The subject line caught my interest.
My mail domain is DNSSEC Signed and I have SSL/TLS Certificates (Let's
Encrypt - which I've automated) that cover it - and have implemented
TLSA records for my mail server a few years back. So if the recipient
SMTP server also happens to have a TLSA DNS rec
I also wonder why:...
# iptables -v -A INPUT -s 5.34.207.0/24 -j REJECT
(or similar) has not been suggested.
On 2022/12/12 18:13, Robert Blayzor via Exim-users wrote:
On 12/7/22 10:34, The Doctor via Exim-users wrote:
How do you block a whole Class C like
5.34.207.0/24 using the configuration
Hi,
a customer is asking whether email tagging is possible.
eg...
mje+e...@posix.co.za - rather than my usual address of m...@posix.co.za
I believe that G-Mail offers this.
My IMAP/POP3 system is courier - if that helps in any way.
--
Mark James ELKINS - Posix Systems - (South) Africa
m..
A month ago I upgraded to Exim version 4.94.2 #2 built 03-Jul-2022
03:34:43 - after figuring out how to fix my Tainted issues. I didn't
change any other parameters. This server is used to relay out from my
customers to the rest of the world (machine = relay.vweb.co.za).
Tainted areas were abou
I'm very interested in what you are doing.
My thinking along country blocking for the submission of email addresses
is...
Subscribers have their data in a database. They have a properly secured
web access system to that database for account management purposes
(change their password - etc).
Seems I need to do more learning
On 6/26/22 9:19 AM, Andrew C Aitchison via Exim-users wrote:
On Sat, 25 Jun 2022, Mark Elkins via Exim-users wrote:
Not sure if I'm missing the boat or what but - for one of my users to
send email - they must use mail Submission port 587 - and no
Not sure if I'm missing the boat or what but - for one of my users to
send email - they must use mail Submission port 587 - and nothing else.
That's on a server that only listens on port 587. This works fine until
a user "shares" their password. I also have a script that looks how many
emails a
Hi,
I have EXIM version 4.94 #2 built 24-Jan-2021 02:57:31 on a Gentoo
server. The config file worked for pre-tainted Exim.
Config includes:-
begin transports
remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
dnssec_request_domains = *
hos
One could do this for a punycode version of the domain name but the
address part before an '@' can be UTF8 - such as "café". Please don't
break any internationalised addresses (Universal Acceptance and all
that). I'm wondering if an inverse check could be done, as in look for
anything bad? (e.g
On 2020/11/10 08:44, Kai Bojens via Exim-users wrote:
Am 09.11.20 um 23:27 schrieb Heiko Schlittermann via Exim-users:
We're open for suggestions. And intentionally we do not provide
suggestions from our side here and now (this doesn't mean that we do
not have
ideas ;)) My thoughts I'll pres
ve
things like wrong SPF records... or what appears to be bad DKIM
signatures. Email management used to be so easy even 10 years ago.
On 2020/11/06 15:41, Jeremy Harris via Exim-users wrote:
On 06/11/2020 11:53, Mark Elkins via Exim-users wrote:
I've got the following in exim.conf
I've got the following in exim.conf
acl_check_dkim:
deny dkim_status = fail
message = DKIM validation failed: $dkim_verify_status
log_message = DKIM validation failed: $dkim_verify_status \
(address=$sender_address, domain=$dkim_cur_signer), \
Hi,
In the distribution template config file for exim
(/etc/exim/exim.conf.dist), around line 200, I read...
# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in
# case these users need to send email
g such as the MySQL connection
info being changed. Mine looks something like:-
hide mysql_servers = db-server.organisation.com/db-name/db-user/db-password
On 2020/02/16 17:44, Mark Elkins via Exim-users wrote:
Hi,
I run a few machines with exim - for both Submission (SMTP relay) and
for
"\
To: $local_part@$domain\n\
Subject: Mailbox is 80% full\n\n\
This message is automatically created by the mail delivery system.\n\n\
The size of your mailbox has exceeded the warning threshold of 80%.\n\
Please consider cleaning out old e-mail or reducing the number of
Hi,
I run a few machines with exim - for both Submission (SMTP relay) and
for receiving emails for quite a few email addresses in numerous domains.
My users are stored in a database for ease of configuration.
