Dennis Skinner | 1 Oct 01:43 2003

SPA Authentication

Hello all,

Having some fun setting up SPA authentication in exim.  Here is what I
have in the authentcators section:

spa:
   driver = spa
   public_name = NTLM
   server_advertise_condition = 1
   server_password = ${lookup{$1}lsearch{/export/exim/etc/passwd}}
   server_set_id = $1

The passwd file is user:password format.  I setup Evolution to use SPA
and tested.  The value that ends up in $1 is missing every other
character, so for "dskinner", $1 contains "dkne".  If I double the
username in Evolution (ddsskkiinnnneerr), it works fine.  This could be
a bug in Evolution.  Not sure.  Not huge deal since I'll just use cram
instead (which seems to work).

I ran next door and setup a windows box (outlook express 6) to test it
and it seems to be having issues with the challenge/response.  Here is a
portion of the debug (+all) output:

23:14:44  8150 SMTP>> 250-mail.digitaldms.com Hello apu [205.232.78.57]
23:14:44  8150 250-SIZE 5242880
23:14:44  8150 250-PIPELINING
23:14:44  8150 250-AUTH NTLM
23:14:44  8150 250 HELP
23:14:44  8150 SMTP<< AUTH NTLM
23:14:44  8150 SMTP>> 334 NTLM supported
(Continue reading)

Randall Smith | 1 Oct 07:15 2003

newbie question - massive rejection emails

I'm getting 100's of email each day that look like this.

'''
Message from rocketmail.com

Undeliverable message to ldaeqlnc <at> rocketmail.com

Message follows:
'''

These are sent to my personal account.  What is all this?

Randall

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##

Juha Saarinen | 1 Oct 07:42 2003
Picon

Re: newbie question - massive rejection emails

Randall Smith wrote:

> I'm getting 100's of email each day that look like this.
>
>
> '''
> Message from rocketmail.com
>
>
>
> Undeliverable message to ldaeqlnc <at> rocketmail.com
>
>
> Message follows:
> '''
>
> These are sent to my personal account.  What is all this?

Without headers, it's hard to tell, but I'd say it's either a virus or a
spammer forging you as the sender.

--
Juha

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##

(Continue reading)

Stian Grytoyr | 1 Oct 09:52 2003
Picon
Picon

Re: Running a pipe per user

Stian Grytoyr <stian.grytoyr <at> nr.no> writes:

|  If you pipe an email to it, the following command would
|  return a spam score on stdout, which would be specific to
|  the $local_part in question:
|
|    spamprobe -c -d /tmp/spamscores/$local_part receive
|
|  So I need to find a way to get this spam score added as a
|  header, before the spam router above is checked, or maybe
|  as an "action" in the same router, before the condition is
|  checked. Ideally, we should run the command only if the
|  opt-out file is not present, like in the above router.

Hmm, was this poorly explained, or should I take the lack of
replies as an indication that this is not currently possible
with Exim?

In the meantime, I've looked at the "run" expansion command,
but the problem is that I can't pipe the message to the run
command, and without a message to work on, SpamProbe isn't
very useful :)

--
Regards,
Stian Grytoyr

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
(Continue reading)

Nico Erfurth | 1 Oct 10:11 2003
Picon

Re: newbie question - massive rejection emails

Randall Smith wrote:

> I'm getting 100's of email each day that look like this.
>
>
> '''
> Message from rocketmail.com
>
>
>
> Undeliverable message to ldaeqlnc <at> rocketmail.com
>
>
> Message follows:
> '''
>
> These are sent to my personal account.  What is all this?

Looks like a spammer trying running a dictionary attack agains rocketmail.

Your best bet is to write a small filter, or DATA-ACL condition, and
filter them out, you can also try to bounce them, but this will generate
double bounces on their end, so their server will MAYBE retry the
message over and over again, until it timeouts.

Check for an empty sender, your own address as recipient, and some other
characteristics (maybe ''' and rocketmail.com in $message_body).

Or you try to reach their support and ask for help.

