Recently, I've installed the centOS 6. The purpose of the installation to use this server as Mail server. Where I've installed **Exim version 4.84_2 #1** and **Dovecot**. I've followed this blog post and I've tried to solve the below given error, however I do not have luck to resolve it. 2017-02-06 07:07:27 no host name found for IP address x.x.x.x 2017-02-06 07:07:32 dovecot_plain authenticator failed for ([x.x.x.x]) [x.x.x.x]: 535 Incorrect authentication data (set_id=mailclown@com-supportnet.work) 2017-02-06 07:07:40 dovecot_plain authenticator failed for ([x.x.x.x]) [x.x.x.x]: 535 Incorrect authentication data (set_id=mailclown@com-supportnet.work) 2017-02-06 07:07:48 dovecot_login authenticator failed for ([x.x.x.x]) [x.x.x.x]: 535 Incorrect authentication data (set_id=mailclown@com-supportnet.work) 2017-02-06 07:07:52 dovecot_login authenticator failed for ([x.x.x.x]) [x.x.x.x]: 535 Incorrect authentication data (set_id=mailclown@com-supportnet.work) Following is the output the configuration which I used from the above blog post. [root@com-supportnet ~]# dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-642.11.1.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb mail_location = maildir:~/mail mbox_write_locks = fcntl passdb { driver = pam } service auth { unix_listener auth-client { mode = 0777 user = exim } } ssl_cert = /etc/ssl/mail.com-supportnet.work.crt ssl_key = /etc/ssl/mail.com-supportnet.work.key userdb { driver = passwd } Please let me know, how I can resolve this error.

*OS: GNU/Linux Debian 9.2 64-bit* I disabled IPv6 on one of my servers. And now I'm getting this in mail: exim paniclog ... > IPv6 socket creation failed: Address family not supported by protocol How do I get rid of it?

I have configured exim4 and am trying to send out emails using port 587 and the email is being sent but on the mail server it show connecting at port 25. I am using:

echo "Subject:Hello All" | sendmail -v  -port 587 shaheena.kazi@gmail.com


T: remote_smtp for shaheena.kazi@gmail.com
Connecting to gmail-smtp-in.l.google.com [2607:f8b0:4004:c08::1a]:25 ... LOG: MAIN

(Not pasting the entire output of the log here) +++++++++++++++++++++ I wanted to check why the connection goes to port 25 as shown below---- """Connecting to gmail-smtp-in.l.google.com [2607:f8b0:4004:c08::1a]:25 ... LOG: MAIN"""" I want all my email to connect on port 587 as I have requested for port 587. I have tried most of the settings shown online in the exim4 config file. But still it connects on 25. Links that I followed but no luck : https://www.fyzix.net/index.php?title=Installing_and_Configuring_Exim4_for_Gmail_SMTP_Relay and https://logs.paulooi.com/enable-smtp-port-587-on-exim.php Also, any mail server I use... it connects to port 25.. Could anyone help me here ?

I am running a ubuntu server (I got convinced and there is not one day that I do not regret it!) which runs Exim. Deep within the split configuration's ACL files, I found this: # This hook allows you to hook in your own ACLs without having to # modify this file. If you do it like we suggest, you'll end up with # a small performance penalty since there is an additional file being # accessed. This doesn't happen if you leave the macro unset. .ifdef CHECK_RCPT_LOCAL_ACL_FILE .include CHECK_RCPT_LOCAL_ACL_FILE .endif A search CHECK_RCPT_LOCAL_ACL_FILE yields many such stanza but no where does it tell you *where to create the variable* or *what the file should look like*. The latter should be obvious as it will just contain some more ACL commands. However, the former is a mystery… Anyone got an idea? I did try to ask this on ask.ubuntu and as usual got nothing whatsoever… Note that the following stanza works just fine in the conf.d/acl/30_exim4-config_check_rcpt file but modifying system files like that will lead to trouble the next time Ubuntu decides to update… deny condition = ${lookup{$local_part}nwildlsearch{/etc/exim4/black.list}{yes}{no}} logwrite = :main,reject: $sender_host_address - $local_part@$domain is only used by spammers message = User is black listed. Go away.

/etc/ppp/ip-up.d/exim4 runs the queue upon connection. Except on a Chromebook, where one uses wifi, not ppp. So if one boots at 3PM, sends a mail offline at 3:05, connects to the network at 3:15,... well the mail will still sit around until 3:30 when exim's half-hourly run finally takes place. > Just do runq -qqf, that will flush the queue for you. Thanks, but you don't get my point. I want the queue flushed automatically upon wifi connection.

I'm getting the NUL character(s) present error on exim, similar to this post , but since that post is too old, I'm following Charles Davis suggestion to create a new question.

