Konstantin | 30 Oct 13:58 2014
Picon

add_header behavior

Hi All

When i try to add a new Cc field i found that action for “:at_start:” and
“:after_received:” is the same. The Cc header added at the beginning of the
message. MUA (thunderbird) show message without problems, but i have
another SMTP which do not parse it correctly.

I am using exim-4.82-1.

Can you suggest what i did wrong? I
Also it would be good to have the same actions for headers_add in router
section.

Exim.conf part:

acl_check_rcpt:
 warn  set acl_m10envrcpt =$local_part <at> $domain

acl_check_data:
  warn log_message = Add header Cc
    condition = ${if eq {$acl_m1}{1}}
    add_header = :after_received:Cc: $acl_m10envrcpt

Delivered message headers part:

Return-path: <sender <at> domain.com>
Envelope-to: user <at> mydomain.com
Delivery-date: Thu, 30 Oct 2014 12:31:27 +0000*Cc: user <at> mydomain.com
<user <at> mydomain.com>*
Received: from mail.domain1.com (x.x.x.x) by mail.domain1.com (MTA) id .....
(Continue reading)

Lena | 30 Oct 13:46 2014
Picon

Re: How to get undecoded raw message header during ACL?

> From: Emmanuel Noobadmin

> being acl
> deny message = Chinese Spam rejected
>         condition = ${if
> match{$message_headers_raw}{=[?]GB2312[?]B[?]x[+]vXqs/gudiyv8PF}{yes}{no}}

Headers are available only in acl_check_data.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Lena | 30 Oct 13:42 2014
Picon

Re: SOLVED - Re: verify = recipient, using virtual domains, rejects all local recipients

> From: Phillip Carroll

> permissions failure

> All of the folders, and all of the 
> aliases files have 644 permissions, which means they are both group 
> readable and world readable by user exim.

Directories (folders) need to have 755 permissions instead of 644.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Emmanuel Noobadmin | 29 Oct 17:59 2014
Picon

How to get undecoded raw message header during ACL?

I'm trying to block certain spam emails from China. As  I cannot block
on MIME type nor blacklist IP geographically because I have clients
based in China who do send legit emails in Chinese, the next best
alternative appears to be checking for a match against a specific
GB2312 string that exists in every From Header. But my deny condition
in the ACL doesn't appear to have any effect despite testing ok on the
command line.

Inside exim.conf:
being acl
deny message = Chinese Spam rejected
        condition = ${if
match{$message_headers_raw}{=[?]GB2312[?]B[?]x[+]vXqs/gudiyv8PF}{yes}{no}}

when I test the condition using commandline against a copy of one of
the spam messages, it works

# exim -bem /tmp/testspam2 '${if
match{$message_headers_raw}{=[?]GB2312[?]B[?]x[+]vXqs/gudiyv8PF}{yes}{no}}'
Return-path taken from "Return-path:" header line
yes

I'd appreciate it greatly if somebody could point out what I am doing
wrong here.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

(Continue reading)

Lena | 29 Oct 16:44 2014
Picon

Re: verify = recipient, using virtual domains, rejects all local recipients

> From: Phillip Carroll

> condition: exists{/etc/virtual/${domain}/aliases}
>     result: false <<----wrong!!

>    condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}

I don't understand what this condition is for, but
try $domain instead of ${domain} here.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

alan | 29 Oct 15:39 2014

An appeal for _exact_ directions

Assembled Wisdom!

I have been assured by Chris Siebenmann and Marius(Cyborg)
that what I am after is a cinch in exim.  

I postulate a Linux box, with exim, and with three users,
alan, ben, and charles.  Let us suppose the name of this
machine is abc.greatbox.  Let us also suppose that Alan,
Ben, and Charles have hired a professional mailserver,
him.com, to act as a smart host, or relay host.

I want to know how to configure exim to behave as follows:
if either Alan or Ben or Charles sends mail to simply
alan, or ben, or charles, or root, exim will simply pass
that E-mail on to the addressee.  If mail is sent to
'root', the /etc/aliases file will be used to pass the
mail on to whichever of alan, ben, or charles is the
sysadmin.  If mail is sent to sophronia, or zephyr,
an error message will be returned: No such person on
this machine.

On the other hand, as soon as a ' <at> ' is detected. e.g.
mail to be sent to  obama <at> whitehouse.gov, or wherever
else, a diffent part(router?) takes charge, and
the mail is passed on up to the mailserver, him.com,
as coming from alan <at> him.com, or ben <at> him.com, or 
charles <at> him.com, as the case may be.

Can some expert take the time to describe _exactly_ how to
do this?  Which files, in which of the six directories
(Continue reading)

alan | 28 Oct 16:49 2014

Solution of problem<g>

Assembled Wisdom!

I am now able to use exim's smart host facility to sent mail
through his.com(my mail relay server).  So the problem I wrote
about earlier today is solved.

I write in praise of the dpkg-reconfigure program, which allows
an exim beginner, and a person with minimal requirements, to
configure his system, and to run experiments if it doesn't work
well.  Of course one must put in one's name and password into
/etc/exim4/passwd.client as well.

The two non-obvious steps for me were: setting my system mail
to     his.com .  And  not hiding the local user name.

There is one minor problem:  In the past I have sent E-mail
to myself.  And it is passed through 127.0.0.1, I believe,
without going outside my box here.

Now an E-mail sent to alan   gets sent up to his.com.   It
gets brought back when I run fetchmail . . . but still!
I'd like to have mail sent to   alan   sent on right to
alan  here, but if my machine name is now   his.com  of
course it will go up to his.com.   If anyone has suggestions
about this, I'd appreciate hearing them.

