Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)

Victor Sudakov via Exim-users wrote: > However, I've noticed that when I send a larger mail, like > > uuencode /usr/bin/vi vi | mail -s "test test" vas@XX vas@YY > > then 10 of the 10 mails on Debian have dkim=pass. So the message size > or encoding is envolved somehow? What gives? Is

Re: [exim] exim-4.96RC0 - broken Mailman (2.x)

Andrew C Aitchison wrote: > > I don't understand why require_files did not trigger the check, though, > > but using the tainted variable $local_part there will be a problem. > > As I understand, "require_files" detaints, > since a secure file-system is a database of trust. The file system is, b

Re: [exim] exim-4.96RC0 - broken Mailman (2.x)

Odhiambo Washington via Exim-users wrote: > I must admit I have zero clue how to detaint this: > > LOG: MAIN > ** mail...@lists.mydomain.name xx@lists.mydomain.name> R=mailman_router T=mailman_transport: > Tainted arg 1 for mailman_transport transport command: 'bounces' > > mailman_r

Re: [exim] Taint checking and exim 4.96rc0

Dean Brooks via Exim-users wrote: > On Fri, Apr 29, 2022 at 05:16:45PM +0100, Andrew C Aitchison via Exim-users > wrote: > > > Given that taint checking appeared in Exim 4.93 and > > allow_insecure_tainted_data in Exim 4.95, > > this (Exim 4.96) would be the first time that allow_insecure_taint

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

Evgeniy Berdnikov via Exim-users wrote: > Think a bit. Lot of examples may be found in one minute. > For example, you have to check user's quota, which is stored in some > database. You have to extract current maibox size, quota limit, then > add message size to box size and compare with limit

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

> Also, though rarely used, it's not impossible for the > source of a string getting expanded to come from a > runtime-variable place. Exim is that flexible. Is there a real use case for that? It sounds dangerous to me. > > Well, given that reason nobody needed taint checking to begin with. ;-)

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

> > Would it be possible to expand all strings when reading the configuration > > without causing side effects to check any attempt of using tainted data > > at start up? > > No. Variables are used for data which varies on a finer grain > than "exim starting up". For the specific case, $domain v

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

> > domainlist d2 = > > ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain > > becomes > > domainlist d2 = > ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=${quote_ldap:$domain} > > Nothing more complex than that. Except that most people would never think of

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

> Yes, $domain will be tainted. Using it as part of the > conditions in a lookup is still permitted; the taint-tracking > is not intended to stop that (because it is in general a useful > facility). Now I am seriously surprised! Exim key lookups are parsed along with expansions, so expansions can

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

Jeremy Harris via Exim-users wrote: > One idea that might be worth exploring is to build local_domains > from a pair of domainlists. Have one with just the ldap lookup, > and one with everything else: > > > LOCALDOM = /etc/exim4/localdomains > domainlist d1 = @:localhost:LOCALDOM > domainlist d

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

> > Perhaps quote_ldap should return an untainted string? > > No, it does no real checking so would just be > an easy thing to abuse. How would you do that? After all, originally it was introduced to prevent just that, so people need to know. Or are you talking about using quote_ldap outside the

Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)

Jeremy Harris via Exim-users wrote: > On 22/12/2021 07:33, Christian Balzer via Exim-users wrote: > > LOCALDOM = /etc/exim4/localdomains > > domainlist local_domains = > > @:localhost:LOCALDOM:ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain > > Doh. Ignore my previous ques

Re: [exim] Two nested 'dsearch' to avoid tainted data ?

