Hi,
I ported this to the exim-dev list but believe it may be more appropriate here as it a configuration problem not a code development problem.
We have an exim system in which I am trying to migrate to a new RHEL7 system and in the process we have noticed that errors to members of a list file are not bouncing back correctly in the new system.
I our current system I see that messages are sent out and if they bounce they come back to thesendersemail@somedomain.com<mailto:thesendersemail@somedomain.com> and get forwarded to the original sender
If my replacement system I see the bounces are returning to bounces@myeximserver.com<mailto:bounces@myeximserver.com>
And I see the following in the logs:
Jun 7 17:28:52 test exim[32705]: 2021-06-07 17:28:52.615 [32705] 1lqOfs-0008VV-Jb <= <> H=mailtestmta.test.domain.com (mail.test.domain.com) [123.123.215.233]:48218 I=[123.123.215.121]:25 P=esmtps L. X=TLS1.2:ECDHE-RSA-AES256-SHA384:256 CV=no K S=34927 M8S=0 RT=0.005s id=E1lqOfo-000VFK-Fr@list.domain.com<mailto:id=E1lqOfo-000VFK-Fr@list.domain.com> T="Mail delivery failed: returning message to sender" from <> for bounces@test.domain.com<mailto:bounces@test.domain.com>
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.626 [32706] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lqOfs-0008VV-Jb
Jun 7 17:28:52 test exim[32705]: 2021-06-07 17:28:52.626 [32705] SMTP connection from mailtestmta.test.domain.com (mail.test.domain.com) [123.123.215.233]:48218 I=[123.123.215.121]:25 closed by QUIT
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.630 [32706] 1lqOfs-0008VV-Jb ** bounces@test.domain.com<mailto:bounces@test.domain.com> F=<>: Unrouteable address DT=0.000s
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.631 [32706] 1lqOfs-0008VV-Jb Frozen (delivery error message)
I had t make small changes to the config when bringing it over but for the most part they are the same but I cannot determine what is causing this bounceback problem. Can someone see what I cannot?:
My broken config is here: pastebin.com/6sivwtjb Can anyone assist?
And below but less readable
[root@ user]# cat /etc/exim/exim.conf
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
DETAINTFILE = /etc/exim/detaint
BADCHARS = \N[^A-Za-z0-9_.-]+\N
SAFELOCALPART = ${lookup{${sg{$local_part}{BADCHARS}{_}}} lsearch*,ret=key{DETAINTFILE}}
disable_ipv6=true
log_file_path = syslog : /var/log/exim/%s.log
log_selector = +all
# These lists are referred to later in this configuration using the syntax
# +local_domains and +relay_from_hosts, respectively. They
# are all colon-separated lists:
domainlist local_domains = test.mydomain.com : localhost : localhost.localdomain
hostlist relay_from_hosts = 127.0.0.1 : mailtestmta.test.mydomain.com
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
# Allow any client to use TLS.
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
qualify_domain = test.mydomain.com
never_users = root
host_lookup = *
# turn off ident
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 7d
# split_spool_directory = true
message_size_limit = 50M
strip_trailing_dot = true
keep_environment =
add_environment =
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
# This access control list is used for the MAIL command in an incoming
# SMTP message.
acl_check_mail:
# Hosts are required to say HELO (or EHLO) before sending mail.
# So don't allow them to use the MAIL command if they haven't
# done so.
deny condition = ${if eq{$sender_helo_name}{} {1}}
message = Nice boys say HELO first
accept
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
control = dkim_disable_verify
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay.
