Currently i use an (old) exim configuration for sympa, where i've setup only
one transport:
sympa_transport:
debug_print = "T: sympa_transport for $local_part@$domain"
driver = pipe
current_directory = /var/lib/sympa
home_directory = /var/lib/sympa
envelope_to_add
return_path_
Sorry, a bit busy, i come back on this.
Little recap: i'm using exim fetching LDAP user data, and i need to 'reject'
some recipient.
Jeremy Harris say:
> You could. But you might just as well do it in ACL, eg a "require"
> verb with a condition doing the ldap lookup looking for an active user
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
>> I need to bounce
> It's generally better to reject.
Ops! Sorry! Exactly, i need to reject, not to bounce...
>> I'm a bit confused, so i hope i was a bit clear on my question...
> How about marking up the users as "inactive" in
I need to bounce (also in verify, indeed) some user/mailbox; there's a 1:1
relation between mailboxes and users, and simply some 'alias' are queried
via LDAP and 'normalized' to users/logins:
.ifdef LOCAL_USER_LDAP_ALIASES_QUERY
user_ldap_aliases:
debug_print = "R: user_ldap_aliases for $lo
Mandi! Leonardo Boselli via Exim-users
In chel di` si favelave...
> What is easier way ?
Not 'easier', but... consider also some 'offline' transport system, like
UUCP.
On online host you queue email to UUCP, and intermittent host simply fetch
them when needed.
--
Il Re di Spagna fece vela,
Mandi! Marco Gaiarin
In chel di` si favelave...
> Why matches?! Thanks.
What a dumbass! Sorry!
I was connected in VPN, so i was using a private IP, but not in
+relay_from_hosts...
Again, sorry...
--
Se non trovi nessuno vuol dire che siamo scappati alle sei-shell (bash,
tcsh,
Mandi! Slavko via Exim-users
In chel di` si favelave...
>> OK; but how can i determine the exact point in acl_check_rcpt ACL
>> that make it fail? I'm a bit puzzled...
> In the output you have all processed ACL and its condition shown, eg.:
> check domains = !+local_domains
> This will be
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> Since 4.93 the "processing" debug line gives the config filename and
> line number. Presumably you're running something older.
Yes, version 4.84.2-2+deb8u8 ...
--
Vendere no, non passa tra i miei rischi,
non comprate i miei
I'm bouncing some email, and i've not clear how; so i've fired up:
exim -d -bhc
and put HELO, MAIL FROM: and RCPT TO: by hand; and effectively the
ACL fail; at the last i have:
--- end verify
require: condition test succeeded in ACL "acl_check_rcpt"
processing
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> On 29/01/2021 09:07, Marco Gaiarin via Exim-users wrote:
>> There's some way to 'bind on output', eg for output connection only some
>> interface?
> The smtp transport "interface" opt
With local_interfaces i can bind exim to listen on some/only particular
interface.
There's some way to 'bind on output', eg for output connection only some
interface?
AFAIK exim simply bind on local socket, so will use in any case *all*
interfaces available.
I hope i was clear. Thanks.
--
Mandi! Odhiambo Washington via Exim-users
In chel di` si favelave...
> My next quest is to see if I can have Exim to authenticate users against
> it.
Probably different setup can be built (eg: Kerberos/GSSAPI direct
authentication, or auth against Dovecod, configured with kwerberos) but
indeed
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> No signs of your "control = allow_auth_unadvertised".
> Possibly there was a preceding "accept" verb?
Exactly. I've wrote:
>> ahem, there was another ACL before that in 'accept'.
>> Sorry to the list. Thanks. ;-(
--
But someb
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> Did you set a "acl_smtp_connect" *option* to the name of your new ACL?
> Did you restart the daemon with the new config?
Yes, of course.
> If so, you'll need to run the daemon with debug enabled, to see the
> flow. I suggest -d
I need to let a 'broken' client (a termoscanner device, very badly
engineered) to my internal exim server.
