Re: [exim] Something like "domains_require_tls"

Hi Olaf, I had a similar problem several years ago, but had to ensure TLS in and TLS out to potentially hundreds of domains so implemented in in our mail relay servers using a MySQL database: CREATE TABLE `tls_force_remote_domains` (   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,  

[exim] Exim 4.96 on Devuan 4.0 build problem with PCRE2

All, Not quite sure what's going on with Exim 4.96 ... have been running previous versions up-to and including 4.94.2 on Devuan 4.0 (Like Debian 11 with without Poettering's systemd rubbish). I come to migrate to Exim 4.96 which is usually: * download the latest version * unpack it next

Re: [exim] FTP access to exim.org not working?

On 17/12/2022 17:10, Andreas Metzler via Exim-users wrote: [...] Hello, Works for me on Debian with lftp. BTW: Does it still make sense to offer ftp access in addition to http(s)? Are there still systems that can do the former but not the latter? cu andreas For me with headless, remote,

Re: [exim] FTP access to exim.org not working?

(2047632 bytes). 226 Transfer complete. 2047632 bytes received in 0.16 secs (12.0100 MB/s) ftp> thanks ;-) Mike On 17/12/2022 15:59, Moritz Orbach via Exim-users wrote: Hi Mike, Am Sa, 17.12.2022 16:03 Uhr schrieb Mike Tubby via Exim-users: Has something changed w.r.t. FTP access to exim.o

[exim] FTP access to exim.org not working?

Hi All, Has something changed w.r.t. FTP access to exim.org? I have downloaded new versions of Exim for years using FTP CLI but now I can't files from two different hosts and with 'active' or 'passive' modes. My end are Devuan 4.0 (like Debian 10 but without systemd) and FTP command from

Re: [exim] Exim 4.96 compile fails on Devuan 4

On 11/09/2022 22:15, Andrew C Aitchison via Exim-users wrote: On Sun, 11 Sep 2022, Mike Tubby via Exim-users wrote: Hi all, Compiling Exim 4.96 fails on Devuan 4.0 Chimaera (basically Debian but without systemd). Firstly it complained that I didn't have "pcre2.h" - which it

[exim] Exim 4.96 compile fails on Devuan 4

Hi all, Compiling Exim 4.96 fails on Devuan 4.0 Chimaera (basically Debian but without systemd). Firstly it complained that I didn't have "pcre2.h" - which it has never asked for before:     /bin/sh ../scripts/Configure-os.h     cc -DMACRO_PREDEF macro_predef.c     In file included from

Re: [exim] Some Emails to gmail now hang

Mark, I have experienced the same... seems to happen one every 2-3 weeks and I think it depends on which actual server in Google's cluster you get connected to. Google's implementation of SMTP seems to be very poor at reporting actual problems, rather it either accepts delivery (and

Re: [exim] dkim fail on forwarded messages

Or is it "Mailing lists break DKIM?" ;-) On 29/06/2022 10:37, Jeremy Harris via Exim-users wrote: DKIM breaks mailinglists. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list -

[exim] Virus scanning email with Sophos (or other AV engines) on mail servers

I run am email system with three public mail relay servers which act as the MX and front ends for a couple of hundred domains. These relay servers run Exim and perform a wide range of 'email firewall functions' policing the SMTP protocol, checking RBLs, SPF, DKIM, URBL, sender verify,

Re: [exim] SMTP timeouts

On 13/03/2022 22:30, Evgeniy Berdnikov via Exim-users wrote: On Sun, Mar 13, 2022 at 08:06:45PM +, Mike Tubby via Exim-users wrote: 2022-03-13 19:47:53 1nTTGO-0001Jw-Tr H=alt2.gmail-smtp-in.l.google.com [2a00:1450:4025:c03::1a]: SMTP timeout after sending data block (476909 bytes written

Re: [exim] SMTP timeouts

On 13/03/2022 20:33, Jeremy Harris via Exim-users wrote: On 13/03/2022 20:06, Mike Tubby via Exim-users wrote: 2022-03-13 19:47:53 1nTTGO-0001Jw-Tr H=alt2.gmail-smtp-in.l.google.com [2a00:1450:4025:c03::1a]: SMTP timeout after sending data block (476909 bytes written): Connection timed out

