Re: [exim] Microsoft MUAs on port 587

2020-09-07 Thread Jeremy Harris via Exim-users
On 07/09/2020 13:32, Mark Elkins via Exim-users wrote: > In the distribution template config file for exim > (/etc/exim/exim.conf.dist),  around line 200, I read... ... > # The standard port for this purpose is port 587, the "message submission" > # port. See RFC 4409 for details. *Microsoft MUAs

Re: [exim] rewrite envelope from when forward

2020-09-07 Thread Jeremy Harris via Exim-users
On 06/09/2020 21:04, Johannes Vogel via Exim-users wrote: > When I forward an address to an @bluewin.ch address, they bring back an > error like this: > > SMTP error from remote mail server after end of data: > 554 5.2.0 sc971: SPF hard fail Yes, SPF breaks forwarding. Option "return_path" on

Re: [exim] [bug2638] retry database / first failed doesn't correlate with logs: success recorded as failure, result retry times exceeded

2020-09-02 Thread Jeremy Harris via Exim-users
I don't see the IP of the retry DB entry you show in any of the log lines you show. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Broken client... HELO and AUTH...

2020-08-26 Thread Jeremy Harris via Exim-users
On 25/08/2020 21:09, Marco Gaiarin via Exim-users wrote: > using ACL "acl_smtp_connect" > processing "accept" > check hosts = 10.5.254.1 : 10.5.254.2 : 10.5.1.160 : 10.5.1.159 > host in "10.5.254.1 : 10.5.254.2 : 10.5.1.160 : 10.5.1.159"? yes (matched > "10.5.1.160") > check control =

Re: [exim] Broken client... HELO and AUTH...

2020-08-24 Thread Jeremy Harris via Exim-users
On 24/08/2020 11:46, Marco Gaiarin via Exim-users wrote: > 8 5.098632781 10.5.1.160 ??? 10.5.1.3 SMTP 82 C: HELO Localhost >[...] >14 5.101334018 10.5.1.160 ??? 10.5.1.3 SMTP 78 C: AUTH LOGIN >15 5.101506616 10.5.1.3 ??? 10.5.1.160 SMTP 109 S: 503 AUTH command >

Re: [exim] Why $domain variable expands to sender domain?

2020-08-18 Thread Jeremy Harris via Exim-users
On 18/08/2020 03:08, Kevin Shell via Exim-users wrote: > I want to rewrite sender address conditionally based on recipent domain, i.e. > if recipent domain is in local domains, don't do rewrite > else rewrite envelope and header sender address. > > Is it possible to do this in Exim? Use

Re: [exim] exim-4.94 failure to start

2020-08-17 Thread Jeremy Harris via Exim-users
On 17/08/2020 20:54, Odhiambo Washington via Exim-users wrote: > So, end of the road, right? For your 7th June 2013 -vintage OS release, yes. Unless you're willing to either fix it or modify the Exim source. -- Cheers, Jeremy -- ## List details at

Re: [exim] exim-4.94 failure to start

2020-08-16 Thread Jeremy Harris via Exim-users
On 16/08/2020 19:07, Odhiambo Washington via Exim-users wrote: >> The fast-queue-ramp and the $queue_size expansion won't work. > EXPERIMENTAL_QUEUEFILE=yes That's something completely different. > EXPERIMENTAL_QUEUE_RAMP=yes That still leaves $queue_size. No; the attempt to create and set up

Re: [exim] exim-4.94 failure to start

2020-08-16 Thread Jeremy Harris via Exim-users
On 16/08/2020 16:08, Odhiambo Washington via Exim-users wrote: >> Looks like your platform include files define LOCAL_CREDS >> but the setsockopt trying to use it returns failure. > > > How do I mitigate this then? Beyond updating your FreeBSD, you can't. The fast-queue-ramp and the

Re: [exim] Why $domain variable expands to sender domain?

2020-08-16 Thread Jeremy Harris via Exim-users
On 16/08/2020 01:43, Kevin Shell via Exim-users wrote: > begin rewrite > *@+local_domains "${if inlist {$domain}{LOCAL_DOMAINS} \ > {$local_part@$domain}\ > > {${lookup{${local_part@${domain}}}lsearch{CONFDIR/email-addresses}{$value}fail}}}" > Ffrs > Why $domain expands to sender

Re: [exim] exim-4.94 failure to start

2020-08-16 Thread Jeremy Harris via Exim-users
On 16/08/2020 14:11, Odhiambo Washington via Exim-users wrote: > The build completed successfully Looks like your platform include files define LOCAL_CREDS but the setsockopt trying to use it returns failure. -- Cheers, Jeremy -- ## List details at

Re: [exim] exim-4.94 failure to start

2020-08-16 Thread Jeremy Harris via Exim-users
On 16/08/2020 11:42, Odhiambo Washington via Exim-users wrote: > I installed 4.94 on FreeBSD-8.4 (old, yes) and if refused to start with the > following in panic.log: > > daemon_notifier_socket LOCAL_CREDS: Protocol not available Either your exim binary was not build on that platform, or that