Trying to use plain SMTP lead to:
8 5.098632781 10.5.1.160 ??? 10.5.1.3 SMTP 82 C: HELO Localhost
[...]
14 5.101334018 10.5.1.160 ??? 10.5.1.3 SMTP 78 C: AUTH LOGIN
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> Run the exim that results in the transport be run,
> with debug turned on.
> If this test message is smtp-fed, that'll be the daemon.
> If commandline, it's the one you start.
> Grab stderr to file, for later perusal.
> Feed in the
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
>> How can i debug trasport?! ;-)
>>> Run the exim that forks to become the transport with
>>> debug enabled (either via ACL action or commandline option).
>> Ahem... some examples or some direct link in documentation? O;-)
> The
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
How can i debug trasport?! ;-)
> Run the exim that forks to become the transport with
> debug enabled (either via ACL action or commandline option).
Ahem... some examples or some direct link in documentation? O;-)
Thanks.
--
Mandi! Mike Tubby via Exim-users
In chel di` si favelave...
>> I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:
>>
>> DKIM_CANON = relaxed
>> DKIM_SELECTOR = 2020
>> DKIM_DOMAIN = ${lc:${domain:$h_from:}}
>> DKIM_PRIVATE_KEY = ${if
>> exists{/etc/e
Mandi! Andreas Metzler via Exim-users
In chel di` si favelave...
> PS: However I think it improves readability to write the acl statements
> in the logical order (check some conditions, deny/reject, then log a
> message) and it also spares me from having to rember which statements
> act immediat
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> Can you get a debug output for an attempted delivery?
Suffices something like an:
root@mail:~# exim -d -bhc 127.0.0.1
Mmm... no, seems that in this monde there's no delivery, so no debug in
trasport.
How can i debug
Mandi! Andreas Metzler via Exim-users
In chel di` si favelave...
> You "require" any message recipient domain part to *not* match +local_domains
> which is not the case.
Probably i've found how this recipe goes in the file, it is clearly a
mistake, sorry.
> BTW it is not a good idea to specif
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> You didn't mention what, if any errors were logged.
No.
> I'm guessing you're trying to use a tainted string as a filename.
> If so, the usual rules apply: you must now verify the string in
> a way that Exim understands, so as t
Mandi! Andreas Metzler via Exim-users
In chel di` si favelave...
> are these macros actually set correctly? Check with
> /usr/sbin/exim4 -bP transport remote_smtp | grep dkim
seems yes...
root@mail:~# exim4 -bP transport remote_smtp | grep dkim
dkim_canon = relaxed
dkim_domain = ${lc:${do
I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:
DKIM_CANON = relaxed
DKIM_SELECTOR = 2020
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_PRIVATE_KEY = ${if
exists{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{/etc/exim4/dkim/DKIM_DOM
really i don't remember exactly how, but i've added to my boilerplate exim
config file an ACL, near the end of acl_check_rcpt ACL, that sounds like:
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the d
Mandi! Mike Brudenell via Exim-users
In chel di` si favelave...
> So in your ACL you are telling Exim to *always* add the header, and
> *then* apply
> the test to verify the HELO.
Ops... ;-)))
Thanks to all. ;-)
--
Free software is a matter of freedom, not a matter of price
I've a simple 'warn' ACL:
warn
add_header = X-HELO-Warning: Remote host $sender_host_address ${if
def:sender_host_name {($sender_host_name) }}incorrectly presented itself as
$sender_helo_name
log_message = Remote host presented unverifiable HELO/EHLO greeting
hosts = !+relay_from
Mandi! Benoît PELISSIER via Exim-users
In chel di` si favelave...
> So third block is router.
> And first and second ? Where can i put here ?
Put everywhere you want on the first section of exim config file, before ACL
definition.
--
And did you exchange a walk on part in the war
for a le
Mandi! Benoît PELISSIER via Exim-users
In chel di` si favelave...
