> I'd be very grateful for some help.
>
> I'm running exim4.22 on linux, debian testing. The host is working as a
> passthrough host protecting an NT4 box running Exchange.
>
> Exim4 is doing a great job of killing spam and rejecting unwanted email
> for our office. It is also configured to keep a copy of all incoming and
> outgoing email. However there are some issues I can't get to the bottom
> of, despite peering unproductively at the exim4 book.
>
> We send and receive about 32000 emails a month (after splitting all the
> mails to each sender, etc). Perhaps this amounts to something like a
> total of 32000/4 ~ 8000 emails a month, for an office of about 80
> people.
>
> EXIM total reject/filter results Tue Jan 20 00:00:05 2004
> ---------------------------------------------------------
>
> Stats for the last 10 days:
>
> SPAM REJECT : spam score reject 1002
> SPAM FILTER : spam filtered 169
> RBL : realtime blacklist 141
> SIZE : oversize email 29
> DEMIME : com:vbs:bat:pif:scr:exe attachment 12
> MALWARE : virus found 0
>
> The problems:
>
> 1. "Unrouteable address"
> ------------------------
>
> I have, in the last 2 days, started to see "Unrouteable address"
> messages that quickly bounce mail emanating from our network back
> to the sender.
> Queries: a. I just don't know where 'dip.t-dialin.net' comes from!
> b. Does 'Unrouteable' here mean there is no route
> configured, or that something like a DNS error occurred?
>
> 2004-01-21 15:59:35 1AjKlT-0000nI-VE no IP address found for host dip.t-dialin.net
> 2004-01-21 15:59:37 1AjKlT-0000nI-VE <= user.f@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2086
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE ** sender.m@??? <sender.m@???>: Unrouteable address
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE => sender.m <sender.m@???> R=shadow_all T=shadow_delivery
> 2004-01-21 15:59:58 1AjKlq-0000nR-EQ <= <> R=1AjKlT-0000nI-VE U=mail P=local S=2897
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE Completed
>
> 2004-01-21 17:29:01 1AjMA1-0001Da-NH no IP address found for host dip.t-dialin.net
> 2004-01-21 17:29:02 1AjMA1-0001Da-NH <= user2.r@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2671
> 2004-01-21 17:29:10 1AjMA1-0001Da-NH ** sender.2@??? <sender.2@???>: Unrouteable address
> 2004-01-21 17:29:10 1AjMA1-0001Da-NH => sender.2 <sender.2@???> R=shadow_all T=shadow_delivery
> 2004-01-21 17:29:11 1AjMAA-0001Dj-W1 <= <> R=1AjMA1-0001Da-NH U=mail P=local S=3501
> 2004-01-21 17:29:11 1AjMA1-0001Da-NH Completed
>
> 2. Blocking blacklisted hosts
> -----------------------------
>
> My attempts to set up a local host blacklist doesn't seem to work. Do
> I need an lsearch statement in the conditional statement?
>
> deny message = sender IP address $sender_host_address is locally blacklisted \
> here. If you think this is wrong, get in touch with postmaster
> !acl = acl_whitelist_local_deny
> hosts = ${if exists{CONFDIR/local_host_blacklist}\
> {CONFDIR/local_host_blacklist}\
> {}}
> log_message = "BLACKLIST: $sender_fullhost"
>
> And local_host_blacklist contains entries like:
>
> 217.205.170.210
> 61.241.148.11
> *.attbi.com
> *.cable.mindspring.com
> mail.ru
>
> --------------------------------------------------------------------------
> # exim4 -bV
> Exim version 4.22 #1 built 19-Sep-2003 14:48:39
> Copyright (c) University of Cambridge 2003
> Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (June 16, 2003)
> Support for: iconv() IPv6 PAM Perl GnuTLS
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Contains exiscan-acl patch revision 12 (c) Tom Kistner [http://duncanthrax.net/exiscan/]
> Configuration file is /var/lib/exim4/config.autogenerated
>
> --------------------------------------------------------------------------
> Configuration file: (distilled from autogenerated file)
>
> exim_path = /usr/sbin/exim4
> CONFDIR = /etc/exim4
> MESSAGE_SIZE_LIMIT = 5M
>
> .ifdef DC_minimaldns
> primary_hostname = mail.mydomain.co.uk
> .else
> .endif
>
> domainlist local_domains = @:mail.mydomain.co.uk:localhost:mydomain.co.uk:mydomain.com
> domainlist relay_to_domains = mydomain.co.uk:10.0.0.*:mydomain.com:localhost:127.0.0.1
> hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 10.0.0.1:10.0.0.3:10.0.0.24
> qualify_domain = mail.mydomain.co.uk
>
> DCreadhost =
> DCsmarthost =
> local_interfaces = 10.0.0.23:127.0.0.1
>
> LOCAL_DELIVERY=mail_spool
>
> gecos_pattern = ^([^,:]*)
> gecos_name = $1
>
> DCconfig_internet = 1
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
>
> .ifndef DC_minimaldns
> host_lookup = *
> .endif
>
> rfc1413_hosts = *
> rfc1413_query_timeout = 30s
>
> ignore_bounce_errors_after = 3d
> timeout_frozen_after = 14d
> freeze_tell = postmaster
> trusted_users = uucp
> never_users = root
> av_scanner = clamd:/var/run/clamd.ctl
> helo_allow_chars = _
>
> smtp_accept_queue_per_connection = 100
>
> ###################################### ACL ######################################
>
> begin acl
>
> acl_whitelist_local_deny:
> accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
> {CONFDIR/local_host_whitelist}\
> {}}
> accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
> {CONFDIR/local_sender_whitelist}\
> {}}
>
> acl_check_rcpt:
> accept hosts = :
>
> deny local_parts = ^.*[@%!/|] : ^\\.
