Re: [exim] Frankenstein exim.conf

Pàgina inicial
Delete this message
Reply to this message
Autor: schmerold2@gmail.com
Data:  
A: Todd Lyons
Assumpte: Re: [exim] Frankenstein exim.conf
On 4/30/2014 9:28 AM, Todd Lyons wrote:
> On Wed, Apr 30, 2014 at 6:39 AM, schmerold2@???
> <schmerold2@???> wrote:
>> I have tweaked exim.conf so many times over the years, that I am concerned
>> something(s) are completely disfunctional. For example I have been receiving
>> spam from servers blacklist by mcafee & barracuda, reviewing the logs, I
>> find neither blacklist has blocked any message.
>>
> <snip>
>>
>>    deny message = rejected because $sender_host_address is in a black list at
>> $dnslist_domain\n$dnslist_text
>>    deny dnslists =
>> zen.spamhaus.org/<;$sender_host_address;$sender_address_domain :\
>>         cidr.bl.mcafee.com : bl.spameatingmonkey.net : bl.mailspike.net :
>> dnsbl.sorbs.net : b.barracudacentral.org : bb.barracudacentral.org :
>> psbl.surriel.com : \
>>         hostkarma.junkemailfilter.com=127.0.0.2

>
> Do a simulated connection and look in the debug output and see what
> the problem is:
>
> exim -bh ip.that.should.reject
> EHLO hostname.of.that.ip
> MAIL FROM:<valid_sender@???>
> RCPT TO:<valid_recipient@???>
>
> At this point, the rcpt acl will be processed, which is where your RBL
> is checked. Look in the debug output and find that specific acl
> stanza and see what the result is. Post the section here if you have
> difficulty interpreting the results.
>
> ...Todd
>


Exim seems to be disregarding dnslist directive. What setting would
cause this:
[root@mx2 ~]# dig 83.16.212.66.cidr.bl.mcafee.com +short
127.0.0.3

[root@mx2 ~]# exim -bh 66.212.16.83

**** SMTP testing session as if from host 66.212.16.83
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)

LOG: SMTP connection from [66.212.16.83]
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 66.212.16.83
>>> IP address lookup yielded 66.212.16.83.static.quadranet.com
>>> gethostbyname2 looked up these IP addresses:
>>> name=66.212.16.83.static.quadranet.com address=127.0.0.1
>>> checking addresses for 66.212.16.83.static.quadranet.com
>>> 127.0.0.1
>>> no IP address for 66.212.16.83.static.quadranet.com matched

66.212.16.83
>>> 66.212.16.83 does not match any IP address for

66.212.16.83.static.quadranet.com
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 fastnet1.com ESMTP SMTP Gateway: Authorized Use Only! Violators will
be persecuted Exim 4.80.1 Wed, 30 Apr 2014 12:03:50 -0500
EHLO phyto-naturalskinyoung.me
>>> phyto-naturalskinyoung.me in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? no (option unset)

250-mx2.fastnet1.com Hello phyto-naturalskinyoung.me [66.212.16.83]
250-SIZE 73400320
250-8BITMIME
250-PIPELINING
250 HELP
MAIL FROM:<valid_sender@???>
250 OK
MAIL FROM:<valid_sender@???>
LOG: SMTP protocol error in "MAIL FROM:<valid_sender@???>"
H=(phyto-naturalskinyoung.me) [66.212.16.83] sender already given
503 sender already given
RCPT TO:<john@???>
>>> using ACL "acl_check_rcpt"
>>> processing "accept"
>>> check hosts = lsearch;/etc/exim/whitelist
>>> sender host name required, to match against lsearch;/etc/exim/whitelist
>>> host in "lsearch;/etc/exim/whitelist"? no (failed to find host name

for 66.212.16.83)
>>> accept: condition test failed in ACL "acl_check_rcpt"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed in ACL "acl_check_rcpt"
>>> processing "deny"
>>> check local_parts = ^.*[@%!/|] : ^\\.
>>> john in "^.*[@%!/|] : ^\."? no (end of list)
>>> deny: condition test failed in ACL "acl_check_rcpt"
>>> processing "deny"
>>> check condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
>>>                 = yes
>>> check condition = ${if match{$sender_helo_name}{\N[^.]\N}{no}{yes}}
>>>                 = no
>>> deny: condition test failed in ACL "acl_check_rcpt"
>>> processing "accept"
>>> check domains = +relay_to_domains
>>> katy.com in "partial-lsearch;/etc/exim/transport"? yes (matched

"partial-lsearch;/etc/exim/transport")
>>> katy.com in "+relay_to_domains"? yes (matched "+relay_to_domains")
>>> check verify = recipient
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing john@???
>>> calling redirect router
>>> redirect router declined for john@???
>>> katy.com in "+relay_to_domains"? yes (matched "+relay_to_domains" -

cached)
>>> calling internal router
>>> routed by internal router
>>> ----------- end verify ------------
>>> accept: condition test succeeded in ACL "acl_check_rcpt"

250 Accepted
quit
LOG: H=(phyto-naturalskinyoung.me) [66.212.16.83] incomplete transaction
(QUIT) from <valid_sender@???> for john@???
221 mx2.fastnet1.com closing connection
LOG: SMTP connection from (phyto-naturalskinyoung.me) [66.212.16.83]
closed by QUIT
[root@mx2 ~]#