On Mon, Mar 21, 2011 at 09:23:49AM +0000, Ian Eiloart wrote:
>
>
> --On 16 March 2011 22:00:47 -0600 The Doctor <doctor@???>
> wrote:
>
>> Right number of issues.
>
> You've got the correct number of issues? Or "Right, I've got a number of
> issues?"
>
> Would you care to tell us what the issues are?
>
Correct a number of issues.
>
> Way down below this config file, you say inbound messages sometimes take a
> while to arrive. Have you checked "Received" headers to determine which
> step is taking the time? have you checked your log files to see whether you
> are temporarily rejecting messages, or whether connections are timing out
> (being dropped)?
Apparently when a huge number of spam, say N, hits the server,
it might take m hours for a message that is non-spam to be delivered.
N messages are frozen rather crippling exim in doing a proper job.
Now going below:
>
>>
>> ----------------------- ns2 config file -----------------
>>
>>
>> primary_hostname = ns2
>> local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
>> 0.0.0.0.587 domainlist local_domains = @
>> domainlist relay_to_domains =
>> hostlist relay_from_hosts = 127.0.0.1 : 204.209.81.0/24 : 192.168.0.0/16
>> : 208.118.93.0/24: 208.118.94.0/24 acl_smtp_rcpt = acl_check_rcpt
>> acl_smtp_data = acl_check_data
>> av_scanner = clamd:127.0.0.1 3310
>> spamd_address = 127.0.0.1 783
>> tls_advertise_hosts = *
>> tls_certificate = /usr/exim/ca.crt
>> tls_privatekey = /usr/exim/ca.key
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports = 465
>> never_users = root
>> host_lookup = *
>> rfc1413_hosts = *
>> rfc1413_query_timeout = 5s
>> ignore_bounce_errors_after = 2d
>> timeout_frozen_after = 7d
>> auto_thaw = 1m
>> begin acl
>> acl_check_rcpt:
>> # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
>> by # testing for an empty sending host field.
>> accept hosts = :
>> control = dkim_disable_verify
>>
>> deny message = Restricted characters in address
>> domains = +local_domains
>> local_parts = ^[.] : ^.*[@%!/|]
>> deny message = Restricted characters in address
>> domains = !+local_domains
>> local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>
>> accept local_parts = postmaster
>> domains = +local_domains
>> # Deny unless the sender address can be verified.
>> require verify = sender
>> accept hosts = +relay_from_hosts
>> control = submission
>> control = dkim_disable_verify
>> accept authenticated = *
>> control = submission
>> control = dkim_disable_verify
>>
>> require message = relay not permitted
>> domains = +local_domains : +relay_to_domains
>>
>> require verify = recipient
>>
>> #
>> deny message = rejected because $sender_host_address is in a
>> black list at $dnslist_domain\n$dnslist_text
>> dnslists = sbl-xbl.spamhaus.org : \
>> dnsbl.njabl.org : \
>> combined.njabl.org : \
>> dev.null.dk : \
>> relays.visi.com : \
>> bl.spamcop.net : \
>> hostkarma.junkemailfilter.com=127.0.0.2
>> #
>> warn dnslists = sbl-xbl.spamhaus.org: \
>> dnsbl.njabl.org : \
>> combined.njabl.org : \
>> dev.null.dk : \
>> relays.visi.com : \
>> bl.spamcop.net : \
>> hostkarma.junkemailfilter.com=127.0.0.2
>> add_header = X-Warning: $sender_host_address is in a black
>> list at $dnslist_domain log_message = found in
>> $dnslist_domain
>>
>> accept
>> acl_check_data:
>>
>> accept authenticated = *
>>
>> deny malware = *
>> message = This message contains a virus ($malware_name).
>> #
>> warn spam = nobody
>> add_header = X-Spam_score: $spam_score\n\
>> X-Spam_score_int: $spam_score_int\n\
>> X-Spam_bar: $spam_bar\n\
>> X-Spam_report: $spam_report
>> # Accept the message.
