"The Doctor",
Pulling together bits and pieces, and trying to add something of my own;
see if this makes sense…
The log entry for Exim message id 1eIGVs-000Ntb-OB shows the incoming
message has an RC5321.MailFrom address of <info@???>,
but either the "for" recipient list has been edited out of the log entry or
the logging level isn't high enough to show it. However these can be
inferred from the log lines that follow.
The SMTP rejection error issued by impactofficeservices.ca
[173.254.28.40] clearly says that it's the RFC5321.MailFrom address that it
is unhappy with, which it is seeing as being the unqualified address
<root>. It is stating that it wants a fully qualified email address.
This implies that something within the Exim configuration is altering the
RC5321.MailFrom address from the original <info@???> to
<root>.
This is unlikely to be the aliases file as that is generally applied to
*recipient* addresses within your own domain: not applied to *sender*
addresses. (Although you can configure and set up pretty much anything!)
So it could be something in Exim's rewrite section, or there might be some
other magic going on. For example I learned recently that some systems have
a /etc/email-addresses file set up to modify the sender address. We're
looking at using this to locally rewrite local accounts on end-nodes into
centrally recognisable email addresses, However this is *not* something
built into the standard Exim setup; it's either something you configure in
yourself, or might possibly be present in some Linux distros'
configurations, in which case it's really a question to ask that distro's
community.
The key thing is to be methodical and get more information. This doesn't
mean just copying and pasting chucks of logfiles, but to make sure that the
logging level is set to get relevant information — see log_selector.
I useful technique I use on my test server is to stop the running Exim
daemon and instead invoke it manually with
exim -v -d+all -bd
This starts Exim in daemon mode with verbose logging at all levels coming
out on my terminal. I then send a test message through it — either crafted
manually or by using the swaks utility — from another window, then read
through the very verbose logging. This lets you see exactly what's
happening, being rewritten, ACLs and routers that are firing, and so on. It
should help you locate what is changing the sender address between the
message arriving and it going out again.
An alternative approach is to use Exim's "-bhc" command line to fake up a
message complete with setting the IP address of the sending host: useful if
your configuration file's logic does different things based on the source
IP address.
Basically you need a good knowledge of your Exim configuration file in
order to work out what might be happening, and the above detailed logging
will help you work through it and confirm it's as you intend. We here in
the community can't do much to help without that intimate knowledge of your
configuration: both file and support files. I'd suggest rolling up your
metaphorical sleeves and use the debugging options and log levels.
Mike B.
On 24 November 2017 at 17:35, The Doctor <doctor@???> wrote:
> On Fri, Nov 24, 2017 at 07:03:03AM -0700, The Doctor wrote:
> > On Fri, Nov 24, 2017 at 10:18:29AM +0000, Jeremy Harris wrote:
> > > On 24/11/17 03:30, The Doctor wrote:
> > > > 2017-11-23 13:00:00 1eHxbt-0008Sf-2W ** {legit e-mail address}
> R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote
> mail server after pipelined MAIL FROM:<root> SIZE=13880523: 501 <root>:
> sender address must contain a domain
> > > >
> > > > What is happening?
> > >
> > > A remote system that you are trying to send a mail to, is rejecting
> that
> > > message. The tail end of that log line, starting "501", is what they
> > > said.
> > >
> > > My interpretation of what they said is that they don't like one of
> > > - the envelope from
> > > - the header From: (or possibly Sender:)
> > > but you'd need to verify their policies by asking them.
> > > --
> > > Jeremy
> > >
> >
> >
> > Al right subsequent discoveries of followups of the symptoms were
> ignored.
> >
> > Let me describe step by step what is happening.
> >
> > 1) In order to bypass the annoying on behalf of header placed by
> > exim
> >
> > no_local_from_check
> > untrusted_set_sender = *
> >
> > 2)
> >
> > REmote non-LAN users can use either PLAIN or LOGIN without on the behalf
> of
> > and send through and is logged accordingly
> >
> > UNLESS
> >
> > 3)
> >
> > you show up as info@??? then instead of info@???
> > something in exim says you are "root" without any domain and
> >
> > the info account trying to pass an e-mail gets
> >
> > This message was created automatically by mail delivery software.
> >
> > A message that you sent could not be delivered to one or more of its
> > recipients. This is a permanent error. The following address(es) failed:
> >
> > i)
> > intended recipient @ whereever
> > host doctor.nl2k.ab.ca [204.209.81.1]
> > SMTP error from remote mail server after pipelined MAIL FROM:<root>
> SIZE=26833:
> > 501 <root>: sender address must contain a domain
> >
> > ii)
> >
> >
> > smiro@???
> > host ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]
> > SMTP error from remote mail server after pipelined MAIL FROM:<root>:
> > 553 5.1.7 <root>... Domain name required for sender address root
> >
> > iii)
> >
> >
> > info@???
> > host doctor.nl2k.ab.ca [204.209.81.1]
> > SMTP error from remote mail server after pipelined MAIL FROM:<root>
> SIZE=2890232:
> > 501 <root>: sender address must contain a domain
> >
> > and the case of iii) was a cc to self.
> >
> >
> > ARe you now getting this picture of a showstopper in virtual e-mail of
> thsoe
> > using info@??? ?
> >
>
> <Snip>
>
> Some more relevant stuff from our logs
>
> 2017-11-24 09:07:36 1eIGVs-000Ntb-OB <= info@???
