Re: [exim] Is that SPAM? Or am I compromised?

> From: exi.ml @ yalis.fr > > I just received a SPAM (I hope), but the headers retained my attention; > here they are, in full: An infected Windows sent this common fraudulent spam with the same email address in From: and envelope-from as the recipient. And the same domain in Message-ID. >

Re: [exim] failed expand ACL

> From: S?awomir Dworaczek > where is the error in the ACL > > continue = ${run{SHELL -c "echo $sender_host_address > >>/var/spool/exim/blacklists/blocked_IPs;\N{\N echo Subject: > $sender_host_address blocked; echo; echo for bruteforce auth cracking > attempt.;\N}\N | EXIMBINARY

Re: [exim] [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

> T-Online clearly states in their terms and conditions that they will > block servers who perform sender verfication towards them. Then a different check: deny condition = ${if or{\ {eqi{$sender_address_domain}{t-online.de}}\ .ifdef _HAVE_LOOKUP_DNSDB {forany{${lookup dnsdb{>:

Re: [exim] [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

Kai Siering wrote on [mailop]: > how about starting internal discussions within that community > to include a default rejection of any mail from @t-online.de > in Exim's default configuration? > As nearly no-one who is deploying Exim > (or Postfix, Sendmail for that matter) > will be able to

Re: [exim] Exim relaying but shouldn't

> From: Eric Grammatico > In fact I tried to implement the wiki: > https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingPwauth I edited that wiki: changed server_condition = ${run{/bin/bash -c "echo -e '$auth2\n$auth3' | /usr/local/bin/pwauth"}{1}{0}} to server_condition = ${and {\

Re: [exim] Exim relaying but shouldn't

P.S. No, the culprit is the apostrophe in auth login-name: > A=login_server:#xxx'uuss+zzz > server_condition = ${run{/bin/sh -c "echo -e '$auth1\n$auth2' | > /usr/sbin/pwauth"}{1}{0}} You need to add: deny message = Restricted characters in address senders = ^.*['"$#] -- ##

Re: [exim] Exim relaying but shouldn't

> From: Eric Grammatico > 2022-09-26 16:15:24 [10] 1ocotI-0A-0g <= > #xxx'uuss+...@grammatico.me H=(localhost) [45.123.190.53] P=esmtpsa > X=TLS1.2:AES256-GCM-SHA384:256 CV=no A=login_server:#xxx'uuss+zzz S=736 > 2022-09-26 16:15:31 [12] 1ocotI-0A-0g => xxx.x...@.info >

Re: [exim] malfunctioning email delivery after upgrade to Exim 4.96

> == r...@xyz.com R=xxx (-36): host lookup for did not > complete (DNS timeout?) > > There is no problem with DNS resolution of the relevant domains on those > MX servers whatsover, judging by using dig and host command in shell. A dig or host command once is not a proof. #!/bin/sh while true

Re: [exim] Autoreply empty mail from

> From: Timur > # exim -be '$primary_hostname' > says: > mail.domain.com (This is my mail host) > > from smtp transport config: > helo_data = mail.domain.com > > DKIM generated for domain.com with selector mail > There is DNS record for domain: > mail._domainkey.domain.com. TXT?? v=DKIM1;

Re: [exim] Autoreply empty mail from

> From: Timur > I have trouble with autoreply transport (and any email from Exim-self) > in check DMARK when Exim send bounce/autoreply messages to google. > I want to configure vacation-router. SPF, DKIM, PTR is configured for my > server. When I send email from myself google receives it and

Re: [exim] Exim 4.96-RC0 released

I'm concerned with the "EXPIRATION_DATE=2022-06-30" below: FreeBSD 12.3 base contains /usr/include/db.h without DB_VERSION_STRING with * @(#)db.h8.7 (Berkeley) 6/16/94 * $FreeBSD: releng/12.3/include/db.h 326024 2017-11-20 19:45:28Z pfg $ Ports have: databases/db18:

Re: [exim] Exim 4.96-RC0 released

> - Query-style lookups are now checked for quoting, if the query string is > built using untrusted data ("tainted"). For now lack of quoting is > merely logged; a future release will upgrade this to an error. Does it apply to dnsdb? If yes then how to quote for ptr, a, mxh, txt? --

Re: [exim] catching brute foce smtp auth - what condition?

