proper name for it. Let me describe: > We receive spam via the usual MTA chain. Sometimes we receive mail from > (free) mail providers like gmail and yahoo. Sometimes we fetchmail these > latter ones to feed them to our MX. > We only check the connecting server, and in some of the examples above > it might even be trusted. But that one was tricked to take spam before. > Random samples show me: We would not have taken most of the spam from > the intermediate or even originating MTA or sender. I would like to run > these "Received from" addresses against dnslists and/or blacklists in > files. > You obviously cannot do this before the acl data. I am not a regex wiz, > and I think one needs an external script anyway to extract IPs. Hints? > Ideas? > Has anyone done before? Hi! User proper tool for proper thing. Use tuned spamassassin or rspamd to do it. E.g. use SA instance with only rbl rules for lightweit check. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] av_scanner doesn't accept options like pri=, weight=
W dniu 05.09.2016 o 16:40, Jeremy Harris pisze: Hi! > On 05/09/16 15:07, Marcin Mirosław wrote: >> I noticed that I can't use additional options (available for >> spamd_address) in av_scanner. Especially I'm missing "pri= " >> modifier. > > Add yourself to bug 1585. > >> I'd like to bring attention to mail: >> https://lists.exim.org/lurker/message/20160819.071333.37230507.en.html >> It would be nice to here "yes" in answer but if it's not possible it >> would be enough to hear any answer;) > > It'll happen when the devs get together enough energy and enthusiasm. > See https://github.com/Exim/exim/wiki/EximReleasePolicy Hmm, what do you think, could something like http://beer2buds.com/ bring some positive fluids to devs? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] av_scanner doesn't accept options like pri=, weight=
Hi! I noticed that I can't use additional options (available for spamd_address) in av_scanner. Especially I'm missing "pri= " modifier. I'd like to bring attention to mail: https://lists.exim.org/lurker/message/20160819.071333.37230507.en.html It would be nice to here "yes" in answer but if it's not possible it would be enough to hear any answer;) Thank you, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim + grsecurity + ssl = dos
W dniu 01.06.2016 o 15:05, Renaud Allard pisze: > > > On 06/01/2016 12:32 PM, Samuel wrote: >> >> Le 01/06/2016 à 11:24, Jeremy Harris a écrit : >>> On 31/05/16 18:44, Samuel wrote: 2016-05-31 05:55:44 TLS error on connection from researchscan258.eecs..edu (eecs..edu) [1XX.212.XXX.3] (gnutls_handshake): Could not negotiate a supported cipher suite. 2016-05-31 05:55:44 H=researchscan258.eecs..edu (eecs..edu) [1XX.212.XXX.3] Warning: erreur : tls-failed >>> OK, cipher-suite mismatch... >>> /var/log/syslog : May 31 05:55:44 anemone-mailin-01 kernel: [4547900.677897] traps: exim4[23055] general protection ip:6664ddc0bad6 sp:7483826d3710 error:0 in libc-2.19.so[6664ddba2000+1a2000] >>> Oops! >>> So if I understand well, A special craft ssl request can cause DOS on Exim on Grsecurity kernel ? >>> Not all that crafted; just a choice of ciphers. >> >> Is this a problem from my side ? Do I have to do someting ? >> > > Given the name of the host researchscanXXX, may I assume you have used a > server to test the crypto? So if it has indeed attempted some kind of > brute force, maybe grsec was right. > > Some grsec features should be used with great precautions. This is not a > magical recipe. Hi! I don't know if it help. I also have conenction from researchscan but without any segfault.: # bzgrep 13810 /var/log/exim/exim_main.log-20160531* 2016-05-30 12:51:28 [13810] TLS error on connection from researchscan258.eecs.umich.edu (eecs.umich.edu) [141.212.122.3] I=[81.4.122.249]:25 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2016-05-30 12:51:28 [13810] TLS client disconnected cleanly (rejected our certificate?) # exim -d --version Exim version 4.87 #1 built 08-Apr-2016 14:04:45 Copyright (c) University of Cambridge, 1995 - 2016 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016 Berkeley DB: Berkeley DB 4.8.30: (2014-12-18) Support for: crypteq iconv() IPv6 Expand_dlfunc OpenSSL Content_Scanning Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SRS Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd pgsql Authenticators: cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Compiler: GCC [4.9.3] Library version: OpenSSL: Compile: OpenSSL 1.0.2g 1 Mar 2016 Runtime: OpenSSL 1.0.2h 3 May 2016 : built on: reproducible build, date unspecified Library version: PCRE: Compile: 8.38 Runtime: 8.38 2015-11-23 WHITELIST_D_MACROS unset TRUSTED_CONFIG_LIST unset Exim version 4.87 uid=0 gid=0 pid=5705 D=fbb95cfd changed uid/gid: forcing real = effective uid=0 gid=0 pid=5705 auxiliary group list: changed uid/gid: calling tls_validate_require_cipher uid=8 gid=12 pid=5706 auxiliary group list: tls_require_ciphers expands to "HIGH:!aNULL:!MD5!DES:!3DES" tls_validate_require_cipher child 5706 ended: status=0x0 openssl option, adding from 110: 100 (no_sslv2 +no_sslv3) openssl option, adding from 110: 200 (no_sslv3) configuration file is /etc/exim/exim.conf log selectors = 84fe 1621 cwd=/root 3 args: exim -d --version trusted user admin user changed uid/gid: privilege not needed uid=8 gid=12 pid=5705 auxiliary group list: 12 DSN: dnslookup_batv propagating DSN DSN: batv_redirect propagating DSN DSN: spam_fakereject_kopia propagating DSN DSN: uservacation propagating DSN DSN: virtual_user propagating DSN DSN: aliasy propagating DSN DSN: catchall propagating DSN DSN: dnslookup propagating DSN seeking password data for user "mail": cache not available getpwnam() succeeded uid=8 gid=12 originator: uid=0 gid=0 login=root name=root sender address = SNIP@CIACH Configuration file is /etc/exim/exim.conf # uname -a Linux jowisz 4.5.4-hardened-r2 #1 SMP Tue May 17 16:54:00 CEST 2016 x86_64 Intel(R) Xeon(R) CPU E5-2630 v2 @ 2.60GHz GenuineIntel GNU/Linux And I'm sure that grsec option in kernel I've got different than Samuel. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Hints in retry database has wrong MX - how to refresh MX records?
Hi! I've got such situation, when user sends email resolver find wrong MX records for domain (wrong or MX was changed in meantime). The email can't be delivered to MX due to connection timeout error. Now I can see that destination domain has different MX that those in retry database. How I can tell exim to refresh MXes for mails in queue? Have a nice day! Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Hints in retry database has wrong MX - how to refresh MX records?
W dniu 11.02.2016 o 12:45, Andrew C Aitchison pisze: > On Thu, 11 Feb 2016, Marcin Mirosław wrote: > >> Hi! >> >> I've got such situation, when user sends email resolver find wrong MX >> records for domain (wrong or MX was changed in meantime). The email >> can't be delivered to MX due to connection timeout error. Now I can see >> that destination domain has different MX that those in retry database. >> How I can tell exim to refresh MXes for mails in queue? > > exim_dumpdb exim_tidydb and exim_fixdb > > http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai > > > If you don't run exim_tidydb from cron > you might wish to consider doing so. > > In this case you may wish to use exim_fixdb for this particular case. Hi! Thanks, I used exim_tidydb -t 1m to clean database. And I discovered that problem is called PEBKAC:/ . I made a little typo when I checked MX records for domains. Thanks! Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] [EXIM] GeoIP it's posible?
W dniu 31.07.2015 o 17:46, Fabián M Sales pisze: Hello List. Exim exists the possibility of using GeoIP to countries that need can not be connected? Hello, you can also use: * mail-filter/exim-geoip Available versions: (~)0.1 Homepage:http://dist.epipe.com/exim/ Description: This is an IPv4 and IPv6 capable GeoIP dlfunc library for Exim -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] event_action: one wish and one question
Hi! Thank you for tool more universal than TPDA. I wrongly configured event_action, I used too levels of brackets: event_action = ${if eq {msg:delivery}{$event_name} { {${lookup pgsql{SQL_POCZTA_WYCH}}} } } I added those line in transport. And then in main log I got: 2015-06-14 23:47:32 1Z4FfI-00048y-FX == aaa...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory I spent a couple of minutes to find out what was the reason of this. Could it be possible to add some more information to logged information that this error comes from event_action? I'd like to use more than one action in event_action (I'd like to insert tuple into database and add line to log, probably using perl{Exim::log_write}). What is correct syntax to have multiple actions in event_action? Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] event_action: one wish and one question
W dniu 2015-06-15 o 17:57, Jeremy Harris pisze: On 15/06/15 13:31, Jeremy Harris wrote: On 15/06/15 11:46, Marcin Mirosław wrote: I wrongly configured event_action, I used too levels of brackets: event_action = ${if eq {msg:delivery}{$event_name} { {${lookup pgsql{SQL_POCZTA_WYCH}}} } } I added those line in transport. And then in main log I got: 2015-06-14 23:47:32 1Z4FfI-00048y-FX == aaa...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory I spent a couple of minutes to find out what was the reason of this. Could it be possible to add some more information to logged information that this error comes from event_action? I'll have a think on that. The trouble here is that it was (probably) syntactically valid; the result of the expansion was not what you expected, but for this event it is ignored anyway - so there should not have been a semantic failure either. I'd like to see a debug run showing that it was actually the event that caused the defer. Hi! Thank you for both answers. I reproduced this situation on diffrent box, using such event_action: event_action = ${if eq {msg:delivery}{$event_name} { {${lookup pgsql{select 1}}} } } (I hope I didn't strip too much) # exim -d+all -M 1Z4Zop-00089J-CO 21:16:55 1086 Exim version 4.85 uid=0 gid=0 pid=1086 D=fffd Berkeley DB: Berkeley DB 4.8.30: (2014-12-18) Support for: crypteq iconv() IPv6 Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime PRDR OCSP Experimental_SRS Experimental_Event Experimental_DSN Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd pgsql Authenticators: cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Compiler: GCC [4.8.4] Library version: OpenSSL: Compile: OpenSSL 1.0.1o 12 Jun 2015 Runtime: OpenSSL 1.0.1o 12 Jun 2015 : built on: Sat Jun 13 19:59:56 2015 Library version: PCRE: Compile: 8.36 Runtime: 8.36 2014-09-26 21:16:55 1086 Total 12 lookups WHITELIST_D_MACROS unset TRUSTED_CONFIG_LIST unset 21:16:55 1086 changed uid/gid: forcing real = effective 21:16:55 1086 uid=0 gid=0 pid=1086 21:16:55 1086 auxiliary group list: none 21:16:55 1087 changed uid/gid: calling tls_validate_require_cipher 21:16:55 1087 uid=8 gid=12 pid=1087 21:16:55 1087 auxiliary group list: none 21:16:55 1086 tls_validate_require_cipher child 1087 ended: status=0x0 21:16:55 1086 configuration file is /etc/exim/exim.conf 21:16:55 1086 log selectors = 04fe 00232321 21:16:55 1086 cwd=/etc/exim 4 args: exim -d+all -M 1Z4Zop-00089J-CO 21:16:55 1086 trusted user 21:16:55 1086 admin user [...] 