>> accept
>> begin routers
>> check_dnslookup:
>> driver = dnslookup
>> domains = ! +local_domains
>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>> verify_only
>> pass_router = amavis
>> no_more
>> check_system_aliases:
>> driver = redirect
>> allow_fail
>> allow_defer
>> data = ${lookup{$local_part}lsearch{/etc/aliases}}
>> verify_only
>> pass_router = amavis
>> check_localuser:
>> driver = accept
>> check_local_user
>> verify_only
>> pass_router = amavis
>> failed_address_router:
>> driver = accept
>> verify_only
>> fail_verify
>> amavis:
>> driver = manualroute
>> # Do NOT run if received via 10025/tcp or if already spam-scanned
>> # or if bounce message ($sender_address="")
>> condition = "${if or {{eq {$interface_port}{10025}} \
>> {eq {$received_protocol}{spam-scanned}} \
>> {eq {$sender_address}{}} \
>> }{0}{1}}"
>> transport = amavis
>> route_list = "* localhost byname"
>> self = send
>> dnslookup:
>> driver = dnslookup
>> domains = ! +local_domains
>> transport = remote_smtp
>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>> no_more
>> system_aliases:
>> driver = redirect
>> allow_fail
>> allow_defer
>> data = ${lookup{$local_part}lsearch{/etc/aliases}}
>> file_transport = address_file
>> pipe_transport = address_pipe
>> userforward:
>> driver = redirect
>> check_local_user
>> file = $home/.forward
>> no_verify
>> no_expn
>> check_ancestor
>> file_transport = address_file
>> pipe_transport = address_pipe
>> reply_transport = address_reply
>> localuser:
>> driver = accept
>> check_local_user
>> transport = local_delivery
>> cannot_route_message = Unknown user
>> # Do NOT run if received via 10025/tcp or if already spam-scanned
>> # or if bounce message ($sender_address="")
>> begin transports
>> remote_smtp:
>> driver = smtp
>> hosts_avoid_tls=*
>> amavis:
>> driver = smtp
>> port = 10024
>> allow_localhost
>> local_delivery:
>> driver = appendfile
>> file = /var/mail/$local_part
>> delivery_date_add
>> envelope_to_add
>> return_path_add
>> group = mail
>> mode = 0600
>> address_pipe:
>> driver = pipe
>> return_output
>> address_file:
>> driver = appendfile
>> delivery_date_add
>> envelope_to_add
>> return_path_add
>> address_reply:
>> driver = autoreply
>> begin retry
>> * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
>> begin rewrite
>> begin authenticators
>> PLAIN:
>> driver = plaintext
>> public_name = PLAIN
>> server_set_id = $auth2
>> server_prompts = :
>> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
>> server_advertise_condition = ${if def:tls_cipher }
>> LOGIN:
>> driver = plaintext
>> public_name = LOGIN
>> server_set_id = $auth1
>> server_prompts = <| Username: | Password:
>> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
>> server_advertise_condition = ${if def:tls_cipher }
>>
>>
>> ---- end of conf file ----------------------------
>>
>>
>> I wish to add that if an e-mail is done via port 465 then do not subject
>> it to anti-viral tests.
Again, the above is working nicely wqith the exception of an e-mail getting
identified as a potentinal virus.
How do I tell exim anything ***authenticated*** on 465/587
should not be subjugated to anti-viral / anti-spam tests?
>>
>> -------------- ns1 configuration -----------------------
>>
>>
>> primary_hostname = ns1
>> local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
>> 0.0.0.0.587 domainlist local_domains =
>> @:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca:d
>> octor.nl2k.ab.ca:lsearch;/usr/exim/vdom3 domainlist relay_to_domains =
>> hostlist relay_from_hosts = 204.209.81.0/24 : 127.0.0.1 :
>> 208.118.93.0/24: 208.118.94.0/24 trusted_users = exim : majordomo
>> acl_smtp_rcpt = acl_check_rcpt
>> acl_smtp_data = acl_check_data
>> av_scanner = clamd:127.0.0.1 3310
>> spamd_address = 127.0.0.1 783
>> tls_advertise_hosts = *
>> tls_certificate = /usr/exim/ca.crt
>> tls_privatekey = /usr/exim/ca.key
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports = 465
>> never_users = root
>> host_lookup = *
>> rfc1413_hosts = *
>> rfc1413_query_timeout = 5s
>> ignore_bounce_errors_after = 2h
>> timeout_frozen_after = 6h
>> auto_thaw = 1m
>> begin acl
>> acl_check_rcpt:
>> # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
>> by # testing for an empty sending host field.
