Re: [exim] What the...

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: Re: [exim] What the...
suggestions (untested):

Maybe use log_message or logwrite instead?

You may also want to look towards the end of section 40.17
in spec.txt.


On Mon, 7 Nov 2011, Chris Knipe wrote:

> Date: Mon, 7 Nov 2011 08:19:53
> From: Chris Knipe <savage@???>
> To: exim-users@???
> Subject: Re: [exim] What the...
>
> Hmm,
>
> Of course, I should have thought about that after being an exim user
> for 15 odd years :)
>
>>>> Attempting full verification using callout
>>>> callout cache: found domain record
>>>> callout cache: domain rejects random addresses
>>>> callout cache: found address record
>>>> callout cache: address record is negative
>>>> ----------- end verify ------------
>>>> require: condition test failed
> LOG: H=ext-smtp11.eu.battle.net [80.239.186.47] sender verify fail for
> <no-reply@???>
>
> Yet - that is not the message I get in the logs. Also from my configuration:
>
>  require verify        = sender/callout=2m,defer_ok,random
>          hosts         = !80.239.186.0/24:!41.183.0.19
>          message       = REJECTED - Sender Verify Failed - error code
> \"$sender_verify_failure\"\n\nThe return address you are using for
> this email message <$sender_address> does not seem to be a working
> account.