21:16:55 1086 Remote deliveries [175/4733] 21:16:55 1086 t...@example.com 21:16:55 1086 expanding: $return_path 21:16:55 1086result: mar...@mejor.pl 21:16:55 1086 expanding: niktnicniewieole 21:16:55 1086result: niktnicniewieole 21:16:55 1086 prvs: hash source is '0608mar...@mejor.pl' 21:16:55 1086 expanding: ${prvs {$return_path}{niktnicniewieole}} 21:16:55 1086result: prvs=06088217e3=mar...@mejor.pl 21:16:55 1086 search_tidyup called 21:16:55 1086 set_process_info: 1086 delivering 1Z4Zop-00089J-CO: waiting for a remote delivery subprocess to finish 21:16:55 1086 selecting on subprocess pipes 21:16:55 1089 changed uid/gid: remote delivery to t...@example.com with transport=external_smtp_batv 21:16:55 1089 uid=8 gid=12 pid=1089 21:16:55 1089 auxiliary group list: none 21:16:55 1089 set_process_info: 1089 delivering 1Z4Zop-00089J-CO using external_smtp_batv 21:16:55 1089 external_smtp_batv transport entered 21:16:55 1089 t...@example.com 21:16:55 1089 checking status of example.com 21:16:55 1089 locking /var/spool/exim/db/retry.lockfile 21:16:55 1089 locked /var/spool/exim/db/retry.lockfile 21:16:55 1089 EXIM_DBOPEN(/var/spool/exim/db/retry) 21:16:55 1089 returned from EXIM_DBOPEN 21:16:55 1089 opened hints database /var/spool/exim/db/retry: flags=O_RDONLY 21:16:55 1089 dbfn_read: key=T:example.com:2606:2800:220:1:248:1893:25c8:1946 21:16:55 1089 dbfn_read: key=T:example.com:2606:2800:220:1:248:1893:25c8:1946:1Z4Zop-00089J-CO 21:16:55 1089 no message retry record 21:16:55 1089 example.com [2606:2800:220:1:248:1893:25c8:1946] status = usable 21:16:55 1089 2606:2800:220:1:248:1893:25c8:1946 in serialize_hosts? no (option unset) 21:16:55 1089 delivering 1Z4Zop-00089J-CO to example.com [2606:2800:220:1:248:1893:25c8:1946] (t...@example.com) 21:16:55 1089 set_process_info: 1089 delivering 1Z4Zop-00089J-CO to example.com [2606:2800:220:1:248:1893:25c8:1946] (t...@example.com) 21:16:55
Re: [exim] event_action: one wish and one question
W dniu 2015-06-15 o 22:59, Marcin Mirosław pisze: W dniu 2015-06-15 o 22:41, Jeremy Harris pisze: On 15/06/15 16:57, Jeremy Harris wrote: On 15/06/15 13:31, Jeremy Harris wrote: On 15/06/15 11:46, Marcin Mirosław wrote: I wrongly configured event_action, I used too levels of brackets: event_action = ${if eq {msg:delivery}{$event_name} { {${lookup pgsql{SQL_POCZTA_WYCH}}} } } I added those line in transport. And then in main log I got: 2015-06-14 23:47:32 1Z4FfI-00048y-FX == aaa...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory I spent a couple of minutes to find out what was the reason of this. Could it be possible to add some more information to logged information that this error comes from event_action? I'll have a think on that. The trouble here is that it was (probably) syntactically valid; the result of the expansion was not what you expected, but for this event it is ignored anyway - so there should not have been a semantic failure either. I'd like to see a debug run showing that it was actually the event that caused the defer. Ah, I forgot with ignored anyway that other events are involved. It was processed for a tcp:connect event, where the result does matter; anything but blank resulting in the connection not being made (the event is raised before the connection is made, to give a fine-control capability). Hmm, when I use 'select null' then message is still defered: == t...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory Sorry, I forgot about additional {} . -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] event_action: one wish and one question
W dniu 2015-06-15 o 22:41, Jeremy Harris pisze: On 15/06/15 16:57, Jeremy Harris wrote: On 15/06/15 13:31, Jeremy Harris wrote: On 15/06/15 11:46, Marcin Mirosław wrote: I wrongly configured event_action, I used too levels of brackets: event_action = ${if eq {msg:delivery}{$event_name} { {${lookup pgsql{SQL_POCZTA_WYCH}}} } } I added those line in transport. And then in main log I got: 2015-06-14 23:47:32 1Z4FfI-00048y-FX == aaa...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory I spent a couple of minutes to find out what was the reason of this. Could it be possible to add some more information to logged information that this error comes from event_action? I'll have a think on that. The trouble here is that it was (probably) syntactically valid; the result of the expansion was not what you expected, but for this event it is ignored anyway - so there should not have been a semantic failure either. I'd like to see a debug run showing that it was actually the event that caused the defer. Ah, I forgot with ignored anyway that other events are involved. It was processed for a tcp:connect event, where the result does matter; anything but blank resulting in the connection not being made (the event is raised before the connection is made, to give a fine-control capability). Hmm, when I use 'select null' then message is still defered: == t...@example.com R=dnslookup_batv T=external_smtp_batv defer (2): No such file or directory -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] gnutls tester wanted
W dniu 19.09.2014 o 17:11, Jeremy Harris pisze: Hi! Anyone out there: - Running GnuTLS 3.3.6 or later - Prepared to build from source I've got compilation error with 3.3.8 (with 3.3.6 and 3.3.7 builds fine) ccache gcc -o exim ccache gcc -o exim acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o directory.o dns.o drtables.o enq.o exim.o expand.o filter.o filtertest.o globals.o dkim.o header.o host.o ip.o log.o lss.o match.o moan.o os.o parse.o queue.o rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o lookups/lf_quote.o lookups/lf_check_file.o lookups/lf_sqlperform.o local_scan.o perl.o malware.o mime.o regex.o spam.o spool_mbox.o demime.o bmi_spam.o spf.o srs.o dcc.o dmarc.o dane.o version.o \ routers/routers.a transports/transports.a lookups/lookups.a \ auths/auths.a pdkim/pdkim.a \ -lresolv -lnsl -lcrypt -lm\ -ldb -lmysqlclient -lpq -lldap -llber -lspf2 -lsrs_alt -lopendmarc -lhiredis -lwrap -lpam -ldl \ -Wl,-E -Wl,-O1 -Wl,--as-needed -L/usr/lib64/perl5/5.18.2/x86_64-linux/CORE -lperl -lnsl -ldl -lm -lcrypt -lutil -lc -lgnutls -L/usr/lib64 -lpcre tls.o: In function `tls_init': tls.c:(.text+0x1766): undefined reference to `gnutls_pkcs11_init' tls.o: In function `tls_validate_require_cipher': tls.c:(.text+0x3950): undefined reference to `gnutls_pkcs11_init' collect2: error: ld returned 1 exit status Makefile:451: recipe for target 'exim' failed make[1]: *** [exim] Error 1 make[1]: Leaving directory '/home/farm/buildfarm/HEAD/exim.49927/src/build-Linux-x86_64' Makefile:29: recipe for target 'all' failed make: *** [all] Error 2 gcc version 4.8.3 (Gentoo Hardened 4.8.3 p1.1, pie-0.5.9) # ld -v GNU ld (GNU Binutils) 2.24 exim version: HEAD Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] gnutls tester wanted
W dniu 22.09.2014 o 15:47, Jeremy Harris pisze: On 22/09/14 13:57, Marcin Mirosław wrote: - Running GnuTLS 3.3.6 or later - Prepared to build from source I've got compilation error with 3.3.8 (with 3.3.6 and 3.3.7 builds fine) Tant's useful to know - thanks. Could you ask on gnutls-h...@lists.gnutls.org for the preferred fix for 3.3.8+ ? I don't have any C skills, I'm not sure I'm proper person to ask about such low level things... Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] gnutls tester wanted
W dniu 2014-09-22 o 19:32, Andreas Metzler pisze: Marcin Mirosław mar...@mejor.pl wrote: [...] I've got compilation error with 3.3.8 (with 3.3.6 and 3.3.7 builds fine) [...] tls.c:(.text+0x3950): undefined reference to `gnutls_pkcs11_init' collect2: error: ld returned 1 exit status Makefile:451: recipe for target 'exim' failed make[1]: *** [exim] Error 1 make[1]: Leaving directory '/home/farm/buildfarm/HEAD/exim.49927/src/build-Linux-x86_64' Makefile:29: recipe for target 'all' failed make: *** [all] Error 2 [...] Hello, Looks like you built GnuTLS without PKCS #11 support. - Probably because your p11-kit version is too old. For GnuTLS 3.3.8 you need p11-kit 0.20.7 (stable branch) or 0.21.3 (unstable branch). Yup, I've got p11-kit-0.20.4, so it's gentoo dependency bug. Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Misleading message clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused ?
W dniu 02.07.2014 03:43, Phil Pennock pisze: Hi Phil, hi all! On 2014-06-30 at 16:31 +0200, Marcin Mirosław wrote: I have defined connection to av_scanner as below: av_scanner = clamd:127.0.0.1 3310 : 192.168.254.10 3310 2014-06-30 16:18:01 1X1cPB-0001CM-E1 malware acl condition: clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused So message couldn't connect to any host: is a little misleading, exim can connect to any host (but not to localhost). Sorry, that's misleading, yes. What it means is for the hostname or IP address given, couldn't connect to any host matching that hostname. If you had specified localhost 3310 on an IPv6 system, then it would have tried 127.0.0.1 and ::1 both before reporting that error. So when Exim is working through the list of possible targets, in random order now, each item is tried in turn; when they're IP addresses instead of hostnames, then the message is misleading. Should I fill bug for this? Have you got any idea why clamd uses word local even when connection is from remote host? Bug? Their code: 8 cut here 8-- if (stream) { struct sockaddr_in sa; socklen_t salen = sizeof(sa); if(getpeername(conn-sd, (struct sockaddr *)sa, salen) || salen sizeof(sa) || sa.sin_family != AF_INET) strncpy(fdstr, instream(local), sizeof(fdstr)); else snprintf(fdstr, sizeof(fdstr), instream(%s@%u), inet_ntoa(sa.sin_addr), ntohs(sa.sin_port)); reply_fdstr = stream; } else { snprintf(fdstr, sizeof(fdstr), fd[%d], fd); reply_fdstr = fdstr; } 8 cut here 8-- So will fail on IPv6; your config is IPv4-only though? So something non-obvious probably happening in the path to get here and I'm disinclined to spend more than 5 minutes looking at this or getting familiar with the ClamAV code base to answer. :) So, ask on the ClamAV mailing lists? Or are you using IPv6-mapped IPv4 stuff, to get connections which look like ::192.0.2.1 -- in which case, lack of IPv6 support in that bit of the ClamAV codebase. With clamav compiled with ipv6 support nothing changed. Thank you, you spend far more time than I expected. I was expecting answer like it's known bug or I've never seen such behavior. Sorry for late anwer. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Misleading message clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused ?