Re: [exim] mysql config

2020-08-14 Thread Jeremy Harris via Exim-users
On 14/08/2020 23:49, Dan Egli via Exim-users wrote: > Let me elaborate a bit, see if I can show it better what I want > > 1) exim receives message > 2) exim queries mysql -> this user@domain exist? > 3) mysql-> yes. Maildir is /mail/domain/user > 4) exim delivers mail Probably most neatly done

Re: [exim] mysql config

2020-08-14 Thread Jeremy Harris via Exim-users
On 12/08/2020 17:33, Dan Egli via Exim-users wrote: > Any good tips on configuring Exim to read it's user info from a mysql table > and to ensure it does SMTP auth correctly against that table is appreciated. That's rather a nebulous question. At that level, about all I'd offer is: 1) decide

Re: [exim] Cannot negate router lookup condition

2020-08-12 Thread Jeremy Harris via Exim-users
On 12/08/2020 21:45, Sebastian Arcus via Exim-users wrote: > I am running Exim 4.89. I have the following router in exim.conf: > > send_direct: >     driver = dnslookup >     condition = ! ${lookup{$local_part@$domain}\ >   lsearch{/etc/exim/exim.passwd}{$value}{}} >     transport =

Re: [exim] Strange SMTP problem, no completed to sender

2020-08-09 Thread Jeremy Harris via Exim-users
On 07/08/2020 11:25, Cyborg via Exim-users wrote: > 91    1.619741    X  83.246.80.144    SMTP    60    C: QUIT > 92    1.620504    83.246.80.144  X    SMTP    102  S: 221 > {serverhostname} closing connection > 94    1.669586    X  83.246.80.144    TCP   60    2872 → 25 [FIN, > ACK] Seq=252

Re: [exim] Strange SMTP problem, no completed to sender

2020-08-07 Thread Jeremy Harris via Exim-users
On 06/08/2020 17:54, Laura Williamson via Exim-users wrote: > * Remote sender sends email to a local user > > * Mail is delivered to local user > > but sometimes exim doesn't close the connection to the senders SMTP > server correctly (believe there is some sort of handshake that fails, >

Re: [exim] Tainted filename

2020-08-01 Thread Jeremy Harris via Exim-users
On 01/08/2020 14:18, Odhiambo Washington via Exim-users wrote: > dkim_domain = ${if > exists{/etc/pki/tls/dk/${lc:$sender_address_domain}-dkim.priv.key}{${lc:$sender_address_domain}}{}} As has been said multiple times recently on the mailing list, replace your if-exists with a dsearch.

Re: [exim] how to use dnslookup for deliverying local mail without infinite loop?

2020-08-01 Thread Jeremy Harris via Exim-users
On 01/08/2020 02:26, krzf83--- via Exim-users wrote: > Let's assume that I don't have control over the contents of > local_domains list. That's a bad way to operate. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] Local EAI addresses ?

2020-07-31 Thread Jeremy Harris via Exim-users
On 01/08/2020 00:39, John R. Levine via Exim-users wrote: > 2020-07-31 19:26:19 1k1ePr-iX-8I <= jo...@xn--5nq051n.services.net > U=johnl P=local S=431 > 2020-07-31 19:26:19 1k1ePr-iX-8I ** 用户1...@xn--5nq051n.services.net: > Unknown user > > Any suggestions? It's not being accepted, so

Re: [exim] using environment ${env {}} for helo_data

2020-07-29 Thread Jeremy Harris via Exim-users
On 29/07/2020 10:48, Frank Heydlauf via Exim-users wrote: > My test: >export EXIM_HELONAME=myheloname ># restart exim >swaks --from="<>" --to=$ME --server=localhost I'm guessing that you're not actually running exim from the shell you set the environment variable in. Look into how

Re: [exim] Add disclaimer message to all incoming emails

2020-07-28 Thread Jeremy Harris via Exim-users
On 27/07/2020 20:08, George via Exim-users wrote: > I was able to find a solution for outgoing emails to have this but not the > other way around. Think carefully on the distinction between incoming/outgoing as applied to the system, versus as applied to exim. Messages come in to exim (from SMTP

Re: [exim] De-tainting with ${sg} expansion

2020-07-28 Thread Jeremy Harris via Exim-users
On 27/07/2020 19:45, Jamie Barnes via Exim-users wrote:> I've been avoiding check_local_user (since it tries to chdir into home directories that the exim user has no access to), so I don't think I have access to $local_part_data (as nothing populates it). Not so. Any lookup done by a

Re: [exim] How to delay multiple adresses in TO CC or CCI ?