> So someone can help me with example file or i will try it alone (with my
> no-brain) ? :)
For examples:
LOCAL_AD_SERVERS = vdcsv1.ad.fvg.lnf.it::3268
LOCAL_AD_BASE_DN = ${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}
# You hav
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
>> But every time clamd have trouble, exim log in panic_log, and so debian
>> compain about it.
> That's the point of the panic log. It's a place where real problems
> get put, so that you can notice. Debian is complaining because
I have:
av_scanner = clamd:/var/run/clamav/clamd.ctl
[...]
deny
malware = */defer_ok
message = This message was detected as possible malware
($malware_name).
But every time clamd have trouble, exim log in panic_log, and so debian
compain abou
Mandi! Heiko Schlittermann via Exim-users
In chel di` si favelave...
> If someone is interested, I'd add some more comments and do some more
> testing. But similiar implemntations we did for customers.
Please! Put that on wiki!
https://github.com/Exim/exim/wiki/SRS
Thanks.
--
Che
Mandi! Dmitriy Matrosov via Exim-users
In chel di` si favelave...
> (Debian 6, 4.72, no $tls_sni, no $tls_in_sni)
4.72 is not vulnerable, as Heiko say in:
https://www.bleepingcomputer.com/news/security/critical-exim-tls-flaw-lets-attackers-remotely-execute-commands-as-root/
--
Tut
Mandi! Heiko Schlittermann via Exim-users
In chel di` si favelave...
> Add - as part of the mail ACL (the ACL referenced by the main config
> option "acl_smtp_mail"):
> denycondition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni
> denycondition = ${if eq{\\}{${substr{-1}{1}{$tl
Mandi! Heiko Schlittermann via Exim-users
In chel di` si favelave...
> How does your Exim decide, if the user is known? Can you post the
> router(s), that are responsible for your local users?
Pretty standard debian routers.
I've added a big section of LDAP routers, but are only for internal u
Mandi! Chr. von Stuckrad via Exim-users
In chel di` si favelave...
> I have not looked 'into' exim (sources), but something similar happened
> here with the change to NSS. After the switch from using 'pam with ldap'
> to 'pam + NSS with the same ldap', the simple line 'getent passwd'
> (i.e. rou
This is a strange thing.
I'm (ab)used to use Samba in mixed environment (Linux/Windows), in NT mode,
using LDAP as backend, exporting users to NSS via libnss-ldap(d), using also
nscd that do some caching.
Usually the mail server is also the samba server, so it is hard to have
users ''desappear'
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> Debugging can be turned on (and cancelled) by an ACL modifier.
> This means you can make it conditional on all kinds of convenient
> things, merely by doing a bit of programming. Read the documentation
> on ACL.
Cool! Thanks!
--
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> I think you need to find out what it's actually doing in the router
> context. Try running with debug enabled, either by starting your
> daemon with extra commandline options (it'll output to stderr) or
> by patching an ACL "debug
I've setup an LDAP query like that:
unseen = ${if eq{${lookup ldapm {user=LOCAL_AD_BIND_DN
pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_ALIASES_DN?rfc822MailMember?sub?(&(objectClass=nisMailAlias)(cn=${quote_ldap:${local_part}}@${quote_ldap:${domain}}))}}}{}{no}{yes}}
query work (tested by han
Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...
> The routing chain is restarted for each child-address generated
> by a router, by default. See section 10 of
> http://exim.org/exim-html-current/doc/html/spec_html/ch-how_exim_receives_and_delivers_mail.html
OK, seems clear. Usin
Mandi! Evgeniy Berdnikov via Exim-users
In chel di` si favelave...
> You can take a redirect router for /etc/aliases as a template,
> and rewrite it making your custom router with 'require_files' statement
> for some "conditional aliases" file, say, /etc/aliases2.
OK, i supposed that. Seems
I need to setup some 'bouncers' for some aliases; clearly i can do in
/etc/aliases from:
alias: user1, user2
to:
alias: |/my/bounce/script, user1, user2
(or something like this), but i want to use some 'magic', i'm thinking about
setting up a redirect router, with a 'require_f
Mandi! Victor Ustugov via Exim-users
In chel di` si favelave...