>
> Should 80.239.186.47 not be excepted from the callout check,
> considering the hosts statement in the ACL?
>
> [root@netsonic /var/log/exim]# exim_dumpdb /var/spool/exim callout |grep battle
> 07-Nov-2011 07:43:58 noreply@??? callout=accept
> 07-Nov-2011 07:43:58 battle.net callout=accept postmaster=unknown
> random=reject (07-Nov-2011 07:43:57)
>
> Surely the above indicates that the callout was successfull? I'm
> still baffled here as to why it is failing, and even more so why it is
> not logging the error correctly.
>
> [root@netsonic /var/log/exim]# exim -bV
> Exim version 4.76 #1 built 07-Oct-2011 08:57:48
> Copyright (c) University of Cambridge, 1995 - 2007
> Probably Berkeley DB version 1.8x (native mode)
> Support for: crypteq iconv() use_setclassresources OpenSSL
> Content_Scanning DKIM Experimental_SPF Experimental_SRS
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm
> dbmnz dnsdb mysql
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Fixed never_users: 0
> Size of off_t: 8
> Configuration file is /usr/local/etc/exim/exim.conf
>
>
> --
> Chris.
>
>
> On Mon, Nov 7, 2011 at 2:57 PM, Dave Lugo <dlugo@???> wrote:
>>
>> While I don't know why it's not working, this will
>> help you get more debug data:
>>
>> exim -bhc 80.239.186.47
>>
>> ... and simulate the connection.  Use the HELO (H=)
>> shown in the log snippet, and the same from/to that
>> are there.
>>
>> The debug output produced should provide some clues.
>>
>>
>> On Mon, 7 Nov 2011, Chris Knipe wrote:
>>
>>> Date: Mon, 7 Nov 2011 07:45:50
>>> From: Chris Knipe <savage@???>
>>> To: exim-users@???
>>> Subject: [exim] What the...
>>>
>>> Hi,
>>>
>>> I'm a bit in the dark here...   For the love of me, I cannot determine
>>> why this (and only this specific email from battle.net) are being
>>> rejected by exim.  All emails from this specific host seems to be
>>> rejected for some reason, but I cannot determine why? :(  All my
>>> rejects in my ACLs have a message specified, but according to the log
>>> the email is rejected without an message...
>>>
>>> I have log_selector = +all -pid in my config, and the only entries in
>>> the log is below (together with my acls)...
>>>
>>> main.log:
>>> 2011-11-07 07:37:45 SMTP connection from [80.239.186.47]:36044
>>> I=[64.16.211.38]:25 (TCP/IP connection count = 1)
>>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>>> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
>>> <savage@???>
>>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>>> I=[64.16.211.38]:25 incomplete transaction (RSET) from
>>> <noreply@???>
>>> 2011-11-07 07:37:48 SMTP connection from ext-smtp11.eu.battle.net
>>> [80.239.186.47]:36044 I=[64.16.211.38]:25 closed by QUIT
>>>
>>> reject.log:
>>> 2011-11-07 07:37:47 H=ext-smtp11.eu.battle.net [80.239.186.47]:36044
>>> I=[64.16.211.38]:25 F=<noreply@???> rejected RCPT
>>> <savage@???>
>>>
>>> ACLs:
>>> ######################################################################
>>> #                       ACL CONFIGURATION                            #
>>> #         Specifies access control lists for incoming SMTP mail      #
>>> ######################################################################
>>> begin acl
>>> acl_check_data:
>>>  deny    message       = Hiding of file extensions is not allowed!
>>>         regex         =
>>>
>>> ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
>>>  deny    message       = Message SHOULD have Message-ID: but does not
>>>         condition     = ${if !def:h_Message-ID: {1}}
>>>         hosts         = !+relay_from_hosts
>>>  deny    message       = Message SHOULD have Date: but does not
>>>         condition     = ${if !def:h_Date: {1}}
>>>         hosts         = !+relay_from_hosts
>>>  deny    message       = This message contains a virus or other
>>> harmful content ($malware_name)
>>>         malware       = *
>>>  accept  condition     = ${if >={$message_size}{256k}{yes}{no}}
>>>  warn    message       = X-SA-Score: $spam_score
>>>         hosts         = !+relay_from_hosts
>>>         spam          = spamd
>>>         add_header    = X-Spam_score: $spam_score\n\
>>>                         X-Spam_bar: $spam_bar
>>>  warn    message       = X-SA-Report: $spam_report
>>>         hosts         = !+relay_from_hosts
>>>         spam          = spamd
>>>         condition     = ${if >{$spam_score_int}{0}{true}{false}}
>>>         add_header    = X-Spam_score: $spam_score\n\
>>>                         X-Spam_bar: $spam_bar
>>>  warn    message       = X-SA-Status: Yes
>>>         hosts         = !+relay_from_hosts
>>>         spam          = spamd
>>>         condition     = ${if >{$spam_score_int}{10}{true}{false}}
>>>         add_header    = X-Spam_score: $spam_score\n\
>>>                         X-Spam_bar: $spam_bar
>>>         hosts         = !+relay_from_hosts
>>>  deny    message       = Message not accepted, scored $spam_score spam
>>> points.
>>>         hosts         = !+relay_from_hosts
>>>         spam          = spamd
>>>         condition     = ${if >{$spam_score_int}{70}{true}{false}}
>>>  accept
>>>
>>> acl_check_helo:
>>>  deny    message       = Im afraid I need your name before I can let you
>>> in.
>>>         hosts         = !+relay_from_hosts
>>>         condition     = ${if match {$sender_helo_name}{none} {yes}{no}}
>>>  deny    message       = Invalid HELO/EHLO. You are either spam/a
>>> virus, or your system administrator has incorrectly configured your
>>> network.
>>>         condition     = ${if match{$sender_helo_name}{\\.}{no}{yes}}
>>>         hosts         = !+relay_from_hosts
>>>  deny    message       = HELO/EHLO with my hostname. You are not me.
>>>         hosts         = !+relay_from_hosts
>>>         condition     = ${if or { \
>>>                                  {eq {${lc:$sender_helo_name}}{127.0.0.1}}
>>> \
>>>                                  {eq {${lc:$sender_helo_name}}{localhost}}
>>> \
>>>                                  {eq
>>> {${lc:$sender_helo_name}}{64.16.211.38}} \
>>>                                  {eq
>>> {${lc:$sender_helo_name}}{netsonic.savage.za.org}} \
>>>                                   } {true}{false} }
>>>  deny    message       = Your message was rejected because
>>> $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
>>> for an explanation
>>>         hosts         = !+relay_from_hosts
>>>         dnslists      =
>>>
>>> bl.spamcop.net:sbl.spamhaus.org:xbl.spamhaus.org:zombie.dnsbl.sorbs.net:blackholes.mail-abuse.org:\
>>>
>>>
>>> smtp.dnsbl.sorbs.net:web.dnsbl.sorbs.net:nomail.rhsbl.sorbs.net:badconf.rhsbl.sorbs.net:http.dnsbl.sorbs.net:\
>>>                         socks.dnsbl.sorbs.net:misc.dnsbl.sorbs.net
>>>  accept
>>>
>>> acl_check_rcpt:
>>>  accept  hosts         = :
>>>  deny    message       = Suspected Faked Yahoo Account, E-mail Rejected.
>>>         log_message   = Fake Yahoo
>>>         senders       = *@yahoo.com
>>>         condition     = ${if
>>> match{$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
>>>  deny    message       = Suspected Faked Hotmail Account, E-mail Rejected.
>>>         log_message   = Fake hotmail
>>>         senders       = *@hotmail.com
>>>         condition     = ${if match
>>> {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
>>>  deny    message       = Suspected Faked MSN Account, E-mail Rejected.
>>>         log_message   = Fake MSN
>>>         senders       = *@msn.com
>>>         condition     = ${if match
>>> {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
>>>  deny    message       = Suspected Faked AOL Account, E-mail Rejected.
>>>         log_message   = Fake AOL
>>>         senders       = *@aol.com
>>>         condition     = ${if match
>>> {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
>>>  deny    message       = Restricted characters in address
>>>         domains       = +local_domains
>>>         local_parts   = ^[.] : ^.*[@%!/|]
>>>  deny    message       = Restricted characters in address
>>>         domains       = !+local_domains
>>>         local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>>  accept  local_parts   = postmaster
>>>         domains       = +local_domains
>>>  accept  hosts         = +relay_from_hosts
>>>  require verify        = sender/callout=2m,defer_ok,random
>>>         hosts         = !80.239.186.0/24:!41.183.0.19
>>>         message       = REJECTED - Sender Verify Failed - error code
>>> \"$sender_verify_failure\"\n\nThe return address you are using for
>>> this email message <$sender_address> does not seem to be a working
>>> account.
>>>  deny    message       = REJECTED - Recipient Verify Failed - User Not
>>> Found
>>>         domains       = +local_domains
>>>         !verify       = recipient/callout=2m,defer_ok,use_sender
>>>  accept  authenticated = *
>>>         control       = submission
>>>  require message       = relay not permitted
>>>         domains       = +local_domains : +relay_to_domains
>>>  require verify        = recipient
>>>  accept
>>>
>>>
>>
>> --
>> --------------------------------------------------------
>>  Dave Lugo     dlugo@???      No spam, thanks.
>>  Are you the police?  . . .  No ma'am, we're sysadmins.
>> --------------------------------------------------------
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
>
>
>


-- 
--------------------------------------------------------
  Dave Lugo     dlugo@???      No spam, thanks.
  Are you the police?  . . .  No ma'am, we're sysadmins.
--------------------------------------------------------