Am 07.10.2022 12:00, schrieb Luca Bertoncello via Exim-users:
Am 07.10.2022 11:47, schrieb Sebastian Nielsen via Exim-users:
You can't use it on router.
Use it in a acl mime data rule.
As I said, I added an ACL for acl_smtp_data, but it doesn't work...
I got it!
My proble
Am 07.10.2022 12:03, schrieb Jeremy Harris via Exim-users:
Hi Jeremy
How are you testing it? Have you use the debug facilities?
I just send E-Mails...
I tried with exim -bh , too, and I see:
host in ignore_fromline_hosts? no (option unset)
smtp.i-fra.vhpf.de in "smtp.i-fra.vhpf.de"? yes (m
Am 07.10.2022 11:47, schrieb Sebastian Nielsen via Exim-users:
You can't use it on router.
Use it in a acl mime data rule.
As I said, I added an ACL for acl_smtp_data, but it doesn't work...
Thanks
Luca Bertoncello
(lucab...@lucabert.de)
--
## List details at https://lists.exim.org/mailman/li
Am 07.10.2022 11:10, schrieb Luca Bertoncello via Exim-users:
Hi again
Can someone say me what I'm doing wrong?
I tried to define a data-ACL:
acl_check_data:
warn add_header = X-Blub: blah
warn message = X-Test: yes
accept
Unfortunately, both headers are not set..
Am 07.10.2022 11:24, schrieb Sebastian Nielsen via Exim-users:
Hi Sebastian,
Use:
remove_header = from
add_header = From: {$acl_m0}
and set acl_m0 instead.
That should work.
Unfortunately not...
I tried now (just for test):
acl_check_rcpt_smtp:
warn setacl_m0 = t...@test
Hi list!
I'd like to rewrite the From-Header of the outgoing E-Mails.
So I added in the router:
headers_remove = From:
headers_add = From: ${acl_m_newfrom}
acl_m_newfrom was set in the rcpt-ACL.
Unfortunately the From-Header will be empty.
Can someone say me what I'm doing wrong?
Thanks
Luca
Am 27.09.2022 14:59, schrieb Patrick Cernko via Exim-users:
Hi Patrick
I have successfully integrated WithSecure (F-Secure for Bussiness)
Scanner a few weeks ago. Integration was done using the cmdline
interface. I have a small shell script that does some additional
analysis/logging but basical
Hi list!
Currently, at office, we use Kaspersky, Avast and ClamAV as Antivirus
programs.
All these programs will be used within Exim, to check all inbound and
outbound E-Mails.
Now, we know, Kaspersky/Russia/problem/etc...
So, we must search an alternative to Kaspersky.
Unfortunately, I didn
Am 08.07.2021 14:32, schrieb Luca Bertoncello via Exim-users:
Hi list!
Sometime, very random, Exim reports:
2021-07-08 14:08:32 1m1Ske-000Gkt-3E malware acl condition: clamd
/var/run/clamav/clamd.ctl : unable to read from socket (Connection
timed out)
I added more RAM to the
Am 21.07.2021 10:03, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy,
It's a time to search internet and learn how a trigger on event may be
constructed, for example, emergence of some record in mainlog.
Something like
tail -f /var/log/exim4/mainlog | fgrep --line-buffered PATTERN | w
Am 21.07.2021 09:01, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy,
Compare output ot "lsof -n -a -U -u clamav +E" before and after
hangup.
For all clamd child processes after hangup inspect what they are doing
with strace. Maybe you catch some significant difference with your
norma
Am 12.07.2021 20:17, schrieb Adam D. Barratt via Exim-users:
Hi Adam,
Not of all...
I'm using ClamAV 0.102.4+dfsg-0+deb10u1 from Debian 10 repositories.
In that case you're missing security fixes from 0.103.2+dfsg-0+deb10u1,
along with the graceful reload functionality that Andrew mentioned.