>> deny
>> message = Serious MIME defect detected ($mime_anomaly_text)
>> condition = ${if > {$mime_anomaly_level}{1} {true}{false}}
> It's better to insert "decode = default" before "message"
Oh, yes, sorry: my full ACL
Mandi! Victor Ustugov via Exim-users
In chel di` si favelave...
> Try to use $mime_anomaly_level and $mime_anomaly_text
Bingo! I've wrote:
deny
message = Serious MIME defect detected ($mime_anomaly_text)
condition = ${if > {$mime_anomaly_level}{1} {true}{false}}
looking at the code
Mandi! Lena--- via Exim-users
In chel di` si favelave...
> No way I think. I'm curious: how often did you see messages triggering
> this rejection?
Oh, probably never... but indeed seems good to reject messages with a
defective MIME structure...
> More elaborate checks:
Thanks for the hint.
I'm a bit later but...
I've to rewrite my 'data' ACL that use the old 'demime' condition. One is:
deny
message = .$found_extension files are not accepted here
demime =
ADE:ADP:ASP:BAS:BAT:CAB:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:R
Under transport configuration of Exim I have added the X-Report-Abuse
header.This works if an email is sent from a mail client but not from an PHP
application.remote_smtp:
driver = smtp
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = x
dkim_private_key = /etc/e
> There's some way to tell exim not to defer email? I've read:
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
> but seems 'no' to me...
Ahem, i've read not so well... or at least i've hitted my brain against the
'av_scanner = ' definiti
Today i've hit:
https://bugzilla.clamav.net/show_bug.cgi?id=11549
Practically, for a broken signature, ClamAV cosumes all fd, after then stop
responding (but does not die), and so exim start to defer email.
Clearly i'm using one clamav server, on local, eg:
av_scanner = clamd:/
Mandi! Victor Ustugov via Exim-users
In chel di` si favelave...
> This example allow to get mail addresses of all the groups, contacts and
> non-disabled users which are members of the group with mail address
> groupname@my.domain:
Many thanks!
--
But i still haven't found
what i'm lookin
Mandi! Viktor Dukhovni
In chel di` si favelave...
> What's motivation behind this thread? Are you trying to expand a
> group whose members are listed indirectly as member DNs? If so,
Exactly. If tehre's a group that hame email 'groupname@my.domain', expand
automatically the recipient to the g
Mandi! Jasen Betts
In chel di` si favelave...
> the list in your example has only one item.
> see section exim spec 6.20, 6.21, 6.23
I know that. But as cited by Mike, the LDAP exim documentation suggest to
use 'listextract' to handle the ''double comma'' expansion.
But, really, i don't unde
Mandi! Mike Brudenell via Exim-users
In chel di` si favelave...
> If you're trying to get to values within a list, try using the *listextract*
> expansion item:
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpansionitems
> There's a bit more on it in
>>> What i'm missing?!
>> quote_ldap_dn ?
> No, seems no. Same result.
Boh. I've done some more tests, but insted of using:
exim -be
i've used:
exim -d+deliver -v -bt test@domain
and my LDAP query, as expected, work. The query finally is:
${lookup ldapm {user=LOCAL_
Mandi! Jeremy Harris
In chel di` si favelave...
>> What i'm missing?!
> quote_ldap_dn ?
No, seems no. Same result.
> ${lookup ldapm
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}??uid?sub
I'm still hitting my head on the wall triying to make nested LDAP queries
work (in AD).
Some examples:
Having a group name, getting the group DN:
> ${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC
>> Maybe this?
> Could be. At least i'm starting to understand, but still does not work.
Finally i've got a working query as:
${lookup ldapm {user=LOCAL_AD_BINDDN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN?uid?sub?(&(objectClass=user)(|\
${sg \
{
Mandi! Mikhail Golub
In chel di` si favelave...
