Re: [exim] Some problems

Page principale
Supprimer ce message
Répondre à ce message
Auteur: The Doctor
Date:  
À: Ian Eiloart
CC: exim-users
Sujet: Re: [exim] Some problems
On Mon, Mar 21, 2011 at 09:23:49AM +0000, Ian Eiloart wrote:
>
>
> --On 16 March 2011 22:00:47 -0600 The Doctor <doctor@???>
> wrote:
>
>> Right number of issues.
>
> You've got the correct number of issues? Or "Right, I've got a number of
> issues?"
>
> Would you care to tell us what the issues are?
>


Correct a number of issues.

>
> Way down below this config file, you say inbound messages sometimes take a
> while to arrive. Have you checked "Received" headers to determine which
> step is taking the time? have you checked your log files to see whether you
> are temporarily rejecting messages, or whether connections are timing out
> (being dropped)?


Apparently when a huge number of spam, say N, hits the server,
it might take m hours for a message that is non-spam to be delivered.

N messages are frozen rather crippling exim in doing a proper job.

Now going below:

>
>>
>> ----------------------- ns2 config file -----------------
>>
>>
>> primary_hostname = ns2
>> local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
>> 0.0.0.0.587 domainlist local_domains = @
>> domainlist relay_to_domains =
>> hostlist relay_from_hosts = 127.0.0.1 : 204.209.81.0/24 : 192.168.0.0/16
>> : 208.118.93.0/24: 208.118.94.0/24 acl_smtp_rcpt = acl_check_rcpt
>> acl_smtp_data = acl_check_data
>> av_scanner = clamd:127.0.0.1 3310
>> spamd_address = 127.0.0.1 783
>> tls_advertise_hosts = *
>> tls_certificate = /usr/exim/ca.crt
>> tls_privatekey = /usr/exim/ca.key
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports =   465
>> never_users = root
>> host_lookup = *
>> rfc1413_hosts = *
>> rfc1413_query_timeout = 5s
>> ignore_bounce_errors_after = 2d
>> timeout_frozen_after = 7d
>> auto_thaw = 1m
>> begin acl
>> acl_check_rcpt:
>>   # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
>> by   # testing for an empty sending host field.
>>   accept  hosts = :
>>           control = dkim_disable_verify

>>
>>   deny    message       = Restricted characters in address
>>           domains       = +local_domains
>>           local_parts   = ^[.] : ^.*[@%!/|]


>>   deny    message       = Restricted characters in address
>>           domains       = !+local_domains
>>           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

>>
>>   accept  local_parts   = postmaster
>>           domains       = +local_domains
>>   # Deny unless the sender address can be verified.
>>   require verify        = sender


>>   accept  hosts         = +relay_from_hosts
>>           control       = submission
>>           control       = dkim_disable_verify


>>   accept  authenticated = *
>>           control       = submission
>>           control       = dkim_disable_verify

>>
>>    require message = relay not permitted
>>           domains = +local_domains : +relay_to_domains

>>
>> require verify = recipient
>>
>>   #
>>    deny    message       = rejected because $sender_host_address is in a
>> black list at $dnslist_domain\n$dnslist_text
>>             dnslists = sbl-xbl.spamhaus.org : \
>>              dnsbl.njabl.org : \
>>              combined.njabl.org : \
>>              dev.null.dk : \
>>              relays.visi.com : \
>>              bl.spamcop.net : \
>>              hostkarma.junkemailfilter.com=127.0.0.2
>>   #
>>    warn   dnslists = sbl-xbl.spamhaus.org: \
>>              dnsbl.njabl.org : \
>>              combined.njabl.org : \
>>              dev.null.dk : \
>>              relays.visi.com : \
>>              bl.spamcop.net : \
>>              hostkarma.junkemailfilter.com=127.0.0.2
>>            add_header    = X-Warning: $sender_host_address is in a black
>> list at $dnslist_domain            log_message   = found in
>> $dnslist_domain

