Renee wrote:
> So is the general consensus that this is NOT an exim issue?? The alpine
> people aren't very responsive..
>
> In any case, I'm curious to know why it would say it was rejecting the
> off-site recipient... in general exim terms. That is, under what
> circumstances would this error show up in the exim logs regardless of the
> client being used to send? If I could figure that out, maybe I could figure
> out why the message was popping up in the first place despite the fact the
> message gets through.
>
> Renee
The general case would be that the 'submission' of the traffic had occurred:
A) 'into' port 25. Port 25 *can* be configured to accept 'Authenticated'
submission from your own 'permitted' user community, but in this day and
age should NOT be, as more and more alert ISP's are intercepting traffic
from within their broadband/dial-up 'pool' of attached IP's and either
diverting it to (only) their own mail servers ELSE blocking it outright.
That is a cheap and effective means of preventing infected WinBoxen
reaching distant MTA, so one can expect more ISP's to do so over time.
IOW - even if yours is not one that blocks, a user who travels and uses
WiFi, branch office or hotel LAN may encounter such blocking.
Submission *should* be made on port 587, secured with TLS, and accepted
there only from users who 'authenticate' with a permitted UID:Password.
Absent the above, Exim *should* be configured to treat submissions NOT
authenticated as if they were 'foreign' MTA submitting traffic for your
user community. Authentication is impractical and is not reqired.
Unless configured to deny arrivals whose IP fails the criteria expected
of a 'genuine' MTA (PTR RR, not on dynamic IP, HELO/FQDN match, et al)
it will otherwise accept such submission from all-comers.
HOWEVER .... as it is seen to be a 'foreign' source, said traffic is
expected to be destined ONLY for your own community of recipients, and
*should* be denied at acl_smtp_recpt if not so addressed. See recipient
verification.
An off-box address is a destination permitted ONLY to your community of
users, essentially 'relaying' from their desktop MUA to some far
end-point address.
Similar privileges may be granted to defined 'relay_hosts' - with
either/both authentication and/or specific source IP or <domain>.<tld>.
An example might be a server inside a that needs to send only periodic
status reports, does not otherwise deal with 'mail'.
'Relaying' is NOT permitted to casual arrivals that are not / cannot be
'authenticated' as a member of your local user community or approved
relay_host.
If it WERE permitted, the first zombot farm who found your MTA would
drive it to its knees within a few hours with spam / malware traffic,
and you would be blacklisted in short order as an 'open relay'.
B) 'on box' or 'shell' accounts may or may not be considered 'proper'
user community members.
By default they generally work IF their outbound traffic is processed by
calling a local executable, such as 'mail' (indirect) or making a direct
call to the exim binary in 'one shot', not daemon mode.
If, OTOH, they make an smtp 'connection' - especially via port 25, and
do not 'authenticate', they will be seen as 'foreign' and denied
relaying privileges.
Which - if you have read this far - should now sound familiar....
The most likely cause of what you are logging is that you are attempting
to use alpine in that manner.
Not a 'bug' in either Exim or alpine.
Just misconfigured / misused.
Fix that and your problem should go away.
Bill
>
>
> On Tue, Apr 28, 2009 at 2:35 PM, W B Hacker <wbh@???> wrote:
>
>> Renee wrote:
>>> Ok, I was wondering about that, but thought I'd start off with the exim
>>> group just to be on the safe side.
>>>
>>> Thanks.
>> '..safe side' ??
>>
>> Hmmm...
>>
>> Well...
>>
>> Can't really fault your thinking.
>>
>> Broadly applied it keeps Taravid, Klacid, and Viagra makers wealthy, and
>> the population healthier and happier...
>>
>> In this case, a mouseful of Google or Mark One eyeball's worth of alpine
>> man page wudda been faster and cheaper though.... and no less 'fun'..
