Chris Jensen | 1 Dec 04:11 2005
Picon

(no subject)

Hi,
I'm trying to implement an exim filter to perform quarantining and
notification for malware and dangerous attachments.
However, I wish to make the notification conditional based on if the
sender was an internal or external IP. eg If a virus is received from
an internal IP, notify the administrator, notify the sender if they're
internal and have sent a banned attachment file type.
Am I going about this the right way?
I can't figure out how to successfully identify internal sender IP's
from within a filter, I was hoping for something along the lines of

# Set n1 to 1 if this is a local message
if ${match_address{$sender_host_address}{$relay_from_hosts}} is 1
  then
    add 1 to n1
endif

But that doesn't work. I've googled and searched the archive and seen
questions about this, but no answers that have helped me.

Thanks for any help
Chris

--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

David S. Madole | 1 Dec 04:22 2005
Picon

Re: (no subject)

From: "Chris Jensen" <cjensen <at> gmail.com>
>
> I can't figure out how to successfully identify internal sender IP's
> from within a filter, I was hoping for something along the lines of
>
> # Set n1 to 1 if this is a local message
> if ${match_address{$sender_host_address}{$relay_from_hosts}} is 1
>  then
>    add 1 to n1
> endif

match_address is an expansion conditional, it needs to be used inside of 
an *expansion* if statement, not a *filter* if statement.

Do something like this instead:

if ${if 
match_address{$sender_host_address}{$relay_from_hosts}{true}{false}} is 
true
 then
   add 1 to n1
endif

or you could just

add ${if match_address{$sender_host_address}{$relay_from_hosts}{1}{0}} to 
n1

You need to remember that you are dealing basically with two different 
languages here, the string expansion language and the filter language. 
(Continue reading)

Chris Jensen | 1 Dec 05:42 2005
Picon

Fwd: detecting local IP in exim filter

Thanks (sorry, forgot to reply all so it never went to the list)

---------- Forwarded message ----------
From: David S. Madole <david <at> madole.net>
Date: Dec 1, 2005 3:29 PM
Subject: Re: [exim] detecting local IP in exim filter
To: Chris Jensen <cjensen <at> gmail.com>

Sorry, you need to quote the expansions since they contain a space.

Yes, you can use any expansions in filters. Any place a filter takes a
string argument, you can use expansion items in that string. Just be sure
to quote them if they contain spaces. Also, any quoted strings need to
have backslashes in them doubled.

David

----- Original Message -----
From: "Chris Jensen" <cjensen <at> gmail.com>
To: "David S. Madole" <david <at> madole.net>
Sent: Wednesday, November 30, 2005 11:25 PM
Subject: Re: [exim] detecting local IP in exim filter

> match_address is an expansion conditional, it needs to be used inside
> of
> an *expansion* if statement, not a *filter* if statement.
>
> Do something like this instead:
>
> if ${if
(Continue reading)

Chris Jensen | 1 Dec 06:30 2005
Picon

Re: detecting local IP in exim filter

> Sorry, you need to quote the expansions since they contain a space.

Ok, I now have
add "${if match_address{$sender_host_address}{+relay_from_hosts}{1}{0}}" to n1

Which results in
unknown named address list "+relay_from_hosts"

I've also tried $relay_from_hosts
which gives
unknown variable name "relay_from_hosts"

relay_from_hosts is defined in the config by
hostlist   relay_from_hosts = 127.0.0.1

--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

David S. Madole | 1 Dec 06:46 2005
Picon

Re: detecting local IP in exim filter

From: "Chris Jensen" <cjensen <at> gmail.com>
>
> Ok, I now have
> add "${if 
> match_address{$sender_host_address}{+relay_from_hosts}{1}{0}}" to n1
>
> Which results in
> unknown named address list "+relay_from_hosts"
>
> I've also tried $relay_from_hosts
> which gives
> unknown variable name "relay_from_hosts"
>
> relay_from_hosts is defined in the config by
> hostlist   relay_from_hosts = 127.0.0.1

Well, yes, I suppose that now we are through the syntax errors, the whole 
thing you are trying to do just doesn't make sense anyway. I wasn't 
really looking that deep.