"Olaf Hopp (SCC) via Exim-users" wrote: > ok, I see the point. In the calling router I still have the "old" > require_files = /etc/exim4/autoreply/${domain}/${local_part}.msg > which does not throw "tainted data" errors. > So I can shift the logic to the router (make it complicated there) >

Re: [exim] Exim4 delay at boot

> > The problem is that my DNS (unbound) runs on the Devuan ascii > > virtual machine which I set up to start up automatically at boot but > > it is not yet up and running when Exim4 does the reverse DNS check. > Well, this is the sort of problem systemd is supposed to avoid :-) In case the queri

Re: [exim] tainted data issues

Jeremy Harris via Exim-users wrote: > > Radical: $local_part, $domain, and similar tainted variables should > > be automatically un-tainted once they pass a check that would generate > > the untainted version of the variable. > On the other side of the coin, re-using the same variables and > c

Re: [exim] tainted data issues

Jeremy Harris via Exim-users wrote: > The one major hole I know of is for the creation of a > mailbox file, first time, for an account. After having reviewed a number of configurations, I am sure there is more. While I am not pleased with the design of verifying tainted data, or introducing it i

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

Jeremy Harris via Exim-users wrote: > On 08/11/2020 14:47, Michael Haardt via Exim-users wrote: > > In the old days, that was the standard way of matching. Then conditions > > were added, many people switched to them, and now we go back to the old > > domains/local_parts w

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

> I think I have have gotten my head around this now ... Yes, you got the structure right. > I have a global domain list: > which I already use for routing non-local domains to our outgoing relays > (smart hosts).  I can reference this in again in each router. > > ... and I don't need a 'condit

Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'

> Ok, have had a 5 minute scan read ... seems that tainted data is a > {potential} problem, but in my case the variables that I use to build a > path in transport 'local_delivery': > [...] > have already been used as keys in a database look-up previously in the > router that cause the transport

Re: [exim] 4.94 - De-tainting without lookup?

Evgeniy Berdnikov via Exim-users wrote: > On Mon, Jun 29, 2020 at 09:12:23AM +0200, Michael Haardt via Exim-users wrote: > > Partially dsearch does that by not allowing "." and ".." as keys. > > It's pity, but it does... See thread > https://l

Re: [exim] 4.94 - De-tainting without lookup?

Matthias Hörmann wrote: > Why not use a simple whitelist string replacement? All characters but > some known valid characters (say [a-zA-Z0-9_.-]) are replaced with a > known valid character (say _)? We use that in puppet all the time to > generate paths. As long as you disallow slashes you don't

Re: [exim] 4.94 - De-tainting without lookup?

Matthias Hörmann via Exim-users wrote: > This essentially gets me back to where I started. I *want* any domains > and local parts to be created as part of this process. I can live with > the case where it won't create paths with dangerous characters (that > never happened on dozens of servers in y

Re: [exim] Sieve filters broken due to tainted expansions?

> ChangeLog, 4.93 :- > > JH/32 > Introduce a general tainting mechanism for values read from the input >channel, and values derived from them. Refuse to expand any tainted > values, to catch one form of exploit. Ok, so the problem was not in Sieve operation itself, but in the fact that a Sie

Re: [exim] Sieve filters broken due to tainted expansions?

> # exim -bt klausman-gen...@schwarzvogel.de > LOG: MAIN PANIC > attempt to expand tainted string '$rheader_From' > LOG: MAIN PANIC > attempt to expand tainted string '${if def:header_From {true}{false}}' > Sieve error: header string expansion failed in line 3 This is quite likely an internal

Re: [exim] exim4, gmail and 550-5.7.1

> > On 11/12/15 21:22, Robert Steinmetz AIA wrote: > >> Any email to a gmail server is rejected with a 550-5.7.1 > >> error, basically requiring a ipv6 ptr record. > > [...] > >> Unfortunately our IP addresses are provided by our ISPs and > >> they don't provide ipv6 ptr records. > > > > That's yo

Re: [exim] sieve filter regex extension

> It seems to be the extension "regex". In the exim-documentation "Chapter > 2 - Sieve filter" I found the following sentence: > > "The Exim Sieve implementation offers the core as defined by RFC 3028, > comparison tests, the subaddress parameter, the copy, envelope, > fileinto, notify, and vac

Re: [exim] Portability check: writev()

> > SunOS 4 has writev(), but no prototype for it in , just struct > > iovec. It may be hard to believe, but I am really looking forward to > > run Exim on it - to get rid of sendmail. :) > > Can you provide a correct prototype for the platform, please? We can > put it in "OS/os.h-SunOS4". I wil

Re: [exim] Portability check: writev()

> Is anyone actively using Exim on a platform without a POSIX writev() > interface? If so, are you also using SpamAssassin? SunOS 4 has writev(), but no prototype for it in , just struct iovec. It may be hard to believe, but I am really looking forward to run Exim on it - to get rid of sendmail.