Am 12.07.2021 09:56, schrieb Andrew C Aitchison:
Hi Andrew,
Yesterday happens the problem again, using ClamAV with TCP instead of
Unix-Socket.
This time I can see a correlation to the triggered reload:
Exim paniclog:
2021-07-10 14:10:25 1m2BjZ-0002Ox-Ew malware acl condition: clamd
[127.0.0.
Am 09.07.2021 12:53, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko,
Do these issues have correlation to the freshclam triggered clamav
reloads?
Yesterday happens the problem again, using ClamAV with TCP instead of
Unix-Socket.
This time I can see a correlation to the triggered reload
Am 09.07.2021 12:53, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko
Do these issues have correlation to the freshclam triggered clamav
reloads?
This was my first though.
No, they are not...
Thanks
Luca Bertoncello
(lucab...@lucabert.de)
--
## List details at https://lists.exim.org/mai
Am 08.07.2021 um 21:04 schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
>> well, so simple is not by us, since we have three Antivirus: Kaspersky,
>> Amavis and ClamAV.
>> And due to a decision of my boss is ClamAV the last in the check list...
>
> 1. Chaining and chain order does not matte
Am 08.07.2021 16:05, schrieb Cyborg via Exim-users:
Hi Marius
You could try the tcp/ip approach:
av_scanner = clamd:127.0.0.1 3310
if that also failes in that why, it's your clamd having a problem.
OK, I changed the configuration right now. I really can't understand why
UnixSocket can be t
Am 08.07.2021 15:24, schrieb Jeremy Harris via Exim-users:
On 08/07/2021 13:32, Luca Bertoncello via Exim-users wrote:
unable to read from socket
This is specifically a failure on read, after the connect and write
have worked. I'd suggest running a smaller timeout, letting this
error r
Hi list!
We have a very strange problem on a mailserver by us...
Sometime, very random, Exim reports:
2021-07-08 14:08:32 1m1Ske-000Gkt-3E malware acl condition: clamd
/var/run/clamav/clamd.ctl : unable to read from socket (Connection timed
out)
In this moment there are _NO_ log entry in Cl
Hi list!
In my exim.conf I have these statements:
warn set acl_m_from = ${domain:${sg {$h_from:}
{^\N(.*)?\<(.*)?\>$\N} {\$1}}}
warn set acl_m_froma = ${addresses:${sg {$h_from:}
{^\N(.*)?\<(.*)?\>$\N} {\$1}}}
warn set acl_m_from1 =
${extract{2}{@}{${reduce{${addresses:$h_from:}}
Am 19.04.2021 10:40, schrieb Jeremy Harris via Exim-users:
Hi Jeremy
Are you allowed to (mass-) edit this file before use?
You could turn the lines into RE's and use nwildlsearch:
^test@tester\.de
^test
^tester\.de
Unfortunately not, since the file must be used for other checks, too...
But I
Hi all!
I need to check if the given address is in a "block list".
The problem is, that the list can contains part of addresses, too, eg:
t...@tester.de
test
tester.de
so that a lookup for b...@tester.de must match.
I really don't know how to do that. Any suggestion?
I found that:
conditio
Am 20.03.2021 um 09:43 schrieb Andrew C Aitchison via Exim-users:
Hi again
> The message says "Tainted filename"
> recent versions of exim refuse to open files with names derived from the
> incoming message unless they have been "sanitised" eg by a database
> lookup. To be certain we would have
Am 20.03.2021 um 09:43 schrieb Andrew C Aitchison via Exim-users:
Hi Andrew!
> The message says "Tainted filename"
> recent versions of exim refuse to open files with names derived from the
> incoming message unless they have been "sanitised" eg by a database
> lookup. To be certain we would h
Hi list!
Since yesterday I cannot read the domainkey file by sending the E-Mails.