Hi! I have defined connection to av_scanner as below: av_scanner = clamd:127.0.0.1 3310 : 192.168.254.10 3310 On localhost clamav is turned off. When I senr eixar test I got in exim_main.log: # exigrep 1X1cPB-0001CM-E1 /var/log/exim/exim_main.log +++ 1X1cPB-0001CM-E1 has not completed +++ 2014-06-30 16:18:01 1X1cPB-0001CM-E1 DKIM: d=cibet.pl s=120625 c=relaxed/relaxed a=rsa-sha256 [verification succeeded] 2014-06-30 16:18:01 1X1cPB-0001CM-E1 malware acl condition: clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused 2014-06-30 16:19:01 1X1cPB-0001CM-E1 H=poczta3.cibet.pl (poczta.cibet.pl) [77.252.119.98] I=[88.198.102.195]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 F=prvs=025879ac1c=...@cibet.pl rejected after DATA: Virus found / znaleziono wirusa :Eicar-Test-Signature In clamd.log on remote host I've got: Mon Jun 30 16:18:01 2014 - instream(local): Eicar-Test-Signature(3cc1cc089e6737293a05a391d62a2a56:1676) FOUND So message couldn't connect to any host: is a little misleading, exim can connect to any host (but not to localhost). Have you got any idea why clamd uses word local even when connection is from remote host? Regards, Marcin Exim version 4.83_RC2 #2 built 20-Jun-2014 13:15:47 Copyright (c) University of Cambridge, 1995 - 2014 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014 Berkeley DB: Berkeley DB 4.8.30: (2013-10-04) Support for: crypteq iconv() IPv6 OpenSSL Content_Scanning DKIM Old_Demime OCSP Experimental_SRS Experimental_DSN Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz dsearch passwd pgsql Authenticators: cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/exim/exim.conf -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.83 RC1 uploaded
W dniu 04.06.2014 11:02, Mike Cardwell pisze: * on the Tue, Jun 03, 2014 at 09:16:02PM +0100, Jeremy Harris wrote: I have uploaded Exim 4.83 RC1 Has anybody tried it? We're about to put out RC2. Any comments on RC1 would be most welcome. I'm running it on two boxes. I haven't tested all of the new stuff it includes, but I do have dns_dnssec_ok set, and have enabled the new tls_try_verify_hosts SMTP transport option, both of which seem to work. I haven't seen any issues other than the dnssec strict/defer lookup stuff I mentioned on exim-dev. It hasn't crashed, I've scanned my logs and haven't seen any unexpected errors or deliverability issues. They're not high-usage boxes though. They've probably only handled a few thousand emails between them since I installed it last Thursday. Hi! I can say almost the same, just works in rather simple configuration (pgsql+lmtp+maildir+dovecot auth+dlfunc) but I just want to add info about warning I got while compiling exim: x86_64-pc-linux-gnu-gcc -c -O2 -pipe -march=core2 -mtune=native -frecord-gcc-switches -fno-unwind-tables -fno-asynchronous-unwind-tables -fpeel-loops -ftracer -ggdb -I.deliver.c deliver.c: In function ‘deliver_message’: deliver.c:6500:5: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] deliver.c:6500:5: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] deliver.c:6758:7: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] deliver.c:6758:7: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] deliver.c:7389:9: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] deliver.c:7389:9: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘time_t’ [-Wformat] Thanks for all your work. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Multiline and multi ACL smtp_banner
W dniu 30.04.2014 15:04, Wolfgang Breyha pisze: Hi! Marcin Mirosław wrote, on 30/04/14 14:34: Hi! I'm trying to implement some of the features from postscreen. First of them is sending multitiline smtp banner with delay between lines [1]. Simply add a delay in your connect ACL. 1 Second is usually enough to fool broken clients. So my too fast ehlo makes that after rcpt to mail will be rejected. I suspect it will be completely impossible to do it. But maybe such poor PREGREET test would be possible without many effort in exim code?: acl_smtp_connect= acl_check_connect acl_check_connect: warn message = 220-mail.xxx. ESMTP warn delay = 5s warn message = 220 mail.xxx. ESMTP go on dude And if protocol error appears let Exim rejects email at this moment. Exim will already do that automatically if you didn't set smtp_enforce_sync = false (main option) or control = no_enforce_sync (ACL control) I didn't change enforce settings. What you said is true beside I can't use acl shown above. As far as I can see there is no possible to add delay when sending smtp banner. control = no_delay_flush doesn't help me in this case. What about adding feature allowing temporary ignoring protocol/sychronization errors (e.g. ignore_protocols_error=1) and See above. Adding control = no_pipelining makes live even harder for some clients. Disabling STARTTLS might as well, but at (too) high costs. some clients you mean spam hosts? Meseems disabling STARTTLS doesn't help in early detection of connection from bot or I didn't catch properly your thought. Read http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html http://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html for details. putting information about such incident into expansion item? Currently there is no variable to check for previous sync errors. As you suggest I'm going to add little delay to acl_connect and see results. Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Multiline and multi ACL smtp_banner
Hi! I'm trying to implement some of the features from postscreen. First of them is sending multitiline smtp banner with delay between lines [1]. It looks as below: Connected to xyz.. Escape character is '^]'. 220-mail.xyz.net ESMTP ehlo mejor.pl 250-mail.xyz.net 250-SIZE 5120 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:s...@kolekcja.mejor.pl 250 2.1.0 Ok rcpt to:x...@example.com 550 5.5.1 Protocol error So my too fast ehlo makes that after rcpt to mail will be rejected. I suspect it will be completely impossible to do it. But maybe such poor PREGREET test would be possible without many effort in exim code?: acl_smtp_connect= acl_check_connect acl_check_connect: warn message = 220-mail.xxx. ESMTP warn delay = 5s warn message = 220 mail.xxx. ESMTP go on dude And if protocol error appears let Exim rejects email at this moment. What about adding feature allowing temporary ignoring protocol/sychronization errors (e.g. ignore_protocols_error=1) and putting information about such incident into expansion item? Regards Marcin [1] - http://www.postfix.org/POSTSCREEN_README.html#before_220 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Experimental Redis lookup
W dniu 2014-04-22 12:33, Warren Baker pisze: HI all, Hi! I just wanted to ask whether anyone is making use of Redis as a lookup? I have been using it for a number of months now without any issue but need to find out whether others are or have attempted using it and if it is working or didn't work for them. I tried to use Redis lookup and it works without problem for me. But it wasn't production enviroment. Thanks -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim can't resolve hostname of database when second email is sended in one TCP connection
W dniu 13.11.2013 19:51, Phil Pennock pisze: On 2013-11-13 at 16:43 +0100, Marcin Mirosław wrote: or I add pgsql to /etc/hosts then problem disappears. It looks like search option isn't applied when exim tries translate hostname to address. I just noticed that similar problem appears if I use ${lookup pgsql{}} in transport. In such situation I have problem with resolving hostname of database if I don't use FQDN in definition of pgsql server. Again, search option from resolv.conf seems to be ignored. Correct; Exim is very careful to disable search by default, so that hosts supplied in routing rules don't unexpectedly go to some place else. The only exceptions (which come to mind) are dns_search_parents on an SMTP transport and search_parents on a dnslookup router. Sorry, you need to specify remote services used by Exim in a way which doesn't involve probing DNS repeatedly; this normally isn't an issue, since each DNS request adds latency; remember that Exim forks and execs a lot, so there's going to be a fresh request to resolve each time. If you can use a local socket for pgsql, with peer auth, then that will be fastest and cleanest. If you need to specify a remote hostname, specify the fully-qualified name so that the lookups can complete quickly. If there's a compelling reason to support short names, please let us know. This appears to be under-documented in The Exim Specification; can you let us know where you would expect to see warnings, so we can add some? Hi! Thank you Phil for anwser for my emails. I don't have strong arguments to argue for add support short names. It's rather matter of habit, usually most soft supports it. BI'd like to ask to make Exim's behavior more coherent in this matter. In most places where I'm using ${lookup pgsql{}} short names in definition of database connection just works. I know about to cases when it doesn't work: - transports - whem I send second email in one tcp connection (one pass: -- ehlo,mail from, rcpt to, data - it works in second pass it stops to works. (Also in definition of spamd connection even short names can't be used. Documentation doesn't mention if hostnames can be used but in examples there are only numerical addresses. In definition of clamd connection hostnames can be used.). If something works in many places and doesn't work in a few I'm thinking that not works state is incorrect:) I'll try to create my proposition of changes in doc. Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim can't resolve hostname of database when second email is sended in one TCP connection
W dniu 08.10.2013 11:58, Marcin Mirosław pisze: Hello! I'm testing new configuration using exim -bh x.y.z -d. I've noticed strange behavior when I send HELO/EHLO after first mail was received. I'm sending: ehlo toja mail from: a...@pl.inv rcpt to: uzytkow...@test2.x.com.pl.inv data asdadasd . helo test quit When second HELO appears I'm getting in debug session: SMTP ehlo test sender_fullhost = google-public-dns-a.google.com (test) [8.8.8.8] sender_rcvhost = google-public-dns-a.google.com ([8.8.8.8] helo=test) set_process_info: 8450 handling incoming connection from google-public-dns-a.google.com (test) [8.8.8.8] using ACL acl_check_helo processing drop search_open: pgsql NULL search_find: file=NULL key=SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' partial=-1 affix=NULL starflags=0 LRU list: internal_search_find: file=NULL type=pgsql key=SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' database lookup required for SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' PostgreSQL query: SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' PGSQL new connection: host=pgsql port=5432 database=xx_poczta_test_db user=xx_poczta_test PGSQL connection failed: could not translate host name pgsql to address: Name or service not known lookup deferred: PGSQL connection failed: could not translate host name pgsql to address: Name or service not known LOG: MAIN PANIC failed to expand \n ${lookup pgsql{ Definition of pgsql_servers is: hide pgsql_servers = pgsql::5432/xx_poczta_test_db/xx_poczta_test/yy Full hostname of database server is: pgsql.in.xx.com.pl $ cat /etc/resolv.conf search in.xx.com.pl nameserver 192.168.1.35 $ host pgsql pgsql.in.cadera.com.pl has address 192.168.1.220 When Iconfigure connection as: hide pgsql_servers = pgsql.in.cadera.com.pl::5432/xx_poczta_test_db/xx_poczta_test/yy or I add pgsql to /etc/hosts then problem disappears. It looks like search option isn't applied when exim tries translate hostname to address. Ok, I run exim under strace, here is relevant part when first time exim tries to resolve pgsql: connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, 16) = 0 gettimeofday({1381226200, 288600}, NULL) = 0 poll([{fd=3, events=POLLOUT}], 1, 0)= 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \224\242\1\0\0\1\0\0\0\0\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\1\0\1, 40, MSG_NOSIGNAL, NULL, 0) = 40 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \214o\1\0\0\1\0\0\0\0\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\34\0\1, 40, MSG_NOSIGNAL, NULL, 0) = 40 gettimeofday({1381226200, 289009}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [94])= 0 recvfrom(3, \224\242\205\200\0\1\0\1\0\2\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\1\0\1\300\f\0\1\0\1\0\0*0\0\4\300\250\1\334\300\22\0\2\0\1\0\0*0\0\7\4dns1\300\22\300\22\0\2\0\1\0\0*0\0\7\4dns2\300\22, 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 94 gettimeofday({1381226200, 293071}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4995) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [87])= 0 recvfrom(3, \214o\205\200\0\1\0\0\0\1\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\34\0\1\300\22\0\6\0\1\0\0*0\0#\4dns1\300\22\5admin\300\25w\3752`\0\0*0\0\0\34 \0\t:\200\0\0*0, 1954, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 87 close(3) When second HELO is sended: connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, 16) = 0 gettimeofday({1381226202, 831438}, NULL) = 0 poll([{fd=3, events=POLLOUT}], 1, 0)= 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \36V\1\0\0\1\0\0\0\0\0\0\5pgsql\0\0\1\0\1, 23, MSG_NOSIGNAL, NULL, 0) = 23 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \256J\1\0\0\1\0\0\0\0\0\0\5pgsql\0\0\34\0\1, 23, MSG_NOSIGNAL, NULL, 0) = 23 gettimeofday({1381226202, 831628}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [98])= 0 recvfrom(3, \36V\201\203\0\1\0\0\0\1\0\0\5pgsql\0\0\1\0\1\0\0\6\0\1\0\0#\360\0@\1a\froot-servers\3net\0\5nstld\fverisign-grs\3com\0w\375{\0\0\0\7\10\0\0\3\204\0\t:\2 00\0\1Q\200, 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 98 gettimeofday({1381226202, 834145}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4997) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [98])= 0 recvfrom(3, \256J\201\203\0\1\0\0\0\1\0\0\5pgsql\0\0\34\0\1
Re: [exim] Exim4 vs Gmail - DKIM algorithms incompatibility
W dniu 01.11.2013 17:23, Wolfgang Breyha pisze: On 2013-10-31 14:58, Tomasz Kusy wrote: Hello, Tested on Exim version 4.72 with DKIM. Try a recent exim release. Hi! I,m (I was) using exim 4.80.1 and I started to use DMARC. I received report from google, in xml I found: auth_results dkim domainmejor.pl/domain resultfail/result /dkim spf domainmejor.pl/domain resultpass/result /spf /auth_results Other servers (exim or other MTAs with amavis/sa) pass validation. I have option dkim_canon unset. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim4 vs Gmail - DKIM algorithms incompatibility