> How to catch brute foce smtp auth attempts only? (== bad login or > password provided) https://github.com/Exim/exim/wiki/BlockCracking > Condition like: > > ${if eq{$authentication_failed}{1}} > > doesn't work because it also catches cases where client cancelled smtp > auth attempt (rfc2554

Re: [exim] Exim-users Digest, Vol 214, Issue 21

-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Subject String Manipulation

> From: Ole Klinck > Apparently Exim sometimes failed to decode the message and > just gave the RFC 2047 string Insert into beginning of Exim config: check_rfc2047_length = false -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/

Re: [exim] Problem with filter on Base64-encoded subject field

> this means that Exim cannot decode the original header for some reason. Insert into the beginning of Exim config: check_rfc2047_length = false Also, you should encode Subject back. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] Looking for an example

> From: Mark Elkins > I'm looking for an example for how to cure this problem. > > Every now and then, a user will give his password to a bad actor (Social > Engineering). That bad person then goes to my webmail interface and > sends out a lot of SPAM e-mail - which goes to my port 587 (only)

Re: [exim] Rule invalid recipients

> From: Emanuel Gonzalez > i found this rule in a site: That was forked by somebody from an earlier version of my https://github.com/Exim/exim/wiki/BlockCracking -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the

Re: [exim] Exim 4.93 published.

> From: Jeremy Harris > > store_get() is not part of the API documented (in local_scan.h) as > > being usable by local_scan and dlexpand code. > > I see however that it _is_ described as part of the API in the > documentation chapter on local-scan. My apologies. > > I'll get that chapter

Re: [exim] error ignored

P.S. How to debug delivery? I inserted into the beginning of rcpt ACL: warn domains = tiscali.cz control = debug/tag=.$message_exim_id/opts=+all The debuglog contains only lines with pid of the receiving process, including: 20:18:58 18029 DSN: SPOOL_OUT - address: |doma*@

[exim] error ignored

Exim 4.92 as a smarthost gets a 5xx after end of data, but doesn't send a DSN. In mainlog (I redacted with asterisks and inserted blanks after @): 2019-06-20 18:28:19 +0300 1hdyz4-000G6A-BR <= Len*@ lena.kiev.ua H=ip-19*6.rusa*ovka-net.ki*v.ua (bedsi*e.lena.kiev.ua) [94.244.2*.38]

Re: [exim] Matching RFC 2047 encoded text

> From: Ian Zimmerman > > check_rfc2047_length = false > > Thanks, Lena. > > If I leave it as true (the default), and $h_subject: turns out to > contain "=?UTF-8?B?", can I assume (not with certainty, but with a high > likelihood) the message

Re: [exim] Matching RFC 2047 encoded text

> From: Ian Zimmerman > An unwanted message arrived to my mailbox with the following Subject: > > Subject: > =?UTF-8?B?VXMgY29uZ3Jlc3MgaGVhcmluZyBvZiBtYWFuIGFsc2FhbiBNb25leSBsYXVuZHJ5INmC?= > >

Re: [exim] Spam though my server

> From: Mark Elkins > I should probably have some EXIM scripts that count repetitive failures, > both at login authentication and delivery (failure) by a user, and use > that to do automatic blocking and reporting. Lena probably has a > solution for that. https://github.com

Re: [exim] Slow down ?

> When several messages are sent to @ orange.fr in a too short period of > time, they are (temporarily) refused: > > Too many connections I use in the transport: serialize_hosts = * You can use: serialize_hosts = smtp-in.orange.fr At reboot: rm /var/spool/exim/db/misc* -- ## List

Re: [exim] Block emial from my host to my host without authorization

> How to block sending mail from my host to my host users without > authorization, so that in the future there are no such situations > 41.56.57.80 is not my ip address > Received: from [41.56.57.80] > by domain.dot.com with esmtp (Exim 4.91) > (envelope-from ) > id 1gkmFE-0002ym-UR > for

Re: [exim] Auth command used when not advertised

> From: Russell King > My mail server is being hit with auth attempts when the helo hasn't > advertised the presence of authentication I always advertise AUTH but in the rcpt ACL: accept authenticated = * condition = ${if !={$received_port}{25}} -- ## List details at

Re: [exim] Help extracting From-Address

> From: Luca Bertoncello > we receive many E-Mails with faked From (Header), and I'm trying to > block them. > Currenty I extract the domain (most our own domain) and check it for SPF. In messages from mailing lists (such as this [exim-users]) the domain in "From:" header fails SPF. -- ##

Re: [exim] ${lookup{value}lsearch{file}{yes}{no}} tricks help request

file}{1}{0}}\ {0}\ }\ } -- Lena -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Removing addresses from mail before delivery?

> From: Jon 'Boli' Copeland > I have a problem with some people insisting on CCing every single > address they have for my company on every email they send. No amount of > asking politely seems to stop this. > > What I want to do, serverside, is something like the following > > |while (TO+CC

Re: [exim] exim block auth (geoip)

> From: Emanuel Gonzalez > lately we are suffering from dictionary attacks, as a prevention method > I use "fail2ban", but in some cases users use passwords that are > easy to guess and are used to send spam through bots. This code blocks both dictionary attacks and stolen passwords used for

Re: [exim] demime -> acl_smtp_mime

> From: Marco Gaiarin > but a condition like: > > deny > message = Serious MIME defect detected ($demime_reason) > demime = * > condition = ${if >{$demime_errorlevel}{2}{1}{0}} > > how can be converted in 'acl_smtp_mime' lingo? No way I think. I'm curious: how often did you see

Re: [exim] "25 lost" is giving me useful clues

> > What this is telling me is someone at 157.0.116.189 is making > > connections to my mail server - presumable to see if they can detect the > > accounts of users on my machine? It tries to guess passwords of users on your machine (brute-force password cracking). This code catches both using

Re: [exim] Block attachment extension

> From: S?awomir Dworaczek > how to block attachment with zip rar etc. extension in Exim 4.91 ? > this entry in the configuration has stopped working > deny condition = ${if >

Re: [exim] Filter with special characters (!?)

> From: Emanuel Gonzalez It's ACL, not a filter. > In the exim log i see this: > > 2018-08-22 07:48:12 1fsQgL-000554-6N Entrantes y Salientes autenticados - > Cuenta_FROM: - X-Mailer = Microsoft Outlook > Express 6.00.2900.2950 - Subject = \277Eres el del video? > > discardcondition =

Re: [exim] tons of brute force cracking events

> acl_check_auth: > > ? drop? message = blacklisted for bruteforce cracking attempt > ??? set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1} > ??? condition = ${if >{$acl_c_authnomail}{4}} This needs also: acl_smtp_mail = acl_check_mail begin acl acl_check_mail: accept set

Re: [exim] Avoiding bounces

> I have an "info@"-address that forwards the E-Mails to other > addresses, some on them outside my servers. > > Well, unfortunately this address catches many Spam/junk E-Mails and, of > course, my Exim (4.88) tries to forward them. > Virus are blocked and will __NOT__ be forwarded, but Spam is

[exim] compiling 4.91 under FreeBSD

Had someone this error? Using port: cc tls.c In file included from tls.c:122: tls-openssl.c: In function `tls_refill': tls-openssl.c:2499: error: structure has no member named `verify_stack' tls-openssl.c:2502: error: structure has no member named `verify_stack' tls-openssl.c: In function

Re: [exim] Write acl to delete incomming emails if they have a chinese subject

> I try to write acl for incomming chinese spam. Does anyone know how to check > for chinese content? begin acl acl_check_rcpt: ... require message = relay not permitted domains = +local_domains : +relay_to_domains require verify = recipient accept hosts = +whitelisted_hosts

Re: [exim] Choosing the outbound IP address according to a Database query.

> From: Mark Elkins > Problem: I have users either with weak passwords or whom give away their > passwords... > > Result: Spammers have their "information" so can use my relay mail > server to send spam on my clients behalf to many other people. If it > bounces - then the client has a full mail

Re: [exim] Can't register in bugs.exim.org

> From: Max Kostikov > Tried few times but received nothing in email. I requested password reset, got in my log: 2018-01-06 15:40:57 +0200 131.111.8.88 whitelisted in list.dnswl.org=127.0.11.2 2018-01-06 15:40:57 +0200 SMTP connection from hummus.csx.cam.ac.uk [131.111.8.88]

Re: [exim] Count only rejected connections

> From: Sebastian Arcus > drop message = Invalid HELO/EHLO > condition= ${if eq{$received_port}{25}} > condition= ${if match{$sender_helo_name}{.+\\\..+\\\..+} \ >{no}{yes}} Some legitimate senders can have hostname and HELO with one dot

Re: [exim] Some mails are queued, other are sent immediately

> From: Jeremy Harris > Could you do that with debug enabled? Using csh, I redirected debug output (-bd -q10m -d+all) to a file with >& (both stdout and stderr to the same file, some log lines might be broken and interspersed because of buffering). The file (compressed with bzip2) can be

Re: [exim] Some mails are queued, other are sent immediately

-throttl~mtp.lockfile root@lena:/root# exim_dumpdb /var/spool/exim wait-throttled_smtp mta6.am0.yahoodns.net 1eTWxP-000Kok-PE mta5.am0.yahoodns.net 1eTWxP-000Kok-PE mta7.am0.yahoodns.net 1eTWxP-000Kok-PE root@lena:/root# exim_dumpdb /var/spool/exim callout 25-Dec-2017 19:54:35 yahoo.com callout=accept

Re: [exim] Some mails are queued, other are sent immediately

> >> I noticed that some emails are sent immediately > >> (what I prefer), while other are queued (introducing useless delay) Same here. Exim 4.90 under FreeBSD 6 on a VPS, root@lena:/root# exim -bP log_selector log_selector = +smtp_confirmation +queue_time +queue_time_ove

Re: [exim] How to limit the number of emails sent by each user

> From: Sebastian Nielsen > I would suggest using an config that restricts authenticated users to > a specific IP range. Then no bots from china can successfully guess a > account. I restrict authenticated users to a non-standard port (neither 25, 465 nor 587): daemon_smtp_ports = 25 : 1234

Re: [exim] How to limit the number of emails sent by each user

> From: "Ronaldo Luiz de Carvalho" > how to limit the number of emails sent by each user? > > I use WHM and I can limit by a domain account, but into a domain I want to > set limit to a specific account. Usually such limits are in order to catch spammers. But the limits are either low and

Re: [exim] redirect suspicious messages to special postmaster accounts

> From: Emanuel Gonzalez > I have an idea to avoid sending spam from my server. Is it possible > to create a rule so that when it is sent to a recipient, the mail > is discarded and an alert arrives by email? This code sends an alert by email: https://github.com/Exim/exim/wiki/BlockCracking --

Re: [exim] getting exim metrics? (using TICK?)

> From: Patrick von der Hagen > anomaly detection (like an authenticated sender suddenly causing dozens > of bounces a minute, great indicator for compromised accounts) Automatic detection (by bounce rate) and blocking of compromised accounts entirely within Exim without external monitoring:

Re: [exim] Fwd: Rate-limit queue-processing per domain

P.P.S. Add to the router: domains = ! +local_domains -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Fwd: Rate-limit queue-processing per domain

P.S. below a corrected version because a message can have several recipients. > From: Charlie Elgholm > Then one might suggest that the ratelimit-condition perhaps should be > implemented for the routers as well.. Then we could do > > ratelimit = 100 / 1h / / $domain The ${acl string

Re: [exim] Fwd: Rate-limit queue-processing per domain

> From: Charlie Elgholm > Then one might suggest that the ratelimit-condition perhaps should be > implemented for the routers as well.. Then we could do > > ratelimit = 100 / 1h / / $domain The ${acl string expansion item works in authenticators. You can try to use it (or "acl" expansion

Re: [exim] an antivirus for zero-day :)

One more correction: set acl_m_ud = ${sg{$mime_decoded_filename}{[^/]+\$}{}} condition = ${run{SHELL -c \ "cd $acl_m_ud; \ P7ZIP x -y $mime_decoded_filename; \ GREP -r -a -s -E \ 'rundll32|This program cannot be run in DOS mode|\

Re: [exim] an antivirus for zero-day :)

Correction: condition = ${run{SHELL -c \ "cd ${sg{$mime_decoded_filename}{[^/]+\\$}{}}; \ P7ZIP x -y $mime_decoded_filename; \ GREP -r -a -s -E \ 'rundll32|This program cannot be run in DOS mode' \ *"}{1}{0}} -- ## List details at

[exim] an antivirus for zero-day :)

> From: Paul Lenz > > > I wrote a plugin for Spamassassin which unzips every attachement and > > > (IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and > > > looks for strings like "rundll32" or "This program cannot be run in DOS > > > mode" and some

Re: [exim] Exim4 skips SpamAssassin if attachments are too big

quot;${if def:h_X-Spam-Flag: {1}{0}}" >transport = spamkill >no_verify > > How can I set this flag instead of denying a message if "loteria" was > detected? You can set an "acl_m_" variable and check it in that router. > I had a look on

Re: [exim] Exim4 skips SpamAssassin if attachments are too big

accept Some other examples: http://lena.kiev.ua/Lena-eximconf-run.txt -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] PLAIN authenticator that checks against two data sources

> From: Mike Brudenell > I think I'll quit worrying, leave the setup > as-is with a deferral response to the AUTH, and move on. > > This all came about because I was starting to look at rate limiting failed > attempts to AUTH along these lines >

Re: [exim] Retiring old build targets

> Given the resounding silence from volunteers, I'm tempted to retire > in the next release _everything_ apart from the current set of > representatives in the buildfarm. > > That would be: Linux, OpenBSD, FreeBSD, SunOS5. Perhaps keep DragonFly and Darwin, but unmaintained and unchanged, they

Re: [exim] Rewriting envelope from to header From

> From: Frank Richter > I'd like to rewrite envelope from "apache@*.mydomain" to the address in > header From. > I tried it according to https://github.com/Exim/exim/wiki/Q0801 with this > rewrite rule: > > apache@*.mydomain ${sg{$h_from:}{^.*<(.*)>}{\$1}} Ffrs According to

Re: [exim] recepient verification callout with defer_ok fails on graylisted server with error code 450

> From: "Dr. Volker Jaenisch" > verify = recipient/callout=2m,defer_ok,use_sender I specify "defer_ok" twice in different places: verify = recipient/defer_ok/callout=10s,defer_ok,use_sender -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies

> The Reply-To: header takes an address-list and is interpreted as such, > and IIRC used in that way by some mail-clients when subscribed to > mailing-lists but wanting personal copies of replies too. So the `rt:` > ACL is going to calculate something which will emit bogus queries to an >

[exim] EBL: blacklist for email addresses in Reply-To and message bodies

The purpose of the EBL blacklist is described on http://msbl.org/ebl-purpose.htm I tested EBL since October 2016, today it was declared in public beta: https://spammers.dontlike.us/mailman/private/list/2017-June/010493.html > The Email Blocklist has entered Beta 2, and is now open for testing by

Re: [exim] Using named queues

> From: Niels Kobsch?tzki > for getting a grip on some spammers that use > phished accounts on my system. Please try this and tell me whether it helps: https://github.com/Exim/exim/wiki/BlockCracking -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] TLS error on connection to smtp.office365.com (gnutls_handshake): An unexpected TLS packet was received.

> I know I'm connecting to port 587 since I specified it explicitly. But I > don't understand the relevance to my problem. Exim took the port number 465 from somewhere in its config. 465 is the TLS-on-connect port. In some other part of config you specified 587, but Exim nevertheless tries

Re: [exim] TLS error on connection to smtp.office365.com (gnutls_handshake): An unexpected TLS packet was received.

> The exim debug logs sort of look as if it is expecting to negotiate TLS > immediately on connection, rather than after the initial EHLO Yes. Look where the 465 came from: > Transport port=465 replaced by host-specific port=587 -- ## List details at

Re: [exim] Discard mail to certain recipients if the subject matches a string

> From: ? > I've tried nearly anything I could think of: > > Commit by > Commit\ by Insert into beginning of Exim config: check_rfc2047_length = false > From: Jasen Betts > RFC2047 sec 2 and section 6 say that all encoded words >

Re: [exim] 4.87 -> 4.88 readconf performance

> >> It triggers when a macro name contains the sequence /_[ODH]/. > > > > Does it include $header_Date: ? > > A workaround: $header_date: > > Macro, not header. Even comment lines are searched for /_[ODH]/ As far as I undrestand, every config line is searched before parsing. So, such line

Re: [exim] 4.87 -> 4.88 readconf performance

> This loop appears to be the problem. > It triggers when a macro name contains the sequence /_[ODH]/. Does it include $header_Date: ? A workaround: $header_date: > You are also correct in that when macros_create_builtin() is not > called the startup time is greatly reduced. -- ## List

Re: [exim] Ongoing email issues

> > FreeBSD > If you can, please try building the exim-4_89_RC6 How to: cd /usr/ports/distfiles/exim fetch https://ftp.exim.org/pub/exim/exim4/test/exim-4.89_RC6.tar.bz2 cd /usr/ports/mail/exim make clean extract cd work tar xof /usr/ports/distfiles/exim/exim-4.89_RC6.tar.bz2 mv exim-4.89_RC6

Re: [exim] Lack of demime support in latest verstion + more.

Instead of demime and clamav: :) P7ZIP = /usr/local/bin/7z # port archivers/p7zip in case of FreeBSD BINFORBIDDEN = Windows-executable attachments forbidden WINBIN = exe|com|js|pif|scr|bat|jse|cpl|vbe|vbs|ace # more cautious:

Re: [exim] all relevant MX records point to non-existent hosts or (invalidly) to IP addresses ?

> There is one misconfigured server with DNS MX record which points to IP > so i cannot send any email > > all relevant MX records point to non-existent hosts or (invalidly) to IP > addresses > > I've got > > allow_mx_to_ip set = false > > and i dont want to change that > Is there any

Re: [exim] reusing existing smtp connections

Another way: for one connection at a time use "serialize_hosts" in the transport. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] gotcha: chunking and predata

> From: Heiko Schlittermann > Just of curiosity: What use case do you have for your pre-data ACL? Greylisting of all messages to postmaster and abuse. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with

Re: [exim] chunking

> From: Jeremy Harris > If we move to a spoolfile > format matching the network format - CR,LF line terminators - > rather than Unix format, we can then avoid scanning the data both > in- and out-bound, and potentially use sendfile syscalls. If a recipient's MX advertises CHUNKING, how does Exim

[exim] chunking

> From: Ivo Truxa > I can reliably reproduce the DKIM failure - it is enough > to send an email from Gmail with the body size > (may include an attachment) bigger than 65536 bytes > (the size of an unsigned short integer). Gmail's incoming MX advertises CHUNKING but doesn't advertise

[exim] gotcha: chunking and predata

In Exim 4.88 documentation: > If CHUNKING was advertised and a BDAT command sequence is received, the > acl_smtp_predata ACL is not run. Unexpected. Why? CHUNKING is advertised by default, for example Gmail issues BDAT commands. I think this at least deserves a mention in NewStuff. -- ## List

Re: [exim] date/time when ratelimit "expires"

> From: Arkadiusz Mi??kiewicz > How to show when particular ratelimit goes below threshold? Can that be > extracted/calculated from exim? > > For example, with these rules: > https://lists.gt.net/exim/users/94666#94666 > > I would like to change message to contain ratelimit expiry date like: >

Re: [exim] Backscatterer blocking

> From: Marti Markov > RCPT TO: nosuchu...@mydomain.com > 250 Accepted > Restarted exim and I started getting this: > RCPT TO: nosuchus...@mydomain.com > 550 Unrouteable address You must use "require verify = recipient" in your rcpt ACL before the first "accept" (except relay_from_hosts and

Re: [exim] Exim TLS security, DH and standard parameters

> From: Phil Pennock > Short version: used to be utterly horrible for OpenSSL users; got > better, but we now believe not as much better as we'd hoped; we now > believe that for GnuTLS users, things got a little worse instead of > being a no-op. In the next version of Exim (4.88) it's better

Re: [exim] 2nd Stage DNS blocking

> From: Hardy > I would like to run > these "Received from" addresses against dnslists and/or blacklists in files. Honest users send non-spam messages from dynamic IP-addresses. Those dynamic IP-addresses often are in blacklists. -- ## List details at

Re: [exim] nice news

For this type spam (works not always, but better than nothing): acl_check_mime: deny condition = ${if eq{$mime_content_type}{text/plain}} !hosts = +whitelisted_hosts !sender_domains = returns.groups.yahoo.com : groups.io !authenticated = * condition = ${if

Re: [exim] Field Return-Path contains twice the domain

> From: Quaquaraqu?? > Return-Path: <"u...@domain.net"@domain.net> > accept authenticated = * > control = submission > control = dkim_disable_verify Change this to control = submission/domain= (with nothing after "domain="). Or

Re: [exim] Verify outgoing email while using a smarthost

> From: Jason > Is it possible for Exim to verify outgoing mail when using a smarthost? > Specifically, I'm looking to have Exim verify (using dnslookup) that the > domain exists for the recipient. Besides the router, you need "verify = recipient" (without callout) in rcpt ACL before accepting

Re: [exim] Bounce spam

> From: John McMurray > <= <> H=cpe-172-89-165-229.socal.res.rr.com I have ^cpe-\d+-\d+-\d+-\d+\.\w+\.res\.rr\.com$ in my local blacklist. Other similar hostnames condition = ${if match{$sender_host_name}{\N(\d{1,3}[-.]){3}\d\N}} get greylisted. https://github.com/Exim/exim/wiki/LenasConfig

Re: [exim] Viruses

> From: John McMurray > {UNRAR l} > > I changed that to {unrar lb} `unrar lb` doesn't give a blank at the beginning of each line, so incompatible with "\n .+" in > {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\ -- ## List details at

Re: [exim] Viruses

> From: John McMurray > This works well for zip files but it seems to be ignoring rar files. > I've check and double checked that both unzip and unrar are at the > locations that exim expects them to be at and that both unzip and unrar > do actually work. > >> UNZIP = /usr/bin/unzip > >>

[exim] soft-work.de misconfigured

rom thot.soft-work.de ([148.251.79.6]) > by lena.kiev.ua with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128) > (Exim 4.86 (FreeBSD)) > id 1alEeJ-0007Dx-BR > for Lena()lena.kiev.ua; Wed, 30 Mar 2016 14:50:59 +0300 > Received: from Debian-exim by thot.soft-work.de with