Sorry for the late answer.
> Maybe this?
Could be. At least i'm starting to understand, but still does not work.
For now, i've coded that:
data = ${lookup ldapm {user=LOCAL_AD_BINDDN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN?uid?sub?(&(obj
I've googled a bit around but i've not found relevant info.
I need to do ''second level'' or ''nested'' ldap queries, because i need to
found user in a ''group of names'' (really: an AD LDAP server).
So, a first query have to return DNs for every member in a group, and a
second query have to ex
> I'm doing something wrong or really it is needed to disable stronger auth?
> When connecting exim write:
> LDAP_OPT_X_TLS_TRY set due to ldap:// URI
> so seems that at least try to connect with tls...
Googling against LDAP_OPT_X_TLS_TRY lead me to solution.
It sufficies to force TLS on
I'm trying to do some queries from exim (4.84.2-2+deb8u3) to an AD LDAP
server (Samba4.2, but i think make little difference).
Following:
https://github.com/Exim/exim/wiki/MsExchangeAddressVerification
i've correctly make a test query, but i was forced to disable ''stronger
auth'', eg pu
Mandi! Brian Candler
In chel di` si favelave...
> Clues gratefully received...
Not at exim level, but for a similar reason i've setup policy routing,
binding route to DNS and smarthost to a particular route (look at LARTC, old
but still useful, particulary:
http://lartc.org/howto/lartc.
Mandi! Mike Brudenell via Exim-users
In chel di` si favelave...
[sorry for the late answer...]
> I'm not too sure what you're asking??? Is it about the *errors_to* option for
> routers in Exim? If so, the documentation for errors_to in the
> *Specification* shows it is expanded when it is used.
Mandi! Jeremy Harris
In chel di` si favelave...
> That's entirely up to your configuration.
Ahem, really really true... after double checking my exim confing i've found
that simply i've mixed-up some ACL. ;(
Sorry for the fuss...
--
La CIA ha scoperto chi porta il carbonchio... la befanchi
I've a server that handle a mail domain, debian jessie, clearly exim.
I've ever user a smarthost (the ISP one) to send email to final recipent,
with a custom configuration but heavy based on debian default one.
Recently i've changes ISP and so smarthost. Suddenly some aliases, that
redirect to
Supposing to have aliases (strictling speaking: a LDAP query, but also a
file, is irrilevant) that have as destination local and remote addresses
(clearly, not only one of them: mixed up).
There's some way to rewrite sender, setting 'errors_to = ', based on the
recipient address, eg only for nonl
Mandi! Jasen Betts
In chel di` si favelave...
>> To narrow down some corner-cases, there's some way to ''count'' From:
>> header, preventing DKIM signature if count <> 1?
> ${domain:$h_from} comes up blank if there are multiple addresses.
Ok, so a macro like:
DKIM_SELECTOR = 2017
DKIM_DOMAIN
Mandi! Marco Gaiarin
In chel di` si favelave...
> EG, seems that the 'verify_only' router is not strictly needed... right?
No, sorry. Probably i've messed up my tests, the 'verify only' router IS
needed...
--
La sorte di chi sa fare le co
Mandi! Phil Pennock
In chel di` si favelave...
> Does your Exim have full DNS access?
Yes!
> You put a "verify_only" router
> right before the smarthost router, which gets "no_verify".
Good idea! But in my (slightly modified) debian exim config does not work.
After fiddling a bit with addre
Mandi! Mike Brudenell
In chel di` si favelave...
> Also, using local knowledge of our setup, the systems we use on campus are
> *highly* unlikely to generate outgoing emails with multiple addresses in
> the RFC5322.From so I'm comfortable with using its (single) address to
> select the signing k
I'm using exim on a border gateway, that then send to a smarthost (ISP smtp
server).
We have noted that if we send an email to an inexistant domain (eg,
g...@lilliput.linux.itt), the ISP relay refuse it (450, Recipient address
rejected: Domain not found) but exim put them on queue (temporary reje
Mandi! Mike Brudenell
In chel di` si favelave...
