Re: [exim] Help to logical OR two conditions

On 2020-10-01 at 13:24 +0700, Victor Sudakov via Exim-users wrote: > Could you please help me unite the following two ACL expressions into one: > > accept condition = > ${lookup{$local_part@$domain}lsearch{/etc/dovecot/aliases}{yes}} > accept condition = > ${lookup{$local_part@$domain}

Re: [exim] Moving a queue from server to server

On 2020-07-15 at 10:02 +0100, Jeremy Harris via Exim-users wrote: > On 14/07/2020 18:57, Johnnie W Adams via Exim-users wrote: > > Now I'm replacing that box with a newer one and wondering how to move > > the queue of frozen mail from the old machine to the new--or if I'm better > > off just w

Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

On 2020-06-17 at 19:51 -0400, Felipe Gasper wrote: > > On Jun 17, 2020, at 6:22 PM, Phil Pennock via Exim-users > > wrote: > > because TLS1.3 mandates SNI. > > Phil, do you have a citation for this? I skimmed the RFC just now, and the > only mandatory details abou

Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

On 2020-06-17 at 15:34 -0400, John R. Levine via Exim-users wrote: > For example, here's where you can find the MTA-STS for my iecc.com: > > https://mta-sts.iecc.com/.well-known/mta-sts.txt My stance on MTA-STS is that it's reasonable to advertise to get the big players talking to you, but it's

Re: [exim] Upcoming Glibc changes and DANE support in Exim, Postfix, and perhaps other MTAs

On 2020-04-16 at 16:00 -0400, Viktor Dukhovni via Exim-users wrote: > On Thu, Apr 16, 2020 at 07:53:08PM +0100, Jeremy Harris via Exim-users wrote: > > On 15/04/2020 18:46, Viktor Dukhovni via Exim-users wrote: > > > I read this to mean that the new "trust-ad" option, if set, causes the > > > Glibc

Re: [exim] DANE ERROR: TLSA LOOKUP DEFER

On 2020-03-25 at 13:10 -0400, Phil Pennock via Exim-users wrote: > On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote: > > We recently received many of our end users complains that they are having > > problem sending email to *.gov.hk with this exim error: > > DA

Re: [exim] DANE ERROR: TLSA LOOKUP DEFER

On 2020-03-23 at 20:54 +0800, daniel via Exim-users wrote: > We recently received many of our end users complains that they are having > problem sending email to *.gov.hk with this exim error: > DANE ERROR: TLSA LOOKUP DEFER Their DNS is broken. > However we have contacted our government and th

Re: [exim] Exim multi-server architecture with NAS

On 2020-03-10 at 17:11 -0400, Robert Blayzor via Exim-users wrote: > Would this be a valid design and what are the caveats? What would a > better design option be? Caveat: the guarantee of SMTP is that you have responsibility once you accept the message, so think carefully about the resiliency of

Re: [exim] DKIM ed25519 signing issues

On 2020-03-05 at 09:02 +, Graham McAlister via Exim-users wrote: > Suspect my distro build uses openssl instead of gnutls and my version > of openssl is 1.1.0 but ed25519 support is in 1.1.1 > > So, either I build exim to use gnutls, or I upgrade openssl to 1.1.1 > > That's my plan, and will

Re: [exim] DKIM ed25519 signing issues

On 2020-03-04 at 09:06 +, Graham McAlister via Exim-users wrote: > Has anyone successfully used Exim and DKIM with ed25519 keys? Any pointers? Yes. I dual-sign. It's amusing to see all the status reports from systems which don't implement Ed25519. At least most of them now will accept seein

Re: [exim] a tool to relay to Gmail using AUTH XOAUTH2

On 2019-09-18 at 23:05 +0200, Heiko Schlittermann via Exim-users wrote: > Wouldn't it be better to integrate it into Exim itself? > Can't we use the authenticators for this? Write a new > driver, xoauth2, and use it in the transport section? If recollection serves, XOAUTH2 can require prompting fo

Re: [exim] [oss-security] Sv: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

On 2019-09-07 at 08:23 +0200, Heiko Schlittermann wrote: > Phil Pennock (Sa 07 Sep 2019 02:52:56 CEST): > > The connect ACL won't protect you against STARTTLS usage, which is far > > more common for email than TLS-on-connect. > > > > I myself use the HELO A

Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

On 2019-09-06 at 22:04 +0200, Heiko Schlittermann via Exim-users wrote: > The HELO ACL doesn't help either, as the first EHLO comes before > STARTTLS, and the second EHLO doesn't have to come, the client may send Oh pox. My memory is going. I hadn't realized that my protection against this comes