In the log I see:
2021-03-20 08:41:28 1lNWEh-0004NA-PE Tainted filename
'/etc/exim/domainKeys/lucabert.de/2021.priv'
2021-03-20 08:41:28 1lNWEh-0004NA-PE unable to open file for reading:
/etc/exim/domainKeys/lucabe
Am 09.03.2021 16:26, schrieb Evgeniy Berdnikov via Exim-users:
On Tue, Mar 09, 2021 at 03:28:25PM +0100, Luca Bertoncello via
Exim-users wrote:
Now, this is for me a confirmation, that Kaspersky want to send an
E-Mail...
Of course, I cannot leave the situation so, since the sender will
retry
Am 09.03.2021 14:38, schrieb Jeremy Harris via Exim-users:
Hi Jeremy
Look into the docs description of acl_not_smtp. The data
ACL is called after an SMTP DATA command finishes, and your
message source is not SMTP.
So, I see, the "phantom E-Mail" contains an Header X-Loop.
So I create an ACL
Am 09.03.2021 14:11, schrieb Jeremy Harris via Exim-users:
On 09/03/2021 10:25, Luca Bertoncello via Exim-users wrote:
2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de
U=Debian-exim P=local S=3031
2021-03-09 09:56:29 1lJYAH-lJ-75 => l.bertonce...@queo-group.
Am 09.03.2021 13:44, schrieb Evgeniy Berdnikov via Exim-users:
Hi
Line
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
suggests that library entry point is called "scan".
Could you suggest me how to call it? And maybe (since it logs a huge
amount of line
Am 09.03.2021 13:06, schrieb Evgeniy Berdnikov via Exim-users:
Hi
This is my /tmp/sendmail.log:
6366 pts/0S+ 0:00 exim -d+all -bh 185.242.112.224
Do I understand correctly, that Exim generate the E-Mail?
Yes, this is what expected if Kaspersky library spawns child process.
It can
Am 09.03.2021 12:10, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
Where the evil comes this sendmail-call?!?
I suspect Kaspersky library as source of this process.
I suspect it too, but I'd like to confirm that...
There are simple ways to check it:
1. Run exim -bh under strace
Am 09.03.2021 11:45, schrieb Evgeniy Berdnikov via Exim-users:
On Tue, Mar 09, 2021 at 11:25:20AM +0100, Luca Bertoncello via
Exim-users wrote:
In Exim mainlog I can just see, that the E-Mail was sent:
2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de
U=Debian-exim P=local S=3
Am 09.03.2021 10:42, schrieb Evgeniy Berdnikov via Exim-users:
Your debug log does not show any invocation of transport. If mail
really
appears in the destination mailbox, next point of investigation should
be
Kaspersky. But it is very unlikely that Kaspersky can do direct
delivery
to user
Am 09.03.2021 10:42, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
Your debug log does not show any invocation of transport. If mail
really
appears in the destination mailbox, next point of investigation should
be
This is what I suppose, too...
Kaspersky. But it is very unlikely t
Am 09.03.2021 09:49, schrieb Luca Bertoncello via Exim-users:
The strange is, that the E-Mail just be submitted if it contains a ZIP
file as attachment. For example, an E-Mail with a PNG will not be
resubmitted...
Even stranger...
The behaviour happens just if an E-Mail was sent with a
Am 24.02.2021 13:31, schrieb Jeremy Harris via Exim-users:
Hi again
Add debug options to your -bh repeat-by,
and follow through the flow of the ACLs.
This is very strange... I tried to add a "deny" just after the check by
Kaspersky:
warn condition = ${if def:h_X-Ciphermail
Am 24.02.2021 14:14, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko
Ok, it *seems* that Exim rejects the message.
But … please show us your ACL.
Could someone help me finding the problem?
There is the *fakereject* ACL verb, did you use it?
I think I found the problem...
It seems, Ka
Hi list!
I have a very strange problem...