>>
>> accept
>> acl_check_data:
>>
>> accept authenticated = *
>>
>>    deny    malware    = *
>>            message    = This message contains a virus ($malware_name).
>>   #
>>    warn    spam       = nobody
>>            add_header = X-Spam_score: $spam_score\n\
>>                         X-Spam_score_int: $spam_score_int\n\
>>                         X-Spam_bar: $spam_bar\n\
>>                         X-Spam_report: $spam_report
>>   # Accept the message.
>>   accept
>> begin routers
>> check_dnslookup:
>>   driver = dnslookup
>>   domains = ! +local_domains
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   verify_only
>>   pass_router = amavis
>>   no_more
>> check_system_aliases:
>>   driver = redirect
>>   allow_fail
>>   allow_defer
>>   data = ${lookup{$local_part}lsearch{/etc/aliases}}
>>   verify_only
>>   pass_router = amavis
>> check_localuser:
>>   driver = accept
>>   check_local_user
>>   verify_only
>>   pass_router = amavis
>> failed_address_router:
>>   driver = accept
>>   verify_only
>>   fail_verify
>> amavis:
>>   driver = manualroute
>>   # Do NOT run if received via 10025/tcp or if already spam-scanned
>>   # or if bounce message ($sender_address="")
>>   condition = "${if or {{eq {$interface_port}{10025}} \
>>       {eq {$received_protocol}{spam-scanned}} \
>>       {eq {$sender_address}{}} \
>>       }{0}{1}}"
>>   transport = amavis
>>   route_list = "* localhost byname"
>>   self = send
>> dnslookup:
>>   driver = dnslookup
>>   domains = ! +local_domains
>>   transport = remote_smtp
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   no_more
>> system_aliases:
>>   driver = redirect
>>   allow_fail
>>   allow_defer
>>   data = ${lookup{$local_part}lsearch{/etc/aliases}}
>>   file_transport = address_file
>>   pipe_transport = address_pipe
>> userforward:
>>   driver = redirect
>>   check_local_user
>>   file = $home/.forward
>>   no_verify
>>   no_expn
>>   check_ancestor
>>   file_transport = address_file
>>   pipe_transport = address_pipe
>>   reply_transport = address_reply
>> localuser:
>>   driver = accept
>>   check_local_user
>>   transport = local_delivery
>>   cannot_route_message = Unknown user
>>   # Do NOT run if received via 10025/tcp or if already spam-scanned
>>   # or if bounce message ($sender_address="")
>> begin transports
>> remote_smtp:
>>   driver = smtp
>>   hosts_avoid_tls=*
>> amavis:
>>   driver = smtp
>>   port = 10024
>>   allow_localhost
>> local_delivery:
>>   driver = appendfile
>>   file = /var/mail/$local_part
>>   delivery_date_add
>>   envelope_to_add
>>   return_path_add
>>   group = mail
>>   mode = 0600
>> address_pipe:
>>   driver = pipe
>>   return_output
>> address_file:
>>   driver = appendfile
>>   delivery_date_add
>>   envelope_to_add
>>   return_path_add
>> address_reply:
>>   driver = autoreply
>> begin retry
>> *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
>> begin rewrite
>> begin authenticators
>> PLAIN:
>>   driver                     = plaintext
>>   public_name                = PLAIN
>>   server_set_id              = $auth2
>>   server_prompts             = :
>>   server_condition           = ${if saslauthd{{$2}{$3}}{1}{0}}
>>   server_advertise_condition = ${if def:tls_cipher }
>> LOGIN:
>>   driver                     = plaintext
>>   public_name                = LOGIN
>>   server_set_id              = $auth1
>>  server_prompts             = <| Username: | Password:
>>  server_condition           =  ${if saslauthd{{$1}{$2}}{1}{0}}
>>   server_advertise_condition = ${if def:tls_cipher }

>>
>>
>> ---- end of conf file ----------------------------
>>
>>
>> I wish to add that if an e-mail is done via port 465 then do not subject
>> it to anti-viral tests.



Again, the above is working nicely wqith the exception of an e-mail getting
identified as a potentinal virus.

How do I tell exim anything ***authenticated*** on 465/587
should not be subjugated to anti-viral / anti-spam tests?

>>
>> -------------- ns1 configuration -----------------------
>>
>>
>> primary_hostname = ns1
>> local_interfaces = 0.0.0.0.25 :  127.0.0.1.10025  : 0.0.0.0.465 :
>> 0.0.0.0.587 domainlist local_domains =
>> @:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca:d
>> octor.nl2k.ab.ca:lsearch;/usr/exim/vdom3  domainlist relay_to_domains =
>> hostlist relay_from_hosts = 204.209.81.0/24 : 127.0.0.1 :
>> 208.118.93.0/24: 208.118.94.0/24 trusted_users = exim : majordomo
>> acl_smtp_rcpt = acl_check_rcpt
>> acl_smtp_data = acl_check_data
>> av_scanner = clamd:127.0.0.1 3310
>> spamd_address = 127.0.0.1 783
>> tls_advertise_hosts = *
>> tls_certificate = /usr/exim/ca.crt
>> tls_privatekey = /usr/exim/ca.key
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports =   465
>> never_users = root
>> host_lookup = *
>> rfc1413_hosts = *
>> rfc1413_query_timeout = 5s
>> ignore_bounce_errors_after = 2h
>> timeout_frozen_after = 6h
>> auto_thaw = 1m
>> begin acl
>> acl_check_rcpt:
>>   # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
>> by   # testing for an empty sending host field.
>>   accept  hosts = :
>>           control = dkim_enable_verify
>> #
>>   deny    message       = Restricted characters in address
>>           domains       = +local_domains
>>           local_parts   = ^[.] : ^.*[@%!/|]
>> #
>>   deny    message       = Restricted characters in address
>>           domains       = !+local_domains
>>           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