> Hence it would be a very good idea to select the domain for the DKIM
> signature you generate based on the RFC5322.From address.
Super clear. Thanks!
--
E i professori dell'altroieri stanno affrettandosi a cambiare altare
hanno indossato
I'm testing DKIM implementation in my exim server, and looking out google
point me here:
https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
for multidomain setup (i'm interested in) the author proposed:
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
bu
On 2016-06-29 18:37, Amanda Giarla wrote:
> Been trying to remove myself from this list for some time now. Don't
> remember the password AND the REMIND button does not send me the password.
>
> Please remove me from this list.
>
Visit this link: https://lists.exim.org/mailman/options/exim-users
I AM on CentOs 6.8 with RedHat Exim 4.72
I AM using CSF Firewall also who set a CronJob for do auto updates.
When an update of CSF is available an email with the update Cron info is sent
to the root address but this generate all time a Delivery Status Notification.
Not only CSF do this a
I AM on CentOs 6.8 with RedHat Exim 4.72
I AM using CSF Firewall also who set a CronJob for do auto updates.
When an update of CSF is available an email with the update Cron info is sent
to the root address but this generate all time a Delivery Status Notification.
Not only CSF do this also
I AM on CentOs 6.8 with RedHat Exim 4.72
I AM using CSF Firewall also who set a CronJob for do auto updates.
When an update of CSF is available an email with the update Cron info is sent
to the root address but this generate all time a Delivery Status Notification.
Not only CSF do this also
Hello toall the Exim community,
my sharedweb hosting (GoDaddy) is using Exim 4.85 and, accordingly to this
tool, unlocktheinbox.com/mail-tester/ I can see that my outgoing emails are
DKIMsigned.
The problemis that they are not providing the corresponding public DKIM key to
publish onmy dns.
The
Mandi! Renaud Allard
In chel di` si favelave...
> You can put something like this in acl_smtp_connect
Wonderful! Thanks!
--
Complimenti a Focus. Una rivista da comprizzare e letturizzare, per
intelligentizzarci, culturizzarci e conoscizzare l'italiano.
I'm setting up my first SAN (an HP MSA 1040, indeed); setting up email i've
seen that does not work.
Digging a bit, i've found:
2016-06-15 18:26:26 SMTP protocol synchronization error (input sent without
waiting for greeting): rejected connection from H=[10.5.254.2] input="NOOP\r\n"
digging a
Hi,for protect myself from SPAM as my VPS control panel is working on AntiSpam
I have a check into exim with long 550 error message:
deny message = Message temporary rejected for SPAM - $sender_fullhost is in
an RBL, see $dnslist_text contact support at address (link removed) more info
at (li
Hi,my server are running Exim 4.72.
I know is time to upgrade but I AM awaiting Webuzo relase the update because I
can't update exim integrated into the panel.Until they not release a upgrade my
Exim support SSL 3.
IF i follow that guide:[exim-announce] Exim and the POODLE SSLv3 vulnerability
by
Hi,I AM using Webuzo panel who is running Exim 4.72 who seems to be vulnerable
to POODLE attack and SSL 3.
I cannot update Exim from SSH because will be incompatibile with the panel so I
must wait a fix from the panel Staff who are taking very long time and have
issue on integrating Exim.
In my
Mandi! Robert Blayzor
In chel di` si favelave...
> Is $return_path = f...@bar.com ? Assuming that errors_to was not set later
> in the routers.
I'm interested too in this answer.
Fiddling with SRS, some moth ago, i've hit a similar touble, and really i've
not understood well how work.
Final
Mandi! Heiko Schlittermann
In chel di` si favelave...
> Where did you set this? In the rcpt ACL, I think.
[...]
> How does your data acl look like?
I've give up. ;(
I've done some more tests, with no luck; added by the fact that i've to use
add_header in exim to add SA info, finally i've switc
Mandi! Jeremy Harris
In chel di` si favelave...