Re: [exim] [oss-security] Sv: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

On 2019-09-06 at 20:50 +0200, Sebastian Nielsen wrote: > Shouldn't this be in connect ACL? > How would the deny in MAIL FROM prevent the exploit? What I have understand > is that there is exploit in the SNI of the TLS negotiation, thus the whole > connect attempt must be rejected right? The conn

Re: [exim] Exim, Dovecot, mdir and hardlinks - a true story

On 2019-08-14 at 12:24 -0400, Phil Pennock via Exim-users wrote: > On 2019-08-14 at 12:54 +0100, Jeremy Harris via Exim-users wrote: > > Do we need a fast/poor quota method for cases where the size-file > > cannot be used? > > Just to raise the possibility to see if other

Re: [exim] Exim, Dovecot, mdir and hardlinks - a true story

On 2019-08-14 at 12:54 +0100, Jeremy Harris via Exim-users wrote: > Do we need a fast/poor quota method for cases where the size-file > cannot be used? Just to raise the possibility to see if others can spot approaches which make this feasible rather than a giant can of worms: direct support for f

Re: [exim] Help with AUTH DDOS

On 2019-06-26 at 10:42 -, Jasen Betts via Exim-users wrote: > alternatively in ACL_AUTH > > drop > set acl_c_auth_count = ${eval: $acl_c_auth_count + 1} > condition = ${if >{1}{$acl_c_auth_count }} > message = "go away" > > which will allow only one attempt at auth per connect. M

Re: [exim] exim-4.92: GSSAPI authenticator doesn't work

On 2019-06-20 at 14:26 +0200, Frank Richter via Exim-users wrote: > after upgrading to exim-4.92 (EPEL exim-4.92-1.el6.x86_64) our gssapi > authenticator doesn't work any more. Debugging permissions and interactions and libraries automatically dropping access for setuid programs was such a nightma

Re: [exim] Exim and file access right

On 2019-05-19 at 16:05 +0200, Arno Thuber via Exim-users wrote: > From chapter 55 of the Exim documentation I see that Exim delivery drops > rights which it has as a server but I don't fully understand it - or I > don't understand Unix access rights. With user Debian-exim member of > privkey_users

Re: [exim] SSL forcing

On 2019-05-19 at 19:17 +0100, Richard Jones via Exim-users wrote: > # egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort -n | > tail That will include all the outbound, and also all the spammers whom you ended up rejecting (because yes spammers use TLS nowaways). $ pcregrep -h

Re: [exim] Sourcing Exim Filter from MySQL/MariaDB table?

On 2019-05-08 at 00:39 +0100, Mike Tubby via Exim-users wrote: > Which suggests I need something like: > > user_filter: >     driver = forwardfile >     data = ${lookup mysql{SELECT rule FROM users LEFT JOIN domains \ >         ON domains.id=users.domain_id LEFT JOIN filters \ >         ON users.i

Re: [exim] Strange log message: no IP address found for host bazar2, conectiva.com.br

On 2019-03-31 at 19:12 +0100, Mike Tubby via Exim-users wrote: >     no IP address found for host bazar2.conectiva.com.br Some Googling suggests that this host used to run a Mailman instance popular for hosting some Brazilian mailing-lists. Seems like the sort of thing which might end up special-

Re: [exim] Server offering *all* certificates

On 2019-03-29 at 13:44 +, Richard Jones via Exim-users wrote: > I was hoping to be able to validate them, yes. It just seems overkill to > also offer every root CA installed. > > If it's a choice of one cert or all, then clearly this isn't the end of > the world, and thanks! This is a crypto

Re: [exim] MTA-STS support?

On 2019-01-31 at 10:10 +, Jeremy Harris via Exim-users wrote: > On 31/01/2019 09:47, sqit via Exim-users wrote: > > Forgive me if there has already been a thread on this but I didn't see one. > > Is MTA-STS policy validation being considered for the Exim development > > roadmap? > > Not by m

Re: [exim] NFSv4: failed to set ownership on spool file

On 2019-01-29 at 10:30 +0100, Heiko Schlittermann via Exim-users wrote: > - The tcpdump show a V4 SETATTR, but only for the owner (I'd have > expected the group too), AND the owner is numerical, not user@domain, > as I would have expected. The pcap file is attached. It's showing a GETATTR, not

