Re: [exim] Using local_host_blacklist

Top Page
Delete this message
Reply to this message
Author: Amanda Giarla
Date:  
To: Andreas Metzler, exim-users
Subject: Re: [exim] Using local_host_blacklist
Wow Andreas Swaks is great. Running the following
swaks --to jane@??? --from sue@??? -pipe "exim -bh
64.142.111.80"
was very revealing and adds to my understanding.

Looking through the 150+ lines of output I see the many checks like
"host_reject_connection?" and ""helo_verify_hosts?" and "acl_check_rcpt"
etc.
BUT I do not see anything that I interpret as a local_host_blacklist check.
I do see the zen.spamhous.org check and spamcop.net check.

Is there suppose to be a "local_host_blacklist" check in the output?
I'm thinking that some config file is missing something.



On Fri, Feb 12, 2016 at 5:38 AM, Andreas Metzler <eximusers@???> wrote:

> [redirecting with full-quote to ML - please do not take discussions
> off-list without good reason]
>
> On 2016-02-11 Amanda Giarla <amandagiarla@???> wrote:
> > Sorry for the lack of clarity.
>
> > I'm working on a training server with the general goal of managing email.
> > The specific task at this moment is understanding email blacklisting.
> > The server is set up withUbuntu, VestaCP, exim4, dovecot, clamAV,
> > spamassassin etc.
> > The exim4 log file is located at* /var/log/exim4/mainlog*
> > I can
>
> > *tail -f /var/log/exim4/mainlog*
>
> > and watch exim make log entries on inbound emails
> > For example the following test message was sent from my iphone via
> sonic.net
> > and the following appeared in the log file
>
> > 2016-02-10 18:56:51 1aTect-0003kd-Gx <= sue@??? H=c.mail.sonic.net
> > [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781
> id=
> > D6AE67A2-E391-4A37-8EEF-E47D0BC54EDF@???
> > 2016-02-10 18:56:51 1aTect-0003kd-Gx => jane <jane@???>
> > R=localuser T=local_delivery
> > 2016-02-10 18:56:51 1aTect-0003kd-Gx Completed
>
> > Notice that the log entry of the email includes the *From: IP Address of
> > [64.142.111.80]*
>
> > So I created the following file
>
> > */etc/exim4/local_host_blacklist*
>
> > and placed the the IP address 64.142.111.80 in the file.
> > Note: That IP address is the only thing in the file.
>
> > did a
>
> > *service exim4 restart*
>
> > Resent a message from my iPhone and the following was logged in*
> > /var/log/exim4/mainlog*
> > Nothing was entered in* /var/log/exim4/rejectlog*
>
> > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM <= sue@??? H=c.mail.sonic.net
> > [64.142.111.80] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA256:128 S=1781
> id=
> > 065F2950-1086-4AF3-A5E7-0DF6C84CBCD2@???
> > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM => jane <jane@???>
> > R=localuser T=local_delivery
> > 2016-02-11 12:46:05 1aTvJd-0003Wp-DM Completed
>
> > If the black list mechanism is working then I expected to see a
> difference
> > in log entries.
> > But I did not.
> > So clearly EITHER the exim4 blacklist mechanism is broken* (not likely)*
> OR
> > I have miss interpreted the documentation and messed something up (Which
> of
> > course is the most likely thing that has happened).
> [...]
>
> This should work and you should be able to find the cause with
> swaks --to jane@??? --from sue@??? -pipe "exim -bh
> 64.142.111.80"
>
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>