[exim] SMTP timeouts

I have started seeing odd timeouts from Exim when talking to Goolge gmail, email path:     MTA (Thunderbird/Win 10) --> mail.tubby.org (Linux/Exim) --> relay1.thorcom.net (Linux/Exim) --> Gmail My MTA is behind my firewall, it sends SMTP to my public mail server, which relays (smart host)

[exim] Devuan Chimaera + Exim + MariaDB 10.5.12 weirdness (and potential workaround)

All, Upgraded my public email server from Devuan 3.1 Beowulf to Devuan 4.0 Chimaera this afternoon and Exim stopped working ... fair enough, it's a custom build for the platform so did:     cd /root/exim-4.94     make clean     make makefile     make     make install then:     service exim

Re: [exim] GnuTLS vs OpenSSL

Interesting discussion ... I am in a slightly different place on our three public mail servers that handle circa 200,000 mails per day for about 20-30 domains. 1. I use Devuan 3.1 (Beowulf) and compile Exim from source with OpenSSL rather than GnuTLS.  NB. No systemd here to fek with things!

Re: [exim] spf info in the "Authentication-Results:" header?

SPF is not 'authentication', its a separate framework for dealing with Sender Policy, hence the name Sender Policy Framework ;-) I log SPF results on my public mail relays from the 'acl_check_mail' like this: acl_check_mail:     #     # log the SPF result     #     warn   

Re: [exim] Taint mismatch, Ustrncpy: retry_update 826 ?

On closer inspection, I think I am generating one per message stuck on the queue - each time Exim runs the queue - hence this may relate to 'retry_update'? Exim 4.93 built from source, 64-bit Devuan 3.0 Beowulf (similar to Debian 10 but without systemd). On 25/01/2021 13:48, Mike Tubby via

[exim] Taint mismatch, Ustrncpy: retry_update 826 ?

All, I thought that I had fixed my system's issues with tainted data some months ago but I appear to be logging one of these in paniclog for each message processed: 2021-01-25 10:48:56 1l2yKc-0003H9-4x Taint mismatch, Ustrncpy: retry_update 826 2021-01-25 10:58:56 1l2yKc-0003H9-4x Taint

Re: [exim] How to reject overlong addresses/local parts in From: header?

If its the sender address, i.e. the envelope then in acl_check_mail something like:     #     # check length of sender's address     #     deny    condition = ${if > {strlen:$sender_address}{200}}     message = Sender address is too long     logwrite =

Re: [exim] tainted data issues

On 11/11/2020 18:31, Chris Siebenmann via Exim-users wrote: Jeremy Harris: Semi-radical: provide an ACL, router, and transport modifier that checks some variable or content for dangerous contents We have that. All data provided by an untrusted source, described as "tainted" for a

Re: [exim] tainted data issues

On 10/11/2020 08:37, Julian Bradfield via Exim-users wrote: I thought it was standard practice in introducing a new feature that causes major breakage to existing installations, to take a three step approach. First you provide the feature, and give it an enabling switch with three levels

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

Ok, I think I have have gotten my head around this now ... I have a global domain list: # # local_domains -> domains that land here # domainlist local_domains = ${lookup mysql{SELECT domain FROM domains WHERE type='local' AND active='1'}{${sg{$value}{\\n}{ : }} }} which I already use for

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

On 08/11/2020 12:12, Andrew C Aitchison via Exim-users wrote: On Sun, 8 Nov 2020, Mike Tubby via Exim-users wrote: Now it looks like I have to use additional look-ups, perhaps something like this:     $domain_data = ${lookup mysql{SELECT domains.domain AS domain FROM

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

On 07/11/2020 23:30, Michael Haardt via Exim-users wrote: Ok, have had a 5 minute scan read ... seems that tainted data is a {potential} problem, but in my case the variables that I use to build a path in transport 'local_delivery': [...] have already been used as keys in a database look-up

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

On 07/11/2020 20:54, Jeremy Harris via Exim-users wrote: On 07/11/2020 20:43, Mike Tubby via Exim-users wrote: What do I need to know to fix this one? Either - read back through exim-users, which has amply covered tainting or - start by hauling up the concept index in the docs, and search

Re: [exim] SPF and DKIM error processing when receiving emails

On 06/11/2020 11:53, Mark Elkins via Exim-users wrote: I've got the following in exim.conf acl_check_dkim:     deny dkim_status = fail     message = DKIM validation failed: $dkim_verify_status     log_message = DKIM validation failed: $dkim_verify_status \    

[exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

All, So you can tell its Lockdown 2.0 as I am catching up with email server sysadmin, updating spam scanning and antivirus ready for when the thought police visit next month. I have been running Exim 4.93.0.4 successfully with virtual domains with a MySQL backend in first-normal form and

Re: [exim] Exim and Sophos command line AV wrong exit codes?