I run Gentoo and usually try and keep up to date with all packages.
Last night - one
idn't.
On 2019/11/01 16:13, Andreas Metzler via Exim-users wrote:
On 2019-10-31 Mark Elkins via Exim-users wrote:
Hi folks,
I'm pulling out my hair... I have a strange e-mail problem. I'm hoping this
community can help.
I run an ISP in South Africa. Servers are all Linux Gentoo. I
Hi folks,
I'm pulling out my hair... I have a strange e-mail problem. I'm hoping
this community can help.
I run an ISP in South Africa. Servers are all Linux Gentoo. I use EXIM
and Courier-IMAP/POP to deliver emails to about 3000 users using about
400 different domain names. From Monday the
Hi folk, I came across a new (to me) method of sending SPAM through my
587 only mail relay system for my clients.
As usual - a user has given up her password (social engineering - whatever).
The account was being used to send about 10 emails at a time with a
different from address and from dif
Those customers with machines bolted to desks usually use the mail
server of their Internet supplier - via port 25 and with no authentication.
The main reason I have a Port 587 server with authentication is because
I appear to have a large portion of nomadic users. Some customers seem
to be ve
I run a "relay" server for my e-mail clients - so they can send out
e-mail from any network they are connected to (so useful for travelling
laptops). This machine runs only on port 587, uses authentication (same
password as for their POP3/IMAP account) - etc etc.
Some nefarious people are cont
I've stored my 5000 users - using about 1000 domains in a database for
years - and its worked for years. Exim essentially just reads from the
(I use MySQL) database. Support for MySQL (and others) is there already.
This is extremely scalable.
I then have my custom web pages that allow users to man
Apple Maacbook running Microsoft Outlook can not connect to my exim
based mail relay system using port 587, authentication and TLS.
I've always had this problem, it just affects very few people
A customer just asked again:-
> I am in the process of migrating to my Macbook – finally. We discu
On 14/05/2018 12:25, Jasen Betts via Exim-users wrote:
> On 2018-05-14, Mark Elkins via Exim-users wrote:
>> I need help. (pun included)
>>
>> Someone is using "ple...@help.co.za" as the source of spam e-mail. The
>> address does not exist...
> step 0: p
I need help. (pun included)
Someone is using "ple...@help.co.za" as the source of spam e-mail. The
address does not exist...
delivering 1fI8dS-0008Pd-DC (queue run pid 700)
LOG: MAIN
** ple...@help.co.za: Unknown user
...but I do manage the domain "help.co.za"
I also allow wildcards in addre
Begs the question, do DANE enabled machine therefore perhaps require a
stronger encryption - as their owners should know what they are doing?
I've no idea if its possible to allow weaker encryption for
opportunistic connections
but enforce stronger encryption types on DANE compliant connections?
On 20/03/2018 08:57, Ted Cooper via Exim-users wrote:
> On 20/03/18 12:24, Rob Gunther via Exim-users wrote:
>> [snip]
>> I did this little bit of research because I actually want to accept
>> different max message sizes with Exim - BASED ON THE RECIPIENT DOMAIN.
>>
>> If my Exim server answers,
Exim version 4.89 #1 built 05-Oct-2017 13:48:15 (Linux Gentoo)
Problem: I have users either with weak passwords or whom give away their
passwords...
Result: Spammers have their "information" so can use my relay mail
server to send spam on my clients behalf to many other people. If it
bounces - th
Hi,
I run the latest exim on a server that receives mail for multiple
domains, I thus use MySQL to manage my users.
In my Transports - I have:
mysql_delivery:
driver = appendfile
directory = /var/spool/mail/$domain/$local_part/
maildir_format = true
directory_mode = 0755
create_directo
I don't see the AD bit being set in your example?
It is however set when I ask a DNSSEC aware resolver. Which Resolver are
you asking? You localhost (127.0.0.1) may not be DNSSEC aware.
# dig mx4.unitybox.de +dnssec +multi
; <<>> DiG 9.9.5 <<>> mx4.unitybox.de +dnssec +multi
;; global options: +
I think the other thing to consider is setting "smtp_accept_max = 10"
means you can only process up to 10 e-mails at one time. If you are
doing a number of checks, Virus, multiple blacklist checks - these tests
can take a while - possible a meaningful amount of seconds each. Just
bear that in mind.
