Re: Re: exim or postfix
Op ma, 03-01-2005 te 17:28 -0300, schreef Ing. Jorge Escudero: What POP or IMAP or Web mail Server use to exim on Debian? I'm not entirely sure I understand your question correctly. Do you mean What POP or IMAP daemon can I use with exim on Debian? or rather, Is there a Web mail client I can use with a POP or IMAP server and exim on Debian? If the first is what you're asking: Personally, I prefer IMAP; if you do as well, then have a look at dovecot or courier-imapd. I'm not too familiar with POP, so can't help you there. If the second is what you're asking, then you have quite a number of options. Most webmail thingies support IMAP and /any/ MTA, including exim; in fact, I have yet to see the first one that does not. In that area, my preference goes out to IMP, but of course you must make your own choices. Regards, -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: exim or postfix
What POP or IMAP or Web mail Server use to exim on Debian? thanks you -- Ing. Jorge Escudero Seguridad Informática Unidad de Información Financiera Ministerio de Justicia Cerrito 264, 3er. piso 1010 - Capital Federal TE 4384-5981 int. 327 http://www.uif.gov.ar/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach John Goerzen [EMAIL PROTECTED] [2004.11.12.0612 +0100]: And I get many legitimate e-mails with a bad HELO. In fact, I would argue that your rule here is wrong. If I send you an e-mail from my laptop, it is not going to send you an address of a server that can receive mail (or has a DNS entry) in HELO, but everything else will be valid, and I argue that this is OK. If you send me mail from your laptop without going via a proper relay, I will reject it too. Use your ISP mail relays! If the suck, switch ISPs. If that's not possible, pool with others and run a proper MTA. Or convince me (or others here) that you need a proper relay, and we'll give you SASL access. Or get a gmx.net account. Mail was not supposed to be sent from leaf nodes. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
On Friday 12 November 2004 07.47, Craig Sanders wrote: On Fri, Nov 12, 2004 at 05:12:34AM +, John Goerzen wrote: 4 ETRN Weird, people are just sending ETRN commands to you? me too. One is a mail server of a respected company that is apparently misconfigured, and has been for a few years. I've written the postmaster, I've written the IP block owners etc. - they just don't care. I probably should flood them with bogus email when they call in next time, perhaps that would make them pay attention... :-] 26 RBL Dynablock.njabl.org My own static DSL IP is on this one. Lots of people have legit reasons ^^ for not using their ISP's sucky, crappy mail servers. viruses that come from dynamic IPs. ^^^ Craig, you seen that? Dynablock seems to include some static IPs. (I guess John is at one of those ISPs who mix static IPs and dynamic IPs in the same IP range, or at least use the same xxx.dsl... reverse DNS.) 4779 User unknown I am stunned at how many attempts I get to send mail to non-existant accounts, too. 40% former usenet accounts, 40% message-Ids, 20% things like [EMAIL PROTECTED] or so; I guess mostly it's from web harvesters that extract email addresses from mailing list archives etc. but are buggy (or try to guess antispam-protected mailadresses.) greetings -- vbi -- Oops -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Fri, Nov 12, 2004 at 10:09:36AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: On Friday 12 November 2004 07.47, Craig Sanders wrote: On Fri, Nov 12, 2004 at 05:12:34AM +, John Goerzen wrote: 4 ETRN Weird, people are just sending ETRN commands to you? me too. One is a mail server of a respected company that is apparently misconfigured, and has been for a few years. I've written the postmaster, I've written the IP block owners etc. - they just don't care. I probably should flood them with bogus email when they call in next time, perhaps that would make them pay attention... :-] i just ignore it, same as i ignore all the probe attempts on various ports. they're annoying, and i wish they wouldn't happen, and i have to take steps to protect my systems against them, but they happen far too often to get too upset about them. block it, log it, and move on. 26 RBL Dynablock.njabl.org My own static DSL IP is on this one. Lots of people have legit reasons ^^ for not using their ISP's sucky, crappy mail servers. viruses that come from dynamic IPs. ^^^ Craig, you seen that? sorry, i didn't notice that first time around. thanks for pointing it out. Dynablock seems to include some static IPs. IIRC, dynablock notes that this can happen on their web site. they say it's typically because the ISP concerned does something like: 1. allocates static IPs from the same pool as dynamic IPs 2. has reverse DNS entries that imply dynamic IP 3. maybe some other similar reasons, i forget... unfortunately, there's nothing the end-user can do to resolve this. the only people they will listen to for requests to remove such possibly-bogus dynamic listings are the owner(s) of the netblock (i.e. the ISP). presumably that is because spammers are not above lying if it suits them and have no qualms about claiming that they are a legit mail operator on a really, truly, honest-i-tell-you static IP. possibly also because it's a way to encourage slack-arse ISPs to adopt better practices. personally, i'm inclined to still use dynamic blocks even with these errors, and add whitelist entries to my rbl_override map if and when i need to. (I guess John is at one of those ISPs who mix static IPs and dynamic IPs in the same IP range, or at least use the same xxx.dsl... reverse DNS.) possibly. craig -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Fri, Nov 12, 2004 at 05:47:17PM +1100, Craig Sanders wrote: On Fri, Nov 12, 2004 at 05:12:34AM +, John Goerzen wrote: i like the way it works. makes it easy to model the flow of mail from component to component. On the other hand, it introduces complexity into the system. It's a lot easier for me to write a plug-in for an Exiscan-acl filter (I could just accept a message on stdin and indicate my desires by an exit code, or my output, or whatever) than to write one for Postfix. For Postfix, I have to be a daemon, and one that speaks SMTP as both a client and a server at that. btw, if setting up a chain of filters, you don't need to loop it through postfix each time. True. The only featureful free software filtering system for Postfix that I've seen in Amavis. And it sucks too. Slow, unreliable, a huge memory hog, leaves files all over on the disk, etc, etc, etc. again, i like it (amavisd-new, that is). it is a bit of a memory hog (SA is *much* worse), but it's not unreliable and it doesn't leave files all over the place, it uses /var/lib/amavis and cleans up after itself. speedwise, it's not I've had a lot of trouble with Amavis. And BTW, when I say Amavis, I am speaking about amavis, amavis-new, or amavis-ng collectively. I had to write a little cron job for my server that goes and cleans up the files it leaves behind from virus scanning. If the Internet is down, the whole thing freaks out. Amavis will sit there waiting for spamassassin to do its thing. Postfix will time out, and keep trying to call Amavis later. Meanwhile, Amavis will finally deliver the message (or not). Lots of duplication. I've also had a lot of trouble on upgrades to Amavis related to Perl versions and the like. It's had some serious silently drops all mail type bugs before. I will grant that once it starts up and is working OK, it doesn't crash. too shabby - insignificant time overhead compared to the time taken by SA or even clamav. That said, exiscan-acl is a lot faster than postfix+amavis on my system. Maybe it's because it uses about 500k of memory with a C program instead of 40MB of memory wiht a Perl program, or because it doesn't have to incorporate a full SMTP server, dunnno. if you use SA with it, though, it still ends up using that 40MB per process. root 262 0.0 2.0 25604 3900 ?Ss 06:22 0:03 /usr/sbin/spamd -c -m 10 -d --pidfile=/var/run/spamd.pid 3.9MB here :-) the nice thing about amavis is that you tell it to pre-fork as many processes as you think you'll need (adjust according to empirical observation) and you avoid the overhead of starting up perl and compiling SA for every message. dunno if exiscan-acl does something like that - i'd guess that it does because it is an obvious optimisation. either way, whether pre-forked or not, each SA process uses that much memory, and takes the same amount of time to run all it's checks. Exiscan prefers to operate by communicating with spamd and clamd daemons. That way, you get all those benefits, but exiscan itself doesn't have to embed a large Perl program in its process. i could probably get away with having SA checks during the SMTP stage. but I agree with Wietse's attitude that a system that only works some of the time is fundamentally broken. by doing content-filtering later and DISCARDing messages with scores over 13.0, i get pretty close to the same benefit without any of the risk. Yeah, I could see that. OTOH, observation has shown that, under even high load, I can spam and virus check every message in about 2 seconds. Plus, I have Exim configured to queue only once my load exceeds 2.5 (meaning that incoming messages are scanned, then queued for the next queue run, rather than being delivered immediately), which means that load never gets much above that. (Mail is really the only thing on my server that generates load) [ snip ] 4779 User unknown I am stunned at how many attempts I get to send mail to non-existant accounts, too. spammers sell their lists based on the number of addresses. they don't care if the addresses they are selling actually exist. One theory I had for my situation is that I just turned off my backup MX. If they really were always targeting it, it would have accepted every message, so they would have thought every address was a real one. However, you seem to have blown that theory. :-) -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Saturday 06 November 2004 22:19, Rodney Richison wrote: Are most of you using exim or postfix? Just curious. I've never tried exim. neither. courier-mta. just starting to have some production experience, and so far i like it quite a bit. i chose it because it has everything integrated: pop3, esmtp, pop3-ssl, emstp-ssl, esmtp-msa, imap, webmail, and mailing list mgr, etc. Plus it's GPL'd. so far, the only thing i haven't been able to do is setup a per-user preference for rejecting email based on the other server's HELO response. but i'm not going to do that anyway--too much work to maintain the good domains (load balancerers), plus it violates an RFC. regards, mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
I just switched from Postfix to Exim. I am now a big fan of Exim. http://changelog.complete.org/articles/2004/11/08/latest-experiment-exim/ http://changelog.complete.org/articles/2004/11/11/exim-transition-successful/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Saturday 06 November 2004 22:19, Rodney Richison wrote: Are most of you using exim or postfix? Just curious. I've never tried exim. i use postfix/courier-imap,pop3/maildrop/sqwebmail with amavisd-new, clamav, spamassasin, razor and pyzor. mysql is my userdatabase and postfixadmin my webfrontend. postfix is very well suppotet and has lots of features. there is many 3d party software out there and it has a very modern achitecture. also there are many how-tos out there what can be very helpful ;) eg: http://www.xmission.com/~jmcrc/spamfilter20041003.html exim is somehow more basic. maby it's a little faster but has not as many features as postfix has. greetings florian engelmann neither. courier-mta. just starting to have some production experience, and so far i like it quite a bit. i chose it because it has everything integrated: pop3, esmtp, pop3-ssl, emstp-ssl, esmtp-msa, imap, webmail, and mailing list mgr, etc. Plus it's GPL'd. so far, the only thing i haven't been able to do is setup a per-user preference for rejecting email based on the other server's HELO response. but i'm not going to do that anyway--too much work to maintain the good domains (load balancerers), plus it violates an RFC. regards, mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Thu, Nov 11, 2004 at 09:25:52PM +, John Goerzen wrote: I just switched from Postfix to Exim. I am now a big fan of Exim. http://changelog.complete.org/articles/2004/11/08/latest-experiment-exim/ http://changelog.complete.org/articles/2004/11/11/exim-transition-successful/ glad to hear it worked for you. a few comments, though: 1. synchronization detection - postfix has done this for years, except that it's called reject_unauth_pipelining. you enable it as one of the smtpd_*_restrictions. 