>>
>>   accept  local_parts   = postmaster
>>           domains       = +local_domains:lsearch;/usr/exim/vdom3
>>   # Deny unless the sender address can be verified.
>>   ##require verify        = sender
>>   accept  domains       = +local_domains:lsearch;/usr/exim/vdom3
>>   endpass

>>
>>
>> /*
>>
>> The above is commented out as virtual e-mail addresses are not
>> being recognised properly. I am using a dbm file.
>> How Do I get exim to realises that we have local and virtual that needs
>> supporting ?
>>
>>
>> */



I doubt C comments exists in exim for its configure file.

Again here is what the above is saying:

The above is commented out as virtual e-mail addresses are not
being recognised properly. I am using a dbm file.
How Do I get exim to realise that we have local and virtual that needs
supporting ?

>>   ## Sender Verify on 'Recipient'
>> drop    message = REJECTED - Sender Verify Failed - error code
>> \"$sender_verify_failure\"\n\n\ The return address you are using for this
>> email message <$sender_address>\ does not seem to be a working account.
>>         log_message = REJECTED - Sender Verify Failed - error code
>> \"$sender_verify_failure\"         !hosts = +no_verify
>>         !verify = sender/callout=2m,defer_ok
>>         condition = ${if eq{recipient}{$sender_verify_failure}}
>> deny    message   = REJECTED - Recipient Verify Failed - User Not Found
>>         domains   = +all_mail_handled_locally
>>         !verify   = recipient/callout=2m,defer_ok,use_sender
>> warn    domains = +local_domains:lsearch;/usr/exim/vdom3
>>                 !verify = recipient
>>                 set acl_c0 = ${eval: $acl_c0+1}
>>                 delay = ${eval: ($acl_c0 - 1) * 60}s
>> #
>>   accept  hosts         = +relay_from_hosts
>>           control       = submission
>>           control       = dkim_disable_verify
>> #
>>   accept  authenticated = *
>>           control       = submission
>>           control       = dkim_disable_verify
>> #
>>  require message = relay not permitted
>>           domains = +local_domains : +relay_to_domains
>> #
>>   require verify = recipient

>>
>>   #
>>    deny    message       = rejected because $sender_host_address is in a
>> black list at $dnslist_domain\n$dnslist_text
>>             dnslists = sbl-xbl.spamhaus.org : \
>>              dnsbl.njabl.org : \
>>              combined.njabl.org : \
>>              dev.null.dk : \
>>              relays.visi.com : \
>>              bl.spamcop.net : \
>>              hostkarma.junkemailfilter.com=127.0.0.2
>>   #
>>    warn   dnslists = sbl-xbl.spamhaus.org: \
>>              dnsbl.njabl.org : \
>>              combined.njabl.org : \
>>              dev.null.dk : \
>>              relays.visi.com : \
>>              bl.spamcop.net : \
>>              hostkarma.junkemailfilter.com=127.0.0.2
>>            add_header    = X-Warning: $sender_host_address is in a black
>> list at $dnslist_domain            log_message   = found in
>> $dnslist_domain

>>
>>
>>   accept
>> acl_check_data:
>>   #
>>    deny    malware    = *
>>            message    = This message contains a virus ($malware_name).
>>   #
>>    warn    spam       = nobody
>>            add_header = X-Spam_score: $spam_score\n\
>>                         X-Spam_score_int: $spam_score_int\n\
>>                         X-Spam_bar: $spam_bar\n\
>>                         X-Spam_report: $spam_report
>>   # Accept the message.
>>   accept
>> begin routers
>> check_dnslookup:
>>   driver = dnslookup
>>   domains = ! +local_domains
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   verify_only
>>   pass_router = amavis
>>   no_more
>> check_system_aliases:
>>   driver = redirect
>>   allow_fail
>>   allow_defer
>>   data = ${lookup{$local_part}lsearch{/etc/aliases}}
>>   verify_only
>>   pass_router = amavis
>> check_localuser:
>>   driver = accept
>>   check_local_user
>>   verify_only
>>   pass_router = amavis
>> failed_address_router:
>>   driver = accept
>>   verify_only
>>   fail_verify
>> domains_virtual:
>>   domains       = +local_domains
>>   driver = redirect
>>   data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}