2020-07-24 Thread Jeremy Harris via Exim-users
On 24/07/2020 10:08, Yves ROUX via Exim-users wrote: > So to avoid overloading distant recipient servers, is there a config > possible so say a mail with 100 recipients, will be sent one by one > with a delay of 1 second ? Sending messages with a limited number of recipients: - max_rcpt option on

Re: [exim] Exim 4.94 - daemon_notifier_socket bind: Address already in use

2020-07-23 Thread Jeremy Harris via Exim-users
On 23/07/2020 04:27, haoniukun via Exim-users wrote: > I actually happen to see the same question recently. > One problem I found is that if I use exit_ctl to stop the process, this file > can be removed without any problem. > But if I use -d option to start the exim daemon from the command line

Re: [exim] Time to force delay between message

2020-07-22 Thread Jeremy Harris via Exim-users
On 22/07/2020 04:28, deepaksharma559--- via Exim-users wrote: > Is it possible to force a time delay. For example my email account user @ > domain.com is sending 3-4 emails to the same receipient in 1 second. Is > there a setting in exim to insert a delay by ex: 10 seconds. No, there is not.

Re: [exim] Taint mismatch, string_vformat: route_finduser 1143

2020-07-19 Thread Jeremy Harris via Exim-users
On 18/07/2020 17:15, Gowtham Kudupudi via Exim-users wrote: > 31420 LOG: MAIN PANIC DIE > 31420 Taint mismatch, string_vformat: route_finduser 1143 > exim-4.93.0.4 Please update to 4.94 -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim

Re: [exim] Exim grammar help needed

2020-07-16 Thread Jeremy Harris via Exim-users
On 16/07/2020 21:19, Phillip Carroll via Exim-users wrote: >> It is a common idiom; it enables the forensic stuff only for >> domains that are not listed in screwed_up_dmarc_records. > From your reply, I infer that "!domains = +x" means all domains NOT in > x.  I couldn't find that definition. >

Re: [exim] Exim grammar help needed

2020-07-16 Thread Jeremy Harris via Exim-users
On 16/07/2020 19:00, Phillip Carroll via Exim-users wrote: >>  warn !domains = +screwed_up_dmarc_records >>  control = dmarc_enable_forensic > > Does precisely nothing because the control modifier appears AFTER the > failing "domains" condition. Which leaves one to wonder the intent of > the

Re: [exim] Disable deduplication

2020-07-16 Thread Jeremy Harris via Exim-users
On 16/07/2020 18:43, Kai Bojens via Exim-users wrote: > Am 2020-07-16 18:10, schrieb Jeremy Harris via Exim-users: >> Unclear exactly what you are wanting duplicated that is >> not currently. > > There is a mail from a...@a.tld to b...@b.tld and (Bcc:) c...@b.tld. I then >

Re: [exim] Disable deduplication

2020-07-16 Thread Jeremy Harris via Exim-users
On 16/07/2020 16:19, Kai Bojens via Exim-users wrote: > tl;dr: how can I force Exim to actually create single and unique mails > instead of just ignoring duplicates? Unclear exactly what you are wanting duplicated that is not currently. There was one mail message, with multiple original

Re: [exim] failed key import from office365

2020-07-16 Thread Jeremy Harris via Exim-users
On 16/07/2020 11:13, Edyta Sapijaszko via Exim-users wrote: > When sender has some problem with DKIM or SPF record i have warning in exim > "PDKIM: d=[domain].onmicrosoft.com s=selector1-[domain]-onmicrosoft-com > [failed key import]. > I have control = dkim_disable_verify The two of those

Re: [exim] Moving a queue from server to server

2020-07-15 Thread Jeremy Harris via Exim-users
On 14/07/2020 18:57, Johnnie W Adams via Exim-users wrote: > Now I'm replacing that box with a newer one and wondering how to move > the queue of frozen mail from the old machine to the new--or if I'm better > off just waiting till it all expires. As to how: just copy the files. And delete

Re: [exim] ISP recently updated exim via DirectAdmin

2020-07-14 Thread Jeremy Harris via Exim-users
On 13/07/2020 22:46, Robert Nicholson via Exim-users wrote: > Got some insight from the debug log. > > Does anybody know what the 2 0 0 represents? > > userforward router skipped: verify 2 0 0 > > There’s a suspicion that this is a bug introduced by the DirectAdmin folks > into their

Re: [exim] de-taint a file string

2020-07-13 Thread Jeremy Harris via Exim-users
On 13/07/2020 12:56, Niels Kobschätzki via Exim-users wrote: > I am looking through the documentation and the mailing list but I cannot > find out how to convert this simple acl: > >  deny  message = Invalid user >     domains = >

Re: [exim] DKIM and debian buster...

2020-07-13 Thread Jeremy Harris via Exim-users
On 12/07/2020 22:51, Marco Gaiarin via Exim-users wrote: >>> How can i debug trasport?! ;-) Run the exim that forks to become the transport with debug enabled (either via ACL action or commandline option). >>> Ahem... some examples or some direct link in documentation? O;-) >> The

Re: [exim] ISP recently updated exim via DirectAdmin

2020-07-13 Thread Jeremy Harris via Exim-users
On 13/07/2020 01:14, Robert Nicholson via Exim-users wrote: > When I try a test message it doesn’t show userfowrard router. > u...@domain.com > router = spamcheck_director, transport = spamcheck Run the exim that does the routing with debug turned on. If this test message is smtp-fed, that'll

Re: [exim] DKIM and debian buster...