W dniu 2013-11-04 19:33, Phil Pennock pisze: On 2013-11-04 at 12:19 +0100, Marcin Mirosław wrote: I,m (I was) using exim 4.80.1 and I started to use DMARC. I received report from google, in xml I found: auth_results dkim domainmejor.pl/domain resultfail/result /dkim -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ Those bits there ^^^ are mailing-list footers, added to your mail by Mailman. They are common on public mailing-lists. They also break DKIM signatures. So the act of posting your mail to exim-users will bump the count of auth_results which fail. You include only part of the XML schema; that auth_results/ should belong to a record/ which also includes a row/ containing a source_ip/. What you're actually able to get is set of counts of how many subscribers to each mailing-list you're on use Google services to handle the mail which they receive from those mailing-lists. Again I've attached too little. You can find complete xml report attached to email. This one email wasn't sent to maling list, it was sent to gmail user. Regards, Marcin ?xml version=1.0 encoding=UTF-8 ? feedback report_metadata org_namegoogle.com/org_name emailnoreply-dmarc-supp...@google.com/email extra_contact_infohttp://support.google.com/a/bin/answer.py?answer=2466580/extra_contact_info report_id8813207516108810573/report_id date_range begin1383091200/begin end1383177599/end /date_range /report_metadata policy_published domainmejor.pl/domain adkimr/adkim aspfr/aspf pnone/p spnone/sp pct100/pct /policy_published record row source_ip2001:470:1f15:1b61::2/source_ip count1/count policy_evaluated dispositionnone/disposition dkimfail/dkim spfpass/spf /policy_evaluated /row identifiers header_frommejor.pl/header_from /identifiers auth_results dkim domainmejor.pl/domain resultfail/result /dkim spf domainmejor.pl/domain resultpass/result /spf /auth_results /record /feedback -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to Remove new line or space (or how to escape dkim selector)
W dniu 17.10.2013 18:09, Mike Cardwell pisze: * on the Thu, Oct 17, 2013 at 05:37:33PM +0200, Marcin Miros??aw wrote: Thanks! I saw word Perl in description of ${sg} and I wrongly assumed it launch perl engine. I'd like to ask for help in one more thing. I've got problem with nested braces: $ exim -be '${sg{ {${readfile{/etc/exim/dkim/test2.test.com.pl.selector}} } {\n|\ }{} }}' {131017} But I'm expecting to get only digits. When I remove braces arround ${readfile I'm getting: $ exim -be '${sg{ ${readfile{/etc/exim/dkim/test2.cadera.com.pl.selector}} {\n|\ }{} }}' Failed: missing or misplaced { or } I first wrote out the ${sg} part: ${sg{}{}{}} I then added some newlines for readability: ${sg{ }{ }{ }} I then added the arguments which we want to pass to ${sg}: ${sg{ ${readfile{/etc/exim/dkim/test2.cadera.com.pl.selector}} }{ \n|\ }{ }} I then compressed it down to a single line: ${sg{${readfile{/etc/exim/dkim/test2.cadera.com.pl.selector}}}{\n|\ }{}} It's almost the same as your second version apart from a semi-colon being out of place. Hello! Thank you Mike! I've tried in similar way - added new line etc. But I did it wrong. Thanks for describe good way to build such nested arguments. Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] How to Remove new line or space (or how to escape dkim selector)
Hi! I'd like to setup configuration which supports keeping DKIM keyselector in files. In one file I'd like to keep selector. Content of the file can be string or string\n or ... \nstring\n\n. No one pay attention if there is new line on the end of last line. If I use selector which contains new line then Exim add new line to headers. Then all headers are messed up. As I can see I can't use ${tr} to remove a sign, which function could be usefull in this case? Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to Remove new line or space (or how to escape dkim selector)
W dniu 17.10.2013 16:58, Mike Cardwell pisze: * on the Thu, Oct 17, 2013 at 04:42:39PM +0200, Marcin Miros??aw wrote: I'd like to setup configuration which supports keeping DKIM keyselector in files. In one file I'd like to keep selector. Content of the file can be string or string\n or ... \nstring\n\n. No one pay attention if there is new line on the end of last line. If I use selector which contains new line then Exim add new line to headers. Then all headers are messed up. As I can see I can't use ${tr} to remove a sign, which function could be usefull in this case? root@glue:~# exim4 -be '${sg{Foo\nBar\nWibble}{}{}}' Foo Bar Wibble root@glue:~# exim4 -be '${sg{Foo\nBar\nWibble}{\n}{}}' FooBarWibble root@glue:~# Thanks! I saw word Perl in description of ${sg} and I wrongly assumed it launch perl engine. I'd like to ask for help in one more thing. I've got problem with nested braces: $ exim -be '${sg{ {${readfile{/etc/exim/dkim/test2.test.com.pl.selector}} } {\n|\ }{} }}' {131017} But I'm expecting to get only digits. When I remove braces arround ${readfile I'm getting: $ exim -be '${sg{ ${readfile{/etc/exim/dkim/test2.cadera.com.pl.selector}} {\n|\ }{} }}' Failed: missing or misplaced { or } Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim can't resolve hostname of database when second email is sended in one TCP connection
Hello! I'm testing new configuration using exim -bh x.y.z -d. I've noticed strange behavior when I send HELO/EHLO after first mail was received. I'm sending: ehlo toja mail from: a...@pl.inv rcpt to: uzytkow...@test2.x.com.pl.inv data asdadasd . helo test quit When second HELO appears I'm getting in debug session: SMTP ehlo test sender_fullhost = google-public-dns-a.google.com (test) [8.8.8.8] sender_rcvhost = google-public-dns-a.google.com ([8.8.8.8] helo=test) set_process_info: 8450 handling incoming connection from google-public-dns-a.google.com (test) [8.8.8.8] using ACL acl_check_helo processing drop search_open: pgsql NULL search_find: file=NULL key=SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' partial=-1 affix=NULL starflags=0 LRU list: internal_search_find: file=NULL type=pgsql key=SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' database lookup required for SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' PostgreSQL query: SELECT domain FROM postfixadmin_domain WHERE domain = 'test' AND active = '1' AND backupmx = '0' UNION select '@' PGSQL new connection: host=pgsql port=5432 database=xx_poczta_test_db user=xx_poczta_test PGSQL connection failed: could not translate host name pgsql to address: Name or service not known lookup deferred: PGSQL connection failed: could not translate host name pgsql to address: Name or service not known LOG: MAIN PANIC failed to expand \n ${lookup pgsql{ Definition of pgsql_servers is: hide pgsql_servers = pgsql::5432/xx_poczta_test_db/xx_poczta_test/yy Full hostname of database server is: pgsql.in.xx.com.pl $ cat /etc/resolv.conf search in.xx.com.pl nameserver 192.168.1.35 $ host pgsql pgsql.in.cadera.com.pl has address 192.168.1.220 When Iconfigure connection as: hide pgsql_servers = pgsql.in.cadera.com.pl::5432/xx_poczta_test_db/xx_poczta_test/yy or I add pgsql to /etc/hosts then problem disappears. It looks like search option isn't applied when exim tries translate hostname to address. Ok, I run exim under strace, here is relevant part when first time exim tries to resolve pgsql: connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, 16) = 0 gettimeofday({1381226200, 288600}, NULL) = 0 poll([{fd=3, events=POLLOUT}], 1, 0)= 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \224\242\1\0\0\1\0\0\0\0\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\1\0\1, 40, MSG_NOSIGNAL, NULL, 0) = 40 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \214o\1\0\0\1\0\0\0\0\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\34\0\1, 40, MSG_NOSIGNAL, NULL, 0) = 40 gettimeofday({1381226200, 289009}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [94])= 0 recvfrom(3, \224\242\205\200\0\1\0\1\0\2\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\1\0\1\300\f\0\1\0\1\0\0*0\0\4\300\250\1\334\300\22\0\2\0\1\0\0*0\0\7\4dns1\300\22\300\22\0\2\0\1\0\0*0\0\7\4dns2\300\22, 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 94 gettimeofday({1381226200, 293071}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4995) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [87])= 0 recvfrom(3, \214o\205\200\0\1\0\0\0\1\0\0\5pgsql\2in\6cadera\3com\2pl\0\0\34\0\1\300\22\0\6\0\1\0\0*0\0#\4dns1\300\22\5admin\300\25w\3752`\0\0*0\0\0\34 \0\t:\200\0\0*0, 1954, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 87 close(3) When second HELO is sended: connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, 16) = 0 gettimeofday({1381226202, 831438}, NULL) = 0 poll([{fd=3, events=POLLOUT}], 1, 0)= 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \36V\1\0\0\1\0\0\0\0\0\0\5pgsql\0\0\1\0\1, 23, MSG_NOSIGNAL, NULL, 0) = 23 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}]) sendto(3, \256J\1\0\0\1\0\0\0\0\0\0\5pgsql\0\0\34\0\1, 23, MSG_NOSIGNAL, NULL, 0) = 23 gettimeofday({1381226202, 831628}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [98])= 0 recvfrom(3, \36V\201\203\0\1\0\0\0\1\0\0\5pgsql\0\0\1\0\1\0\0\6\0\1\0\0#\360\0@\1a\froot-servers\3net\0\5nstld\fverisign-grs\3com\0w\375{\0\0\0\7\10\0\0\3\204\0\t:\2 00\0\1Q\200, 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(192.168.1.35)}, [16]) = 98 gettimeofday({1381226202, 834145}, NULL) = 0 poll([{fd=3, events=POLLIN}], 1, 4997) = 1 ([{fd=3, revents=POLLIN}]) ioctl(3, FIONREAD, [98])= 0 recvfrom(3, \256J\201\203\0\1\0\0\0\1\0\0\5pgsql\0\0\34\0\1\0\0\6\0\1\0\0#\360\0@\1a\froot-servers\3net\0\5nstld\fverisign-grs\3com\0w\375{\0\0\0\7\10\0\0\3\204\0\t: \200\0\1Q\200, 1950, 0, {sa_family=AF_INET, sin_port=htons(53),
Re: [exim] [exim-dev] Exim 4.82 RC1 uploaded
W dniu 27.09.2013 04:11, Todd Lyons pisze: On Thu, Sep 26, 2013 at 6:46 AM, Todd Lyons tly...@exim.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have uploaded Exim 4.82 RC1 to ftp://ftp.exim.org/pub/exim/exim4/test/ Hi! I can't compile with vanilla Makefile (simply copied file EDITME), I'm getting: $ LC_ALL=en_US.utf-8 make /bin/sh scripts/source_checks sort: -:5: disorder: accept_8bitmime make: *** [checks] Error 1 $ LC_ALL=en_US.utf-8 sort --version sort (GNU coreutils) 8.21 Packaged by Gentoo (8.21 (p1.0)) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Mike Haertel and Paul Eggert. Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] [exim-dev] Exim 4.82 RC1 uploaded
W dniu 27.09.2013 14:15, Todd Lyons pisze: On Fri, Sep 27, 2013 at 2:49 AM, Marcin Mirosław mar...@mejor.pl wrote: Hi! I can't compile with vanilla Makefile (simply copied file EDITME), I'm getting: $ LC_ALL=en_US.utf-8 make /bin/sh scripts/source_checks sort: -:5: disorder: accept_8bitmime make: *** [checks] Error 1 Is there a reason that you are specifying the language in that manner? It works if you do: LC_ALL=C make Originally I've used: LC_CTYPE=pl_PL.utf8 LC_NUMERIC=pl_PL.utf8 LC_TIME=pl_PL.utf8 LC_COLLATE=pl_PL.utf8 LC_MONETARY=pl_PL.utf8 LC_MESSAGES=C LC_PAPER=pl_PL.utf8 LC_NAME=pl_PL.utf8 LC_ADDRESS=pl_PL.utf8 LC_TELEPHONE=pl_PL.utf8 LC_MEASUREMENT=pl_PL.utf8 LC_IDENTIFICATION=pl_PL.utf8 With attached patch problem with sort didn't appear. Thanks! Marcin P.S. I've made analysis using clang: http://mejor.pl/clang-analysis/exim-4.82-rc1/ , maybe you find something interested in it. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS problems of late
W dniu 22.02.2013 14:29, Warren Baker pisze: HI All, Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e (installed from FreeBSD ports) and it delivering to remote hosts using TLS? Hi! I've got simillar problem with openssl-1.0.1c. Exim couldn't deliver email usint TLS to Exchange. I didn't had time to debug it, I've switched from openssl to gnutls. (I'm using gentoo). Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to interpret pasted snip of log?
W dniu 04.01.2013 14:45, Adam D. Barratt pisze: Hi! On 04.01.2013 10:24, Sander Smeenk wrote: Quoting Marcin Mirosław (mar...@mejor.pl): I'm wondering why I've got in main_log H=(mnch-4d044ae7.pool.mediaWays.net) in first line, and H=mnch-4d044ae7.pool.mediaways.net in second line in the same delivery? As far as i know, the first H= enclosed in brackets is what the remote host put behind EHLO/HELO. The H= line without brackets is what Exim got after DNS resolving. Can't find where this is written in the docs either but is seem to recall having read about this. http://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html#SECID251 Thanks for answers and help. At first moment your explanation was good for me. It could looks it is delay in dns resolving of HELO/EHLO name. But there was still something which puzzles me. So I did some tests. I added warn log_message=testX in a few places and sent a few mails using swaks. EHLO always was the same so it should be in local cache of resolver. After some debugging I found why format of H= is changed. This wasn't delay in dns resolving. The reason is I used warn with verify=reverse_host_lookup beetwen lines with log_message. Next I noticed I had host_lookup=: so I changed this to host_lookup=*. Solved:) Thanks again, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] logs
W dniu 04.01.2013 10:13, eximmail pisze: Hi! I am getting this in my log files a lot and am wondering why? no IP address found for host phpbbspprt840.gmail.com (during SMTP connection from unlocktheinbox.com (mail.unlocktheinbox.com) [168.144.32.45]) no IP address found for host phpbbspprt840.gmail.com (during SMTP connection from mout.gmx.net [74.208.4.200]) no IP address found for host phpbbspprt840.gmail.com (during SMTP connection from strong-eds-02.klga1.s.vonagenetworks.net [216.115.18.24]) If you notice every time an email comes in from wherever it always has phpbbspprt840.gmail.com attached to it. The normal email does come in and the headers from the mail does not show this, only the logs. Can someone help me figure this out please. Please show content of /etc/resolv.conf , /etc/hosts and what `hostname` says. And I think this isn't problem with exim but with configuration of your OS. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] logs
W dniu 04.01.2013 10:53, Jan Ingvoldstad pisze: On Fri, Jan 4, 2013 at 10:24 AM, Marcin Mirosław mar...@mejor.pl wrote: Please show content of /etc/resolv.conf , /etc/hosts and what `hostname` says. And I think this isn't problem with exim but with configuration of your OS. No, that is a red herring. The hostname phpbbspprt840.gmail.com does not exist in DNS: I was wrong, thanks. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] How to interpret pasted snip of log?