Re: [exim] [exim-dev] Exim 4.80 RC1 uploaded

> > The first is needed due to the HP-UX resolver library. I don't know > > when res_state was defined, otherwise I would have used __RES to check > > if it needs to be defined. 19931104 does not have it yet. > > *sigh* Thanks, I was worried this assumption would bite me; I'm > surprised directl

Re: [exim] [exim-dev] Exim 4.80 RC1 uploaded

Hello, I tried RC1 on HP-UX 11.00 with gcc and apart from a few minor issues, things look fine. I suggest not to use those functions: dcc.c: In function 'dcc_process': dcc.c:129: warning: incompatible implicit declaration of built-in function 'bzero' dcc.c:196: warning: incompatible implicit de

Re: [exim] Passing over a redirect (and Sieve filter) router

> the next router (well named local_delivery) is not reached... > instead of, an exim -bt command gives me: > >Implicit keep > >f...@lutix.org -> inbox > >*** Error in setting up pipe, file, or autoreply: > >file_transport unset in userforward router > > Firstly, could someone explain to me why a

Re: [exim] Sieve filtering setup

Sieve does not know anything about paths and merely treats the fileinto argument as opaque name. Keep (implicit or explicit) does the same as fileinto "inbox". Changing keep means changing fileinto "inbox". If you append a slash to fileinto arguments in Sieve, Exim will run the router directory_

Re: [exim] dkim & transports configuration

> You will need to set all mandatory options to get something useful. > > Also $dkim_domain is only available in the the acl_smtp_dkim ACL for > *verifying* incoming signed messages. I comitted patches to CVS that allow to add multiple signatures. The router option dkim_domain specifies a colon s

Re: [exim] Filtering issue (Sieve)

> Secondly, here is my router definition that manage the Sieve script: The router looks fine, but how does address_file look like? > > No implicit keep Looks fine, too. Sieve started and executed the fileinto, hence it ended with no implicit keep. If you enable debugging, you see more. The ma

[exim] Using ADSP?

Hello, I am just starting with DKIM and the design looks great. Having just discovered ADSP, I wonder how to implement it. The fine manual shows dkim_verify_signers = $sender_address_domain:$dkim_signers to run the ACL for the sender as well as for signers found in signatures. Unfortunately,

Re: [exim] sieve + maildir

> I'm not an Exim expert and I must admit that I'm a bit lost in the wood > of router, transports and drivers. But as far as I can see, when a mail > goes through a Sieve filter, it ends up in a transport called > address_file, while it should end up in one of the transports called > address_direct

Re: [exim] exim and sieve filters

On Thu, Sep 24, 2009 at 09:27:35AM +0200, Roel Schroeven wrote: > As far as I can see, that cannot be done in > an exim filter, but it can be done in a sieve filter using addflag > "$label4". I don't know what addflag is supposed to be, but: > I tried that, but that doesn't work in the current se

Re: [exim] maildir_tag - appending size suitable for Dovecot

> maildir_tag = ,W=$message_size > > However, Dovecot wants the 'virtual' size and exim creates the 'actual' > size - and so Dovecot sends truncated email to pop3 clients! > http://wiki.dovecot.org/POP3Server > > Is there a way around this? I've seen references to use_crlf, but am > umsure if this

Re: [exim] Default enabling of dnsdb

> > I'm still waiting for someone to weigh-in with something dnsdb does that > > has a > > bit more utility - or at least is harder to substitute for. After 9 good reasons, here is another one: 10.) Check if the the MX record for the recipient domain points to the receiving host although it is

Re: [exim] Default enabling of dnsdb

On Tue, May 05, 2009 at 04:27:13PM +0100, Mike Cardwell wrote: > I'd like to petition for a change in the default makefile for 4.70 such > that DNSDB is enabled by default. > I can't see any disadvantage to it being compiled in... I just compiled > Exim with it, and then again without it and the

