On 2017-02-25 at 22:25 -0500, Phil Pennock wrote:
> 20fcb1e7be45177beca2d433f54260843cc7c2f6 is the first bad commit
> commit 20fcb1e7be45177beca2d433f54260843cc7c2f6
> At this point, I suspect that the issue is the current line 4974 of
> expand.c, where `lookup_value = NULL` while skipping, but
On 2018-05-14 at 14:12 +0200, Kai Bojens via Exim-users wrote:
> 1. Does Exim close the MySQL connection properly? One explanation I
> found suggested that this could pose a problem.
It should be closing it. There might be a leak, that is something we'd
probably fix given sufficient information.
On 2018-05-22 at 18:09 +0200, Cyborg via Exim-users wrote:
> the german office of security ( BSI ) has given out a policy, that
> secure emailserver should have implemented DANE.
> So, whats the status of DANE for Exim?
> Any usefull selfexplaning examples at hand ? :)
Outbound or inbound?
On 2018-06-15 at 11:51 +, Emanuel Gonzalez via Exim-users wrote:
> "In fact, it is Exim who SHOULD drop fucking legacy protocol support.
> But I cannot convince its developers to do that. I have fixed this
> issue at some point in the past but I have no Exim to test that."
For the record:
On 2018-06-15 at 17:26 -0400, Phil Pennock via Exim-users wrote:
> On 2018-06-15 at 11:51 +, Emanuel Gonzalez via Exim-users wrote:
> > "In fact, it is Exim who SHOULD drop fucking legacy protocol support.
> > But I cannot convince its developers to do that. I have fixed th
On 2018-06-14 at 18:31 +, Emanuel Gonzalez via Exim-users wrote:
> Here the log:
The rspamd proxy is replying with an HTTP response, not an RSPAM
Since I saw logic in the proxy source-code to handle
On 2018-06-15 at 03:56 +0200, krz...@gmail.com via Exim-users wrote:
> SSL verify error: depth=1 error=unable to get local issuer
> certificate cert=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
> SHA2 High Assurance Server CA
> Its the same error for every receiver and I belive error
On 2018-06-13 at 18:44 +, Emanuel Gonzalez via Exim-users wrote:
> rspamd-proxy doesn't work with Exim v4.87. Connection works etc but exim
> can't parse the response.
Interesting. From the rspamd log attached to your ticket against rspamd
it looks as though rspamd thinks things succeeded?
On 2018-05-31 at 21:41 -0500, Martin McCormick via Exim-users wrote:
> The last part of this long message is the log of the
> delivery attempt. As you see, I do now log in to the smarthost
> and the only reason for the failure is that the sender name gets
> The ISP knows
On 2018-04-30 at 14:58 +0100, Gary Stainburn via Exim-users wrote:
> I have now purchased (through 123-reg) a SSL certificate and I am trying to
> install it on the server.
Which method did you use to buy the cert, and are you a "shared hosting
> My problem is that from my
On 2018-02-12 at 14:04 +, Jeremy Harris via Exim-users wrote:
> On 12/02/18 12:12, Martin Nicholas via Exim-users wrote:
> > I notice this from "Exim-users Digest, Vol 165, Issue 9":
> > DKIM: d=exim.org s=d201802 c=relaxed/relaxed a=rsa-sha256 b=1248
> > [verification failed - body hash
On 2018-02-12 at 18:53 -0500, Phil Pennock via Exim-users wrote:
> > On 12/02/18 12:12, Martin Nicholas via Exim-users wrote:
> > > I notice this from "Exim-users Digest, Vol 165, Issue 9":
> I've subscribed another address to the mailing-list, in digest mode, to
On 2018-02-12 at 19:45 -0800, Ian Zimmerman via Exim-users wrote:
> I note with horror that now I am also a 'via Exim-users' despite
> intentionally NOT using DKIM for list messages, including this one.
> Why? Is the rewriting now done regardless?
Yes. I don't know who/why.
On 2018-02-16 at 12:21 -0300, Nicolas Leonel via Exim-users wrote:
> I apologizes but my exim knowledge is extremely limited, can you share an
> example on how to setup two different users with that example.
I did. In the linked message:
On 2018-02-16 at 10:27 +0100, Cyborg via Exim-users wrote:
> has anyone ever heared, that Beast worked against TLSv1 on mailservers ?
I wrote a post to exim-announce at the time, analysing the situation.
A Google search for (exim beast) turned this up as the first result:
On 2018-02-20 at 13:54 +, Andrew C Aitchison via Exim-users wrote:
> Interesting idea to use the whois database to detect spammers.