On 07/11/2020 20:10, Adam D. Barratt via Exim-users wrote: On Sat, 2020-11-07 at 17:45 +, Mike Tubby via Exim-users wrote: 2. the return value 512 (really 2) is tripping on a password encrypted ZIP file for which there is no right thing to do: a) accept it because we can't

Re: [exim] Exim and Sophos command line AV wrong exit codes?

On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote: On 07/11/2020 16:16, Mike Tubby via Exim-users wrote: Sophos manual for savscan says it returns:     0  If no errors are encountered and no threats are detected.     1  If you interrupt savscan (usually by pressing CRTL

Re: [exim] Exim and Sophos command line AV wrong exit codes?

On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote: On 07/11/2020 16:16, Mike Tubby via Exim-users wrote: Sophos manual for savscan says it returns:     0  If no errors are encountered and no threats are detected.     1  If you interrupt savscan (usually by pressing CRTL

[exim] Exim and Sophos command line AV wrong exit codes?

All, Environment: Devuan 3.0 Beowulf 64-bit on Xeon - like Debian Buster but without systemd ;-) Exim 4.93.04 built from source. Sophos Linux free command line scanner. Low volume mail server with mail relays in front doing SpamAssassin and Clam-AV but want to run second line of defense

Re: [exim] remote MX does not support STARTTLS

On 23/09/2020 18:16, Jeremy Harris via Exim-users wrote: On 23/09/2020 16:59, Bill Cole via Exim-users wrote: 1. You don't allow any TLS versions below 1.2. While that may seem to be a safety measure, it actually can cause problems because a client that does not support v1.2 or v1.3 can only

Re: [exim] DKIM and debian buster...

On 07/07/2020 00:23, Jeremy Harris via Exim-users wrote: On 07/07/2020 00:01, Mike Tubby via Exim-users wrote: remote_smtp:     driver = smtp     dkim_domain = ${lc:${domain:$h_from:}}     dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE domain='${quote_mysql

Re: [exim] DKIM and debian buster...

On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote: I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like: DKIM_CANON = relaxed DKIM_SELECTOR = 2020 DKIM_DOMAIN = ${lc:${domain:$h_from:}} DKIM_PRIVATE_KEY = ${if

Re: [exim] A DOS?

On 05/06/2020 10:24, Jacques B. Siboni via Exim-users wrote: On Fri, 2020-06-05 at 09:36 +0100, Jeremy Harris via Exim-users wrote: By the way, if you really are logging "H=router" then you have an unusual network setup. If you obfuscated it, then you are making it harder for us to help you.

Re: [exim] Testing sender and recipient domains in MIME ACL

On 02/06/2020 18:19, Jeremy Harris via Exim-users wrote: On 02/06/2020 17:15, Mike Tubby via Exim-users wrote: Right now I' doing this in the RCPT ACL: tl;dr. Which bit does not work? I wanted to do this - in the MIME ACL:     #     # Check if sender is whitelisted to disable

Re: [exim] Testing sender and recipient domains in MIME ACL

On 27/05/2020 20:58, Jeremy Harris via Exim-users wrote: On 26/05/2020 07:53, Mike Tubby via Exim-users wrote: I need to make business logic decisions in the MIME ACL on how to screen MIME content based on the sender domain and recipient domain The message could have multiple recipients

[exim] Testing sender and recipient domains in MIME ACL

I need to make business logic decisions in the MIME ACL on how to screen MIME content based on the sender domain and recipient domain but the variables that I need to not appear to be set up: 2020-05-18 16:05:04 1jahKC-0005Zn-Tj H=relay1.thorcom.net [195.171.43.32]

Re: [exim] What process are changing the rights of all files to Debian-exim?