Hi! I'm looking at http://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html and I can't find answer. I'm wondering why I've got in main_log H=(mnch-4d044ae7.pool.mediaWays.net) in first line, and H=mnch-4d044ae7.pool.mediaways.net in second line in the same delivery? Second line is more correct for me because 77.4.74.231 has FCRDNS. Below is snippet from log: 2013-01-03 16:24:55 1Tqmf8-0001lO-JU H=(mnch-4d044ae7.pool.mediaWays.net) [77.4.74.231] I=[77.252.119.98]:25 Warning: Punkty SA:255 2013-01-03 16:24:55 1Tqmf8-0001lO-JU H=mnch-4d044ae7.pool.mediaways.net [77.4.74.231] I=[77.252.119.98]:25 Warning: to jest spam And here is snippet frm exim.conf: acl_smtp_data = acl_check_data [...] acl_check_data: [...] warn message = X-Spam-Score:$spam_score_int spam= nobody:true log_message = Punkty SA:$spam_score_int [...] warn message = This message scored $spam_score spam points. / Ta wiadomosc to spam. # set acl_m1= ham spam= nobody:true condition = ${if {$spam_score_int}{55}{1}{0}} set acl_m1 = spam control = fakereject/Rejected.This message scored $spam_score spam points.SC. / Ta wiadomosc to spam. Zostala odrzucona. log_message = to jest spam #delay = 1s Could it be result of delaying in dns resolving? Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Non ascii characters in recipient address creates frozen bounce
W dniu 29.11.2012 22:54, Phil Pennock pisze: On 2012-11-29 at 17:51 +0100, Marcin Mirosław wrote: W dniu 29.11.2012 16:15, Marcin Mirosław pisze: Configuration of virtual_delivery transport is defined as below: virtual_user: driver = accept domains = +local_domains condition = ${lookup pgsql{SQL_CZY_ISTNIEJE_UZYTK}} transport = virtual_delivery dsn_process SQL_CZY_ISTNIEJE_UZYTK = SELECT 1 FROM exim_users \ WHERE login=lower(E'${quote_pgsql:$local_part}') AND aktywny = true AND tylko_wysylanie = false I've wrote and sent email too fast:/ Transport configuration is: virtual_delivery: driver = pipe command = /usr/libexec/dovecot/deliver -d $local_part delivery_date_add envelope_to_add return_path_add user= mail log_output temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 shadow_condition=${if {$spam_score_int}{0}} shadow_transport=ham_transport_kopia Bear with me as I pick apart what's going on. I might have made a mistake and perhaps one of the other developers can point it out. So, when Exim creates a bounce message, it creates a child Exim process and generates the bounce message to feed to it on stdin. Process failed (1) when writing error message is saying that Exim process exited non-zero. Assuming that you have not set the bounce_sender_authentication main option, then the child Exim is invoked: exim -t -oem -oi -f -E$original_message_id This seems strange, the use of -oem with -f , because the point of -oem is that errors will be sent to the sender as a new message, which can't happen, and it seems that the actual cause of the complaint will then never get logged. Plus, -oem supposedly results in Exim always exiting non-zero, which means we'd always see that error message! Apparently, the documentation isn't write and it means that Exim always exits non-zero, unless the message was successfully received and parsed, in which case it always exits success. The receiving Exim forks again for the delivery, after receiving the message, and the return value from the delivery affects the exit code of that delivery process, but Exim doesn't care about that exit code, it's not looked at ever. (The delivery Exim process will have forked a third time, because you're using a pipe to run an external command, and _that_ exit code will be looked at). A full flow to completion: Process 1: Exim which generates the bounce message Process 2: Exim which receives the bounce message Process 3: Exim which delivers the bounce message, much like any delivery Process 4: Pipe transport command used for the delivery Exit code of P4 is reported/recorded; exit code of P3 is ignored; Exit code of P2 is the one which causes P1 to generate the log message. Per docs, P2 should always exit non-zero, because of -oem, although the local_scan API docs note that child_open_exim() should normally return 0, despite documenting that it uses -oem. (And not documenting the -E for passing the original message id). The delivery status of P3 doesn't matter, and by that point, I think that P2 is destined to exit 0, thus we can assert that Exim is not getting as far as trying to deliver the bounce message, so P2 is failing during message reception. I wonder if this is the X-Failed-Recipients: header causing issues for containing unescaped non-ASCII? I'm not seeing what would cause that. I think I must have missed something here. Hi! On the begin I'd like to wish you all the best in 2013 year! I've tried to follow you but I'm afraid this description is too low level for my understanding of exim. Should I assume this is potential bug in exim or bug in my configuration? Or maybe I can provide some other information about it? Thanks, Marcin. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Non ascii characters in recipient address creates frozen bounce
W dniu 29.11.2012 02:17, Phil Pennock pisze: Hi Phil, hi Jeremy, hi all! Jeremy, I thought that MUA received 550 in session. I was wrong, my fault, MUA session was completed without error. So it's completly ok for me that exim generated bounce. Now I'm concentrating on error code 1. On 2012-11-28 at 16:08 +0100, Marcin Mirosław wrote: 2012-11-28 15:40:45 1Tdiof-0007d2-JV ** zzzńz...@.pl: Unknown user / Nie ma takiego uzytkownika 2012-11-28 15:40:46 1Tdiof-0007d2-JV Process failed (1) when writing error message to yyy...@.pl (frozen) Hex values for character ń in exim_main.log are: C5 84 I don't understand what happend after rejecting message, at a line with time 15:40:46. Why exim wanted create bounce message and why process failed with error code 1? Just tried that to a friend's system, it bounced just fine. 2012-11-29 01:10:59 [71195] 1TdseY-000IWI-Kl ** zzzńz...@firedrake.org F=phil.penn...@spodhuis.org P=prvs=0680ff0160=phil.penn...@spodhuis.org R=outbound_signed T=remote_dksign: SMTP error from remote mail server after RCPT TO:zzz\305\204...@firedrake.org: host mx0.firedrake.org [193.201.200.77]: 550 Unrouteable address 2012-11-29 01:10:59 [71198] 1TdseZ-000IWM-Eo = R=1TdseY-000IWI-Kl U=exim P=local S=806 for phil.penn...@spodhuis.org 2012-11-29 01:10:59 [71195] 1TdseY-000IWI-Kl Completed QT=1s 2012-11-29 01:10:59 [71200] 1TdseZ-000IWM-Eo = phil phil.penn...@spodhuis.org F= P= R=imap_user T=imap_inject QT=0s DT=0s 2012-11-29 01:10:59 [71200] 1TdseZ-000IWM-Eo Completed QT=0s It seems likely that the error depends upon the transport used for delivering the bounce message. If you use 'exim -bt yyy...@.pl' to determine that, and grab the configuration for the Transport used, then could you please paste that configuration into a reply here? I've looked into spool directory, I found another one message with similar state. In second case the email was sended by authorized user to external domain. Snippet form log (again, sorry for obfuscation, it's not my email address): # cat /var/spool/exim/msglog/1TdLJC-cu-26 2012-11-27 14:34:42 Received from c...@mydomain.pl H=(m) [192.168.2.134] I=[192.168.2.1]:587 P=esmtpa A=fixed_login: S=1299332 id=B501EF8474E84AA7B23039BB F62B18E3@m 2012-11-27 14:34:42 routing failed for d@pl.pepperl-fuchs: Unrouteable address Process failed (1) when writing error message to c...@mydomain.pl (frozen) As we can see destination domain is wrong, it is a mistake made by user. Exim -bt shows (in both cases): router = virtual_user, transport = virtual_delivery Configuration of virtual_delivery transport is defined as below: virtual_user: driver = accept domains = +local_domains condition = ${lookup pgsql{SQL_CZY_ISTNIEJE_UZYTK}} transport = virtual_delivery dsn_process SQL_CZY_ISTNIEJE_UZYTK = SELECT 1 FROM exim_users \ WHERE login=lower(E'${quote_pgsql:$local_part}') AND aktywny = true AND tylko_wysylanie = false Meseems incorrect recipient address shouldn't be used in any place in transport but there is high probability I'm wrong:) Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Non ascii characters in recipient address creates frozen bounce
W dniu 29.11.2012 16:15, Marcin Mirosław pisze: Configuration of virtual_delivery transport is defined as below: virtual_user: driver = accept domains = +local_domains condition = ${lookup pgsql{SQL_CZY_ISTNIEJE_UZYTK}} transport = virtual_delivery dsn_process SQL_CZY_ISTNIEJE_UZYTK = SELECT 1 FROM exim_users \ WHERE login=lower(E'${quote_pgsql:$local_part}') AND aktywny = true AND tylko_wysylanie = false I've wrote and sent email too fast:/ Transport configuration is: virtual_delivery: driver = pipe command = /usr/libexec/dovecot/deliver -d $local_part delivery_date_add envelope_to_add return_path_add user= mail log_output temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 shadow_condition=${if {$spam_score_int}{0}} shadow_transport=ham_transport_kopia Sorry. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Non ascii characters in recipient address creates bounce
Hi! Authorized sender made mistake, used non ascii character in recipient address. Please look at log (and please forgive me little obfuscation): 2012-11-28 15:40:45 1Tdiof-0007d2-JV = yyy...@.pl H=([192.168.2.143]) [192.168.2.143] I=[192.168.2.1]:587 P=esmtpa A=fixed_plain:yy S=76559 id=50b62270.1060...@.pl 2012-11-28 15:40:45 1Tdiof-0007d2-JV ** zzzńz...@.pl: Unknown user / Nie ma takiego uzytkownika 2012-11-28 15:40:46 1Tdiof-0007d2-JV Process failed (1) when writing error message to yyy...@.pl (frozen) Hex values for character ń in exim_main.log are: C5 84 I don't understand what happend after rejecting message, at a line with time 15:40:46. Why exim wanted create bounce message and why process failed with error code 1? Thanks, Marcin. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Storing Data in MySQL
W dniu 2012-11-27 23:08, Always Learning pisze: Exim documentation chapter 9 refers to 'lookup' which doesn't mean look-up but 'collect' information. (One has to collect, or try to collect, the data before one can verify its existence or its compatibility.) Does Exim permit the storage of information into MySQL ? For example, insert into If so, what replaces the Exim 'lookup' verb ? Hi! You don't have to use output of lookup to anything so it means, yes, you can do insert into in lookup query. E.g.: [...somewhere in acl_check_data ...] warn condition = ${lookup pgsql {PGSQL_Q_DODAJ_PUNKTY}} [...] # final accept accept Where PGSQL_Q_DODAJ_PUNKTY is defined as: INSERT INTO exim_ipki_scoring (ip,punkty,domena) VALUES (E'${quote_pgsql:$sender_host_address}' , \ E'${quote_pgsql:$spam_score_int}' , \ E'${quote_pgsql:$sender_address_domain}' ) But please notice if client disconnect after you insert tuple to database and before client receive final 2xx then exim throw away email but you will have tuple in database. I hope I write it clear enough, I don't speak english well. Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] exim_tidydb doesn't make databases smaller
W dniu 23.11.2012 13:32, Arkadiusz Miśkiewicz pisze: Hi. Shouldn't exim_tidydb make databases physically smaller? # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:25 /var/spool/exim/db/callout # exim_tidydb -t 2d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:25 /var/spool/exim/db/callout # exim_tidydb -t 1d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677601280 11-23 13:26 /var/spool/exim/db/callout # exim_tidydb -t 0d /var/spool/exim/ callout /dev/null # ls -al /var/spool/exim/db/callout -rw-r- 1 exim exim 677593088 11-23 13:27 /var/spool/exim/db/callout and no, no errors, after few calls it made db empty: # exim_tidydb -t 0d /var/spool/exim/ callout Tidying Exim hints database /var/spool/exim//db/callout Tidying complete but still -rw-r- 1 exim exim 677593088 11-23 13:28 /var/spool/exim/db/callout The problem is that it grows and grows filling my /var. How to make it shrink db? Hi Arek! # exim_tidydb -t 0d /var/spool/exim/ callout Tidying Exim hints database /var/spool/exim//db/callout Tidying complete This shows that exim_tidydb didn't remove any record so database can't be shrinked. exim_tidydb prints every removed records so you shold be flooded with messages: deleted 123a...@xxx.pl (too old) deleted 0e906b...@xxx.pl (too old) deleted 08e3...@xxx.pl (too old) deleted 0836a...@xxx.pl (too old What exim_dumpdb says about callout database? Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] db based IP blacklist
W dniu 2012-10-27 21:51, Alexander Nagel napisał(a): Hi, I have a simple IP list in my PostGreSQL with inet as type in the table. Currently i have this snippet in my exim4.conf file in the acl_smtp_connect part. drop condition = ${if eq{$sender_host_address}{${lookup pgsql{PG_Q_BLACKLIST message = REJECTED - You are blacklisted log_message = REJECTED - $sender_host_address is blacklisted. This works with a single IP address. But I want to add whole ranges of IP addresses like 192.1.0.0/24 How do I have to change the condition? Hi Alex, so you would like to block all /24 net if any ip address within this network is in your database? Meseems you should use = operator in your sql query(which you didn't provide - I'm guessing how it can looks like) and condition create as below: condition = ${if eq{${mask:$sender_host_address/24}{${lookup pgsql{PG_Q_BLACKLIST Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Possible bug in Exim
W dniu 18.10.2012 15:55, Marc Perkel pisze: I'll do bugzilla if I'm not crazy but thought I'd post it here first to see if I'm nuts. In the transports this works: helo_data = SERVER_NAME.junkemailfilter.com However this does not work: helo_data = $acl_c_helo_data The helo becomes an empty string. And I'm sure the variable is set properly. It's as if acl variables don't work in the transport? Hi! I've tried with exim-4.80 and i couldn't reproduce such situation. I've set acl_c_helo_data in acl_check_rcpt and it works, I've tried acl_check_data also and still it works. Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] How to do callout to specific address?
