private user | 26 Mar 22:34 2015

Send mailbox warning if mailbox reach quote of 80%

Dear all,

First of all thank you for reading this message.

I have a virtual server with DirectAdmin and Exim installed.
Because currently no warning message is send to the mailbox user when he reaches 80% of the quota set on the

We tried to implement this, but it doesn't seem to work.

Is there someone on this group who have implemented a mailbox warning on a virtual server with directadmin
and Exim and can tell me how to do this?

Yours Sincerely,

## List details at
## Exim details at
## Please use the Wiki with this list -

Bill Volz | 26 Mar 17:16 2015

Exim having trouble verifying multiple dkim signatures

I am able to consistently reproduce an issue where if an inbound message has 2 DKIM signatures the second
signature verification always fails.  In my test the first DKIM is representing the From domain and the
second is the Service Provider using an identity tag.

The log shows this..
2015-03-26 14:11:52 1Yb8Vk-0000nh-OF DKIM: s=dkim c=relaxed/relaxed a=rsa-sha1
t=1427379109 x=1429971109 [verification succeeded]
2015-03-26 14:11:52 1Yb8Vk-0000nh-OF DKIM: s=dkim c=relaxed/relaxed
a=rsa-sha1 i= <at><mailto:i= <at>> t=1427379109 x=1429971109
[verification failed - signature did not verify (headers probably modified in transit)]

I don’t think that its a problem with the the signature as far the hash being invalid because both DKIM
signatures are using the same exact hash.  I can see this in the DKIM header.  I have also tested the same type
of messages and they all validate with other providers like gmail and yahoo.  In addition I am pretty sure
it’s not specific to the Identity domain because if I send the message by itself without the "From DKIM"
the identity verifies correctly (shown below.)

2015-03-26 14:20:22 1Yb8dy-0000no-Al DKIM: d= s=dkim c=relaxed/relaxed
a=rsa-sha1 i= <at><mailto:i= <at>> t=1427379618 x=1429971618
[verification succeeded]

I also see this error occurring on multiple installations but for my testing I am using Exim version 4.82 #3
built 25-Feb-2014 16:39:20, I didn’t see any DKIM changes in the release notes since this version.

Could there be some issue with Exim modifying the message after it does the first DKIM check, which is
causing the second check to fail?  I only see the received header as being added in the final message and the
DKIM h= value doesn’t contain received. (h=list-unsubscribe:mime-version:from:to:date:subject:content-type:content-transfer-encoding;)

Bill Volz
(Continue reading)

Scott Neader | 26 Mar 17:33 2015

Block connections based on HELO

If I want to block someone that sends HELO as "EXAMPLE" I can do the

acl_smtp_helo = acl_smtp_helo
   condition = ${if eq {$sender_helo_name}{EXAMPLE} {yes}{no}}
   log_message = HELO/EHLO - EXAMPLE blocked
   message = EXAMPLE HELO blocked

However, I need a little help with trying to block more than one HELO, for
example, if I want to block EXAMPLE and also FOO.  A push in the right
direction would be appreciated!

- Scott

## List details at
## Exim details at
## Please use the Wiki with this list -

Jeremy McSpadden | 26 Mar 04:20 2015

hostmarma blocked but whitelisted

I am not sure why emails are being blocked if they're returning on the whitelist for hostkarma

The sender is in a black list at White listed See


  deny    message       =  The sender $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
                 dnslists      =
Jeremy McSpadden
Flux Labs |<> | Endless Solutions
Office : 850-250-5590x501<tel:850-250-5590;501> | Cell : 850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>


## List details at
## Exim details at
## Please use the Wiki with this list -

Steven Nikkel | 24 Mar 17:43 2015

IPv6 host_lookup

I'm getting error messages and failed lookups for IPv6 clients:

"no host name found for IP address 2001:[...snip...]"

IPv4 addresses resolve correctly within exim and the logged IPv6 
addresses can be correctly resolved on the command line on the mail 
server host.

Do I have something configured wrong or is this a bug?
Steven Nikkel
steven_nikkel <at>


## List details at
## Exim details at
## Please use the Wiki with this list -

Chris Siebenmann | 23 Mar 19:53 2015

Limit the total number of headers in incoming SMTP messages?

 We use a commercial anti-spam system behind our Exim-based inbound MX
gateway that turns out to be unhappy if a message has 'too many' headers
(where this is an undocumented value of more than 512 headers). I'd like
to detect and reject these messages in the DATA phase, rather than having
them accepted, passed to the anti-spam system, and die quietly.

 Given that the 'regex' ACL condition is specifically restricted to
handling a single line, about the only way to do this that I can see
is to (ab)use Exim's content scanning interface to run a program that
counts header lines and emits a suitable 'I found bad stuff' message
when it finds too many headers that the DATA ACL will then use to reject
the message. This seems a little bit brute force (among other things,
it means running an external program on every incoming messages).

 Can anyone think of a better way to do this?

 Thanks in advance.