2. postfix does support filtering during the SMTP transaction. the difference is that the postfix author tells you up front that it is inherently problematic (for *ANY* MTA, not just postfix) because of the potential for SMTP timeouts if the filter takes too long to run (SpamAssassin, for example, could take ages to complete regardless of whether it's run from exim or postfix...especially if it's doing DNSRBL and other remote lookups), and he recommends that you don't do it. other MTAs blithely ignore the potential problem and tell you to go ahead and do it. that said, though, exiscan-acl sounds cool. on a light to moderately loaded server, it's probably not a huge problem. i manage to avoid the problem by having good anti-spam/anti-virus rules (and a huge junk map and set of body_checks header_checks rules) that it rejects about 99% of all spam during the SMTP session. very little makes it through them to be scanned with amavsid-new/spamasssassin/clamav. still, i sometimes think it would be nice to run SA at the SMTP stage. e.g. my spam-stats.pl report for last week (this is for a little home mail server with about half a dozen users): ganesh:/etc/postfix# spam-stats.pl /var/log/mail.log.0 2 RBL bogusmx.rfc-ignorant.org 4 Unwanted Virus Notification 4 ETRN 6 body checks (VIRUS) 12 header checks (VIRUS) 15 RBL taiwan.blackholes.us 26 RBL Dynablock.njabl.org 28 RBL hongkong.blackholes.us 39 RBL brazil.blackholes.us 76 Local access rule: Helo command rejected 114 Relay access denied 145 SpamAssassin score far too high 148 body checks (Spam) 163 Local address forgery 200 strict 7-bit headers 202 RBL dul.dnsbl.sorbs.net 212 RBL sbl-xbl.spamhaus.org 253 header checks (Spam) 288 Need FQDN address 297 Recipient Domain Not Found 429 RBL list.dsbl.org 517 Local access rule: Client host rejected 687 Greylisted delivery attempt 717 Dynamic IP Trespass 1361 RBL cn-kr.blackholes.us 1463 Sender Domain Not Found 4779 User unknown 6422 Recipient address rejected 6970 Local access rule: Sender address rejected 22256 Bad HELO 47835 TOTAL Spamassassin stats: 77 spam 2919 clean 2996 TOTAL Percentages: spam:non-spam (47912/50831) 94.26% tagged messages (77/2996) 2.57% rejected spam (47835/47912) 99.84% only 2996 messages (out of 50831) were accepted by postfix and scanned by SA. of those, only 77 were tagged as spam, plus another 145 that were discarded by a header_checks rule which detects whether the SA score is over 13.0 (discard, not reject) when amavisd-new tried to reinject the message back into postfix after content-filtering. that was a pretty average week, although (as ever) the number of attempts to deliver spam goes up all the time. 2 months ago, it was averaging about 30-35K rejects per week. now it's nearly 50K. the percentages don't change much, spam is already well over 90% of what my MTA sees. craig -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Thursday 11 November 2004 17:04, Craig Sanders wrote: 22256 Bad HELO wow. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
Hi Craig, 2. postfix does support filtering during the SMTP transaction. the difference is that the postfix author tells you up front that it is inherently problematic (for *ANY* MTA, not just postfix) because of the potential for SMTP timeouts if the filter takes too long to run (SpamAssassin, for example, could take ages to complete regardless of whether it's run from exim or postfix...especially if it's doing DNSRBL and other remote lookups), and he recommends that you don't do it. other MTAs blithely ignore the potential problem and tell you to go ahead and do it. well, sa-exim does have timeouts for that and will just hard terminate the process if that's hit. So the point isn't fully valid as is. -(snip)- i manage to avoid the problem by having good anti-spam/anti-virus rules (and a huge junk map and set of body_checks header_checks rules) that it rejects about 99% of all spam during the SMTP session. very little makes it through them to be scanned with amavsid-new/spamasssassin/clamav. still, i sometimes think it would be nice to run SA at the SMTP stage. -(snip)- would it be possible to get the config sniplets of your server config as it seems to be pretty efficient...? Just as a reference like the exim4 config posted back in the other thread or this one. Thanks! -- Best regards, Kilian signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: exim or postfix
On 2004-11-11, Craig Sanders [EMAIL PROTECTED] wrote: On Thu, Nov 11, 2004 at 09:25:52PM +, John Goerzen wrote: a few comments, though: 1. synchronization detection - postfix has done this for years, except that it's called reject_unauth_pipelining. you enable it as one of the smtpd_*_restrictions. Thanks. I was not aware of that. 2. postfix does support filtering during the SMTP transaction. the difference is that the postfix author tells you up front that it is inherently problematic (for *ANY* MTA, not just postfix) because of the potential for SMTP timeouts if Yes, it does now (I realized that one last week), but its whole filtering support sucks. (Having to set up a SMTP server and client for every filter is just nasty.) The only featureful free software filtering system for Postfix that I've seen in Amavis. And it sucks too. Slow, unreliable, a huge memory hog, leaves files all over on the disk, etc, etc, etc. the filter takes too long to run (SpamAssassin, for example, could take ages to complete regardless of whether it's run from exim or postfix...especially if it's doing DNSRBL and other remote lookups), and he recommends that you don't do it. other MTAs blithely ignore the potential problem and tell you to go ahead and do it. No, you're quite right, and I have seen all those warnings. That said, exiscan-acl is a lot faster than postfix+amavis on my system. Maybe it's because it uses about 500k of memory with a C program instead of 40MB of memory wiht a Perl program, or because it doesn't have to incorporate a full SMTP server, dunnno. e.g. my spam-stats.pl report for last week (this is for a little home mail server with about half a dozen users): That is very interesting. However, you apparently have the luxury of a great number of false positives. That is very nice, but it is not a luxury I have. ganesh:/etc/postfix# spam-stats.pl /var/log/mail.log.0 2 RBL bogusmx.rfc-ignorant.org 4 Unwanted Virus Notification 4 ETRN Weird, people are just sending ETRN commands to you? 6 body checks (VIRUS) 12 header checks (VIRUS) 15 RBL taiwan.blackholes.us I assume you are blocking an en *entire country* here? 26 RBL Dynablock.njabl.org My own static DSL IP is on this one. Lots of people have legit reasons for not using their ISP's sucky, crappy mail servers. 28 RBL hongkong.blackholes.us 39 RBL brazil.blackholes.us I have to talk to people in this country, too. 76 Local access rule: Helo command rejected 114 Relay access denied 145 SpamAssassin score far too high 148 body checks (Spam) 163 Local address forgery 200 strict 7-bit headers 202 RBL dul.dnsbl.sorbs.net Ditto on this one. 212 RBL sbl-xbl.spamhaus.org I catch a LOT of spammers with that one, and very little, if any, collateral damage. 253 header checks (Spam) 288 Need FQDN address 297 Recipient Domain Not Found 429 RBL list.dsbl.org 517 Local access rule: Client host rejected 687 Greylisted delivery attempt 717 Dynamic IP Trespass 1361 RBL cn-kr.blackholes.us Have to talk to Chinese people too... 1463 Sender Domain Not Found 4779 User unknown I am stunned at how many attempts I get to send mail to non-existant accounts, too. 6422 Recipient address rejected 6970 Local access rule: Sender address rejected 22256 Bad HELO And I get many legitimate e-mails with a bad HELO. In fact, I would argue that your rule here is wrong. If I send you an e-mail from my laptop, it is not going to send you an address of a server that can receive mail (or has a DNS entry) in HELO, but everything else will be valid, and I argue that this is OK. Anyway, thanks for the info. It's always interesting to see what other people are doing. And now I know where not to mail you from. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Thu, Nov 11, 2004 at 05:12:10PM -0500, Mark Bucciarelli wrote: On Thursday 11 November 2004 17:04, Craig Sanders wrote: 22256 Bad HELO wow. most of them being spammers trying to use my IP address or a bogus domain name in the HELO/EHLO string. and most of them from Korea. most of them were also to non-existent recipients (it's just that the HELO check rules were triggered first) - i expect i pissed off a few spammers over the last 10 years or so that i've had my domain, and they've retaliated by adding many thousands of bogus @taz.net.au addresses to their spam lists, which get swapped with or sold to other spammers. once an address gets on a spam list, it never gets off, it just gets added to more and more spam lists. regardless of whether it exists, or even whether it ever existed. craig -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
On Fri, Nov 12, 2004 at 05:12:34AM +, John Goerzen wrote: 2. postfix does support filtering during the SMTP transaction. the difference is that the postfix author tells you up front that it is inherently problematic (for *ANY* MTA, not just postfix) because of the potential for SMTP timeouts if Yes, it does now (I realized that one last week), but its whole filtering support sucks. (Having to set up a SMTP server and client for every filter is just nasty.) i like the way it works. makes it easy to model the flow of mail from component to component. btw, if setting up a chain of filters, you don't need to loop it through postfix each time. i.e. don't do this: postfix - filter1 - postfix - filter2 - postfix - filter3 - postfix do this instead: postfix - filter1 - filter2 - filter3 - postfix. The only featureful free software filtering system for Postfix that I've seen in Amavis. And it sucks too. Slow, unreliable, a huge memory hog, leaves files all over on the disk, etc, etc, etc. again, i like it (amavisd-new, that is). it is a bit of a memory hog (SA is *much* worse), but it's not unreliable and it doesn't leave files all over the place, it uses /var/lib/amavis and cleans up after itself. speedwise, it's not too shabby - insignificant time overhead compared to the time taken by SA or even clamav. That said, exiscan-acl is a lot faster than postfix+amavis on my system. Maybe it's because it uses about 500k of memory with a C program instead of 40MB of memory wiht a Perl program, or because it doesn't have to incorporate a full SMTP server, dunnno. if you use SA with it, though, it still ends up using that 40MB per process. (mine uses about 55MB, but i have thousands of local rules, scoring spam domains and spam phrases etcgenerated from the same text files i use to generate my junk map, body checks, header checks, etc. my anti-spam system has evolved over the years - as new anti-spam technologies come along, i check them out and incorporate the useful ones into my system) the nice thing about amavis is that you tell it to pre-fork as many processes as you think you'll need (adjust according to empirical observation) and you avoid the overhead of starting up perl and compiling SA for every message. dunno if exiscan-acl does something like that - i'd guess that it does because it is an obvious optimisation. either way, whether pre-forked or not, each SA process uses that much memory, and takes the same amount of time to run all it's checks. i could probably get away with having SA checks during the SMTP stage. but I agree with Wietse's attitude that a system that only works some of the time is fundamentally broken. by doing content-filtering later and DISCARDing messages with scores over 13.0, i get pretty close to the same benefit without any of the risk. (it used to be 15.0 until recently, but i started getting quite a few nigerian type spams in my tagged SPAM folder, at least one per day, with scores of 13.1 and 14.6 and so on, so i lowered the discard score to 13) e.g. my spam-stats.pl report for last week (this is for a little home mail server with about half a dozen users): That is very interesting. However, you apparently have the luxury of a great number of false positives. That is very nice, but it is not a luxury I have. no, i have very few false-positives. whenever i've grepped for reject: in the logs and examined them in detail, i've rarely (never that i can recall, but i'm probably forgetting some) ever found any false positives. the rejects really are all spam. ganesh:/etc/postfix# spam-stats.pl /var/log/mail.log.0 2 RBL bogusmx.rfc-ignorant.org 4 Unwanted Virus Notification 4 ETRN Weird, people are just sending ETRN commands to you? yep. happens a few times every week. i have no idea whymaybe they're probing me for some vulnerability in some ancient version of sendmail or something. 15 RBL taiwan.blackholes.us I assume you are blocking an en *entire country* here? yep. i don't know anyone in taiwan, and if anyone there *really* needs to communicate with me they can use yahoo or hotmail or something. if it matters to them, they'll find a waynot my problem, i don't care. of course, this is my HOME mail server. i don't use any of the blackholes.us RBLs at work. there, i have to be a lot more conservative about spam blocking. 26 RBL Dynablock.njabl.org My own static DSL IP is on this one. Lots of people have legit reasons for not using their ISP's sucky, crappy mail servers. fair enough, they may have legit reasons, but i don't need the potential for receiving mail from them more than i need to block the spam and viruses that come from dynamic IPs. it's not difficult or expensive (it can even be free if you have the right contacts) to arrange to relay your mail through a static IP mail server, using uucp or SMTP AUTH