Re: [exim] Expiriences with TLS 1.3

On 2019-01-28 at 15:09 +, Andrew C Aitchison via Exim-users wrote: > I see many header lines like: > > Received: from smtp.spodhuis.org ([2a02:898:31:0:48:4558:736d:7470]:34422 > helo=mx.spodhuis.org) > by hummus.csx.cam.ac.uk with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) > (Exim 4.91)

Re: [exim] Exim 4.92-RC1

On 2018-12-14 at 17:22 +, Jeremy Harris via Exim-users wrote: > Possibly the main-config option openssl_options? > > The docs list possibilities including > no_tlsv1 > no_tlsv1_1 > > so I'd be tempted to try those without the "no_". Alas, no. You'd want `-no_tlsv1` but I doubt that work

Re: [exim] [m...@openssl.org: Re: [openssl-users] openssl 1.0.2 and TLS 1.3]

On 2018-09-11 at 11:05 -0400, Viktor Dukhovni via Exim-users wrote: > On Tue, Sep 11, 2018 at 03:37:12PM +0100, Jeremy Harris via Exim-users wrote: > > They may well find that applications just refuse to change. > > Debian Stretch ships with 1.1.0, applications are moving along. My proposal to ch

Re: [exim] [exim-dev] "25 lost" is giving me useful clues

On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote: > What this is telling me is someone at 157.0.116.189 is making > connections to my mail server - presumable to see if they can detect the > accounts of users on my machine? This really belongs on exim-users, not exim-dev (bcc'd) becaus

[exim] Administrivia: Direct requests for help

Folks, Everyone here provides help on the mailing-lists on a volunteer basis. That's part of how open source projects work. If you get value from the code and give help back in return, everyone benefits. If the developers give help here, that's nice of them; any developer who thinks the document

[exim] exim mail outage

Folks, I seriously messed up and didn't test enough scenarios when making a change to Exim configs for exim.org on Tuesday. I then spent yesterday heads-down on work and didn't see Jeremy's report to me. I broke things such that sender verification failed for almost everybody. Sorry. I've roll

Re: [exim] detecting DMARC-protected domain

On 2018-07-07 at 18:56 +0100, Julian Bradfield via Exim-users wrote: > Is there a way to detect, in the Exim configuration file, whether a > sender domain has a DMARC record? Use a `dnsdb` lookup, look for the DMARC DNS record. The rest of your mail leads me to suggest a better approach, but to f

Re: [exim] Rspamd-Proxy error with exim

On 2018-06-15 at 17:26 -0400, Phil Pennock via Exim-users wrote: > On 2018-06-15 at 11:51 +, Emanuel Gonzalez via Exim-users wrote: > > "In fact, it is Exim who SHOULD drop fucking legacy protocol support. > > But I cannot convince its developers to do that. I have fixed th

Re: [exim] Rspamd-Proxy error with exim

On 2018-06-15 at 11:51 +, Emanuel Gonzalez via Exim-users wrote: > "In fact, it is Exim who SHOULD drop fucking legacy protocol support. > But I cannot convince its developers to do that. I have fixed this > issue at some point in the past but I have no Exim to test that." For the record: this

Re: [exim] unable to get local issuer certificate cert

On 2018-06-15 at 03:56 +0200, krz...@gmail.com via Exim-users wrote: > SSL verify error: depth=1 error=unable to get local issuer > certificate cert=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert > SHA2 High Assurance Server CA > > Its the same error for every receiver and I belive error is

Re: [exim] Rspamd-Proxy error with exim

On 2018-06-14 at 18:31 +, Emanuel Gonzalez via Exim-users wrote: > Here the log: > > https://github.com/vstakhov/rspamd/files/2102038/rspamdserver.log The rspamd proxy is replying with an HTTP response, not an RSPAM protocol response. Since I saw logic in the proxy source-code to handle this

Re: [exim] Rspamd-Proxy error with exim

On 2018-06-13 at 18:44 +, Emanuel Gonzalez via Exim-users wrote: > rspamd-proxy doesn't work with Exim v4.87. Connection works etc but exim > can't parse the response. Interesting. From the rspamd log attached to your ticket against rspamd it looks as though rspamd thinks things succeeded?

Re: [exim] exim4 Versions above about 4.80 Don't Talk to my ISP's smarthost.

On 2018-05-31 at 21:41 -0500, Martin McCormick via Exim-users wrote: > The last part of this long message is the log of the > delivery attempt. As you see, I do now log in to the smarthost > and the only reason for the failure is that the sender name gets > changed. > > The ISP knows

[exim] DANE example (Re: Exim & DANE .. status ?)

