Jon Gerdes | 30 Jun 01:20 2015
Picon

Authentication-Results header position

Dear all

Where should I put the Authentication-Results header?  Exim here is a
"border" SMTP MTA for an internal mailbox store and MUAs

I am evaluating DMARC and making use of the handy (scraped from https:/
/github.com/Exim/exim/blob/master/doc/doc-txt/experimental-spec.txt):

add_header     = $dmarc_ar_header

However, according to https://tools.ietf.org/html/rfc7001 the header is
a "trace header" which leads to:
https://tools.ietf.org/html/rfc5322#section-3.6.7


I have now gone RFC blind and would be gratefull for some direction on
where the Authentication-Results header should be placed.  We have
several modifiers at our command for placing headers:

http://www.exim.org/exim-html-current/doc/html/spec_html/ch

-access_control_lists.html
"This is done by specifying “:at_start:”, “:after_received:”, or
“:at_start_rfc:” (or, for completeness, “:at_end:”)"

For example, at the moment I see something like the dump below.  Should
 the A-R header be where is is at the moment or just above the
"Received: from hummus.csx.cam.ac.uk" line as my reading of the RFCs
implies?

If it should be elsewhere then the experimental-spec example could be
usefully updated accordingly.
(Continue reading)

The Doctor | 29 Jun 16:20 2015
Picon

New Clamav 0.99 Beta

Anyone having issues with Clamav 0.99 and Exim 4.8X ?
-- 
Member - Liberal International This is doctor <at>  <at> nl2k.ab.ca Ici doctor <at>  <at> nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Jonas Meurer | 29 Jun 15:56 2015

Cram authentication and domain-specific password file

Hello,

I'm trying to configure cram_md5 authentication on my Exim4 mailserver.
The login credentials are stored in a domain-specific textfile with the
format 'username:{CRAM-MD5}<MD5-SUM>'. The path to the password file is
/etc/vmail/users/≤domain>.

The problem is, that the credentials need to be looked up in a domain-
specific file. Is this possible at all? When I read the docs for the
cram authentication driver and the field 'server_secret', my impression
was that this might be impossible. Maybe it would be possible by using
server_condition?

Below you find my first attempt, but it doesn't consider a 
domain-specific
password filename at all:

vmail_auth_cram:
   driver = cram_md5
   public_name = CRAM-MD5
   server_secret = 
${extract{2}{:}{${lookup{$auth1}lsearch{VMAIL_USERS_DOMAINS}{$value}fail}}}
   server_set_id = $auth1

Cheers,
  jonas

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
(Continue reading)

Chip | 29 Jun 04:09 2015
Picon

received from is ip address and not domain name

Hello,

Beginning exim user here.

Exim version 4.85 on Centos 7.

Running into problems because the first "received from" in the mail 
contains a line similar to the following in the received headers (the 
public ip address of the sending machine) so that this is tagged by spam 
assassin on the receiving machine because it contains an IP address 
rather than a domain name in the helo portion.  The following happens 
before the email even goes out, within the local network:

Received from localhost ([127.0.0.1]:37656 helo=xx.xx.xxx.xx) by 
host.domain.com

Can't understand why on a different machine I administer the first 
received froms look like the following and are not being tagged as spam 
by the end receiver:

Received from localhost.localdomain ([127.0.0.1]:50701 
helo=www.domain.com) by who.domain.com

Any help would be greatly appreciated an the reason for an ip address in 
the helo rather than the domain name.

Really scratching my head here.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
(Continue reading)

Ernie Dunbar | 26 Jun 19:34 2015
Picon

Exim accepts mail for domains it's supposed to accept mail for, until we add a load balancer.

Hi everyone.

We have been accepting mail for several domains now, and mail has been 
coming in successfully from a million different sources to those domains 
(as it should!). But now that our pop server is behind a load balancer, 
it's saying "relay not permitted". We've fixed this issue in DNS for the 
customers whose DNS we control, but it's still a baffling problem.

We have a a pretty standard configuration (the part quoted below is from 
the default configuration, I recall), and the server should accept mail 
from anywhere that isn't on a DNSBL. It also results in a completely 
different error message when it's rejected by a DNSBL, so I don't 
understand where this one is coming from.

So here's my configuration. First we have the ACL that actually does the 
rejecting:

   require
     message = relay not permitted
     domains = +local_domains : +relay_to_domains

Then the router that does the DNS lookup to determine if we're the real 
recipient for that domain:

dnslookup_relay_to_domains:
   debug_print = "R: dnslookup_relay_to_domains for $local_part <at> $domain"
   driver = dnslookup
   domains = ! +local_domains : +relay_to_domains
   transport = remote_smtp
   same_domain_copy_routing = yes
(Continue reading)

Dan D Jones | 25 Jun 01:47 2015
Picon

unknown variable name "tls_in_cipher"

Attempting to set up authentication on Debian Wheezy.  Authentication is not 
being advertised.  Troubleshooting gives the following results:

exim -bh 127.0.0.1

**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 127.0.0.1
>>> IP address lookup yielded localhost
>>> gethostbyname2 looked up these IP addresses:
>>>   name=localhost address=::1
>>>   name=localhost address=127.0.0.1
>>> checking addresses for localhost
>>>   ::1
>>>   127.0.0.1 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 mydomain.org ESMTP Exim 4.80 Wed, 24 Jun 2015 15:53:38 -0500
ehlo me
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
LOG: failed to expand condition "${if eq{$tls_in_cipher}{}{}{*}}" for 
(Continue reading)

Danielle M. | 25 Jun 00:40 2015

Smart_route ignoring condition?