Hello! I'd like to use exim to callout senders mta and check if given users exists[1]. In doc I can see callout is only doing for checking if sender or postmaster exists. So I assume it needs some more configuration that adding one word to verify=sender/callout line. I'd like to ask for some advice. Second quuestion is can I modify behavior of verify=reverse_host_lookup? I'd like to set acl_m_xxx depending on success or failure of verification. Problem appers when dns server doesn't respond (e.g. PTR record for 117.18.231.4). Acl: warn verify=reverse_host_lookup throws warning (no problem) but exim responds 4xx to the client (this is not ok in this case). Is it possible to catch such cases, set acl_m_xxx to proper value (e.g. unknown) and pass to next acl? I'm using exim-4.80. Marcin [1] - I'd like to only check if abuse@ and postmaster@ exists. (rfc-ignorant is going down...) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to do callout to specific address?
W dniu 2012-10-01 20:26, Jeremy Harris pisze: Hello Jeremy, On 10/01/2012 02:55 PM, Marcin Mirosław wrote: I'd like to use exim to callout senders mta and check if given users exists[1]. In doc I can see callout is only doing for checking if sender or postmaster exists. So I assume it needs some more configuration that adding one word to verify=sender/callout line. I'd like to ask for some advice. There's no particularly convenient way of doing what you want (verifying if abuse@$sender_address_domain exists). You could raise a wishlist item at http://bugs.exim.org/enter_bug.cgi?product=Exim I'll try. In meanwhile I've found idea I can run swaks ( --quit-after RCPT) from exim with simple sh wrapper. Second quuestion is can I modify behavior of verify=reverse_host_lookup? I'd like to set acl_m_xxx depending on success or failure of verification. Problem appers when dns server doesn't respond (e.g. PTR record for 117.18.231.4). Acl: warn verify=reverse_host_lookup throws warning (no problem) but exim responds 4xx to the client (this is not ok in this case). Is it possible to catch such cases, set acl_m_xxx to proper value (e.g. unknown) and pass to next acl? Does the method mentioned in http://bugs.exim.org/show_bug.cgi?id=251 work for you, modified for your case? Yes, thanks! It works as I wish. Thanks for tips! Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to do callout to specific address?
W dniu 2012-10-01 22:57, Marcin Mirosław pisze: W dniu 2012-10-01 20:26, Jeremy Harris pisze: Hello Jeremy, On 10/01/2012 02:55 PM, Marcin Mirosław wrote: [...] Does the method mentioned in http://bugs.exim.org/show_bug.cgi?id=251 work for you, modified for your case? Yes, thanks! It works as I wish. Finally I wrote this in this way: warn set acl_m_fcrdns= NULL warn verify = reverse_host_lookup set acl_m_fcrdns= 1 warn !verify = reverse_host_lookup set acl_m_fcrdns= 0 This has advantage that all pieces of checking reverse_host are in one place;) Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim remote smtp response code
W dniu 01.07.2012 06:23, Nguyen Quan pisze: Hello Exim, I'm using Exim right now, and I have some issues to solve. How can I config in exim.conf to return every of remote smtp response code, include 2xx, 4xx and 5xx, when Exim connect to another mail server such as Yahoo or Google? Hi! Does smtp_* options in log_selector[1] do want you need? Regards [1]- http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html#SECTlogselector -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] using name of host in spamd_address
W dniu 01.06.2012 00:25, Jeremy Harris pisze: On 2012-05-31 15:54, Marcin Mirosław wrote: I'd like to use hostname instead numeric ip in spamd_address variable. I've found bugs about it[1][2]. They are marked as fixed in 4.77 but it looks for me they aren't fixed. I still can't use hostname in spamd_address. Could it be those bugs are fixed partially (i mean was added expansion of spamd_address only) That's how I read the current state of play. I suggest opening a new feature request bug specifically for name support. In the meantime, can you use a dnsdb lookup? I've filled bug 1259. I'm calling $spam_score about 5 times, docs says: The spam condition caches its results unless expansion in spamd_address was used. I'd like to spare some cpu cycles. Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] DKIM debugging
W dniu 2012-04-22 12:26, Wolfgang Breyha pisze: Hi! I have found a bunch of emails from groupon.de which DKIM Sig didn't verify successfully in exim, but in Mail::DKIM it does even if I remove the DomainKeys Sig. Is there an easy way to feed the .eml file into exim only to debug DKIM? Hello! Could it be similar problem to mine? http://www.exim.org/lurker/message/20120119.154235.ab4ab522.pl.html Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] using name of host in spamd_address
Hello! I'd like to use hostname instead numeric ip in spamd_address variable. I've added host to /etc/hosts file: $ grep sa /etc/hosts 127.0.0.1 sa $ ping sa PING sa (127.0.0.1) 56(84) bytes of data. 64 bytes from meteor.mejor.pl (127.0.0.1): icmp_req=1 ttl=60 time=0.000 ms 64 bytes from meteor.mejor.pl (127.0.0.1): icmp_req=2 ttl=60 time=0.000 ms ^C In exim.conf, in main section i've got: spamd_address = sa 783 With such configuration exim-4,77 throws to log: 2012-04-04 16:20:59 1SFR4t-0003rv-M8 spam acl condition: warning - spamd connection to sa, port 783 failed: Network is unreachable I didn't have such problem with configuring connection to sql server, hostname works. Is it possible to use hostname in spamd_address or i'm doing it in wrong way? Thanks, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Checking header against RFC2822
W dniu 28.02.2012 16:23, Pavel Gulchouck pisze: Hello, if a message contains header field To: user@domain user@domain then verify = header_syntax returns error, in my case Feb 28 14:59:02 gopher exim[74934]: 2012-02-28 14:59:02 1S2Mdm-000JUc-Ch H=happy.kiev.ua (happy) [213.133.161.33] F=g...@gul.kiev.ua rejected after DATA: message header fail syntax check: malformed address: q...@happy.kiev.ua\n may not follow q...@happy.kiev.ua : failing address in To: header is: q...@happy.kiev.ua q...@happy.kiev.ua But why? Hello, there is explanation: http://wiki.exim.org/FAQ/General_Debugging/Q0087 Regards, Marcin. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] DKIM problems
W dniu 19.01.2012 22:34, Marcin Mirosław pisze: W dniu 2012-01-19 21:49, Phil Pennock napisał(a): If you have a copy of such an email which you're willing to share, then could you please forward it, WITH ALL HEADERS INTACT, to me and I'll try to find time to take a look. I sended such mail to you offlist. Thank you. Hello! Did you have some time to look into problematic email? Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] DKIM problems
W dniu 11.01.2012 20:12, David Saez Padros pisze: Hi I'm having problems with domains for which i get the error verification failed - signature did not verify while cheking dkim signature (gravatar.com, sophos.com, paypal-promo.es, akismet.com ..) but for example gmail.com does not have this problem, is somebody else seing this too ? Hi, i have similar problem, message is diffrent than yours so i'm not sure it's the same problem. Emails from domain interia.pl triggers message: DKIM: d=interia.pl s=biztos c=relaxed/relaxed a=rsa-sha256 t=1326986132 [verification failed - signature did not verify (headers probably modified in transit)] but when i run ./dkimverify.pl test.eml i get verify result: pass. I'm not sure who is right, exim or Mail-DKIM. Regards. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] DKIM problems
W dniu 2012-01-19 21:49, Phil Pennock napisał(a): If you have a copy of such an email which you're willing to share, then could you please forward it, WITH ALL HEADERS INTACT, to me and I'll try to find time to take a look. I sended such mail to you offlist. Thank you. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Mysql support - no errors but checking compiled in
Hello! try fake debug session: exim -bh 1.2.3.4 -d+acl , it can help you to find out what is going on. Is posible sql query returns more than one tuple? Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Mysql support - no errors but checking compiled in
W dniu 29.09.2011 08:17, Ron White pisze: One more thing, domainlist hosted_domains = ${lookup mysql{MYSQL_HOSTEDDOMAINLIST}} here you use variable hosted_domains relevant ACL clause check_rcpt: accept domains = local_domains : *.local_domains denymessage = relay not permitted But in ACL you don't. :hosted_domains is missing? Regards, Marcin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Still thinking about acls
Hi again! I've prepared simple, test configuration: domainlist local_domains = @ : : test2.com # there is whitespace begin acl acl_check_rcpt deny sender_domains = +local_domains message = test reject [...] Fake session shows that this conditions is always met: 14:03:32 28800 SMTP 250-localhost Hello test [1.1.1.1] 14:03:32 28800 250-SIZE 52428800 14:03:32 28800 250-PIPELINING 14:03:32 28800 250 HELP 14:03:32 28800 SMTP mail from: 14:03:32 28800 SMTP 250 OK 250 OK 14:03:32 28800 SMTP rcpt to:a...@.com 14:03:32 28800 using ACL acl_check_rcpt 14:03:32 28800 processing deny 14:03:32 28800 check sender_domains = +local_domains 14:03:32 28800 in @ : test1.com : : test2.com? yes (matched ) 14:03:32 28800 in +local_domains? yes (matched +local_domains) 14:03:32 28800 deny: condition test succeeded 14:03:32 28800 SMTP 550 test reject 550 test reject According to: http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTdomainlist meseems that this is case described as point If none of the above cases apply, a caseless textual comparison is made between the pattern and the domain. But it looks that empty char ( matched in log ) works the same as * (asterisk). Did i (again...) miss some piece of documentation? Thanks for reply. Regards, Marcin. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] [solved] Still thinking about acls
Empty sender (bounce message: ) is equal to empty field in local_domains. Doc is fine ;) Regards:) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] PGSQL: no data found - when dns lookup fail
Hello! I've found in reject log messages with reject error PGSQL: no data found. For example: 2011-04-09 07:12:06 H=(180.245.254.157) [180.245.254.157] I=[193.238.12.139]:25 F=e...@9spwx.ru temporarily rejected RCPT o...@vipmaster.ru: PGSQL: no data found domain vipmaster.ru isn't local domain, bot tried to relay via my mx. I've made little investigation. Please look at those two lines: 2011-04-15 12:44:47 H=(localhost) [x.x.x.x] I=[193.238.12.139]:25 F=a...@ww.pl temporarily rejected RCPT s...@xxxkolekcja.mejor.pl: PGSQL: no data found 2011-04-15 12:44:57 H=correct.revdns.of.ip (localhost) [x.x.x.x] I=[193.238.12.139]:25 F=a...@ww.pl rejected RCPT s...@xxxkolekcja.mejor.pl: relay not permitted (brak autoryzacji) In booth cases, domain XXXkolekcja.mejor.pl isn't in local domain. First line was created while named was down, exim couldn't verify reverse_host_lookup (exim reponsed 451 Temporary local problem - please try later to client ). The second one was logged while named was up, exim could verify reverse ip (exim responsed 550 relay not permitted to client). I'm wondering why exim throws PGSQL: no data found to reject log, shouldn't log somthing like host lookup failed? In exim.conf there are a couple places when i'm making psql lookup. All sql queries has domena='${quote_pgsql:$domain}' in WHERE clausule so all of them return zero records. Example query: domainlist local_domains = localhost : @ : \ ${lookup pgsql {SELECT domena FROM exim_users where \ domena='${quote_pgsql:$domain}' limit 1 }}: \ ${lookup pgsql {select regexp_replace(alias, '.*@','') \ from exim_aliasy where alias like '%@${quote_pgsql:$domain}' }} # exim -bV Exim version 4.75 #1 built 15-Apr-2011 11:52:38 Copyright (c) University of Cambridge, 1995 - 2007 Berkeley DB: Berkeley DB 4.8.30: (2010-08-28) Support for: crypteq iconv() IPv6 OpenSSL Content_Scanning DKIM Old_Demime Experimental_SRS Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch passwd pgsql Authenticators: cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply pipe smtp CW_DSN_1.3 Fixed never_users: 0 Size of off_t: 4 OpenSSL compile-time version: OpenSSL 1.0.0d 8 Feb 2011 OpenSSL runtime version: OpenSSL 1.0.0d 8 Feb 2011 Configuration file is /etc/exim/exim.conf Postgresql-9.0 If more information, content of acl_check_rcpt will be needed, please let me know. Thanks for suggestions. Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] PGSQL: no data found - when dns lookup fail