(Continue reading)

Russell King | 1 Oct 10:41 2003
Picon

Re: SPA Authentication

On Tue, Sep 30, 2003 at 07:43:33PM -0400, Dennis Skinner wrote:
> 23:14:44  8150 SMTP>> 535 Incorrect authentication data
> 23:14:44  8150 LOG: MAIN REJECT
> 23:14:44  8150   spa authenticator failed for (apu) [205.232.78.57]: 535
> Incorrect authentication data
>
> Not sure where to go with this.  It seems that the challenge-response
> failed since there is no attempt to lookup even a blank key.  I noticed
> Evolution puts part of the challenge-response on the same line as AUTH
> NTLM, but windows does not.  Not sure if that has any significance.
>
> I think I saw that Philip was going to play with the auth code back in
> August.  Not sure if this is the same issue or a new bug.  I am using
> Exim 4.24/Exiscan-4.24/RedHat 9.

That was to fix a different bug.  There seems to be something going on
which causes windows not to authenticate with exim - windows receives
the challenge, but doesn't send the username/crypted password in the
response.  Your problem pre-dates the above bug fix.

--
Russell King (rmk <at> arm.linux.org.uk)	http://www.arm.linux.org.uk/personal/
      Linux kernel    2.6 ARM Linux   - http://www.arm.linux.org.uk/
      maintainer of:  2.6 PCMCIA      - http://pcmcia.arm.linux.org.uk/
                      2.6 Serial core

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
(Continue reading)

Jan Johansson | 1 Oct 11:02 2003
Picon

RE: Routers and prefix?

>Exim 4.21 (bad luck!) has a new option called rcpt_include_affixes as a
>generic transport option; it puts the affixes back at transport time.
>
>Otherwise, you have to do it without making use of local_part_prefix.
It
>can usually be done, but more clumsily.

I spoke to soon, I seem to be running out of time to upgrade
exim/exiscan. Can someone shed light on how I could do this without
using prefixes?

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##

Adam D. Barratt | 1 Oct 11:04 2003
Picon

Flat-file wildcard lookup in an ACL condition

Hi,

I'm trying to do something that at first glance looks like it should be
simple enough, but having great difficulty making it work in the manner
desired. Please forgive me if I'm missing something obvious; it's been a
long couple of weeks. :-)

We have a file (/etc/exim4/blocked/domains) which contains entries such as:

  domain1
  *.domain1
  domain2
  *.domain2

and is used as part of a `senders' clause in the RCPT ACL. That part works
fine. I'm trying to extend this to add a log warning if the connecting
host's HELO matches any entry in the file. As there isn't a `helos' clause
(that would just be too easy :>), I'm trying to fashion something using a
`condition' clause.

A ${lookup won't work, as the file doesn't contain keys with data. The most
successful solution I've found so far was a combination of ${match and
${readfile (matching `.*${sender_helo_name}:.*' in the result of
${readfile{/etc/exim4/blocked/domains}{:}}), which works fine for the
standard `domain1' entry, but obviously won't match `*.domain1'.

Before I give up on the idea, does anyone have any suggestions as to how I
might achieve this?

(Yes, I know thou must not block on HELO, hence it being a `warn').
(Continue reading)

Philip Hazel | 1 Oct 11:10 2003
Picon
Picon

Re: local_scan crash

On Tue, 30 Sep 2003, Jim Pazarena wrote:

> Is there a way to have exim "accept" an email which may have crashed
> within local_scan?

No.

> if not, could this be added to the wish list?

Yes, but it may not be as easy to implement as it sounds. You are never
quite sure of the state of the environment after a crash. And consider
situations where the local_scan() function was in the middle of updating
the recipients list, and the crash leaves it in an inconsistent state.
Or even a state where Exim will also crash if it tries to access it. I
suppose a copy could be kept before calling local_scan(), but since
local_scan() runs as part of the Exim process, and can therefore fiddle
with the memory in random ways, I'm not sure that this is actually a
very good idea.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
(Continue reading)

Philip Hazel | 1 Oct 11:13 2003
Picon
Picon

Re: SPA Authentication

On Tue, 30 Sep 2003, Dennis Skinner wrote:

> Having some fun setting up SPA authentication in exim.  Here is what I
> have in the authentcators section:

There was an earlier SPA problem that Tom Kistner said he would look at
when he got back from vacation. (Tom provided the server code for SPA.)
Since I have no Windows machines (and have never used Windows, so have
no experience of them either), I can't run appropriate tests.

Hopefully Tom will notice this report too. Are you there, Tom?

--
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##


Gmane