> Since whois data has expiry info and doesn't change every day,
> I wonder how easy it would be to cache the results.
The jwhois client does this; it's a GNU
On 2018-02-22 at 17:34 +, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only
> allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use
The way we configure OpenSSL and the amount of special stuff we have to
do is a bit of a mess. GnuTLS is a bit better, because you can put TLS
protocol versions into the Priority String, but with OpenSSL, we're
stuck trying to support every last thing and caught when some folks
On 2018-04-09 at 08:14 +0200, Kirill Miazine via Exim-users wrote:
> Hi, Phil
> * Phil Pennock via Exim-users [2018-04-08 17:24]:
> > We've said "we only support versions of OpenSSL supported by the
> > upstream project", so now it's time to take adva
On 2018-04-18 at 11:42 +, Robert Bannocks via Exim-users wrote:
> I want to search a file for decreasingly specific forms of an address
> that come from a given host and do some specialist routing thereafter.
> To this end I have constructed the following confition:
Can you change the stored
I've committed and pushed a change to the default Exim configuration
file for the next Exim release. This change has the example SMTP
Transport used for _smarthosts_, such as talking to an ISP, using TLS by
default, with _strong_ TLS enabled, and certificate verification, and
On 2018-04-20 at 22:38 -0400, Viktor Dukhovni via Exim-users wrote:
> I'd make that:
> Because, the ciphers are already sensibly ordered as of OpenSSL 1.0.0.
No matter what we tell people and how much we push towards 1.0.2 as a
On 2018-04-21 at 11:23 +0200, Andreas Metzler via Exim-users wrote:
> Personally I am not convinced that this is the right way for trying to
> enforce stronger encryption standards on mail providers.
It's not about that. It's about providing people relying upon defaults
with worthwhile security,
On 2018-04-16 at 20:21 +0200, Max Kostikov via Exim-users wrote:
> I had this
The experimental DMARC support hard-requires SPF support.
4. SPF support is promoted from Experimental to mainline status. The template
On 2018-04-16 at 20:47 +0200, Max Kostikov via Exim-users wrote:
> Is this option deprecated now?
> Found nothing about this in ChangeLog and NewStuff.
> (system is FreeBSD 11.1-RELEASE-p9)
With the benefit of 20/20 hindsight, there's a couple of things which
could have gone into README.UPDATING.
On 2018-04-16 at 12:14 -0500, Larry Rosenman via Exim-users wrote:
Enable OCSP support. It's on by default in Exim and our test suite
isn't good at ensuring we still compile when various things are
Just so folks see it can be done: dual-DKIM signing, and verification,
with Exim. Jeremy did all the Exim code to manage this, I'm acting
purely as a sysadmin in deploying this.
Exim 4.91, using OpenSSL 1.1.1-pre4, is the MTA for spodhuis.org;
and is the next-exim for exim.org, so is the version
On 2018-04-23 at 21:20 +0200, Sławomir Dworaczek via Exim-users wrote:
>> Afertupgrade from exim version 4.90_1 to 4.91 messages not sending to
>> external host
>> Panic log : Delivery status for user@external_domain.com got 0 of 7 bytes
>> (pipeheader) from transport process 13323 for transport
On 2018-03-28 at 21:11 -0400, Phil Pennock via Exim-users wrote:
> $smtp_found_dane or something? Note that DANE support is Experimental
> and feedback and requests are a good thing (patches even better!).
Uh ... DANE graduated from Experimental, I forgot. Sorry.
Am tentatively th
On 2018-03-28 at 11:43 +0200, Mark Elkins via Exim-users wrote:
> Begs the question, do DANE enabled machine therefore perhaps require a
> stronger encryption - as their owners should know what they are doing?
> I've no idea if its possible to allow weaker encryption for
On 2018-03-28 at 21:29 -0400, Phil Pennock via Exim-users wrote:
> On 2018-03-28 at 21:11 -0400, Phil Pennock via Exim-users wrote:
> > $smtp_found_dane or something? Note that DANE support is Experimental
> > and feedback and requests are a good thing (patches even better!).
On 2018-07-07 at 18:56 +0100, Julian Bradfield via Exim-users wrote:
> Is there a way to detect, in the Exim configuration file, whether a
> sender domain has a DMARC record?
Use a `dnsdb` lookup, look for the DMARC DNS record. The rest of your
mail leads me to suggest a better approach, but to
Mail list logo