I've got another one quesion. In conf file i've got: domainlist local_domains = localhost : @ : \ ${lookup pgsql {SELECT domena FROM exim_users where \ domena='${quote_pgsql:$domain}' limit 1 }}: \ ${lookup pgsql {select regexp_replace(alias, '.*@','') \ from exim_aliasy where alias like '%@${quote_pgsql:$domain}' }} acl_check_rcpt: [...] deny !hosts = : +relay_from_hosts sender_domains = +local_domains message = You are not authenticated fake debug session: processing deny check domains = +local_domains search_open: pgsql NULL search_find: file=NULL key=SELECT domena FROM exim_users where domena='xxxkolekcja.mejor.pl' limit 1 partial=-1 affix=NULL starflags=0 LRU list: internal_search_find: file=NULL type=pgsql key=SELECT domena FROM exim_users where domena='xxxkolekcja.mejor.pl' limit 1 database lookup required for SELECT domena FROM exim_users where domena='xxxkolekcja.mejor.pl' limit 1 PostgreSQL query: SELECT domena FROM exim_users where domena='xxxkolekcja.mejor.pl' limit 1 PGSQL new connection: host=127.0.0.1 port= database=exim user=eximuser PGSQL: no data found lookup failed search_open: pgsql NULL cached open search_find: file=NULL key=select regexp_replace(alias, '.*@','') from exim_aliasy where alias like '%@xxxkolekcja.mejor.pl' partial=-1 affix=NULL starflags=0 LRU list: internal_search_find: file=NULL type=pgsql key=select regexp_replace(alias, '.*@','') from exim_aliasy where alias like '%@xxxkolekcja.mejor.pl' database lookup required for select regexp_replace(alias, '.*@','') from exim_aliasy where alias like '%@xxxkolekcja.mejor.pl' PostgreSQL query: select regexp_replace(alias, '.*@','') from exim_aliasy where alias like '%@xxxkolekcja.mejor.pl' PGSQL using cached connection for 127.0.0.1/exim/eximuser PGSQL: no data found lookup failed xxxkolekcja.mejor.pl in localhost : @ : : ? no (end of list) xxxkolekcja.mejor.pl in +local_domains? no (end of list) deny: condition test failed Meseems that all condition is failed because pgsql lookup is failed. I don't know how to change config to have exim treating empty result from sql query as valid lookup. Is it possible? Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] False postitve diagnosis Heuristics.Structured.CreditCardNumber
W dniu 2011-03-15 18:57, The Doctor pisze: Question: How I tell exim someone using port 465 is mostly likely not sending out anything harmful? Maybe try to use: accept authenticated = * in acl_check_data, in section before clamav test email. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] [exim-dev] Logging address ip of outgoing mail
W dniu 04.02.2011 00:05, Jeremy Harris pisze: I'm not aware of a log_selector that does what you want. I'm not programmer, i don't know if exim is able to know outgoing address when interface = isn't used. If it's possible could i make feature request? What I've done to help logging in routing/transport is an embedded-perl function Exim::log_write called as a dummy lookup. Typically I use this in a router as: data = ${if eq {}{\ ${perl{Exim::log_write}{router_name: bad $local_part@$domain}}}\ {}{}} I assume you're using an smtp transport with a lookup for interface = and you could do something similar there. You've guessed perfectly:) I didn't mention it, my fault. There is great option log_message for acl, i'm missing it. I can't use data= in dnslookup router so i tried to change it to condition=, and condition is always true. I've read i sholud use perl_startup, but there is no external perl script needed. So i created empty, fake file, and provided it to startup_perl. Is it correct way? Finally, i have this line in router: condition = ${if eq {}{${perl{Exim::log_write}{adres_wych: ${lookup{$domain}wildlsearch{/etc/exim/domeny_interfejs.txt}{$value}{}} }}}{1}{1}} which do what i want. Thank you for hint! P.S.1 This solution has small disadvantage, if destination domain is ipv6 capable, in log appears address ipv4. This is not real problem, because i've got only one ipv6 interface, so if destination is like [2000::], i know, that those line isn't correct. P.S.2 I sent email to exim-dev accidentally but there is no option to cancel email Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Logging address ip of outgoing mail
Hello! I'd like to have in log addres IP used to send mail. Something like outgoing_interface instead incoming_interface. Is it possible to do it in straight way or i need to add log function to transport? Thanks. -- www: http://blog.mejor.pl/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] hold_domains works almost always
Hello. When I uses both options in exim: hold_domains=sample domain here queue_smtp_domains=* and i send, for example, 5-10 mails to domain mention in hold_domains, exim sends a few mails to destinations server. But not all of them. 2-4 mails are sended, rest of them is keeped locally, and main log mark this mail as domain is held (and this is correct). Is it something that i missed reading documentation? Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] hold_domains works almost always
I can't reproduce this situation with other (test) domain. BTW, i'm sending email using sendEmail script, mails has got BCC filed. How can i debug it? Fake session, probably, can't be usefulll, in this case. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] static code analyze for exim-4.72
Hi! I've run static code analyzer from clang suite. Results are available here: http://mejor.pl/exim-472/ . If it could be usefull for exim developing that's great. I haven't enough C skills to apprize is this analyze worth something or not, this is way i'm posting here. Regards. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] static code analyze for exim-4.72
W dniu 19.11.2010 15:18, Ted Cooper pisze: The instances I looked at were all failures of the analysis tool to understand the code or where the supposed error was impossible. I stopped looking after an example or two of each of the types of failure. There were a few things picked up that were obviously added to make understanding the code easier which certainly don't need to be fixed. The rest seem to be unimportant or just plain nit picking. Was there a specific bug this was looking to find? No, i wasn't looking for specific bug. I was worried numbers of warnings and warnings classified as security and Logic error. But as i can see, there is nothing to worry about. Thanks for your time and answers! Regards -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Cannot fix open relay
W dniu 08.11.2010 09:41, Paolo Crosato pisze: relay_from_hosts = 127.0.0.1 : 1 : 10.1.0.0/16 : 80.206.221.208/28 : 87.28.92.152/0 : 82.90.193.0/8 : 80.86.144.0/22 ? mask is too wide? -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] virtual domains, incorrect envelope-from
W dniu 2010-11-04 20:08, Seth Dillingham pisze: Exim is happily handling mail for a number of virtual domains with non-login accounts, both incoming and outgoing. However, all mail sent by our users through our server ends up with a bad Envelope-From address. Here's an example from a message I just sent: Received: from xxx.ri.ri.cox.net ([y.y.y.y] helo=Sprung-Sprocket.local) by zzz.macrobyte.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from s...@macrobyte.net@macrobyte.net) id LB7Q4I-000MMQ-4X for seth.dilling...@gmail.com; Mon, 01 Nov 2010 11:38:42 -0400 The correct address, of course, is just s...@macrobyte.net. I've seen some mail rejections, though it's not clear if they're being caused by these strange Envelope addresses. All relaying requires smtp authentication via either PLAIN, LOGIN, or CRAM-MD5. In the MUA, the users set their smtp user id as u...@domain.com (so in my case, it's s...@macrobyte.net). Hi! Try to set: accept authenticated = * control = submission/sender_retain This is examle, we don't know Your config. Regards -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim filtering spam with dnslists
W dniu 24.08.2010 22:35, z...@inbox.lv pisze: need all email in a dnslists redirect to a folder. Spam Now email from the dnslists are blocked as follows: denymessage = DNSBL listed at $dnslist_domain\n$dnslist_text hosts = ! +relay_from_hosts dnslists = zen.spamhaus.org:bl.spamcop.net:xbl.spamhaus.org:bb.barracudacentral.org:list.bbfh.org:l3.bbfh.ext.sorbs.net need all email from dnslists send them to routers ditch_spam: (Now all email with spam_score 100 redirect to a folder. Spam) The problem is that the condition will not be received to indicate the condition: dnslists = zen.spamhaus.org: bl.spamcop.net: xbl.spamhaus.org: bb.barracudacentral.org: list.bbfh.org: l3.bbfh.ext.sorbs.net How to write such condition?? can one do? Hi! I'm not sure did i understand you correct. Do you want to receive _all_ mails, if sender's ip is in blacklist, you want to use router ditch_spam to take mail ? e.g: warn hosts = ! +relay_from_hosts dnslists= zen.spamhaus.org:bl.spamcop.net:. set acl_m1 = spam begin routers ditch_spam: [...] condition = ${if or{ {$spam_score_int}{100}} {eq{$acl_m1}{spam}} } } Regards -- xmpp (jabber): marcin [at] mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] router condition, problem with and
W dniu 19.08.2010 11:27, Jonas Forsberg pisze: I just can't understand why I've manually rewrite condition to: condition = ${if and{ {match {$h_subject:}{\N^kallekalas$\N}} \ {eq {1}{1}} }} And it works for me. Your example doesn't work for me, too. I suppose there is problem with... don't know, strange char inside? Regards -- xmpp (jabber): marcin [at] mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] router condition, problem with and
W dniu 19.08.2010 09:06, Jonas Forsberg pisze: Hello. I am fairly new to exim4, so please be patient with me. I'm trying to get a condition for a router to work as I expect, but I clearly have issues understanding the syntax. The condition consists of two parts: 1st a check in the Subject field after a string, that I have got to work. condition = ${lookup mysql{ SELECT email FROM users WHERE email='${quote_mysql:$local_pa...@${quote_mysql:$domain}'} {true}{false}} 2nd a check in a MySQL table, which I have been working. condition = ${if match {$h_subject:}{N^KalleKalas$N}{yes}{no}} but to combine those two into a and rule makes my head spin. What ever I do exim4 logs that it can not expand the condition. Hello! If you want to join this two condition with logical and, it would be looks in this way: condition = ${if and{ {lookup mysql{SELECT 1 FROM users WHERE email='${quote_mysql:$local_pa...@${quote_mysql:$domain}'}} {if match {$h_subject:}{N^KalleKalas$N}{yes}{no}}} } I can't test it, i'm not sure about sql query (mayby it shoud be write in such way: {eq {1}{SELECT 1 FROM users WHERE email='${quote_mysql:$local_pa...@${quote_mysql:$domain}'} ) Regards, Marcin -- xmpp (jabber): marcin [at] mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] How to set timeout for command invoked in acl_data
Hi! In acl_check_data are lines: warn message = ${run{/usr/local/bin/dspam-wrapper.sh ${spool_directory}/scan/${message_id}/${message_id}.eml }{$value}{$value}} For a mails containing huge number of words, dspam needs above one, two minutes to check mail. It seems that exim has timeout for run expansion equal to one minute. In logs i'm getting: failed to expand ACL message ${run{/usr/local/bin/dspam-wrapper.sh ${spool_directory}/scan/${message_id}/${message_id}.eml }{$value}{$value}}: command timed out Setting local_scan_timeout=10m doesn't change behavior (and probably this is right:) ). Is possible to change timeout for expansion variable in acl ? Regards, Marcin -- xmpp (jabber): marcin [at] mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Integrating exim, dspam, and spamassasin
W dniu 28.07.2010 13:21, Marcin Mirosław pisze: W dniu 28.07.2010 12:55, Marcin Mirosław pisze: I've got one more question. If i add new header to message does they apper when exim is sending mail to spamd? (configuration is in earlier email) While i'm testing using fake session (exim -bh /tmp/test.comm ) headers added by acldspam are sended to spamd (i was watching at output of tcpdump), but when real connection is made to exim, this headers wasn't send to spamd. Is this situation correct? Hello, Does anybody have any idea how to resolve this problem? Any help appreciated. Regards, Marcin -- xmpp (jabber): marcin [at] mejor.pl www: http://blog.mejor.pl/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] only relay mail for our domain in relay_from_hosts..
W dniu 2010-08-05 17:37, B. Cook pisze: We had 2 accounts get compromised in the latest 'please reply with your password ( ) ' scam.. so what I am looking to do to prevent this from impacting us in the future is.. I would like exim to *only* send mail if it is from our domain.. Hi! Maybe this acl would be usefull for you: acl_check_data: deny authenticated = * condition = ${if or {{!eqi{$authenticated_id}{$sender_address}}\ {!eqi{$authenticated_id} {${address:$header_From:}} }}} message = You must send as the ID you authenticate with. Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] only relay mail for our domain in relay_from_hosts..