>
> accept local_parts = postmaster
> domains = +local_domains
>
> deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
> !acl = acl_whitelist_local_deny
> senders = ${if exists{CONFDIR/local_sender_blacklist}\
> {CONFDIR/local_sender_blacklist}\
> {}}
>
> deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
> !acl = acl_whitelist_local_deny
> hosts = ${if exists{CONFDIR/local_host_blacklist}\
> {CONFDIR/local_host_blacklist}\
> {}}
>
> accept domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
>
> accept domains = +relay_to_domains
> endpass
> message = unrouteable address
> verify = recipient
>
> accept hosts = +relay_from_hosts
>
> accept authenticated = *
>
> deny message = relay not permitted
>
> acl_check_data:
>
> deny message = sender IP address $sender_host_address is locally blacklisted \
> here. If you think this is wrong, get in touch with postmaster
> !acl = acl_whitelist_local_deny
> hosts = ${if exists{CONFDIR/local_host_blacklist}\
> {CONFDIR/local_host_blacklist}\
> {}}
> log_message = "BLACKLIST: $sender_fullhost"
>
> deny message = No verifiable sender address in message headers
> !acl = acl_whitelist_local_deny
> !verify = header_sender
>
> deny message = "\n\
> Message size $message_size is larger than limit of MESSAGE_SIZE_LIMIT\n\
> Please compress your attachments in a zip file or divide your\n\
> email into a number of smaller emails.\n\
> Please contact the Hopkins IT department (it@???)\n\
> for further information.\n\
> "
> condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{yes}{no}}
> log_message = "SIZE: $message_size"
>
> deny message = $sender_host_address is in a black list at \
> $dnslist_domain"
> log_message = "RBL: $dnslist_domain"
> dnslists = relays.ordb.org : sbl.spamhaus.org
>
> deny message = X-deny-message: $found_extension files are not accepted.
> demime = com:vbs:bat:pif:scr:exe
> log_message = "DEMIME: $found_extension"
>
> deny message = X-malware-message: This message contains malware ($malware_name)
> demime = *
> malware = *
> log_message = "MALWARE: $malware_name"
>
> deny message = Spam score too high ($spam_score)
> condition = ${if <{$message_size}{80k}{1}{0}}
> spam = mail:true
> condition = ${if >{$spam_score_int}{60}{1}{0}}
> log_message = "SPAM REJECT: $spam_score_int"
>
> warn message = X-Redirect-To: spam@???
> condition = ${if <{$message_size}{80k}{1}{0}}
> spam = mail:true
> condition = ${if >{$spam_score_int}{25}{1}{0}}
> log_message = "SPAM FILTER: $spam_score_int"
>
> accept
>
> ################################### ROUTERS #####################################
>
> begin routers
>
> .ifdef DCconfig_internet
>
> scan_redirect:
> driver = redirect
> domains = mydomain.co.uk
> condition = ${if def:h_X-Redirect-To: {1}{0}}
> headers_add = X-Original-Recipient: $local_part@$domain
> data = $h_X-Redirect-To:
> headers_remove = X-Redirect-To
> redirect_router = accept_relay_for_mydomain
>
> shadow_all:
> driver = accept
> transport = shadow_delivery
> unseen
>
> accept_relay_for_mydomain:
> driver = accept
> domains = mydomain.co.uk
> transport = local_smtp_mydomain
> no_more
>
> dnslookup_relay_to_domains:
> driver = dnslookup
> domains = ! +local_domains : +relay_to_domains
> transport = remote_smtp
> same_domain_copy_routing = yes
> no_more
>
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> same_domain_copy_routing = yes
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
> 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
> no_more
>
> .endif
>
> real_local:
> debug_print = "R: real_local for $local_part@$domain"
> driver = accept
> local_part_prefix = real-
> check_local_user
> transport = LOCAL_DELIVERY
>
> system_aliases:
> debug_print = "R: system_aliases for $local_part@$domain"
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
>
> userforward:
> debug_print = "R: userforward for $local_part@$domain"
> driver = redirect
> check_local_user
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> allow_filter
> directory_transport = address_directory
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> skip_syntax_errors
> syntax_errors_to = real-$local_part@$domain
> syntax_errors_text = \
> This is an automatically generated message. An error has\n\
> been found in your .forward file. Details of the error are\n\
> reported below. While this error persists, you will receive\n\
> a copy of this message for every message that is addressed\n\
> to you. If your .forward file is a filter file, or if it is\n\
> a non-filter file containing no valid forwarding addresses,\n\
> a copy of each incoming message will be put in your normal\n\
> mailbox. If a non-filter file contains at least one valid\n\
> forwarding address, forwarding to the valid addresses will\n\
> happen, and those will be the only deliveries that occur.
