Re: [exim] Weird error showing up in mainlogy

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Mike Brudenell
CC: Exim Users
Old-Topics: Re: [exim] Weird error showing up in mainlog
Subject: Re: [exim] Weird error showing up in mainlogy
On Mon, Nov 27, 2017 at 03:44:08PM +0000, Mike Brudenell via Exim-users wrote:
> "The Doctor",
>
> Pulling together bits and pieces, and trying to add something of my own;
> see if this makes sense???
>
> The log entry for Exim message id 1eIGVs-000Ntb-OB shows the incoming
> message has an RC5321.MailFrom address of <info@???>,
> but either the "for" recipient list has been edited out of the log entry or
> the logging level isn't high enough to show it. However these can be
> inferred from the log lines that follow.
>
> The SMTP rejection error issued by impactofficeservices.ca
> [173.254.28.40] clearly says that it's the RFC5321.MailFrom address that it
> is unhappy with, which it is seeing as being the unqualified address
> <root>. It is stating that it wants a fully qualified email address.
>
> This implies that something within the Exim configuration is altering the
> RC5321.MailFrom address from the original <info@???> to
> <root>.
>
> This is unlikely to be the aliases file as that is generally applied to
> *recipient* addresses within your own domain: not applied to *sender*
> addresses. (Although you can configure and set up pretty much anything!)
>


All right given what was posted from the /etc/aliases from
the system here, I fully concur.

> So it could be something in Exim's rewrite section, or there might be some
> other magic going on. For example I learned recently that some systems have
> a /etc/email-addresses file set up to modify the sender address. We're
> looking at using this to locally rewrite local accounts on end-nodes into
> centrally recognisable email addresses, However this is *not* something
> built into the standard Exim setup; it's either something you configure in
> yourself, or might possibly be present in some Linux distros'
> configurations, in which case it's really a question to ask that distro's
> community.


This is a FREEBSD box and there are no rewrite rules.

>
> The key thing is to be methodical and get more information. This doesn't
> mean just copying and pasting chucks of logfiles, but to make sure that the
> logging level is set to get relevant information ??? see log_selector.
>
> I useful technique I use on my test server is to stop the running Exim
> daemon and instead invoke it manually with
>
> exim -v -d+all -bd
>
>
> This starts Exim in daemon mode with verbose logging at all levels coming
> out on my terminal. I then send a test message through it ??? either crafted
> manually or by using the swaks utility ??? from another window, then read
> through the very verbose logging. This lets you see exactly what's
> happening, being rewritten, ACLs and routers that are firing, and so on. It
> should help you locate what is changing the sender address between the
> message arriving and it going out again.
>


All right, how do I redirect so that the log files can capture this information?

> An alternative approach is to use Exim's "-bhc" command line to fake up a
> message complete with setting the IP address of the sending host: useful if
> your configuration file's logic does different things based on the source
> IP address.
>
> Basically you need a good knowledge of your Exim configuration file in
> order to work out what might be happening, and the above detailed logging
> will help you work through it and confirm it's as you intend. We here in
> the community can't do much to help without that intimate knowledge of your
> configuration: both file and support files. I'd suggest rolling up your
> metaphorical sleeves and use the debugging options and log levels.
>
> Mike B.
>


Will get back to you all soon.

