Marco Ocisp | 6 Feb 21:36 2016

DIsabling SSL 3 without disable TLS on Exim 4.72

Hi,my server are running Exim 4.72.
I know is time to upgrade but I AM awaiting Webuzo relase the update because I can't update exim integrated
into the panel.Until they not release a upgrade my Exim support SSL 3.
IF i follow that guide:[exim-announce] Exim and the POODLE SSLv3 vulnerability
by disabling SSL 3 also TLS not work anymore.
Can I do something to block only SSL 3 on Exim 4.72?

|   |
|   |   |   |   |   |
| [exim-announce] Exim and the POODLE SSLv3 vulnerabilityPOODLE is a new attack on SSLv3 that makes it easy
for a man-in-the-middle attacker to decrypt web cookies. For details see  |
|  |
| Visualizza su | Anteprima per Yahoo |
|  |
|   |


## List details at
## Exim details at
## Please use the Wiki with this list -
Marco Ocisp | 4 Feb 12:24 2016

Issue on Exim 4.72 SSL 3 and POODLE

Hi,I AM using Webuzo panel who is running Exim 4.72 who seems to be vulnerable to POODLE attack and SSL 3.
I cannot update Exim from SSH because will be incompatibile with the panel so I must wait a fix from the panel
Staff who are taking very long time and have issue on integrating Exim.
In my exim.confI have
tls_require_ciphers = HIGH:MEDIUM:+TLSv1.2:!SSLv2
if I add :!SSLv3
save and restart outgoing email from Thunderbord and smartphone not work.If I remove the :!SSLv3 final
works but there are vulnerability.
If just disable SSlv3 this is ignored as seems in Exim 4.72 I can't disable SSL 3.
In the time I wait a fix from softaculouscan I do something to fix the issue of SSL 3 and POODLE attack?
I AM on CentOs

## List details at
## Exim details at
## Please use the Wiki with this list -
Erik Browning | 3 Feb 22:42 2016

can I suppress the "message frozen by system filter" log line?

Hello, Exim Gurus!

I have systems that buffer and archive large volumes of email. This isn't for regular mail delivery and all
of the messages are destined for the same handful of machines, so for performance reasons we set
"queue_only" in the exim main configuration and flush the queue every minute to deliver messages in batches.

Lately our requirements have changed and I have implemented some custom logic and log generation through
an exim system filter. The problem I have is that with "queue_only" set the messages don't generate the log
event right away because the system filter only runs on message delivery. I tested a setup where the
"queue_only" is disabled an the system filter freezes the message for later delivery. This writes the log
events in a timelier fashion but produces a lot of "system frozen by message filter" warnings that I would
like to suppress. We process ~100,000,000 messages/day so that is a lot of extra data to collect/process
in our logging system and I am actively trying to cut down all the extraneous log lines that I can (eg: retry
time not reached).

I read through the exim specification and I don't see anything that would help suppress these log lines and
I'm hoping that it is something I overlooked and not something that can't be done.

Thanks in advance for everyone's help!

- Erik


## List details at
## Exim details at
## Please use the Wiki with this list -
Jordan Gigov | 2 Feb 16:40 2016

"No local mail" enables local mail

For some time I have been trying to configure a 4.80 server on Debian to
use a Smarhost to relay all messages and keep none of them.

The server itself basically located at say, and hosts a
website. The mail is hosted on a different machine at
Because the server self-identifies as, it keeps trying to send
to recepients <at> locally, even though using `dpkg-reconfigure
exim4-config`, I explicitly selected the option "mail sent by smarthost; no
local mail".
I don't really know or care who maintains the scripts for that, but when I
choose that option, it enables local mail! The exact thing that I tell it
not to do!
Eventually I edited the configuration manually to disable all other
delivery drivers or make them match no addresses, and make that one match
everything, but things like this are why everyone hates configuring mail

Just so you know, I am well aware from experience that Postfix is an even
worse nightmare to set-up.

## List details at
## Exim details at
## Please use the Wiki with this list -
Wyles, Stuart R. H. | 2 Feb 13:13 2016

identify spam from valid 3rd party email services using our domain as sending address

We run exim on-premises with spamassassin (all external email comes in this way and routes to Exchange
online). We also use a number of 3rd party email service providers (for things such as marketing
campaigns) used by various departments at our institution. External providers use valid From:
addresses pertaining to come from our own domain, but generally use their own domain for Return-Path.
This gives us a headache to identify genuine email arriving from external providers (using our From:
 <at> domain address) from spam (using forged From: addresses).

The two approaches we have been considering are to develop a list of valid email providers, which will be a
task in itself, and either (1) allow only these external IPs (whitelist) to route through our exim servers
(if sending address is from our domain) or (2) enforce external providers to authenticate to our
on-premises servers (block un-auth connections using our domain).

Departments do have a habit of going out and employing external providers without notice. We are leaning
towards option(1) but overhead in maintaining an up-to-date list and possibility of omissions and
external IPs changing is a concern. Do others find this? There is SPF, but still require valid server list,
and worries of breaking something.

Can I ask what other institutions do in these circumstances? What methods or technologies do you use? Do you
maintain 'whitelists', or enforce authentication, or employ different methods 'on-premises' to
identify genuine 3rd party emails using internal addresses from forgeries?

Thanks for any advice.