>> But, there's no way to set some variable 'acl_mX' in 'acl_check_rcpt:' based
>> on recipient?
> Certainly there is. Now, what will you do when there is a second
> recipient?
I can apply a worst case scenario, for example.
I've tried with:
Mandi! Marco Gaiarin
In chel di` si favelave...
> I have to add 'add_header' line to exim acl?
Answer found. Yes:
http://www.gossamer-threads.com/lists/exim/users/70448
Sorry.
--
La differenza tra una dittatura e una democrazia e' che in democrazia poi
I've added a simple 'spam' ACL:
warn
spam = debian-spamd:true
and on SA 'local.cf':
rewrite_header Subject [SPAM]
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _
Mandi! Jeremy Harris
In chel di` si favelave...
> First decide how you're going to deal with a message that has
> both "local" and "nonlocal" recipients. Then look into the
> $recipients variable, the forany/forall conditions, the
> ${domain:} expansion operator, the ${if } expansion item
> and
In a router i set 'errors_to': docs and past test say me that setting
errors_to does not automatocally imply that the sender change, rewriting
have to be used.
In a trasport (say 'A', it is a smarthost transport) i've set:
headers_rewrite = *@* "${if
eq{${domain::$h_errors_to::}}{SRS_DO
Sorry, i came back on that topic. SRS works, but some strage behaviour
happen.
My SRS rewriting router now have:
> .ifdef SRS_SECRETFILE
> address_data = ${run{/bin/sh -c "/usr/bin/srs --secretfile=SRS_SECRETFILE
> --hashlength=SRS_HASHLENGTH --alias=SRS_DOMAIN $sender_address
> 2>/dev/nul
>errors_to = ${if
> eq{${domain:$address_data}}{SRS_DOMAIN}{fail}{${quote_local_part:${local_part:$address_data}}@${domain:$address_data}}}
Oh, i'm so stupid... it is:
errors_to = ${if
eq{${domain:$sender_address}}{SRS_DOMAIN}{fail}{${quote_local_part:${local_part:$address_data}
My ''home server'' get email via UUCP or fetchmail, does not have a
''public'' SMTP access.
Still, i want to use spamassassin to score messages. I've simply added:
warn
spam = debian-spamd:true
condition = ${if < {$message_size}{SA_SIZE_THRESHOLD}}
and in this way ALL messages get sco
Ok, many thanks to Andrey Melnikov that, offlist, helped me.
Finally i've solved my issue with SRS. Because could be useful to others, i
post my findings here.
1) the ''bounce'' router HAVE TO EXIST and HAVE NOT the 'no_verify' option
set; Doing the rewrite, exim verify that the SRS-generated
Mandi! Ian Eiloart
In chel di` si favelave...
> It seems you???ve been doing some work on this, and had partial success. But,
> I???m not clear on what the problem is.
Ok, try to restart from the beginning.
> You???re trying to get SRS sender address rewriting.
Yes. I manage a litte server
[Still i'm seeking feedback, and i don't understand if simply i'm asking too
dumb question, no one read me, or what...]
I'm trying to implement SRS in my debian wheezy little server, so using exim
4.80-7+deb7u1.
I know that newer exim versions have SRS implemented directly using libsrs
(https://
> Still i'm here: reading around i've rewrited my routers, and now i've a
> generic one roughly as the first and second router:
But that router works for local destination messages, eg:
2015-07-17 21:51:02 1ZGBet-00017Z-Lr <= u...@alice.it H=smtp302.alice.it
[82.57.200.118] P=esmtp S=2707 id=1
> ... please help me...
Still I. Firstly, a question: because my ISP (libero.it) implemented
recently DMARC, and listserver breaks it, someone is receiving my email?
Still i'm here: reading around i've rewrited my routers, and now i've a
generic one roughly as the first and second router:
.if
1 - 100 of 244 matches
Mail list logo