Nabble - Exim Users

Re: Need help with exim.

2009-12-14T03:49:16Z

I still have trouble with mail delivery failed spam. My exim.conf now is:

primary_hostname = mail.domain.com
domainlist local_domains = domain.com
domainlist domains_we_reject = *.*.*.ru:*.*.ru:*.ru:*.br:*.in:*.cn:*.rus
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1: 192.168.0.0/16
log_file_path = syslog
message_size_limit = 30M
smtp_receive_timeout=5m
smtp_accept_queue = 100
smtp_accept_max = 40
smtp_accept_max_per_host = 5
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = /var/run/spamd.sock
#spamd_address = 127.0.0.1 783
never_users = root
#host_lookup =
host_lookup = 0.0.0.0/0
host_lookup_order = byaddr
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 1d
errors_reply_to = postmaster@domain.com
timeout_frozen_after = 3d
helo_try_verify_hosts = !+relay_from_hosts
helo_allow_chars =
begin acl
acl_check_rcpt:
check_recipient:
# stop bounce from us, lets do it by sender's server
accept domains = +local_domains
endpass
message = unknown user
verify = recipient

accept hosts = :

deny
log_message = match in spam list
dnslists = bl.spamcop.net:sbl.spamhaus.org
deny sender_domains = +domains_we_reject
message = Unknown users
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
control = submission
domains = !+local_domains
accept authenticated = *
control = submission
accept domains = +relay_to_domains
endpass
verify = recipient
deny message = relay not permitted

acl_check_data:

deny message = Serious MIME defect detected ($demime_reason)
demime = *
deny message = This message contains a virus ($malware_name) and has been rejected.
# skip virus check when message is larger than 1MB
condition = ${if <{$message_size}{1m}{1}{0}}
demime = *
malware = *

# Messages larger than 150k are accepted without spam scanning to reduce spamd load

accept condition = ${if >{$message_size}{150k}{true}}

warn message = X-SA-Report: $spam_report
spam = mail:true
condition = ${if >{$spam_score_int}{0}{1}{0}}
warn message = X-SA-Status: Yes
spam = mail:true
condition = ${if >{$spam_score_int}{40}{1}{0}}
deny message = This message scored $spam_score spam points.
spam = mail:true
condition = ${if >{$spam_score_int}{120}{1}{0}}

# warn message = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int:\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
# X-Spam_flag: Yes
# condition = ${if <{$message_size}{500k}{1}{0}}
# spam = mail:true
# deny message = This message was classified as SPAM
# condition = ${if >{$spam_score_int}{55}}

accept

begin routers

spamassassin_router:
driver = accept
transport = spamassassin
condition = ${if eq {$received_protocol}{smtp}{}}
no_verify
no_more

first_liases:
driver = redirect
domains = +local_domains
data = ${lookup{$local_part@$domain}lsearch{/etc/aliases}}
user = mail
file_transport = address_file
pipe_transport = address_pipe
allow_fail
allow_defer

localuser:
driver = accept
domains = +local_domains
check_local_user
address_data = "spam_score=40 use_spam_folder=1 mark_spam_prio=1"
transport = local_delivery
cannot_route_message = Unknown user
no_more

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

last_fail:
driver = redirect
allow_fail
data = :fail:No such user $local_part at $domain
no_more

begin transports

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

local_delivery:
driver = appendfile
user = $local_part
group = mail
maildir_format
delivery_date_add
envelope_to_add
return_path_add
mode = 0660
headers_remove=${if and{{MARK_SPAM}{or{{IS_SPAM}{IS_LOW_PRIO}}}}{X-MSMail-Priority:X-Priority}{}}
headers_add = ${if and{{MARK_SPAM}{IS_SPAM}}{X-MSMail-Priority: Low}{}}
directory = $home/Maildir${if and{{IS_SPAM}{USE_SPAM_FLDR}}{/.SPAM}{}}
address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

antivirus:
driver = pipe
batch_max = 200
command = /bin/nice -19 /inet/src/scan/ph ${pipe_addresses}
return_output = false
return_path_add = false
user = mail
group = mail

spamassassin:
driver = pipe
use_bsmtp = true
command = /usr/exim/bin/exim -bS -oMr sa-checked
transport_filter = /usr/bin/spamc -f
home_directory = /tmp
current_directory = /tmp
user = mail
group = mail
log_output = true
return_fail_output = true

begin retry

begin rewrite

begin authenticators

dovecot_plain:
driver = dovecot
public_name = LOGIN
#server_prompts = "Username:: : Password::"
server_socket = /var/run/dovecot/auth-client

Re: Need help with exim.

2009-11-30T01:54:00Z

Thanks to Phil Pennock. :)

help -- need to filter/flush spam out of my queue

2009-11-25T10:09:26Z

Hi,

I am managing a cPanel server where someone has uploaded a script that flooded the queue with spam messages. There are currently around 10000 messages in the queue and each msg ID has a random sending address and different sending domains but recipient addresses have a pattern. All recipient addresses are @mail.ru addresses.
I do not want to flush the entire queue since there are valid emails as well, can anybody tell me a command that will remove all emails from the queue sent to @mail.ru addresses.

