Hi Olaf,
I had a similar problem several years ago, but had to ensure TLS in and
TLS out to potentially hundreds of domains so implemented in in our mail
relay servers using a MySQL database:
CREATE TABLE `tls_force_remote_domains` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`domain`
All,
Not quite sure what's going on with Exim 4.96 ... have been running
previous versions up-to and including 4.94.2 on Devuan 4.0 (Like Debian
11 with without Poettering's systemd rubbish).
I come to migrate to Exim 4.96 which is usually:
* download the latest version
* unpack it next to
On 17/12/2022 17:10, Andreas Metzler via Exim-users wrote:
[...]
Hello,
Works for me on Debian with lftp.
BTW: Does it still make sense to offer ftp access in addition to
http(s)? Are there still systems that can do the former but not the
latter?
cu andreas
For me with headless, remote, De
.bz2 (2047632
bytes).
226 Transfer complete.
2047632 bytes received in 0.16 secs (12.0100 MB/s)
ftp>
thanks ;-)
Mike
On 17/12/2022 15:59, Moritz Orbach via Exim-users wrote:
Hi Mike,
Am Sa, 17.12.2022 16:03 Uhr schrieb Mike Tubby via Exim-users:
Has something changed w.r.t. FTP access to e
Hi All,
Has something changed w.r.t. FTP access to exim.org?
I have downloaded new versions of Exim for years using FTP CLI but now I
can't files from two different hosts and with 'active' or 'passive' modes.
My end are Devuan 4.0 (like Debian 10 but without systemd) and FTP
command from Lin
On 11/09/2022 22:15, Andrew C Aitchison via Exim-users wrote:
On Sun, 11 Sep 2022, Mike Tubby via Exim-users wrote:
Hi all,
Compiling Exim 4.96 fails on Devuan 4.0 Chimaera (basically Debian
but without systemd).
Firstly it complained that I didn't have "pcre2.h" - whic
Hi all,
Compiling Exim 4.96 fails on Devuan 4.0 Chimaera (basically Debian but
without systemd).
Firstly it complained that I didn't have "pcre2.h" - which it has never
asked for before:
/bin/sh ../scripts/Configure-os.h
cc -DMACRO_PREDEF macro_predef.c
In file included from mac
Mark,
I have experienced the same... seems to happen one every 2-3 weeks and I
think it depends on which actual server in Google's cluster you get
connected to.
Google's implementation of SMTP seems to be very poor at reporting
actual problems, rather it either accepts delivery (and presumab
Or is it "Mailing lists break DKIM?" ;-)
On 29/06/2022 10:37, Jeremy Harris via Exim-users wrote:
DKIM breaks mailinglists.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim
I run am email system with three public mail relay servers which act as
the MX and front ends for a couple of hundred domains.
These relay servers run Exim and perform a wide range of 'email firewall
functions' policing the SMTP protocol, checking RBLs, SPF, DKIM, URBL,
sender verify, recipi
On 13/03/2022 22:30, Evgeniy Berdnikov via Exim-users wrote:
On Sun, Mar 13, 2022 at 08:06:45PM +, Mike Tubby via Exim-users wrote:
2022-03-13 19:47:53 1nTTGO-0001Jw-Tr H=alt2.gmail-smtp-in.l.google.com
[2a00:1450:4025:c03::1a]: SMTP timeout after sending data block (476909
bytes written
On 13/03/2022 20:33, Jeremy Harris via Exim-users wrote:
On 13/03/2022 20:06, Mike Tubby via Exim-users wrote:
2022-03-13 19:47:53 1nTTGO-0001Jw-Tr
H=alt2.gmail-smtp-in.l.google.com [2a00:1450:4025:c03::1a]: SMTP
timeout after sending data block (476909 bytes written): Connection
timed out
I have started seeing odd timeouts from Exim when talking to Goolge
gmail, email path:
MTA (Thunderbird/Win 10) --> mail.tubby.org (Linux/Exim) -->
relay1.thorcom.net (Linux/Exim) --> Gmail
My MTA is behind my firewall, it sends SMTP to my public mail server,
which relays (smart host)
All,
Upgraded my public email server from Devuan 3.1 Beowulf to Devuan 4.0
Chimaera this afternoon and Exim stopped working ... fair enough, it's a
custom build for the platform so did:
cd /root/exim-4.94
make clean
make makefile
make
make install
then:
service exim
Interesting discussion ... I am in a slightly different place on our
three public mail servers that handle circa 200,000 mails per day for
about 20-30 domains.
