Re: [exim] Using local_host_blacklist

Etusivu
Poista viesti
Vastaa
Lähettäjä: Andreas Metzler
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] Using local_host_blacklist
[redirecting with full-quote to ML - please do not take discussions
off-list without good reason]

On 2016-02-11 Amanda Giarla <amandagiarla@???> wrote:
> Sorry for the lack of clarity.


> I'm working on a training server with the general goal of managing email.
> The specific task at this moment is understanding email blacklisting.
> The server is set up withUbuntu, VestaCP, exim4, dovecot, clamAV,
> spamassassin etc.
> The exim4 log file is located at* /var/log/exim4/mainlog*
> I can


> *tail -f /var/log/exim4/mainlog*


> and watch exim make log entries on inbound emails
> For example the following test message was sent from my iphone via sonic.net
> and the following appeared in the log file


> 2016-02-10 18:56:51 1aTect-0003kd-Gx <= sue@??? H=c.mail.sonic.net
> [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781 id=
> D6AE67A2-E391-4A37-8EEF-E47D0BC54EDF@???
> 2016-02-10 18:56:51 1aTect-0003kd-Gx => jane <jane@???>
> R=localuser T=local_delivery
> 2016-02-10 18:56:51 1aTect-0003kd-Gx Completed


> Notice that the log entry of the email includes the *From: IP Address of
> [64.142.111.80]*


> So I created the following file


> */etc/exim4/local_host_blacklist*


> and placed the the IP address 64.142.111.80 in the file.
> Note: That IP address is the only thing in the file.


> did a


> *service exim4 restart*


> Resent a message from my iPhone and the following was logged in*
> /var/log/exim4/mainlog*
> Nothing was entered in* /var/log/exim4/rejectlog*


> 2016-02-11 12:46:05 1aTvJd-0003Wp-DM <= sue@??? H=c.mail.sonic.net
> [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781 id=
> 065F2950-1086-4AF3-A5E7-0DF6C84CBCD2@???
> 2016-02-11 12:46:05 1aTvJd-0003Wp-DM => jane <jane@???>
> R=localuser T=local_delivery
> 2016-02-11 12:46:05 1aTvJd-0003Wp-DM Completed


> If the black list mechanism is working then I expected to see a difference
> in log entries.
> But I did not.
> So clearly EITHER the exim4 blacklist mechanism is broken* (not likely)* OR
> I have miss interpreted the documentation and messed something up (Which of
> course is the most likely thing that has happened).

[...]

This should work and you should be able to find the cause with
swaks --to jane@??? --from sue@??? -pipe "exim -bh 64.142.111.80"

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'