I do not recognise this problem on Debian, Ubuntu or Devuan ? On all three OS I remove the OS installed exim4-demon-light, exim4-daemon-heavy etc. packages, purge the system and by hand remove debian-exim from /etc/group and /etc/passwd so that the system ends up totally void of packaged

Re: [exim] Exim as a backup MX server

Linda, Using multiple MX at multiple locations is common for lager implementations, big business, ISPs etc. Even my personal domain (tubby.org) follows this design with two servers at my company and a third at another site. root@public:~# dig tubby.org mx ; <<>> DiG 9.11.5-P4-5.1-Debian

Re: [exim] Spurious DNS lookups during inbound mail processing ?

On 27/04/2020 20:21, Jeremy Harris via Exim-users wrote: On 27/04/2020 20:09, Mike Tubby via Exim-users wrote: 2020-04-27 19:05:46 1jT88X-0003Qr-G5 DKIM START: domain=bounce.wowcher.co.uk possible_signer=e.wowcher.co.uk status=pass 2020-04-27 19:05:46 1jT88X-0003Qr-G5 no IP address found

[exim] Spurious DNS lookups during inbound mail processing ?

All, I've been meaning to ask about this for over a year and not got round to it ... On my email relays (Exim 4.93 compiled from source, Devuan Beowulf, 64-bit Intel) I frequently see messages:     no IP address found for host Where 'spurious name' is one of two or three names that

Re: [exim] Dovecot style Authentication Policy Server for Exim? ** SOLUTION **

outcome and returns the HTTP response code. Mike On 17/03/2020 08:18, Heiko Schlittermann via Exim-users wrote: Mike Tubby via Exim-users (Di 17 Mär 2020 01:51:55 CET): All, Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system whereby it can make a web-services call to to a

Re: [exim] Dovecot style Authentication Policy Server for Exim?

On 18/03/2020 09:07, Andrew C Aitchison wrote: On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote: The PHP back-end accepts a POST on a URI with form data that contains: * email address * password * remote IP address the back-end considers:    a) the username/password pair

Re: [exim] Dovecot style Authentication Policy Server for Exim?

do that in a firewall such as iptables before the connection reaches exim unless the location of the logging is critical). On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote: Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system whereby it can make a web-services call to t

Re: [exim] Dovecot style Authentication Policy Server for Exim?

On 17/03/2020 09:40, Jeremy Harris via Exim-users wrote: On 17/03/2020 00:51, Mike Tubby via Exim-users wrote: it would be really good (tm) if Exim could make similar call outs to an Authentication Policy Server You mean something like the entire set of ACL and authenticator facilities

[exim] Dovecot style Authentication Policy Server for Exim?

All, Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system whereby it can make a web-services call to to an Authentication Policy Server: 1.     command: on connect, before authentication 2.     command: on connect, after authentication 3.     report: on final outcome

[exim] Weirdness when forcing TLS and checking that its working in ACLs

All, Some government departments that we work with asked us to increase email security via "forced TLS" for which I developed a solution for:     a) our public email relay servers (with upstream/downstream and local/remote hosts - 4 legs) - this is moderately complex but all worked first

Re: [exim] Systemd sandboxing, syscalls etc.

On 13/02/2020 13:02, Jeremy Harris via Exim-users wrote: On 13/02/2020 12:03, Kai Bojens via Exim-users wrote: Would it be possible for the Exim project to provide some insights into which syscalls, capabilities, access to directores and so on are required? Not in full. We don't maintain a

Re: [exim] Problem with tls_certificate and multiple domains

On 16/10/2019 08:29, Cyborg via Exim-users wrote: Nospam2k (Mi 16 Okt 2019 08:05:05 CEST): Perhaps I should go about this a different way. I am going to be hosting multiple domains. Since it seems that $tls_in_sni is returning blank and/or can be unreliable, what is the best way to handle

Re: [exim] Define preferred encryption algorithms

ECDHE-R SA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA I will compare ;-) JME -Message d'origine----- De : Exim-users De la part de Mike Tubby via Exim-users Envoyé : samedi 12 octobre 2019 15:36 À : exim-users@exim.org Objet : Re: [exim] Define preferred encryption algorithms We use

Re: [exim] Define preferred encryption algorithms

We use Exim 4.92.2 compiled with OpenSSL on Devuan 3.0 Beowulf with GCC version 8. # # Enable TLS with strong ciphers # MAIN_TLS_ENABLE = true openssl_options = -all +no_sslv2 +no_sslv3 +no_compression +cipher_server_preference If you use a contracted (short) cipher list like these: #

[exim] TLS unsupported protocol?

