headers
Keith Goettert | 1 Aug 2003 05:12

RE: Testing messages released with -Mt command

This is a multi-part message in MIME format.
--
Actually, I didn't think that would work...  I tried it before you
responded. And of course it did.  Sorry.

-----Original Message-----
From: exim-users-admin <at> exim.org [mailto:exim-users-admin <at> exim.org] On Behalf
Of Philip Hazel
Sent: Thursday, July 31, 2003 2:32 AM
To: Keith Goettert
Cc: exim-users <at> exim.org
Subject: RE: [Exim] Testing messages released with -Mt command

On Wed, 30 Jul 2003, Keith Goettert wrote:

> .....
> or do a queue run with -d (lots of output).
>                                       ......
>
> What would the command line look like to execute this (I'm in CLI
> overload, sorry).

Is it really so hard to grep spec.txt for "queue run" and "debug"?

exim -d -q

If you want to save the debugging output

exim -d -q 2>/tmp/some/file
(Continue reading)

Permalink | Reply | 0 comments |
headers
Cory Daehn | 1 Aug 2003 05:50
Picon
Favicon

How do I relax ACL?

I found several disturbing entries in my reject log....  They all resemble the
entry below... How do I get exim to accept these messages?  Or would I be
better off contacting the offending e-mail senders and having them fix their
broken mail?

2003-07-31 20:29:16 19iOjK-0003rm-3g H=orb.pobox.com [216.65.124.72]
F=<bounces <at> 
MCSEguide.com> rejected after DATA: malformed address:
<DailyQuest <at> MCSEguide.com
>\n may not follow DailyQuest <at> MCSEguide.com : failing address in "From" header
i
s: DailyQuest <at> MCSEguide.com <DailyQuest <at> MCSEguide.com>
Envelope-from: <bounces <at> MCSEguide.com>
Envelope-to: <lormar <at> labnet.com>
P Received: from orb.pobox.com ([216.65.124.72])
        by landau.labnet.com with esmtp (Exim 4.20)
        id 19iOjK-0003rm-3g
        for lormar <at> labnet.com; Thu, 31 Jul 2003 20:29:14 -0500
P Received: from orb.pobox.com (localhost [127.0.0.1])
        by orb.pobox.com (Postfix) with ESMTP id 4ACAD156315
        for <lormar <at> labnet.com>; Thu, 31 Jul 2003 21:29:10 -0400 (EDT)
  Delivered-To: cdaehn <at> pobox.com
P Received: from mcseguide1.mcseguide.com (mcseguide1.mcseguide.com
[63.122.170.
45])
        by orb.pobox.com (Postfix) with SMTP id 3A217156042
        for <cdaehn <at> pobox.com>; Thu, 31 Jul 2003 21:26:21 -0400 (EDT)
I Message-ID: <16480640-220038510314359 <at> MCSEguide.com>
  X-EM-Version: 6, 0, 1, 0
  X-EM-Registration: #00B06306109813000D50
(Continue reading)

Permalink | Reply | 501 comments |
headers
Alexander Sabourenkov | 1 Aug 2003 08:56
Favicon

Re: Second stab at supporting Cyrus SASL's saslauthd

Philip Hazel wrote:

>>With sub-curly-braces I got rid of possibility of encountering ':' in password
>>or elsewhere (by which i was once bitten), but now none of the fields can
>>contain '{' or '}'. Not that curly braces are that common in passwords, but
>>nevertheless is there any way to somehow escape curly braces?
>
>
> With something like
>
>
>>server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
>
>
> This should not matter, because Exim does not re-expand the data that it
> inserts. (Only if you wrap it inside ${expand: does it do this.) Have
> you tried a password that contains braces? I would expect it to work.

Hmm. I'm more concerned about the case when, say, realm has to be hardcoded
into configuration and to have a curly brace(s) in itself.  One can make an
lsearch-file to get around this, like:

realm:   }curly{}realm{
service: {curly}{service}

${if saslauthd{
  {$2}\
  {$3}\
  {${lookup{service}lsearch{/etc/curly-stuff}}\
  {${lookup{realm}lsearch{/etc/curly-stuff}}\
(Continue reading)

Permalink | Reply | 1 comment |
headers
Alexander Sabourenkov | 1 Aug 2003 09:11
Favicon

Re: Second stab at supporting Cyrus SASL's saslauthd

Matt Bernstein wrote:
[...]
>>We haven't yet deployed Cyrus IMAP, so the testing was at most cursory.
>
>
> I wouldn't say that! Cyrus SASL does not in any way depend on Cyrus IMAP,
> so if it works it works :)

Yes, but I prefer to test the whole config i'll be using once i'm certain
there are no obvious errors in components.

> I'll try to have a look at this in the next week or three, but in the
> longer term I might have a crack at writing a "sasl" authenticator (server
> only) for Exim, which would be able to advertise DIGEST-MD5, GSSAPI etc.
> The SASL API looks quite straightforward, and the Exim's idea of an
> authentication conversation seems to fit quite neatly.
>
> Is anyone else looking at this?