2020-07-10 Thread Jeremy Harris via Exim-users
On 09/07/2020 22:48, Marco Gaiarin via Exim-users wrote: > How can i debug trasport?! ;-) >> Run the exim that forks to become the transport with >> debug enabled (either via ACL action or commandline option). > > Ahem... some examples or some direct link in documentation? O;-) The Exim

Re: [exim] Exim 4.94 - daemon_notifier_socket bind: Address already in use

2020-07-10 Thread Jeremy Harris via Exim-users
On 10/07/2020 09:13, David Carter via Exim-users wrote: > We ran into this as well. That makes two votes for bug 2616 -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list -

Re: [exim] DKIM and debian buster...

2020-07-08 Thread Jeremy Harris via Exim-users
On 08/07/2020 08:34, Marco Gaiarin via Exim-users wrote: >>> How can i debug trasport?! ;-) Run the exim that forks to become the transport with debug enabled (either via ACL action or commandline option). -- Cheers, Jeremy -- ## List details at

Re: [exim] DKIM and debian buster...

2020-07-07 Thread Jeremy Harris via Exim-users
On 07/07/2020 13:58, Mike Tubby via Exim-users wrote: >     set (dkim_selector, dkim_dkim_canon, dkim_private_key, dkim_hash) = > ${lookup mysql {SELECT selector,canon,private_key, hash FROM dkim WHERE > domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}} That would be a whole

Re: [exim] DKIM and debian buster...

2020-07-06 Thread Jeremy Harris via Exim-users
On 07/07/2020 00:01, Mike Tubby via Exim-users wrote: > remote_smtp: >     driver = smtp >     dkim_domain = ${lc:${domain:$h_from:}} >     dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE > domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}} >    

Re: [exim] testing login from the command line

2020-07-05 Thread Jeremy Harris via Exim-users
On 05/07/2020 22:23, Chris Gerhard via Exim-users wrote: > Just in case anyone else hits this. On Illumos it appears that if you > have _XOPEN_SOURCE_EXTENDED set when compiling src/ip.c then connect > will check the permissions on the socket in the file system, which for > the dovecot auth socket

Re: [exim] Stop SAVE appending

2020-07-05 Thread Jeremy Harris via Exim-users
On 05/07/2020 11:20, Rob Gunther via Exim-users wrote: > Any suggestions on how to only get a single copy in the file? I see no > option on the save command to append or not and my if exists does not seem > to do the trick. If you redirect from each of these targettted users to a dummy "copy"

Re: [exim] testing login from the command line

2020-07-05 Thread Jeremy Harris via Exim-users
On 05/07/2020 11:00, Chris Gerhard via Exim-users wrote: > If I write a program to connect to that socket it works just fine, as > any user, and exim-4.93.0.3 has no issues either, so something weird is > going on and I want to debug it directly using the exim-4.94 binary, but > to do so I need to

Re: [exim] Condition fail out of verify...

2020-07-05 Thread Jeremy Harris via Exim-users
On 04/07/2020 22:36, Marco Gaiarin via Exim-users wrote: > Mandi! Andreas Metzler via Exim-users > In chel di` si favelave... > >> You "require" any message recipient domain part to *not* match +local_domains >> which is not the case. > > Probably i've found how this recipe goes in the file,

Re: [exim] DKIM and debian buster...

2020-07-05 Thread Jeremy Harris via Exim-users
On 04/07/2020 05:55, Andreas Metzler via Exim-users wrote: > On 2020-07-03 Jeremy Harris via Exim-users wrote: >> On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote: > [...] >>> I've done the same on buster (exim 4.92-8+deb10u4) > [...] > >> You didn't

Re: [exim] DKIM and debian buster...

2020-07-03 Thread Jeremy Harris via Exim-users
On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote: > > I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like: > > DKIM_CANON = relaxed > DKIM_SELECTOR = 2020 > DKIM_DOMAIN = ${lc:${domain:$h_from:}} > DKIM_PRIVATE_KEY = ${if >

Re: [exim] Intermittent PDKIM failed key import errors

2020-07-03 Thread Jeremy Harris via Exim-users
On 03/07/2020 13:48, Jeremy Harris via Exim-users wrote: > On 03/07/2020 13:24, Richard Gilbert via Exim-users wrote: >> failed key import > > ... means either the dns lookup failed, or the results > were not parseable. Either way, catching one in the > act seems requir

Re: [exim] Exim 4.94 - daemon_notifier_socket bind: Address already in use

2020-07-03 Thread Jeremy Harris via Exim-users
On 03/07/2020 19:41, Ian Zimmerman via Exim-users wrote: > On 2020-07-03 12:30, Jeremy Harris wrote: >> The only other possibility is to avoid using the -oP option on the 465 >> daemon. > > Wait, how can -oP be the problem, Specifying -oX and no -oP locks out the creation o

