Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Viktor Dukhovni via Exim-users
> On Feb 12, 2018, at 11:57 PM, Ian Zimmerman via Exim-users > wrote: > > I am slightly surprised I could do that; I'd have expected only root on > the host machine to have that power. I would also expect that typically the changes need to happen on the host, though some

Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Ian Zimmerman via Exim-users
On 2018-02-12 22:50, Viktor Dukhovni via Exim-users wrote: > > My server runs in a KVM. Doesn't that rule out hardware TCP > > offloading as the culprit? > > No, it rather makes the problem more likely. Virtual machines are > often behind NAT, which can be incompatible with TCP offload, and >

Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Viktor Dukhovni via Exim-users
> On Feb 12, 2018, at 10:19 PM, Ian Zimmerman via Exim-users > wrote: > >> My previous assesment was wrong: even when exim was compiled with >> OpenSSL instead of GnuTLS the error did occur, albeit with a different >> error message. > > Same here. The new error message

[exim] [META/OT] DKIM sender rewriting [Was: TLS error in incoming emails from *.outlook.com]

2018-02-12 Thread Ian Zimmerman via Exim-users
I note with horror that now I am also a 'via Exim-users' despite intentionally NOT using DKIM for list messages, including this one. Why? Is the rewriting now done regardless? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup.

Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Ian Zimmerman via Exim-users
On 2018-02-13 02:21, Andreas Bauer via Exim-users wrote: > First, thanks to everyone contributing and sorry I did not have time > to more deeply troubleshoot the SSL issue. > My previous assesment was wrong: even when exim was compiled with > OpenSSL instead of GnuTLS the error did occur, albeit

Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Viktor Dukhovni via Exim-users
> On Feb 12, 2018, at 8:21 PM, Andreas Bauer via Exim-users > wrote: > > 504 540.259940 40.92.67.82 TCP 66 >45792 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 > 505 540.259967 40.92.67.82

Re: [exim] TLS error in incoming emails from *.outlook.com

2018-02-12 Thread Andreas Bauer via Exim-users
First, thanks to everyone contributing and sorry I did not have time to more deeply troubleshoot the SSL issue. My previous assesment was wrong: even when exim was compiled with OpenSSL instead of GnuTLS the error did occur, albeit with a different error message. Because it is a production

Re: [exim] Filtering DKIM domains

2018-02-12 Thread Richard James Salts via Exim-users
On Monday, 12 February 2018 10:17:43 AM AEDT AC via Exim-users wrote: > I'm receiving a fair amount of spam that is coming through Microsoft's > Office 365 service (spammers signing up for the one month free trial of > Office 365). This provides them a DKIM siguature that is valid and has > a

Re: [exim] Filtering DKIM domains

2018-02-12 Thread Jeremy Harris via Exim-users
On 12/02/18 18:17, AC via Exim-users wrote: > I'm receiving a fair amount of spam that is coming through Microsoft's > Office 365 service (spammers signing up for the one month free trial of > Office 365). This provides them a DKIM siguature that is valid and has > a customized subdomain of

Re: [exim] Exim-users Digest, Vol 165, Issue 9 [verification failed - body hash mismatch]

2018-02-12 Thread Phil Pennock via Exim-users
On 2018-02-12 at 14:04 +, Jeremy Harris via Exim-users wrote: > On 12/02/18 12:12, Martin Nicholas via Exim-users wrote: > > I notice this from "Exim-users Digest, Vol 165, Issue 9": > > > > DKIM: d=exim.org s=d201802 c=relaxed/relaxed a=rsa-sha256 b=1248 > > [verification failed - body hash

[exim] delay warnings when host down

2018-02-12 Thread Ken Olum via Exim-users
When exim fails to send a message to a host that is down, it remembers that fact and doesn't try to send any more messages to that same host for some interval. Does it then not send delay warnings for those additional messages that it did not retry? I have the situation where a host is not

[exim] Filtering DKIM domains

2018-02-12 Thread AC via Exim-users
I'm receiving a fair amount of spam that is coming through Microsoft's Office 365 service (spammers signing up for the one month free trial of Office 365). This provides them a DKIM siguature that is valid and has a customized subdomain of onmicrosoft.com.The email itself has a sender domain

Re: [exim] Exim-users Digest, Vol 165, Issue 9 [verification failed - body hash mismatch]

2018-02-12 Thread Jeremy Harris via Exim-users
On 12/02/18 12:12, Martin Nicholas via Exim-users wrote: > I notice this from "Exim-users Digest, Vol 165, Issue 9": > > DKIM: d=exim.org s=d201802 c=relaxed/relaxed a=rsa-sha256 b=1248 > [verification failed - body hash mismatch (body probably modified in > transit)] What date was that? --

[exim] Exim-users Digest, Vol 165, Issue 9 [verification failed - body hash mismatch]

2018-02-12 Thread Martin Nicholas via Exim-users
I notice this from "Exim-users Digest, Vol 165, Issue 9": DKIM: d=exim.org s=d201802 c=relaxed/relaxed a=rsa-sha256 b=1248 [verification failed - body hash mismatch (body probably modified in transit)] Installation: Debian vanilla -- Regards, Martin Nicholas. E-mail: reply-2...@mgn.org.uk

Re: [exim] Spam Filtering / dnslists

2018-02-12 Thread Yves via Exim-users
On Mon, 12 Feb 2018, Sebastian Nielsen via Exim-users wrote: I use the following banlist, works pretty well for me, for MAIL FROM stage: deny message = Banned TLD sender_domains =

Re: [exim] Spam Filtering / dnslists

2018-02-12 Thread Sebastian Nielsen via Exim-users
I use the following banlist, works pretty well for me, for MAIL FROM stage: deny message = Banned TLD sender_domains =