On 2018-05-22 at 18:09 +0200, Cyborg via Exim-users wrote: > the german office of security ( BSI ) has given out a policy, that > secure emailserver should have implemented DANE. > > So, whats the status of DANE for Exim? > > Any usefull selfexplaning examples at hand ? :) Outbound or inbound?

Re: [exim] MySQL Connection errors – SSL?

On 2018-05-14 at 14:12 +0200, Kai Bojens via Exim-users wrote: > 1. Does Exim close the MySQL connection properly? One explanation I > found suggested that this could pose a problem. It should be closing it. There might be a leak, that is something we'd probably fix given sufficient information.

Re: [exim] setting up purchased SSL certificates on existing system

On 2018-04-30 at 14:58 +0100, Gary Stainburn via Exim-users wrote: > I have now purchased (through 123-reg) a SSL certificate and I am trying to > install it on the server. Which method did you use to buy the cert, and are you a "shared hosting package" customer? > My problem is that from my SSL

Re: [exim] Fw: paniclog after upgrade from 4.90_1 to 4.91

On 2018-04-23 at 21:20 +0200, Sławomir Dworaczek via Exim-users wrote: >> Afertupgrade from exim version 4.90_1 to 4.91 messages not sending to >> external host >> Panic log : Delivery status for user@external_domain.com got 0 of 7 bytes >> (pipeheader) from transport process 13323 for transport

Re: [exim] Next Exim: TLS: changed smarthost example config

On 2018-04-20 at 22:38 -0400, Viktor Dukhovni via Exim-users wrote: > I'd make that: > > HIGH:!aNULL:!aDSS:!kECDHr:!kECDHe:!kDHr:!kDHd > > Because, the ciphers are already sensibly ordered as of OpenSSL 1.0.0. No matter what we tell people and how much we push towards 1.0.2 as a minimum, I

Re: [exim] Next Exim: TLS: changed smarthost example config

On 2018-04-21 at 11:23 +0200, Andreas Metzler via Exim-users wrote: > Personally I am not convinced that this is the right way for trying to > enforce stronger encryption standards on mail providers. It's not about that. It's about providing people relying upon defaults with worthwhile security,

[exim] Next Exim: TLS: changed smarthost example config

Folks, I've committed and pushed a change to the default Exim configuration file for the next Exim release. This change has the example SMTP Transport used for _smarthosts_, such as talking to an ISP, using TLS by default, with _strong_ TLS enabled, and certificate verification, and sending SNI.

Re: [exim] Assistance requested with $if foray{...

On 2018-04-18 at 11:42 +, Robert Bannocks via Exim-users wrote: > I want to search a file for decreasingly specific forms of an address > that come from a given host and do some specialist routing thereafter. > To this end I have constructed the following confition: Can you change the stored f

Re: [exim] compiling 4.91 under FreeBSD

On 2018-04-16 at 12:14 -0500, Larry Rosenman via Exim-users wrote: > http://home.lerctr.org:/data/live-host-ports/2018-04-16_11h54m01s/logs/errors/exim-4.91.log Enable OCSP support. It's on by default in Exim and our test suite isn't good at ensuring we still compile when various things are d

Re: [exim] compiling 4.91 under FreeBSD

On 2018-04-16 at 20:21 +0200, Max Kostikov via Exim-users wrote: > I had this > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227560 The experimental DMARC support hard-requires SPF support. NewStuff: 4. SPF support is promoted from Experimental to mainline status. The template src/EDI

Re: [exim] Exim 4.91: option "hosts_try_dane" unknown

On 2018-04-16 at 20:47 +0200, Max Kostikov via Exim-users wrote: > Is this option deprecated now? > Found nothing about this in ChangeLog and NewStuff. > (system is FreeBSD 11.1-RELEASE-p9) With the benefit of 20/20 hindsight, there's a couple of things which could have gone into README.UPDATING.

[exim] DKIM dual-signing RSA+Ed25519 working

Just so folks see it can be done: dual-DKIM signing, and verification, with Exim. Jeremy did all the Exim code to manage this, I'm acting purely as a sysadmin in deploying this. Exim 4.91, using OpenSSL 1.1.1-pre4, is the MTA for spodhuis.org; and is the next-exim for exim.org, so is the version

Re: [exim] Future OpenSSL configuration: sketch 1

On 2018-04-09 at 08:14 +0200, Kirill Miazine via Exim-users wrote: > Hi, Phil > * Phil Pennock via Exim-users [2018-04-08 17:24]: > [...] > > We've said "we only support versions of OpenSSL supported by the > > upstream project", so now it's time to take a

[exim] Future OpenSSL configuration: sketch 1

Folks, The way we configure OpenSSL and the amount of special stuff we have to do is a bit of a mess. GnuTLS is a bit better, because you can put TLS protocol versions into the Priority String, but with OpenSSL, we're stuck trying to support every last thing and caught when some folks stuck suppo

[exim] DANE / TLS ciphersuite improvements

On 2018-03-28 at 21:29 -0400, Phil Pennock via Exim-users wrote: > On 2018-03-28 at 21:11 -0400, Phil Pennock via Exim-users wrote: > > $smtp_found_dane or something? Note that DANE support is Experimental > > and feedback and requests are a good thing (patches even better!). &

Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

On 2018-03-28 at 21:11 -0400, Phil Pennock via Exim-users wrote: > $smtp_found_dane or something? Note that DANE support is Experimental > and feedback and requests are a good thing (patches even better!). Uh ... DANE graduated from Experimental, I forgot. Sorry. Am tentatively thinkin

Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

On 2018-03-28 at 11:43 +0200, Mark Elkins via Exim-users wrote: > Begs the question, do DANE enabled machine therefore perhaps require a > stronger encryption - as their owners should know what they are doing? > > I've no idea if its possible to allow weaker encryption for > opportunistic connecti

Re: [exim] Question TLS

On 2018-02-22 at 17:34 +, Luciano InfoCultura via Exim-users wrote: > How do I make connections initiated on ports 25 or 587 in plain text only > allow the sending of messages after using STARTTLS. > my brief configuration:The message exchange is between servers and do not use > authenticatio

Re: [exim] Get the value of an external script in a condition

On 2018-02-20 at 13:54 +, Andrew C Aitchison via Exim-users wrote: > Interesting idea to use the whois database to detect spammers. > Since whois data has expiry info and doesn't change every day, > I wonder how easy it would be to cache the results. The jwhois client does this; it's a GNU pro

Re: [exim] send mail based on origin domain

On 2018-02-16 at 12:21 -0300, Nicolas Leonel via Exim-users wrote: > I apologizes but my exim knowledge is extremely limited, can you share an > example on how to setup two different users with that example. I did. In the linked message: > > https://lists.exim.org/lurker/message/20171015.03055

Re: [exim] TLS BEAST attack on exim

On 2018-02-16 at 10:27 +0100, Cyborg via Exim-users wrote: > has anyone ever heared, that Beast worked against TLSv1 on mailservers ? I wrote a post to exim-announce at the time, analysing the situation. A Google search for (exim beast) turned this up as the first result: https://lists.exim.org/

Re: [exim] Exim-users Digest, Vol 165, Issue 9 [verification failed - body hash mismatch]

On 2018-02-12 at 18:53 -0500, Phil Pennock via Exim-users wrote: > > On 12/02/18 12:12, Martin Nicholas via Exim-users wrote: > > > I notice this from "Exim-users Digest, Vol 165, Issue 9": > I've subscribed another address to the mailing-list, in digest mode

Re: [exim] [META/OT] DKIM sender rewriting [Was: TLS error in incoming emails from *.outlook.com]

On 2018-02-12 at 19:45 -0800, Ian Zimmerman via Exim-users wrote: > I note with horror that now I am also a 'via Exim-users' despite > intentionally NOT using DKIM for list messages, including this one. > Why? Is the rewriting now done regardless? Yes. I don't know who/why. from_is_list has bee

Re: [exim] Exim-users Digest, Vol 165, Issue 9 [verification failed - body hash mismatch]

On 2018-02-12 at 14:04 +, Jeremy Harris via Exim-users wrote: > On 12/02/18 12:12, Martin Nicholas via Exim-users wrote: > > I notice this from "Exim-users Digest, Vol 165, Issue 9": > > > > DKIM: d=exim.org s=d201802 c=relaxed/relaxed a=rsa-sha256 b=1248 > > [verification failed - body hash m

Re: [exim] send mail based on origin domain

On 2018-02-01 at 13:32 -0300, Nicolas Leonel via Exim-users wrote: > Im using Sendgrid to send out email through my exim server, it uses a > remote SMTP host, port, username and password for sending email. The > problem is that now I would like to segment my delivery through multiple > SMTP users,

[exim] RFC8314: enable TLS-on-connect for clients to reach you

Postmasters might be interested in the newly issued RFC: https://www.rfc-editor.org/rfc/rfc8314.txt In this, Standards Track recommendations are made concerning TLS between an MUA (mail client) and the SMTP Submission Server (and IMAP/POP3 services). This does _not_ affect server->server commu

Re: [exim] Can't register in bugs.exim.org

On 2018-01-06 at 19:50 -0500, Phil Pennock wrote: > On 2018-01-05 at 15:09 +0200, Max Kostikov via Exim-users wrote: > > Tried few times but received nothing in email. > > This is a bug in Exim, exposed on our side. Sorry. Bug worked around, mail should be flowing, bug 2220 fi

Re: [exim] Can't register in bugs.exim.org

On 2018-01-05 at 15:09 +0200, Max Kostikov via Exim-users wrote: > Tried few times but received nothing in email. This is a bug in Exim, exposed on our side. Sorry. Logs show "DKIM: message could not be signed, and dkim_strict is set." I'll include diagnostics here as "of interest to others in

Re: [exim] Some mails are queued, other are sent immediately

On 2017-12-18 at 15:02 +0100, Yvan Masson wrote: > Anyway, during tests I noticed that some emails are sent immediately > (what I prefer), while other are queued (introducing useless delay): > - Why this difference ? > - What could I do to avoid the queue ? By default, Exim will tell you why, with

Re: [exim] Exim 4.90 RC3 uploaded

On 2017-11-30 at 08:35 +0100, Frank Elsner wrote: > On Wed, 29 Nov 2017 20:21:47 + Jeremy Harris wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > I have built, signed and uploaded RC3 of Exim 4.90 to the ftp site: > > Hi, > > I've still problems to compile on an actual

Re: [exim] Verifying local addresses for inbound emails when using Dovecot/pipe transport

On 2017-11-29 at 22:18 +, Sebastian Arcus via Exim-users wrote: > Is there a way to build a router only for verification of local addresses > for inbound messages? As far as I can tell, verify = recipient doesn't work > when Exim delivers to Dovecot through dovecot-lda - as this always verifies

Re: [exim] exim and clamav deny malware

On 2017-11-18 at 10:57 +, Jeremy Harris wrote: > On 18/11/17 04:52, Phil Pennock wrote: > > Or try: > > > > malware = */defer_ok > > Nope; this case sisdn't get as far as the call out to clamav. It failed > trying to write the file for clamav to work on.

Re: [exim] exim and clamav deny malware

On 2017-11-17 at 16:18 +, Jeremy Harris wrote: > On 16/11/17 16:41, Emanuel wrote: > > Is it possible to add an exception, in case the analysis fails mail is > > sent anyway? > > Currently no; it's a fatal error. Even if you did go on it'd probably > fail for the same reason later in processi

Re: [exim] Exim and MySQL with UTF-8 encoding

On 2017-11-08 at 22:15 +0100, Yves Goergen wrote: > How can I tell Exim to talk to the MySQL server with UTF-8 encoding? If "[exim]" is not already in my.cnf then perhaps: # printf '[exim]\ncharacter_set_client=utf8\n' >> /etc/my.cnf Exim specifies an option group to the MySQL client library.

Re: [exim] Exim 4.90 RC1 uploaded

On 2017-10-28 at 15:58 +0200, Heiko Schlittermann via Exim-users wrote: > So, what's the owner of the binary? And - does your OS provide some > means to disallow set-uid binaries from setting the (e)uid (Linux has, > but has your *BSD?) Yes. FreeBSD supports nosuid mounts. With ZFS, it's even an

Re: [exim] sender-address and gmail

On 2017-10-23 at 17:46 +0200, Heiko Schlittermann via Exim-users wrote: > Angelo Chen via Exim-users (Mo 23 Okt 2017 10:25:33 > CEST): > > > client_send = : $sender-address : aPassword > > > > > > this failed, looks like $sender-address is expanded into user1@localhost, > > > any idea how to

Re: [exim] Spambox cfg for remote delivery?

On 2017-10-18 at 08:36 +, Jaap Winius wrote: > Some time ago I devised a spambox configuration for Exim so that messages > that are flagged by only one or two types of filters will end up in a user's > spambox. The transport looks like this: > > spambox: [...] Last time I ran ISP mail-systems

Re: [exim] how to get the email address of the sender?

On 2017-10-14 at 22:34 +0800, Angelo Chen via Exim-users wrote: > I'm trying to set up a gmail relay: This is modified from my setup, with the bit which relays mail from exim.org out through the exim.org server; so this isn't 100% known to work, I might have made typos. The file /etc/exim/auth/ou

Re: [exim] 4 issues to fix

On 2017-10-06 at 17:50 -0600, The Doctor wrote: > On Fri, Oct 06, 2017 at 05:28:43PM -0600, The Doctor wrote: > > Current version of the FreeBSD 11 port > > > > /usr/local/sbin/exim -bd -q1m -C /usr/local/etc/exim/configure.out Is the Exim binary setuid? Is the filesystem mounted nosuid? Eg, i

Re: [exim] 4 issues to fix

On 2017-10-06 at 13:32 -0600, The Doctor wrote: > 1) > 2017-10-06 12:55:36 1e0XmX-Ww-I2 failed to read delivery status for > ***@doctor.nl2k.ab.ca from delivery subprocess The child process has terminated without writing status back to the parent. It has probably crashed. Is dmesg repor

Re: [exim] Problem with exim

On 2017-10-05 at 11:06 +0200, Daniel Heß wrote: > i have the problem on my exim-server ( 4.82 ) that mails to remote_smtp > servers only work by the second connect. On the first connect i recive a Bad > file descriptor. A bug fixed in 4.83, released in 2014. We're now on 4.89. https://ftp.exim.o

Re: [exim] set return_path in config gives error

On 2017-10-04 at 22:58 +0200, Andy Smith via Exim-users wrote: > In case its of interest to anyone this was for request tracker which > usually sets the return_path to the email of the Apache OS user by > default (at least in my config), it now sets it to the reply-to address > specified in RT whic

Re: [exim] Stalled in the queue

On 2017-09-26 at 08:45 -0600, The Doctor wrote: > Question what cause mail to stall in a queue? Depends entirely. What does stalled mean? Is the message frozen? Every message has an Exim message-id, shown in the output from `exim -bp`. (I normally use `exim -bpru` to list the queue, to only se

Re: [exim] Error: maximum allowed line length is 998 octets, got 76

On 2017-09-13 at 11:44 +0200, Quaquaraquà via Exim-users wrote: > and the error became: > > 2017-09-13 11:34:07 1ds43b-0004yq-UV <= xx...@gmx.com H=mout.gmx.net > [212.227.15.18] P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > S=2150 id=3f5a9488-75fd-5d1e-8ac4-004e7564f...@gmx.com

Re: [exim] Code contribution process

On 2017-08-26 at 10:19 -0700, Ian Zimmerman wrote: > What is the way to contribute code patches to exim? I see some pull > requests on github but they haven't been acted on for a while. I > haven't checked git.exim.org but I assume it is read only :) Mail to exim-...@exim.org or use https://bugs

Re: [exim] Cipher suites identifier

On 2017-08-01 at 19:10 +0200, Luciano Rinetti wrote: > #exim -bV [...] > GnuTLS compile-time version: 2.8.6 > GnuTLS runtime version: 2.8.6 On 2017-08-05 at 11:09 +0200, Luciano Rinetti wrote: > #exim -bV > Exim version 4.74 #1 built 24-May-2011 20:35:05 [...] > GnuTLS compile-time version: 2.8.6

Re: [exim] Retiring old build targets

On 2017-07-27 at 15:04 +0100, Jeremy Harris wrote: > I don't think that would be good, as it maintains the illusion > that those builds are actually tested - which, lacking buildfarm > or other participation, I have no confidence in. The "or other participation" is the clincher here. In the past,

Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies

On 2017-06-29 at 11:00 +0200, Jan Ingvoldstad via Exim-users wrote: > There are DNS lookups for the sender and recipient domains, and in the > case of spam filtering, there are often additional DNS lookups in > DNSBLs for URIs found in the message content. URIs, is a fair point, but privacy-focuse

Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies

On 2017-06-29 at 10:20 +0200, Jan Ingvoldstad via Exim-users wrote: > On Wed, Jun 28, 2017 at 9:27 PM, Phil Pennock wrote: > > There could stand to be some privacy implications discussion too -- > > you're sending out, over the wire in unencrypted DNS packets, a > > pre

Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies

On 2017-06-28 at 18:19 +0300, Lena--- via Exim-users wrote: > How to use EBL in Exim config (requires Exim version 4.87 or higher): > https://github.com/Exim/exim/wiki/EBL Looks potentially useful. The Reply-To: header takes an address-list and is interpreted as such, and IIRC used in that way by