Re: exim or postfix
On Wed, Nov 10, 2004 at 08:21:14AM +0100, martin f krafft wrote: also sprach Craig Sanders [EMAIL PROTECTED] [2004.11.10.0010 +0100]: There have been some very simple things that I've needed to find solutions to with postfix in the past which I ended up having to do with procmail that I can now deal with in ~ 3 lines in the exim config. my guess is that you just know exim better than postfix, so things that an experienced postfix user would find easy aren't as easy for you as just using exim. all of the things you listed as benefits of exim, my first thought was but postfix does that (and it does it better :). You are not seriously arguing this, right? yes. The exim routers are far beyond what postfix can do. not in my experience. IMHO, they are far beyond the job of an MTA, so it's more a plus for exim than a minus for postfix. show me anything that you think can't be done in postfix and i'll probably tell you how it can be done. in my experience, the only people who say postfix can't do that are people who don't actually know postfix, or who are so caught up in the way that you do it in some other MTA that it never occurs to them to investigate how you might do it in something else such as postfix. every MTA has a different conceptual model for how mail is handled. if someone insists on applying exim models to postfix (or vice-versa) then they're not going to be very successful. Anyway, if you are so confident about postfix, then maybe you can teach me how to set up spamassassin to run under the local user's identity, procmail, maildrop or whatever local delivery agent you use can run spamassassin. that's part of an LDA's job. even on the simplest level, a .forward file which pipes to SA is executed under the UID of the user. before you say but i want the MTA to do it, that's just you thinking in terms of a monolithic MTA like exim. anyone who thinks in postfix terms would be horrified by the idea of having a huge setuid binary try to do everything. postfix consists of several small, modular parts. each one does it's job, and each one is replacable. postfix can hand off local delivery to it's own LDA called local or it can hand off local delivery to procmail or maildrop or cyrus or whatever. you can even have some local mail delivered by local and some by procmail etc. as far as postfix is concerned, it doesn't matter - as long as they fulfil the function of a local delivery agent. and how to route messages based on the sending address (for SPF reasons). no idea, never needed to do it. try the postfix-users archives. if it's not straight-forward, i'll bet you could do it with a policy server. ps: i've used pretty nearly all of the free software MTAs (and some not-so-free, like qmail) over the last 15 years. So have i, but i miss in your list a mention of exim. i tried exim sometime after switching to sendmail. it was just smail without the stupid bugs, so i saw no reason to switch to it. it's progressed a lot since then, but it is still the same model as exim. I have also never used exim because I had settled on postfix through much the same path (I also checked out zmailer in between) as you and was me too. it didn't do anything amazingly different and was even clumsier to use than qmail. i tried pretty nearly every MTA i ever cam acrossand am a firm believer in the maxim that all mail programs suck, but some suck less. and postfix sucks least of all. craig -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach Craig Sanders [EMAIL PROTECTED] [2004.11.10.0901 +0100]: Anyway, if you are so confident about postfix, then maybe you can teach me how to set up spamassassin to run under the local user's identity, procmail, maildrop or whatever local delivery agent you use can run spamassassin. that's part of an LDA's job. I agree. But exim can do it. And even though this is the LDA part of it, postfix also includes an LDA, which is just not up to speed. even on the simplest level, a .forward file which pipes to SA is executed under the UID of the user. ... not manageable... before you say but i want the MTA to do it, that's just you thinking in terms of a monolithic MTA like exim. I am challenging you. My postfix does not do said things, and I sure well know why. and how to route messages based on the sending address (for SPF reasons). no idea, never needed to do it. try the postfix-users archives. I cheated. It's in there and marked 'impossible'. Exim can do it. if it's not straight-forward, i'll bet you could do it with a policy server. A policy server has no decision on route destination. Anyway, I can't believe I am arguing against the product that I embrace the most. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
also sprach Craig Sanders [EMAIL PROTECTED] [2004.11.10.1014 +0100]: I agree. But exim can do it. And even though this is the LDA part of it, postfix also includes an LDA, which is just not up to speed. and postfix can do it too. No, it cannot, unless you use spamassassin as the LDA, which is deprecated. Exim can use multiple sequential filters as part of the LDA (which are all run as the user). postfix doesn't do it the same way as exim because postfix is not a single monolithic process. Stop harping on that and respond to my points, if at all. Even a modular architecture can support filters as part of the LDA; Postfix does not. ... not manageable... of course not. but a) it works, and b) it doesn't have to be manageable, .forward files are not a system-wide setting, they are a per user thing. So you suggest .forward files for a machine hosting about 1700 Windows users? if you want it to run for every user without each user having to do custom configuration, then use procmail as the LDA and create a rule in /etc/procmailrc. problem solved. If you object to exim because of its monolithic setuid nature, how can you possibly advocate procmail? Sure, it's run as the user. But it's a bloody performance hog. Try that with 1700 users and about 130 to 200 mails per minute, and you'll find that it does not work. if you don't care about using per-user settings in SA, then just use a content filter and you'll get SA checking on ALL mail, not just on locally-delivered mail. again, problem solved. IMO, this is the best way to do it. If you do SA on a system-wide basis, the auto-whitelisting feature is a problem, and Bayesian filtering is basically useless. but if the question you are asking is i want postfix to work exactly the same as exim, then you'll never get an answer. I did not say so. *ALL* mail is both incoming AND outgoing. Which (sensible) MTA does not do it this way? I am challenging you. challenging me to do what? To consider that, in fact, postfix is not the best for all situations. repeat after me: an MTA is not an LDA. use the right tool for the job. I believe I said before that I completely agree. This is not the issue being discussed. I cheated. It's in there and marked 'impossible'. Exim can do it. i doubt if it's impossible. You are making a fool of yourself. in short, the answer is that's not a useful question. routing based on solely the From: address is inherently broken. Did I say that the From address was the only feature to base routing on? Also you (and Wietse) are failing to see the value for store-and-forward relays. Anyway, this is pointless. You just read my last post on the issue. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
On Wed, Nov 10, 2004 at 11:09:47AM +0100, martin f krafft wrote: also sprach Craig Sanders [EMAIL PROTECTED] [2004.11.10.1014 +0100]: I agree. But exim can do it. And even though this is the LDA part of it, postfix also includes an LDA, which is just not up to speed. and postfix can do it too. No, it cannot, unless you use spamassassin as the LDA, which is deprecated. spamassassin is not an LDA. you use procmail or maildrop or something as the LDA, and that calls SA, running as the user. Exim can use multiple sequential filters as part of the LDA (which are all run as the user). that's a function of the LDA. procmail can do that, and so can maildrop. i have no idea if postfix's local can do it because i've never actually used it - i've always used procmail. but it doesn't matter - that's the job of the LDA, not the MTA, and postfix happens to have a modular design which lets you use any LDA you like. postfix doesn't do it the same way as exim because postfix is not a single monolithic process. Stop harping on that and respond to my points, if at all. it wouldn't be necessary to harpn on if you didn't consistently miss the obvious. postfix is not exim. stop insisting that it try to be exactly the same. i'll try expressing the concept in simpler language for you, and maybe you'll understand: you go into a take-away food shop and order a steak sandwich. when it arrives, you complain that it doesn't taste like chicken. well, WTF did you expect? it's steak, not chicken. if you had wanted chicken, you should have ordered that. similarly, if you want the exim behaviour and model, then install exim. if you want postifx, then install postfix. but don't expect postfix to operate exactly the same way as exim. to get postfix to do things, you take advantage of the way that postfix works, not complain that it doesn't work exactly like exim. Even a modular architecture can support filters as part of the LDA; Postfix does not. again, you don't know what you are talking about. ... not manageable... of course not. but a) it works, and b) it doesn't have to be manageable, .forward files are not a system-wide setting, they are a per user thing. So you suggest .forward files for a machine hosting about 1700 Windows users? no. try reading what i wrote. if you want it to run for every user without each user having to do custom configuration, then use procmail as the LDA and create a rule in /etc/procmailrc. problem solved. If you object to exim because of its monolithic setuid nature, how can you possibly advocate procmail? for the same reason that i can appreciate cats. i.e. it's irrelevant to the question. procmail is not an MTA. and postfix is not an LDA. they have different jobs. more to the point, whatever it's other faults, procmail is not monolithic - it does one job, and it does it reasonably well. it fits the modular, small-tools paradigm. the fact that it is setuid root is not necessarily a problem. in fact, it's unavoidable. if you're delivering mail to local users, at some point in the process something has to run as root so that it can change UID to the user. IMO, it's better to have that root or setuid process do just one job (LDA) and revoke root privs as early as possible, than to do half a dozen different jobs (monolithic MTA). Sure, it's run as the user. But it's a bloody performance hog. Try that with 1700 users and about 130 to 200 mails per minute, and you'll find that it does not work. 1. you want to run SpamAssassin for 1700 users and 200 mails/minute and you're complaing that it's *procmail* that's the performance hog. i think you need to resynchronise your brain with reality. 2. use maildrop instead if procmail's performance bothers you. 3. write your own mini LDA 3. the CPU time, memory, and I/O used by either procmail or maildrop (or any LDA) is utterly insignificant compared to that used by SpamAssassin. if you don't care about using per-user settings in SA, then just use a content filter and you'll get SA checking on ALL mail, not just on locally-delivered mail. again, problem solved. IMO, this is the best way to do it. If you do SA on a system-wide basis, the auto-whitelisting feature is a problem, true, it doens't work as nicely as it could otherwise.but not very important because auto-whitelisting isn't as useful as it sounds, anyway. and Bayesian filtering is basically useless. nope, it's not. SA's bayesian filters works perfectly well when used as a system-wide filter. but if the question you are asking is i want postfix to work exactly the same as exim, then you'll never get an answer. I did not say so. you have done so repeatedly. *ALL* mail is both incoming AND outgoing. Which (sensible) MTA does not do it this way? dunno, which is why it's so puzzling that people have difficulty understanding it. i think it's because they insist
Re: exim or postfix