Alan

--

-- 
Alan McConnell   alan  <at>  razor dot globaltap dot com
(Continue reading)

Phillip Carroll | 27 Oct 20:41 2014

verify = recipient, using virtual domains, rejects all local recipients

Using exim 4.80 on Centos 5.5.

My exim configuration uses virtual domain routers similar to shown in 
chapter 49.7 of the current doc. This has been working perfectly for 
about 10 years on several different servers I have migrated to over the 
years. I have never used recipient verification, but instead have simply 
bounced the email back to sender in the delivery phase.

Because of a recent spate of spam emails with forged senders, most of 
which are also addressed to nonexistent local_parts, I would now prefer 
to reject the emails at RCPT time.  However, try as I may, I cannot get 
"verify = recipient" to work. If I put this into the acl_check_rcpt ACL, 
all email is rejected with "550 Unknown user xxx".

Somewhere in the manual I read that verify in an ACL uses the same 
router sequence as used in delivery. Clearly it does not! Tearing my 
hair out with this. Basically everything I thought I understood about 
exim seems to be under suspicion. As usual, it seems there is what the 
manual says...and then there is what the code actually does. I am hoping 
that someone with deeper understanding of the inner mysteries of exim 
can explain why unverified recipients are routed perfectly, but any 
attempt to verify them rejects every recipient. And, can tell me a 
workaround.

None of the redirect routers have "no_more", because all emails are 
ultimately routed by the local_user router, using the final data from 
the redirect routers.

Running exim from command line with -bh gives me no clues, as it routes 
to all addresses perfectly, cascading down through all routers as 
(Continue reading)

John Doe | 27 Oct 16:41 2014
Picon

alias forwarding issue...


Hi,

I received the following shellshock attempt on exim 4.72 (RedHat 6):

----------
Delivered-To: admin <at> ourdomain.com
...
Return-Path: <support <at> mata.com>
Received: from ourserver.ourdomain.com (ourserver.ourdomain.com. [111.222.333.444])
        by mx.google.com with ESMTPS id bn6si5779657wjc.154.2014.10.24.09.36.45
        for <admin <at> ourdomain.com>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 24 Oct 2014 09:36:46 -0700 (PDT)
Received-SPF: none (google.com: support <at> mata.com does not designate permitted sender hosts) client-ip=111.222.333.444;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: support <at> mata.com does not designate permitted sender hosts) smtp.mail=support <at> mata.com;
       dkim=fail header.i= <at> ourdomain.com
Message-ID: <544a8023.8f59b40a.3abc.53e0SMTPIN_ADDED_BROKEN <at> mx.google.com>
X-Google-Original-Message-ID: SHELLSHOCKCOMMANDS
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ourdomain.com; s=default;
    h=Resent-From:Resent-Date:Message-ID:Date:Subject:From:Cc:References:To; bh=...;
    b=...;
Received: from [74.208.184.251] (helo=USER)
    by ourserver.ourdomain.com with smtp (Exim 4.72)
    (envelope-from <support <at> mata.com>)
    id 1Xhhr3-0002Z3-Fh
    for root <at> localhost; Fri, 24 Oct 2014 18:36:45 +0200
To:SHELLSHOCKCOMMANDS
References:SHELLSHOCKCOMMANDS
(Continue reading)

alan | 27 Oct 20:08 2014

Need help configuring exim4 for smart hosting

This is slightly altered from a message I sent earlier today.
If the earlier message reached this list, I apologize for the
duplication.

I have just bought a new machine and have installed Debian
Wheezy on it.  On my old machine I used Postfix, but
I have now switched to exim4, which is installed on my
machine.

I am having difficulty getting my upload connection to
my smart host server restored.  The firm is Heller
Information Services, his.com, and they are trying to
be helpful(they are a local phone call away) but they
use Postfix and aren't familiar with exim.

I have been used to using alan <at> his.com as my address
and a mailbox with this name exists at Heller.  I
can get mail sent there with  fetchmail, which works
fine, so my address and password are, it seems, OK.

I have run    dpkg-reconfigure exim4-config a dozen
times.  The responses are mostly obvious, except
perhaps for the query about my system mailname.
I have entered    alanmcc.localdomain   which is my
entry in /etc/hosts.  But maybe this isn't right?
The people at Heller insist that   alan <at> his.com must
appear in the exim configuration; I don't know where
it should be.

The basic question:  besides   dpkg-reconfigure exim4-config ,
(Continue reading)

Gabor Kovacs | 22 Oct 15:54 2014
Picon

CHECK_RCPT_REMOTE_LOCALPARTS "bug"?

Dear All,

I'm new to exim, can sy explain it to me pls?

 From exim configuration file:
   # The second rule applies to all other domains, and its default is
   # considerably less strict.
   # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[ <at> %!`#&?] : ^.*/\\.\\./
   # It allows local users to send outgoing messages to sites
   # that use slashes and vertical bars in their local parts. It blocks
   # local parts that begin with a dot, slash, or vertical bar, but allows
   # these characters within the local part. However, the sequence /../ is
   # barred. The use of some other non-alphanumeric characters is blocked.
   # Single quotes might probably be dangerous as well, but they're
   # allowed by the default regexps to avoid rejecting mails to Ireland.
   # The motivation here is to prevent local users (or local users' malware)
   # from mounting certain kinds of attack on remote sites.

It's confusing, because it says "local users", but local users sending 
mails from command line can use any character, because 
CHECK_RCPT_REMOTE_LOCALPARTS only used in acl_smtp_rcpt.

(I don't get why there isn't acl_not_smtp_rcpt which of course wouldn't 
be able to deny individual addresses, but would be able to drop the 
whole mail)

Thanks
   Gabor

--

-- 
(Continue reading)


Gmane