I have someone connecting to me repeatedly and failing on TLS/SSL start up, thus: 2019-09-02 23:57:30 CONNECT: New connection from 80.82.32.21:62950 -> 195.171.43.32:25 2019-09-02 23:57:30 CONNECT: Accepting connection from: 80.82.32.21 - not blocked by any RBL 2019-09-02 23:57:30 HELO:

Re: [exim] Outgoing mail

This is usually about setting the envelop address correctly and depends on your application generating the email, for example it could be a shell invocation of "sendmail -f ..." or the way I do it from websites which is via an SMTP connector.  On some sites I use a custom PHP connector on

Re: [exim] Sourcing Exim Filter from MySQL/MariaDB table?

On 08/05/2019 00:57, Jeremy Harris via Exim-users wrote: On 08/05/2019 00:39, Mike Tubby via Exim-users wrote: user_filter:     driver = forwardfile     data = ${lookup mysql{SELECT rule FROM users LEFT JOIN domains \         ON domains.id=users.domain_id LEFT JOIN filters

Re: [exim] Sourcing Exim Filter from MySQL/MariaDB table?

On 07/05/2019 23:09, Jeremy Harris via Exim-users wrote: On 07/05/2019 22:52, Mike Tubby via Exim-users wrote: is there a way to implement per-user filtering by having Exim read it from a MySQL/MariaDB table at delivery/processing time? Reading the doc chapter on the redirect router, it'd

[exim] Sourcing Exim Filter from MySQL/MariaDB table?

I'm building an Exim/Dovecot/Nginx/Roundcube system to replace our ancient public mailserver (Redhat 9, Exim 4.14, Courier-IMAP). The new system OS is Devuan 3.0 "Beowulf" with MariaDB 10.3 (no systemd entanglement ;-) and I've built a database to host users, passwords, domains, aliases,

[exim] Exim DKIM fails to import some keys?

I have just discovered that Exim DKIM appears to fail to parse some DKIM keys that other systems claim are okay: 19 00:50:18 RCPT: SPF Result2=pass (Partnersresponse.dell.com / mail04.response.dell.com [142.0.168.187]) 19 00:50:19 1hHGnL-0002nj-0r PDKIM: d=dell.com s=dk2016 [failed key

Re: [exim] Server Upgrade

On 14/04/2019 02:40, Jasen Betts via Exim-users wrote: On 2019-04-13, Rainer Dorsch via Exim-users wrote: Hi, I want to upgrade my server from Debian Jessie to Debian Stretch. I am afraid that at some time during the upgrade process, there is an invalid exim configuration and messages get

[exim] Strange log message: no IP address found for host bazar2, conectiva.com.br

All, I run a set of public mail relays that have a pretty comprehensive 'email firewall' implementation that makes extensive use of ACLs and perform a wide range of checks including RBLs, SMTP protocol, etc. I run Exim 4.92 compiled from source on Ubuntu 16.04 LTS 64-bit. All of my ACLs use

Re: [exim] exim segfault on CSA check

On 15/03/2019 14:54, Jeremy Harris via Exim-users wrote: On 15/03/2019 14:36, Mike Tubby via Exim-users wrote: Does the use of a CNAME in this case violate an RFC? I've not looked hard to find one. The original RFC for SRV doesn't mention CNAME. Discussion here: https://serverfault.com

Re: [exim] How to block using exim re:[doc...@nk.ca: Your account has been hacked! You need to unlock.]

On 27/01/2019 13:42, Graeme Fowler via Exim-users wrote: On 27 Jan 2019, at 12:33, The Doctor via Exim-users wrote: am certain many of you have seen this, but how do you block / bounce said below e-mail via exim using spamassassin / clamd ? Install at least the ‘phish’ database from

Re: [exim] SPF not working in Exim 4.91 ?

On 16/01/2019 20:21, Odhiambo Washington wrote: On Wed, 16 Jan 2019 at 18:26, Mike Tubby via Exim-users mailto:exim-users@exim.org>> wrote: On 15/01/2019 10:21, Jeremy Harris via Exim-users wrote: > On 15/01/2019 09:54, Mike Tubby via Exim-users wrote: >> Can s

Re: [exim] SPF not working in Exim 4.91 ?

