Anoop John | 18 Oct 10:48 2014
Picon

DDOS on SMTP port by large number of new connections from random IPs

Hello,

I have run into a problem on my server with a DDOS attack on port 25. The
server is getting large number of connection requests on port 25 from
random IPs continuously preventing any access to the SMTP port by valid
users. Also the server reaches the limit of 100 simultaneous SMTP
connections within seconds of restarting the server. The server is
configured to require authentication before sending mails via SMTP so there
is no spamming / relay attempt via the server.

Is there some setting in exim that can drop connections if there is no
authentication within a timeout or something like that?

Thanks in advance for your help / guidance in this regard.

Thanks
Anoop
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

TPCexim | 16 Oct 18:49 2014
Picon

Problem disabling SSLv3 ciphers on Exim 4.72 to deal with Poodle vunerability (CVE-2014-3566)

Dear All,
	I have been going round and round in circles trying to do this :-{. I have tried lots of different
incantations using tls_require_ciphers but without success.  
My exim which came ready built in an RPM is linked with OpenSSL rather than GnuTLS. I am using 'nmap --script
ssl-enum-ciphers -p 465' to see what ciphers are offered.

Without a tls_require_ciphers statement I get the following protocols offered; SSLv3, TLSv1.0,
TLSv1.1, TLSv1.2; each with at least 13 ciphers included.  Ideally I would 
like to just eliminate all the SSLv3 ones.  The closest I have been able to come to doing this is to get only
TLSv1.2 protocol with the following four ciphers
(TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 only).  External relay
machines 
delivering mail (eg. Microsoft's FOPE servers) do not find an acceptable choice amongst these.

I am at a loss to know why 'tls_require_ciphers = All:!SSLv2:!SSLv3' does not do what I want.  It just results
in no ciphers being offered.

Below is the full list of every combination I tried in /etc/exim.conf, together with an appended one line
summary of what resulting ciphers were offered as available.

I would like to get the system secured against SSLv3 ASAP.  Please help!

System details: 
 OS: SLC6 (derivative of RHEL6).
 Arch: X86_64

Thanks
Tom Crane

(Continue reading)

Alexandre | 19 Oct 23:20 2014
Picon

Re: Create aliases before rewrite domain

Thank you very much Jeremy. Your configuration works perfectly!

Exemple :
---
smarthost_test_fr:
         domains = test.fr
         driver = manualroute
         transport = remote_smtp
         route_list = * smtp.test.com:smtp2.test.com
---

I added a file in 999_test_router in /etc/exim4/conf.d/router and 
aliases works too.

Thank you.

Alexandre

On 19/10/14 22:55, Jeremy Harris wrote:
> On 19/10/14 21:46, Alexandre wrote:
>> Thank you Jeremy. Would you have a sample configuration?
>>
>>
>> I test this configuration but I do not understand how to operate it.
>>
>> ---
>> smarthost_test:
>
>>     condition = ${if eq {${lc:$sender_address_domain}} {test.fr} {true}
>> fail }
(Continue reading)

Ted Cooper | 18 Oct 17:05 2014
Picon

Re: Disabling SSLv3 on Exim 4.75

On 19/10/14 00:49, Cyborg wrote:
> Openssl has announced a workaround for sslv3. I'm not sure about what it
> does, but maybe you don't need to change exim's config at all.

The update to OpenSSL has enabled TLS_FALLBACK_SCSV protocol extension
which prevents MITM attackers from being able to force a protocol
downgrade. Both the client and the server must be upgraded to support
this protocol for it to be of any use.

You're still better off disabling SSLv3 since the udpate only helps
servers which have been upgraded, and run OpenSSL. Other implementations
may not support the extension.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Luca Bertoncello | 18 Oct 13:27 2014
X-Face
Picon

Disabling SSLv3 on Exim 4.75

Hi list!