By some E-Mails (no template found) the sender will be notified that the
E-Mail contains a virus, but the recipient receives the E-Mail.
Some words about our configuration: we have three Antivirus (Kasperski,
Avast and ClamAV). If at least one of thes
Am 26.02.2020 um 17:31 schrieb Evgeniy Berdnikov via Exim-users:
> Handshake is definitely completed: last packet from server is
> pure Application Data, and its payload length (170) is very close to
> 146 bytes of 2-line SMTP banner (it should be slightly greater due to
> padding and hmac). S
Am 26.02.2020 13:27, schrieb Jeremy Harris via Exim-users:
Hi Jeremy,
I see that's actually 8465 not 465. I assume real-465
behaves the same?
Yes, I wrote 465, but we use 8465, configured as 465...
We're not too much closer. They agreed, during handshake, on a
cipher-suite. We can't actu
Am 25.02.2020 14:57, schrieb Evgeniy Berdnikov via Exim-users:
Run traffic analyzer on the server host.
Post capture file here if you can't interpret output.
Here the traffic dump...
Thanks a lot
Luca Bertoncello
(lucab...@lucabert.de)
smtp.pcap
Description: application/vnd.tcpdump.pcap
--
Am 25.02.2020 16:54, schrieb Graeme Fowler via Exim-users:
Hi
A quick search (using a popular search engine) for:
exim debian stretch "error in the pull function"
...returned a significant number of results, not least of which was:
https://lists.exim.org/lurker/message/20180207.150204.6
Am 25.02.2020 um 19:49 schrieb Jeremy Harris via Exim-users:
> On 25/02/2020 18:15, Luca Bertoncello via Exim-users wrote:
>> Well, but that cannot be the problem, since the iPhone can communicate
>> with Exim using the port 587 and the same configuration...
>
> In case you
Am 25.02.2020 um 16:54 schrieb Graeme Fowler via Exim-users:
> A quick search (using a popular search engine) for:
>
> exim debian stretch "error in the pull function"
>
> ...returned a significant number of results, not least of which was:
>
> https://lists.exim.org/lurker/message/20180207.150
Am 25.02.2020 um 17:09 schrieb Heiko Schlittermann via Exim-users:
> which is fine for ESMTP, but not for SMTP. When your server issues
> the banner, it can't know if the client is able to speak/understand
> ESMTP. The server can announce it (via "EMSTP" string on the banner)
> and the client has
Am 25.02.2020 16:23, schrieb Jeremy Harris via Exim-users:
Mmm, that incredibly helpful error message from GnuTLS. "An error",
wow.
I thought so, too...
Best guess is that the client closed the connection before the
TLS handshake finished. Possibly it doesn't like the set of
ciphersuites y
Am 25.02.2020 16:12, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko,
Can you tell us the IP of your server? Or at least the *complete*
response you get using openssl.
Well, here is it:
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO RSA Certifi
Am 25.02.2020 14:44, schrieb Jeremy Harris via Exim-users:
The main server uses Exim 4.89 from Debian Stretch paket, so I can't
update it right now...
The server with 4.92.3 is my private server (with Exim compiled). But
the problem must be solved on the server with 4.89 as primary target...
Am 25.02.2020 14:01, schrieb Jeremy Harris via Exim-users:
Hi Jeremy
Session tickets are an optional thing in TLS. I doubt that
is the problem.
This was the only difference betwenn my answer and Google's one...
If you run your Exim daemon with debug enabled, what does
it show for a connect
Hi list!
I have a server with Exim 4.89 (I tried with another server with Exim
4.92.3, too. Same problem!).
It works with all clients, but not with iPhones...
I configured it to listen on port 465 as SMTPs. If I set this port in
iPhone, it waits, and waits, and waits...
But no SMTP command w
Am 06.06.2019 10:28, schrieb Niels Dettenbach via Exim-users:
Hi Niels
Do you have
-lspf2
in
LOOKUP_LIBS
too? It seems, i need this.
