Jean Respen | 24 Nov 18:11 2014
Picon

ACL question

Hello all,

I've a question, I'm trying to set an acl (for acl_not_smtp) to do two things:

1. Check if a user is in a file, if it is the case it means that the
user is blacklisted and he should not be able to send
2. limite the rate at which a user can send

I did the following:

acl_rate:
        discard
                condition  = ${lookup{$authenticated_sender}lsearch\
                  {CONFDIR/list_users_blacklisted}{$value}fail}
                ratelimit = 15 / 1m / per_mail / $authenticated_sender
                log_message = Rate limit exceeded for
$authenticated_sender: $sender_rate/$sender_rate_period (max
$sender_rate_limit) or sender is blacklisted
        accept

It does work for the ratelimit which limits to 15 mails per minute.
But the first condition is never used, can you help me with that?

Thanks a lot,

Cheers,

--

-- 
Jean

(Continue reading)

Jeremy Harris | 24 Nov 18:10 2014

Less-usual host systems

As we're coming towards the 4.85 release I'd like to remind people
of the Exim buildfarm, where people donate a little system capacity
to running regular builds of the Exim sourcebase as it develops.

http://eximbuild.mrball.net/cgi-bin/show_status.pl

If you have a system and are prepared to put in the effort
of setting up a buildfarm member, especially for a system
type we don't have, please consider doing so.  Follow
the Register link on that page and start with the instructions
on the wiki.

If you run a less-usual system type this is greatly in your
interest, as we will shake bugs out earlier.

(Thanks to Todd for setting up the buildfarm, and to
the Postgresql project for developing it in the first place)
-- 
Thanks,
  Jeremy

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

PRAJITH | 22 Nov 18:31 2014
Picon

failed to expand condition

Hello Guys,

I am new to exim. I want to block all remote and local outbound mails being
sent from one domain, but the mail should work if the recpt address is in
same domain. I just wrote a simple acl for this but it always shows the
following error.

ACL
=====
${ if and { { ${lookup{$sender_address_domain} lsearch
{/etc/blocked_domains}}} {!eqi {$sender_address_domain}
{${domain:$h_to:}}}} {true}{false}}

Error
=====
failed to expand condition "${if and{{bool_lax{${if and{{bool_lax{NULL}

Thanks,
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Phil Pennock | 24 Nov 01:26 2014

Beware FreeBSD heimdal change breaking Exim GSSAPI

Heads-up to FreeBSD users, who use Exim built with Heimdal GSSAPI
support, using the Heimdal library from Ports.  Which might be one other
person, somewhere on the planet.  Maybe.

A change to the security/heimdal library yesterday moved include files
and libraries into a sub-directory not in the system library path.  This
will break existing binaries; for Exim running as a daemon, it will mean
that the attempt to re-exec for delivery will fail, and mails will sit
in the local queue after being accepted.  Once you rebuild Exim to use
the new locations, you can flush your queue and all email will be
delivered.

Note that in order to recompile Exim while still using GSSAPI, you'll
need to either specify the new paths manually or hack the pkg-config
file, if using AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi in Local/Makefile.
You need to change the paths and ensure that the binary is stamped with
the extra runtime library path.

I have filed a FreeBSD bug report:

  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195319

-Phil

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

(Continue reading)

Heiko Schlittermann | 23 Nov 22:37 2014
Picon

not working?: swaks --pipe 'exim(GnuTLS) -bh <ip>' --tls …

Hello,

did somebody successfully test Swaks, Exim (GnuTLS) and the pipe mode of
Swaks:

    swaks --tls --pipe 'exim -bh <ip>' …

Did it work? Should it work?

Even when I use a recent Swaks and a recent Exim (GnuTLS) I get:

    LOG: TLS error on connection from (pu.schlittermann.de) [212.80.235.130] (gnutls_handshake): A TLS
packet with unexpected length was received.
    <-  220 TLS go ahead
    *** TLS startup failed (connect(): error:00000000:lib(0):func(0):reason(0))
    *** STARTTLS attempted but failed

The same Exim, but compiled with OpenSSL works.

    pkg-config --modversion gnutls  ---> 2.12.20
    pkg-config --modversion openssl ---> 1.0.1e

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--

-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(Continue reading)

Konstantin | 19 Nov 17:11 2014
Picon

return value from external script

Hi

Can you please help me to find a way how to configure exim make following
things:
1 send whole message to external script (application)
2 return a value from executed script to a variable

I found that i can use pipe in filter with unseen option. In this case i
can add custom X-header, re-inject message to exim and play with X-header.
But i do not like to re-inject message from script.