Re: [exim] Auto Purge of specific mail

On Thu, Mar 26, 2009 at 10:15:37AM +1100, Ted Cooper wrote: > If you use Maildir format, easy using tools available on the system. > > You may blow out the command line length with this depending on how many > domains and users you have - to get around this you might need a > separate program that

Re: [exim] Exim doesn't list actions taken with -bf on a Sieve filter

> When I test a Sieve filter with -bf Exim doesn't print the actions it > takes, however if I add -d I can see them. Here's an example: The code behaves as intended, but it would be easy to change this if there is consensus that different behaviour would be better. Michael -- ## List details a

Re: [exim] Date and From header regular expressions (was: RegEx longer than maximum string length in system filter)

On Fri, Jul 18, 2008 at 10:31:04AM +0200, Schramm, Dominik wrote: > > There was talk on exim-dev regarding a RFC 2822 date parsing > > patch to the exim code. > > > > http://lists.exim.org/lurker/message/20080604.133713.1e67dcec.en.html > > > > I can't find any news regarding this since. > > Th

Re: [exim] Should queue processing be rewritten in Exim?

> Other MTA's -can- manage large queues, and for what i know, without > storing them in ram with the risk of losing data. Stop focussing on > ramdrives and queues in memory, instead, focus on -why- it is Exim is > slow with large queues. I followed this thread for a while and - sorry - it is not l

Re: [exim] Weird loads with maildir_use_size_file

On Wed, Jun 18, 2008 at 04:12:11PM +0200, Gergely Nagy wrote: > I put up two reports (load, iostat, queue, ps ax) at > http://195.70.33.28/~algernon/exim-stuff/ Quite interesting, because I fail to see what should drive the load up this far, too. But: The disk load is not spread well. sda/sdb ge

Re: [exim] pysieved MANAGESIEVE server soliciting Exim experts

On Tue, Jun 10, 2008 at 09:58:44AM -0600, Neale Pickett wrote: > pysieved (http://woozle.org/~neale/src/pysieved/) is a MANAGESIEVE > server with a plugin architecture for storage. We just made our 1.0 > release and would very much like to get a storage mechanism for Exim in > addition to the Dove

Re: [exim] XCLIENT supported by exim?

On Thu, Apr 24, 2008 at 12:24:23PM +0100, Ian Eiloart wrote: > That can only be because, in spamd mode, it doesn't have access to what: > the IP address of the client? What's it doing with that IP address? RBL > checks? In spamd mode it can not delay mails until it is certain if they are legitim

Re: [exim] XCLIENT supported by exim?

On Wed, Apr 23, 2008 at 02:05:02PM +0200, Marten Lehmann wrote: > And > similar, you don't find an out-of-the-box spamfilter that has zero false > positives and a high detection rate for ISPs like eXpurgate (thats the > name of our solution). We use eXpurgate, too, but using the spamd interface

Re: [exim] Multiple Maildir Delivery?

On Thu, Mar 13, 2008 at 12:22:33PM -0700, Kris Oye wrote: > Is it possible to have a transport deliver a single message to multiple > maildir locations? No problem. Beside the already given solutions, you can use a redirect router to generate multiple file addresses, delivering those with an appe

Re: [exim] Blocking Users with No Reverse DNS

> How many block connections with no reverse DNS? I do for all sites I run. > How much collateral damage is there with doing that? It got me the usual offences, but apart from that, no damage really. That may be due to running a large site; a smaller site might have to use exception lists. By n

Re: [exim] Bug in DNS resolver or in DNS setup?

> exim -d+all -bh 83.223.83.9 should give the results of the > gethostbyname2 calls done by exim. But I guess it's just your resolver > not replying fast enough to exim's query so it times out. Exim deals with errors returned by the resolver, and although the code is not pretty (somehow no code de

Re: [exim] Bug in DNS resolver or in DNS setup?