>>
>> ;-)
>>
>> Bill
>>
>>>
>>> On Tue, Apr 28, 2009 at 1:15 PM, W B Hacker <wbh@???> wrote:
>>>
>>>> Renee wrote:
>>>>> Martin,
>>>>>
>>>>> I'm not sure how your response is supposed to help me....? The mails
>> are
>>>>> getting delivered no problem- the issue is that the error message
>>>> appears-
>>>>> and that it only occurs when I use al/pine. Tests from thunderbird,
>> mac
>>>>> mail, and similar mail clients don't exhibit this behavior, i.e. the
>>>> error
>>>>> message in the mail logs.
>>>>>
>>>>> Renee
>>>> ... *that* is (one way) in which his post should be of value...
>>>>
>>>> You don't seem have an Exim problem per se....
>>>>
>>>> You appear to have an (al)pine problem.
>>>>
>>>> - Given pine / alpine's history of service, it may not even be a bug,
>>>> but rather the way you have configured / are using it.
>>>>
>>>> - A pine or alpine support group might be a better place to sort the
>>>> whyso and howfix of that....
>>>>
>>>> Bill Hacker
>>>>
>>>>
>>>>
>>>>
>>>>> On Tue, Apr 28, 2009 at 11:40 AM, Martin A. Brooks <
>>>> martin@???>wrote:
>>>>>> On 28/04/2009 18:19, Renee wrote:
>>>>>>
>>>>>>> To a gmail account:
>>>>>>> 2009-04-23 15:49:33 H=newserver.test.com [xxx.xxx.xxx.xxx] F=<
>>>>>>> testuser1@???> rejected RCPT<testuser2@???>:
>>>> relay
>>>>>>> not
>>>>>>> permitted
>>>>>>> 2009-04-23 15:49:35 1Lx6nX-0001JT-Nf<= testuser1@???=
>>>>>>> newserver.test.com [xxx.xxx.xxx.xxx] P=esmtpsa
>> X=TLSv1:AES256-SHA:256
>>>>>>>
>>>>>> FWIW, This works fine for me:
>>>>>>
>>>>>> martin@fish:~$ swaks -f testuser1@??? -t
>>>>>> testuser2@??? -s gmail-smtp-in.l.google.com
>>>>>> === Trying gmail-smtp-in.l.google.com:25...
>>>>>> === Connected to gmail-smtp-in.l.google.com.
>>>>>> <- 220 mx.google.com ESMTP 21si59164ewy.42
>>>>>> -> EHLO fish.clues.ltd.uk
>>>>>> <- 250-mx.google.com at your service, [80.68.93.86]
>>>>>> <- 250-SIZE 35651584
>>>>>> <- 250-8BITMIME
>>>>>> <- 250-ENHANCEDSTATUSCODES
>>>>>> <- 250 PIPELINING
>>>>>> -> MAIL FROM:<testuser1@???>
>>>>>> <- 250 2.1.0 OK 21si59164ewy.42
>>>>>> -> RCPT TO:<testuser2@???>
>>>>>> <- 250 2.1.5 OK 21si59164ewy.42
>>>>>> -> DATA
>>>>>> <- 354 Go ahead 21si59164ewy.42
>>>>>> -> Date: Tue, 28 Apr 2009 18:39:36 +0100
>>>>>> -> To: testuser2@???
>>>>>> -> From: testuser1@???
>>>>>> -> Subject: test Tue, 28 Apr 2009 18:39:36 +0100
>>>>>> -> X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks
>>>>>> ->
>>>>>> -> This is a test mailing
>>>>>> ->
>>>>>> -> .
>>>>>> <- 250 2.0.0 OK 1240940377 21si59164ewy.42
>>>>>> -> QUIT
>>>>>> <- 221 2.0.0 closing connection 21si59164ewy.42
>>>>>> === Connection closed with remote host.
>>>>>>
>>>>>>
>>>>>>
>>>> --
>>>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>>
>>
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
