Re: [exim] What the...

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: Re: [exim] What the...

While I don't know why it's not working, this will
help you get more debug data:

exim -bhc 80.239.186.47

... and simulate the connection. Use the HELO (H=)
shown in the log snippet, and the same from/to that
are there.

The debug output produced should provide some clues.


On Mon, 7 Nov 2011, Chris Knipe wrote:

> Date: Mon, 7 Nov 2011 07:45:50
> From: Chris Knipe <savage@???>
> To: exim-users@???
> Subject: [exim] What the...
>
> Hi,
>
> I'm a bit in the dark here... For the love of me, I cannot determine
> why this (and only this specific email from battle.net) are being
> rejected by exim. All emails from this specific host seems to be
> rejected for some reason, but I cannot determine why? :( All my
> rejects in my ACLs have a message specified, but according to the log
> the email is rejected without an message...
>
> I have log_selector = +all -pid in my config, and the only entries in
> the log is below (together with my acls)...
>
> main.log:
> 2011-11-07 07:37:45 SMTP connection from [80.239.186.47]:36044
> I=[64.16.211.38]:25 (TCP/IP connection count = 1)
> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
> <savage@???>
> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
> I=[64.16.211.38]:25 incomplete transaction (RSET) from
> <noreply@???>
> 2011-11-07 07:37:48 SMTP connection from ext-smtp11.eu.battle.net
> [80.239.186.47]:36044 I=[64.16.211.38]:25 closed by QUIT
>
> reject.log:
> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
> <savage@???>
>
> ACLs:
> ######################################################################
> #                       ACL CONFIGURATION                            #
> #         Specifies access control lists for incoming SMTP mail      #
> ######################################################################
> begin acl
> acl_check_data:
>  deny    message       = Hiding of file extensions is not allowed!
>          regex         =
> ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
>  deny    message       = Message SHOULD have Message-ID: but does not
>          condition     = ${if !def:h_Message-ID: {1}}
>          hosts         = !+relay_from_hosts
>  deny    message       = Message SHOULD have Date: but does not
>          condition     = ${if !def:h_Date: {1}}
>          hosts         = !+relay_from_hosts
>  deny    message       = This message contains a virus or other
> harmful content ($malware_name)
>          malware       = *
>  accept  condition     = ${if >={$message_size}{256k}{yes}{no}}
>  warn    message       = X-SA-Score: $spam_score
>          hosts         = !+relay_from_hosts
>          spam          = spamd
>          add_header    = X-Spam_score: $spam_score\n\
>                          X-Spam_bar: $spam_bar
>  warn    message       = X-SA-Report: $spam_report
>          hosts         = !+relay_from_hosts
>          spam          = spamd
>          condition     = ${if >{$spam_score_int}{0}{true}{false}}
>          add_header    = X-Spam_score: $spam_score\n\
>                          X-Spam_bar: $spam_bar
>  warn    message       = X-SA-Status: Yes
>          hosts         = !+relay_from_hosts
>          spam          = spamd
>          condition     = ${if >{$spam_score_int}{10}{true}{false}}
>          add_header    = X-Spam_score: $spam_score\n\
>                          X-Spam_bar: $spam_bar
>          hosts         = !+relay_from_hosts
>  deny    message       = Message not accepted, scored $spam_score spam points.
>          hosts         = !+relay_from_hosts
>          spam          = spamd
>          condition     = ${if >{$spam_score_int}{70}{true}{false}}
>  accept

>
> acl_check_helo:
>  deny    message       = Im afraid I need your name before I can let you in.
>          hosts         = !+relay_from_hosts
>          condition     = ${if match {$sender_helo_name}{none} {yes}{no}}
>  deny    message       = Invalid HELO/EHLO. You are either spam/a
> virus, or your system administrator has incorrectly configured your
> network.
>          condition     = ${if match{$sender_helo_name}{\\.}{no}{yes}}
>          hosts         = !+relay_from_hosts
>  deny    message       = HELO/EHLO with my hostname. You are not me.
>          hosts         = !+relay_from_hosts
>          condition     = ${if or { \
>                                   {eq {${lc:$sender_helo_name}}{127.0.0.1}} \
>                                   {eq {${lc:$sender_helo_name}}{localhost}} \
>                                   {eq
> {${lc:$sender_helo_name}}{64.16.211.38}} \
>                                   {eq
> {${lc:$sender_helo_name}}{netsonic.savage.za.org}} \
>                                    } {true}{false} }
>  deny    message       = Your message was rejected because
> $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
> for an explanation
>          hosts         = !+relay_from_hosts
>          dnslists      =
> bl.spamcop.net:sbl.spamhaus.org:xbl.spamhaus.org:zombie.dnsbl.sorbs.net:blackholes.mail-abuse.org:\

>
> smtp.dnsbl.sorbs.net:web.dnsbl.sorbs.net:nomail.rhsbl.sorbs.net:badconf.rhsbl.sorbs.net:http.dnsbl.sorbs.net:\
>                          socks.dnsbl.sorbs.net:misc.dnsbl.sorbs.net
>  accept

>
> acl_check_rcpt:
>  accept  hosts         = :
>  deny    message       = Suspected Faked Yahoo Account, E-mail Rejected.
>          log_message   = Fake Yahoo
>          senders       = *@yahoo.com
>          condition     = ${if
> match{$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
>  deny    message       = Suspected Faked Hotmail Account, E-mail Rejected.
>          log_message   = Fake hotmail
>          senders       = *@hotmail.com
>          condition     = ${if match
> {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
>  deny    message       = Suspected Faked MSN Account, E-mail Rejected.
>          log_message   = Fake MSN
>          senders       = *@msn.com
>          condition     = ${if match
> {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
>  deny    message       = Suspected Faked AOL Account, E-mail Rejected.
>          log_message   = Fake AOL
>          senders       = *@aol.com
>          condition     = ${if match
> {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
>  deny    message       = Restricted characters in address
>          domains       = +local_domains
>          local_parts   = ^[.] : ^.*[@%!/|]
>  deny    message       = Restricted characters in address
>          domains       = !+local_domains
>          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>  accept  local_parts   = postmaster
>          domains       = +local_domains
>  accept  hosts         = +relay_from_hosts
>  require verify        = sender/callout=2m,defer_ok,random
>          hosts         = !80.239.186.0/24:!41.183.0.19
>          message       = REJECTED - Sender Verify Failed - error code
> \"$sender_verify_failure\"\n\nThe return address you are using for
> this email message <$sender_address> does not seem to be a working
> account.
>  deny    message       = REJECTED - Recipient Verify Failed - User Not Found
>          domains       = +local_domains
>          !verify       = recipient/callout=2m,defer_ok,use_sender
>  accept  authenticated = *
>          control       = submission
>  require message       = relay not permitted
>          domains       = +local_domains : +relay_to_domains
>  require verify        = recipient
>  accept

>
>


-- 
--------------------------------------------------------
  Dave Lugo     dlugo@???      No spam, thanks.
  Are you the police?  . . .  No ma'am, we're sysadmins.
--------------------------------------------------------