> H=d142-59-12
> 3-92.abhsia.telus.net (ImpactLaptop) [142.59.123.92] P=esmtpsa
> X=TLSv1.2:ECDHE-R
> SA-AES256-GCM-SHA384:256 CV=no A=LOGIN:smosinfo S=149486
> id=004201d3653e$5829d2b
> 0$087d7810$@???
> 2017-11-24 09:07:43 Start queue run: pid=91860
> 2017-11-24 09:07:46 1eIGVs-000Ntb-OB [23.103.157.10] SSL verify error:
> depth=1 e
> rror=unable to get local issuer certificate cert=/C=US/ST=Washington/L=Red
> mond/O
> =Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
> 2017-11-24 09:07:46 1eIGVs-000Ntb-OB Received TLS cert status response,
> itself u
> nverifiable
> 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error:
> depth=2 e
> rror=unable to get local issuer certificate cert=/C=GB/ST=Greater
> Manchester/L=S
> alford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
> 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error:
> certificate name mismatch: DN="/OU=Domain Control Validated/OU=Hosted by
> Just Host/OU=PositiveSSL Wildcard/CN=*.justhost.com" H="
> impactofficeservices.ca"
> 2017-11-24 09:07:52 1eIGVs-000Ntb-OB ** dmiller@???
> <Dmiller@???> R=dnslookup T=remote_smtp H=
> impactofficeservices.ca [173.254.28.40] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
> CV=no: SMTP error from remote mail server after pipelined MAIL FROM:<root>
> SIZE=152662: 501 <root>: sender address must contain a domain
> 2017-11-24 09:07:56 1eIGVs-000Ntb-OB ** kevin.lindstrom@???
> R=dnslookup T=remote_smtp H=solutionsbi-ca.mail.protection.outlook.com
> [23.103.157.10] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no: SMTP error
> from remote mail server after pipelined sending data block: 501 5.1.7
> Invalid address [QB1CAN01FT010.eop-CAN01.prod.protection.outlook.com]
> 2017-11-24 09:07:56 1eIGWC-000Nth-8I <= <> R=1eIGVs-000Ntb-OB U=exim
> P=local S=3083
> 2017-11-24 09:07:56 1eIGVs-000Ntb-OB Completed
>
> Note the sender was an info@ ...
>
>
> 2017-11-24 08:21:06 1eIFms-000NV7-4e <= info@??? H=
> s0106c82a14027763.ed.shawcable.net ([192.168.1.122]) [70.74.151.156]
> P=esmtpsa X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no A=PLAIN:integration
> S=3447 id=1D3C06A3-4C4D-4179-94CD-BB4925FF94B3@???
> 2017-11-24 08:21:40 Start queue run: pid=90342
> 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error:
> depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The
> Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
> 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error:
> certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca"
> H="doctor.nl2k.ab.ca"
> 2017-11-24 08:21:42 1eIFmU-000NV3-7g => root@??? R=dnslookup
> T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK
> id=1eIFnR-000ANH-66"
> 2017-11-24 08:21:42 1eIFmU-000NV3-7g Completed
> 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Spool file is locked (another process
> is handling this message)
> 2017-11-24 08:21:42 1eIFms-000NV7-4e H=gmail-smtp-in.l.google.com
> [2607:f8b0:400e:c04::1a] No route to host
> 2017-11-24 08:21:42 1eIFms-000NV7-4e [74.125.28.26] SSL verify error:
> depth=2 error=unable to get local issuer certificate cert=/C=US/O=GeoTrust
> Inc./CN=GeoTrust Global CA
> 2017-11-24 08:21:42 1eIB4O-000BMZ-6h == root@??? R=dnslookup
> T=remote_smtp defer (-46) H=doctor.nl2k.ab.ca [204.209.81.1]: SMTP error
> from remote mail server after end of data: 451 Temporary local problem -
> please try later
> 2017-11-24 08:21:42 1eIB4O-000BMZ-6h ** root@???: retry timeout exceeded
> 2017-11-24 08:21:42 1eIFnS-000NVF-Vw <= <> R=1eIB4O-000BMZ-6h U=exim
> P=local S=1927
> 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Completed
> 2017-11-24 08:21:43 1eIFms-000NV7-4e Spool file is locked (another process
> is handling this message)
> 2017-11-24 08:21:43 End queue run: pid=90305
> 2017-11-24 08:21:43 1eIFms-000NV7-4e ** tracypilates@???
> R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.28.26]
> X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no: SMTP error from remote
> mail server after pipelined end of data: 553 5.1.2 The sender address
> <root> is not a valid RFC-5321 address. p17si18545031pgq.130 - gsmtp
> 2017-11-24 08:21:43 1eIFnT-000NVI-1i <= <> R=1eIFms-000NV7-4e U=exim
> P=local S=5022
> 2017-11-24 08:21:43 1eIFms-000NV7-4e Completed
> 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error:
> depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The
> Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
> 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error:
> certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca"
> H="doctor.nl2k.ab.ca"
> 2017-11-24 08:21:55 1eIFnT-000NVI-1i => info@???
> R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK
> id=1eIFnT-000ANW-Aj"
> 2017-11-24 08:21:55 1eIFnT-000NVI-1i Completed
> 2017-11-24 08:21:55 End queue run: pid=90342
>
>
> This is backed up by http://ns2.nk.ca/eximstats.html
>
> Solution needed as of 2 days ago.
>
> --
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@
> nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist
> rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on
> Atheism
> Happy Christmas 2017 and Merry New Year 2018
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811 <01904%20323811>
Web:
www.york.ac.uk/it-services
Disclaimer:
www.york.ac.uk/docs/disclaimer/email.htm