Arkadiusz Miśkiewicz | 4 Mar 11:23 2015

ratelimit with constant "expiry" date


Assume rules that do:

   ratelimit = 15 / 2h / noupdate / strict / per_conn

warn ...
   ratelimit = 15 / 2h / strict / per_conn

Now customer hits notquit for example 500 times, gets finally blocked by 
acl_smtp_connect. Now it needs to wait ln(peakrate/maxrate) 2h periods (so 
~7h) to get counter go below limit.

How I can get constant 2h period (after last ratelimit update for example) to 
get counter zeroed while still keep counting real ratio (so can't drop 
"strict") for log purposes?

ps. how current "average rage" is actually calculated? Don't see this in docs.
Arkadiusz Miśkiewicz, arekm / ( | )


## List details at
## Exim details at
## Please use the Wiki with this list -
helices | 3 Mar 03:56 2015

How can exim do this?

I am tasked to design, build and maintain a new MTA.  The company has 
one special requirement, for which I'm investigating the simplest solution:

For each incoming message received, every outgoing "reply" must use the 
"To:" address from the incoming received message as the "From:" address 
in the outgoing reply.

This is trivial when the incoming has "To: sally <at>," Sally 
reads and replies, and the outgoing message has "From: sally <at>"

It's trickier when the incoming has "To: info <at>," the MTA 
delivers to an Exchange server, which distributes that message to Sally, 
and Sally replies.  What is the simplest way for that outgoing message 
to use "From: info <at>"

Scope is roughly one hundred (100) different domains and, possibly, 
thousands of combinations with various username <at>

Ideally, the MTA will handle all of header address processing, whatever 
that process might look like.  I seek the simplest solution, regardless 
how that process looks and compares to the status quo.

Please, advise. Thank you.



## List details at
## Exim details at
## Please use the Wiki with this list -
(Continue reading)

Godfrey | 2 Mar 16:12 2015

Asking for help getting Spam Assassin to work on Exim 4.85 & Exim4u

Hello All 

I am asking for help getting spam assassin to work with on Freebsd 10.1 and Exim 4.85. I am really stuck and the
only option left is to ask list members for help. 

If I disable the spam assassin option in the config every thing works as intended. When I enable spam
assassin I get these messages in my log files.

R=virtual_domains defer (-1): Temporary internal error

The mail then spools. 

I have been through spam assassin config and installed everything according to this howto. 

I set up exim this way 

pkg install -y exim-mysql-4.85_1

But I have done it on other server using make .... etc etc you know the old way but it makes no difference which
way exim is complied the result is the same. 

root <at> 32.165 ~ # exim --version
Exim version 4.85 #1 (FreeBSD 10.0) built 11-Feb-2015 14:39:50
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL
Content_Scanning DKIM Old_Demime PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch mysql passwd
(Continue reading)

Ryta Kashemire | 27 Feb 11:44 2015

Relay Not permitted

Hi All

Iam running exim-4.83-3.1.8.x86_64 on my relay server. One client who
relays through my server has issues with receiving mail from a particular

My relay server rejects the email with error

*"F=<xxx <at> <xxx <at>>> rejected RCPT
<yyy <at> <yyy <at>>>: relay not permitted".*

Any pointers on how to get tis fixed?.


## List details at
## Exim details at
## Please use the Wiki with this list -

Matt Bryant | 27 Feb 06:37 2015

HAProxy SMTP Proxy Protocol


Is anyone using this in anger yet ??? Been doing some testing and most 
of the time it works ok but there are occasions when 'Proxy Negotiation' 
fails, give the ha proxy VM a quick reboot and starts working again . 
which is kinda strange.

Also it seems that when negiotiating does fail its a permenant error -  
so messages get rejected and bounced rather than deferred .. is this 
correct - is there a way to change that ???


Matt B.


## List details at
## Exim details at
## Please use the Wiki with this list -

Frank Elsner | 26 Feb 13:32 2015

exim auth as client


I must use smtp authentocation with exim as a client.