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
deny
acl_check_data:
accept condition = ${if match {$sender_address_domain}{\N((?i)^mydomain\.com$|(?i)\.mydomain\.com$)\N} {1}}
add_header = X-UofS-Origin: Internal
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
nameserv_aliases:
driver = redirect
data = ${lookup{$local_part@$domain}dbm{/var/exim/aliases.db}}<mailto:$%7blookup%7b$local_part@$domain%7ddbm%7b/var/exim/aliases.db%7d%7d>
system_aliases:
driver = redirect
domains = test.mydomain.com
data = ${lookup{$local_part}dbm{/var/exim/system.db}}
lists_owner:
driver = redirect
domains = test.mydomain.com
local_part_prefix = owner-
file = /var/exim/list/$local_part_prefixSAFELOCALPART
no_more
lists_post:
driver = redirect
domains = test.mydomain.com
headers_remove = ${if exists {/var/exim/header/SAFELOCALPART.removereplyto}\
{Reply-to}{}}
headers_add = ${if exists {/var/exim/header/SAFELOCALPART.add}\
{${readfile{/var/exim/header/SAFELOCALPART.add}{\n}}}{}}
senders = ${if exists {/var/exim/sender/SAFELOCALPART}\
{${lookup{${reduce{${addresses:$h_from:}}{}{$item}}}nwildlsearch{/var/exim/sender/SAFELOCALPART}{ : *}{nwildlsearch;/var/exim/sender/SAFELOCALPART}}}{ : *}}
file = /var/exim/list/SAFELOCALPART
forbid_pipe
forbid_file
errors_to = ${if exists {/var/exim/error/SAFELOCALPART}\
{${readfile{/var/exim/error/SAFELOCALPART}{}}}\
{$sender_address}}
skip_syntax_errors
syntax_errors_to = ${if exists {/var/exim/error/SAFELOCALPART}\
{${readfile{/var/exim/error/SAFELOCALPART}{}}}\
{}}
no_more
lists_closed:
driver = redirect
domains = test.mydomain.com
allow_fail
data = :fail: $local_part@mydomain.com<mailto:$local_part@mydomain.com> (Error sending to list)
smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_smtp
# route_list = !+local_domains post.mydomain.com
# hosts_randomize = true
route_list = !+local_domains test-mydomain-com.mail.protection.outlook.com
no_more
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
#This is already specified above, is it needed?
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# WARNING: If you do not have any retry rules at all (this section of the
# configuration is non-existent or empty), Exim will not do any retries of
# messages that fail to get delivered at the first attempt. The effect will
# be to treat temporary errors as permanent. Therefore, DO NOT remove this
# retry rule unless you really don't want any retries.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,10m,2m; F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
# begin rewrite
# begin authenticators
# begin local_scan
# End of Exim configuration file
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
I ported this to the exim-dev list but believe it may be more appropriate here as it a configuration problem not a code development problem.
We have an exim system in which I am trying to migrate to a new RHEL7 system and in the process we have noticed that errors to members of a list file are not bouncing back correctly in the new system.
I our current system I see that messages are sent out and if they bounce they come back to thesendersemail@somedomain.com<mailto:thesendersemail@somedomain.com> and get forwarded to the original sender
If my replacement system I see the bounces are returning to bounces@myeximserver.com<mailto:bounces@myeximserver.com>
And I see the following in the logs:
Jun 7 17:28:52 test exim[32705]: 2021-06-07 17:28:52.615 [32705] 1lqOfs-0008VV-Jb <= <> H=mailtestmta.test.domain.com (mail.test.domain.com) [123.123.215.233]:48218 I=[123.123.215.121]:25 P=esmtps L. X=TLS1.2:ECDHE-RSA-AES256-SHA384:256 CV=no K S=34927 M8S=0 RT=0.005s id=E1lqOfo-000VFK-Fr@list.domain.com<mailto:id=E1lqOfo-000VFK-Fr@list.domain.com> T="Mail delivery failed: returning message to sender" from <> for bounces@test.domain.com<mailto:bounces@test.domain.com>
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.626 [32706] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lqOfs-0008VV-Jb
Jun 7 17:28:52 test exim[32705]: 2021-06-07 17:28:52.626 [32705] SMTP connection from mailtestmta.test.domain.com (mail.test.domain.com) [123.123.215.233]:48218 I=[123.123.215.121]:25 closed by QUIT
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.630 [32706] 1lqOfs-0008VV-Jb ** bounces@test.domain.com<mailto:bounces@test.domain.com> F=<>: Unrouteable address DT=0.000s
Jun 7 17:28:52 test exim[32706]: 2021-06-07 17:28:52.631 [32706] 1lqOfs-0008VV-Jb Frozen (delivery error message)
I had t make small changes to the config when bringing it over but for the most part they are the same but I cannot determine what is causing this bounceback problem. Can someone see what I cannot?:
My broken config is here: pastebin.com/6sivwtjb Can anyone assist?