Re: [exim] Alias file is appearing in mainlog

On 2017-06-26 at 15:52 +, Dippery, Kyle wrote: > Last week I switched from a slightly-out-of-date-but-working > compiled-from-source exim 4.85 to a FreeBSD port exim 4.89. I've > updated my configuration to stop changing the exim user and group from > what got compiled in, and updated permissi

Re: [exim] Exim with virtual domains and Sieve

On 2017-06-11 at 12:35 +0200, Yves Goergen wrote: > I cannot find pysieved on the internet. Does it still exist? There are a few > traces, some only contain broken links. Nothing looks authoritative. > > Adding that "# Sieve filter" with an SQL query is easy enough. Letting users > edit their scri

Re: [exim] help creating a rule for virtual accounts

On 2017-05-30 at 18:55 -0500, Dan Liles via Exim-users wrote: > Yes it's a file separated by : just like the other ones. So ? ${lookup {$local_part@$domain}lsearch{/etc/dovecot/passwd} {yes}{no}} https://www.exim.org/exim-html-current/doc/html/

Re: [exim] Exim with virtual domains and Sieve

On 2017-05-27 at 15:03 +0200, Yves Goergen wrote: > Another question is how the managesieve service can be integrated in this. > Exim wants to read the sieve script from somewhere (might be a local file or > a database query), and managesieve, which is required by several client-side > plugins, wan

Re: [exim] Symlinks in cert / keyfile

On 2017-05-26 at 23:53 +0200, basti wrote: > as I can see Exim won't use certificates when the path is a link. Yes it will. I use symlinks. That's not what's happening here. > /etc/letsencrypt/live/mail.example.com# ls -la > insgesamt 12 > drwxr-xr-x 2 root root 4096 Mai 26 17:24 . > drwx--

Re: [exim] string expansion

On 2017-05-26 at 16:27 -0400, Phil Pennock wrote: > On 2017-05-26 at 13:13 +0200, Uwe Rothmeier wrote: > > condition = ${if > > or{{match_address{$local_part@$domain}{lsearch;CONFDIR/ldapdir}} \ > > > > {match_local_part{$local_part}{lsearch;/etc/ex

Re: [exim] string expansion

On 2017-05-26 at 13:13 +0200, Uwe Rothmeier wrote: > condition = ${if > or{{match_address{$local_part@$domain}{lsearch;CONFDIR/ldapdir}} \ > > {match_local_part{$local_part}{lsearch;/etc/exim4/aliases/$domain}}}{1}{0}} > > Works with Exim 4.72 > > > With Exim 4.89 $domain ist not e

Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

On 2017-03-30 at 17:11 -0400, Viktor Dukhovni wrote: > > On Mar 30, 2017, at 4:40 PM, Heiko Schlittermann wrote: > > You're right, Exim picks up the cert/keys per connection, as the > > relevant options are expandable at runtime. (But, as far as I know, > > currently not based on the key that is re

Re: [exim] Turning off no_enforce_sync conditionally in acl_smtp_helo

On 2016-05-04 at 14:52 -0500, Jason L Tibbitts III wrote: > One possibility is to just use: > > acl_check_helo: > accept hosts = : > accept control = no_enforce_sync > > which appears to work. But can I turn it off just for Thunderbird's > probes? I tried the following, but it doesn't appea

Re: [exim] Using multiple SMTP AUTH drivers

On 2017-03-17 at 13:31 +1000, Adam Nielsen wrote: > Is this correct or am I missing something? It's correct, I was not on top form. Most auth stuff which speaks plaintext can be done with a plaintext driver and using expansions, but dovecot can't and I missed that. Sorry for wasting your time.

Re: [exim] Using multiple SMTP AUTH drivers

On 2017-03-16 at 17:13 +1000, Adam Nielsen wrote: > [...] , so I'd like to set up a separate > set of credentials just for SMTP from these devices. > > Unfortunately if I add a new auth section to the Exim config with > driver=plaintext, I get an error: > > two serve

Re: [exim] Exim 4.89 compile warning on Ubuntu 14.04

On 2017-03-08 at 09:05 +, Michael J. Tubby B.Sc. MIET wrote: > exim.c: In function ‘usr1_handler’: > exim.c:235:1: warning: ignoring return value of ‘write’, declared > with attribute warn_unused_result [-Wunused-result] > (void)write(fd, process_info, process_info_len); > ^ > and believing

  1   2   3   4   5   6   7   8   9   10   >