On Sun, Feb 25, 2024 at 06:26:02PM +0300, Odhiambo Washington via Exim-users wrote:
> On Sun, Feb 25, 2024 at 5:50???PM The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>
> > On Sun, Feb 25, 2024 at 04:20:38PM +0300, Odhiambo Washington wrote:
> > > On Sun, Feb 25, 2024 at 4:06???PM The Doctor via Exim-users <
> > > exim-users@lists.exim.org> wrote:
> > >
> > > > On Sun, Feb 25, 2024 at 07:12:00AM +0100, Andreas Metzler via
> > Exim-users
> > > > wrote:
> > > > > On 2024-02-25 The Doctor via Exim-users <exim-users@lists.exim.org>
> > > > wrote:
> > > > > > how can one check to see if Exim is using SASL?
> > > > >
> > > > > I do not get this question, is this trolling? You would look at the
> > > > > configuration files obviously.
> > > > >
> > > > > cu Andreas
> > > > >
> > > >
> > > >
> > > > I am trying on one server to send e-mail via user/pw credentials.
> > > >
> > > > The credentials seem not to get passed through.
> > > >
> > >
> > > Please show what your configuration for ASMTP is, accompanied by log
> > > snippets of what is happening.
> >
> > Will do, just remind me on how to exclude comments
> >
>
> No one wants your whole Exim config file. Only the authenticators are
> needed.
> And the logs when you run the test!
> Anyway use: egrep -v '^$|^.*#' /path/to/file
>
domainlist relay_to_domains =
host_reject_connection = +host_rejects
trusted_users = exim : majordomo : www
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
tls_advertise_hosts = *
log_selector = +all
daemon_smtp_ports = 25 : 465: 587
tls_on_connect_ports = 465
begin acl
acl_check_smtp:
accept encrypted = *
accept hosts = :
accept hosts = +relay_hosts
deny hosts = +block_hosts
accept
acl_check_rcpt:
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
dnslists = sbl-xbl.spamhaus.org : \
zen.spamhaus.org : \
z.mailspike.net : \
hostkarma.junkemailfilter.com=127.0.0.2 : \
bl.spamcop.net : \
dnsbl.sorbs.net
log_message = found in $dnslist_domain
warn dnslists = sbl-xbl.spamhaus.org: \
zen.spamhaus.org : \
dnsbl.njabl.org : \
combined.njabl.org : \
dev.null.dk : \
relays.visi.com : \
dnsbl.sorbs.net :\
iscbl.anti-spam.org.cn : \
cbl.anti-spam.org.cn : \
cblplus.anti-spam.org.cn : \
cblless.anti-spam.org.cn : \
hostkarma.junkemailfilter.com=127.0.0.2 :\
bl.spamcop.net :\
dnsbl-1.uceprotect.net :\
dnsbl-2.uceprotect.net :\
dnsbl-3.uceprotect.net
deny
message = The $sender_adress is prohibited to send mail to the $domain
senders = lsearch;/usr/local/etc/exim/restricted_sender
domains = lsearch;/usr/local/etc/exim/restricted_domains
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
message = sorry
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
message = sorry
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
condition = ${if match{$sender_helo_name}{$primary_hostname}}
!verify = recipient/callout=2m,defer_ok,use_sender
warn domains = +local_domains
!verify = recipient
set acl_c0 = ${eval: $acl_c0+1}
delay = ${eval: ($acl_c0 - 1) * 60}s
drop message = Legitimate bounces are never sent to more than one recipient.