Re: [exim] de-taint efficiency

2020-07-03 Thread Jeremy Harris via Exim-users
On 03/07/2020 14:55, Rob Gunther via Exim-users wrote: >domainlist local_domains = lsearch,ret=key;/etc/virtual/domains > > Then referencing domains = +local_domainsin the routers works. No > lsearch needed at that point, seems much cleaner. > > However, I found a stumbling block. >

Re: [exim] Intermittent PDKIM failed key import errors

2020-07-03 Thread Jeremy Harris via Exim-users
On 03/07/2020 13:24, Richard Gilbert via Exim-users wrote: > failed key import ... means either the dns lookup failed, or the results were not parseable. Either way, catching one in the act seems required. It won't be easy. You could set up a conditional debug log, using ACL control=debug and

Re: [exim] Exim 4.94 - daemon_notifier_socket bind: Address already in use

2020-07-03 Thread Jeremy Harris via Exim-users
On 03/07/2020 12:11, Jürgen Edner via Exim-users wrote: > Hi Jeremy, > >> On 03/06/2020 09:42, Mikhail Golub via Exim-users wrote: >>> 42885 creating notifier socket >>> 42885? /var/spool/exim/exim_daemon_notify >>> 42885 LOG: MAIN PANIC >>> 42885?? daemon_notifier_socket bind: Address already in

Re: [exim] de-taint efficiency

2020-07-03 Thread Jeremy Harris via Exim-users
> domainlist local_domains = lsearch;/etc/virtual/domains > > How can I just search the local_domains list? I've looked at the various > lookup types but don't see any way to lookup something from the named list > and have it return a clean domain name that I can reference in $domain_data > >

Re: [exim] Scope of $recipients variable

2020-07-01 Thread Jeremy Harris via Exim-users
On 01/07/2020 16:39, Heiko Schlittermann via Exim-users wrote: > According to the spec "$recipients" is available (as a list of envelope > recipients) > > 1) in a system filter file > 2) in ACL associated with the DATA command … >- acl_smtp_predata >-

Re: [exim] option -MCd

2020-07-01 Thread Jeremy Harris via Exim-users
On 01/07/2020 15:27, Marc Haber via Exim-users wrote: >> An experiment of a short suspend, and waiting for longer than that, >> would be of interest - assuming the issue can be created on demand. > > You mean like > > - reboot (start exim daemon here) > - suspend for like a minute > -

Re: [exim] option -MCd

2020-06-30 Thread Jeremy Harris via Exim-users
On 30/06/2020 16:01, Marc Haber via Exim-users wrote: > A contributor on the bug report says: > |I am pretty sure that the problem is caused by the commit > 6906c131d1d07d07831f8fbabae6290a3cba6ca3 > |(Use a monotonic clock, if available, for ID generation).

Re: [exim] option -MCd

2020-06-30 Thread Jeremy Harris via Exim-users
On 30/06/2020 16:01, Marc Haber via Exim-users wrote: > Is this the possible cause of the issue showing up on at least three > Debian systems since we upgraded to exim 4.94? It does sound plausible that it is related. How was the message given exim - command-line or smtp? Was it first given to

Re: [exim] Tainted filename on DKIM signing in 4.94

2020-06-30 Thread Jeremy Harris via Exim-users
On 30/06/2020 13:59, Andy Smith via Exim-users wrote: > remote_smtp: > driver = smtp > dkim_domain = ${sender_address_domain} > dkim_selector = dkimxy > dkim_private_key = ${if exists \ > {/usr/local/etc/exim/${sender_address_domain}/dkim.private.key}\ >

Re: [exim] allow alias file to include aliases from another file

2020-06-30 Thread Jeremy Harris via Exim-users
On 30/06/2020 15:19, Jason Keltz via Exim-users wrote: > All I want to know is whether the following line alone in an existing > /etc/aliases file should or should not allow me to include aliases from > an additional external file: > > :include:/etc/aliases.alternate > > My system_aliases is

Re: [exim] allow alias file to include aliases from another file

2020-06-30 Thread Jeremy Harris via Exim-users
On 29/06/2020 20:44, Jason Keltz via Exim-users wrote: >>     If an item is of the form >> >>     :include: >> >>     a list of further items is taken from the given file and included >>     at that point. Note: Such a file can not be a filter file; it is >>     just an out-of-line addition to the

Re: [exim] Tainted string changes 4.93

2020-06-29 Thread Jeremy Harris via Exim-users
On 29/06/2020 04:57, Robert Blayzor via Exim-users wrote: > The router hitting: > > local_aliases: > driver = redirect > allow_fail = true > allow_defer = true + local_parts = ${lookup{$local_part}wildlsearch,ret=key{/opt/etc/exim/aliases} > data =

Re: [exim] 4.94 - De-tainting without lookup?

2020-06-27 Thread Jeremy Harris via Exim-users
On 27/06/2020 12:51, Evgeniy Berdnikov via Exim-users wrote: >> # directory must exist > > The question is what to do if it does not exist? It's impossible to predict > addressees of arbitrary mail list, so no way to create subdirs in advance. Then you'll need to take

Re: [exim] 4.94 - De-tainting without lookup?