> I checked the DNS setup, and it looks OK to me (no lame delegation, > zones are consistent etc). It is a little uncommon that the reverse > zone contains a CNAME for a PTR record, but Exim has no trouble to find > out the hostname, so that appears to work. > > I have no idea why looking up the h

[exim] Bug in DNS resolver or in DNS setup?

Hello, I have the following problem: 2007-07-10 21:49:46 no IP address found for host mosambik.phantasia.org (during SMTP connection from [83.223.83.9]:3633 I=[195.4.92.15]:25) I checked the DNS setup, and it looks OK to me (no lame delegation, zones are consistent etc). It is a little uncommo

Re: [exim] Exim 5

On Wed, Feb 07, 2007 at 03:08:04PM +, Philip Hazel wrote: > One might feel that after 10 years a big new re-design is long overdue. > On the other hand, large computing projects often get bogged down and > never get done; incremental changes often have a better chance. But as I > say, it's up t

Re: [exim] [OT] ORDB is shutting down

On Tue, Dec 19, 2006 at 08:17:06AM +0100, Renaud Allard wrote: > That's probably the case if you used many other blacklists. But if you > only use reliable blacklists to stop mail at first sight, I know only > two of them (ordb.org and njabl.org). The fact is ordb was very accurate > and didn't

Re: [exim] announce delivery

On Tue, Oct 10, 2006 at 04:27:34PM +0100, Philip Hazel wrote: > The very ancient Unix way of announcing email is called "comsat". It is > implemented by a daemon to which the mailer sends a message (using UDP). > The daemon then writes "you have mail" to the user's terminal if she/he > is logged i

Re: [exim] Vacation sender problem

On Tue, Oct 10, 2006 at 06:15:16PM +0200, Magnus Holmgren wrote: > On Wednesday 04 October 2006 10:47, eegm took the opportunity to say: > > I've configured exim in order to use the Sieve Vacation filter and it > > works, but the return-path and from of the vacation message is not the one > > of th

Re: [exim] Problems with Sieve Filters and vacation messages

On Thu, Sep 07, 2006 at 03:43:31PM +0200, Javier Calahorra Novillo wrote: > The problem is that exim doesn't seem to recognize this kind of vacation > rules (exim doesn't reply with the vacation message to the sender), and > we think that maybe it has to do with the autoreply transport section, > w

Re: [exim] Maildir Quota excluding Trash folder.

On Thu, Apr 27, 2006 at 05:14:27PM +0200, listrcv wrote: > The sieve filtering of Cyrus just falls back to delivering into the > inbox for deliveries into non-existing subfolders. You do not need to change Exim to get that behaviour. Just have the file transport check for existance of the target

Re: [exim] Maildir Quota excluding Trash folder.

On Thu, Apr 27, 2006 at 01:58:35PM +0100, Philip Hazel wrote: > On Thu, 27 Apr 2006, Michael Haardt wrote: > > > Indeed it makes sense to create the parent maildir, too, in case it is > > missing. > > Unless prevented by the create_directory option, Exim will

Re: [exim] Maildir Quota excluding Trash folder.

On Wed, Apr 26, 2006 at 08:34:50PM +0100, Philip Hazel wrote: > On Wed, 26 Apr 2006, Michael Haardt wrote: > > > I am just afraid that a maildirfolder file might get created where it > > should not. As a result, Exim would not calculate the quota of a mailbox, > > but th

Re: [exim] Maildir Quota excluding Trash folder.

On Wed, Apr 26, 2006 at 09:10:41AM -0400, Marc Sherman wrote: > Philip Hazel wrote: > > > > Why? Is it mandatory to have those directories? This would prevent > > somebody having *only* subfolders and no "main" folder. > > By my read of the maildir++ spec, it is, in fact, mandatory. However, >

Re: [exim] Maildir Quota excluding Trash folder.

On Wed, Apr 26, 2006 at 11:59:22AM +0100, Philip Hazel wrote: > I'm not quite sure what to call the option: perhaps something like > maildirfolder_create_regex would be more explicit. It certainly needs to > include "maildir" because it wouldn't apply to other delivery types. So > a (better) pat

[exim] Replacing demime for MIME sanity check?