senders = : postmaster@*
condition = ${if >{$recipients_count}{0}{true}{false}}
deny
message = 5.7.1 Banned TLD in MAIL FROM
sender_domains = ^(?i).*\\.(ru|sa)\\.com\$
deny
message = 5.7.1 Banned TLD in MIME From
condition = ${if match {$h_from:}{^(?i).*\\.(ru|sa)\\.com>\$}{yes}{no}}
accept hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
accept authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
deny message = Rejected IP
hosts = 127.0.0.1
deny message = Rejected IP
hosts = 192.133.39.0/24
deny message = Rejected IP
hosts = 5.34.207.0/24
deny message = Rejected Domain
domains = foo.bar : foo2.bar
deny message = Rejected sender
domains = dhl.com
local_parts = adminsu*
deny message = Rejected sender
domains = *.com
local_parts = postmail-*
deny message = Rejected sender
domains = office.com
local_parts = bounce
deny message = Rejected sender
domains = usa.com
local_parts = express.deli*
deny message = Rejected sender
domains = gmail.com
local_parts = emarketing2*
deny message = Rejected sender
domains = gmail.com
local_parts = roach*
deny message = Rejected sender
domains = gmail.com
local_parts = emarketing2sofsol*
deny message = Rejected sender
domains = gmail.com
local_parts = umair*
deny message = Rejected sender
domains = gmail.com
local_parts = umairpbl
deny message = Rejected sender
domains = gmail.com
local_parts = edusa102
deny message = Rejected sender
domains = *.icu
local_parts = *
deny message = Rejected sender
domains = nubwaygroup.com
local_parts = *
deny message = Rejected sender
domains = exceptmail.com
local_parts = *
deny message = Rejected sender
domains = hotmail.com.com
local_parts = *
deny message = Rejected sender
domains = sanpaolotorino.com
local_parts = studio
deny message = Rejected recipient
domains = localhost.com
local_parts = root
deny message = Rejected recipient
domains = freeshell.org
local_parts = dino
deny message = Rejected recipient
domains = croffervault.com
local_parts = concierge
warn ratelimit = 1000 / 1h / strict
log_message = Sender rate $sender_rate / $sender_rate_period
warn ratelimit = 500 / 1h / per_rcpt / strict
delay = ${eval: ${sg{$sender_rate}{[.].*}{}} - $sender_rate_limit}s
accept
acl_check_data:
accept authenticated = *
set acl_m_authenticated = 1
accept hosts = :
deny malware = *
message = This message contains a virus ($malware_name).
drop message = This message is denied by policy : $spam_score spam points
spam = nobody:true
condition = ${if > {$spam_score_int}{4999}{1}{0}}
warn spam = nobody
message = Subject: {SPAM?} $rh_subject:
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
deny
!hosts = +relay_from_hosts
message = This message was considered to be spam
spam = www:true
condition = ${if >{$spam_score_int}{4999}{1}{0}}
deny senders = /usr/local/etc/exim/deny_senders
deny authenticated = *
ratelimit = 10 / 1d / strict / $authenticated_id
accept
acl_smtp_connect:
drop message = You are banned here
log_message = Blocked host from 5.34.207.0/24 subnet ($sender_host_address)
hosts = +blocked_hosts
begin routers
check_dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
verify_only
no_more
check_system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
check_localuser:
driver = accept
check_local_user
verify_only
virtuals:
driver = redirect
allow_defer
allow_fail
domains = partial-lsearch;/usr/local/etc/exim/vdom3
data = ${lookup{$local_part@$domain}lsearch*@{/usr/local/etc/exim/virtualaliases}}
retry_use_local_part
pipe_transport = address_pipe
file_transport = address_file
no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
local_part_prefix = +* : -*
local_part_prefix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
local_part_prefix = +* : -*
local_part_prefix_optional
no_verify
transport = local_delivery
cannot_route_message = Unknown user
procmail:
driver = accept
check_local_user
require_files = $home/.procmailrc
transport = procmail_pipe
lists:
driver = redirect
file = /usr/home/majordomo/lists/$local_data
forbid_pipe
forbid_file
errors_to = $local_data-request@nk.ca
user = majordomo
no_more
begin transports
remote_smtp:
driver = smtp
hosts_avoid_esmtp=*
connect_timeout = 15m
data_timeout = 15m
hosts_avoid_tls = 127.0.0.1
procmail_pipe:
driver = pipe
command = /usr/bin/procmail -d $local_part
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
umask = 077
user = $local_part
group = mail
local_delivery:
driver = appendfile
file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
group = mail
quota = 30720M
quota_warn_threshold = 70%
mode = 0600
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,1h,15m; G,10h,1h,1.5; F,7d,1h
127.0.0.1 * F,1h,1m; G,2h,10m,1.5; F,5h,10m
204.209.81.1 * F,1h,1m; G,2h,10m,1.5; F,3h,10m
204.209.81.3 * F,1h,1m; G,2h,10m,1.5; F,5h,10m
begin rewrite
begin authenticators
PLAIN:
driver = plaintext
public_name = PLAIN
server_set_id = $auth2
server_prompts = :
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
public_name = LOGIN
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
sasl_auth:
driver = cyrus_sasl
public_name = SASL_AUTH
server_mech = PLAIN
server_set_id = $auth2
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
From the logs
2024-02-24 20:33:41.957 [60359] H=([sender Ip]) [Sender IP]:52274 I=[mail IP]:587 Ci=60359 incomplete transaction (connection lost) from <Sender> for Self test.
>
> >
> > > You see, most list members broke their crystal glasses and so cannot
> > guess
> > > all that information.
> >
> > I prefer to be prodded.
> >
>
> http://www.catb.org/~esr/faqs/smart-questions.html
>
:-)
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' ??\_(???)_/?? :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
What worth the power of law that won't stop lawlessness? -unknown
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/