On Sun, Nov 07, 2004 at 01:40:30PM +, Brett Parker wrote: There have been some very simple things that I've needed to find solutions to with postfix in the past which I ended up having to do with procmail that I can now deal with in ~ 3 lines in the exim config. my guess is that you just know exim better than postfix, so things that an experienced postfix user would find easy aren't as easy for you as just using exim. all of the things you listed as benefits of exim, my first thought was but postfix does that (and it does it better :). Then, I've always prefered exim, I like having control at my finger tips, and things to do what I expect :) odd. that's one of the reasons i prefer postfix over exim. exim's OK, but the best thing i can say about it is that it is smail done right, without the really stupid bugs. which is not exactly a glowing recommendation. on the plus side, exim's author is damn smart and knows his stuff...but i still prefer postfix. for someone who knows exim really well, i'd say stick with what you know best, you're unlikely to get enough benefit from switching to be worth the effort. for someone who isn't already a long-term exim user, i'd say that they're much better off using postfix. you'll be able to do more, with far less effort. craig ps: i've used pretty nearly all of the free software MTAs (and some not-so-free, like qmail) over the last 15 years.i was an smail fan for a long time, then sendmail got a lot better and i switched to that for a few years. then qmail came along, and i used either sendmail or qmail on all systems for a few more years, depending on need (i liked most of qmail's features but didn't like the license and really didn't like the feeling that it was a dead-end incompatible trap as bad as any proprietary commercial software). then vmailer aka postfix came along and within a few months i had converted all machines to postfix and now i won't willingly use anything else. it had everything i had wished for for years. -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach Craig Sanders [EMAIL PROTECTED] [2004.11.10.0010 +0100]: There have been some very simple things that I've needed to find solutions to with postfix in the past which I ended up having to do with procmail that I can now deal with in ~ 3 lines in the exim config. my guess is that you just know exim better than postfix, so things that an experienced postfix user would find easy aren't as easy for you as just using exim. all of the things you listed as benefits of exim, my first thought was but postfix does that (and it does it better :). You are not seriously arguing this, right? The exim routers are far beyond what postfix can do. IMHO, they are far beyond the job of an MTA, so it's more a plus for exim than a minus for postfix. Anyway, if you are so confident about postfix, then maybe you can teach me how to set up spamassassin to run under the local user's identity, and how to route messages based on the sending address (for SPF reasons). ps: i've used pretty nearly all of the free software MTAs (and some not-so-free, like qmail) over the last 15 years. So have i, but i miss in your list a mention of exim. I have also never used exim because I had settled on postfix through much the same path (I also checked out zmailer in between) as you and was thoroughly happy, before Phil Hazel published the first usable exim (3.0, in the middle of 1999 IIRC). Thus, I try to avoid categorically arguing that postfix is better. I like postfix and do not feel like starting from scratch with another MTA, otherwise I might well inspect exim more closely. In any case, I think among the strongest points for postfix are Wietse Venema, Wietse Venema, Wietse Venema, and Ralf Hildebrandt (as well as many other folks on postfix-users). If you look at Wietse's code, you'll see that it'll be hard to suggest improvements to the logic. From cursory looks at exim, I could not come to the same conclusion, /usr/sbin/exim was setuid root last I checked. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
Rodney Richison said on Sat, Nov 06, 2004 at 09:19:40PM -0600: Are most of you using exim or postfix? Just curious. I've never tried exim. Don't know about most; I use Postfix. I don't think exim is a bad choice, though; I just liked Postfix better, and it performs well enough to meet my needs. M pgpwRaGgrw1KM.pgp Description: PGP signature
Re: exim or postfix
On Sat, Nov 06, 2004 at 09:19:40PM -0600, Rodney Richison wrote: Are most of you using exim or postfix? Just curious. I've never tried exim. exim4 and postfix, depending on the machine, and who origionally set it up. New machines are getting exim4 because it is far more flexible and powerful that postfix (in my experience). Cheers, -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach Mark Ferlatte [EMAIL PROTECTED] [2004.11.07.1013 +0100]: Don't know about most; I use Postfix. I don't think exim is a bad choice, though; I just liked Postfix better, and it performs well enough to meet my needs. Well said. also sprach Brett Parker [EMAIL PROTECTED] [2004.11.07.1226 +0100]: exim4 and postfix, depending on the machine, and who origionally set it up. New machines are getting exim4 because it is far more flexible and powerful that postfix (in my experience). Well, my last tests have shown postfix to be more performant by about a factor of 1.6. In addition, there is the single setuid binary thing about exim. You are right that exim has a lot more features than postfix. However, are they needed? To me, exim tries to be more than an MTA, which is why I surely prefer postfix. I can't wait until I have time to try/use/improve Md's policy framework. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
On Sun, Nov 07, 2004 at 02:02:35PM +0100, martin f krafft wrote: also sprach Brett Parker [EMAIL PROTECTED] [2004.11.07.1226 +0100]: exim4 and postfix, depending on the machine, and who origionally set it up. New machines are getting exim4 because it is far more flexible and powerful that postfix (in my experience). Well, my last tests have shown postfix to be more performant by about a factor of 1.6. In addition, there is the single setuid binary thing about exim. You are right that exim has a lot more features than postfix. However, are they needed? To me, exim tries to be more than an MTA, which is why I surely prefer postfix. I use a fair chunk of them, so yes, I'd say they are. ACLs and the sheer power of the router config wins me over everytime. I work for a small ISP so the more flexible the solution, the better for us. As new things come up, and new unthought of problems arrise, I find that not having to go outside the server setup for large groups of users is rather useful. Coupled with rather powerful database access, exim4 just makes my life a lot easier. There have been some very simple things that I've needed to find solutions to with postfix in the past which I ended up having to do with procmail that I can now deal with in ~ 3 lines in the exim config. Then, I've always prefered exim, I like having control at my finger tips, and things to do what I expect :) Just out of interest, were your tests exim3 or exim4 vs postfix. FWICT there's been a lot of work gone in to exim4, and it does seem to be faster than exim3, I haven't done a straight speed comparison between postfix and exim4, though. Thanks, -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach Brett Parker [EMAIL PROTECTED] [2004.11.07.1440 +0100]: Then, I've always prefered exim, I like having control at my finger tips, and things to do what I expect :) Ha! Flamebait! Consider yourself whacked. I won't even respond to this. :) /me embraces /etc/postfix/main.cf Just out of interest, were your tests exim3 or exim4 vs postfix. exim3; sorry, I should have mentioned that. FWICT there's been a lot of work gone in to exim4, and it does seem to be faster than exim3, I haven't done a straight speed comparison between postfix and exim4, though. I have not either for exim4. I would be interested though. I am very happy with postfix, but I do at times eye over to the router config of exim. You are right, I cannot get rid of procmail at the moment, which is definitely a pain. However, I've been using postfix for like 7 years now and I really don't want to start to learn to swim again in icy waters. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: exim or postfix
On Sun, Nov 07, 2004 at 02:02:35PM +0100, martin f krafft wrote: [...] I can't wait until I have time to try/use/improve Md's policy framework. Do you have an URL with more info about that policy framework?. Thanks, -- teo - http://blog.eltridente.org Res publica non dominetur -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim or postfix
also sprach Teófilo Ruiz Suárez [EMAIL PROTECTED] [2004.11.07.1529 +0100]: Do you have an URL with more info about that policy framework?. Not handy. Please write to md ät linux dot it, he's the author. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
exim or postfix
Are most of you using exim or postfix? Just curious. I've never tried exim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim conditions for attachments
This one time, at band camp, Craig Schneider said:
(redirecting this back to the list - I read the list, so you can send
replies there.)
Hi Stephen
Thanks for the help dude.
Do you mean like this? Or incorporate it into the condition somehow?
# deny message = User is unable to receive attachments of this nature
($found_extension)
# domains = ! +local_domains
# condition =
${lookup{$recipients}lsearch{/etc/mail/extensions}{1}{0}}
#demime = jpg:mpg:mpeg:mp3:gif:bmp
Thanks
That statement will do this:
if ( the domain of the recipient is not a local domain) and
( the recipient is found in a file) and
( after unpacking, the message contains one of these mime types)
then deny the email
Which is not what I think you want.
I am also fairly sure that $recipients is not available in ACL's, but
only in system filters. There are several problems with the approach
you're trying:
First, you can only unpack a message after the data phase of the smtp
transaction, at which point you may have one or more recipients for a
message. What do you do with the email if one of the recipients is on
the list, but the others aren't? If you reject the email, nobody in the
recipient list gets the email, whether they're on your list or not, and
if you accept it, everybody on the recipient list gets the email.
The +local_domain as sender is something that is too easily forged to
allow for exemption, IMHO - it's a not uncommon spammer trick to send
email from you to you, so you might allow a lot of things that you don't
actually want.
If I were you, I would take a moment to decide what you mean by 'the
email comes from the local domain', and then implementation gets easier.
If all local mail is generated on the localhost (e.g., all users use
webmail or have shell accounts), then you can write a condition to check
for an empty host string. If instead you really plan to use just the
domain part of the sender, you can write a test that looks for sender =
[EMAIL PROTECTED] or whatever domainlist you use. If you receive mail
from your local domain users in other ways (from a set of known machines,
or via authenticated smtp), write an acl that puts in a header, and test
for that header later in a router or filter.
Per user mime filtering will have to be done later, outside of the smtp
time transaction, though, so you'll want a router or something to do
this work (and you'll want that router to have no-verify in it, since
it will mess up routing in the acl's otherwise) Overall, I think the
easiest approach would be to use a system filter, rather than an acl.
You'll have to decide what you want to do with these emails if the match
in the system filter (and I recommend not bouncing at this point, but
saving to a special mbox somewhere, to cut down on collateral spam)
I highly recommend reading /usr/share/doc/exim4-base/spec.txt.gz for
this sort of thing. It makes all of these issues clear.
From: Stephen Gran [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Gran
This one time, at band camp, Craig Schneider said:
Hi Guys
I have wrtten a condition to check if a user is in a flat text file,
if so then allow them NOT to receive attachments of a certain type.
However I need to put a condition in to allow them to receive from the
If you mean from 127.0.0.1, then add a
! hosts = :
If you mean from [EMAIL PROTECTED] (trivially forged, and I would avoid
relying on this test, add a ! senders_domain = +local_domains
(I may be wrong about sender_domains - check the spec. It's close to
that, but I forget and am too lazy to look right now :)
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
-
pgpZjDbEU1Nwx.pgp
Description: PGP signature
Exim conditions for attachments
Hi Guys
I have wrtten a condition to check if a user is in a flat text file, if
so then allow them NOT to receive attachments of a certain type. However
I need to put a condition in to allow them to receive from the
$local_domain.
Heres what I have so far:
# deny message = User is unable to recieve attachments of this nature
($found_extension)
#
condition=${lookup{$recipients}lsearch{/etc/mail/extensions}{1}{0}}
#demime = jpg:mpg:mpeg:mp3:gif:bmp
Any help would be appreciated.
Thanks
c
Re: Exim conditions for attachments
This one time, at band camp, Craig Schneider said:
Hi Guys
I have wrtten a condition to check if a user is in a flat text file, if
so then allow them NOT to receive attachments of a certain type. However
I need to put a condition in to allow them to receive from the
$local_domain.