Hello, I would like to get rid of using demime. I remember to have read the new MIME acl does not perform as many checks as demime, but I failed to find any documentation on how to check for anomalies at all. There appear two variables "mime_anomaly_text" and "mime_anomaly_level". Did the docume

Re: [exim] Enabling Filters

On Fri, Mar 17, 2006 at 03:01:40PM +1100, DOODS wrote: > I just created a script for filtering emails for one domain. However, I > don't know how to enable it and where to save that file. I'm running Exim > with MySQL DB. I have been reading the manual and I can't see (at least > just yet) the answ

Re: [exim] Random numbers

On Tue, Jan 10, 2006 at 03:08:08PM +, Ian Eiloart wrote: > Does Exim have a random number generator? If not could this feature be > added to the wish list, please? > > I'd like to be able to fakereject a random sample of spam, in order that I > can examine the kind of stuff that we're reject

Re: [exim] Number of Exim Queue runners

On Thu, Dec 01, 2005 at 08:32:33AM -, Andrew Johnson wrote: > If you had around 100,000 emails in your queue to deliver, what would be a > reasonable number of queue runners to have running to process them in a > "reasonable time" without causing locking issues with the retry databases & > queu

Re: [exim] Malware bounce filtering

On Wed, Nov 30, 2005 at 12:28:17AM +, Tony Finch wrote: > They are best handled in the traditional SpamAssassin manner, by matching > patterns in the message subject and body. They have almost no useful > information from the original message and serve only as advertisements for > the vendors'

Re: [exim] build exim static

On Tue, Nov 29, 2005 at 07:04:32PM +0100, Patrice wrote: > I didn't want to make a chroot for my exim, I just wanted to make a > directory containing all the binaries and libraries > needed to run the mail server. (independent from the computer on which > it is running) On Unix systems offering

Re: [exim] suggestion - exim-new-users

On Fri, Nov 18, 2005 at 07:37:35PM +0100, Marc Haber wrote: > And I am quite opposed to giving HOWTO-type examples because people > will blindly cut&paste them without understand what they do. I love HOWTOs, because they usually a) provide a solution if you just need one, and b) they show ideas ex

Re: [exim] suggestion - exim-new-users

On Wed, Nov 16, 2005 at 02:35:10PM +, Philip Hazel wrote: > > I am not asking for Exim to be dumbed down for the lowest common > > denominator, > > just pointing out that it is very hard to take in everything at once. > > Absolutely. Not only is Exim large and complicated, the whole Internet

Re: [exim] Multiple spamd servers.

On Wed, Nov 09, 2005 at 10:44:18AM +0100, Tom Kistner wrote: > Michael Haardt wrote: > > >>denymessage = Spam detected > >>!authenticated = * > >>spam= incoming-$primary_hostname/servers=spamd1 783 : \ > >>

Re: [exim] Multiple spamd servers.

On Wed, Nov 09, 2005 at 10:28:22AM +0200, Ian FREISLICH wrote: > The only other way that I can think of is to allow exim to have > sets of spamd_address options so that I could scan submitted mail > with a spamd using a particular configuration and incoming SMTP on > a different spamd. This will m

Re: [exim] User filters and headers

On Tue, Oct 18, 2005 at 11:25:05AM +0200, Warren wrote: > Since "headers add" is not available to a user filter, is there any way > i could add a custom header to a message that has been filtered by a > users filter, > without piping it to an external program to do the header addition? > We are

[exim] MIME question

Hello, trying to understand some things, I fell over the following example: -- Received: from localhost by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400 From: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: test Mime-V

Re: [exim] Does EXIM need a new scripting language? - YES

On Tue, Sep 20, 2005 at 04:55:41PM +0100, Philip Hazel wrote: > It would need to be something entirely different. Consider > > condition = ${lookup } > > There's no "if" involved there. "if" is only one feature of string > expansions. If you want to change to > > condition = eq{string

Re: [exim] Does EXIM need a new scripting language? - YES

On Mon, Sep 19, 2005 at 10:01:21AM +0100, Philip Hazel wrote: > It works the way it does because there are no real boolean expressions > in Exim; everything works in strings. The "condition" condition was > added as an escape for people to test things that were not provided by > conditions such a

