Hi all.
I've searched the docs and the rest of the Internet for some insights
into this issue, but so far no answers have come to light. A sender
from wamu.net is being bounced by my system, which is very annoying to
the folks eagerly wanting to correspond with him. Here's the error
message I see in exim_main.log:
2008-11-17 10:18:44 unexpected disconnection while reading SMTP
command from mtav141.wamu.net (wamu.net) [167.88.162.70] (error:
Operation timed out)
The people hosted on my box can send email to this guy, but we can't
seem to receive his replies.
My research shows that others who've experienced the problem set
smtp_receive_timeout from five minutes to ten. I didn't have that line
in my Exim configuration file at all, so on the off chance it might
help, I added it just above the message_size_limit line, like this:
smtp_receive_timeout = 10m. I also commented out the rfc1413 lines,
and just for thoroughness, I commented out the reverse DNS lookup
warning, all to no avail.
The box trying to send to us, mtav141.wamu.net [167.88.162.70] doesn't
have proper rDNS, but it's important that we receive mail from these
people, despite their poorly-configured mail server(s).
I'm in digest mode, so please contact me directly. All suggestions are
welcome!
For the record, here's our current Exim configure file:
# $captainnet: /usr/local/exim/configure, 2007/3/24 maxo Exp $
##################################################################################
#
CAPTAINNET.NET #
# Exim
4.69 #
# /usr/local/exim/bin/exim -bd -
q30m #
##################################################################################
# Runtime configuration file for
Exim #
##################################################################################
# MAIN CONFIGURATION
SETTINGS #
##################################################################################
SERVER_IP = 209.209.81.138
primary_hostname = gdc.groupd.com
hide mysql_servers = localhost::(/var/mysql/mysql.sock)/db name
removed/user name removed/password removed
#---------------------------------------------------------------------------------
VIRTUAL_DOMAINS = SELECT DISTINCT domain FROM domains \
WHERE type = 'local' AND enabled = '1' \
AND domain = '${quote_mysql:$domain}'
RELAY_DOMAINS = SELECT DISTINCT domain FROM domains \
WHERE type = 'relay' \
AND domain = '${quote_mysql:$domain}'
ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias \
WHERE alias = '${quote_mysql:$domain}'
#---------------------------------------------------------------------------------
hostlist listen_ip = SERVER_IP
domainlist local_domains = @ : \
${lookup mysql{VIRTUAL_DOMAINS}} : \
${lookup mysql{ALIAS_DOMAINS}}
domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}}
hostlist relay_from_hosts = localhost : \
127.0.0.1 : \
gdc.groupd.com : \
lists.groupd.com : \
lists.artsandmedia.net
#---------------------------------------------------------------------------------
smtp_banner = "$primary_hostname ESMTP Exim $version_number
$tod_full By connecting to this server, you agree to be open relay
tested. NO UCE."
pipelining_advertise_hosts = :
acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data
spamd_address = /tmp/spamd
av_scanner = clamd:/tmp/clamd
#-------------------------------------------------------------------------
# tls_advertise_hosts = *
# tls_certificate = /etc/ssl/exim.crt
# tls_privatekey = /etc/ssl/exim.pem
# tls_on_connect_ports = 465
daemon_smtp_ports = 25 : 465 : 587
#-------------------------------------------------------------------------
#qualify_domain =
#qualify_recipient =
#allow_domain_literals
exim_user = exim
exim_group = staff
never_users = root
trusted_users = courier:www:mailman
# host_lookup = *
#rfc1413_hosts = !*
#rfc1413_query_timeout = 0s
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
# percent_hack_domains =
helo_allow_chars = _
auto_thaw = 1h
ignore_bounce_errors_after = 2d
timeout_frozen_after = 2d
smtp_receive_timeout = 10m
message_size_limit = 100M
#MESSAGE_SIZE_SPAM_MAX = 1M
bounce_return_message = false
#return_size_limit = 50K
smtp_enforce_sync = false
smtp_return_error_details = true
smtp_accept_max = 400
smtp_accept_max_per_connection = 20
smtp_accept_max_per_host = 100
smtp_accept_queue = 75
smtp_accept_queue_per_connection = 400
smtp_accept_reserve = 20
smtp_reserve_hosts = SERVER_IP : 127.0.0.1
smtp_accept_max_nonmail = 10
smtp_accept_max_nonmail_hosts = 10
queue_run_max = 400
system_filter = /usr/local/exim/system_filter.exim
system_filter_file_transport = sort_delivery
#split_spool_directory = true
#helo_try_verify_hosts = *
#log_selector = +all
MAILMAN_HOME=/usr/share/mailman
MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
MAILMAN_USER=mailman
MAILMAN_GROUP=mailman
##################################################################################
# ACL
CONFIGURATION #
# Specifies access control lists for incoming SMTP
mail #
##################################################################################
begin acl
#---------------------------------------------------------------------------------
acl_check_helo:
accept hosts = :
accept hosts = SERVER_IP : +relay_from_hosts
drop condition = ${if match{$sender_helo_name}{SERVER_IP}{yes}{no} }
message = "Dropped spammer pretending to be us"
deny condition = ${if isip {$sender_helo_name}{true}{false}}
message = "IP address in HELO greeting"
# The following lines were commented out to allow sloppy mobile
devices to relay through us. Change made 04/11/2008 by Ted <ted@???