Heres what I have so far:
# deny message = User is unable to recieve attachments of this nature
($found_extension)
#
condition=${lookup{$recipients}lsearch{/etc/mail/extensions}{1}{0}}
#demime = jpg:mpg:mpeg:mp3:gif:bmp
If you mean from 127.0.0.1, then add a
! hosts = :
If you mean from [EMAIL PROTECTED] (trivially forged, and I would avoid
relying on this test, add a
! senders_domain = +local_domains
(I may be wrong about sender_domains - check the spec. It's close to
that, but I forget and am too lazy to look right now :)
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
-
pgpxeke84WLsO.pgp
Description: PGP signature
RE: Exim 4.20 + Mailman
Title: RE: Exim 4.20 + Mailman -Original Message- From: Kenny Duffus [mailto:[EMAIL PROTECTED]] Sent: 01 June 2004 10:34 To: debian-isp@lists.debian.org Subject: Re: Exim 4.20 + Mailman Has anyone set up Exim 4.20 and mailman successfully and if so do you mind if I take a look at your exim.conf? I've done this before with Exim 3 but am struggling to find working examples for exim4. Why do you need to mess with the exim config? Just add the lines that the newlist command gives you into your /etc/aliases something like: ## dmfs-discuss mailing list dmfs-discuss: |/var/lib/mailman/mail/mailman post dmfs-discuss dmfs-discuss-admin: |/var/lib/mailman/mail/mailman admin dmfs-discuss dmfs-discuss-bounces: |/var/lib/mailman/mail/mailman bounces dmfs-discuss dmfs-discuss-confirm: |/var/lib/mailman/mail/mailman confirm dmfs-discuss dmfs-discuss-join: |/var/lib/mailman/mail/mailman join dmfs-discuss dmfs-discuss-leave: |/var/lib/mailman/mail/mailman leave dmfs-discuss dmfs-discuss-owner: |/var/lib/mailman/mail/mailman owner dmfs-discuss dmfs-discuss-request: |/var/lib/mailman/mail/mailman request dmfs-discuss dmfs-discuss-subscribe: |/var/lib/mailman/mail/mailman subscribe dmfs-discuss dmfs-discuss-unsubscribe: |/var/lib/mailman/mail/mailman unsubscribe dmfs-discuss
Exim 4.20 + Mailman
Hi Has anyone set up Exim 4.20 and mailman successfully and if so do you mind if I take a look at your exim.conf? I've done this before with Exim 3 but am struggling to find working examples for exim4. Thanks Dave
Re: Exim 4.20 + Mailman
On Tue, Jun 01, 2004 at 10:25:03AM +0200, David Ross wrote:
Hi
Has anyone set up Exim 4.20 and mailman successfully and if so do you
mind if I take a look at your exim.conf? I've done this before with Exim
3 but am struggling to find working examples for exim4.
Hi
I followed the howto on the exim website:
http://www.exim.org/howto/mailman21.html
As I am using the split config with exim4 I created a transport called
091_mailman_transport:
mailman_transport:
driver = pipe
command = /var/lib/mailman/mail/mailman \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = /var/lib/mailman
home_directory = /var/lib/mailman
user = list
group = list
and a router called 091_mailman_router:
mailman_router:
driver = accept
domains = example.com
require_files = /var/lib/mailman/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : \
-confirm+* : -join : -leave : \
-owner : -request : -admin : \
-subscribe : -unsubscribe
transport = mailman_transport
those numbers worked for me ensuring they were used before any alias
files.
Doing it that way means that you don't have to add aliases for each new
list as it checks the lists directory to see if there is a list called
whatever there.
Kenny
signature.asc
Description: Digital signature
Question about Exim
Greetings everyone, I set up an Exim mail filter file containing the following: # Exim filter if $h_X-Amavis-Hold contains then freeze endif Is there a better condition that will test just for the existence of the header? I have tried def: without any luck. If anyone knows how, that would be great, otherwise I'll still with what I have. PS. I am subscribed to neither of these list, please CC me in replies. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Question about Exim
Greetings everyone, I set up an Exim mail filter file containing the following: # Exim filter if $h_X-Amavis-Hold contains then freeze endif Is there a better condition that will test just for the existence of the header? I have tried def: without any luck. If anyone knows how, that would be great, otherwise I'll still with what I have. PS. I am subscribed to neither of these list, please CC me in replies. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Courier + MySQL (was exim+mysql)
Still working on the virtual domains using MySQL. Found an excellent article at http://www.tty1.net/virtual_domains_en.html if anyone is interested. My problem is with Courier. I installed the courier-authmysql package, followed the info in :/usr/share/doc/courier-authmysql, then threw it all away and followed the info at the above site, and am still getting invalid authentication. I have tailed my /var/log/mysql/mysql.log and see no activity. I am assuming it is because Courier is not talking to the server. Also looked at the mysql.err file and see nothing there, nor in auth, daemon, message or syslog indicating courier is actually trying to talk to mysql. Any suggestions? I have attached the configurations if anyone has the time to look at them. Thanks, Rod authdaemonrc Description: Binary data authmodulelist Description: Binary data authmysqlrc Description: Binary data
Courier + MySQL (was exim+mysql)
Still working on the virtual domains using MySQL. Found an excellent article at http://www.tty1.net/virtual_domains_en.html if anyone is interested. My problem is with Courier. I installed the courier-authmysql package, followed the info in :/usr/share/doc/courier-authmysql, then threw it all away and followed the info at the above site, and am still getting invalid authentication. I have tailed my /var/log/mysql/mysql.log and see no activity. I am assuming it is because Courier is not talking to the server. Also looked at the mysql.err file and see nothing there, nor in auth, daemon, message or syslog indicating courier is actually trying to talk to mysql. Any suggestions? I have attached the configurations if anyone has the time to look at them. Thanks, Rod authdaemonrc Description: Binary data authmodulelist Description: Binary data authmysqlrc Description: Binary data
Exim + MySQL
Does anyone know if MySQL is built into the debian release of Exim? I put the following line in my configuration file and get an unknown command error. I think I did this correctly. hide mysql_servers = localhost/email/email/email Rod
Re: Catchall for Exim 3.35
This one time, at band camp, Adam Dawes said: Hi all, I'm doing some spam research and need to configure my exim so that it accepts all incoming mail and shunts those with invalid addresses into a catchall address. Basically, I want to mimick how Exchange servers accept everything. I believe the following will do it for Exim 4, but when I try it with my 3.35 installation, it chokes on all incoming messages. I was hoping someone might have a snippet that I could use in my exim.conf that would do the trick. catchall: driver = smartuser new_address: [EMAIL PROTECTED] thanks, Adam Change the lsearch to an lsearch* for the /etc/aliases lookup, and do this in /etc/aliases: *: [EMAIL PROTECTED] I think that will work (can't remember if lsearch* is in exim3 or not, though) -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpPZD3lj2igz.pgp Description: PGP signature
Catchall for Exim 3.35
Hi all, I'm doing some spam research and need to configure my exim so that it accepts all incoming mail and shunts those with invalid addresses into a catchall address. Basically, I want to mimick how Exchange servers accept everything. I believe the following will do it for Exim 4, but when I try it with my 3.35 installation, it chokes on all incoming messages. I was hoping someone might have a snippet that I could use in my exim.conf that would do the trick. catchall: driver = smartuser new_address: [EMAIL PROTECTED] thanks, Adam
Re: Exim AUTH with PAM - pls. HELP
Maarten Vink / Interstroom [EMAIL PROTECTED] wrote: Johannes Formann wrote: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. IIRC, you need to run Exim as root to enable PAM functionality. With pam_exim you don't :-) regards Johannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim AUTH with PAM - pls. HELP
On Wed, Apr 14, 2004 at 11:35:21PM +0200, Johannes Formann wrote: MINTA GHEORGHE ADRIAN [EMAIL PROTECTED] wrote: I try to setup an exim mail server with PAM auth. against system passwords. Unfortunately the authentification doesn't work: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. Ooooh, neat. Doesn't appear to be in Debian and is a bit of a PITA to build, but certainly an interesting starting point. J. -- jid: [EMAIL PROTECTED] noodles is fat -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim AUTH with PAM - pls. HELP
Johannes Formann wrote: Franz Georg Köhler [EMAIL PROTECTED] wrote: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. IIRC, you need to run Exim as root to enable PAM functionality. Regards, Maarten
Re: Exim AUTH with PAM - pls. HELP
Maarten Vink / Interstroom [EMAIL PROTECTED] wrote: Johannes Formann wrote: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. IIRC, you need to run Exim as root to enable PAM functionality. With pam_exim you don't :-) regards Johannes
Re: Exim AUTH with PAM - pls. HELP
On Wed, Apr 14, 2004 at 11:35:21PM +0200, Johannes Formann wrote: MINTA GHEORGHE ADRIAN [EMAIL PROTECTED] wrote: I try to setup an exim mail server with PAM auth. against system passwords. Unfortunately the authentification doesn't work: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. Ooooh, neat. Doesn't appear to be in Debian and is a bit of a PITA to build, but certainly an interesting starting point. J. -- jid: [EMAIL PROTECTED] noodles is fat
Exim AUTH with PAM - pls. HELP
I try to setup an exim mail server with PAM auth. against system passwords.
Unfortunately the authentification doesn't work:
/var/log/exim/mail.log:
localhost PAM_unix[2271]: authentication failure; (uid=8) - gygy for exim service
Because the exim version in woody is very old is not suported anymore by the exim
peoples, so I don't dare to ask this on exim mail lists. Could someone give me a hint
what to do: install postfix (also old) or change something in my config files ?
Any hins ?
-
/etc/exim.conf :
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if pam{$2:$3}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if pam{$1:$2}{1}{0}}
server_set_id = $1
end
--
/etc/pam.d/exim :
#%PAM-1.0
auth required pam_unix_auth.so
account required pam_unix_acct.so
password required pam_unix_passwd.so
session required pam_unix_session.so
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Exim AUTH with PAM - pls. HELP
I try to setup an exim mail server with PAM auth. against system passwords.
Unfortunately the authentification doesn't work:
/var/log/exim/mail.log:
localhost PAM_unix[2271]: authentication failure; (uid=8) - gygy for exim
service
Because the exim version in woody is very old is not suported anymore by the
exim peoples, so I don't dare to ask this on exim mail lists. Could someone
give me a hint what to do: install postfix (also old) or change something in my
config files ?
Any hins ?
-
/etc/exim.conf :
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if pam{$2:$3}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if pam{$1:$2}{1}{0}}
server_set_id = $1
end
--
/etc/pam.d/exim :
#%PAM-1.0
auth required pam_unix_auth.so
account required pam_unix_acct.so
password required pam_unix_passwd.so
session required pam_unix_session.so
Re: Exim AUTH with PAM - pls. HELP
MINTA GHEORGHE ADRIAN [EMAIL PROTECTED] wrote: I try to setup an exim mail server with PAM auth. against system passwords. Unfortunately the authentification doesn't work: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. regards Johannes
Re: Exim AUTH with PAM - pls. HELP
On Mi, Apr 14, 2004 at 11:35:21 +0200, Johannes Formann [EMAIL PROTECTED] wrote: MINTA GHEORGHE ADRIAN [EMAIL PROTECTED] wrote: I try to setup an exim mail server with PAM auth. against system passwords. Unfortunately the authentification doesn't work: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. He's already using PAM authentification...
Re: Exim AUTH with PAM - pls. HELP
Franz Georg Köhler [EMAIL PROTECTED] wrote: I bett exim can't read /etc/shadow, make it readable to exim, oder compile and install pam_exim. He's already using PAM authentification... Not pam_exim, which makes a difference. regards Johannes
Techniques for outbound spam filtering with Exim?
I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. Thanks for any pointers, Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Techniques for outbound spam filtering with Exim?
* Jeremy Zawodny schrieb am 09.02.04 um 18:05 Uhr: I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. IIRC you can find useful examples under /usr/share/doc/exim somewhere -Marc -- * (morganj): 0 is false and 1 is true, correct? * * (alec_eso): 1, morganj * * (morganj): bastard.* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Techniques for outbound spam filtering with Exim?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El 09/02/2004, a las 18:05, Jeremy Zawodny escribió: I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. Thanks for any pointers, http://bulma.net/body.phtml?nIdNoticia=1973 - --- Windows eats resources like a Virus... Windows make trouble like a Virus... Windows wil crash your systewm like a Virus... But Windows will never be a Virus... Becaue Viruses are small, very fast and, - they are coded be genius people. - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAJ8YZYstIA40wmvsRAjGoAJ9YvI/xaIjCismSI8UX5keg4ydzdACfUicW jmiOavfonK2gpW/z/zomBKo= =GHLz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Techniques for outbound spam filtering with Exim?
I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. Thanks for any pointers, Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/
Re: Techniques for outbound spam filtering with Exim?
* Jeremy Zawodny schrieb am 09.02.04 um 18:05 Uhr: I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. IIRC you can find useful examples under /usr/share/doc/exim somewhere -Marc -- * (morganj): 0 is false and 1 is true, correct? * * (alec_eso): 1, morganj * * (morganj): bastard.*
Re: Techniques for outbound spam filtering with Exim?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El 09/02/2004, a las 18:05, Jeremy Zawodny escribió: I'm looking to setup outbound spam filtering via Exim (preferably with SpamAssassin). What sorts of techniques are folks using to do this? We're currently running Exim 3.xx but upgrading isn't a big deal if necessary. We already have spamc/spamd handling inbound mail via procmail. But I'm tempted to implement scanning during the SMTP transaction for outbound mail if possible. Our outbound volume isn't really that high. Thanks for any pointers, http://bulma.net/body.phtml?nIdNoticia=1973 - --- Windows eats resources like a Virus... Windows make trouble like a Virus... Windows wil crash your systewm like a Virus... But Windows will never be a Virus... Becaue Viruses are small, very fast and, - they are coded be genius people. - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAJ8YZYstIA40wmvsRAjGoAJ9YvI/xaIjCismSI8UX5keg4ydzdACfUicW jmiOavfonK2gpW/z/zomBKo= =GHLz -END PGP SIGNATURE-
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joey Hess said the following on 29/01/04 21:48: Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with frozen messages. Every other MTA I have ever used has not even had such a concept. I do agree that the default handling of frozen messages is not good. I guess the premise is let's not throw anything away unless we're told to. I dunno how exim4 handles this - still on woody and not yet played with it - but maybe a debconf question at setup could change this default behaviour. Or just change the default config in the deb anyway. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: - Original Message - From: [EMAIL PROTECTED] To: Craig Sanders [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 12:54 AM Subject: Re: Why doesn't Exim ever clean out /var/spool/exim/input? On Thu, Jan 29, 2004 at 10:36:29AM +1100, Craig Sanders wrote: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. I'm curious why you say that. I have exim on 3 smtp gateway machines servicing 11G+ email/day, hundreds of thousands of actual messages, doing LDAP lookups for routing, and MailScanner/f-prot running on all the boxes. Seriously, I'm not looking for a fight, just info. When I did performance tests on all the MTAs a few years back, exim beat the crap out of everything. Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. Qmail came in 3rd in the tests. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 726 http://www.buoy.comMoriches, NY 11955 [EMAIL PROTECTED]/[EMAIL PROTECTED] (631)399-2910 (888) 924-3728 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Stopping Exim from sending Message frozen messages...
Okay since I had a 3-year-old Exim configuration file, I decided to take a brand-new one and then use diff to find what I needed to move over. Hopefully now, it is rejecting bad recipients at SMTP time. However, it's also sending me Message frozen messages every time it freezes something. Does anybody know, off hand, how to turn this off? - Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Stopping Exim from sending Message frozen messages...
On Fri, Jan 30, 2004 at 01:14:43PM -0800, Joe Emenaker wrote: Okay since I had a 3-year-old Exim configuration file, I decided to take a brand-new one and then use diff to find what I needed to move over. Hopefully now, it is rejecting bad recipients at SMTP time. However, it's also sending me Message frozen messages every time it freezes something. Does anybody know, off hand, how to turn this off? freeze_tell_mailmaster I guess it would be comparably quick to go to www.exim.org and find that in Exim's excellent docs, than to type in your e-mail. Wanted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 03:35:33PM -0500, [EMAIL PROTECTED] wrote: I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. that must be specific to your particular hardware and/or usage, because it's contrary to every other postfix vs exim benchmark i've ever heard of. e.g. Matthias Andree did a comprehensive benchmark comparison of postfix, qmail, and exim, and sendmailand a followup comparison about a year later. it seems to have vanished off the web at the moment, but is still available by google cachei've saved a copy of both benchmark pages at http://siva.taz.net.au/~cas/matthias/ (vsqmail.html is the first, bench2.html is the second). he tested the MTAs in various configurations, and postfix came out ahead in all of them - in one case, with postfix getting four times the throughput of exim (16.1 msgs/second vs 3.8). significantly, the only way that either exim or qmail could come close to postfix's speed was to enable the softupdates option of the freebsd filesystem, which risks losing mail if there is a crash or power-outage. postfix doesn't have that risk because it ensures that all mail is synced to disk before sending a 250 OK. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Sat, Jan 31, 2004 at 09:43:39AM +1100, Craig Sanders wrote: On Fri, Jan 30, 2004 at 03:35:33PM -0500, [EMAIL PROTECTED] wrote: I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. that must be specific to your particular hardware and/or usage, because it's contrary to every other postfix vs exim benchmark i've ever heard of. What we did was mail 500k messages of various type, short, long, with attachments, without, etc. and measured the time it took to do final delivery of all the mail. We used the exact same hardware for all tests. I tried to simulate what was 'real world' for us. e.g. Matthias Andree did a comprehensive benchmark comparison of postfix, qmail, and exim, and sendmailand a followup comparison about a year later. it seems to have vanished off the web at the moment, but is still available by google cachei've saved a copy of both benchmark pages at http://siva.taz.net.au/~cas/matthias/ (vsqmail.html is the first, bench2.html is the second). he tested the MTAs in various configurations, and postfix came out ahead in all of them - in one case, with postfix getting four times the throughput of exim (16.1 msgs/second vs 3.8). Right now, I have a machine that is delivering 15 msgs/second, and it's not even a dedicated machine. I guess that says a lot about benchmarks. :) significantly, the only way that either exim or qmail could come close to postfix's speed was to enable the softupdates option of the freebsd filesystem, which risks losing mail if there is a crash or power-outage. postfix doesn't have that risk because it ensures that all mail is synced to disk before sending a 250 OK. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. For our mailman server, all mail goes to our zmailer (dedicated) machine, and BOY does that mail just fly outa there! The first time we tried this, I thought something was wrong, since the queue was empty before we had a chance to look! :) Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 726 http://www.buoy.comMoriches, NY 11955 [EMAIL PROTECTED]/[EMAIL PROTECTED] (631)399-2910 (888) 924-3728 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 08:38:36PM -0500, [EMAIL PROTECTED] wrote: However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. For our mailman server, all mail goes to our zmailer (dedicated) machine, and BOY does that mail just fly outa there! The first time we tried this, I thought something was wrong, since the queue was empty before we had a chance to look! :) i've had similar experiences after switching large lists from sendmail to postfix. if you have the inclination to experiment with a working setup :-), try building a postfix box and configuring mailman to relay through it. my bet is you would be pleasantly surprised at just how well postfix compares to zmailer for that task. my guess is that, given comparable hardware, there'd be no significant speed advantage to zmailer over postfix...and postfix IS a general purpose MTA as well as being fast. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim: Different mail retry times depending upon response from remote host...
On Fri, 30 Jan 2004 05:58, Joe Emenaker [EMAIL PROTECTED] wrote: Because, like you mentioned later in your message, not all mailers give proper responses. For example, I've see a lot of 5xx codes where the verbal explanation is that the user is over quota. 5xx is the correct thing to do when the quota is exceeded. Some ISPs I know of have customers who remain over quota for YEARS! If the customer keeps paying their bills then the ISP administrators can not delete the messages that cause the quota to be exceeded or remove the account. As there is little chance of the situation changing the only thing to do is to send a 5xx. If you have an over-quota situation that is likely to be fixed in a short period of time then you probably have a bigger problem. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joey Hess said the following on 29/01/04 21:48: Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with frozen messages. Every other MTA I have ever used has not even had such a concept. I do agree that the default handling of frozen messages is not good. I guess the premise is let's not throw anything away unless we're told to. I dunno how exim4 handles this - still on woody and not yet played with it - but maybe a debconf question at setup could change this default behaviour. Or just change the default config in the deb anyway. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: - Original Message - From: [EMAIL PROTECTED] To: Craig Sanders [EMAIL PROTECTED] Cc: debian-isp@lists.debian.org Sent: Thursday, January 29, 2004 12:54 AM Subject: Re: Why doesn't Exim ever clean out /var/spool/exim/input? On Thu, Jan 29, 2004 at 10:36:29AM +1100, Craig Sanders wrote: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. I'm curious why you say that. I have exim on 3 smtp gateway machines servicing 11G+ email/day, hundreds of thousands of actual messages, doing LDAP lookups for routing, and MailScanner/f-prot running on all the boxes. Seriously, I'm not looking for a fight, just info. When I did performance tests on all the MTAs a few years back, exim beat the crap out of everything. Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. Qmail came in 3rd in the tests. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 726 http://www.buoy.comMoriches, NY 11955 [EMAIL PROTECTED]/[EMAIL PROTECTED] (631)399-2910 (888) 924-3728
Stopping Exim from sending Message frozen messages...
Okay since I had a 3-year-old Exim configuration file, I decided to take a brand-new one and then use diff to find what I needed to move over. Hopefully now, it is rejecting bad recipients at SMTP time. However, it's also sending me Message frozen messages every time it freezes something. Does anybody know, off hand, how to turn this off? - Joe
Re: Stopping Exim from sending Message frozen messages...
On Fri, Jan 30, 2004 at 01:14:43PM -0800, Joe Emenaker wrote: Okay since I had a 3-year-old Exim configuration file, I decided to take a brand-new one and then use diff to find what I needed to move over. Hopefully now, it is rejecting bad recipients at SMTP time. However, it's also sending me Message frozen messages every time it freezes something. Does anybody know, off hand, how to turn this off? freeze_tell_mailmaster I guess it would be comparably quick to go to www.exim.org and find that in Exim's excellent docs, than to type in your e-mail. Wanted
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 03:35:33PM -0500, [EMAIL PROTECTED] wrote: I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. that must be specific to your particular hardware and/or usage, because it's contrary to every other postfix vs exim benchmark i've ever heard of. e.g. Matthias Andree did a comprehensive benchmark comparison of postfix, qmail, and exim, and sendmailand a followup comparison about a year later. it seems to have vanished off the web at the moment, but is still available by google cachei've saved a copy of both benchmark pages at http://siva.taz.net.au/~cas/matthias/ (vsqmail.html is the first, bench2.html is the second). he tested the MTAs in various configurations, and postfix came out ahead in all of them - in one case, with postfix getting four times the throughput of exim (16.1 msgs/second vs 3.8). significantly, the only way that either exim or qmail could come close to postfix's speed was to enable the softupdates option of the freebsd filesystem, which risks losing mail if there is a crash or power-outage. postfix doesn't have that risk because it ensures that all mail is synced to disk before sending a 250 OK. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Sat, Jan 31, 2004 at 09:43:39AM +1100, Craig Sanders wrote: On Fri, Jan 30, 2004 at 03:35:33PM -0500, [EMAIL PROTECTED] wrote: I don't have the results after all this time. Exim beat postfix in raw speed of moving mail in and/or out by over 15%. that must be specific to your particular hardware and/or usage, because it's contrary to every other postfix vs exim benchmark i've ever heard of. What we did was mail 500k messages of various type, short, long, with attachments, without, etc. and measured the time it took to do final delivery of all the mail. We used the exact same hardware for all tests. I tried to simulate what was 'real world' for us. e.g. Matthias Andree did a comprehensive benchmark comparison of postfix, qmail, and exim, and sendmailand a followup comparison about a year later. it seems to have vanished off the web at the moment, but is still available by google cachei've saved a copy of both benchmark pages at http://siva.taz.net.au/~cas/matthias/ (vsqmail.html is the first, bench2.html is the second). he tested the MTAs in various configurations, and postfix came out ahead in all of them - in one case, with postfix getting four times the throughput of exim (16.1 msgs/second vs 3.8). Right now, I have a machine that is delivering 15 msgs/second, and it's not even a dedicated machine. I guess that says a lot about benchmarks. :) significantly, the only way that either exim or qmail could come close to postfix's speed was to enable the softupdates option of the freebsd filesystem, which risks losing mail if there is a crash or power-outage. postfix doesn't have that risk because it ensures that all mail is synced to disk before sending a 250 OK. However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. For our mailman server, all mail goes to our zmailer (dedicated) machine, and BOY does that mail just fly outa there! The first time we tried this, I thought something was wrong, since the queue was empty before we had a chance to look! :) Tim -- Tim Sailer (at home) Coastal Internet, Inc. Network and Systems Operations PO Box 726 http://www.buoy.comMoriches, NY 11955 [EMAIL PROTECTED]/[EMAIL PROTECTED] (631)399-2910 (888) 924-3728
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 08:38:36PM -0500, [EMAIL PROTECTED] wrote: However, if you want the most blazingly fast mailer, use zmailer. It's just not a general purpose MTA true. For our mailman server, all mail goes to our zmailer (dedicated) machine, and BOY does that mail just fly outa there! The first time we tried this, I thought something was wrong, since the queue was empty before we had a chance to look! :) i've had similar experiences after switching large lists from sendmail to postfix. if you have the inclination to experiment with a working setup :-), try building a postfix box and configuring mailman to relay through it. my bet is you would be pleasantly surprised at just how well postfix compares to zmailer for that task. my guess is that, given comparable hardware, there'd be no significant speed advantage to zmailer over postfix...and postfix IS a general purpose MTA as well as being fast. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joe Emenaker wrote: Yeah... well... I've already moved every other machine I deal with over to Courier. I like it because it's one-stop-shopping for all of my mail needs (ie, smtp, pop, and imap modules as well as an ssl version of each), because it supports authenticated smtp (which I understand Exim4 does now but too late for me), and also because it has a variety of authentication methods. FWIW, Exim 3 supports authentication as well... We're using: Exim version 3.35 #1 built 05-Sep-2003 13:52:12 Copyright (c) University of Cambridge 2001 If anyone needs help setting this up please let me know. Maarten Vink -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. the original poster's system was an example. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS MS SQL servers too...doesn't make that a good idea, either. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 29/01/04 11:31: On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. That's not a proven fact here - it's a conclusion. Where's the data to back it up? I'm not arguing that exim is the most efficient MTA out there. It's probably not. It's no dog either though. the original poster's system was an example. That's not proof that the system doesn't scale. It's simply a configuration issue. allanon:/var/spool/exim/input# du -sh 2.3M. allanon:/var/spool/exim/input# ls -1 |wc -l 407 The original poster is simply not keeping his queue clean of frozen messages. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS MS SQL servers too...doesn't make that a good idea, either. True. And irrelevant. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
- Original Message - From: [EMAIL PROTECTED] To: Craig Sanders [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 12:54 AM Subject: Re: Why doesn't Exim ever clean out /var/spool/exim/input? On Thu, Jan 29, 2004 at 10:36:29AM +1100, Craig Sanders wrote: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. I'm curious why you say that. I have exim on 3 smtp gateway machines servicing 11G+ email/day, hundreds of thousands of actual messages, doing LDAP lookups for routing, and MailScanner/f-prot running on all the boxes. Seriously, I'm not looking for a fight, just info. When I did performance tests on all the MTAs a few years back, exim beat the crap out of everything. Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... Regards, Thomas GOIRAND web perso: http://thomas.goirand.fr Get a hosting account: http://gplhost.com GPL.Host: Open source hosting worldwide -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim: Different mail retry times depending upon response from remote host...
Craig Sanders wrote: On Wed, Jan 28, 2004 at 07:23:50PM -0800, Joe Emenaker wrote: Unfortunately, I haven't seen anything in Exim that lets you customize it's retry behavior based upon this. It does offer an error field in the retry section, but it's only for some silly hard-coded failure types. why should there be? All 5xx codes are permanent failures. the MTA should bounce back to sender immediately. All 4xx codes are temporary failures. the MTA should (optionally) retry later, but eventually bounce back to sender if not delivered in X hours/days. Because, like you mentioned later in your message, not all mailers give proper responses. For example, I've see a lot of 5xx codes where the verbal explanation is that the user is over quota. But the *real* problem, I guess, is that I'm seeing so many 5xx's in /var/spool/exim/msglog at *all*. If the sender address is bogus, the bounce notification just hangs around forever, it seems. I'd like to be able to give bounce notifications avout 4 hours to be delivered and then, buh'bye. So, I wrote a little script that goes through all of the msglog files and finds good candidates to toss (ie, No such user, Account Terminated, etc.). With just a day's worth of tweaking the script, I've managed to get the pending queue down to about 1/3 of what it was. these sound like 5xx errors, rather than 4xx. exim should be bouncing these, if the remote systems are issuing the correct error codes.if they aren't, there's little you can do about it. Except write a script, I guess. :) one possibility is that there is some error in your configuration which is making permanent errors be treated as temporary (4xx) errors, Well, I haven't tweaked our config too much... BUT it's the config file from when we switched to Exim about 4 years ago, and I haven't allowed Debian to overwrite it with a new one (lest we lose our mods to the config file). So, it might be time to get a new config file and move our changes over by hand. But... if we're going through that much trouble geez... I'd just switch to Courier. - Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with frozen messages. Every other MTA I have ever used has not even had such a concept. For once, I agree with Craig on something email related. -- see shy jo signature.asc Description: Digital signature
Re: Exim: Different mail retry times depending upon response from remote host...
On Thu, Jan 29, 2004 at 10:58:19AM -0800, Joe Emenaker wrote: why should there be? [...] Because, like you mentioned later in your message, not all mailers give proper responses. For example, I've see a lot of 5xx codes where the verbal explanation is that the user is over quota. well, that's normal (at least, it is not wrong to do that). what to do in an excess-quota situation is a local policy decision. some sites choose 5xx, some choose 4xx. But the *real* problem, I guess, is that I'm seeing so many 5xx's in /var/spool/exim/msglog at *all*. you shouldn't be seeing *ANY* 5xxs in the spool at all. 5xx specifically means DO NOT TRY AGAIN. exim should not ever retry delivery on permanent-failure codes (unless there is some debugging option like postfix's soft_bounce in effect). If the sender address is bogus, the bounce notification just hangs around forever, it seems. I'd like to be able to give bounce notifications avout 4 hours to be delivered and then, buh'bye. ah, ok. that's a different problem entirely. that's not retrying a 5xx, that's inability to deliver a bounce. you need to configure exim to REJECT mail sent to non-existent addresses (or which fail your anti-spam/anti-virus etc rules) immediately, rather than accept-and-bounce. that way it is the sending MTA's responsibility to deal with the problem, rather than yours. e.g. if a message comes in for [EMAIL PROTECTED], don't accept it then find out that the user doesn't exist, and then bounce it. it is far better to just reject it during the smtp session with a 550 No such user response. that way, the bounce is not your responsibility. The sending MTA is responsible for dealing with errors. if the sending MTA is a virus, then it probably does nothing - AFAIK, no viruses have bounce-handling codebut it really doesn't matter what the sending MTA is or what it does, the key point is that it is *NOT YOUR PROBLEM*, you have not accepted the mail and have not accepted responsibility for delivering-or-bouncing it. if you can't reject during the smtp session, then your best option is to tag-and-deliver (best for spam) or just discard (best for viruses). IIRC, exim *can* do any or all of these things, depending on how you configure it. probably some exim expert here can tell you how to do it. btw, AFAIK, exim doesn't have any option to specify a different retry period for bounce-messages. that would be a useful feature for dealing with spam and viruses that get through the filters. on my own systems, i have inbound MX boxes and outbound mail relays. the inbound MXs do all the spam virus filtering, and forward the mail to the POP/IMAP box. they have a retry period of 1 day. it is set so low to avoid the queue getting clogged with undeliverable spam bounces (stuff which makes it through my access maps, but gets caught by amavisd-new/spamassassin/clamav). the outbound relays are for users to send their mail, and they have a retry period of 5 days. these sound like 5xx errors, rather than 4xx. exim should be bouncing these, if the remote systems are issuing the correct error codes.if they aren't, there's little you can do about it. Except write a script, I guess. :) you're better off not letting these bounce messages get into the queue in the first place (i.e. prevention is better than cure). you don't want them, they just slow down your machinereject unwanted mail with 5xx during the SMTP session wherever possible. one possibility is that there is some error in your configuration which is making permanent errors be treated as temporary (4xx) errors, Well, I haven't tweaked our config too much... BUT it's the config file from when we switched to Exim about 4 years ago, and I haven't allowed Debian to overwrite it with a new one (lest we lose our mods to the config file). So, it might be time to get a new config file and move our changes over by hand. But... if we're going through that much trouble geez... I'd just switch to Courier. why switch to courier-mta when you can switch to postfix? :-) courier's other tools (maildrop, pop, sqwebmail, etc) work fine with postfix as the MTA. courier makes a very nice delivery system for real virtual users. postfix makes a very nice MTA (better than anything else, including courier-mta). the combination works extremely well. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... no, postfix beats it. qmail WAS the fastest several years ago. then postfix arrived. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Wed, Jan 28, 2004 at 06:47:16PM -0500, Dale E Martin wrote: exim doesn't scale. if you want performance, switch to postfix. Is there good documentation available for postfix? Last time I looked I could not find anything close to the quality of exim's. I'd be happy if that has changed though! http://www.postfix.org/ there are also many howtos and contributed docs linked to from the main site, written by users developers to highlight or explain particular features, and to answer FAQs. i find postfix's documentation easier to read and use than exim's docs. other people find exim's docs to be easier. YMMV. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 10:35:57AM +1100, Craig Sanders wrote: On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... no, postfix beats it. qmail WAS the fastest several years ago. then postfix arrived. I use qmail, and the other big problem with it is, AFAIK, that it accepts a message before checking if it has to be bounced. With forged return email addresses one get a lot of bounced bounces. Very annoying. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim: Different mail retry times depending upon response from remote host...
On Fri, 30 Jan 2004 05:58, Joe Emenaker [EMAIL PROTECTED] wrote: Because, like you mentioned later in your message, not all mailers give proper responses. For example, I've see a lot of 5xx codes where the verbal explanation is that the user is over quota. 5xx is the correct thing to do when the quota is exceeded. Some ISPs I know of have customers who remain over quota for YEARS! If the customer keeps paying their bills then the ISP administrators can not delete the messages that cause the quota to be exceeded or remove the account. As there is little chance of the situation changing the only thing to do is to send a 5xx. If you have an over-quota situation that is likely to be fixed in a short period of time then you probably have a bigger problem. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joe Emenaker wrote: Yeah... well... I've already moved every other machine I deal with over to Courier. I like it because it's one-stop-shopping for all of my mail needs (ie, smtp, pop, and imap modules as well as an ssl version of each), because it supports authenticated smtp (which I understand Exim4 does now but too late for me), and also because it has a variety of authentication methods. FWIW, Exim 3 supports authentication as well... We're using: Exim version 3.35 #1 built 05-Sep-2003 13:52:12 Copyright (c) University of Cambridge 2001 If anyone needs help setting this up please let me know. Maarten Vink
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Exim: Different mail retry times depending upon response from remote host...