I found similar actions in wishlist (195).
If you know if i can implement that please explain me the right way.

Thank you.
-- 
*This message was delivered using 100% recycled electrons*.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Lena | 18 Nov 19:43 2014
Picon

Re: Disable exim for local users

> From: Jean Respen

> acl_test:

I assume acl_not_smtp = acl_test

> when a user
> is a "spammer", exim sends an error code to user <at> mydomain.com, can I
> disable such a response?

"discard" instead of "deny".

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Michał Giżyński | 18 Nov 12:49 2014
Picon

Outlook 2013 receives incorrect message

Hi,
I have an acl which rejects some messages:

deny message = This message contain spam and was rejected, if you don't agree with that please contact us (0011223344).
log_message = This message contain spam
condition = whatever

Thunderbird receive whole statement "This message contain spam and was rejected, if you don't agree with
that please contact us (0011223344)" whereas Outlook 2013 receive only 20 characters from last line of
message "please contact us (0".

Below tcpflow log:
x.x.x.x.00587-y.y.y.y.35189: 550-This message contain spam and was rejected, if you don't agree with that
550 please contact us (0011223344).

Have you ever seen this before ?

-- 
Greetings
Michal

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Matthias Hank | 18 Nov 10:33 2014
Picon

Copy/duplicate a mail depending of the sender address

Hi,

i need to duplicate specific mails in exim depending on the sender address.

I have this working for now:

copyrouter:
        driver = redirect
        senders = localpart1 <at> some.dom.ain
        data = localpart1 <at> other.dom.ain
        unseen
        no_verify

So for more senders i could use more routers like this, but maybe a lookup
to a textfile would scale better.

I thought about a file (eg. /etc/exim4/copylist) with pairs of

localpart1 <at> some.dom.ain: localpart1 <at> other.dom.ain
localpart2 <at> some.dom.ain: localpart2 <at> other.dom.ain

and so on, but i could not figure out how to lookup and use these entries
in a router.

Can someone help me with an example how to do that?

Greetings,

Matthias

(Continue reading)

modjklist | 17 Nov 18:29 2014
Picon
Picon

is it possible to whitelist specific IP or port 26 to allow plain-text logins?

Hi, I have two CentOS Linux servers. One server has IP address xxx.xxx.xxx.02 and Exim 4.82 #2, and
Cpanel/WHM. The second server xxx.xxx.xxx.01 has a database that sends email through xxx.xxx.xxx.02,
and required plain-text login on port 26.

For business reasons I need to disable plain-text logins on port 25. 

I see that I can do this by logging into WHM, visiting the Exim Configuration Manager, clicking on the
Security tab and turning ON the option for: 

  Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate
with the server. 

However, this apparently effects port 26 as well. 

I'm wondering if it's possible to configure exim to allow the database at xxx.xxx.xxx.01 to send email
through xxx.xxx.xxx.02 with the option turned ON for "Require clients to connect with SSL or issue the
STARTTLS command before they are allowed to authenticate with the server".

More specifically, are either of the following 2 workarounds possible?

1. Manually edit /etc/exim.conf file (or use WHM/Cpanel, etc.) to whitelist IP address xxx.xxx.xxx.01 so
that this address is allowed to login using plain text login (whereas all other IP addresses are not).

or,

2. Manually edit /etc/exim.conf file (or use WHM/Cpanel, etc.) to whitelist port 26 from the rule turned ON
in Cpanel for "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to
authenticate with the server", such that this rule does NOT apply to port 26 (but it DOES apply to port 25).

--

-- 
(Continue reading)

Heiko Schlittermann | 17 Nov 15:08 2014
Picon

cutthrough, defer condition = $recipients_count => co0

Hello,

I'm trying to limit the number of recipients of an incoming message in
order to make cutthrough delivery working (since it works with one
recipient only, currently).

I've setup the rcpt acl:

    defer domains = example.com
          condition = $recipients_count

    warn  domains = example.com
          control = cutthrough_delivery

    …

    accept

Sending now to two recpiens:

    …
    -> RCPT TO:<peter.[hidden] <at> foo.[hidden].de>
    <-  250 Accepted
    -> RCPT TO:<foo <at> foo.[hidden].de>
    <** 451 Temporary local problem - please try later      <--- expected
    -> DATA
    …
    <-  250 OK id=1XqMmX-0004fk-Fe

Here the log:
(Continue reading)


Gmane