I cannot find a way to disable SSLv3 on Exim 4.75...
Could someone help me?
Exim 4.75 was compiled with OpenSSL.
Here the options:

Exim version 4.75 #2 built 18-Apr-2012 14:52:40
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009)
Support for: crypteq iconv() IPv6 TCPwrappers OpenSSL move_frozen_messages
Content_Scanning DKIM Experimental_SPF Experimental_SRS Lookups (built-in):
lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz mysql Authenticators:
cram_md5 plaintext spa Routers: accept dnslookup ipliteral manualroute
queryprogram redirect Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 0.9.8k 25 Mar 2009
OpenSSL runtime version: OpenSSL 0.9.8k 25 Mar 2009
Configuration file is /etc/exim/configure

Thanks a lot
Luca Bertoncello
(lucabert <at> lucabert.de)

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

(Continue reading)

elrippo | 18 Oct 10:37 2014
Picon

POODLE advisory from exim-announce

I am running exim on Ubuntu 12.04 LTS

If i define "tls_require_ciphers = NORMAL:!VERS-SSL3.0"

i get an error in the log and the messages are not handled...
"2014-10-18 10:07:55 TLS error on connection from (user) [151.236.xxx.xxx] (gnutls_handshake): No
supported cipher suites have been found."

Can you advise please?

-------------------------------------------------

POODLE is a new attack on SSLv3 that makes it easy for a man-in-the-middle
attacker to decrypt web cookies. For details see https://poodle.io/

The recommended mitigation is to disable SSLv3 and support only TLSv1.x.
However this is liable to cause some interoperability problems to roughly
0.5% of users. For SMTP the main concerns that we know about are old
Android clients and even older Microsoft Exchange servers; a similar
number of newer clients and servers seem to be misconfigured to disable
TLS and support SSLv3 only.

The main concern about being attacked by a POODLE is that your SMTP AUTH
credentials might be compromised. However the web-based version of the
POODLE attack does not apply to email protocols, for reasons set out at
the end of this message, so disabling SSLv3 for email is less urgent.

Nonetheless, this attack is driving a major shift to eliminate the use of
SSLv3 in all protocols, so we can expect future releases of security
libraries to drop support. You should probably try to identify problems
(Continue reading)

Alexandre | 17 Oct 17:28 2014
Picon

Create aliases before rewrite domain

Hello everyone,

I wish exim created aliases before rewrite domain name.

In the /etc/aliases :

---
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
net: root
root: usertest <at> domaintest.com
grouptest:        :include: /etc/exim4/list-aliases/grouptest
---

in /etc/exim4/list-aliases/grouptest
---
usertest1 <at> domaintest.fr
usertest2 <at> domaintest.fr
usertest3 <at> domaintest.fr
(Continue reading)

Marco Gaiarin | 16 Oct 10:03 2014
Picon

POODLE...


	http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

How to disable SSL 3.0 in exim?

Precisely, in debian exim for squeeze (4.72-6+squeeze4) and wheezy (4.80-7)?

Seems to me i've to use 'gnutls_require_protocols', but i've not found
documentation about it...

Thanks.

-- 
  Il voto e` l'orgasmo della democrazia
						(Marco Pio Bravo)

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mark david mcCreary | 15 Oct 22:50 2014

Inject email into Exim, get Return Code if Temporarily Delayed

I would like give Exim a message to deliver to a remote host, and get 
notified if Exim received a 4xx - Temporary Delay.

That is, if the messages is delivered successfully or bounces (5xx), 
that is fine.

But I don't want messages sitting on the queue because there was a 
temporary error.  I want the spool queue to be empty at all times.

Does anybody have any ideas on how this might be possible with Exim ?

Thanks

mark

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Jeremy Harris | 13 Oct 16:57 2014

Features for Exim 4.85

Hi,

  The Exim developers are now starting to consider what
currently-experimental features should be moved to the
mainline (meaning, the default Makefile includes them)
for version 4.85.

One proposal is EXPERIMENTAL_DSN.  Could people using
it currently please report their experience and any
(or none) issues?

Any others people are interested in, likewise.
-- 
Thanks,
   Jeremy

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Alexandre | 13 Oct 15:51 2014
Picon

Disable dns_check_names_pattern

Hello everyone. We migrate our infrastructure postfix to exim. However, 
an old application (mail to fax) uses a domain "[ip-address]". This 
illegal domain works with postfix and not with exim.  I try to disable 
"dns_check_names_pattern" but my mail is rejected.

---
sendmail -bP
.
.
.

deliver_queue_load_max =
delivery_date_remove
no_disable_ipv6
dkim_verify_signers = $dkim_signers
dns_again_means_nonexist =
dns_check_names_pattern =
.
.
.
---

My test :
---
echo "" | mutt -a "/tmp/test.pdf" -- infos <at> [172.16.15.171]
Error sending message, child exited 1 ().
Could not send the message.
---

Do you have any idea?
(Continue reading)


Gmane