2020-06-27 Thread Jeremy Harris via Exim-users
On 26/06/2020 08:50, Matthias Hörmann via Exim-users wrote: >> # save copy of outgoing messages >> traffic_tap_save_copy: >> driver = appendfile ... >> create_directory = true >> directory = >> /var/mailarchive/outgoing/$sender_address_domain/$sender_address_local_part/$domain/$local_part/

Re: [exim] de-tainting

2020-06-25 Thread Jeremy Harris via Exim-users
On 25/06/2020 20:50, Evgeniy Berdnikov via Exim-users wrote: > at least in statement "In all other situations, this variable expands > to nothing", because it may be filled if no lookup is done. Yes, that is no longer true. See the sections starting

Re: [exim] de-tainting

2020-06-25 Thread Jeremy Harris via Exim-users
On 25/06/2020 16:08, Evgeniy Berdnikov via Exim-users wrote: processing "warn" (/var/lib/exim4/config.autogenerated 485) check acl = test_domain_data using ACL "test_domain_data" processing "warn" (/var/lib/exim4/config.autogenerated 490) check logwrite = before lookup

Re: [exim] dsearch

2020-06-25 Thread Jeremy Harris via Exim-users
On 25/06/2020 11:42, Evgeniy Berdnikov via Exim-users wrote: > Isn't it easier to remove "." and ".." from dsearch scan list et al? > Really they are special built-in items in majority of file systems, > so it's pointless to put real data into such "files" and consequently > no sense to lookup

Re: [exim] dsearch

2020-06-25 Thread Jeremy Harris via Exim-users
On 23/06/2020 18:40, Evgeniy Berdnikov via Exim-users wrote: > But experiment (with "Exim version 4.94 #2 built 19-Jun-2020 08:31:26" > for Debian) shows that "." is matched in for both "dir" or "subdir": Oops. > And I'm just curious, what a usage pattern was targeted to create two >

Re: [exim] Tainted filename for search in Exim 4.94-1

2020-06-24 Thread Jeremy Harris via Exim-users
On 24/06/2020 21:10, Patrick Porteous via Exim-users wrote: > I need to do a single key lookup on a file using a condition > statement in the correct de-tainted method? That is simplest (though any lookup would do; the point is to only use the tainted data for lookup keys). >  Prior to the

Re: [exim] Problem with system_filter - Taint mismatch, string_nextinlist: expand_string_internal 7213

2020-06-22 Thread Jeremy Harris via Exim-users
On 22/06/2020 11:06, Steve Arbour via Exim-users wrote: > 2020-06-22 04:49:02 1jnI8T-000JTg-VM Taint mismatch, string_nextinlist: > expand_string_internal 7213 That was Bug 2586, fixed by commit 44644c2e40. Assuming your distro is tracking bugfixes, you need to update. -- Cheers, Jeremy --

Re: [exim] Exim 4.94: "Tainted filename for search: 'select'"

2020-06-22 Thread Jeremy Harris via Exim-users
On 22/06/2020 08:18, Felix Schwarz via Exim-users wrote: > Exim 4.94 was pushed to EPEL 7 stable without any announcement and I suspect > that explains the influx of questions about tainting on this mailing list. I'm afraid that's up to the distros reading and dealing appropriately with the info

Re: [exim] Tainted filename for search in Exim 4.94-1

2020-06-19 Thread Jeremy Harris via Exim-users
On 19/06/2020 17:33, Patrick Porteous via Exim-users wrote: > I'm having the same problem as Vladislav Georgiev after upgrading from > 4.93.3 to 4.94-1.  After applying the update, I receive the following > error when trying to send from any of my domains.  Is this a bug or is > this something I

Re: [exim] Exim 4.94: "Tainted filename for search: 'select'"

2020-06-19 Thread Jeremy Harris via Exim-users
On 18/06/2020 13:20, Felix Schwarz via Exim-users wrote: > sqlite_dbfile = /path/to/user.db > > domainlist local_domains = sqlite;select DISTINCT domain from users where > domain='${quote_sqlite:$domain}' and is_enabled=1; Two problems. - the syntax only applies for single-key lookup

Re: [exim] Tainted filename for search in Exim 4.94-1

2020-06-19 Thread Jeremy Harris via Exim-users
On 18/06/2020 13:43, Vladislav Georgiev | NS1.bg via Exim-users wrote: > 2020-06-18 15:26:49 Tainted filename for search: '/etc/valiases/domain.com' Docs, concept index, de-tainting. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] option -MCd

2020-06-19 Thread Jeremy Harris via Exim-users
On 19/06/2020 09:48, Frank Elsner via Exim-users wrote: > Ok, it is not a repro of the initial case. > But it is not nomal as it delays the massege. > > But can you explain this please > > 22937 tick check: 1592491915.156500 1592491548.933500 > 22937 waiting 366.223500 sec Exim

Re: [exim] option -MCd

2020-06-18 Thread Jeremy Harris via Exim-users
On 18/06/2020 15:58, Frank Elsner via Exim-users wrote: > I could reproduce the problem with exim-4.94 which occures after the system > came up after suspend: > > 22937 Process 22937 is handling incoming connection from [127.0.0.1] [...] There's no exec there at all. In what way is it a repro?

Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

2020-06-17 Thread Jeremy Harris via Exim-users
On 17/06/2020 20:34, John R. Levine via Exim-users wrote: > MTA-STS is a newish IETF spec that lets mail operators declare that > all of their incoming mail servers support STARTTLS.  (See RFC 8461.) Exim does not support MTA_STS. > Looking at the mail logs for my servers, it's pretty clear that

Re: [exim] option -MCd

2020-06-17 Thread Jeremy Harris via Exim-users
On 17/06/2020 10:56, Frank Elsner via Exim-users wrote: >>> 264381 exec /usr/exim/bin/exim -d=0xf7795cfd -MCd daemon-accept-delivery >>> -Mc 1jiZUo-0016mC-CU >> Is there no other mention of process 264381 (or whatever the process >> doing the exec is)? > > Coming back to the still unsolved

Re: [exim] Double outbound routing for testing purposes

2020-06-16 Thread Jeremy Harris via Exim-users
On 16/06/2020 11:10, Johnnie W Adams via Exim-users wrote: > Is this idea of mine a standard practice? For testing? I can't comment. It's common enough for messages to be duplicated; eg. by a user having a .forward file (and suitable config handling of them). -- Cheers, Jeremy -- ## List

Re: [exim] Double outbound routing for testing purposes

2020-06-16 Thread Jeremy Harris via Exim-users
On 15/06/2020 23:33, Johnnie W Adams via Exim-users wrote: > I'd love to understand why--or how to do it, for > that matter. A redirect router, two destinations in the data. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at

Re: [exim] detect, if malware scanner is unreachable

2020-06-11 Thread Jeremy Harris via Exim-users
On 11/06/2020 11:04, Niki W. Waibel via Exim-users wrote: >it is possible to "mark" spam emails, in case spamassassin is not >reachable: > warn spam = nobody/defer_ok > add_header = X-Spam-Flag: YES > warn condition = ${if !def:spam_score_int {1}} >

Re: [exim] 'verify=helo' and strange warning...

2020-06-11 Thread Jeremy Harris via Exim-users
On 11/06/2020 12:07, Marco Gaiarin via Exim-users wrote: > warn > add_header = X-HELO-Warning: Remote host $sender_host_address ${if > def:sender_host_name {($sender_host_name) }}incorrectly presented itself as > $sender_helo_name > log_message = Remote host presented unverifiable

Re: [exim] Testing sender and recipient domains in MIME ACL

2020-06-10 Thread Jeremy Harris via Exim-users
On 10/06/2020 10:39, Mike Tubby via Exim-users wrote: > I wanted to do this - in the MIME ACL: > >     # >     # Check if sender is whitelisted to disable MIME content checks >     # >     accept    sender_domains  = +whitelist_sender_domains >       logwrite    =

Re: [exim] Receiving the error : TLS error on connection (recv): The TLS connection was non-properly terminated.

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 14:11, Brent Clark wrote: > If the cause of the issue is related to the certs on the antispam > servers, wouldn't we be having that same issue on our side without the > load balancers? I do not agree that it is. -- Cheers, Jeremy -- ## List details at

Re: [exim] Receiving the error : TLS error on connection (recv): The TLS connection was non-properly terminated.

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 12:28, Brent Clark via Exim-users wrote: > Where I work, we just inherited a series of third party out going spam > servers. > For various reason, we need to loadbalance but more importantly direct > traffic for when we need to perform maintenance on these servers. > > What we

Re: [exim] Exim 4.94 - error linear search

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 13:14, Jeremy Harris via Exim-users wrote: > That hack doesn't work for the first item of your list, though. > If you can't put that item into the same file, you might need to > duplicate that router and have one handling each of those list elements. https://bugs

Re: [exim] Exim 4.94 - error linear search

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 12:15, Mikhail Golub via Exim-users wrote: > 14:02:18 58064 > forwarding_router router < > 14:02:18 58064 local_part=test domain=domain.com > 14:02:18 58064 checking domains > 14:02:18 58064 domain.com in "mx.mydomain : > /usr/local/etc/exim/acl/virtual_domains"? yes

Re: [exim] Exim 4.94 - error linear search

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 11:24, Mikhail Golub via Exim-users wrote: > forwarding_router: >   domains = +virtual_domains >   require_files = EXIMDIR/domains/$domain_data >   driver = redirect >   srs = forward >   data = ${lookup{$local_part_data}lsearch*{EXIMDIR/domains/$domain_data}} >   allow_fail > >

