Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
remove
Richard.Dunne at dit
Jun 28, 2006, 6:14 AM
Post #1 of 5 (1712 views)
Permalink
-----Original Message-----
From: exim-users-bounces@exim.org [mailto:exim-users-bounces@exim.org] On
Behalf Of Steven Wayne
Sent: 28 June 2006 13:46
To: exim-users@exim.org
Subject: Re: [exim] Stopping arbitrary traffic

On Tue, Jun 27, 2006 at 02:47:35PM -0700, Dustin Jenkins wrote:
>
> Thanks for the response.
>
> The dc_accept_relay should've been dc_host_accept_relay, I should've taken
that out, thanks for pointing to it.
>
> Here's a snippet from my /var/log/exim4/mainlog, the paniclog and reject
log are empty. As you can see there are all kinds of different addresses
from arbitrary traffic going to arbitrary domains. Mostly it gets denied,
but sometimes it succeeds with a 'Completed' message, but what I want is for
it to not try at all! I would've thought that I shouldn't be seeing any of
this stuff.
>
> <LOG-SNIPPET>
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H <= <> R=1FrfGX-0002bI-3K
U=Debian-exim P=local S=2482
> 2006-06-26 22:14:46 1FrfGX-0002bI-3K Completed
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H ** tyler@bellsouth.net
<Tyler@bellsouth.net> R=dnslookup T=remote_smtp: retry time
> not reached for any host after a long failure period
> 2006-06-26 22:14:46 1Fv5uQ-0001ik-2H Frozen (delivery error message)
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v => wac1@andrews-kurth.com R=dnslookup
T=remote_smtp H=cluster6.us.messagelabs.com [216.82.249.195]
X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:47 1FrfX0-0003LM-4v Completed
> 2006-06-26 22:14:47 1FrfEe-0002Z2-BA a.mx0.gatewaydefender.com
[209.153.138.190] Connection timed out
> 2006-06-26 22:14:50 1FrfWq-0003L8-M0 ** wackit69@angelfire.com: an MX or
SRV record indicated no SMTP service
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 => peggy.haney@aexp.com R=dnslookup
T=remote_smtp H=wppim001.aexp.com [193.32.34.92]
X=TLS-1.0:RSA_AES_256_CBC_SHA1:32
> 2006-06-26 22:14:51 1FrfWq-0003L8-M0 ** cvdlely@bart.nl R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<cvdlely@bart.nl>: host mailhub-new.vianetworks.nl [212.61.15.154]: 554
Service unavailable; Client host [24.68.130.247] blocked using
safe.dnsbl.sorbs.net; Dynamic IP Addresses See:
http://www.sorbs.net/lookup.shtml?24.68.130.247
> 2006-06-26 22:14:53 1FrfWq-0003L8-M0 ** server@uni.net R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<server@uni.net>: host mx10.uni.net [217.72.103.201]: 550 5.1.1
<server@uni.net> User unknown; rejecting
> 2006-06-26 22:14:54 1FrfWq-0003L8-M0 => server@upgradesource.com
R=dnslookup T=remote_smtp H=mail.atriniti.com [68.15.40.154]
> 2006-06-26 22:14:55 1FrfWq-0003L8-M0 ** embox5@earthlink.com R=dnslookup
T=remote_smtp: SMTP error from remote mail server after MAIL
FROM:<Marietta@bellsouth.net> SIZE=2513: host mx2.earthlink.net
[209.86.93.227]: 550 Dynamic IPs/open relays blocked. Contact
<openrelay@abuse.earthlink.net>.
> 2006-06-26 22:14:56 1FrfWq-0003L8-M0 ** server@uro.com R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<server@uro.com>: host URO.COM.INBOUND15.MXLOGIC.NET [208.65.145.3]: 550
Recipient unknown
> 2006-06-26 22:14:57 1FrfWq-0003L8-M0 => k4447@hotmail.com R=dnslookup
T=remote_smtp H=mx4.hotmail.com [65.54.245.104]
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 ** alpll@netscape.net R=dnslookup
T=remote_smtp: SMTP error from remote mail server after initial connection:
host mailin-02.mx.netscape.net [205.188.158.57]: 554- (RTR:BB)
http://postmaster.info.aol.com/errors/554rtrbb.html\n554 Connecting IP:
24.68.130.247
> 2006-06-26 22:14:58 1FrfWq-0003L8-M0 == bookings@marineland.co.nz
R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server
after RCPT TO:<bookings@marineland.co.nz>: host mailwash16.pair.com
[66.39.2.16]: 450 <bookings@marineland.co.nz>: Recipient address rejected:
Service temporarily unavailable
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ => dog.kobe@msa.hinet.net R=dnslookup
T=remote_smtp H=msa-mx2.hinet.net [168.95.5.113]
> 2006-06-26 22:15:02 1FrfWS-0003Lu-HQ Completed
> 2006-06-26 22:15:04 1FrfWK-0003LL-Hx ** k2000@nownuri.net R=dnslookup
T=remote_smtp: SMTP error from remote mail server
> after RCPT TO:<k2000@nownuri.net>: host mx3.nownuri.net [203.238.128.89]:
550 5.1.1 k2000 Unknown User
> </LOG-SNIPPET>
>
> When you say obfuscated, are you referring to the configuration in general
or specific components?