Re: [exim] Help with limit per user

> From: Dennis Isa??as Cervantes Nu??ez > we have a exim mail server, where we implemented an ACL to limit shipments > of users and thus avoid SPAM > a text file where are defined the limit of > each user, whether they can help or know another method, my idea is that I > want setear for example

Re: [exim] MUA sends in envelope addresses in "user@host"@host form when using authentication

> Authentication works, but there is weird problem. When I set any MUA > to pass the user name for authentication as user@domain, the MUA sends > something like the following message. It seems to me that it just > treats the while user@domain combination as the user part of the mail > address and

Re: [exim] Viruses

> From: nb > there are two "550" strings included in the message. > How do you explain this ? Exim in the receiving server divided long message to lines: 550-A .zip attachment contains a Windows-executable file - blocked because we 550 are afraid of new viruses not recognized

[exim] Viruses

> From: n...@dagami.org > I'm receiving many spams my antivirus doesn't detect. UNZIP = /usr/bin/unzip UNRAR = /usr/local/bin/unrar acl_smtp_mime = acl_check_mime begin acl acl_check_mime: deny message = Windows-executable attachments forbidden condition = ${if def:sender_host_address}

Re: [exim] Drop message after first unknown user

> From: jarek > Is it possible, to configure exim, so it will drop/reject message > processing after first "Unknown user" ? > One of my servers is under permanent DDOS with thousands of clients > trying to send messages to non existing recipients. If the non-existing recipients are

Re: [exim] Strange problem with mime_acl_check.

> From: kuncho pencho > The attachment is about 2mb, zipped file, contains folder with 20-30files > inside. > i login remotely to his pc, made exactly same attachment and copied > to mail server. Check it and it pass about 1m16.021s. :( Using `zip` from FreeBSD base, I created a compressed

Re: [exim] Strange problem with mime_acl_check.

> From: pencho kuncho > I have a very strange situation with one our client. He tried > to send mail to us with attachment (about 2mb, which is > zipped folder with 20-30 files inside) > 2016-01-14 23:54:22 1aJppa-iB-39 H=(mail.host.com) [8.1.4.2] > F= temporarily rejected

Re: [exim] Counting the number of headers in an incoming email

> From: Chris Siebenmann > We use a commercial anti-spam system behind our Exim-based inbound MX > gateway that turns out to be unhappy if a message has 'too many' headers > (where this is an undocumented value of more than 512 headers). I'd like > to detect and reject these messages in the DATA

Re: [exim] acl_check_content doesn't get applied to all mails

> From: Sch??rjann, Tobias > the acl only works sometimes. In the rejectlog I can see a few mails that > got rejected with the message: "This message contains an unwanted file > extension (zip)", so the acl works, but most of the Mails are not rejected > although they contain zip files. Insert

Re: [exim] Problems with yahoo

> From: Odhiambo Washington > Of late I am having difficulties delivering mail to users on Yahoo Me too. yahoos use greylisting stupidly. > For SPF+DKIM, I already have those (please check kictanet.or.ke). Haven't > setup DMARC. Is there a cookbook lying somewhere for this?

Re: [exim] Problems with yahoo

> From: Odhiambo Washington > Of late I am having difficulties delivering mail to users on Yahoo who are > subscribed to a mailing list that I run for the community. > The following error fills my log: > > 2015-12-08 18:58:29 Start queue run: pid=7681 > 2015-12-08 18:58:31 1a4rOm-000Cmj-TP

[exim] http

> From: Bj??rnar Ness > I wrote a http lookup module I use readsocket for HTTP lookups: deny ... (if a suspicious host passed greylisting and endured a 22s delay) condition = ${if or{\ {bool{${lookup dnsdb{a=$sender_address_domain}{0}{1\

  1   2   3   4   >