You may even try to enable.
EXPERIMENTAL_SPF=yes
SUPPORT_SPF=yes
Got it! ;)
I added "-l spf2" in LOOKUP_LIBS and "EXPERIMENTAL_SPF=yes" and no
Hi list!
I'm trying to compile Exim 4.92, but I get this error:
gcc -o exim
drtables.o: In function `init_lookup_list':
drtables.c:(.text+0x20e): undefined reference to
`spf_lookup_module_info'
collect2: error: ld returned 1 exit status
Makefile:645: recipe for target 'exim' failed
make[1]: **
Hi list,
we receive many E-Mails with faked From (Header), and I'm trying to
block them.
Currenty I extract the domain (most our own domain) and check it for
SPF.
Hier my code to extract the From:
warn set acl_m_from =
${extract{2}{@}{${reduce{${addresses:$h_from:}}{}{$item
Unfor
Always Learning via Exim-users schrieb:
Hi,
> If you reject emails from MTAs having no rDNS or no resolving HELO (or
> EHLO) names or having a HELO name that is different from the sending
> MTA's host name, most of your spam will not reach your users.
Of course I do that!
But unfortunately I al
Jeremy Harris via Exim-users schrieb:
> But you're better-off never accepting the message. Consider doing
> cutthrough-routing for these; this means that if the site you are
> forwarding to (Google) refuses the message even as late as after-data
> (which, given they need to analyse the body, is
Hi list!
My problem: I have an "info@"-address that forwards the E-Mails to other
addresses, some on them outside my servers.
Well, unfortunately this address catches many Spam/junk E-Mails and, of
course, my Exim (4.88) tries to forward them.
Virus are blocked and will __NOT__ be forwarded, but
Hi list!
Is it possible to log the used port for the incoming E-Mail in the mainlog?
Currently I have something like:
2018-04-20 11:57:02 1f9Sms-wer857-24 <= b...@blah.de H=(mail.blah.de)
[1.2.3.4] P=esmtps X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 S=4980
id=kcim.5ad9b96d.3343.319236551223c.
Heiko Schlittermann via Exim-users schrieb:
> I'm not sure, if defer_ok is the right way, except you agree with
> getting messages with zip bombs (in your case)
Since we have 2 other Antivirus, I think, this is OK... ;)
Regards
Luca Bertoncello
(lucab...@lucabert.de)
pgp3nlq2u0Jf2.pgp
Descrip
Zitat von Heiko Schlittermann via Exim-users :
Hello Heiko
This should result in a defer.
I added /defer_ok to solve this problem, but of course the paniclog
will always receive these errors...
It seems that I cannot disable this warning in Avast and I didn't found any
option in Exim to
Hi list!
I see very often this message in exim paniclog:
malware acl condition: avast /var/run/avast/scan.sock : invalid
response from scanner: 'SCAN
/var/spool/exim4/scan/1ew39J-0002Qa-4m/1ew39J-0002Qa-4m-4|>somefile
[E]1.0 Error 42110 The\ file\ is\ a\ decompression\ bomb'
It
Mike Brudenell via Exim-users schrieb:
Hi Mike
> The sample configuration you posted is just a set of ACLs entries. The
This was NOT a sample configuration, but the real configuration we use to
scan the E-Mail with Kaspersky...
> *Specification* seems to be saying that when Exim calls the func
Zitat von Mike Brudenell via Exim-users :
Hi Mike
Have you added a local_scan function to your configuration?
Yes! Kaspersky. And I must say, that I already had some suspect on that...
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-adding_a_local_scan_function_to_exim.html
If
Hi list,
I recently discovered this very curiously message in the mainlog:
2018-02-28 00:56:11 1eqp6G-0004wp-IR DKIM: d=email.microsoftemail.com
s=102420140131 c=relaxed/relaxed a=rsa-sha1 b=1024 [verification
succeeded]
2018-02-28 00:56:12 1eqp6G-0004wp-IR LMS check accept: 250 OK
2018-02-
Zitat von Mike Brudenell via Exim-users :
Hi Mike!
