Re: [exim] What the...

Etusivu
Poista viesti
Vastaa
Lähettäjä: Chris Knipe
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] What the...
Hmm,

Of course, I should have thought about that after being an exim user
for 15 odd years :)

>>> Attempting full verification using callout
>>> callout cache: found domain record
>>> callout cache: domain rejects random addresses
>>> callout cache: found address record
>>> callout cache: address record is negative
>>> ----------- end verify ------------
>>> require: condition test failed

LOG: H=ext-smtp11.eu.battle.net [80.239.186.47] sender verify fail for
<no-reply@???>

Yet - that is not the message I get in the logs. Also from my configuration:

  require verify        = sender/callout=2m,defer_ok,random
          hosts         = !80.239.186.0/24:!41.183.0.19
          message       = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"\n\nThe return address you are using for
this email message <$sender_address> does not seem to be a working
account.


Should 80.239.186.47 not be excepted from the callout check,
considering the hosts statement in the ACL?

[root@netsonic /var/log/exim]# exim_dumpdb /var/spool/exim callout |grep battle
07-Nov-2011 07:43:58 noreply@??? callout=accept
07-Nov-2011 07:43:58 battle.net callout=accept postmaster=unknown
random=reject (07-Nov-2011 07:43:57)

Surely the above indicates that the callout was successfull? I'm
still baffled here as to why it is failing, and even more so why it is
not logging the error correctly.

[root@netsonic /var/log/exim]# exim -bV
Exim version 4.76 #1 built 07-Oct-2011 08:57:48
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() use_setclassresources OpenSSL
Content_Scanning DKIM Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm
dbmnz dnsdb mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/exim.conf


--
Chris.