>
# deny condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$
\N}}
# message = "See RFC2821 section 4.1.2 for legal domain syntax"
# log_message = invalid HELO syntax 1 $sender_helo_name
# Commented out to try to solve the rDNS issue of a wamu.net mail
server 11/17/2008 by Ted <ted@???>
# warn !verify = reverse_host_lookup
# log_message = No reverse DNS record for ${sender_host_address} \
# (claimed to be ${sender_helo_name}).
# control = no_pipelining
accept
#---------------------------------------------------------------------------------
acl_check_rcpt:
accept hosts = : 127.0.0.1
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = Connection denied for $sender_address
senders = lsearch;/usr/local/exim/bouncelist
deny hosts = net-iplsearch;/usr/local/exim/reject-
hosts.txt
message = Connection Denied for $sender_host_address
accept local_parts = postmaster
domains = +local_domains
# require verify = sender
# require verify = recipient
accept hosts = +relay_from_hosts
# control = submission
accept authenticated = *
# control = submission
require message = authentication required - relay not permitted
domains = +local_domains : +relay_to_domains
#---------------------------------------------------------------------------------
# Uncomment the following if you want to check against RBL
#---------------------------------------------------------------------------------
deny message = DNSBL listed at $dnslist_domain\n
$dnslist_text
!sender_domains = lsearch;/usr/local/exim/domain_whitelist
dnslists = zen.spamhaus.org : \
bl.spamcop.net : \
combined.njabl.org : \
# dnsbl.ahbl.org : \
# dnsbl.sorbs.net : \
# spam.dnsbl.sorbs.net : \
russia.blackholes.us : \
cn-kr.blackholes.us : \
nigeria.blackholes.us : \
short.rbl.jp
#---------------------------------------------------------------------------------
accept domains = +local_domains
endpass
verify = recipient
set acl_m0 = $local_part@$domain
#require verify = csa
accept
#---------------------------------------------------------------------------------
acl_check_mime:
deny message = File type unacceptable (filename:
$mime_filename)
condition = ${lookup{${lc:${sg{$mime_filename}{^.+\\.
([a-zA-Z0-9]+)\$}{\$1}}}} \
lsearch{/usr/local/exim/
rejected_file_type}{yes}{no}}
accept
#---------------------------------------------------------------------------------
acl_check_data:
# Hosts and authenticated clients listed here will not be scanned
by SA & ClamAV
accept hosts = +relay_from_hosts : \
groupd.com : lh-sf.com : SERVER_IP
accept authenticated = *
# Reject virus infested messages.
deny malware = *
message = This message contains malware ($malware_name)
# Reject messages containing certain words...
deny message = This message matches a blacklisted regular
expression \
($regex_match_string)
regex = Rolex : Pharmacy : Viagra : Cialis
# SpamAssassain settings are set on a per domain basis.
warn message = X-Spam-Status: $spam_report\n\
X-New-Subject: [***POSSIBLE SPAM***]
$h_subject:
condition = ${if <{$message_size}{100000}{1}{0}}
!authenticated = *
spam = $acl_m0:true/defer_ok
#-------------------------------------------------------------------------
# Reject spam messages with score over 10, using an extra condition.
#-------------------------------------------------------------------------
# deny message = This message scored $spam_score points.
# spam = nobody:true
# condition = ${if >{$spam_score_int}{100}{1}{0}}
#-------------------------------------------------------------------------
#-------------------------------------------------------------------------
# Reject spam messages with score over 8.0, using an extra condition.
#-------------------------------------------------------------------------
# deny message = This message scored $spam_score points.
Congratulations! \
# If you're a real person, and you think you
were screened \
# in error, please contact abuse at groupd
dot com.
# spam = nobody:true
# condition = ${if >{$spam_score_int}{80}{1}{0}}
#-------------------------------------------------------------------------
# Stamp each message about virus scan time and version.
warn message = :after_received:X-Virus-Check: \
${run{/usr/local/clamav/sbin/clamd --version}\
{${extract{1}{/}{$value}}/${extract{2}{/}{$value}}}\
{unchecked}} on $primary_hostname; $tod_full
accept
##################################################################################
# ROUTERS
CONFIGURATION #
# Specifies how addresses are
handled #
##################################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS
IMPORTANT! #
# An address is passed to each router in turn until it is
accepted. #
##################################################################################
begin routers
#---------------------------------------------------------------------------------
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
#---------------------------------------------------------------------------------
mailman_router:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : \
-confirm+* : -join : -leave : \
-owner : -request : -admin
transport = mailman_transport
#---------------------------------------------------------------------------------
mysql_vacation:
driver = accept
condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk|
list}} \
{eq {${lookup mysql{select users.on_vacation
from users,domains \
where localpart = '${quote_mysql:
$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_vacation = '1' \
and users.domain_id=domains.domain_id}}}
{1} }} {yes}{no} }
no_verify
no_expn
unseen
transport = virtual_vacation_delivery
#---------------------------------------------------------------------------------
mysql_forward:
driver = redirect
check_ancestor
data = ${lookup mysql{select forward from users,domains \
where localpart='${quote_mysql:$local_part}' \
and domain='${quote_mysql:$domain}' \
and users.domain_id=domains.domain_id \
and on_forward = '1'}}
# We explicitly make this condition NOT forward mailing list mail!
# condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk|
list}} \
# {eq {${lookup mysql{select users.on_forward
from users,domains \
# where localpart = '${quote_mysql:
$local_part}' \
# and domain = '${quote_mysql:$domain}' \
# and users.on_forward = '1' \
# and users.domain_id=domains.domain_id}}}
{1} }} {yes}{no} }
#---------------------------------------------------------------------------------
mysql_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{select smtp from users,domains \
where localpart='${quote_mysql:$local_part}' \
and domain='${quote_mysql:$domain}' \
and users.domain_id=domains.domain_id \
and users.type='alias'}}
#---------------------------------------------------------------------------------
mysql_user:
driver = accept
condition = ${if eq{} {${lookup mysql {SELECT smtp FROM
users,domains \
WHERE username = '${quote_mysql:$local_part}@${quote_mysql:
$domain}'}}} {no}{yes}}
retry_use_local_part
transport = virtual_delivery
#---------------------------------------------------------------------------------
mysql_catchall:
driver = redirect
allow_fail
data = ${lookup mysql{select smtp from users,domains where
localpart = '*' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
retry_use_local_part
file_transport = virtual_delivery
reply_transport = address_reply
#---------------------------------------------------------------------------------
virtual_domain_alias:
driver = redirect
allow_fail
data = ${lookup mysql{select concat('${quote_mysql:$local_part}@',
domain) \
from domains,domainalias where domainalias.alias = '$
{quote_mysql:$domain}' \
and domainalias.domain_id = domains.domain_id}}
retry_use_local_part
##################################################################################
# TRANSPORTS
CONFIGURATION #
##################################################################################
# ORDER DOES NOT
MATTER #
# Only one appropriate transport is called for each
delivery. #
##################################################################################
begin transports
#---------------------------------------------------------------------------------
remote_smtp:
driver = smtp
#---------------------------------------------------------------------------------
virtual_delivery:
driver = appendfile
maildir_format = true
create_directory = true
directory = ${lookup mysql{select smtp from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
user = 100
group = 100
quota = ${lookup mysql{select users.quota from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}{${value}M}}
quota_is_inclusive = false
quota_size_regex = ,S=(\d+):
quota_warn_threshold = 75%
maildir_use_size_file = false
quota_warn_message = "To: $local_part@$domain\n\
Subject: Mailbox quota warning\n\n\
This message was automatically generated by the mail delivery
software.\n\n\
You are now using over 75% of your allocated mail storage
quota.\n\n\
If your mailbox fills completely, further incoming messages
will be automatically\n\
returned to their senders.\n\n\
Please take note of this and remove unwanted mail , and/or
large attachments, from \n\n\
your mailbox. Alternately, you may contact Group D at (415)
334-8331 to purchase \n\n\
additional mail storage.\n\"
#---------------------------------------------------------------------------------
virtual_vacation_delivery:
driver = autoreply
log = /var/spool/exim/log/exim_vacation.log
once =/var/spool/exim/db/vacation.db
once_repeat = 1d
from = "${local_part}@${domain}"
to = ${sender_address}
subject = "Autoreply from ${local_part}@${domain}"
text = ${lookup mysql{select vacation from users,domains \
where domain='${quote_mysql:$domain}' \
and localpart='${quote_mysql:$local_part}' \
and users.domain_id=domains.domain_id}}
#---------------------------------------------------------------------------------
mailman_transport:
driver = pipe
command = MAILMAN_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = MAILMAN_HOME
home_directory = MAILMAN_HOME
user = MAILMAN_USER
group = MAILMAN_GROUP
#---------------------------------------------------------------------------------
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
#---------------------------------------------------------------------------------
address_reply:
driver = autoreply
##################################################################################
# RETRY
CONFIGURATION #
##################################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
##################################################################################
# REWRITE
CONFIGURATION #
##################################################################################
begin rewrite
##################################################################################
# AUTHENTICATION
CONFIGURATION #
##################################################################################
begin authenticators
plain_login:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT '1' FROM users \
WHERE username = '${quote_mysql:$2}' \
AND clear = '${quote_mysql:$3}'} {yes}{no}}
server_set_id = $2
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{SELECT '1' FROM users \
WHERE username = '${quote_mysql:$1}' \
AND clear = '${quote_mysql:$2}'} {yes}{no}}
server_set_id = $1
fixed_cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT clear FROM users \
WHERE username = '${quote_mysql:$1}'}{$value}fail}
server_set_id = $1
# End of Exim configuration file
Ted Dively
--
Group D Communications, LLC
Technology Consulting: IT, Databases, Web Sites, Hosting
www.groupd.com
415-334-8331 x202
P.O. Box 170697
San Francisco, CA 94117-0697