	- cks


## List details at
## Exim details at
## Please use the Wiki with this list -

Leonardo Boselli | 21 Mar 18:51 2015

catch-almost-all forwarding

One association had their mail hosted by a friendly ISP.
All the contacts where made with one person of the staff of the ISP that 
cared the updating of userlists and distribution lists.
Now this person is in a sabbatical year traveling in remote plagues of the 
world and sometimes answering the email after more than one month.
The update of most lists is urgent so we decided to put all in one of 
the association's server, given also that the ISP announced that free
hosting of mail service would end on june.
So we faced the problem that we know the content of most lists, but we do 
not know the content of one list and more important we do not know the 
list of addresses xxx <at> that are set, we know a few ones but 
could be more .
We tried to ask the isp so can give us the list but they said that since 
all the arrangement were made by that person, before passing the 
information they must have approval by that person, or at least timeout 
for his reply. So probably until end of april we will not have any 
So my idea was to set the new server, moving to it the MX, setting all the 
lists and user we know, and for unknown adrresses forward it to the 
current server.
So we could know which are the active address, and being able to contact 
the owner to complete migration (if an address in two months does not 
receive a messge we can assume it is dead), at the same time if the user 
is active the service is not disrupted.
(please do not ask why there are some user on the domain and the owner of 
the domain do not have the list ...).
Of course i cannot make a normal catch-all that route "noirmally" since 
the mx for the domain is the server that is forwarding, so it must forward 
the messge without canging it, but forwarding to a different machine that 
is no longe the one on mx record ...
(Continue reading)

J. | 21 Mar 03:16 2015

Failed to get write lock for /var/spool/exim4/db/retry.lockfile: timed out

Hello exim peeps,
Sorry to bug you with a likely non-issue, but I've been getting this message from root every day:
Subject:exim paniclog on has non-zero size

exim paniclog /var/log/exim4/paniclog on has non-zero size, mail system might be
broken. The last 10 lines are quoted below.

2015-03-04 06:29:05 1YUEMX-0002oW-Fs Failed to get write lock for
/var/spool/exim4/db/retry.lockfile: timed out
------Any suggestions on how to address the issue? Thanks!

## List details at
## Exim details at
## Please use the Wiki with this list -

Heiko Schlittermann | 20 Mar 23:02 2015

DANE? verify = recipient/callout: DNS gets a query about _-1._tcp.<hostname>


I've tried to setup DANE.

It works fine.
Tested: date | exim -v hs <at>

2015-03-20 22:56:05 [15276] 1YZ4th-0003yO-AI <= root <at> U=root P=local S=369
M8S=0 from <root <at>> for hs <at>
2015-03-20 22:56:05 [15278] cwd=/var/spool/exim4 4 args: /usr/local/exim/bin/exim -v -Mc 1YZ4th-0003yO-AI
2015-03-20 22:56:08 [15278] 1YZ4th-0003yO-AI => hs <at> I=[]
F=<root <at>> P=<root <at>> R=dnslookup T=remote_smtp S=381 []:25 X=TLSv1.2:DHE-RSA-AES256-SHA256:256 CV=dane
DN="/description=D1kmXl5Dw4CO0vGH/C=DE/ <at>"
C="250 OK id=1YZ4tk-0005Wv-Ej" QT=3s DT=3s
2015-03-20 22:56:08 [15278] 1YZ4th-0003yO-AI Completed QT=3s

But, now I've setup "verify = recipient/callout", doesn't work anymore...
I'm testing it using swaks:

swaks -f hs <at> -t hs <at> --pipe 'exim -bhc'  -q rcpt  
>>>   SMTP>> QUIT
>>> interface=NULL port=25
>>> in hosts_require_dane? yes (matched "*")
LOG: [15308] DANE error: TLSA lookup failed

In my Bind querylog I see lookups for _-1._tcp.<mx>.

 <at> jgh: didn't we have some similiar problem already, when some part of
(Continue reading)

Marc Baasten | 19 Mar 20:07 2015

search exim logs with input file, maybe csv ?

Hello all,

I have to look up allot of e-mail addresses in the log files, is it
possible to feed exigrep with a input file ( maybe csv style ) with these
e-mail addresses
and have the output exported to a file.

Or is possible to do this with a different tool than exigrep which leaves
the exim format intact ?

Thank you in advance,



## List details at
## Exim details at
## Please use the Wiki with this list -

Tom Vernon | 19 Mar 02:09 2015

TLS error when configuring exim for STARTTLS

Hi there,

I have just recompiled exim 4.85 on Centos 6 to have OpenSSL support for 
STARTTLS.  I have added the following to my config:

tls_certificate         = /etc/exim/xxxxx.cer
tls_privatekey          = /etc/exim/xxxxx.key
tls_advertise_hosts     = *

STARTTLS is advertised but when I try to connect and initiate STARTTLS I 
get the following at the client end:
mail from:bob <at>
554 Security failure

And this at the server end:

2015-03-19 00:04:02 TLS error on connection from (ME) [xx.xx.xx.xx] 
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
2015-03-19 00:04:02 TLS client disconnected cleanly (rejected our 

Does anyone have any ideas on what I can look at?  The certificate is 
valid and the files have the correct permissions.  I'm pretty stumped 
right now.



## List details at
(Continue reading)