> On 24 November 2017 at 17:35, The Doctor <doctor@???> wrote:
>
> > On Fri, Nov 24, 2017 at 07:03:03AM -0700, The Doctor wrote:
> > > On Fri, Nov 24, 2017 at 10:18:29AM +0000, Jeremy Harris wrote:
> > > > On 24/11/17 03:30, The Doctor wrote:
> > > > > 2017-11-23 13:00:00 1eHxbt-0008Sf-2W ** {legit e-mail address}
> > R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote
> > mail server after pipelined MAIL FROM:<root> SIZE=13880523: 501 <root>:
> > sender address must contain a domain
> > > > >
> > > > > What is happening?
> > > >
> > > > A remote system that you are trying to send a mail to, is rejecting
> > that
> > > > message. The tail end of that log line, starting "501", is what they
> > > > said.
> > > >
> > > > My interpretation of what they said is that they don't like one of
> > > > - the envelope from
> > > > - the header From: (or possibly Sender:)
> > > > but you'd need to verify their policies by asking them.
> > > > --
> > > > Jeremy
> > > >
> > >
> > >
> > > Al right subsequent discoveries of followups of the symptoms were
> > ignored.
> > >
> > > Let me describe step by step what is happening.
> > >
> > > 1) In order to bypass the annoying on behalf of header placed by
> > > exim
> > >
> > > no_local_from_check
> > > untrusted_set_sender = *
> > >
> > > 2)
> > >
> > > REmote non-LAN users can use either PLAIN or LOGIN without on the behalf
> > of
> > > and send through and is logged accordingly
> > >
> > > UNLESS
> > >
> > > 3)
> > >
> > > you show up as info@??? then instead of info@???
> > > something in exim says you are "root" without any domain and
> > >
> > > the info account trying to pass an e-mail gets
> > >
> > > This message was created automatically by mail delivery software.
> > >
> > > A message that you sent could not be delivered to one or more of its
> > > recipients. This is a permanent error. The following address(es) failed:
> > >
> > > i)
> > > intended recipient @ whereever
> > > host doctor.nl2k.ab.ca [204.209.81.1]
> > > SMTP error from remote mail server after pipelined MAIL FROM:<root>
> > SIZE=26833:
> > > 501 <root>: sender address must contain a domain
> > >
> > > ii)
> > >
> > >
> > > smiro@???
> > > host ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]
> > > SMTP error from remote mail server after pipelined MAIL FROM:<root>:
> > > 553 5.1.7 <root>... Domain name required for sender address root
> > >
> > > iii)
> > >
> > >
> > > info@???
> > > host doctor.nl2k.ab.ca [204.209.81.1]
> > > SMTP error from remote mail server after pipelined MAIL FROM:<root>
> > SIZE=2890232:
> > > 501 <root>: sender address must contain a domain
> > >
> > > and the case of iii) was a cc to self.
> > >
> > >
> > > ARe you now getting this picture of a showstopper in virtual e-mail of
> > thsoe
> > > using info@??? ?
> > >
> >
> > <Snip>
> >
> > Some more relevant stuff from our logs
> >
> > 2017-11-24 09:07:36 1eIGVs-000Ntb-OB <= info@???
> > H=d142-59-12
> > 3-92.abhsia.telus.net (ImpactLaptop) [142.59.123.92] P=esmtpsa
> > X=TLSv1.2:ECDHE-R
> > SA-AES256-GCM-SHA384:256 CV=no A=LOGIN:smosinfo S=149486
> > id=004201d3653e$5829d2b
> > 0$087d7810$@???
> > 2017-11-24 09:07:43 Start queue run: pid=91860
> > 2017-11-24 09:07:46 1eIGVs-000Ntb-OB [23.103.157.10] SSL verify error:
> > depth=1 e
> > rror=unable to get local issuer certificate cert=/C=US/ST=Washington/L=Red
> > mond/O
> > =Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2
> > 2017-11-24 09:07:46 1eIGVs-000Ntb-OB Received TLS cert status response,
> > itself u
> > nverifiable
> > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error:
> > depth=2 e
> > rror=unable to get local issuer certificate cert=/C=GB/ST=Greater
> > Manchester/L=S
> > alford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
> > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB [173.254.28.40] SSL verify error:
> > certificate name mismatch: DN="/OU=Domain Control Validated/OU=Hosted by
> > Just Host/OU=PositiveSSL Wildcard/CN=*.justhost.com" H="
> > impactofficeservices.ca"
> > 2017-11-24 09:07:52 1eIGVs-000Ntb-OB ** dmiller@???
> > <Dmiller@???> R=dnslookup T=remote_smtp H=
> > impactofficeservices.ca [173.254.28.40] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
> > CV=no: SMTP error from remote mail server after pipelined MAIL FROM:<root>
> > SIZE=152662: 501 <root>: sender address must contain a domain
> > 2017-11-24 09:07:56 1eIGVs-000Ntb-OB ** kevin.lindstrom@???