On Mon, Nov 7, 2011 at 2:57 PM, Dave Lugo <dlugo@???> wrote:
>
> While I don't know why it's not working, this will
> help you get more debug data:
>
> exim -bhc 80.239.186.47
>
> ... and simulate the connection.  Use the HELO (H=)
> shown in the log snippet, and the same from/to that
> are there.
>
> The debug output produced should provide some clues.
>
>
> On Mon, 7 Nov 2011, Chris Knipe wrote:
>
>> Date: Mon, 7 Nov 2011 07:45:50
>> From: Chris Knipe <savage@???>
>> To: exim-users@???
>> Subject: [exim] What the...
>>
>> Hi,
>>
>> I'm a bit in the dark here...   For the love of me, I cannot determine
>> why this (and only this specific email from battle.net) are being
>> rejected by exim.  All emails from this specific host seems to be
>> rejected for some reason, but I cannot determine why? :(  All my
>> rejects in my ACLs have a message specified, but according to the log
>> the email is rejected without an message...
>>
>> I have log_selector = +all -pid in my config, and the only entries in
>> the log is below (together with my acls)...
>>
>> main.log:
>> 2011-11-07 07:37:45 SMTP connection from [80.239.186.47]:36044
>> I=[64.16.211.38]:25 (TCP/IP connection count = 1)
>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
>> <savage@???>
>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>> I=[64.16.211.38]:25 incomplete transaction (RSET) from
>> <noreply@???>
>> 2011-11-07 07:37:48 SMTP connection from ext-smtp11.eu.battle.net
>> [80.239.186.47]:36044 I=[64.16.211.38]:25 closed by QUIT
>>
>> reject.log:
>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
>> <savage@???>
>>
>> ACLs:
>> ######################################################################
>> #                       ACL CONFIGURATION                            #
>> #         Specifies access control lists for incoming SMTP mail      #
>> ######################################################################
>> begin acl
>> acl_check_data:
>>  deny    message       = Hiding of file extensions is not allowed!
>>         regex         =
>>
>> ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
>>  deny    message       = Message SHOULD have Message-ID: but does not
>>         condition     = ${if !def:h_Message-ID: {1}}
>>         hosts         = !+relay_from_hosts
>>  deny    message       = Message SHOULD have Date: but does not
>>         condition     = ${if !def:h_Date: {1}}
>>         hosts         = !+relay_from_hosts
>>  deny    message       = This message contains a virus or other
>> harmful content ($malware_name)
>>         malware       = *
>>  accept  condition     = ${if >={$message_size}{256k}{yes}{no}}
>>  warn    message       = X-SA-Score: $spam_score
>>         hosts         = !+relay_from_hosts
>>         spam          = spamd
>>         add_header    = X-Spam_score: $spam_score\n\
>>                         X-Spam_bar: $spam_bar
>>  warn    message       = X-SA-Report: $spam_report
>>         hosts         = !+relay_from_hosts
>>         spam          = spamd
>>         condition     = ${if >{$spam_score_int}{0}{true}{false}}
>>         add_header    = X-Spam_score: $spam_score\n\
>>                         X-Spam_bar: $spam_bar
>>  warn    message       = X-SA-Status: Yes
>>         hosts         = !+relay_from_hosts
>>         spam          = spamd
>>         condition     = ${if >{$spam_score_int}{10}{true}{false}}
>>         add_header    = X-Spam_score: $spam_score\n\
>>                         X-Spam_bar: $spam_bar
>>         hosts         = !+relay_from_hosts
>>  deny    message       = Message not accepted, scored $spam_score spam
>> points.
>>         hosts         = !+relay_from_hosts
>>         spam          = spamd
>>         condition     = ${if >{$spam_score_int}{70}{true}{false}}
>>  accept
>>
>> acl_check_helo:
>>  deny    message       = Im afraid I need your name before I can let you
>> in.
>>         hosts         = !+relay_from_hosts
>>         condition     = ${if match {$sender_helo_name}{none} {yes}{no}}
>>  deny    message       = Invalid HELO/EHLO. You are either spam/a
>> virus, or your system administrator has incorrectly configured your
>> network.
>>         condition     = ${if match{$sender_helo_name}{\\.}{no}{yes}}
>>         hosts         = !+relay_from_hosts
>>  deny    message       = HELO/EHLO with my hostname. You are not me.
>>         hosts         = !+relay_from_hosts
>>         condition     = ${if or { \
>>                                  {eq {${lc:$sender_helo_name}}{127.0.0.1}}
>> \
>>                                  {eq {${lc:$sender_helo_name}}{localhost}}
>> \
>>                                  {eq
>> {${lc:$sender_helo_name}}{64.16.211.38}} \
>>                                  {eq
>> {${lc:$sender_helo_name}}{netsonic.savage.za.org}} \
>>                                   } {true}{false} }
>>  deny    message       = Your message was rejected because
>> $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
>> for an explanation
>>         hosts         = !+relay_from_hosts
>>         dnslists      =
>>
>> bl.spamcop.net:sbl.spamhaus.org:xbl.spamhaus.org:zombie.dnsbl.sorbs.net:blackholes.mail-abuse.org:\
>>
>>
>> smtp.dnsbl.sorbs.net:web.dnsbl.sorbs.net:nomail.rhsbl.sorbs.net:badconf.rhsbl.sorbs.net:http.dnsbl.sorbs.net:\
>>                         socks.dnsbl.sorbs.net:misc.dnsbl.sorbs.net
>>  accept
>>
>> acl_check_rcpt:
>>  accept  hosts         = :
>>  deny    message       = Suspected Faked Yahoo Account, E-mail Rejected.
>>         log_message   = Fake Yahoo
>>         senders       = *@yahoo.com
>>         condition     = ${if
>> match{$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
>>  deny    message       = Suspected Faked Hotmail Account, E-mail Rejected.
>>         log_message   = Fake hotmail
>>         senders       = *@hotmail.com
>>         condition     = ${if match
>> {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
>>  deny    message       = Suspected Faked MSN Account, E-mail Rejected.
>>         log_message   = Fake MSN
>>         senders       = *@msn.com
>>         condition     = ${if match
>> {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
>>  deny    message       = Suspected Faked AOL Account, E-mail Rejected.
>>         log_message   = Fake AOL
>>         senders       = *@aol.com
>>         condition     = ${if match
>> {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
>>  deny    message       = Restricted characters in address
>>         domains       = +local_domains
>>         local_parts   = ^[.] : ^.*[@%!/|]
>>  deny    message       = Restricted characters in address
>>         domains       = !+local_domains
>>         local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>  accept  local_parts   = postmaster
>>         domains       = +local_domains
>>  accept  hosts         = +relay_from_hosts
>>  require verify        = sender/callout=2m,defer_ok,random
>>         hosts         = !80.239.186.0/24:!41.183.0.19
>>         message       = REJECTED - Sender Verify Failed - error code
>> \"$sender_verify_failure\"\n\nThe return address you are using for
>> this email message <$sender_address> does not seem to be a working
>> account.
>>  deny    message       = REJECTED - Recipient Verify Failed - User Not
>> Found
>>         domains       = +local_domains
>>         !verify       = recipient/callout=2m,defer_ok,use_sender
>>  accept  authenticated = *
>>         control       = submission
>>  require message       = relay not permitted
>>         domains       = +local_domains : +relay_to_domains
>>  require verify        = recipient
>>  accept
>>
>>
>
> --
> --------------------------------------------------------
>  Dave Lugo     dlugo@???      No spam, thanks.
>  Are you the police?  . . .  No ma'am, we're sysadmins.
> --------------------------------------------------------
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--

Regards,
Chris Knipe