And below but less readable
[root@ user]# cat /etc/exim/exim.conf
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
DETAINTFILE = /etc/exim/detaint
BADCHARS = \N[^A-Za-z0-9_.-]+\N
SAFELOCALPART = ${lookup{${sg{$local_part}{BADCHARS}{_}}} lsearch*,ret=key{DETAINTFILE}}
disable_ipv6=true
log_file_path = syslog : /var/log/exim/%s.log
log_selector = +all
# These lists are referred to later in this configuration using the syntax
# +local_domains and +relay_from_hosts, respectively. They
# are all colon-separated lists:
domainlist local_domains = test.mydomain.com : localhost : localhost.localdomain
hostlist relay_from_hosts = 127.0.0.1 : mailtestmta.test.mydomain.com
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
# Allow any client to use TLS.
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
qualify_domain = test.mydomain.com
never_users = root
host_lookup = *
# turn off ident
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 7d
# split_spool_directory = true
message_size_limit = 50M
strip_trailing_dot = true
keep_environment =
add_environment =
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
# This access control list is used for the MAIL command in an incoming
# SMTP message.
acl_check_mail:
# Hosts are required to say HELO (or EHLO) before sending mail.
# So don't allow them to use the MAIL command if they haven't
# done so.
deny condition = ${if eq{$sender_helo_name}{} {1}}
message = Nice boys say HELO first
accept
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
control = dkim_disable_verify
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay.
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
deny
acl_check_data:
accept condition = ${if match {$sender_address_domain}{\N((?i)^mydomain\.com$|(?i)\.mydomain\.com$)\N} {1}}
add_header = X-UofS-Origin: Internal
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
nameserv_aliases:
driver = redirect
data = ${lookup{$local_part@$domain}dbm{/var/exim/aliases.db}}<mailto:$%7blookup%7b$local_part@$domain%7ddbm%7b/var/exim/aliases.db%7d%7d>
system_aliases:
driver = redirect
domains = test.mydomain.com
data = ${lookup{$local_part}dbm{/var/exim/system.db}}
lists_owner:
driver = redirect
domains = test.mydomain.com
local_part_prefix = owner-
file = /var/exim/list/$local_part_prefixSAFELOCALPART
no_more
lists_post:
driver = redirect
domains = test.mydomain.com
headers_remove = ${if exists {/var/exim/header/SAFELOCALPART.removereplyto}\
{Reply-to}{}}
headers_add = ${if exists {/var/exim/header/SAFELOCALPART.add}\
{${readfile{/var/exim/header/SAFELOCALPART.add}{\n}}}{}}
senders = ${if exists {/var/exim/sender/SAFELOCALPART}\
{${lookup{${reduce{${addresses:$h_from:}}{}{$item}}}nwildlsearch{/var/exim/sender/SAFELOCALPART}{ : *}{nwildlsearch;/var/exim/sender/SAFELOCALPART}}}{ : *}}
file = /var/exim/list/SAFELOCALPART
forbid_pipe
forbid_file
errors_to = ${if exists {/var/exim/error/SAFELOCALPART}\
{${readfile{/var/exim/error/SAFELOCALPART}{}}}\
{$sender_address}}
skip_syntax_errors
syntax_errors_to = ${if exists {/var/exim/error/SAFELOCALPART}\
{${readfile{/var/exim/error/SAFELOCALPART}{}}}\
{}}
no_more
lists_closed:
driver = redirect
domains = test.mydomain.com
allow_fail
data = :fail: $local_part@mydomain.com<mailto:$local_part@mydomain.com> (Error sending to list)
smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_smtp
# route_list = !+local_domains post.mydomain.com
# hosts_randomize = true
route_list = !+local_domains test-mydomain-com.mail.protection.outlook.com
no_more
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
#This is already specified above, is it needed?
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# WARNING: If you do not have any retry rules at all (this section of the
# configuration is non-existent or empty), Exim will not do any retries of
# messages that fail to get delivered at the first attempt. The effect will
# be to treat temporary errors as permanent. Therefore, DO NOT remove this
# retry rule unless you really don't want any retries.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,10m,2m; F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
# begin rewrite
# begin authenticators
# begin local_scan
# End of Exim configuration file
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/