>
> procmail:
> debug_print = "R: procmail for $local_part@$domain"
> driver = accept
> check_local_user
> transport = procmail_pipe
> require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
> no_verify
> no_expn
>
> maildrop:
> debug_print = "R: maildrop for $local_part@$domain"
> driver = accept
> check_local_user
> transport = maildrop_pipe
> require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
> no_verify
> no_expn
>
> local_user:
> debug_print = "R: local_user for $local_part@$domain"
> driver = accept
> check_local_user
> local_parts = ! root
> transport = LOCAL_DELIVERY
>
> mail4root:
> debug_print = "R: mail4root for $local_part@$domain"
> driver = redirect
> data = /var/mail/mail
> file_transport = address_file
> local_parts = root
> user = mail
> group = mail
>
> begin transports
>
> address_file:
> debug_print = "T: address_file for $local_part@$domain"
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
>
> address_pipe:
> debug_print = "T: address_pipe for $local_part@$domain"
> driver = pipe
> return_fail_output
>
> address_reply:
> debug_print = "T: autoreply for $local_part@$domain"
> driver = autoreply
>
> mail_spool:
> debug_print = "T: appendfile for $local_part@$domain"
> driver = appendfile
> file = /var/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
> group = mail
> mode = 0660
> mode_fail_narrower = false
>
> maildir_home:
> debug_print = "T: maildir_home for $local_part@$domain"
> driver = appendfile
> directory = $home/Maildir
> delivery_date_add
> envelope_to_add
> return_path_add
> maildir_format
> mode = 0600
> mode_fail_narrower = false
>
> maildrop_pipe:
> debug_print = "T: maildrop_pipe for $local_part@$domain"
> driver = pipe
> path = "/bin:/usr/bin:/usr/local/bin"
> command = "/usr/bin/maildrop"
> return_path_add
> delivery_date_add
> envelope_to_add
>
> procmail_pipe:
> debug_print = "T: procmail_pipe for $local_part@$domain"
> driver = pipe
> path = "/bin:/usr/bin:/usr/local/bin"
> command = "/usr/bin/procmail"
> return_path_add
> delivery_date_add
> envelope_to_add
>
> local_smtp_mydomain:
> debug_print = "T: smtp for mydomain for $local_part@$domain"
> driver = smtp
> hosts = 10.0.0.24
> hosts_override
>
> remote_smtp:
> debug_print = "T: remote_smtp for $local_part@$domain"
> driver = smtp
>
> address_directory:
> debug_print = "T: address_directory for $local_part@$domain"
> driver = appendfile
> envelope_to_add = true
> return_path_add = true
> check_string = ""
> escape_string = ""
> maildir_format
>
> shadow_delivery:
> debug_print = "T: shadow_dleivery"
> driver = appendfile
> group = mail
> user = mail
> mode = 0660
> envelope_to_add = true
> directory=/home/mailbackup
> maildir_format
>
> begin retry
>
> * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
>
> begin rewrite
>
> *@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
> {$value}fail} Ffrs
>
> *@+local_domains "${if exists {CONFDIR/email-addresses}\
> {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
> {$value}fail}}fail}" Ffrs
>
> .ifdef DCconfig_satellite
> *@+local_domains ${local_part}@DCreadhost Ffr
> .endif
>
> begin authenticators
>
> cram_md5:
> driver = cram_md5
> public_name = CRAM-MD5
> client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
> client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
>
> plain:
> driver = plaintext
> public_name = PLAIN
> client_send = "${if !eq{$tls_cipher}{}{\
> ^${extract{1}{::}\
> {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
> ^${extract{2}{::}\
> {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
> }fail}"
>
> login:
> driver = plaintext
> public_name = LOGIN
> client_send = "${if !eq{$tls_cipher}{}{}fail}\
> : ${extract{1}{::}\
> {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
> : ${extract{2}{::}\
> {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
>
> --
> Rory Campbell-Lange
> <rory@???>
> <www.campbell-lange.net>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