> > R=dnslookup T=remote_smtp H=solutionsbi-ca.mail.protection.outlook.com
> > [23.103.157.10] X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no: SMTP error
> > from remote mail server after pipelined sending data block: 501 5.1.7
> > Invalid address [QB1CAN01FT010.eop-CAN01.prod.protection.outlook.com]
> > 2017-11-24 09:07:56 1eIGWC-000Nth-8I <= <> R=1eIGVs-000Ntb-OB U=exim
> > P=local S=3083
> > 2017-11-24 09:07:56 1eIGVs-000Ntb-OB Completed
> >
> > Note the sender was an info@ ...
> >
> >
> > 2017-11-24 08:21:06 1eIFms-000NV7-4e <= info@??? H=
> > s0106c82a14027763.ed.shawcable.net ([192.168.1.122]) [70.74.151.156]
> > P=esmtpsa X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no A=PLAIN:integration
> > S=3447 id=1D3C06A3-4C4D-4179-94CD-BB4925FF94B3@???
> > 2017-11-24 08:21:40 Start queue run: pid=90342
> > 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error:
> > depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The
> > Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
> > 2017-11-24 08:21:40 1eIFmU-000NV3-7g [204.209.81.1] SSL verify error:
> > certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca"
> > H="doctor.nl2k.ab.ca"
> > 2017-11-24 08:21:42 1eIFmU-000NV3-7g => root@??? R=dnslookup
> > T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK
> > id=1eIFnR-000ANH-66"
> > 2017-11-24 08:21:42 1eIFmU-000NV3-7g Completed
> > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Spool file is locked (another process
> > is handling this message)
> > 2017-11-24 08:21:42 1eIFms-000NV7-4e H=gmail-smtp-in.l.google.com
> > [2607:f8b0:400e:c04::1a] No route to host
> > 2017-11-24 08:21:42 1eIFms-000NV7-4e [74.125.28.26] SSL verify error:
> > depth=2 error=unable to get local issuer certificate cert=/C=US/O=GeoTrust
> > Inc./CN=GeoTrust Global CA
> > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h == root@??? R=dnslookup
> > T=remote_smtp defer (-46) H=doctor.nl2k.ab.ca [204.209.81.1]: SMTP error
> > from remote mail server after end of data: 451 Temporary local problem -
> > please try later
> > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h ** root@???: retry timeout exceeded
> > 2017-11-24 08:21:42 1eIFnS-000NVF-Vw <= <> R=1eIB4O-000BMZ-6h U=exim
> > P=local S=1927
> > 2017-11-24 08:21:42 1eIB4O-000BMZ-6h Completed
> > 2017-11-24 08:21:43 1eIFms-000NV7-4e Spool file is locked (another process
> > is handling this message)
> > 2017-11-24 08:21:43 End queue run: pid=90305
> > 2017-11-24 08:21:43 1eIFms-000NV7-4e ** tracypilates@???
> > R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.28.26]
> > X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no: SMTP error from remote
> > mail server after pipelined end of data: 553 5.1.2 The sender address
> > <root> is not a valid RFC-5321 address. p17si18545031pgq.130 - gsmtp
> > 2017-11-24 08:21:43 1eIFnT-000NVI-1i <= <> R=1eIFms-000NV7-4e U=exim
> > P=local S=5022
> > 2017-11-24 08:21:43 1eIFms-000NV7-4e Completed
> > 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error:
> > depth=3 error=self signed certificate in certificate chain cert=/C=US/O=The
> > Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
> > 2017-11-24 08:21:43 1eIFnT-000NVI-1i [204.209.81.1] SSL verify error:
> > certificate name mismatch: DN="/OU=Domain Control Validated/CN=mail.nk.ca"
> > H="doctor.nl2k.ab.ca"
> > 2017-11-24 08:21:55 1eIFnT-000NVI-1i => info@???
> > R=dnslookup T=remote_smtp H=doctor.nl2k.ab.ca [204.209.81.1]
> > X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK
> > id=1eIFnT-000ANW-Aj"
> > 2017-11-24 08:21:55 1eIFnT-000NVI-1i Completed
> > 2017-11-24 08:21:55 End queue run: pid=90342
> >
> >
> > This is backed up by http://ns2.nk.ca/eximstats.html
> >
> > Solution needed as of 2 days ago.
> >
> > --
> > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@
> > nl2k.ab.ca
> > Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist
> > rising!
> > https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on
> > Atheism
> > Happy Christmas 2017 and Merry New Year 2018
> >
> > --
> > ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> > ## Exim details at http://www.exim.org/
> > ## Please use the Wiki with this list - http://wiki.exim.org/
> >
>
>
>
> --
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811 <01904%20323811>
>
> Web: www.york.ac.uk/it-services
> Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Happy Christmas 2017 and Merry New Year 2018