Take a look at the *The Exim command line* section in the *Exim
Specification*. In there you'll find many options beginning with "-oM" that
can be used to set all sorts of things. For example, you might find the
-oMa option useful.
You can use
Hi list!
I have in my exim configuration many routers depending from the port
used to send the E-Mail.
Now I need to test them and I really don't know how... :(
To test a router I usually use exim -bt b...@blah.de, but so exim use
ignore the source port.
Is there any option for "exim -bt"
Zitat von Heiko Schlittermann via Exim-users :
Hello Heiko
Luca Bertoncello via Exim-users (Fr 09 Mär
2018 09:32:32 CET):
Zitat von Mueller via Exim-users :
Hi Daniel
> Avast:
> av_scanner = avast:/var/run/avast/scan.sock:FLAGS -fullfiles:SENSITIVITY
> -pup
> av_scanner = avas
Zitat von Mueller via Exim-users :
Hi Daniel
Avast:
av_scanner = avast:/var/run/avast/scan.sock:FLAGS -fullfiles:SENSITIVITY
-pup
av_scanner = avast:your.ip.nr 5036
I try now Avast, but I always get the error:
malware acl condition: avast /var/run/avast/scan.sock : invalid
response from s
Zitat von Heiko Schlittermann via Exim-users :
Hello Heiko,
If not supported yet, you can easily sponsor the integration, Lucabert.
I really don't have time to do that... sorry...
But, nevertheless, if there is no "binary" interface supported yet, you
can use the command line interface, I g
Hi list!
We use Exim 4.89 as MTA at office.
Currently we use Kaspersky to scan incoming and outgoing E-Mails and
we'd like to integrate a second virus scanner.
We got an offer for ESET and a test license, so I'd like to try the
integration with Exim.
We __NEED__ to be able to refuse the E-Mai
Zitat von Jeremy Harris via Exim-users :
Hello Jeremy
A single-element domain list, with the filename.
A match_domain expansion condition comparing
$sender_address_domain with that list.
A condition= generic condition on your router.
OK, thank you!
Now I understand what you mean.
Of course,
Zitat von Jeremy Harris via Exim-users :
On 26/02/18 13:20, Luca Bertoncello via Exim-users wrote:
I really don't know which other lookup I can try to just check IF a
string in a file exists.
Can someone suggest me somewhat?
http://exim.org/exim-html-current/doc/html/spec_ht
Hi list!
I need to check, in a Exim-Router, if the sender domain is in a list
of domain.
I tried so:
condition = ${if eq{${lookup {$sender_address_domain}wildlsearch
{/etc/exim4/virtualdomains.txt}}}{}{yes}{no}}
but it does not really works...
The file /etc/exim4/virtualdomains.txt is jus
Zitat von Andrew Colin Kissa via Exim-users :
Hello Andrew
Sophie is a protocol, it is implemented in Sophos products by the
SAV Dynamic Interface Linux 64 bit package
You can use that in conjunction with the free Sophos "Antivirus for Linux"
So, do I need the "Antivirus for Linux" and "SAV
Zitat von Mueller via Exim-users :
Hello,
just the use of clamav will run without issues:
av_scanner = clamd:127.0.0.1 3310
Sophos:
av_scanner = sophie:/var/run/sophie
Could you say me the NAME if the product by Sophos?
Then, I searched about this "sophie" and it seems to be a very very
old
Hi,
currently we use Kaspersky to scan incoming and outgoing E-Mail with
Exim 4.89.
My boss would like to integrate some other antivirus on the system and
he suggest BitDefender and Sophos.
I searched on the internet page of both companies, but I just found
marketing-shit.
A chat with the
75 matches
Mail list logo