>> accept hosts = :
>> control = dkim_enable_verify
>> #
>> deny message = Restricted characters in address
>> domains = +local_domains
>> local_parts = ^[.] : ^.*[@%!/|]
>> #
>> deny message = Restricted characters in address
>> domains = !+local_domains
>> local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>
>> accept local_parts = postmaster
>> domains = +local_domains:lsearch;/usr/exim/vdom3
>> # Deny unless the sender address can be verified.
>> ##require verify = sender
>> accept domains = +local_domains:lsearch;/usr/exim/vdom3
>> endpass
>>
>>
>> /*
>>
>> The above is commented out as virtual e-mail addresses are not
>> being recognised properly. I am using a dbm file.
>> How Do I get exim to realises that we have local and virtual that needs
>> supporting ?
>>
>>
>> */
I doubt C comments exists in exim for its configure file.
Again here is what the above is saying:
The above is commented out as virtual e-mail addresses are not
being recognised properly. I am using a dbm file.
How Do I get exim to realise that we have local and virtual that needs
supporting ?
>> ## Sender Verify on 'Recipient'
>> drop message = REJECTED - Sender Verify Failed - error code
>> \"$sender_verify_failure\"\n\n\ The return address you are using for this
>> email message <$sender_address>\ does not seem to be a working account.
>> log_message = REJECTED - Sender Verify Failed - error code
>> \"$sender_verify_failure\" !hosts = +no_verify
>> !verify = sender/callout=2m,defer_ok
>> condition = ${if eq{recipient}{$sender_verify_failure}}
>> deny message = REJECTED - Recipient Verify Failed - User Not Found
>> domains = +all_mail_handled_locally
>> !verify = recipient/callout=2m,defer_ok,use_sender
>> warn domains = +local_domains:lsearch;/usr/exim/vdom3
>> !verify = recipient
>> set acl_c0 = ${eval: $acl_c0+1}
>> delay = ${eval: ($acl_c0 - 1) * 60}s
>> #
>> accept hosts = +relay_from_hosts
>> control = submission
>> control = dkim_disable_verify
>> #
>> accept authenticated = *
>> control = submission
>> control = dkim_disable_verify
>> #
>> require message = relay not permitted
>> domains = +local_domains : +relay_to_domains
>> #
>> require verify = recipient
>>
>> #
>> deny message = rejected because $sender_host_address is in a
>> black list at $dnslist_domain\n$dnslist_text
>> dnslists = sbl-xbl.spamhaus.org : \
>> dnsbl.njabl.org : \
>> combined.njabl.org : \
>> dev.null.dk : \
>> relays.visi.com : \
>> bl.spamcop.net : \
>> hostkarma.junkemailfilter.com=127.0.0.2
>> #
>> warn dnslists = sbl-xbl.spamhaus.org: \
>> dnsbl.njabl.org : \
>> combined.njabl.org : \
>> dev.null.dk : \
>> relays.visi.com : \
>> bl.spamcop.net : \
>> hostkarma.junkemailfilter.com=127.0.0.2
>> add_header = X-Warning: $sender_host_address is in a black
>> list at $dnslist_domain log_message = found in
>> $dnslist_domain
>>
>>
>> accept
>> acl_check_data:
>> #
>> deny malware = *
>> message = This message contains a virus ($malware_name).
>> #
>> warn spam = nobody
>> add_header = X-Spam_score: $spam_score\n\
>> X-Spam_score_int: $spam_score_int\n\
>> X-Spam_bar: $spam_bar\n\
>> X-Spam_report: $spam_report
>> # Accept the message.