>>
>> domains_virtual_others:
>>   domains       = +local_domains
>>   driver = redirect
>>   data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
>> amavis:
>>   driver = manualroute
>>   # Do NOT run if received via 10025/tcp or if already spam-scanned
>>   # or if bounce message ($sender_address="")
>>   condition = "${if or {{eq {$interface_port}{10025}} \
>>       {eq {$received_protocol}{spam-scanned}} \
>>       {eq {$sender_address}{}} \
>>       }{0}{1}}"
>>   transport = amavis
>>   route_list = "* localhost byname"
>>   self = send
>> dnslookup:
>>   driver = dnslookup
>>   domains = ! +local_domains
>>   transport = remote_smtp
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   no_more
>> system_aliases:
>>   driver = redirect
>>   allow_fail
>>   allow_defer
>>   data = ${lookup{$local_part}lsearch{/etc/aliases}}
>>   file_transport = address_file
>>   pipe_transport = address_pipe
>> userforward:
>>   driver = redirect
>>   check_local_user
>>   file = $home/.forward
>>   no_verify
>>   no_expn
>>   check_ancestor
>>   file_transport = address_file
>>   pipe_transport = address_pipe
>>   reply_transport = address_reply
>> localuser:
>>   driver = accept
>>   check_local_user
>>   transport = local_delivery
>>   cannot_route_message = Unknown user
>> procmail:
>>   driver = accept
>>   check_local_user
>>   require_files = $home/.procmailrc
>>   transport = procmail_pipe
>>   # Do NOT run if received via 10025/tcp or if already spam-scanned
>>   # or if bounce message ($sender_address="")
>> lists:
>>   driver = redirect
>>   file = /usr/home/majordomo/lists/$local_part
>>   forbid_pipe
>>   forbid_file
>>   errors_to = $local_part-request@???
>>   user = majordomo
>>   no_more
>> begin transports
>> remote_smtp:
>>   driver = smtp
>> procmail_pipe:
>>   driver = pipe
>>   command = /usr/bin/procmail -d $local_part
>>   return_path_add
>>   delivery_date_add
>>   envelope_to_add
>>   check_string = "From "
>>   escape_string = ">From "
>>   umask = 077
>>   user = $local_part
>>   group = mail

>>
>> amavis:
>>   driver = smtp
>>   port = 10024
>>   allow_localhost
>> local_delivery:
>>   driver = appendfile
>>   file = /var/mail/$local_part
>>   delivery_date_add
>>   envelope_to_add
>>   return_path_add
>>   group = mail
>>   mode = 0600
>> address_pipe:
>>   driver = pipe
>>   return_output
>> address_file:
>>   driver = appendfile
>>   delivery_date_add
>>   envelope_to_add
>>   return_path_add
>> address_reply:
>>   driver = autoreply
>> begin retry
>> *                      *           F,1h,15m; G,10h,1h,1.5; F,1d,1h
>> begin rewrite
>> begin authenticators
>> PLAIN:
>>   driver                     = plaintext
>>   public_name                = PLAIN
>>   server_set_id              = $auth2
>>   server_prompts             = :
>>   server_condition           = ${if saslauthd{{$2}{$3}}{1}{0}}
>>   server_advertise_condition = ${if def:tls_cipher }
>> LOGIN:
>>   driver                     = plaintext
>>   public_name                = LOGIN
>>   server_set_id              = $auth1
>>  server_prompts             = <| Username: | Password:
>>  server_condition           = ${if saslauthd{{$1}{$2}}{1}{0}}
>>   server_advertise_condition = ${if def:tls_cipher }

>>
>>
>> -------------------------- end of ns1 ---------------
>>
>> Also noticed mail taking about 1 minute to about several hours of days to
>> come in. How do I rectify this?
>>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/



If the ns1 questions can also be answered, then we should be a go.

Once established, what is the best CA authority reasonably priced
for EXIM SSL certificates?

-- 
Member - Liberal International    This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Now is the time time to declare your allegiance!