Re: [exim] option -MCd

2020-06-09 Thread Jeremy Harris via Exim-users
On 09/06/2020 09:30, Frank Elsner via Exim-users wrote: > my exim-4.94 has problems. Message coming in via TCP doesn't get delivered. > The debug output is > > 264380 SMTP>> 221 siffux.fritz.box closing connection > 264380 LOG: smtp_connection MAIN > 264380 SMTP connection from

Re: [exim] SMTP_LINE_LENGTH_LIMIT never ignored

2020-06-07 Thread Jeremy Harris via Exim-users
On 07/06/2020 17:56, Jacques B. Siboni via Exim-users wrote: > i need this as as some mailman bounces are longer than 998 > > Any idea? Tel the mailman developers they're producing out-of-spec messages. -- Cheers, Jeremy -- ## List details at

Re: [exim] Tainted filename for search

2020-06-06 Thread Jeremy Harris via Exim-users
On 06/06/2020 19:29, Jeremy Harris via Exim-users wrote: > On 05/06/2020 20:02, Laura Williamson via Exim-users wrote: >>   dkim_selector = ${lookup sqlite {/usr/exim/dkimcertificates select >> selector from dkimcerts where domain='$sender_address_domain'}{$value}} > &g

Re: [exim] Tainted filename for search

2020-06-06 Thread Jeremy Harris via Exim-users
On 05/06/2020 20:02, Laura Williamson via Exim-users wrote: >   dkim_selector = ${lookup sqlite {/usr/exim/dkimcertificates select > selector from dkimcerts where domain='$sender_address_domain'}{$value}} As I told Max, one of: - use the sqlite_dbfile main option - use separate tables within one

Re: [exim] SQLite Tainted filename for search error

2020-06-06 Thread Jeremy Harris via Exim-users
On 06/06/2020 10:57, Max Kostikov via Exim-users wrote: > And what if more than one SQLite database used with Exim? One of: - Use separate tables within one sqlite db rather than multiple db files - ensure your sqlite lookup strings do not contain tainted data (look in the Concept Index for

Re: [exim] SQLite Tainted filename for search error

2020-06-05 Thread Jeremy Harris via Exim-users
On 06/06/2020 00:24, Max Kostikov via Exim-users wrote: > 2020-06-06 01:02:28 Tainted filename for search: > '/var/db/exim/users.sqlite3' > 2020-06-06 01:02:28 failed to expand "${lookup > sqlite{/var/db/exim/users.sqlite3 SELECT domain FROM domain WHERE

Re: [exim] Upcoming Glibc changes and DANE support in Exim, Postfix, and perhaps other MTAs

2020-06-05 Thread Jeremy Harris via Exim-users
On 22/04/2020 00:14, Phil Pennock via Exim-users wrote: > (Otherwise I'd have already just coded up independently the exact same > fix you have used for Postfix) > > This also though means that _building_ an Exim binary has to be done on > the system with the newer glibc, because binaries can't

Re: [exim] A DOS?

2020-06-05 Thread Jeremy Harris via Exim-users
On 05/06/2020 08:40, Jacques B. Siboni via Exim-users wrote: > Maybe the question is how to filter the pattern after the > > router keyword? The thing in parentheses (after the H= field) is the HELO name. If that is a consistent thing presented by this spammer, then... there is a variable with

Re: [exim] mail stuck in /var/spool/exim4/input

2020-06-04 Thread Jeremy Harris via Exim-users
On 04/06/2020 16:38, Andreas Metzler via Exim-users wrote: > You are running 4.94-1 configuration with 4.92.3-1 binaries. I'm starting to wonder if these sorts of checks need support from Exim predefined macros. We could define one fairly easily where the _name_ of the macro includes the Exim

Re: [exim] Taint mismatch, string_nextinlist: acl_check_condition 3675

2020-06-04 Thread Jeremy Harris via Exim-users
On 04/06/2020 04:38, list2--- via Exim-users wrote: > set acl_m0   = $local_part@$domain > > > warn spam    = $acl_m0:true > add_header  = X-Spam-Report: $spam_report Either: a) pick up commit 12b7f811de from git and rebuild your exim or b) use checked, untainted variables to

Re: [exim] mail stuck in /var/spool/exim4/input

2020-06-03 Thread Jeremy Harris via Exim-users
On 02/06/2020 20:56, m s via Exim-users wrote: > delivering 1jgC7c-00028M-Af (queue run pid 10734) > R: system_aliases for marie@localhost > R: userforward for marie@localhost > R: procmail for marie@localhost > R: maildrop for marie@localhost > R: lowuid_aliases for marie@localhost (UID 1000) >

Re: [exim] Taint mismatch in spam checking

2020-06-03 Thread Jeremy Harris via Exim-users
On 03/06/2020 10:46, James via Exim-users wrote: >  Jun  3 10:29:40 mailhost exim: [ID 631539 mail.info] [1\2] > 1jgPiO-0003Gb-83 Taint mismatch, string_nextinlist: acl_check_condition > 3675 > > ...and no clue as to which line in my config is tainted.  Works with 4.93 It's a "spam=" ACL

<    4   5   6   7   8   9   10   11   12   13   >