1. I use Devuan 3.1 (Beowulf) and compile Exim from source with OpenSSL
rather than GnuTLS. NB. No systemd here to fek with things!
SPF is not 'authentication', its a separate framework for dealing with
Sender Policy, hence the name Sender Policy Framework ;-)
I log SPF results on my public mail relays from the 'acl_check_mail'
like this:
acl_check_mail:
#
# log the SPF result
#
warn s
On closer inspection, I think I am generating one per message stuck on
the queue - each time Exim runs the queue - hence this may relate to
'retry_update'?
Exim 4.93 built from source, 64-bit Devuan 3.0 Beowulf (similar to
Debian 10 but without systemd).
On 25/01/2021 13:48, Mike
All,
I thought that I had fixed my system's issues with tainted data some
months ago but I appear to be logging one of these in paniclog for each
message processed:
2021-01-25 10:48:56 1l2yKc-0003H9-4x Taint mismatch, Ustrncpy:
retry_update 826
2021-01-25 10:58:56 1l2yKc-0003H9-4x Taint mi
If its the sender address, i.e. the envelope then in acl_check_mail
something like:
#
# check length of sender's address
#
deny condition = ${if > {strlen:$sender_address}{200}}
message = Sender address is too long
logwrite =
On 11/11/2020 18:31, Chris Siebenmann via Exim-users wrote:
Jeremy Harris:
Semi-radical: provide an ACL, router, and transport modifier that
checks some variable or content for dangerous contents
We have that. All data provided by an untrusted source, described
as "tainted" for a shorth
On 10/11/2020 08:37, Julian Bradfield via Exim-users wrote:
I thought it was standard practice in introducing a new feature that
causes major breakage to existing installations, to take a three step
approach. First you provide the feature, and give it an enabling
switch with three levels "off",
Ok,
I think I have have gotten my head around this now ...
I have a global domain list:
#
# local_domains -> domains that land here
#
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains
WHERE type='local' AND active='1'}{${sg{$value}{\\n}{ : }} }}
which I already use for rou
On 08/11/2020 12:12, Andrew C Aitchison via Exim-users wrote:
On Sun, 8 Nov 2020, Mike Tubby via Exim-users wrote:
Now it looks like I have to use additional look-ups, perhaps
something like this:
$domain_data = ${lookup mysql{SELECT domains.domain AS domain FROM
On 07/11/2020 23:30, Michael Haardt via Exim-users wrote:
Ok, have had a 5 minute scan read ... seems that tainted data is a
{potential} problem, but in my case the variables that I use to build a
path in transport 'local_delivery':
[...]
have already been used as keys in a database look-up pre
On 07/11/2020 20:54, Jeremy Harris via Exim-users wrote:
On 07/11/2020 20:43, Mike Tubby via Exim-users wrote:
What do I need to know to fix this one?
Either
- read back through exim-users, which has amply covered tainting
or
- start by hauling up the concept index in the docs, and search
On 06/11/2020 11:53, Mark Elkins via Exim-users wrote:
I've got the following in exim.conf
acl_check_dkim:
deny dkim_status = fail
message = DKIM validation failed: $dkim_verify_status
log_message = DKIM validation failed: $dkim_verify_status \
(
All,
So you can tell its Lockdown 2.0 as I am catching up with email server
sysadmin, updating spam scanning and antivirus ready for when the
thought police visit next month.