I'm looking for some answers/clarification to various advantages of DANE
vs normal MTA security and opportunistic TLS
I'm only talking about MTA - Mail Transport Agents, software that
transfers e-mail from one Mail Agent to another - eg exim, postfix - etc.
I know Viktor (amongst others) lurk
manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf
OS is Linux, Gentoo, and is the current build.
On 25/07/2016 12:53, Jeremy Harris wrote:
> On 25/07/16 11:31, Mark Elk
People could not send mail out through a relay server after a config
change to exim.conf
Eventually found the error:
spam acl condition: warning - invalid spamd address: '127.0.0.1 783'
That is, there were two spaces between 127.0.0.1 and 783 - rather than
just one in the config file!
I would
On Fri, 2015-12-04 at 12:55 +, Jeremy Harris wrote:
> On 30/11/15 22:34, Jeremy Harris wrote:
> > What do people particularly want worked on in the remaining
> > time?
>
> A quick poll on currently Experimental features:
>
> Who is using any of
>
> Events
> Redis
> Proxy protocol
> Socks
On Sun, 2015-06-21 at 13:16 -0400, John C Klensin wrote:
>
> --On Sunday, June 21, 2015 17:50 +0200 Mark Elkins
> wrote:
>
> > I'm sitting in the "Universal Acceptance Steering Group
> > Workshop" at ICANN in Buenos Aries. Decided to test the email
>
I'm sitting in the "Universal Acceptance Steering Group Workshop" at
ICANN in Buenos Aries. Decided to test the email of my own home grown
systems.
I run exim (4.84) on Gentoo.
User names are stored in MySQL.
I found a friendly Russian and he created the user "андрей@diver.co.za"
in my Database.
I was given the following error from a customer:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
alan.h...@up.ac.za
(generated from commit...@dwra.co.za)
SMTP error from remote mail server afte
On Sat, 2014-10-11 at 18:17 +, Viktor Dukhovni wrote:
> On Sat, Oct 11, 2014 at 07:56:53PM +0200, Mark Elkins wrote:
>
> > > With certificate usage DANE-EE(3) there is no tie to one's preferred
> > > CA. The certificate content apart from the public key is eff
On Sat, 2014-10-11 at 19:47 +0100, Jeremy Harris wrote:
> On 11/10/14 17:18, Mark Elkins wrote:
> > dkim_private_key = /etc/exim/dkim.private.key
> >
> > I think an error message of "dkim_private_key not found - please specify
> > the full pathname" would
On Sat, 2014-10-11 at 16:12 +, Viktor Dukhovni wrote:
> On Sat, Oct 11, 2014 at 12:13:29PM +0200, Mark Elkins wrote:
Thanks for the details. I appreciate the education.
> > I presume the motivation for using the Public-Key instead of the whole
> > Certificate is either sim
unreadable - where quite clear.
I'm not the first person to be caught out either.
On Sat, 2014-10-11 at 18:25 +0100, Adam D. Barratt wrote:
> On Sat, 2014-10-11 at 18:18 +0200, Mark Elkins wrote:
> > I followed various guides on DKIM and Exim..
> >
> > http://www.iodi
I followed various guides on DKIM and Exim..
http://www.iodigitalsec.com/exim-dkim-and-debian-configuration/
http://www.systemajik.com/blog/implementing-dkim-with-exim/
http://mikepultz.com/2010/02/using-dkim-in-exim/
Kept getting: DKIM: signing failed (RC -101)
The cause (or final fix) was to
On Sat, 2014-10-11 at 02:37 +, Viktor Dukhovni wrote:
> On Fri, Oct 10, 2014 at 11:43:06PM +0200, Mark Elkins wrote:
>
> > I control both server and DNS. I went with:
> >
> > _25._tcp.mje99.posix.co.za. IN TLSA 3 0 1 {hexxy stuff}
>
> Note however, that wi
Thanks Viktor,
On Fri, 2014-10-10 at 21:06 +, Viktor Dukhovni wrote:
> On Fri, Oct 10, 2014 at 10:48:46PM +0200, Mark Elkins wrote:
>
> > I've got DNSSEC generally working, how can I get Exim to benefit?
> > I've created TLSA records for some web servers... also
I've got DNSSEC generally working, how can I get Exim to benefit?
