headers
Andrei | 1 Sep 2009 07:26
Picon

Debian/exim4/Mailman no outgoing emails

I'm having problems with exim4 and emails going out. The error message
from rejectlog is: 2009-08-31 20:10:42 H=host.org F=<user1 <at> domain.org>
rejected RCPT <test <at> lists.domain.org>: Unrouteable address

In addition to that I can't test SMTP from outside (public) network.
Telnet lists.domain.org 25 times out. However, when I telnet
lists.domain.org 25 from the localhost I get standard SMTP greeting.

Scanning IP address for port 25 (from outside public network) I get this:
PORT    STATE    SERVICE
25/tcp  filtered smtp

However, if I send an email to unknow_user <at> lists.domain.org the email
bounces back to me from lists.domain.org that the user doesn't exit.
If I send an email to *existing* user <at> lists.domain.org email goes in
to a void (mailman never delivers it).

I've been at this for several hours now. Any help is appreciated.

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 5 comments |
headers
eximmail | 1 Sep 2009 09:20

Exim Default with TLS?

I am trying to figure if I have TLS built in to my exim. I have read 
that I have to build with and have read you just add a few lines to your 
config file and all is good. So I have run
 Exim -bv

Exim version 4.69 #1 built 03-Dec-2008 12:54:39
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.5.20: (December  3, 2008)
Support for: crypteq iconv() IPv6 OpenSSL move_frozen_messages 
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb 
dsearch ldap ldapdn ldapm nis nis0 passwd
Authenticators: cram_md5 dovecot plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Size of off_t: 8

Does this mean I do have TLS built in or not?

What I am trying to do is be able to use my server from the outside 
world but not allow anyone with out proper ID to use my server as an relay.
It seems to work within the network but not outside. I have read and 
read the exim docs and tried several brews from the Google searches and 
just keep getting more confused and not getting it to work.

Running Suse 11 with (prebuilt from suse) Exim 4.69 openssl installed.
Thanks for any input on getting this to actually working..

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users
(Continue reading)

Permalink | Reply | 10 comments |
headers
Andrei | 1 Sep 2009 07:34
Picon

Re: Debian/exim4/Mailman no outgoing emails

Forgot to mention that I can send and receive emails from the command
line from the same server.

Arrgh... this is confusing.

On Mon, Aug 31, 2009 at 10:26 PM, Andrei<funactivities <at> gmail.com> wrote:
> I'm having problems with exim4 and emails going out. The error message
> from rejectlog is: 2009-08-31 20:10:42 H=host.org F=<user1 <at> domain.org>
> rejected RCPT <test <at> lists.domain.org>: Unrouteable address
>
> In addition to that I can't test SMTP from outside (public) network.
> Telnet lists.domain.org 25 times out. However, when I telnet
> lists.domain.org 25 from the localhost I get standard SMTP greeting.
>
> Scanning IP address for port 25 (from outside public network) I get this:
> PORT    STATE    SERVICE
> 25/tcp  filtered smtp
>
> However, if I send an email to unknow_user <at> lists.domain.org the email
> bounces back to me from lists.domain.org that the user doesn't exit.
> If I send an email to *existing* user <at> lists.domain.org email goes in
> to a void (mailman never delivers it).
>
> I've been at this for several hours now. Any help is appreciated.
>

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
(Continue reading)

Permalink | Reply | 0 comments |
headers
Chris Wilson | 1 Sep 2009 10:15

Re: Debian/exim4/Mailman no outgoing emails

On Mon, 31 Aug 2009, Andrei wrote:

> In addition to that I can't test SMTP from outside (public) network.
> Telnet lists.domain.org 25 times out. However, when I telnet
> lists.domain.org 25 from the localhost I get standard SMTP greeting.
>
> Scanning IP address for port 25 (from outside public network) I get this:
> PORT    STATE    SERVICE
> 25/tcp  filtered smtp

Presumably this is a problem, i.e. you want the public to be able to post 
to your mailing list. This port being blocked, perhaps by a firewall, will 
prevent that. Network security is pretty much outside the scope of this 
mailing list. Perhaps your network administrator or hosting company/ISP 
can help.

> However, if I send an email to unknow_user <at> lists.domain.org the email
> bounces back to me from lists.domain.org that the user doesn't exit.
> If I send an email to *existing* user <at> lists.domain.org email goes in
> to a void (mailman never delivers it).

How exactly did you link exim to mailman? And what do your logs show when 
you send a message to a valid user at the list?

Cheers, Chris.
--

-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
(Continue reading)

Permalink | Reply | 0 comments |
headers
Chris Wilson | 1 Sep 2009 10:19

Re: Exim Default with TLS?

Hi,

On Tue, 1 Sep 2009, eximmail wrote:

> I am trying to figure if I have TLS built in to my exim. I have read 
> that I have to build with and have read you just add a few lines to your 
> config file and all is good. So I have run Exim -bv

> Support for: crypteq iconv() IPv6 OpenSSL move_frozen_messages
[...]
> Does this mean I do have TLS built in or not?

It appears that you do, because OpenSSL appears on this line.

> What I am trying to do is be able to use my server from the outside 
> world but not allow anyone with out proper ID to use my server as an 
> relay. It seems to work within the network but not outside. I have read 
> and read the exim docs and tried several brews from the Google searches 
> and just keep getting more confused and not getting it to work.

I'm afraid you'll have to describe the problem more carefully
[http://catb.org/~esr/faqs/smart-questions.html].