On 15/01/2019 10:21, Jeremy Harris via Exim-users wrote: On 15/01/2019 09:54, Mike Tubby via Exim-users wrote: Can someone point me in the right direction? Presumably your build didn't actually include SPF. Check the "Support for" line from "exim -bV". If it's not t

Re: [exim] Patch for Exim 4.91 compile warning

On 16/01/2019 14:31, Heiko Schlittermann via Exim-users wrote: Mike Tubby via Exim-users (Mi 16 Jan 2019 14:58:07 CET): All, When compiling Exim 4.91 on Ubuntu 16.04.5 LTS I get a gcc warning in the USR1 signal handler: gcc exim.c exim.c: In function ‘usr1_handler’: exim.c:242:1: warning

[exim] Patch for Exim 4.91 compile warning

, process_info_len); > //(void)close(fd); > > if (fd > 0) { >   ssize_t x; >   int y; > >   x = write(fd, process_info, process_info_len); >   y = close(fd); >   } 242,243d252 < (void)write(fd, process_info, process_info_len); < (void)close(fd); Regards Mike Tubby MJT

Re: [exim] SPF not working in Exim 4.91 ?

Ubuntu 16.04.5 LTS On 15/01/2019 12:20, Odhiambo Washington via Exim-users wrote: On Tue, 15 Jan 2019 at 13:04, Mike Tubby via Exim-users wrote: I have been using Exim-4 built from source with SPF from libspf2: https://github.com/Exim/exim/wiki/SPF for several years and when a new

[exim] SPF not working in Exim 4.91 ?

I have been using Exim-4 built from source with SPF from libspf2:     https://github.com/Exim/exim/wiki/SPF for several years and when a new version is issued I grab the tarball, copy over Local/Makefile from the previous release and:     make configure     make     make install and all is

[exim] Public key syntax error with some DKIM keys?

I'm getting DKIM public key parse errors with a few sites such as 1click-email.com: 2017-03-31 16:01:25 CONNECT: Accepting connection from: 185.163.190.90 - not blocked by any RBL 2017-03-31 16:01:25 HELO: Accepted HELO/EHLO relay843.mysmtp3.com from remote host: 185.163.190.90

[exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

All, I have recently installed our COMODO 384-bit ECC PositiveSSL Widlcard Certificate (*.thorcom.net) on relay1|relay2|relay3.thorcom.net and am seeing lots of TLS errors: (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher followed by: TLS client

Re: [exim] SNI and DANE TLSA record monitoring

If what we're saying is that Exim needs to be virtual host capable then I think that we're on the edge of needing a proper virtual hosts sub-system that deals with: 1. naming the virtual host 2. configuring certificates 3. configuring TLS options (ciphers, etc) 4. configuring a

Re: [exim] Best OS to run EXIM

Ubuntu 14.04 LTS 64-bit Server on all our production servers with either "exim-daemon-heavy" or compiled from source. In Ubuntu: # apt-get install exim-daemon-heavy Mike On 10/19/2016 3:01 AM, 3YSTech Services wrote: Hi, I currently run exim 4.81 on rhel6 , looking to run latest EXIM

Re: [exim] safe handling of $tls_sni

Couldn't we have - per perhaps shouldn't we have - a "safe domain name" function in Exim that could be used for this and elsewhere where an untrusted domain name enters - it would: * remove white space (tab, space, etc) * remove non-printing chars * remove 'quoting' and

Re: [exim] ot: rDNS + spam assassin

On 9/19/2016 4:29 PM, Dave Lugo wrote: On Mon, 19 Sep 2016, Mike Tubby wrote: There is no 'law' that says your reverse DNS must work and its simply dangerous to use the heuristic no rDNS => High probability of SPAM. I respectfully disagree. It's as dangerous as any other very effect

Re: [exim] ot: rDNS + spam assassin

I think the problem is that you're relating an IP/DNS issue to a SPAM identification technology. There is no 'law' that says your reverse DNS must work and its simply dangerous to use the heuristic no rDNS => High probability of SPAM. You would probably be better served using extensive

Re: [exim] Exim as relay only - failover

We do it with three physical machines across two physical sites: relay1.thorcom.netWorcester relay2.thorcom.netWorcester relay3.thorcom.netUxbridge All three machines run the same config. Domains that we allow to relay have their MX so that relay1 and relay2 are load

