GetUp | 23 Jun 09:05 2016

Re: dkim body has been altered

On 2009-07-08 07:50, Terry wrote:
> I have in my config
> 
> DKIM_DOMAIN = ${lc:${domain:$h_from:}}
> DKIM_FILE = /usr/local/etc/exim/dkim/${lc:${domain:$h_from:}}.priv
> DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
> 
> remote_smtp:
>   driver = smtp
>   dkim_selector = dkim
>   dkim_domain = DKIM_DOMAIN
>   dkim_private_key = DKIM_PRIVATE_KEY
>   dkim_strict = 0
>   dkim_canon = relaxed
> 
> But when I run the test here it fails with a body has been altered
> http://www.brandonchecketts.com/emailtest.php
> 
> ------------
> 
> 
> 
> 
> 
> 
> 
> Building DNS Query for *dkim._domainkey.bluelight.org.uk*
> Retrieved this publickey from DNS: v=DKIM1; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL6sgj6uA/v/UPVxVBluitTsKEd3xKcDwrey0YoUIDlmp/AbOoXvt7c8ip1sOQlY2BqfR+Sow47+zSVAf0IAoMTI41ybtj/2mAq2AtElWCp6qIR1llgY0Xk+c6ifpXxuwwIDAQAB
> 
> 
(Continue reading)

Sandeep Singh | 20 Jun 08:18 2016
Picon

TLS renegotiation CVE-2011-1473 BUG

Hi,

I want to fix the TLS renegotiation in exim ( CVE-2011-1473 ). I tried a
lot but not able to find the right option in exim.conf.

If there is any fix available for this bug in exim, please let me know.

Regards,
Sandeep
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
3YSTech Services | 20 Jun 00:13 2016
Picon

Routing to specific domains

Hi ,

I have need to restrict some IPs to send to pre-defined set of domains. I
have 2 sets of IPs with 2 corresponding sets of domains, the 3rd group is
allowed to send to any domains.

How to achieve that..I have put sample of IP and Domain list files.

The relay authorized IPs are listed on file one IP per line.

Group1
1.1.1.1
1.1.1.2
1.1.1.3

Group1 Domains

domain1
domain1a
domain1b

Group2
2.2.2.1
2.2.2.2
2.2.2.3

Group2 Domains
domain2
domain2a
domain2b
(Continue reading)

Nick | 17 Jun 17:19 2016

emulating $verify_mode

Hi,

I'm still searching rather unsuccessfully for a way to prevent my 
router/filter from changing a counter when run in verify mode.

Is there any way of emulating the new variable $verify_mode in older 
versions of exim? (I'm using v4.80 as provided in Debian Wheezy) Perhaps 
by setting a variable in an acl which can be picked up in the filter?

I don't want to use no_verify on my router, since that means mail which 
would have been be accepted aren't. I also don't want to turn of 
recipient verification.  The logic in the filter is fairly complicated 
so I don't really want to duplicate it by implementing a non-mutating 
version specifically for verify mode.  However I might be able to 
duplicate the router definition.  Thus I thought about doing this and 
checking the $router_name but alas that doesn't variable also doesn't 
exist in the versions in question.  And that is currently where I am 
stuck.  Maybe there's something else which allows my filter to detect 
the context it is running in?

Thanks,

Nick

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Rob Gunther | 17 Jun 10:19 2016
Picon

Cert Verification CV=no

I often see in our server logs a little snippet that looks like this:

 CV=no

I understand it means the remove certificate could not be or was not
verified.

Today I got to see some exim logs of a server we send to.

It shows  CV=no, meaning our server (the sending server) has a bad
certificate.

I will work on getting a correct certificate, does anyone know a way as the
sender to verify that I have my new certificate installed and working
correctly?

I guess I would need to send mail somewhere.

Does the certificate need to match the hostname, or can I use a wildcard
cert?

Robert G.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Marco Gaiarin | 15 Jun 18:33 2016
Picon

SAN, email notification and 'SMTP protocol synchronization error'...


I'm setting up my first SAN (an HP MSA 1040, indeed); setting up email i've
seen that does not work.

Digging a bit, i've found:

 2016-06-15 18:26:26 SMTP protocol synchronization error (input sent without waiting for greeting):
rejected connection from H=[10.5.254.2] input="NOOP\r\n"

digging a bit more:

  1   0.000000   10.5.254.2 -> 10.5.1.3     TCP 74 35486???25 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1
TSval=35267624 TSecr=0 WS=64
  2   0.000257     10.5.1.3 -> 10.5.254.2   TCP 74 25???35486 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
SACK_PERM=1 TSval=87315532 TSecr=35267624 WS=128
  3   0.000744   10.5.254.2 -> 10.5.1.3     TCP 66 35486???25 [ACK] Seq=1 Ack=1 Win=14656 Len=0 TSval=35267624 TSecr=87315532
  4   0.001255   10.5.254.2 -> 10.5.1.3     SMTP 72 C: NOOP
  5   0.001388     10.5.1.3 -> 10.5.254.2   TCP 66 25???35486 [ACK] Seq=1 Ack=7 Win=14592 Len=0 TSval=87315532 TSecr=35267624
  6   0.001989     10.5.1.3 -> 10.5.254.2   SMTP 98 S: 554 SMTP synchronization error
  7   0.002257     10.5.1.3 -> 10.5.254.2   TCP 66 25???35486 [FIN, ACK] Seq=33 Ack=7 Win=14592 Len=0
TSval=87315532 TSecr=35267624
  8   0.002369   10.5.254.2 -> 10.5.1.3     TCP 66 35486???25 [ACK] Seq=7 Ack=33 Win=14656 Len=0 TSval=35267624 TSecr=87315532
  9   0.003555   10.5.254.2 -> 10.5.1.3     TCP 66 35486???25 [FIN, ACK] Seq=7 Ack=34 Win=14656 Len=0
TSval=35267624 TSecr=87315532
 10   0.003762     10.5.1.3 -> 10.5.254.2   TCP 66 25???35486 [ACK] Seq=34 Ack=8 Win=14592 Len=0 TSval=87315533 TSecr=35267624

there's some way to fix that (exim side)? Thanks.

--

-- 
  Sicuramente non è necessario essere laureati in economia e commercio
(Continue reading)

Dennis Isaías Cervantes | 13 Jun 19:50 2016

problem to disable a specific account


Hi good morning 

I would like if you help me on how I can do to prevent a specific account
send emails or off for some time, use exim 4.80.1 with mysql

thank you, for your help

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Matt | 10 Jun 19:22 2016
Picon

Aliases

I have this in exim.conf for aliases:

drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  #pipe_transport = virtual_address_pipe
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true

Occasionally one of the email addresses inside an alias will be over
quota generating an annoying bounce.  The email addresses over quota
will be listed in /etc/over_quota_email.  Is there a way to have this
skip attempting to deliver to any email addresses listed in that file?

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Andy Smith | 9 Jun 19:19 2016
Picon

rDNS lookup problem

Hi, 

  I'm running Exim 4.86.2 on FreeBSD 9.3 and I'm having an issue whereby
it is registered incoming mails as originating from hosts without an
rDNS record, but they do have an rDNS record. I've just enabled the
X-Host-Lookup-Failed ACL to add the extra header and it confirms what I
was seeing by enterpreting the "Recieved:" header.  

For example when sending from 93.191.32.251 I see: 

X-Host-Lookup-Failed: Reverse DNS lookup failed for 93.191.32.251
(failed) 

and 

Received: from [93.191.32.251] (port=49828 helo=asigra2.ldex.co.uk) 

but nslookup from the mail server itself provides: 

nslookup 93.191.32.251
Server: 8.8.8.8
Address: 8.8.8.8#53 

Non-authoritative answer:
251.32.191.93.in-addr.arpa name = asigra2.ldex.co.uk. 

Any clues as to why Exim is failing when nslookup/dig from the same host
using the same DNS server work? 

thanks in advance, Andy. 
(Continue reading)

a.smith | 10 Jun 09:56 2016
Picon

rDNS lookup problem

Hi,

   I'm running Exim 4.86.2 on FreeBSD 9.3 and I'm having an issue  
whereby it is registered incoming mails as originating from hosts  
without an rDNS record, but they do have an rDNS record. I've just  
enabled the X-Host-Lookup-Failed ACL to add the extra header and it  
confirms what I was seeing by enterpreting the "Recieved:" header.

For example when sending from 93.191.32.251 I see:

X-Host-Lookup-Failed: Reverse DNS lookup failed for 93.191.32.251 (failed)

and

Received: from [93.191.32.251] (port=49828 helo=asigra2.ldex.co.uk)

but nslookup from the mail server itself provides:

nslookup 93.191.32.251
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
251.32.191.93.in-addr.arpa name = asigra2.ldex.co.uk.

Any clues as to why Exim is failing when nslookup/dig from the same  
host using the same DNS server work?

thanks in advance, Andy.

(Continue reading)

Matt | 10 Jun 02:45 2016
Picon

Block Authenticated Senders Listed in File

I want to block certain authenticated senders.  Not the from address
but the username they do smtp authentication with.

I tried this:

deny authenticated = *
        message = $authenticated_id suspended due to abuse
        #condition = ${if eq{$authenticated_id}{ttest <at> tteeesstt.net} }
       condition = ${if eq{$authenticated_id}{lsearch;/var/bad_senders}

It seems to work when I input a single email address but I want to
block all the email addresses listed in the file bad_senders.  What am
I doing wrong?

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Gmane