Hmm. An overkill I'd say.

--

./lxnt

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
(Continue reading)

Permalink | Reply | 1 comment |
headers
Griffiths M (ISeLS | 1 Aug 2003 09:43
Picon

Extracting arbitary field from LDAP return string

Hello,

I've mulled over the new book and done the RTFM thing but am still not sure
if I
can do what I want to do.

I would like to extract an address from the results of an Active Directory
LDAP lookup.
The format of the returned string is: (line-wrapped for ease of transport)

smtp:foo <at> glam.ac.uk, SMTP:foo <at> servername.glam.ac.uk,
 X400:c=us;a= ;p=Prifysgol Morgan;o=Exchange;s=Bloggs;g=Fred;

Those familiar with Exchange and AD will probably recognise the
"proxyAddresses"
attribute output shown.

The field I need to extract (in this case) is the address found after the
uppercase
"SMTP:" i.e.  foo <at> servername.glam.ac.uk

I can extract the field in full, that is with the SMTP: attached, but no
without.

Is it possible to insert a regular expression into the standard:-

	$extract{????}{${lookup ldap...

that would perform my required task or is there another way (address_data?)
of achieving
(Continue reading)

Permalink | Reply | 1 comment |
headers
David Saez | 1 Aug 2003 09:53
Picon
Gravatar

Re: SPF ACL for Exim

Hi !!

> > Regarding ACL programming I just miss some features that could make it
> > (more) perfect:
>
> ACLs are not a programming language. If you want to do programming, then
> you are probably better off calling embedded Perl from within the ACL (or
> using ${run if you don't mind the performance hit; or maybe even
> ${socket with a daemon).

Perl and run add too overhead and sockets require more programming
when a simple way to iterate will simplify simple tasks that are now
a bit tedious to implement or just impossible to do just with acl's.

--
Best regards ...

Does fuzzy logic tickle?

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david <at> ols.es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
(Continue reading)

Permalink | Reply | 0 comments |
headers
Philip Hazel | 1 Aug 2003 10:17
Picon
Picon

Re: hmac comment from the exim manual

On Thu, 31 Jul 2003, Richard Welty wrote:

> i'd like to propose a more accurate phrasing for the last sentence:
>
> This differs from ${md5:secret_text...} or ${sha1:secret_text...} in that
> the hmac step adds a signature to the crypographic hash, allowing for
> authentication that is not possible with md5 or sha1 alone.

Thanks, Richard. That explains it much better (both the code and text
were originally user contributions).

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
Permalink | Reply | 0 comments |
headers
Philip Hazel | 1 Aug 2003 10:19
Picon
Picon

Re: "SMTP protocol violation: synchronization" error when using TLS with Outlook on a port other than 25?

On Thu, 31 Jul 2003, Ralf Hauser wrote:

> SMTP protocol violation: synchronization error (next input sent too soon):
> rejected "<80>j^A^C^A" H=[10.2.1.1]

There is already another thread already running on this mailing list on
this very topic.

> Therefore my question: has anybody been successful at running a production
> exim with SMTP-TLS on a port other than 25 with Outlook users?

You have to use the -tls-on-connect and -oX options to run a second Exim
daemon.

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
Permalink | Reply | 1 comment |
headers
Philip Hazel | 1 Aug 2003 10:21
Picon
Picon

Re: How do I relax ACL?

On Thu, 31 Jul 2003, Cory Daehn wrote:

> I found several disturbing entries in my reject log....  They all resemble the
> entry below... How do I get exim to accept these messages?

If you want to accept messages with malformed headers, do not use

  verify = header_syntax

It is as simple as that. This header line is syntactically invalid:

  From: DailyQuest <at> MCSEguide.com <DailyQuest <at> MCSEguide.com>

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
Permalink | Reply | 501 comments |
headers
Philip Hazel | 1 Aug 2003 10:24
Picon
Picon

Re: Second stab at supporting Cyrus SASL's saslauthd

On Fri, 1 Aug 2003, Alexander Sabourenkov wrote:

> Hmm. I'm more concerned about the case when, say, realm has to be hardcoded
> into configuration and to have a curly brace(s) in itself.

If you have a hard-coded curly brace in an expanded string, you can
escape it with \ just like any other character that the expander treats
specially.

$ exim -be
> ${if eq {\{}{\}}{yes}{no}}
no

> Problem is, while for two fields with more-or-less clear semantics this is
> acceptable, four fields of saslauthd, with two latter still remaining a
> mystery, I'm afraid colon-separation is not the right thing.

Oh, I entirely agree.

> I think it's better to deprecate pwcheck condition itself. In Cyrus SASL
> pwcheck has been deprecated long long ago in favor of saslauthd.

Ah. I didn't know that. Makes sense.

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--
(Continue reading)

Permalink | Reply | 0 comments |

Gmane