1 mail to 2 recipients who are redirected to 1 account -> only 1 delivery

2009-11-25T06:35:41Z

I use exim with virtual domains. Some e-mailadresses are redirected to the same account by the virtual domains configuration.

Example:

There are 3 emailadressen:
-1@hostname.ext:vmail
-2@hostname.ext:vmail
-3@hostname.ext:vmail

When i sent one email to the 3 accounts (To: 1@hostname.ext,2@hostname.ext,3@hostname.ext) that e-mail will only be delivered to the vmail-account and emailadres 3@hostname.ext.

How can i configure exim so this e-mail will be delivered at al the recipients?

Regards,
Thomas Lenting

Re: Need help with exim.

2009-11-23T01:37:40Z

Thanks to Nigel Metheringham, Renaud Allard, Ian Eiloart for your help. I'll try all your suggestions.

Re: Need help with exim.

2009-11-18T02:53:30Z

Anyone? How to reject empty return path, it's look like this:

Return-path: <>
Envelope-to: user@domain.com
Delivery-date: Fri, 13 Nov 2009 18:29:08 +0200
Received: from nvkbank.ru ([88.147.255.114] helo=mailsrv2.nvk.int)
by mail.domain.com with esmtp (Exim 4.68)
id 1N8z1G-0000Pj-Pz
for user@domain.com; Fri, 13 Nov 2009 18:29:08 +0200
From: postmaster@nvk.int
To: user@domain.com
Date: Fri, 13 Nov 2009 19:27:58 +0300
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01CA639C022DF13600006D5Cmailsrv2.nvk.int"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <hO06wLJkI000032ce@mailsrv2.nvk.int>
Subject: Delivery Status Notification (Failure)

Need help with exim.

2009-11-16T07:04:42Z

Hi, i have mail server with exim+spamassassin, some of users start to get message from MAILER-DAEMON or mail delivery subsystem. What i need to change in exim to reject them. This is my exim.conf:

domainlist local_domains = domain.com
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1: 192.168.0.0/16
log_file_path = syslog
message_size_limit = 30M
smtp_receive_timeout=5m
smtp_accept_queue = 100
smtp_accept_max = 40
smtp_accept_max_per_host = 5
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = /var/run/spamd.sock
#spamd_address = 127.0.0.1 783
never_users = root
#host_lookup =
host_lookup = 0.0.0.0/0
host_lookup_order = byaddr
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 1d
errors_reply_to = postmaster@domain.com
timeout_frozen_after = 3d
timeout_frozen_after = 3d
helo_allow_chars = _
begin acl
acl_check_rcpt:
accept hosts = :
deny hosts =

deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
control = submission
domains = !+local_domains
accept authenticated = *
control = submission
accept domains = +relay_to_domains
endpass
verify = recipient
deny message = relay not permitted
acl_check_data:

deny message = Serious MIME defect detected ($demime_reason)
demime = *
deny message = This message contains a virus ($malware_name) and has been rejected.
# skip virus check when message is larger than 1MB
condition = ${if <{$message_size}{1m}{1}{0}}
demime = *
malware = *

# warn message = X-SA-Report: $spam_report
# spam = mail:true
# condition = ${if >{$spam_score_int}{0}{1}{0}}
# warn message = X-SA-Status: Yes
# spam = mail:true
# condition = ${if >{$spam_score_int}{40}{1}{0}}
# deny message = This message scored $spam_score spam points.
# spam = mail:true
# condition = ${if >{$spam_score_int}{120}{1}{0}}

warn message = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int:\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
# X-Spam_flag: Yes
# condition = ${if <{$message_size}{100k}{1}{0}}
spam = mail:true
deny message = This message was classified as SPAM
condition = ${if >{$spam_score_int}{55}}
accept
begin routers

spamassassin_router:
driver = accept
transport = spamassassin
condition = ${if eq {$received_protocol}{smtp}{}}
# no_verify
# no_expn

first_liases:
driver = redirect
domains = +local_domains
data = ${lookup{$local_part@$domain}lsearch{/etc/aliases}}
user = mail
file_transport = address_file
pipe_transport = address_pipe
allow_fail
allow_defer

localuser:
driver = accept
domains = +local_domains
check_local_user
address_data = "spam_score=40 use_spam_folder=1 mark_spam_prio=1"
transport = local_delivery
cannot_route_message = Unknown user

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

last_fail:
driver = redirect
allow_fail
data = :fail:No such user $local_part at $domain
no_more
begin transports

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

local_delivery:
driver = appendfile
user = $local_part
group = mail
maildir_format
delivery_date_add
envelope_to_add
return_path_add
mode = 0660
headers_remove=${if and{{MARK_SPAM}{or{{IS_SPAM}{IS_LOW_PRIO}}}}{X-MSMail-Priority:X-Priority}{}}
headers_add = ${if and{{MARK_SPAM}{IS_SPAM}}{X-MSMail-Priority: Low}{}}
directory = $home/Maildir${if and{{IS_SPAM}{USE_SPAM_FLDR}}{/.SPAM}{}}
address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

antivirus:
driver = pipe
batch_max = 200
command = /bin/nice -19 /inet/src/scan/ph ${pipe_addresses}
return_output = false
return_path_add = false
user = mail
group = mail

spamassassin:
driver = pipe
use_bsmtp = true
command = /usr/exim/bin/exim -bS -oMr sa-checked
transport_filter = /usr/bin/spamc -f
home_directory = /tmp
current_directory = /tmp
user = mail
group = mail
log_output = true
begin retry

begin rewrite

begin authenticators

dovecot_plain:
driver = dovecot
public_name = LOGIN
#server_prompts = "Username:: : Password::"
server_socket = /var/run/dovecot/auth-client

DKIM on Installed exim

2009-11-15T05:13:18Z

Hi

I installed exim 4.63 on centos 5.3,

How can i install DKIM on exim?

Sending mail outside based on the FROM address

2009-10-22T18:36:30Z

Dear All,

Exim running as:
queue all mail, and then run a mail queue flushing process every 10 minutes, all working good

now i have a request sending out message only FROM specific user without queuing
for instance: when user@domain.com will send outside email exim will deliver it immediately, but all other emails will go to queue for 10 minutes.

i found Exim is powelfull and i want to use it as my Email Gateway.
Thanks in advance for your help!!

konddor

Re: cannot compile with DomainKeys

2009-10-07T11:38:17Z

Hey

I'm still not able to get it. Can you please detail out the steps a little bit more.
I've my ssl etc installed. i can't make the libdomainkeys.so file you are talking abt. What is the target in the libdomainkeys to make the .so file please?

Nishant

Code Chump wrote:

Thank you Todd.

To follow up for 'the record' this did work and compile under CentOS 5.3. w/
libdomainkeys-0.69 and exim-4.69. The makefile below got wrapped by email,
but following the changes, I was able to get a successful make. From there I
had to type 'make libdomainkeys.so to make the actual library and then
install it manually into the library path for CentOS, using a conf file and
ldconfig.

After that exim would build OK against this library and I'm rolling along,
thanks to your help.

On Thu, Apr 16, 2009 at 10:07 AM, Todd Lyons <tlyons@ivenue.com> wrote:

> On Thu, Apr 16, 2009 at 6:02 AM, Chump Chumpster <codechump@gmail.com>
> wrote:
> > Thanks for your response. Yes I do have openssl & openssl-dev installed,
> as
> > mentioned. I wonder if they're being picked up by the compiler. They were
> > installed by yum, so they're were you would expect them for CentOS.
> >
> > Does anyone know how to explicitly express their locations in config?
> Thanks
>
> This is what I did to make it work:
>
> [tlyons@ivwww01 ~/src]$ diff -ruN libdomainkeys-0.69.orig/Makefile
> libdomainkeys-0.69/Makefile
> --- libdomainkeys-0.69.orig/Makefile 2006-01-17 16:28:58.000000000 -0800
> +++ libdomainkeys-0.69/Makefile 2008-11-26 13:49:10.273984000 -0800
> @@ -2,8 +2,9 @@
> CFLAGS=-DBIND_8_COMPAT -O2
> #CFLAGS += -DDK_DEBUG -DDK_HASH_BUFF -Wall
> #CFLAGS += -DUNIXWARE
> -INCS=-I.
> -LIBS=-L. -ldomainkeys -lcrypto
> +CFLAGS += -fPIC
> +INCS=-I. -I/usr/include
> +LIBS=-L. -ldomainkeys -lcrypto -lresolv
> MAKE=make
>
> dktest: dktest.o libdomainkeys.a dns.lib socket.lib
> @@ -47,6 +48,10 @@
> ar cr libdomainkeys.a domainkeys.o dns_txt.o dktrace.o
> ranlib libdomainkeys.a
>
> +libdomainkeys.so: domainkeys.o dns_txt.o dktrace.o
> + rm -f libdomainkeys.so
> + ld -shared domainkeys.o dns_txt.o dktrace.o -lcrypto `cat dns.lib`
> -o libdomainkeys.so
> +
> python: domainkeys_wrap.o _domainkeys.so
>
> domainkeys_wrap.o: domainkeys.h domainkeys.i domainkeys_wrap.c
> @@ -57,7 +62,7 @@
> ld -shared domainkeys.o dns_txt.o dktrace.o domainkeys_wrap.o
> -lcrypto `cat dns.lib` -o _domainkeys.so
>
> clean:
> - rm -f *.o *.so libdomainkeys.a dns.lib dnstest socktest makeheader
> dktest testtrace domainkeys.h
> + rm -f *.o *.so libdomainkeys.a libdomainkeys.so dns.lib dnstest
> socktest makeheader dktest testtrace domainkeys.h
>
> #
> distributionfile:
>
>
> To build it, I put the libdomainkey.so to be in someplace that the
> linker could find it, and told exim about it:
> echo "LDFLAGS += -ldomainkeys" >> Local/Makefile
>
> Then I built it.
>
> After installing exim, I copied the libdomainkeys.so to $LIB/exim and
> can verify that it's seen by the exim binary:
> CentOS52[root@ivwm51 ~]# ldd /usr/sbin/exim | egrep 'domainkeys|dkim'
> libdomainkeys.so => /usr/lib64/exim/libdomainkeys.so
> (0x00002ae197a6f000)
> libdkim.so => /usr/lib64/exim/libdkim.so (0x00002ae197c75000)
>
> Truth be told, I modified an exim spec file for 4.69-7 from fc10 to
> build a CentOS 5.2 rpm with dk/dkim support using the shared library
> method I described above.
> --
> Regards... Todd
>
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: SMTP authentication problem

2009-10-02T10:43:09Z

Keith Martin-4 wrote:

What is happening is that we are using Exim (4.69) to relay email to another
server, which requires SMTP authentication.

I'm attempting to do a similar thing, but have no clue where to start. What did you have to do to set up smtp-authentication when Exim is a client.

My Linux servers are in a corporate environment, using Exchange as the corporate mail server. I'm using the Exchange server as a smarthost and relaying all email to the Exchange server. I'm not downloading any mail. Mostly I'm mailing out log files, and alerts.

The Exchange admin wants the users on the Linux box to use smtp-authenication to authenticate to the Exchange box prior to sending email to the destination (India) via the internet.

How do I set up smtp-authentication in Exim? Via the exim.conf file? Inline with the 'mail' command?

Thanks in advance!

Exim Server Sending From Different IPs

2009-09-23T11:23:58Z

I am not sure what the best way to go about this is. We run almost 200 websites on one of our servers and each website has a quite large user base. Usually 10-20 of the websites will send out mass e-mails but the problem is Yahoo and other e-mail hosts don't like the volume being sent from the IP address so they defer the messages. This creates a huge backup of thousands of e-mails. I have about 10 unused IP addresses that I would like to randomly be chosen to send the mass e-mail from.

Is it possible to have the exim server randomly choose an IP address to send its mail from?

Re: Exim kernel segfaults - Error 4

2009-08-21T09:01:36Z

We are having a similar failure of exim.

cPanel 11.24.5-C38506 - WHM 11.24.2 - X 3.9
CENTOS 5.3 x86_64 standard

Although we have several other cPanel server with a similar configuration this is the only one running 64bit.

Aug 21 06:20:53 sh05 kernel: pure-quotacheck[26471]: segfault at 00007fff0342fff0 rip 0000003bf6c42755 rsp 00007fff0342fff0 error 6
Aug 21 08:20:06 sh05 kernel: exim[24275]: segfault at 000000000000004a rip 000000000000004a rsp 00007fff3da412f8 error 4
Aug 21 08:20:09 sh05 kernel: exim[24872]: segfault at 0000000000000008 rip 0000003bf6c6a13d rsp 00007fffc6f74348 error 4

Limit rate of message dispatch in Exim but accept all inbound messages

2009-07-30T09:34:10Z

Hi all, Exim Pros,

posting to the list this problem, that is not been covered apparently somewhere else.

I want to configure Exim MTA to accept all inbound messages but limit the rate at which it can dispatch messages to downstream consumers.

Thank you for your opinions on how to do it.

Nicholas

Affordable & Easy-to-use Email & Collaboration server (Commercial)

2009-07-22T01:29:14Z

You might be interested in knowing about a Linux and Open Source based email & collaboration product for companies.

Check - http://www.synovel.com/collab/

It has a web based administration panel for managing servers and users along with desktop client and web access.

Re: Pass mail to backup host if first delivery attempt fails

2009-07-21T18:35:28Z

Darren Honeyball wrote:

> I have a requirement to run my "primary" mail servers spools from
> ramdisk, and what I'd like to do it this:
>
> For outbound mail I'd like to try the dnslookup router for the first
> attempt as usual, if for any reason this fails I'd like to pass those
> messages off to some "secondary" servers which are more resilient for
> processing.
>
> fallback_hosts doesnt appear to be what I need, so looking for
> clues/examples on how to achieve this.

Unless you're doing something really strange, fallback_hosts is what you
are after.

"If Exim is unable to deliver to any of the hosts for a particular
address, and the errors are not permanent rejections, the address is put
on a separate transport queue with its host list replaced by the
fallback hosts, .."

The FAQ about this question -
http://wiki.exim.org/FAQ/Delivery/Q0618

Transport fallback_hosts
http://docs.exim.org/current/spec_html/ch30.html#id604171
which can be overidden by router fallback_hosts
http://docs.exim.org/current/spec_html/ch15.html#id561973

The primary server should only keep the email long enough to temporarily
fail at each MX host listed for the domain before passing it on to the
fallback_hosts in order.

--
The Exim manual - http://docs.exim.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-21T18:05:18Z

On Mon, Jul 20, 2009 at 11:57 AM, Dean Brooks<dean@...> wrote:
> You can change the BADAUTH_LIMIT macro to any rate you like, but we use
> 15 failed attempts in 2 hours as the threshold.

In the event that a user gets blocked, how do you expediently handle
the case where tech support helps a user fix the password and then
retries to send. What do you do to puge the db file that holds this
info? Is it actually in a hints database? Or is it all in memory at
this point?

--
Regards... Todd

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: domain alias

2009-07-21T12:36:23Z

Hi Fedorovici,

On Tue, 21 Jul 2009, Fedorovici Dragos Gabriel wrote:

> I'd like to setup my server to handle multiple domain aliases. I've done
> this in the past using other mail tools but haven't figured it out with
> exim. Can you please point me to some documentation on how to quickly
> and easily do this?

http://www.ws.afnog.org/afnog2009/sse/exim/afnog-2009-exim-presentation.pdf,
around page 35, has instructions for doing this.

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

domain alias

2009-07-21T11:07:42Z

Greetings,

I'd like to setup my server to handle multiple domain aliases. I've done
this in the past using other mail tools but haven't figured it out with
exim. Can you please point me to some documentation on how to quickly and
easily do this?

BTW, I have the web server handling the aliases just fine.
Thanks,
Dragos Fedorovici
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Exim/email-related stream at UKUUG conference, Birmingham, 7/8/9-August-2009

2009-07-21T09:52:19Z

--On 17 July 2009 11:21:41 +0100 Niall Mansfield
<niall.mansfield@...> wrote:

> So far, only 3 people said are interested in Exin BOF :-(

Build it, and they will come. If we put enough marketing effort in. There
are a few Exim or email related talks, at which we could announce a BOF -
if the BOF is later in the weekend.

3 is better than 2, anyway.

> Niall Mansfield
> UIT Cambridge Ltd.
> nmm@...
> +44 1223 302 041
>
> Sent from my iPhone
>
> On 17 Jul 2009, at 11:10, Ian Eiloart <iane@...> wrote:
>
>>
>>
>> --On 16 July 2009 15:27:53 +0100 Alain Williams <addw@...>
>> wrote:
>>
>>
>>> I think that it would be very helpful if we were to prepare some kind
>>> of outline on what we would like to achieve. I'll chuck in a few
>>> suggestions to get the ball rolling:
>>>
>>> * Bug fixes - how we prioritise
>>>
>>> * Enhancements - what new features do we need
>>>
>>> * External changes - should we collect/merge back in ?
>>> I am thinking of changes that Linux-distros/... may have made.
>>>
>>> * Funding - could we pursuade some large corporates/... with a bit of
>>> funding that could be used to pay someone to do this -- perhaps
>>> part
>>> time.
>>
>> Clearly, funding (if achievable in the current climate) is going to
>> make the biggest difference, but we should also consider some other
>> ways to attract new developers, and new users (who may contribute):
>>
>> * Easing the development process. I'm not a developer myself, so I'm
>> not sure what the technical barriers to involvement are.
>>
>> * Marketing/Promotion: improving uptake of Exim might enlarge the
>> potential pool of developers, and of funding. The last research I
>> saw put Exim behind about 10 - 20% of MX hosts, which is great. We
>> should trumpet that. An overhaul of the web site, or an additional
>> site, would be an option.
>>
>> * Advertising: how about we put a link in every 5xx reply message.
>> The link would go to an Exim hosted page explaining (as far as we
>> can) the cause of the rejection. The root of the URL should be
>> customisable, so that administrators can point to their own web
>> pages instead. Of course, we could provide the default content for
>> those pages, too. While we're at it, we could meet one of the
>> lemonade spec requirements by adding RFC2034 enhanced error codes.
>> So far, that's just a feature request for improved rejection
>> messages, but all of the Exim hosted web pages could carry
>> advertising, and all of the default pages could carry promotional
>> messages for Exim, OSS concepts, etc.
>>
>> * Improving ease of use (installation, configuration, queue
>> management, reporting)
>>
>> * Auto-reporting. ClamAV, for example, can be configured to send
>> statistical reports to developers. That lets them track malware
>> traffic and use of ClamAV automatically. Exim is in a position to do
>> the same, perhaps reporting stats on traffic volumes, spam patterns,
>> technology penetration, etc. Perhaps that counts as a feature
>> request, but it could also have some mileage with regard to
>> promotion. Care should be taken to protect privacy, of course.
>>
>>
>>
>>> I nominate Niall & myself as scribes of the event -- to try and get
>>> some
>>> kind of report out to this list/whereever.
>>>
>>> --
>>> Alain Williams
>>> Linux/GNU Consultant - Mail systems, Web sites, Networking,
>>> Programmer,
>>> IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/
>>> Parliament Hill Computers Ltd. Registration Information:
>>> http://www.phcomp.co.uk/contact.php Past chairman of UKUUG:
>>> http://www.ukuug.org/
>>> # include <std_disclaimer.h>
>>
>>
>>
>> --
>> Ian Eiloart
>> IT Services, University of Sussex
>> 01273-873148 x3148
>> For new support requests, see http://www.sussex.ac.uk/its/help/

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: compare two headers_rule in acl dont work properly

2009-07-21T09:36:30Z

On Tue, Jul 21, 2009 at 05:23:00AM -0700, spawel wrote:
> Every day I received a many letters from spammers. All this letters
> have different headers. I mean that header "from" contains
> "user@..." (domain rambler.ru is in white list) and header
> "return-path" contains another address spam@.... And because
> of that i tried to write special rule in acl_check_rcpt.
> I have two variants, but all of them don not work properly.

In case you don't already know, it's not a good idea to block /all/ mail where
From != Return-Path. Non-spam mail can have From != Return-Path too - for
example, all mail on this mailing list.

> 1)
> warn log_message = "My rule! It works!"
> condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
> hosts =!127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: warnings

That probably doesn't work because $h_return-path: will usually be something
like "<user@...>" and $h_from: will usually be something like "Joe Smith <user@...>".

So I'm guessing that that one /never/ matches, yes?

> 2)
> warn log_message = "From and Return do not matches! SPAM! It works!!!"
> condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
> hosts = !127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: $return_path

And this one probably /always/ matches, because mostly $return_path and
$sender_address are the same thing (read what the spec has to say about
$return_path).

If you want to test for this at all, you probably want to compare
${address:$h_From:} to $sender_address. But be aware that non-matching does
not mean that it's spam.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

signature.asc (196 bytes) Download Attachment

Re: compare two headers_rule in acl dont work properly

2009-07-21T09:22:41Z

spawel wrote:

> Hi! I am from Russia and my english is not so good as you and I need
> help with Exim MTA.
> Every day I received a many letters from spammers. All this letters
> have different headers. I mean that header "from" contains
> "user@..." (domain rambler.ru is in white list) and header
> "return-path" contains another address spam@.... And because
> of that i tried to write special rule in acl_check_rcpt.
> I have two variants, but all of them don not work properly.
>
> 1)
> warn log_message =3D "My rule! It works!"
> condition =3D ${if
> !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
> hosts =3D !127.0.0.1 : !localhost : *
> add_header =3D X-ACL-Warn: warnings
>
> 2)
> warn log_message =3D "From and Return do not matches! SPAM! It works!!!=
> !"
> condition =3D ${if !match{$return_path}{$sender_address}{yes}{no}}
> hosts =3D !127.0.0.1 : !localhost : *
> add_header =3D X-ACL-Warn: $return_path
>
> This rules dont contain any gramatic errors, no mistakes in exim log, but
> they dont work!
> What am I not understand?
> Please help!
>
>

You really don't want to do this.

For a good reason why not, look at the headers of the messages on this mailing list.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@...
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

LDAP Lookup Problem since upgrade from 4.63 to 4.69

2009-07-21T08:45:18Z

Hello,

i recently upgraded a testsystem from debian etch to lenny.
this upgrade changed the exim version from 4.63 to 4.69

This upgrade broke the following local_domains ldap lookup:

ldap_default_servers = ourldapserver
LDAPU = theuserdn
LDAPP = thepassword
LDAPB = thesearchbase
LDAP_PREF = user=LDAPU pass=LDAPP ldap:///LDAPB
LDAP_SEARCHDOMAINS = (&(objectClass=MailDomain)(enabled=TRUE))

domainlist local_domains = ${tr {${tr {${lookup ldapm{ LDAP_PREF?ou?sub?(&(enabled=TRUE)(objectClass=MailDomain)) }}} {\n}{:}}} {,}{:}}

The error message is:

2009-07-21 15:29:35 failed to expand "${tr {${tr {${lookup ldapm{ user=... pass=... ldap:///...?ou?sub?(&(enabled=TRUE)(objectClass=MailDomain)) }}} {\n}{:}}} {,}{:}}" while checking a list: lookup of "user=... pass=... ldap:///...?ou?sub?(&(enabled=TRUE)(objectClass=MailDomain)) " gave DEFER: ldap_search failed: -7, Bad search filter

I tryied some variants and i found out that the condition
$enabled=TRUE$ works, but not (enabled=TRUE) or
$&\(enabled=TRUE$$objectClass=MailDomain$\)

The production server with 4.63 still works and ldapsearch on lenny is
successfull.

I checked the changelogs for ldap changes, but i did not find anything.

Does somebody has any idea?

Thank you for a reply

- Moritz

--
Wissen ist das einzige Gut, das sich vermehrt, wenn man es teilt.
--
http://www.lagerkochbuch.ch

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Pass mail to backup host if first delivery attempt fails

2009-07-21T06:38:37Z

Hi,

I have a requirement to run my "primary" mail servers spools from
ramdisk, and what I'd like to do it this:

For outbound mail I'd like to try the dnslookup router for the first
attempt as usual, if for any reason this fails I'd like to pass those
messages off to some "secondary" servers which are more resilient for
processing.

fallback_hosts doesnt appear to be what I need, so looking for
clues/examples on how to achieve this.

TIA,

Darren

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

compare two headers_rule in acl dont work properly

2009-07-21T05:23:00Z

Hi! I am from Russia and my english is not so good as you and I need
help with Exim MTA.
Every day I received a many letters from spammers. All this letters
have different headers. I mean that header "from" contains
"user@rambler.ru" (domain rambler.ru is in white list) and header
"return-path" contains another address spam@spammers.com. And because
of that i tried to write special rule in acl_check_rcpt.
I have two variants, but all of them don not work properly.

1)
warn log_message = "My rule! It works!"
condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
hosts =!127.0.0.1 : !localhost : *
add_header = X-ACL-Warn: warnings

2)
warn log_message = "From and Return do not matches! SPAM! It works!!!"
condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
add_header = X-ACL-Warn: $return_path

This rules dont contain any gramatic errors, no mistakes in exim log, but they dont work!
What am I not understand?
Please help!

compare two headers_rule in acl dont work properly

2009-07-21T05:21:26Z

Hi! I am from Russia and my english is not so good as you and I need
help with Exim MTA.
Every day I received a many letters from spammers. All this letters
have different headers. I mean that header "from" contains
"user@..." (domain rambler.ru is in white list) and header
"return-path" contains another address spam@.... And because
of that i tried to write special rule in acl_check_rcpt.
I have two variants, but all of them don not work properly.

1)
warn log_message =3D "My rule! It works!"
condition =3D ${if
!eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
hosts =3D !127.0.0.1 : !localhost : *
add_header =3D X-ACL-Warn: warnings

2)
warn log_message =3D "From and Return do not matches! SPAM! It works!!!=
!"
condition =3D ${if !match{$return_path}{$sender_address}{yes}{no}}
hosts =3D !127.0.0.1 : !localhost : *
add_header =3D X-ACL-Warn: $return_path

This rules dont contain any gramatic errors, no mistakes in exim log, but
they dont work!
What am I not understand?
Please help!

--
View this message in context: http://www.nabble.com/compare-two-headers_rule-in-acl-dont-work-properly-tp24586558p24586558.html
Sent from the Exim Users mailing list archive at Nabble.com.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: fallback smart hosts

2009-07-21T04:14:08Z

On 20/07/2009 Lena@... wrote:
> > From: Jonas Meurer
>
> > Is it possible to configure a fallback smart host in exim4?
>
> 20.8 Manualroute examples:
>
> | If a colon-separated list of smart hosts is given, they are tried in order

Thanks a lot for the pointer, i didn't realize that it is that easy :-)

greetings,
jonas

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T19:15:43Z

Edison F Carbol wrote:

> Hi,
>
> Is it possible to drop smtp connection before authentication per username?
>
> My server is congested with many attempts to authenticate with a deleted
> account.
>
> Thanks,
>
>
> Edison
>
>

Easily.

However .....

unless those unwanted attempts have characteristics, such as arriving from the
same IP, wherein no other active account might also exist, (old/new,
husband/wife) or at least from the same 'pool' of IP, such as a
dynamically-assigned 'connectivity' ISP user community, wherein you have
*neither* a valid user, *nor* a potential 'proper' correspondent MTA

-- in which case you can reject on source IP or source CIDR range either in
Exim's 'connect' phase or just a bit later, (or even in a firewall ahead of Exim...)

-- in any other case, you will have to do enough 'qualifying' to prevent harm to
other arrivals...

...that you might just as well let the authorization fail.

You could be saving the 'cost' of setting-up an encrypted session and doing some
form of DB lookup to fail the auth so it IS worth the attempt.

Personally, I'd be tempted to divert the connection and sort of tarpit it,
and/or allow a POP/IMAP read connection and pop a 'no longer active' notice into
his 'Mailbox' (or known forwarding address) each time he makes an attempt to
auth onto Exim for sending.

That might motivate the former user to change the MUA settings that are trying
to automagically log in to the dead account.

HTH,

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T11:57:31Z

On Mon, Jul 20, 2009 at 10:12:29AM -0300, Edison F Carbol wrote:
> Is it possible to drop smtp connection before authentication per username?
>
> My server is congested with many attempts to authenticate with a deleted
> account.

Here's what we use to automatically control failed authentication attempts.
If you have this in place, your server will automatically begin rejecting
hosts that send repeated auth failure attempts.

You can change the BADAUTH_LIMIT macro to any rate you like, but we use
15 failed attempts in 2 hours as the threshold.

In the global config section of your config:

BADAUTH_LIMIT = 15 / 2h

acl_smtp_connect = check_connection
acl_smtp_quit = check_quit
acl_smtp_notquit = check_notquit

In the ACL section of your config:

check_connection:
drop message = Too many failed authentication attempts
ratelimit = BADAUTH_LIMIT / noupdate / badauth:$sender_host_address

check_quit:
accept condition = ${if eq{$authentication_failed}{1}}
ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address

check_notquit:
accept condition = ${if eq{$authentication_failed}{1}}
ratelimit = BADAUTH_LIMIT / badauth:$sender_host_address

We need the rate limiting portion in BOTH the "quit" and "notquit" sections
for this to work properly, as you don't know how the connection will
end up closing.

You also don't want to put the ratelimiting in the RCPT or DATA section,
because the connection will never get that far (they haven't authenticated!).
You can't put it in the MAIL section either because, again, they haven't
authenticated.

Thought someone else might find this useful. Rate limits are fun. :)

--
Dean Brooks
dean@...

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T10:39:28Z

Dave,

This is what I´m doing now.

The first time this username try to authenticate, I get his IP at smtp auth
and then block it at acl_smtp_auth.

Thank you for your help.

Edison

> My server is under a kind of attack. Lot of connections are trying to
> authenticate with the same username that doesn´t exist.
>
> I´d like to drop all connections from a specific username before smtp
> authentication or any layer above.
>
> Is it possible to get the username at acl_smtp_auth?

When you say "from a specific username", do you mean the SMTP AUTH username?
In general, you can't drop connections "from a username" without first
allowing the AUTH to proceed, so you know what the username is.

If your server is handling the load just fine anyway, I'd say do nothing.
The
unwanted traffic will probably subside soon enough.

If it's *not* handling the load just fine, then the only suggestion I can
offer is to see if the same IPs are "attacking" again and again, and if they
are (and those IPs are *only* "attacking", they're not also performing
legitimate transactions), then block the offending IP addresses; either at
your firewall, or in acl_smtp_connect.

(acl_smtp_connect is probably easier to implement and could even be
automated;
but each attacking connection still uses a non-negligible amount of server
resource).

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T10:17:32Z

On Mon, Jul 20, 2009 at 02:05:45PM -0300, Edison F Carbol wrote:
> My server is under a kind of attack. Lot of connections are trying to
> authenticate with the same username that doesn´t exist.
>
> I´d like to drop all connections from a specific username before smtp
> authentication or any layer above.
>
> Is it possible to get the username at acl_smtp_auth?

When you say "from a specific username", do you mean the SMTP AUTH username?
In general, you can't drop connections "from a username" without first
allowing the AUTH to proceed, so you know what the username is.

If your server is handling the load just fine anyway, I'd say do nothing. The
unwanted traffic will probably subside soon enough.

If it's *not* handling the load just fine, then the only suggestion I can
offer is to see if the same IPs are "attacking" again and again, and if they
are (and those IPs are *only* "attacking", they're not also performing
legitimate transactions), then block the offending IP addresses; either at
your firewall, or in acl_smtp_connect.

(acl_smtp_connect is probably easier to implement and could even be automated;
but each attacking connection still uses a non-negligible amount of server
resource).

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

signature.asc (196 bytes) Download Attachment

Re: Drop smtp connection before authentication

2009-07-20T10:12:08Z

2009/7/20 Edison F Carbol <caref@...>:

> I´d like to drop all connections from a specific username before smtp
> authentication or any layer above.

Your challenge, then, is to know what username a connection is going
to authenticate with before it does so. Make sure your Exim is
compiled with

CRYSTAL_BALL=1

Peter

--
Peter Bowyer
Email: peter@...
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: sender verify/callout with spf check

2009-07-20T10:08:45Z

2009/7/20 Vasiliy Tolstov <v.tolstov@...>:
> Hello!
> I'm using exim (4.69) and want that is spf != pass, do sender verify.
> And if two condition is fail = deny.
> Is that possible?

Sure. Write a sub URL that looks a bit like this:

my_sub_url:
accept spf = pass
require verify = sender

Then invoke my_sub_url wherever you want the test to take place, with
'deny' or 'defer' as appropriate.

Peter

--
Peter Bowyer
Email: peter@...
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T10:05:45Z

Hi Dave,

My server is under a kind of attack. Lot of connections are trying to
authenticate with the same username that doesn´t exist.

I´d like to drop all connections from a specific username before smtp
authentication or any layer above.

Is it possible to get the username at acl_smtp_auth?

Thanks,

Edison

> Hi,
>
> Is it possible to drop smtp connection before authentication per username?
>
> My server is congested with many attempts to authenticate with a deleted
> account.

Sorry, I don't really understand your question.

You can probably drop the connection wherever you want to - Exim is pretty
flexible - but presumably you want to drop only /some/ connections, not all
of
them. What criteria do you intend to use to distinguish between the two?
At
what phase of the SMTP transaction would you like the connection to be
dropped?

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Drop smtp connection before authentication

2009-07-20T09:51:50Z

Den 2009-07-20 3:12, Edison F Carbol skrev:
> Hi,
>
> Is it possible to drop smtp connection before authentication per username?
> My server is congested with many attempts to authenticate with a deleted
> account.

Hi
i guess you could drop in HELO stage, based on a textfile of ip
addresses, like
deny condition =
${lookup{$sender_host_address}lsearch{banedip.txt}{yes}{no}}
and a cronjob to grep all bad ip's
grep "authenticator failed for.*" /var/log/exim4/mainlog -o | uniq -c |
grep "^\ *[0-9]\{2,4\} " | grep
"[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" -o > banedip.txt
(above baning ip where failed auth attempts >9)
on my system i grep a few other logfiles aswell, but i add the ip's this
script find to drop list in iptables, (less cputime used)

also on my system i have just now added
warn log_message = Possible hacked useraccount $authenticated_id
authenticated = *
sender_domains = !+local_domains

due to some (new?) virus/malware stealing my useres login.
so heads up

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/