Hello,

I am running into an issue where my mail relay is ignoring the condition 
I have set and routing ALL mail. Here's what I have at connect time:

acl_check_connect:
accept condition = ${if ={587}{$interface_port}}
        set acl_c_MSP = 1
accept condition = ${if ={25}{$interface_port}}
        set acl_c_MSP = 0
accept condition = ${if ={26}{$interface_port}}
        set acl_c_MSP = 0

And then under my mail router:

smart_route:
      condition = {${if eq{$acl_c_MSP}{1}}}
      driver = manualroute
      domains = !+local_domains
      transport = remote_smtp
      route_list = * <relay server IP>

No matter what acl_c_MSP is set to, mail is still routed to the mail 
relay server. What am I doing wrong?

Thank you!
Dani

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
(Continue reading)

Johannes Matschke | 21 Jun 23:03 2015
Picon

Visibility of content scan variables

Hello

I am trying to use the $spam_* variables in an exim transport (exim
4.82). But it works only for $spam_score_int.

I have this in my transport config:
  headers_add = \
                  X-Spam-Score: $spam_score\n\
                  X-Spam-Score-Int: $spam_score_int\n\
                  X-Spam-Level: $spam_bar\n\
                  X-Spam-Report: $spam_report

The delivered email looks like this:
  X-Spam-Score:
  X-Spam-Score-Int: 55
  X-Spam-Level:
  X-Spam-Report:

The manual says: "These variables are saved with the received message,
thus they are available for use at delivery time." So why can I use only
$spam_score_int?

For now, I have found a workaround. I save the $spam_* variables into
ACL variables, which I can use in the transport.

But I don't understand why this doesn't work. Can you give me a hint?

Sincerly
Johannes

(Continue reading)

Mark Elkins | 21 Jun 17:50 2015
Picon

SMTPUTF8 Support...

I'm sitting in the "Universal Acceptance Steering Group Workshop" at
ICANN in Buenos Aries. Decided to test the email of my own home grown
systems.

I run exim (4.84) on Gentoo.
User names are stored in MySQL.
I found a friendly Russian and he created the user "андрей <at> diver.co.za"
in my Database.

He found that GMAIL was able to attempt the delivery of a test mail to
this address but came back with...

      ------------------------------------------

Delivery to the following recipient failed permanently:

     андрей <at> diver.co.za

Technical details of permanent failure:
 local-part of envelope contains utf8 but remote  server did not offer
SMTPUTF8

    --------------------------------------------

Is there a fix for this yet???

I guess I'm looking for full EAI compliance in my mail systems..
(EAI - Email Address Internationalised)

A similar test with "márk <at> diver.co.za" worked just fine.
(Continue reading)

Konstantin | 21 Jun 09:43 2015
Picon

Missing curly bracket

Hello,

I have following redirect.

test_redirect:
 driver = redirect
 domains = gmail.com
 local_parts = user
 headers_remove = ${if match{$h_Subject:}{\\[SUPPORT\\]}{}{Subject}}
 headers_add = ${if match{$h_Subject:}{\\[SUPPORT\\]}{}{Subject: [SUPPORT]
$h_subject:}}
 data = recipient <at> domain.com

Redirect is working in exim-4.82-1.el6
But in exim-4.84-4.el7 i have following error:
R=test_redirect defer (-1): test_redirect router failed to expand "${if
match{$h_Subject:}{\\[SUPPORT\\]}{}{Subject}}": missing } at end of string

Can you please help me what i missed here?

-- 
*This message was delivered using 100% recycled electrons*.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
The Doctor | 19 Jun 05:28 2015
Picon

LAN issue

From my logs

/var/log/exim_mainlog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ failed to open scan directory
/var/spool/exim/scan/scan/1Z5m9z-0002Et-HZ: Permission denied (euid=42 egid=42)
/var/log/exim_mainlog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ malware acl condition: error while
creating mbox spool file
/var/log/exim_mainlog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ H=ts1p19.nl2k.ab.ca [208.118.93.82]
F=<scifi <at> nk.ca> temporarily rejected after DATA
/var/log/exim_paniclog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ failed to open scan directory
/var/spool/exim/scan/scan/1Z5m9z-0002Et-HZ: Permission denied (euid=42 egid=42)
/var/log/exim_paniclog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ malware acl condition: error while
creating mbox spool file
/var/log/exim_rejectlog:2015-06-18 20:36:04 1Z5m9z-0002Et-HZ H=ts1p19.nl2k.ab.ca
[208.118.93.82] F=<scifi <at> nk.ca> temporarily rejected after DATA

All right, all i did was to update openssl recently.

Anyone else seen this in exim 4.85 or exim 4.86 RC2 ?

-- 
Member - Liberal International This is doctor <at>  <at> nl2k.ab.ca Ici doctor <at>  <at> nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Gmane