On 18/04/2023 17:45, Jan Ingvoldstad via Exim-users wrote:
17. apr. 2023 kl. 14:44 skrev Sebastian Arcus via Exim-users
:
I couldn't agree more. I am permanently scarred emotionally from installing and
configuring SpamAssassin for the first time - and even after years of working
On 17/04/2023 12:26, Jeremy Harris via Exim-users wrote:
The documentation does answer these questions. Was some of it unclear?
You are absolutely right. I did read the documentation before posting,
but I missed the bit where it says received_header_text is expanded each
time it is used. So
c
On 17/04/2023 04:33, Ian Z via Exim-users wrote:
On Sun, Apr 16, 2023 at 07:11:51PM +0100, Sebastian Arcus via Exim-users wrote:
One thing I have to try and figure out is how Spamassassin does the
SPF checks. Does it look at all the Received: headers, and if at
least one of them matches one
This question is related to my other thread which deals with Exim being
used in a front-end / back-end configuration, with back-end machines
handling separate email domains. I thought it would be better to post a
separate thread, in case it would help someone find it one day.
I would like the
On 16/04/2023 20:22, Jeremy Harris via Exim-users wrote:
On 16/04/2023 19:17, Sebastian Arcus via Exim-users wrote:
relay_to_compan1:
driver = manualroute
domains = company1.com
route_list = company1.com 192.168.100.10
transport = remote_relay_company1
host_find_failed = defer
On 16/04/2023 11:44, Jeremy Harris via Exim-users wrote:
On 15/04/2023 23:31, Sebastian Arcus via Exim-users wrote:
you might be able to use cutthrough delivery from the front-end to the
real server, which might allow you to reject rather than bounce some
of the time; it might even help with
On 16/04/2023 11:04, Paul Muster via Exim-users wrote:
On 15.04.23 21:54, Sebastian Arcus via Exim-users wrote:
The "back-end" machines are physical machines, on regular
ADSL/VDSL/cable/fibre connections at various locations.
At the moment they send directly to the internet, which
On 15/04/2023 23:16, Fabio Martins wrote:
solution inline
On 2023-04-15 17:05, Sebastian Arcus via Exim-users wrote:
On 15/04/2023 17:00, Fabio Martins wrote:
I believe you are trying to use the same IP address for the 3 exim
instances, otherwise the solution would be quite simple binding
On 15/04/2023 21:38, Jeremy Harris via Exim-users wrote:
On 15/04/2023 13:53, Jeremy Harris via Exim-users wrote:
Exim does talk the inbound-proxy protocol tha HAProxy apparently uses (or can use):
https://exim.org/exim-html-current/doc/html/spec_html/ch-proxies.html#SECTproxyInbound
Thi
On 15/04/2023 23:19, Andrew C Aitchison wrote:
On Sat, 15 Apr 2023, Sebastian Arcus via Exim-users wrote:
On 15/04/2023 21:20, Evgeniy Berdnikov via Exim-users wrote:
On Sat, Apr 15, 2023 at 08:44:08PM +0100, Sebastian Arcus via
Exim-users wrote:
These are all separate servers belonging to
On 15/04/2023 21:20, Evgeniy Berdnikov via Exim-users wrote:
On Sat, Apr 15, 2023 at 08:44:08PM +0100, Sebastian Arcus via Exim-users wrote:
These are all separate servers belonging to different organisations. They
each host their own mail domain and users. This can't be changed. I a
On 15/04/2023 18:50, Evgeniy Berdnikov via Exim-users wrote:
On Sat, Apr 15, 2023 at 06:03:29PM +0100, Sebastian Arcus wrote:
On 15/04/2023 16:46, Evgeniy Berdnikov via Exim-users wrote:
My question is: why do you want to use so complicated scheme, while it's
very simple task to set up
On 15/04/2023 19:09, Andrew C Aitchison wrote:
On Sat, 15 Apr 2023, Sebastian Arcus wrote:
On 15/04/2023 18:44, Andrew C Aitchison wrote:
On Sat, 15 Apr 2023, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's
On 15/04/2023 13:53, Jeremy Harris via Exim-users wrote:
On 15/04/2023 12:53, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's to a cloud vps - but I'm hoping this is not
relevant to this post). I would like t
On 15/04/2023 16:46, Evgeniy Berdnikov via Exim-users wrote:
On Sat, Apr 15, 2023 at 12:53:54PM +0100, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually connected
with vpn's to a cloud vps - but I'm hoping this is not relevant to thi
On 15/04/2023 18:44, Andrew C Aitchison wrote:
On Sat, 15 Apr 2023, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's to a cloud vps - but I'm hoping this is not
relevant to this post). I would like the gatew
trying to suggest -
but I don't think having emails on subdomains would help with my problem
--
On 2023-04-15 11:53, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's to a cloud vps - but I'm hoping this
I have a number of Exim servers behind a NAT gateway (actually connected
with vpn's to a cloud vps - but I'm hoping this is not relevant to this
post). I would like the gateway to send incoming port 25 traffic to the
correct Exim server based on SNI in incoming TLS packets - as different
Exim i
On 23/05/2022 14:11, Jeremy Harris via Exim-users wrote:
On 23/05/2022 14:02, Sebastian Arcus via Exim-users wrote:
[internet] <-> [relay Exim] <-> [inhouse Exim]
Can the smtp router or transport on the relay Exim be configured to
keep the connection open for inbound email until
I might be asking this question the wrong way, so please bear with me. I
would like to setup Exim as a relay which pretty much passes an incoming
connection to another Exim server, but keeps the connection open until
the final server accepts the message or not (after it checks the
recipient, sp
On 12/08/20 22:04, Jeremy Harris via Exim-users wrote:
On 12/08/2020 21:45, Sebastian Arcus via Exim-users wrote:
I am running Exim 4.89. I have the following router in exim.conf:
send_direct:
driver = dnslookup
condition = ! ${lookup{$local_part@$domain}\
lsearch{/etc
I am running Exim 4.89. I have the following router in exim.conf:
send_direct:
driver = dnslookup
condition = ! ${lookup{$local_part@$domain}\
lsearch{/etc/exim/exim.passwd}{$value}{}}
transport = remote_smtp
I just can't seem to negate the condition. I want it to evaluate
I have a set of ACL's in place to ban connections from IP's after a
number of retries. The first one checks if connections from an IP
address have already been rejected 5 times or more in 24 hours and drops
them, while the second one just adds to the count (up to 10 max) every
time we reject a
On 31/07/18 14:02, Richard James Salts via Exim-users wrote:
On Tuesday, 31 July 2018 9:26:15 PM AEST Jeremy Harris via Exim-users wrote:
On 07/31/2018 12:08 PM, Graeme Fowler via Exim-users wrote:
X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt;
c=relaxed/relaxed;
d=open
On 31/07/18 10:18, Mike Brudenell via Exim-users wrote:
Hi, Sebastian -
You didn't tell us the version of Exim you're running so I can't give you
the exact chapter/section names, but if you look in the *Specification* for
the chapter on DKIM, in the section called something like *Signing outgo
I post messages from time to time to Spamassassin mailing list, and
several members have been complaining about my DKIM setup - they say
they can't receive my emails because of it. Specifically, the complaint
is that my Exim signs the List-* headers. Now I can't really figure this
one out. Ther
On 26/04/18 02:25, Mike Brown via Exim-users wrote:
On Wed, Apr 25, 2018 at 11:19:56PM +0100, Jeremy Harris via Exim-users wrote:
On 25/04/18 15:19, Mike Brown via Exim-users wrote:
I went back and looked again and found the following:
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_c
On 27/02/18 19:18, Jeremy Harris via Exim-users wrote:
On 27/02/18 18:35, Sebastian Arcus via Exim-users wrote:
condition = ${if match_domain {${lookup
dnsdb{mx=$sender_address_domain}}}{+no_extended_callout_mxs}}
For example the mx query might return:
10 mx1.exampledomain.com
20 mx2
I don't know if this check can be accomplished in Exim at all - but here
it goes. I need to know if any of the results of a dnsdb lookup which
returns multiple records exists in a predefined dnslist. I'm guessing
this is not really possible, I just thought I'd check.