>> accept
>> begin routers
>> check_dnslookup:
>> driver = dnslookup
>> domains = ! +local_domains
>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>> verify_only
>> pass_router = amavis
>> no_more
>> check_system_aliases:
>> driver = redirect
>> allow_fail
>> allow_defer
>> data = ${lookup{$local_part}lsearch{/etc/aliases}}
>> verify_only
>> pass_router = amavis
>> check_localuser:
>> driver = accept
>> check_local_user
>> verify_only
>> pass_router = amavis
>> failed_address_router:
>> driver = accept
>> verify_only
>> fail_verify
>> domains_virtual:
>> domains = +local_domains
>> driver = redirect
>> data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}
>>
>> domains_virtual_others:
>> domains = +local_domains
>> driver = redirect
>> data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
>> amavis:
>> driver = manualroute
>> # Do NOT run if received via 10025/tcp or if already spam-scanned
>> # or if bounce message ($sender_address="")
>> condition = "${if or {{eq {$interface_port}{10025}} \
>> {eq {$received_protocol}{spam-scanned}} \
>> {eq {$sender_address}{}} \
>> }{0}{1}}"
>> transport = amavis
>> route_list = "* localhost byname"
>> self = send
>> dnslookup:
>> driver = dnslookup
>> domains = ! +local_domains
>> transport = remote_smtp
>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>> no_more
>> system_aliases:
>> driver = redirect
>> allow_fail
>> allow_defer
>> data = ${lookup{$local_part}lsearch{/etc/aliases}}
>> file_transport = address_file
>> pipe_transport = address_pipe
>> userforward:
>> driver = redirect
>> check_local_user
>> file = $home/.forward
>> no_verify
>> no_expn
>> check_ancestor
>> file_transport = address_file
>> pipe_transport = address_pipe
>> reply_transport = address_reply
>> localuser:
>> driver = accept
>> check_local_user
>> transport = local_delivery
>> cannot_route_message = Unknown user
>> procmail:
>> driver = accept
>> check_local_user
>> require_files = $home/.procmailrc
>> transport = procmail_pipe
>> # Do NOT run if received via 10025/tcp or if already spam-scanned
>> # or if bounce message ($sender_address="")
>> lists:
>> driver = redirect
>> file = /usr/home/majordomo/lists/$local_part
>> forbid_pipe
>> forbid_file
>> errors_to = $local_part-request@???
>> user = majordomo
>> no_more
>> begin transports
>> remote_smtp:
>> driver = smtp
>> procmail_pipe:
>> driver = pipe
>> command = /usr/bin/procmail -d $local_part
>> return_path_add
>> delivery_date_add
>> envelope_to_add
>> check_string = "From "
>> escape_string = ">From "
>> umask = 077
>> user = $local_part
>> group = mail
>>
>> amavis:
>> driver = smtp
>> port = 10024
>> allow_localhost
>> local_delivery:
>> driver = appendfile
>> file = /var/mail/$local_part
>> delivery_date_add
>> envelope_to_add
>> return_path_add
>> group = mail
>> mode = 0600
>> address_pipe:
>> driver = pipe
>> return_output
>> address_file:
>> driver = appendfile
>> delivery_date_add
>> envelope_to_add
>> return_path_add
>> address_reply:
>> driver = autoreply
>> begin retry
>> * * F,1h,15m; G,10h,1h,1.5; F,1d,1h
>> begin rewrite
>> begin authenticators
>> PLAIN:
>> driver = plaintext
>> public_name = PLAIN
>> server_set_id = $auth2
>> server_prompts = :
>> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
>> server_advertise_condition = ${if def:tls_cipher }
>> LOGIN:
>> driver = plaintext
>> public_name = LOGIN
>> server_set_id = $auth1
>> server_prompts = <| Username: | Password:
>> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
>> server_advertise_condition = ${if def:tls_cipher }
>>
>>
>> -------------------------- end of ns1 ---------------
>>
>> Also noticed mail taking about 1 minute to about several hours of days to
>> come in. How do I rectify this?
>>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
If the ns1 questions can also be answered, then we should be a go.
Once established, what is the best CA authority reasonably priced
for EXIM SSL certificates?
--
Member - Liberal International This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Now is the time time to declare your allegiance!