Your problem is that match_address matches email addresses, not host 
addresses. As such, it takes an address list, not a host list.

What is it you are trying to accomplish again?

Probably you would be better off checking the sending host address 
against your address list in the HELO or MAIL ACL and setting an ACL 
variable, then referencing that in your filter.

David
(Continue reading)

Andrew Johnson | 1 Dec 09:32 2005
Picon

Number of Exim Queue runners

If you had around 100,000 emails in your queue to deliver, what would be a
reasonable number of queue runners to have running to process them in a
"reasonable time" without causing locking issues with the retry databases &
queue etc.

I'm just wondering what the break even point was before running more queue
runners would be detrimental to processing the queue.

-Andy-
--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Craig Schneider | 1 Dec 09:45 2005
Picon

ACL woes

Hi Guys

I'm having some problems with my ACL's.

I'm trying to have user not in a flat text file to have the following
errors returned. Not sure if there is something wrong with my logic.

Any help would be appreciated.

c

Exim4.conf extract:
----------------------

acl_check_content:

#  deny message   = External email to this user is prohibited
#       condition =
${lookup{$recipients}lsearch{/etc/mail/no_external}{0}{1}}
#       !senders  = * <at> internal-domain1.com : * <at> internal-domain2.com

#  deny message     = You are prohibited to send external mail
#       condition   =
${lookup{$sender_address}lsearch{/etc/mail/no_external}{0}{1}}
#       !recipients = * <at> internal-domain1.com : * <at> internal-domain2.com

/etc/mail/no_external extract:
----------------------------------

priveledgeuser <at> internal-domain1.com
(Continue reading)

Philip Hazel | 1 Dec 10:23 2005
Picon
Picon

Re: Exim4 & QueryProgram

On Wed, 30 Nov 2005, Marco wrote:

> Why with:
> exim4 -oMr spam-scanned -d -bt root <at> domain.it Exim4 work correctly:

Exim is running as root when it runs the routers.

> and with: exim4 -bh IP Exim4 don't work:

Exim is running as "exim" when it runs the routers. This, I suspect, is 
the difference.

> --------> maildir_overquota2 router <--------
> local_part=root domain=domain.it
> calling maildir_overquota2 router
> maildir_overquota2 router called for root <at> domain.it: domain = domain.it
> uid=8 gid=8 current_directory=/
  ^^^^^^^^^^^
This is misleading debug output. It is giving the values specified for
the router, but in this case they will not actually be set, because Exim 
is not running as root. I have made a note to improve this if I can.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10 <at> cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book

--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
(Continue reading)

Marten Lehmann | 1 Dec 10:41 2005
Picon

Re: limiting messages send by certain users?

Hello,

> What I do is check the the number of recipients per message, and 
> reject if it is over a very small number (3).  The idea is that web-
> form email is only intended to be sent to one or two recipients (e.g. 
> "submit this support question, and send me a copy").

what are you doing with the refused mails? Users are injecting them by 
calling /usr/sbin/sendmail and thus they won't get an error if exim 
refuses to handle them later. So emails might get lost. And there surely 
are some shop operators that are sending newsletters to their customers 
by putting all the recipients as blind copies in it. Such messages would 
get lost, too. I could store an email-address to each linux-account that 
may send email, but I guess exim isn't able to put the requested message 
as attachment and send it as a violation notice to this email-address if 
there are too many recipients.

Regards
Marten

--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Michael Haardt | 1 Dec 11:49 2005
Picon

Re: Number of Exim Queue runners

On Thu, Dec 01, 2005 at 08:32:33AM -0000, Andrew Johnson wrote:
> If you had around 100,000 emails in your queue to deliver, what would be a
> reasonable number of queue runners to have running to process them in a
> "reasonable time" without causing locking issues with the retry databases &
> queue etc.
>  
> I'm just wondering what the break even point was before running more queue
> runners would be detrimental to processing the queue.

I had that problem before as well.  Here is my solution:

http://www.mail-archive.com/exim-users <at> exim.org/msg01683.html

Michael

--

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/


Gmane