This doesn't show a complete log of any transaction.

Run

exigrep -l 1FrfWq-0003L8-M0 /var/log/exim4/maillog*

It's the "<=" mark that tells where their coming from.

Are you running a web server on this machine too?

And please don't top-post.

Steven.
--
A new dramatist of the absurd
Has a voice that will shortly be heard.
I learn from my spies
He's about to devise
An unprintable three-letter word.

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/


This message has been scanned for content and viruses by the
DIT Information Services MailScanner Service
and is believed to be clean.
http://www.dit.ie




This message has been scanned for content and viruses by the
DIT Information Services MailScanner Service
and is believed to be clean.
http://www.dit.ie



--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Re: Remove [ In reply to ]
exim-users at exim
Oct 2, 2020, 9:57 AM
Post #2 of 5 (774 views)
Permalink
On 2020-10-02 16:38, Jeremy Harris wrote:
> On 02/10/2020 17:26, Patrick Porteous via Exim-users wrote:
> > However, it appears that the $message_body variable doesn't analyze the
> > source HTML of the message, but instead just looks at the plain text
> > produced by the HTML output.  Is Exim capable of analyzing the source
> > HTML
>
> No. $message_body is the raw body content. You probably had
> a mime multipart message, with both text and HTML alternate
> parts. You'd be having to use a MIME ACL to pull those apart.
>
> You're getting into a world of complexity here.
> --
> Cheers,
> Jeremy
>
>
Thanks Jeremy, I understand that this may be complex but I don't mind
doing the work if it's possible.  Maybe Exim isn't the right tool to
accomplish this?  I'm looking for suggestions.  Maybe Procmail could be
used to accomplish this after the message is delivered?  Or is it
possible to force the delivery of all received messages to be plain text
even if sent in MIME format?  I've read somewhere in the documentation
that messages can be filtered based on MIME content but my goal is not
to reject messages that have this characteristic.  I just don't want
them to have active links inside the body of the message.

Thanks, Patrick

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Remove & Replace Message Body Content [ In reply to ]
exim-users at exim
Oct 2, 2020, 10:25 AM
Post #3 of 5 (774 views)
Permalink
On 2 Oct 2020, at 17:57, Patrick Porteous via Exim-users <exim-users@exim.org> wrote:
> Maybe Exim isn't the right tool to accomplish this?

Is the right answer :)

Your question falls squarely into Exim's "just because you can, doesn't mean you should" category. Exim is designed to lift and shift, it isn't built to modify despite having some capability to do that.

Look at something you can do a pipe delivery to, like procmail or something that you write (elegant and modern, or using something brutally efficient like sed), to do the disarming.

Graeme
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Remove [ In reply to ]
exim-users at exim
Oct 2, 2020, 1:37 PM
Post #4 of 5 (772 views)
Permalink
Am 02.10.20 um 18:57 schrieb Patrick Porteous via Exim-users:
> On 2020-10-02 16:38, Jeremy Harris wrote:
>
> Thanks Jeremy, I understand that this may be complex but I don't mind
> doing the work if it's possible.  Maybe Exim isn't the right tool to
> accomplish this?  I'm looking for suggestions. 

Just use a transport-filter to do whatever you want with your message.

A filter is a script/exe what you like, that read the entire message on
stdin and prints the new version out on stdout.

What you do between, is entirly yours and you don't need to hack exim,
just write a perl or php script.

Best regards,
Marius


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Remove [ In reply to ]
exim-users at exim
Oct 3, 2020, 12:15 AM
Post #5 of 5 (768 views)
Permalink
Patrick Porteous via Exim-users <exim-users@exim.org> (Fr 02 Okt 2020 18:57:38 CEST):
> Thanks Jeremy, I understand that this may be complex but I don't mind doing
> the work if it's possible.  Maybe Exim isn't the right tool to accomplish
> this?  I'm looking for suggestions.  Maybe Procmail could be used to

I wrote a "mime cutter", which replaced mime attachments, maybe
this can be a starting point. It works as a transport filter for Exim
and is written in Perl.

Feel free to clone https://git.schlittermann.de/mimecut/ and maybe send
me pull requests.

Disclaimer: This script is a works-for-me script, not intended as a
reference for anything (scripting, Perl, Exim, style, security). But is
still activly used and maintained by me.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal