Re: [exim] Temporary reject when random sender verification should succeed
On 2018-06-08 18:34, Heiko Schlittermann wrote: > > > >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify > > > >> defer for : Could not complete > > > >> sender verify callout: mail.haskell.org [23.253.242.70] : > > > >> response to "RCPT TO:" was: > > > >> 250 2.1.5 Ok > > > >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 > > > >> F= temporarily rejected RCPT > > > >> : > > > >> Could not complete sender verify callout > > Well OK, but the spec says (43.46): > > > > If the “random” check succeeds, the result is saved in a cache record, > > and used to force the current and subsequent callout checks to succeed > > without a connection being made, until the cache record expires. > > > > Note "current". > Even for a non-native speaker it seems clear to me. (Or, because I'm a > non-native speaker ;) > > But I'm confused anyway. If the random test leads to the conclusion, > that the following callouts are wasted effort and considered as > succeeeded, why does Exim rejects the following RCPT? > > Can you paste the relevant port of your ACL? I simply modified the sender verify acl in the example config: diff --git a/exim/exim.conf b/exim/exim.conf index 423de93..5391114 100644 --- a/exim/exim.conf +++ b/exim/exim.conf @@ -508,7 +508,7 @@ acl_check_rcpt: drop log_message = acl_check_rcpt: $sender_address cannot be verified -!verify = sender +!verify = sender/callout=random # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Temporary reject when random sender verification should succeed
Ian Zimmerman via Exim-users (Do 07 Jun 2018 19:30:34
CEST):
> On 2018-06-07 16:44, Jeremy Harris wrote:
>
> > >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify
> > >> defer for : Could not complete
> > >> sender verify callout: mail.haskell.org [23.253.242.70] :
> > >> response to "RCPT TO:" was: 250
> > >> 2.1.5 Ok
> > >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176
> > >> F= temporarily rejected RCPT
> > >> :
> > >> Could not complete sender verify callout
> > >
>
> Well OK, but the spec says (43.46):
>
> If the “random” check succeeds, the result is saved in a cache record,
> and used to force the current and subsequent callout checks to succeed
> without a connection being made, until the cache record expires.
>
> Note "current".
Even for a non-native speaker it seems clear to me. (Or, because I'm a
non-native speaker ;)
But I'm confused anyway. If the random test leads to the conclusion,
that the following callouts are wasted effort and considered as
succeeeded, why does Exim rejects the following RCPT?
Can you paste the relevant port of your ACL?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] tons of brute force cracking events
> acl_check_auth:
>
> ? drop? message = blacklisted for bruteforce cracking attempt
> ??? set acl_c_authnomail = ${eval10:0$acl_c_authnomail+1}
> ??? condition = ${if >{$acl_c_authnomail}{4}}
This needs also:
acl_smtp_mail = acl_check_mail
begin acl
acl_check_mail:
accept set acl_c_authnomail = 0
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] spool format error (on some list messages)
Hi, On 07.06.2018 23:28, exim-users--- via Exim-users wrote: > Exim mainlog show the corrupted message as second mail sent over one TCP > connection (linux kernel mailing list server is the only server that > sends more than one mail per TCP connection, other servers do not send > those volumes). I do not follow all messages on the list, thus there may > be other errors/corruptions (the queue error I had initially are the > most obvious, other corruption which do not lead to technical errors). > Quick grep in the Mail dir shows significant number of messages which > seem to have some unexpected strings in the header. I see corruption in > this specific header for other messages as well, all have in common that > there was one than one message sent over one single TCP connection. > > I am setting a debug header containing $primary_hostname in an acl > stanza to see if there is some corruption in this heades as well. The corruption only happens on the sa-exim included header, the header inserted for debugging is inserted properly. Best regards, Thomas -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