I have been running Exim 4.93.0.4 successfully with virtual domains with
a MySQL backend in first-normal form and its
On 07/11/2020 20:10, Adam D. Barratt via Exim-users wrote:
On Sat, 2020-11-07 at 17:45 +, Mike Tubby via Exim-users wrote:
2. the return value 512 (really 2) is tripping on a password
encrypted ZIP file for which there is no right thing to do:
a) accept it because we can
On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote:
On 07/11/2020 16:16, Mike Tubby via Exim-users wrote:
Sophos manual for savscan says it returns:
0 If no errors are encountered and no threats are detected.
1 If you interrupt savscan (usually by pressing CRTL
On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote:
On 07/11/2020 16:16, Mike Tubby via Exim-users wrote:
Sophos manual for savscan says it returns:
0 If no errors are encountered and no threats are detected.
1 If you interrupt savscan (usually by pressing CRTL
All,
Environment: Devuan 3.0 Beowulf 64-bit on Xeon - like Debian Buster but
without systemd ;-) Exim 4.93.04 built from source. Sophos Linux free
command line scanner.
Low volume mail server with mail relays in front doing SpamAssassin and
Clam-AV but want to run second line of defense with
On 23/09/2020 18:16, Jeremy Harris via Exim-users wrote:
On 23/09/2020 16:59, Bill Cole via Exim-users wrote:
1. You don't allow any TLS versions below 1.2. While that may seem to be
a safety measure, it actually can cause problems because a client that
does not support v1.2 or v1.3 can only
On 07/07/2020 00:23, Jeremy Harris via Exim-users wrote:
On 07/07/2020 00:01, Mike Tubby via Exim-users wrote:
remote_smtp:
driver = smtp
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE
domain='${quote_
On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote:
I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:
DKIM_CANON = relaxed
DKIM_SELECTOR = 2020
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_PRIVATE_KEY = ${if
exists{/etc/exim4/dkim/DKI
On 05/06/2020 10:24, Jacques B. Siboni via Exim-users wrote:
On Fri, 2020-06-05 at 09:36 +0100, Jeremy Harris via Exim-users wrote:
By the way, if you really are logging "H=router" then you
have an unusual network setup. If you obfuscated it, then
you are making it harder for us to help you.
On 02/06/2020 18:19, Jeremy Harris via Exim-users wrote:
On 02/06/2020 17:15, Mike Tubby via Exim-users wrote:
Right now I' doing this in the RCPT ACL:
tl;dr. Which bit does not work?
I wanted to do this - in the MIME ACL:
#
# Check if sender is whitelisted to di
On 27/05/2020 20:58, Jeremy Harris via Exim-users wrote:
On 26/05/2020 07:53, Mike Tubby via Exim-users wrote:
I need to make business logic decisions in the MIME ACL on how to screen
MIME content based on the sender domain and recipient domain
The message could have multiple recipients
I need to make business logic decisions in the MIME ACL on how to screen
MIME content based on the sender domain and recipient domain but the
variables that I need to not appear to be set up:
2020-05-18 16:05:04 1jahKC-0005Zn-Tj H=relay1.thorcom.net
[195.171.43.32] X=TLS1.3:TLS_AES_256_GCM_SHA
I do not recognise this problem on Debian, Ubuntu or Devuan ?
On all three OS I remove the OS installed exim4-demon-light,
exim4-daemon-heavy etc. packages, purge the system and by hand remove
debian-exim from /etc/group and /etc/passwd so that the system ends up
totally void of packaged Exim.
Linda,
Using multiple MX at multiple locations is common for lager
implementations, big business, ISPs etc.
Even my personal domain (tubby.org) follows this design with two servers
at my company and a third at another site.
root@public:~# dig tubby.org mx
; <<>> DiG 9.11.5-P4-5.1-Debian <<
On 27/04/2020 20:21, Jeremy Harris via Exim-users wrote:
On 27/04/2020 20:09, Mike Tubby via Exim-users wrote:
2020-04-27 19:05:46 1jT88X-0003Qr-G5 DKIM START:
domain=bounce.wowcher.co.uk possible_signer=e.wowcher.co.uk status=pass
2020-04-27 19:05:46 1jT88X-0003Qr-G5 no IP address found for
All,
I've been meaning to ask about this for over a year and not got round to
it ...