W dniu 2010-08-05 18:32, B. Cook pisze: Yes if people were authenticating that would be great.. Why they aren't? People uses login and password to login into webmail. I found this to 'force' that.. accept authenticated = * control= submission/domain= back to my problem.. People sign into squirrelmail as username which can append @domain.org silently.. imap and other smtp auth things.. need n...@domain.org.. It needs what you configured, imap/pop3/smtp can use login in form login or lo...@domain, all is in your hands. I'm trying to help myself from squirrelmail abuse :/ Squirrelmail can send auth to smtp server using login and pass used while user logged to webmail. I'm not sure how it is configured, where are used login = login and where login=u...@domain . Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Integrating exim, dspam, and spamassasin
W dniu 27.07.2010 15:09, Marcin Mirosław pisze: I'm going to do it in this way: # here i'd like to remove some headers # check mail with dpsam warn message = ${run{/usr/local/bin/dspam-wrapper.sh ${spool_directory}/scan/${message_id}/${message_id}.eml }{$value}{$value}} # and i want to reuse headers generated by dspam in SA warn message = X-Spam-Report:$spam_report spam= nobody:true cat wrapper: #!/bin/sh /usr/bin/dspamc --client --mode=teft --user mail --stdout --deliver=spam,innocent $1 | formail -X x-dspam I don't know how to remove headers at acl_data time (i'd like to remove foreign dspam headers). System filter works at deliver time, headers_remove is used in routers and transport, it's too late. Regards, Marcin -- xmpp (jabber): mar...@mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Integrating exim, dspam, and spamassasin
I've got one more question. If i add new header to message does they apper when exim is sending mail to spamd? (configuration is in earlier email) Thanks -- xmpp (jabber): mar...@mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Integrating exim, dspam, and spamassasin
W dniu 28.07.2010 12:55, Marcin Mirosław pisze: I've got one more question. If i add new header to message does they apper when exim is sending mail to spamd? (configuration is in earlier email) While i'm testing using fake session (exim -bh /tmp/test.comm ) headers added by acldspam are sended to spamd (i was watching at output of tcpdump), but when real connection is made to exim, this headers wasn't send to spamd. Is this situation correct? Regards, Marcin -- xmpp (jabber): mar...@mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Integrating exim, dspam, and spamassasin
Hello! I'd like to turn off bayes in SA and use dspam instead of them. I spend some time for searching and i didn't found many solutions. The main goal is: use dspam as plugin for SA. I've found plugin which translate scores from dspam to scores: http://eric.lubow.org/projects/dspam-spamassassin-plugin/ No doc found for it, it looks like message should have X-DSPAM... headers. Ok, now i'm looking how to put X-DSPAM headers into message. First attempt: warn message = ${run{/usr/local/bin/dspam-wrapper.sh ${spool_directory}/scan/${message_id}/${message_id}.eml }{$value}{$value}} cat wrapper: /usr/bin/dspamc --client --mode=teft --user mail --stdout --deliver=summary $1 I'm getting: X-DSPAM-Result: mail; result=Spam; class=Spam; probability=1.; confidence=0.94; signature=4c4ed445259482569042550 The plugin mentioned above dosn't like it, it needs this format: X-DSPAM-Result: Spam X-DSPAM-Processed: Tue Jul 27 14:47:02 2010 X-DSPAM-Confidence: 0.9938 X-DSPAM-Improbability: 1 in 16108 chance of being ham X-DSPAM-Probability: 1. X-DSPAM-Signature: 4c4ed546259481302212047 X-DSPAM-Factors: 15, I'm continuuing searching... I found patch ( http://mta.org.ua/exim-patches/exim-4.67-dspam/ ) which uses local_scan() to connect to dspam daemon. No doc found :( I can't found who wrote patch, i don't know if patch is still mainained. Maybe someone has idea how to do it? Thanks, regards! -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Disable Bounce Messages
W dniu 2010-07-13 21:31, Jeremy Davila pisze: I have the following router . If a user is not known at our domain it's rejected . But then in the exim queue there are a bunch of frozen bounce messages from mailer-dae...@ourdomain.com. How can I disable that ? Thank you all in advance. Imho, you should put in acl_check_rcpt something like this: deny message = No such user !verify = recipient It rejects mail in session, without generating bounce. Regards, Marcin /repost to mailing list/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] option interface in smtp transport and ipv6
W dniu 02.07.2010 11:50, J.R.Haynes pisze: Hi! My understanding is that if a domain has both v4 and v6 addresses Exim first uses the operating system to decide whether to use v6 or v4 (and Phil has explained how to change this globally). Then it looks at the interface option for the first address of that type. If it doesn't find one then interface is ignored and the default OS interface for that type is used. And this knowledge i was mising. So in your case having seen an record for the relevant domain Exim has already decided to use v6, so an interface entry with only a v4 address gets ignored. I was sure, that setting interace=address v4 will force exim to use only v4 for given domain (even if domain has record ). My mistake was that i thought about v4 and v6 as they are in common space. Thank all of you for help! Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] option interface in smtp transport and ipv6
W dniu 02.07.2010 12:51, Nigel Metheringham pisze: On 2 Jul 2010, at 11:30, Marcin Mirosław wrote: I was sure, that setting interace=address v4 will force exim to use only v4 for given domain (even if domain has record ). My mistake was that i thought about v4 and v6 as they are in common space. Are you able to suggest a change/addition in documentation that would have helped prevent your confusion? Sorry, i don't feel able to do it. My skill in english language is to low. But if You have own proposition i'll gladly read it. Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] option interface in smtp transport and ipv6
Hello! I've set up smtp transport in this way: external_smtp_batv: driver = smtp return_path = ${prvs {$return_path}{BATVKEY}} dkim_domain = +local_domains dkim_selector = 100623 dkim_private_key= /etc/ssl/poczta.cibet.pl.key dkim_canon = relaxed interface = ${lookup{$domain}lsearch{/etc/exim/domeny_interfejs.txt}{$value}{}} If recipient domain is found in appropriate file and destination mx doesn't have records everything works correctly. Problem appears when dest. mx has , then option interface is ignored and mail is sending using ipv6 proto. It looks there is bug in smtp tranposrt or option interface should named interface_ipv4. Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] option interface in smtp transport and ipv6
W dniu 2010-07-01 19:33, Phil Pennock pisze: IPv6 addresses contain a colon. Exim's default list separator character is a colon. interface takes an expanded string list. Try ; at the start of the value of interface, to change the list separator character, if you know that you're going to include : as data from the lookup. Hi, Thank you for reply. Sadly it doesn't change behavior of exim. (In file domeny_interfejs.txt i only have ipv4 addresses). I tried this: interface = 1.2.3.4 and : interface = ; 1.2.3.4 and even: interface = ; 1.2.3.4; And it stills doesn't work when recipient mx has record . Then exim sends mail over ipv6. Regards, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] option interface in smtp transport and ipv6
W dniu 2010-07-01 21:23, Phil Pennock pisze: Oh, it appeared from the report that an IPv6 address in the interface was not working. Right, per the documentation for interface: 8 cut here 8-- The first interface of the correct type (IPv4 or IPv6) is used for the outgoing connection. If none of them are the correct type, the option is ignored. 8 cut here 8-- Yes, i read it. But i don't speak well english and maybe i can't catch nuance. Use something like (untested): ignore_target_hosts = ; :: on the Router to refuse to use IPv6 addresses. Or there's dns_ipv4_lookup as a global option, per 13.6 Disabling IPv6. But i don't want to disable ipv6!:) I.E. My domain: host hermes.mejor.pl hermes.mejor.pl has address 193.238.12.139 hermes.mejor.pl has IPv6 address 2001:470:1f0b:84c::2 From other host (on which i setup transport using interafce=1.2.3.4) i'm trying to send mail to domain mejor.pl. I'd like to send mail via ipv4 (not via ipv6), because there are two links, and link with ipv4 only is faster than link with ipv6. So i put domain mejor.pl to file domeny_interfejs.txt and i'm expecting that exim will use address (ipv4) taken from file, and sends via ipv4, although ipv6 can be used for this domain. For other domain, not mention in file, i'd like exim to use ipv6 if domain is capable. Thanks for help, Marcin -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] smtp count confirmation
W dniu 15.06.2010 15:48, Graeme Fowler pisze: acl_check_connect: warn message = DEBUG: connection from $sender_host_address ... Or sth like this, if you want to have smaller logs ;): warn condition = ${lookup pgsql{insert into xx (ip) values ('$sender_host_address')}} And what about connections from users sending mails, should it be counted? Regards -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to compare FROM header against SMTP account authenticated?
W dniu 2010-04-11 22:29, Sergio pisze: Hi all, first of all, sorry if this question has been asked before and hope you can guide on where to get this In my server SMTP has to be authenticated in order deliver emails. But I want to deny any SMTP deliver if the FROM is not the same as the account that has authenticated the deliver, is it possible? (resended to maillist) Hi, I'm using acl like this: acl_check_data: [...] deny authenticated = * condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\ { !eqi{$authenticated_id} {${address:$header_From:}} }\ }\ } message = Blad: nadawca jest inny niz uzytkownik. / You must send as the ID you authenticate with. Regards, -- http://en.wikipedia.org/wiki/Katyn_massacre http://edition.cnn.com/2010/WORLD/europe/04/10/poland.president.plane.crash.analysis/index.html?hpt=C1 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] How to compare FROM header against SMTP account authenticated?
W dniu 2010-04-11 23:16, Sergio pisze: I am using EXIM 4 in WHM. Does your commands have to be written on the box called BEGIN ACL ? I have no idea how WHM looks :) Probably (99%) the answer is yes, but if you have box acl_check_data, choose it. Those acl must be in acl_check_data. Regards. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Why there is no headers from SA in relayed mails?
W dniu 2010-04-09 23:55, Ted Cooper pisze: If you want it to call SA but always return true (and thus add the headers) you'll have to add the :true to the end like you have for the second warn statement/chunk. Indeed. I have no idea why i lost :true while copying config. Thank you for help. Regards. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Why there is no headers from SA in relayed mails?
Hi, I'm wondering why i have no headers from SA in email relayed through router relay? Emails, marked as spam and delivered to local dir, have headers X-Spam_ . Does driver smtp make changes in headers? My exim conf looks like this: acl_check_data: [...] warn spam=nobody add_header = X-Spam_score:$spam_score\n\ X-Spam_score_int:$spam_score_int\n\ X-Spam_bar:$spam_bar\n\ X-Spam_report: $spam_report warn set acl_m9=ham spam=nobody:true condition = ${if {$spam_score_int}{55}{1}{0}} set acl_m9 = spam control = fakereject/rejected after DATA: This is spam, it will be reported accept begin routers spam_fakereject_sc: driver = accept condition = ${if {$spam_score_int}{85}{1}{0}} transport = spam_transport_sc unseen spam_fakereject_kopia: driver = accept condition = ${if eq {$acl_m9}{spam}{true}{false}} transport = spam_transport_kopia relay: driver = manualroute domains = ! +local_domains : +relay_to_domains transport = remote_smtp route_data = 192.168.137.7 ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more begin transports remote_smtp: driver = smtp spam_transport_sc: driver = pipe command = /usr/bin/spamc -C report delivery_date_add envelope_to_add spam_transport_kopia: driver = appendfile directory = /data/spam/$tod_logfile/${domain}/ envelope_to_add Regards. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Find version
W dniu 07.04.2010 16:17, exim...@riotm.co.uk pisze: Lord am I thick! You would think spending an hour googling the various 'exim display version', 'exim show version' and 'exim --version' may have given me a hint how to find the version of exim on the system - but no, it teases me but won't tell me. I've tried exim --version but it complains: /usr/exim/bin/exim --version exim abandoned: unknown, malformed, or incomplete option --version Would someone put me out of my misery (by telling me how, rather than a shot in the arm :-)) Try exim -bV Regards. -- xmpp (jabber): mar...@mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Find version
W dniu 07.04.2010 16:25, Mark Thornton pisze: telnet to port 25 (or whatever you have it serving on). It will respond with a line including the version! It can be use when we doesn't have unix account at smtp server, but it isn't reliable method (please tell my, what is version of my exim ;) ) Regards. -- xmpp (jabber): mar...@mejor.pl -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Find version
W dniu 2010-04-07 17:27, Frank Heydlauf pisze: On Wed, Apr 07, 2010 at 04:34:06PM +0200, Marcin Miros??aw wrote: ... (please tell my, what is version of my exim ;) ) Exim 4.71 We were talking about telnet ;] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/