Re: [exim] Reject mail based on DKIM

How are you testing your DKIM or how are you expecting it to work? On my email relays I implement a couple of rules: 1. some domains ("known signers") must have a DKIM signature and it must be valid. This is used for domains like google, yahoo etc. 2. if an email has a DKIM

Re: [exim] minor "what the heck.." :)

Sounds like sensible bounds checking to me - probably preventing a buffer overrun ;-) On 25/05/2016 15:13, Cyborg wrote: Hello Jeremy, Just found this ins my logfile : 2016-05-25 16:11:43 1b5ZXD-0005mI-HV string_sprintf expansion was longer than 32768 (%s Warning: %s) very helpful :)

Re: [exim] tls_advertise_hosts

On 25/04/2016 23:08, Heiko Schlittermann wrote: Mike Tubby <m...@tubby.org> (Mo 25 Apr 2016 23:57:51 CEST): Gents, I have to say that this is all sounding very complicated, please can we have the old default back? ... its seems to make most sense, to me, to have: tls_advertise

Re: [exim] tls_advertise_hosts

Gents, I have to say that this is all sounding very complicated, please can we have the old default back? ... its seems to make most sense, to me, to have: tls_advertise_hosts = and require users to: a) turn it on by specifying something else, and b) put some meaningful

Re: [exim] Reject servers that use my ip address as EHLO

You can do a lot to stop spam-bots and the like by policing of the HELO/EHLO ... there are still bots that say "HELO OEMCOMPUTER" and Windoze servers that say things like "HELO XYZDOMAIN" which we reject. Here's how we do it on our public servers: * accept if host is in relay_from_hosts

Re: [exim] Multiple SMTP authenticators for the same mechanism?

How about having Exim listen on an additional TCP port and then use different rules for that port? ... possibly no authentication at all? You can firewall access to the port differently. I have a system that works as a normal MTA on port 25, has user submission on port 587 and bulk mail

Re: [exim] Ignoring SSL-Errors on self signed certificates

Unless I am missing something ... the certificate: a) is self-signed b) has expired hence a warning and an error. What happens if you make a new self-signed certificate that is "in date" and try that instead? I use self-signed certificates without problems. Mike On 14/04/2016

Re: [exim] Spool file not found

There is probably a stale entry in Exim's database in: /var/spool/exim/db in the 'retry' or 'callout' files. This can occur under some circumstances if exim is stopped/restarted (or crashes) or upgraded during a delivery. He,e you can end up with a reference to an email in the database

Re: [exim] Exim 4.87 reports no server certificate but appears to work?

Heiko, Thanks for this, but I am still confused as I have a valid key+cert installed so why do I get the warning at all? Mike On 07/04/2016 09:05, Heiko Schlittermann wrote: Heiko Schlittermann (Do 07 Apr 2016 08:59:08 CEST): Heiko Schlittermann

[exim] Exim 4.87 reports no server certificate but appears to work?

Anyone else seeing this with Exim 4.87? Warning: No server certificate defined; TLS connections will fail. during "make install" and in panic log, while having a self-signed certificate defined (same config as Exim-4.86) and yet TLS appears to work? During "make install": >>> exim

Re: [exim] Exim 4.87 RC7 uploaded

-one-print-a-size-t-variable-portably-using-the-printf-family Mike On 01/04/2016 22:16, Mike Tubby wrote: Exim 4.87-RC7 doesn't compile clean on: Ubuntu 14.04 LTS 32-bit we have several 'format' errors - possibly as a result of "unisgned int" being loosly constrained and able to

Re: [exim] Exim 4.87 RC7 uploaded

Exim 4.87-RC7 doesn't compile clean on: Ubuntu 14.04 LTS 32-bit we have several 'format' errors - possibly as a result of "unisgned int" being loosly constrained and able to be 64-bit on 64-bit machines but actually being 32-bit on this platform? I've not looked at the code in question

[exim] Exim TLS with ECC/ECDHE gives "incompatible objects" error

:14 1ajxvG-0008PR-Ks <= exim-users-bounces+mike=tubby@exim.org H=relay2.thorcom.net [195.171.43.34] P=esmtp S=4270 id=mailman.0.1459036032.25222.exim-us...@exim.org T="Welcome to the \"Exim-users\" mailing list" 2016-03-26 23:47:14 1ajxvG-0008PR-Ks =>