On my email relays (Exim 4.93 compiled from source, Devuan Beowulf,
64-bit Intel) I frequently see messages:
no IP address found for host
Where 'spurious name' is one of two or three names that re-app
, does the authentication and
GeoIP policy stuff, logs the transaction and outcome and returns the
HTTP response code.
Mike
On 17/03/2020 08:18, Heiko Schlittermann via Exim-users wrote:
Mike Tubby via Exim-users (Di 17 Mär 2020 01:51:55 CET):
All,
Dovecot IMAP/POP3 server has a built-in Authe
On 18/03/2020 09:07, Andrew C Aitchison wrote:
On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote:
The PHP back-end accepts a POST on a URI with form data that contains:
* email address
* password
* remote IP address
the back-end considers:
a) the username/password pair - for
ecot,
so it may or may not be possible to enforce the GEOIP policy
(but I'd be tempted to do that in a firewall such as iptables
before the connection reaches exim unless the location of the
logging is critical).
On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote:
Dovecot IMAP/POP3 serve
On 17/03/2020 09:40, Jeremy Harris via Exim-users wrote:
On 17/03/2020 00:51, Mike Tubby via Exim-users wrote:
it would be really good (tm) if Exim
could make similar call outs to an Authentication Policy Server
You mean something like the entire set of ACL and authenticator
facilities
All,
Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system
whereby it can make a web-services call to to an Authentication Policy
Server:
1. command: on connect, before authentication
2. command: on connect, after authentication
3. report: on final outcome of
All,
Some government departments that we work with asked us to increase email
security via "forced TLS" for which I developed a solution for:
a) our public email relay servers (with upstream/downstream and
local/remote hosts - 4 legs) - this is moderately complex but all worked
first tim
On 13/02/2020 13:02, Jeremy Harris via Exim-users wrote:
On 13/02/2020 12:03, Kai Bojens via Exim-users wrote:
Would it be possible for the Exim project to provide some insights into
which syscalls, capabilities, access to directores and so on are
required?
Not in full. We don't maintain a r
On 16/10/2019 08:29, Cyborg via Exim-users wrote:
Nospam2k (Mi 16 Okt 2019 08:05:05 CEST):
Perhaps I should go about this a different way. I am going to be hosting multiple domains.
Since it seems that $tls_in_sni is returning blank and/or can be unreliable, what is the
best way to handle t
256:ECDHE-RSA-AES256-SHA:ECDHE-R
SA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
I will compare ;-)
JME
-----Message d'origine-
De : Exim-users De la part
de Mike Tubby via Exim-users
Envoyé : samedi 12 octobre 2019 15:36
À : exim-users@exim.org
Objet : Re: [exim] Define preferred
We use Exim 4.92.2 compiled with OpenSSL on Devuan 3.0 Beowulf with GCC
version 8.
#
# Enable TLS with strong ciphers
#
MAIN_TLS_ENABLE = true
openssl_options = -all +no_sslv2 +no_sslv3 +no_compression
+cipher_server_preference
If you use a contracted (short) cipher list like these:
# t
I have someone connecting to me repeatedly and failing on TLS/SSL start
up, thus:
2019-09-02 23:57:30 CONNECT: New connection from 80.82.32.21:62950 ->
195.171.43.32:25
2019-09-02 23:57:30 CONNECT: Accepting connection from: 80.82.32.21 -
not blocked by any RBL
2019-09-02 23:57:30 HELO: Accept
This is usually about setting the envelop address correctly and depends
on your application generating the email, for example it could be a
shell invocation of "sendmail -f ..." or the way I do it from websites
which is via an SMTP connector. On some sites I use a custom PHP
connector on other
On 08/05/2019 00:57, Jeremy Harris via Exim-users wrote:
On 08/05/2019 00:39, Mike Tubby via Exim-users wrote:
user_filter:
driver = forwardfile
data = ${lookup mysql{SELECT rule FROM users LEFT JOIN domains \
ON domains.id=users.domain_id LEFT JOIN filters \
ON
On 07/05/2019 23:09, Jeremy Harris via Exim-users wrote:
On 07/05/2019 22:52, Mike Tubby via Exim-users wrote:
is there a way to implement per-user filtering by having Exim read it
from a MySQL/MariaDB table at delivery/processing time?