Re: [exim] Does EXIM need a new scripting language? - YES

On Fri, Sep 16, 2005 at 07:51:48AM -0700, Marc Perkel wrote: > OK - I want to throw out a proposal to make a major change to Exim - the > scripting language. And before you all start screaming - the idea would > be to leave the existing language in for compatibility. I guess I used up my supply

Re: [exim] No keep and sieve

On Sat, Aug 13, 2005 at 04:44:36PM +0200, Mario Domg?rgen wrote: > Hello! > > Although it seems good documented i don't understand my behaviour of > sieve scripts under exim. I have a very simple sieve script like that: > > # Sieve filter > keep; > > The message i get for "exim -bf filterfile <

Re: [Fwd: Re: [Fwd: Re: [exim] Sieve Filters] handling of inbox.xyx.uvw...]

On Fri, Jul 29, 2005 at 03:25:39PM +0200, Rainer Sigl wrote: > sorry, was a mistake from my side: > the errormessage is > file or directory name " {/home/virtual_mail/sigl/.freebsd/}}" is not > absolute Now that sounds like your expanded strings contains a space and a few braces too much. I sugg

Re: [Fwd: Re: [exim] Sieve Filters] handling of inbox.xyx.uvw...

On Fri, Jul 29, 2005 at 02:45:56PM +0200, Rainer Sigl wrote: > how to handle inbox with subdirs such as inbox.xyz.uvw??? > A construction to isolate the subdirs out of $address_file such as > ${sg {$address_file}{inbox}{}} and adding this to the path of the > mailbox leads to "appendfile: file or

Re: [exim] mime_part_count acl

On Wed, Jul 27, 2005 at 04:30:42PM -0400, Jeff wrote: > mime_part_count: > > deny > condition = ${if >{$mime_part_count}{5}{yes}{no}} > message = Too many MIME parts (max 5) > log_message = DENY: MIME Error (Too many MIME parts: $mime_part_count) See section 40.3: $mime_part_count: T

Re: [exim] Sieve Filters

On Tue, Jul 26, 2005 at 03:58:20PM +0200, Rainer Sigl wrote: > Hi everybody, > I'd like to use sieve-filters with exim4. But there rise 2 Problems for me: > 1. if I set a simple filterfile with >#Sieve filter >require "fileinto"; >fileinto "inbox"; > and I test the file with > exim4 -bf

Re: [exim] DoS attack with nested MIME levels

> If in fact it's composing these non-delivery reports with non-null > envelope senders, then we'd blacklist those envelope senders as being > a misuse of mail procedures. Sure, if it were just one or two. You got it, the session report plus the original mail are used to compose a new mail, _ke

Re: [exim] DoS attack with nested MIME levels

> out of the blue, I am getting a bunch of mails with a very deep MIME > nesting and an "email-info.scr" file inside. Our mailer rejects them, > but it takes forever and a day to scan it. The whole thing looks like > a mail loop, because the sending MTA encapsulates the message together > with th

[exim] DoS attack with nested MIME levels

Hello, out of the blue, I am getting a bunch of mails with a very deep MIME nesting and an "email-info.scr" file inside. Our mailer rejects them, but it takes forever and a day to scan it. The whole thing looks like a mail loop, because the sending MTA encapsulates the message together with the

Re: [exim] Re: exim and multiple Mailbox-Server

On Wed, Jul 06, 2005 at 12:04:58PM +0200, Michelle Konzack wrote: > I have only experience with courier-mta(-ssl) but not exim. > There was someone which told me, that it does not work with > courier-mta and I should use exim4 for it. I don't know anything about courier-mta at all. In case it is

Re: [exim] exim and multiple Mailbox-Server

> But generaly I like to setup such thing like at my german ISP > which has ONLY and this > is where $USER send (SMTP) and get (IMAP/POP3) there E-Mails but > teh mailboxes are physicalay My setup is pretty easy really. I map each mailbox to a specific mbox server, forw

Re: [exim] High Perf server

On Fri, Jul 01, 2005 at 05:28:28PM +0200, V. T. Mueller wrote: > Tony Finch ecrit: > >On Fri, 1 Jul 2005, Michael Haardt wrote: > >>Thanks goodness that cool guy at Cambridge didn't just buy big hardware > >>for Smail, but wrote an experimental internet mailer inste

Re: [exim] High Perf server

On Thu, Jun 30, 2005 at 04:58:42PM -0400, Greg A. Woods wrote: > Get a pair of decent modern fibre-channel PCI host adapters (ideally > 64-bit for the decently fast 64-bit PCI slots in your decently high-end > server system) that are supported by your current operating system and > then go out and

Re: [exim] High Perf server

On Thu, Jun 30, 2005 at 04:55:42PM +0100, Tony Finch wrote: > On Thu, 30 Jun 2005, Michael Haardt wrote: > > > > I am using tmpfs for hints. I will try no_message_logs, but as I > > said: Removing the fsync() calls already helps a lot, probably by > > avoiding disk tran

Re: [exim] High Perf server

On Thu, Jun 30, 2005 at 03:35:35PM +0100, Tony Finch wrote: > In order to do that you have to use a single process (threaded or > event-driven) server which is WAY different from Exim :-) Or a distributed algorithm to coordinate things, but yes, it is very different from the current code. > > Ok,

Re: [exim] High Perf server - was (exim allowed someone to slam my mail server for 3 hours)

> If you are going for serious throughput optimisation then exim is > probably the wrong place to start - in many cases the vast majority of > messages could be switched through a box without touching the disk at > all (you would hold off acknowledging the incoming message until the > next hop had

Re: [exim] High Perf server

On Wed, Jun 29, 2005 at 04:43:46PM -0400, Greg A. Woods wrote: > Don't forget that SMTP requires implementations to make commitments > about how reliably they can process message transactions. I wrote about a queue that does things with less disk transfers, not less reliably. Commercial MTAs have

Re: [exim] High Perf server - was (exim allowed someone to slam my mail server for 3 hours)

On Wed, Jun 29, 2005 at 02:05:23PM +0100, Tony Finch wrote: > On Wed, 29 Jun 2005, Michael Haardt wrote: > > > > A better queue implementation would help a great deal. Possibly by > > using a special purpose filesystem, or by Exim working on a raw device > > or prealloc

Re: [exim] High Perf server - was (exim allowed someone to slam my mail server for 3 hours)

On Wed, Jun 29, 2005 at 10:16:46AM +0100, Mark Lowes wrote: > Mount /var/spool/exim/db/ as a ramdisk. Correct. I use tmpfs for hints a long time now and it works great. > We hit a bottleneck in db access when I rolled out the ratelimiting, > moving to a ramdisk has resolved the problem for the m

Re: [exim] Exim 4.52 release candidate and SPF?

On Tue, Jun 28, 2005 at 02:27:12PM +0200, Tom Kistner wrote: > There was a post-RC fix related to SPF which will be in a RC2 tarball > that Philip intends to release very soon, but it should not cause a > crash if the configuration does not use SPF. Can you do provide more > debug information? :

[exim] Exim 4.52 release candidate and SPF?

Hello, although I can compile the Exim 4.52 release candidate with SPF, using libspf 1.2.5, the resulting daemon dies without error message at random times. So far I only compiled it with SPF, but the configuration does not use it. After I took SPF out, everything appears to work as before. Is

Re: [exim] FAST QUEUE DELIVERY!!

> I agree with Tom though...let exim's internal queue functions handle > it since it's already doing whatever you'd be scripting and it works > in parallel. Actually, I do run a scripted queue runner replacement for performance reasons on my outgoing machines. I wrote this once before, but anyway

[exim] What does $message_linecount include?

Hello, just having skimmed doc/NewStuff, what does $message_linecount include at transport time? My count is off by two, which may be due to delivery_date_add and return_path_add adding uncounted lines. Why is the newline between header and body not counted? Michael -- ## List details at http:

  1   2   >