On Wed, Jan 28, 2004 at 07:23:50PM -0800, Joe Emenaker wrote: You don't have to be a rocket scientist to realize that the following remote mailer messages give varying degrees of optimism regarding future delivery: 550 Requested action not taken: mailbox unavailable 452 Mailbox full 452 Insufficient disk space; try again later 421 Too many concurrent SMTP connections; please try again later. With the first, you're pretty sure that the problem is *not* going to be corrected in the next few days. Meanwhile, the others give you some hope in waiting. Unfortunately, I haven't seen anything in Exim that lets you customize it's retry behavior based upon this. It does offer an error field in the retry section, but it's only for some silly hard-coded failure types. why should there be? All 5xx codes are permanent failures. the MTA should bounce back to sender immediately. All 4xx codes are temporary failures. the MTA should (optionally) retry later, but eventually bounce back to sender if not delivered in X hours/days. So, I wrote a little script that goes through all of the msglog files and finds good candidates to toss (ie, No such user, Account Terminated, etc.). With just a day's worth of tweaking the script, I've managed to get the pending queue down to about 1/3 of what it was. these sound like 5xx errors, rather than 4xx. exim should be bouncing these, if the remote systems are issuing the correct error codes.if they aren't, there's little you can do about it. one possibility is that there is some error in your configuration which is making permanent errors be treated as temporary (4xx) errors, similar to postfix's soft_bounce feature...a useful feature while testing and debugging, but not what you want for normal use. i don't know what this option is called in exim (it's been a few years since i did much with it). But I figured I'd ask... does anybody already have a script for doing this (or maybe a better way altogether, since this script has to be explicitly run periodically)? it shouldn't be necessary. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. the original poster's system was an example. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS MS SQL servers too...doesn't make that a good idea, either. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Craig Sanders said the following on 29/01/04 11:31: On Thu, Jan 29, 2004 at 10:03:35AM +, Ronny Adsetts wrote: Craig Sanders said the following on 28/01/04 23:36: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. On what do you base this conlusion? the fact that it doesn't scale. That's not a proven fact here - it's a conclusion. Where's the data to back it up? I'm not arguing that exim is the most efficient MTA out there. It's probably not. It's no dog either though. the original poster's system was an example. That's not proof that the system doesn't scale. It's simply a configuration issue. allanon:/var/spool/exim/input# du -sh 2.3M. allanon:/var/spool/exim/input# ls -1 |wc -l 407 The original poster is simply not keeping his queue clean of frozen messages. Several large ISP's in the UK use exim that I know of which seems to indicate otherwise. several large ISPs around the world use IIS MS SQL servers too...doesn't make that a good idea, either. True. And irrelevant. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
- Original Message - From: [EMAIL PROTECTED] To: Craig Sanders [EMAIL PROTECTED] Cc: debian-isp@lists.debian.org Sent: Thursday, January 29, 2004 12:54 AM Subject: Re: Why doesn't Exim ever clean out /var/spool/exim/input? On Thu, Jan 29, 2004 at 10:36:29AM +1100, Craig Sanders wrote: i can't answer your question, but here's some relevant advice for you: exim doesn't scale. if you want performance, switch to postfix. I'm curious why you say that. I have exim on 3 smtp gateway machines servicing 11G+ email/day, hundreds of thousands of actual messages, doing LDAP lookups for routing, and MailScanner/f-prot running on all the boxes. Seriously, I'm not looking for a fight, just info. When I did performance tests on all the MTAs a few years back, exim beat the crap out of everything. Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... Regards, Thomas GOIRAND web perso: http://thomas.goirand.fr Get a hosting account: http://gplhost.com GPL.Host: Open source hosting worldwide
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Ronny Adsetts wrote: The original poster is simply not keeping his queue clean of frozen messages. Shouldn't that be the MTA's job? I never understood why exim has such brain-dead defaults as requring an admin to manually deal with frozen messages. Every other MTA I have ever used has not even had such a concept. For once, I agree with Craig on something email related. -- see shy jo signature.asc Description: Digital signature
Re: Exim: Different mail retry times depending upon response from remote host...
On Thu, Jan 29, 2004 at 10:58:19AM -0800, Joe Emenaker wrote: why should there be? [...] Because, like you mentioned later in your message, not all mailers give proper responses. For example, I've see a lot of 5xx codes where the verbal explanation is that the user is over quota. well, that's normal (at least, it is not wrong to do that). what to do in an excess-quota situation is a local policy decision. some sites choose 5xx, some choose 4xx. But the *real* problem, I guess, is that I'm seeing so many 5xx's in /var/spool/exim/msglog at *all*. you shouldn't be seeing *ANY* 5xxs in the spool at all. 5xx specifically means DO NOT TRY AGAIN. exim should not ever retry delivery on permanent-failure codes (unless there is some debugging option like postfix's soft_bounce in effect). If the sender address is bogus, the bounce notification just hangs around forever, it seems. I'd like to be able to give bounce notifications avout 4 hours to be delivered and then, buh'bye. ah, ok. that's a different problem entirely. that's not retrying a 5xx, that's inability to deliver a bounce. you need to configure exim to REJECT mail sent to non-existent addresses (or which fail your anti-spam/anti-virus etc rules) immediately, rather than accept-and-bounce. that way it is the sending MTA's responsibility to deal with the problem, rather than yours. e.g. if a message comes in for [EMAIL PROTECTED], don't accept it then find out that the user doesn't exist, and then bounce it. it is far better to just reject it during the smtp session with a 550 No such user response. that way, the bounce is not your responsibility. The sending MTA is responsible for dealing with errors. if the sending MTA is a virus, then it probably does nothing - AFAIK, no viruses have bounce-handling codebut it really doesn't matter what the sending MTA is or what it does, the key point is that it is *NOT YOUR PROBLEM*, you have not accepted the mail and have not accepted responsibility for delivering-or-bouncing it. if you can't reject during the smtp session, then your best option is to tag-and-deliver (best for spam) or just discard (best for viruses). IIRC, exim *can* do any or all of these things, depending on how you configure it. probably some exim expert here can tell you how to do it. btw, AFAIK, exim doesn't have any option to specify a different retry period for bounce-messages. that would be a useful feature for dealing with spam and viruses that get through the filters. on my own systems, i have inbound MX boxes and outbound mail relays. the inbound MXs do all the spam virus filtering, and forward the mail to the POP/IMAP box. they have a retry period of 1 day. it is set so low to avoid the queue getting clogged with undeliverable spam bounces (stuff which makes it through my access maps, but gets caught by amavisd-new/spamassassin/clamav). the outbound relays are for users to send their mail, and they have a retry period of 5 days. these sound like 5xx errors, rather than 4xx. exim should be bouncing these, if the remote systems are issuing the correct error codes.if they aren't, there's little you can do about it. Except write a script, I guess. :) you're better off not letting these bounce messages get into the queue in the first place (i.e. prevention is better than cure). you don't want them, they just slow down your machinereject unwanted mail with 5xx during the SMTP session wherever possible. one possibility is that there is some error in your configuration which is making permanent errors be treated as temporary (4xx) errors, Well, I haven't tweaked our config too much... BUT it's the config file from when we switched to Exim about 4 years ago, and I haven't allowed Debian to overwrite it with a new one (lest we lose our mods to the config file). So, it might be time to get a new config file and move our changes over by hand. But... if we're going through that much trouble geez... I'd just switch to Courier. why switch to courier-mta when you can switch to postfix? :-) courier's other tools (maildrop, pop, sqwebmail, etc) work fine with postfix as the MTA. courier makes a very nice delivery system for real virtual users. postfix makes a very nice MTA (better than anything else, including courier-mta). the combination works extremely well. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... no, postfix beats it. qmail WAS the fastest several years ago. then postfix arrived. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Wed, Jan 28, 2004 at 06:47:16PM -0500, Dale E Martin wrote: exim doesn't scale. if you want performance, switch to postfix. Is there good documentation available for postfix? Last time I looked I could not find anything close to the quality of exim's. I'd be happy if that has changed though! http://www.postfix.org/ there are also many howtos and contributed docs linked to from the main site, written by users developers to highlight or explain particular features, and to answer FAQs. i find postfix's documentation easier to read and use than exim's docs. other people find exim's docs to be easier. YMMV. craig
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 10:35:57AM +1100, Craig Sanders wrote: On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: Not looking for a fight either, but... ALL the MTAs? What are the results for qmail then? I've always heard it's the fastest... no, postfix beats it. qmail WAS the fastest several years ago. then postfix arrived. I use qmail, and the other big problem with it is, AFAIK, that it accepts a message before checking if it has to be bounced. With forged return email addresses one get a lot of bounced bounces. Very annoying. Blu.
Why doesn't Exim ever clean out /var/spool/exim/input?
Here's a question that has always been bugging me. Ever since we moved from smail to exim many years ago at my isp, exim never seems to discard messages in the input queue. Even though the single retry rule is the stock one (which retrys for something like 4 days), we end up with stuff that is weeks... months old. Periodically, it would get pretty full and we'd notice that there were about 10 queue runners going and so I'd go in and do a find and remove anything older than 14 days or so. I *had* to do a find, because doing an ls would just sit there an churn for about a half-hour. Anyhow, as our customer base has grown and as their e-mail usage has grown, the problem has reached an all-time high. With this SCO DDoS virus going around, I had occasion to go clean out the input queue again. The directory was using 17 megs I'm not talking about the FILES in the directory... I'm talking about the directory ENTRIES (filename, inode number, etc.). I was forced to just say screw it! and I mv'd the input and msglog folders to other names and then created new, empty ones so that our mail server wouldn't buckle under the load. But anyway, like the subject line says, my real question is: why doesn't Exim ever clean this stuff out itself? - Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Joe Emenaker wrote: Here's a question that has always been bugging me. Ever since we moved from smail to exim many years ago at my isp, exim never seems to discard messages in the input queue. Even though the single retry rule is the stock one (which retrys for something like 4 days), we end up with stuff that is weeks... months old. Periodically, it would get pretty full and we'd notice that there were about 10 queue runners going and so I'd go in and do a find and remove anything older than 14 days or so. I *had* to do a find, because doing an ls would just sit there an churn for about a half-hour. Does the output of the mailq command provide any useful information about these messages? My first guess would be that you're dealing with frozen messages. These are messages that exim is unable to send *and* can't be returned to the original sender. If that is the case, have a look at the timeout_frozen_after setting; this will automatically remove messages after being frozen for a certain period. Regards, Maarten Vink -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Wed, Jan 28, 2004 at 01:23:02PM -0800, Joe Emenaker wrote: Even though the single retry rule is the stock one (which retrys for something like 4 days), we end up with stuff that is weeks... months old. Periodically, it would get pretty full and we'd notice that there These messages are probably marked by Exim as frozen. Search for that term in Exim's documentation for more info. You may enable Exim to automatically remove frozen messages after some period with the following directive: timeout_frozen_after = 3d Marcin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
Maarten Vink wrote: Does the output of the mailq command provide any useful information about these messages? My first guess would be that you're dealing with frozen messages Yup. A lot of them are frozen. If that is the case, have a look at the timeout_frozen_after setting; this will automatically remove messages after being frozen for a certain period. I'm already using: timeout_frozen_after=48h but that doesn't seem to be doing anything. - Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