Reading the doc chapter on the redirect router, it'
I'm building an Exim/Dovecot/Nginx/Roundcube system to replace our
ancient public mailserver (Redhat 9, Exim 4.14, Courier-IMAP).
The new system OS is Devuan 3.0 "Beowulf" with MariaDB 10.3 (no systemd
entanglement ;-) and I've built a database to host users, passwords,
domains, aliases, vacat
I have just discovered that Exim DKIM appears to fail to parse some DKIM
keys that other systems claim are okay:
19 00:50:18 RCPT: SPF Result2=pass (Partnersresponse.dell.com /
mail04.response.dell.com [142.0.168.187])
19 00:50:19 1hHGnL-0002nj-0r PDKIM: d=dell.com s=dk2016 [failed key import]
On 14/04/2019 02:40, Jasen Betts via Exim-users wrote:
On 2019-04-13, Rainer Dorsch via Exim-users wrote:
Hi,
I want to upgrade my server from Debian Jessie to Debian Stretch. I am afraid
that at some time during the upgrade process, there is an invalid exim
configuration and messages get re
All,
I run a set of public mail relays that have a pretty comprehensive
'email firewall' implementation that makes extensive use of ACLs and
perform a wide range of checks including RBLs, SMTP protocol, etc.
I run Exim 4.92 compiled from source on Ubuntu 16.04 LTS 64-bit.
All of my ACLs use
On 15/03/2019 14:54, Jeremy Harris via Exim-users wrote:
On 15/03/2019 14:36, Mike Tubby via Exim-users wrote:
Does the use of a CNAME in this case violate an RFC?
I've not looked hard to find one. The original RFC
for SRV doesn't mention CNAME.
Discussion here:
https://serve
On 27/01/2019 13:42, Graeme Fowler via Exim-users wrote:
On 27 Jan 2019, at 12:33, The Doctor via Exim-users wrote:
am certain many of you have seen this, but how do you block / bounce said
below e-mail via exim using spamassassin / clamd ?
Install at least the ‘phish’ database from SaneSec
On 16/01/2019 20:21, Odhiambo Washington wrote:
On Wed, 16 Jan 2019 at 18:26, Mike Tubby via Exim-users
mailto:exim-users@exim.org>> wrote:
On 15/01/2019 10:21, Jeremy Harris via Exim-users wrote:
> On 15/01/2019 09:54, Mike Tubby via Exim-users wrote:
>> Can s
On 15/01/2019 10:21, Jeremy Harris via Exim-users wrote:
On 15/01/2019 09:54, Mike Tubby via Exim-users wrote:
Can someone point me in the right direction?
Presumably your build didn't actually include SPF. Check
the "Support for" line from "exim -bV". If it'
On 16/01/2019 14:31, Heiko Schlittermann via Exim-users wrote:
Mike Tubby via Exim-users (Mi 16 Jan 2019 14:58:07 CET):
All,
When compiling Exim 4.91 on Ubuntu 16.04.5 LTS I get a gcc warning in the
USR1 signal handler:
gcc exim.c
exim.c: In function ‘usr1_handler’:
exim.c:242:1: warning
All,
When compiling Exim 4.91 on Ubuntu 16.04.5 LTS I get a gcc warning in
the USR1 signal handler:
gcc exim.c
exim.c: In function ‘usr1_handler’:
exim.c:242:1: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
(void)write(fd, process_in
Ubuntu 16.04.5 LTS
On 15/01/2019 12:20, Odhiambo Washington via Exim-users wrote:
On Tue, 15 Jan 2019 at 13:04, Mike Tubby via Exim-users
wrote:
I have been using Exim-4 built from source with SPF from libspf2:
https://github.com/Exim/exim/wiki/SPF
for several years and when a new
I have been using Exim-4 built from source with SPF from libspf2:
https://github.com/Exim/exim/wiki/SPF
for several years and when a new version is issued I grab the tarball,
copy over Local/Makefile from the previous release and:
make configure
make
make install
and all is
68 matches
Mail list logo