My /etc/exim/auth file contained the line^user^password

but this doesn't work. I had to change it to^user^password

which works because

| in hosts_try_auth? yes (matched "*")
| scanning authentication mechanisms
| search_open: lsearch "/etc/exim/auth"
| search_find: file="/etc/exim/auth"
|   key="" partial=-1 affix=NULL starflags=0
| LRU list:
|   9/etc/exim/auth
|   End
| internal_search_find: file="/etc/exim/auth"
|   type=lsearch key=""
| file lookup required for
|   in /etc/exim/auth
| lookup yielded: ^user^password

This is uncomfortable as IP may change :-(
(Continue reading) | 26 Feb 08:26 2015

Odd problem on debug option (-d) an verbose options (-v)


As root identify i run exim in debug mode ass this:
exim -bd -d

Then apperas a lot of initial messages and the last one is 
"26376 Listening..."

Well, the problem is despite the messages i send successfully, nothing
else appears in the screeon, it is blocked in "listening..."

The same happens with the verbose (-v) option. After 2 line of initial
message nothing else happens.

May sameone tell me what i'm doing wrong.

Thank you very much

Pd: Here comes the inital messages i received.

Exim version 4.85 uid=0 gid=0 pid=26376 D=fbb95cfd
Berkeley DB: Berkeley DB 4.5.20: (January 27, 2013)
Support for: crypteq iconv() Perl DKIM PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
dbmnz dnsdb
Authenticators: cyrus_sasl plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
(Continue reading)

Matt | 25 Feb 20:28 2015

Rate Limit

# Slow down fast senders; note the need to truncate $sender_rate
# at the decimal point.
warn ratelimit = 100 / 1h / per_rcpt / strict
     delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
                   $sender_rate_limit }s

Anyway to make this NOT limit authenticated senders?


## List details at
## Exim details at
## Please use the Wiki with this list -

Jim Trigg | 25 Feb 06:57 2015

PCRE virtual addresses

I'm switching from Postfix to Exim. The one facility that I use in
Postfix that I haven't figured out how to implement in Exim is PCRE
aliases. I include an example below. Any suggestions how to write a
router for this in Exim? Also, is there a different syntax I should
be using in the file?

The idea is that for example jtrigg+anything <at> anydomain.tld (for domains
where jtrigg is a valid recipient) redirects to
blaise+$domain-$local_part_suffix <at> localhost. The service accounts
redirect to blaise+$domain-$local_part <at> localhost.

I know the redirects I suggest in Exim format don't quite match what I
currently have, but they're close enough for me - I don't mind adding
the tld to the domain or "master" to the role for the ones I'm currently
shortening; either way would work for me.

Munged example to elide actual domain names from my existing virtual.pcre:
/^(abuse|policyd|root) <at> (anydomain).tld$/	blaise+${2}-${1} <at> localhost
/^(host|list|post|web)master <at> (anydomain).tld$/	blaise+${2}-${1} <at> localhost
/^jtrigg([-+].+) <at> (anydomain).tld$/		blaise+${2}${1} <at> localhost
/^jtrigg <at> (anydomain).tld$/			blaise+${1} <at> localhost

Jim Trigg


## List details at
## Exim details at
## Please use the Wiki with this list -

(Continue reading)

Sujit Acharyya-choudhury | 24 Feb 17:14 2015

Re: ignore_bounce_errors_after

I am not sure whether MessageLabs is really that reliable.  In the past
I managed a large enterprise e-mail only on a part-time basis, without
any spam and virus after fine tuning it.  
This is a new place.  The question is if we change the values, there
would less on the queue on our gateway machines to look at.  

Also, Paul's observation of Message Labs (Symantec) are notorious for
having HELO/EHLO which do not resolve to the sender's host IP address is
a bit of worry.



-----Original Message-----
From: Jeremy Harris [mailto:jgh <at>] 
Sent: 24 February 2015 16:00
To: Sujit Acharyya-choudhury
Subject: Re: [exim] ignore_bounce_errors_after

On 24/02/15 15:51, Sujit Acharyya-choudhury wrote:
> Actually, we are passing all the external messages to MessageLabs from

> now on, so the tweak.

Shrug.  If MessageLabs really is reliable (and also your network
connection), changing the values from default will have zero effect.

(Continue reading)

Sujit Acharyya-choudhury | 24 Feb 16:27 2015


Should the value of ignore_bounce_errors_after be much less than
time_out_frozen_after?  I have currently set it to 1 hour and
time_out_frozen_after to 48h.  I have not set auto_thaw at all.


Sujit Choudhury | IT Services


## List details at
## Exim details at
## Please use the Wiki with this list -