Cheers, Chris.
--

-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jonathan Gilpin | 1 Sep 2009 13:54
Picon
Favicon

Another Disclaimer Question

Hi,

the std response to adding disclimers in the exim handbook is  
something  like this:

dnslookup:
   driver = dnslookup
   domains = ! +local_domains
   transport = ${if eq {$sender_address_domain}{your.domain}\
                {remote_smtp_filter}{remote_smtp}}
   ignore_target_hosts = 127.0.0.0/8
   no_more
However, this does not help if you want to provide different  
disclaimers for different domain names. For example, in a hosted  
environment.
Does anyone have any suggestions on how to implement this based on  
senders domain?
Would it be possible to have multiple if statements or transports to  
make this happen?

Jonathan

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 4 comments |
headers
Ian Eiloart | 1 Sep 2009 11:31
Picon
Favicon
Gravatar

Re: How to set source IP for callout check?


--On 31 August 2009 21:58:36 +0300 Pavel Gulchouck <gul <at> gul.kiev.ua> wrote:

> On Mon, Aug 31, 2009 at 08:59:32AM +0900, Anthony G. Nickolayev writes:
>
>>> Is it possible to specify source interface for callout check?
>> Be carefull with sender callout verification. Take a look at this
>> http://www.backscatterer.org/?target=sendercallouts
>
> Thank you.
> And what about resolving sender domain? Sending icmp echoreply,
> icmp unreachable? Sending 25/tcp synack? ;-)
> All this things can be used for DDoS-attacks.
> I don't agree with the backscatterer.org point about callout.
>

Me too, but you can do this: check SPF first. If you get a "fail" result, 
then definitely don't do the callout. If you get a "pass" result, then your 
callout is lightweight compared with the mail that's being pushed to your 
system, so the sender shouldn't mind you doing the callout. The benefit of 
using a callout when you get an SPF pass is that you get to test the 
brokenness or otherwise of the sending system (it's broken if they're 
sending mail with a return-path that can't be used to return mail).

For soft fail? It's harder to decide what's right. Not doing the callout 
rewards the sender (who has tried to help you by publishing SPF records). 
Doing the callout encourages move toward use of "-all" records. Given that 
exim caches callout results, I don't think there's much in it either way.

--

--
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pascal Bourdais | 1 Sep 2009 12:29
Picon

Re: problem with condition an lookup

Le Tue, 1 Sep 2009 02:52:16 -0700,
Phil Pennock <exim-users <at> spodhuis.org> a écrit :

> On 2009-08-31 at 09:50 +0200, Pascal Bourdais wrote:

Hello,

Thank you for your answer,

> > exim -bem /tmp/test.eml '${if
> > >    and {
> > >       { { ${lookup ldap
{ldap:///ou=cer5372,dc=infagri,dc=laval?mail?sub?(&(employeeType=actif:1)(mail=pbourdais <at> chez.com))}{true}{false}
} } }
> > >       { ! def:h_X-From71:}
> > >    }
> > > {true}{false}
> > > }'
> > Failed: condition name expected, but found "{ ${lookup ldap " inside
> > "and{...}" condition
> > 
> > 
> > But the result is not what i expected.
> 
> You can't just freely add {...} braces wherever you like.  They have
> structural meaning.
> 
> ${if and{{COND1}{COND2}{COND3}} {true-branch}{false-branch}}
> 
> You have an extra set of braces around your ${lookup...} -- that's what
(Continue reading)

Permalink | Reply | 2 comments |
headers
Christian Schmidt | 1 Sep 2009 11:26
Picon
Favicon

Re: Exim Default with TLS?

eximmail, 01.09.2009 (d.m.y):

> I am trying to figure if I have TLS built in to my exim. 

Just ask your exim binary:
ldd /path/to/your/exim/binary
And look if libssl or libgnutls appears in the output.

Gruss/Regards,
Christian Schmidt

-- 
Q:	Why do WASPs play golf ?
A:	So they can dress like pimps.

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 6 comments |
headers
Heiko Schlittermann | 1 Sep 2009 11:43
Picon

Re: Debian/exim4/Mailman no outgoing emails

Andrei <funactivities <at> gmail.com> (Di 01 Sep 2009 07:26:14 CEST):
> I'm having problems with exim4 and emails going out. The error message
> from rejectlog is: 2009-08-31 20:10:42 H=host.org F=<user1 <at> domain.org>
> rejected RCPT <test <at> lists.domain.org>: Unrouteable address

Probably you've a pretty standard ACL configuration - the message gets
rejected because Exim can't verify the senders address
<test <at> lists.domain.org>. Exim tries to route a message (route ≠
deliver), but fails. May be you get more details trying „exim -v -bv
test <at> lists.domain.org“ or even adding „-d-all+route“ as debug option.

> In addition to that I can't test SMTP from outside (public) network.
> Telnet lists.domain.org 25 times out. However, when I telnet
> lists.domain.org 25 from the localhost I get standard SMTP greeting.

So, exim listens on *:smtp. Double check this with „netstat -atnlp |
grep :25“ (if you do not have Linux, the options might differ a bit).

> 
> Scanning IP address for port 25 (from outside public network) I get this:
> PORT    STATE    SERVICE
> 25/tcp  filtered smtp

As mentioned in a parallel answer: there might be some firewalling
betweeen you and the server. On the mail server itself, check the output
of „iptables -L -n -v“ (if it is Linux, if you have some other OS the
command will be something else)

> However, if I send an email to unknow_user <at> lists.domain.org the email
> bounces back to me from lists.domain.org that the user doesn't exit.
(Continue reading)

Permalink | Reply | 2 comments |

Gmane