I've created TLSA records for some web servers... also created a record
for my mail server. Is there a document describing how to use TLSA
records? Does 4.84 fully support TLSA yet?
I'm also looking for DKIM/DMARK configuration sam
Just attended ICANN-47 Durban. In the DNSSEC workshop, DANE was
discussed, along with using DANE with SMTP.
http://durban47.icann.org/meetings/durban2013/presentation-dnssec-dane-smtp-17jul13-en.pdf
So as I understand this, if there is an appropriate TLSA record (all
nice and DNSSEC secure) for a
On Tue, 2012-12-11 at 08:23 +0100, Jan Ingvoldstad wrote:
> On Mon, Dec 10, 2012 at 11:30 PM, The Doctor wrote:
>
> > On Mon, Dec 10, 2012 at 09:47:35PM +0200, Mark Elkins wrote:
> > > What if exim did some internal TNEF translation on demand, as in for
> > > local
What if exim did some internal TNEF translation on demand, as in for
local delivery, preparing the e-mail ready for reading?
The alternative is to patch every e-mail reader (MUA) to make them TNEF
ready.
I think that is what is being suggested?
On Mon, 2012-12-10 at 12:22 -0700, The Doctor wrote
One more - which appears to work for me in generating DNSSEC
signatures just fills up /dev/random (and I've no idea if this will
help?)
Install the 'haveged' package, www.irisa.fr/caps/projects/hipsor
Software that reads random stuff from your CPU. Not as good as real
Hardware Entropy devices
I'm looking for some netwisdom
I run Exim, delivery is maildir format. I then use Courier IMAP.
My preferred mail reader is evolution - from three or four different
devices.
This way, I can see the same e-mail on a static workstation (the main
mail server for me) or on any one of three laptops
On Tue, 2012-01-03 at 20:24 -0500, Phil Pennock wrote:
> On 2012-01-03 at 12:49 +0200, Warren Baker wrote:
> > On Tue, Jan 3, 2012 at 11:40 AM, Cyborg wrote:
> > > Am 03.01.2012 10:11, schrieb Mark Elkins:
> > >
> > > You have to use xn--caf-dma.co.za
I'm an ISP in South Africa. I have recently UTF-8'ed all my Databases
(mysql) and Web Systems and sites (Apache + PHP 5.3). My 'virtual web'
system understands UTF8 in a name and does all the (so far) correct
translation from/to puny - both for DNS and Apache. Discovered in apache
I also needed the
On Wed, 2011-06-01 at 10:38 +1000, Ted Cooper wrote:
> On 01/06/11 01:35, Ian Eiloart wrote:
> > In particular, it may be that mail in TRASH and SENT is evidence that
> > a user is using IMAP properly. For example, they may regard sent mail
> > as more important than received, and they may value ha
I'm looking at adding a simple mailing list facility. I'm using
Exim-4.71. This is a (small) ISP system - all users are in a MySQL
Database under multiple domains. I currently have a simple 'forwarding'
mechanism which can forward to a small number of comma separated
addresses - great for expanding
On Wed, 2009-07-15 at 13:09 +1000, Ted Cooper wrote:
> On Tue, 2009-07-14 at 21:48 +0200, Mark Elkins wrote:
> > Is anyone looking at having Exim become DNSSEC aware - look at the AD
> > bit - stuff like that. Perhaps add the DNS Status as a mail header? - or
> > as a varia
Is anyone looking at having Exim become DNSSEC aware - look at the AD
bit - stuff like that. Perhaps add the DNS Status as a mail header? - or
as a variable so that tests can be done?
The root gets signed by the end of the year.
just thinking out aloud in key strokes.
--
. . ___. .__
On Mon, 2005-10-31 at 14:11 +, Terry wrote:
> Mark Elkins wrote:
> > Because I'm not aware of any simple way to do real-time logging of
> > e-mail stats inside exim - I've put together a few hacks...
> >
> > For example - to 'log' the nu
Because I'm not aware of any simple way to do real-time logging of
e-mail stats inside exim - I've put together a few hacks...
For example - to 'log' the number and size of emails - in routers
I have
mysql_user:
driver = accept
# Update this users stats with ... $message_size
condition =
59 matches
Mail list logo