The University of Aberdeen is a charity registered in Scotland, No SC013683.
Tha Oilthigh Obar Dheathain na charthannas cl?raichte ann an Alba, ?ir. SC013683.

## List details at
## Exim details at
(Continue reading)

mtrainer | 3 Feb 09:49 2016

Finding largest senders

Hi again, 

We are currently using the command below to find the 30 largest
authenticated senders on our exim mta's so we can check if it is valid
email or spam: 

grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d"
"|sort|uniq -c|sort -rn|head -30 

The problem with this is that it only counts emails and not recipients.
We could have a spammer with 5 emails with 1000 recipients in each and
we wouldn't notice from the list above 

Is there an easier way to do this maybe with exipick instead of having
to go through the emails for each sender and count recipients then add
them all up? 




## List details at
## Exim details at
## Please use the Wiki with this list -
mtrainer | 3 Feb 08:58 2016

Force authenticated local mail to use DNS


Emails from our authenticated senders try to deliver locally if the
domain is in our ldap directory even if the DNS MX record for the domain
points externally. Is it possible in exim to make authenticated emails
use the DNS MX instead of just delivering internally if the domain is in
our ldap directory. This of course can't break normal incoming emails.
The contents of our routers.conf file is below. Some advice on how to
solve this problem would be greatly appreciated. 



# Check for non-local forwarding entries in LDAP (uses objectClass:
 driver = redirect
 domains = +local_domains
 data = ${lookup ldap {user=LDAPUSER pass=LDAPPASS
{$value} fail } 

# Check for forwarding entries in LDAP (objectClass: mailUser)
 driver = redirect
 domains = +local_domains
 data = ${lookup ldap {user=LDAPUSER pass=LDAPPASS
LDAPS/domainName=${domain},LDAPBASE?mailForwardingAddress?sub?(&(objectClass=mailUser)(mail=${local_part} <at> ${domain}))}
(Continue reading)

Heiko Schlittermann | 3 Feb 08:33 2016

Benchmarking an MTA?


… thinking about Exims performance …

Does anybody know anything about benchmarking an MTA?
What do we count as performance?

visible by the user:        time, a message spent in the queue
visible by the admin:       (spooled messages)/time the MTA can send
visible by the sending mta: messages/time the MTA can accept¹

Any other suggestions?

Would anybody be willing to share performance stats?
(In a first step: submit the results from a tailored eximstats output?)

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

## List details at
## Exim details at
(Continue reading)

Juan Bernhard | 2 Feb 20:20 2016

Find all mail aliases used on server

Hello list, I have a mail server with a lot of unused aliases, and I 
need an easy way to do a list of aliases that actually received some 
mail, to eliminate the other ones.
So, I thought that the easy way was to see if the log has an entry with 
the redirect router (something like grep 'R=system_aliases' 
/var/log/maillog), but its doesn't.

When a mail are processed by the redirect router, show this:

2016-02-02 13:25:24 [16459] 1aQdlc-0004HT-OV <= sender <at> []:60625 I=[]:25 P=esmtp 
S=22700 M8S=0 id=007a01d15dd6$242564f0$6c702ed0$ <at> T="RE: Licencia" 
from <sender <at>> for mail_alias <at>
2016-02-02 13:25:24 [16460] 1aQdlc-0004HT-OV => recipient1 
<mail_alias <at>> F=<sender <at>> P=<sender <at>> 
R=localuser T=local_delivery S=22819 QT=0s DT=0s
2016-02-02 13:25:24 [16460] 1aQdlc-0004HT-OV => recipient3 
<mail_alias <at>> F=<sender <at>> P=<sender <at>> 
R=localuser T=local_delivery S=22819 QT=0s DT=0s
2016-02-02 13:25:24 [16460] 1aQdlc-0004HT-OV => recipient2 
<mail_alias <at>> F=<sender <at>> P=<sender <at>> 
R=localuser T=local_delivery S=22819 QT=0s DT=0s
2016-02-02 13:25:24 [16460] 1aQdlc-0004HT-OV Completed QT=0s

This is my router config:
   driver = redirect
   data = ${lookup{$local_part}lsearch{/etc/aliases}}
(Continue reading)

Emmanuel Noobadmin | 2 Feb 19:56 2016

Slow email sending and spool file not found

I'm trying to solve a problem with slow email sending with the
following exim version

exim 4.86
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages
Content_Scanning DKIM Old_Demime DNSSEC PRDR OCSP Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp

What happens is that email sending gets stuck at "Connecting" (when
using Thunderbird) for a long time before delivery is made. Comparing
exim -bd -d output on the problem server and a "normal" server, the
problem seems to be this:

The problematic exim install is doing dns lookup for every single
recipient and does not continue until it finishes. At 5~15 sec per
recipient, this becomes an enormous lag.

On the normal install, exim starts looking up recipients but does not
hang on to the connection and Thunderbird reports mail sent even while
Exim is still doing dns lookups.

I've tried turning hosts_lookup off as well as set
rfc1413_query_timeout = 0s but neither has any effect.

I can't figure out what else could be causing the difference. Could an
(Continue reading) | 1 Feb 20:13 2016

freeze instead of bounce on specified remote response?

Is it somehow posible to make exim freeze messages on specfied remote
5xx error instead of returning it to sender (bounce)? For example I
would like to freeze message in queue when remote server says "550 .*
abcd". or "550 defg"


## List details at
## Exim details at
## Please use the Wiki with this list -