To expand a bit, I need to
On 25/01/18 10:24, Sebastian Arcus via Exim-users wrote:
On 25/01/18 09:20, Jeremy Harris wrote:
On 25/01/18 05:56, Sebastian Arcus via Exim-users wrote:
I can see in the ratelimit db quite a few hosts
which have reached the 5/24h limit. But strangely in the Exim log I
can't se
t some point even if the
ACL's keeping on getting hit.
Cheers,
Mike B-)
On 25 January 2018 at 10:24, Sebastian Arcus via Exim-users <
exim-users@exim.org> wrote:
On 25/01/18 09:20, Jeremy Harris wrote:
On 25/01/18 05:56, Sebastian Arcus via Exim-users wrote:
I can see in the
On 25/01/18 09:20, Jeremy Harris wrote:
On 25/01/18 05:56, Sebastian Arcus via Exim-users wrote:
I can see in the ratelimit db quite a few hosts
which have reached the 5/24h limit. But strangely in the Exim log I
can't see the appropriate reject messages - although I can see reject
mes
On 24/01/18 22:09, Jeremy Harris wrote:
On 24/01/18 21:40, Sebastian Arcus via Exim-users wrote:
Does the above look right? I've had it in place on one server for about
a week, but I can't see in the logs ever kicking in - so now I'm not
sure if the syntax is wrong, or maybe I
Hello and thank you in advance for any help. I've built an ACL to early
reject connections from really naughty and persistent hosts, which keep
on coming back even after they have been given a permanent error. It
looks like so:
acl_check_connect:
drop message = Temporary ban - too many ret
I would like to keep track of how many times connections from each IP
are rejected over a period of time (maybe 24 hours?), and when a limit
is reached, reject them much earlier in the acl's - at connection time -
to reduce resources used by Exim, and maybe discourage them from
connecting for a
On 29/12/17 12:18, Jeremy Harris wrote:
First decide on your policy. Only then go on to mechanism.
You could, for example. decide that anyone not wanting replies (and
nondelivery notifications) really doesn't care if their mail gets
to you (or anywhere).
Hmm - seems drastic - but there is a
I use sender extended callout/varification in Exim:
denymessage = Sender cannot be verified
log_message = "Reject: sender cannot be verified"
!verify = sender/callout=2m,defer_ok
I find the above extremely useful in combating spam from addresses with
a real dom
On 27/12/17 18:20, Sebastian Arcus via Exim-users wrote:
On 27/12/17 16:49, Jeremy Harris wrote:
Do the lookup manually, with a ${lookup dnsdb ...} expansion;
you then have more control. Treat the ACL flow as a programming >
language.
That's a good pointer - I will investig
On 27/12/17 16:49, Jeremy Harris wrote:
On 27/12/17 15:21, Sebastian Arcus via Exim-users wrote:
Yes, a way to turn a defer into a hard fail is what I would need in this
case. Am I correct in thinking that when the defer happens and the ACL
processing is aborted, the DELAY gets skipped?
1
On 27/12/17 17:00, Jeremy Harris wrote:
On 27/12/17 16:24, Sebastian Arcus via Exim-users wrote:
I've spotted this while investigating issues with DELAY in in acl's, in
my other recent thread. It would seem that if a DROP acl has a long
DELAY set, and if during that DELAY the remot
I've spotted this while investigating issues with DELAY in in acl's, in
my other recent thread. It would seem that if a DROP acl has a long
DELAY set, and if during that DELAY the remote end just gets fed up and
closes the connection, Exim somehow still treats this as the ACL
processing has suc
On 27/12/17 12:58, Jeremy Harris wrote:
On 27/12/17 12:39, Sebastian Arcus via Exim-users wrote:
processing "drop"
5976 message: Reverse DNS record incorrect or missing
5976 check !condition = ${if eq{$received_port}{587}}
5976 =
5976 che
On 27/12/17 12:58, Jeremy Harris wrote:
On 27/12/17 12:39, Sebastian Arcus via Exim-users wrote:
processing "drop"
5976 message: Reverse DNS record incorrect or missing
5976 check !condition = ${if eq{$received_port}{587}}
5976 =
5976 che
On 27/12/17 13:57, Heiko Schlittermann via Exim-users wrote:
Sebastian Arcus via Exim-users (Mi 27 Dez 2017 13:39:26
CET):
….
Thank you for the suggestion. I think the following are the relevant lines
of output:
processing "drop"
5976 message: Reverse DNS record incorrect
On 27/12/17 11:01, Jeremy Harris wrote:
On 27/12/17 10:19, Sebastian Arcus via Exim-users wrote:
Apologies for posting for the third time in three days. I have the
following acl in acl_smtp_connect, which appears to be ignoring
completely the "delay =" setting:
drop message = R
Apologies for posting for the third time in three days. I have the
following acl in acl_smtp_connect, which appears to be ignoring
completely the "delay =" setting:
drop message = Reverse DNS record incorrect or missing
! condition = ${if eq{$received_port}{587}}
! verify=
On 27/12/17 01:27, Sebastian Arcus via Exim-users wrote:
I have just discovered that Exim doesn't enable VERIFY by default -
unless the acl_smtp_vrfy is configured. Searching online, some suggest
that enabling acl_smtp_vrfy is bad, as it would open the door to
dictionary attacks - which
I have just discovered that Exim doesn't enable VERIFY by default -
unless the acl_smtp_vrfy is configured. Searching online, some suggest
that enabling acl_smtp_vrfy is bad, as it would open the door to
dictionary attacks - which makes sense. On the other hand, I use myself
the VERIFY command
On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
Sebastian Arcus via Exim-users (Di 26 Dez 2017 22:28:03
CET):
What is the simplest and best way to disable any AUTH on port 25? Up until
now I have the following working:
1. Only advertise TLS on port 587
On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
Sebastian Arcus via Exim-users (Di 26 Dez 2017 22:28:03
CET):
What is the simplest and best way to disable any AUTH on port 25? Up until
now I have the following working:
1. Only advertise TLS on port 587
What is the simplest and best way to disable any AUTH on port 25? Up
until now I have the following working:
1. Only advertise TLS on port 587:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
2. Disable authenticated connections without TLS:
acl_check_auth
deny message = TLS r
On 06/12/17 09:32, Mike Brudenell via Exim-users wrote:
Exim is probably flexible enough to work with most DNSBLs. One way of
finding out ones that exist is to use a lookup tool such as
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3aexample.com
You can also find a list of DNSBLs (wit
On 06/12/17 12:26, Sebastian Arcus via Exim-users wrote:
On 06/12/17 12:09, Graeme Fowler via Exim-users wrote:
On 6 Dec 2017, at 11:56, Sebastian Arcus via Exim-users
wrote:
domains = +local_domains
Are you sure? I would have thought you were verifying non-local
domains at this
On 06/12/17 12:09, Graeme Fowler via Exim-users wrote:
On 6 Dec 2017, at 11:56, Sebastian Arcus via Exim-users
wrote:
domains = +local_domains
Are you sure? I would have thought you were verifying non-local domains at this
point…
Try ‘domains = !+local_domains’ (or '!do
I am trying to setup a special router which will verify sender's domain
(simple verification) for inbound emails (we receive direct, but send
through smart host).
acl_check_rcpt:
deny message = Sender cannot be verified
log_message = "Reject: sender cannot be verified"
Is there anywhere a (semi)authoritative list of DNSBL's which can be
used with Exim? I see various examples including some DNSBL's - but I
was wondering if there is a complete(ish) -and preferably up-to-date
list of DNSBL's which can be used?
--
## List details at https://lists.exim.org/mailma
On 29/11/17 22:44 Jeremy Harris wrote:
> On 29/11/17 22:18, Sebastian Arcus via Exim-users wrote:
> > Is there a way to build a router only for verification of local
> > addresses for inbound messages? As far as I can tell, verify =
recipient
> > doesn't work whe
On 29/11/17 23:25, Phil Pennock wrote:
On 2017-11-29 at 22:18 +, Sebastian Arcus via Exim-users wrote:
Is there a way to build a router only for verification of local addresses
for inbound messages? As far as I can tell, verify = recipient doesn't work
when Exim delivers to Dovecot th
Is there a way to build a router only for verification of local
addresses for inbound messages? As far as I can tell, verify = recipient
doesn't work when Exim delivers to Dovecot through dovecot-lda - as this
always verifies the recipient (as long as the domain is in
+local_domains) no matter
59 matches
Mail list logo