$ tail -f /var/log/exim4/mainlog

2024-07-12 22:43:38 SMTP syntax error in "\026\003\001\002?\001?\001\374\003\003"\365\bZ\327b\277\373\261\032\246\217\275R\314b\201b\351\253k\304\001\3343/256/243/005/215U/301/207/311/227N/306e2+/216/226/307/361?0/023/002/023/003/023/001/300+/300/?/236/314/251/314/250/300" H=localhost [::1] NUL character(s) present (shown as '?')'>\\213fn\263N\303\244 \256'z\226o\305eE\231.:\234>3\256\243\005\215U\301\207\311\227N\306e2+\216\226\307\361?0\023\002\023\003\023\001\300+\300/?\236\314\251\314\250\300" H=localhost [::1] NUL character(s) present (shown as '?')
2024-07-12 22:43:38 SMTP syntax error in "\300\024?9\300        \300\023?3?\234?5?/\3000\300,?=?j?8?2?\377\001?\001\203???\016?\f??     localhost?\v?\004\003?\001\002?" H=localhost [::1] NUL character(s) present (shown as '?')
2024-07-12 22:43:38 SMTP syntax error in "?\f?" H=localhost [::1] NUL character(s) present (shown as '?')
2024-07-12 22:43:38 SMTP syntax error in "?\035?\027?\036?\031?\030?#???\005?\005\001?????\026???\027???\r?*?(\004\003\005\003\006\003\b\007\b\b\b      \b" H=localhost [::1] NUL character(s) present (shown as '?')
2024-07-12 22:43:38 SMTP call from localhost [::1] dropped: too many syntax or protocol errors (last command was "?\035?\027?\036?\031?\030?#???\005?\005\001?????\026???\027???\r?*?(\004\003\005\003\006\003\b\007\b\b\b      \b", NULL)

Exim: 4.94.2-7+deb11u3.  version 4.94.2 #2 built 09-Jul-2024 09:01:33
Distro: Debian GNU/Linux 11 (bullseye)
Kernel: 5.15.83-1-pve

On terminal this works fine echo 'hi!' | mail -s "Sent from $(hostname) at $(date +"%F %T")" mail@example.com The problem arise when sending emails from a web app installed on the host (Koha ). How could I debug the issue to find out if the web app is sending invalid strings?

Sometimes we are getting **NULL character(s) present** errors on incoming mail. It looks like this: 2018-03-01 12:26:51.244 SMTP syntax error in "RCPT TO:" H=mail-wm0-f56.google.com [74.125.82.56]:59392 I=[185.78.30.71]:25 NULL character(s) present (shown as '?') 2018-03-01 13:07:10.371 SMTP syntax error in "RCPT TO:" H=mail-vk0-f59.google.com [209.85.213.59]:34762 I=[185.78.30.71]:25 NULL character(s) present (shown as '?') 2018-03-04 16:48:37.084 SMTP syntax error in "??EHLO 102jamz.com" H=[78.90.185.253]:50824 I=[185.78.30.71]:25 NULL character(s) present (shown as '?') 2018-03-04 17:00:30.333 SMTP syntax error in "??EHLO 1stglobal.com" H=[168.103.12.254]:43198 I=[5.101.158.68]:25 NULL character(s) present (shown as '?') 2018-03-05 11:11:42.758 SMTP syntax error in "D?TA" H=mail-pf0-f176.google.com [209.85.192.176]:42851 I=[185.78.30.71]:25 NULL character(s) present (shown as '?') We have had successful transfers from hosts with these errors. The error only happens sometimes. It has different commands (ehlo / rcpt to / data ), different hosts. At the same time there are no errors in dmesg, so it has no correlation with hardware error. Some TCP fails? Don't know, it looks like "we miss 1 byte in big package", is it real case? Having 4 mail servers for incoming and 4/4 gets this error in some time. exim 4.90.1 linux kernel 4.7.10 exim under docker enviroment. docker 1.8.3, build f4bf5c7

Debian upgrade to exim4 4.94 brings new headache: tainted variables. I have several virtual domains handled by my exim and hence I use variable expansion to obtain DKIM domain, selector and key. In my 000_localmacros is: DKIM_CANON = relaxed # Get the domain from the outgoing mail. DKIM_DOMAIN = ${sg{${lc:${domain_data:$h_from:}}}{^www\.}{}} DKIM_SELECTOR = ${lookup{DKIM_DOMAIN}lsearch{/etc/exim4/dkim/selector.map}} # The file is based on the outgoing domain-name in the from-header. DKIM_FILE = /etc/exim4/dkim/DKIM_DOMAIN/DKIM_SELECTOR/private.key # If key exists then use it, if not don't. DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} (these variables are then used in Debian's default files transport/30_exim4-config_remote_smtp). Sadly this generates: 2021-09-10 07:13:27.625 1mOYqk-0007WN-8p Warning: Tainted filename '/etc/exim4/dkim/example.com/n201711/private.key' Note that I did replace $domain already with $domain_data as suggested by the documentation but it does not help. How can I fix this so I can remove my allow_insecure_tainted_data = yes statement?

I am moving servers, both of them running Debian (oldstable and stable). Both are running Exim4. When I switch the DNS entries over to the new server, I'd like the old server to still forward incoming mail to my new server for processing, so that users do not see any outage. How can I do this?

I run the munin monitoring application on my debian Wheezy server and I would like to test the alert-email-notification procedure. To do that, I add in munin.conf the following line: df._home.warning 25 I set 25 because the df command returns 30 for /home. I also defined one contact: contacts me contact.me.command mail "munin test ${var:host}" my_email@my_isp.com Unfortunately I don't receive any mails. There are no errors in the logs. Note that I use exim4 to send emails and that I can send emails from a terminal. What could be wrong in my configuration ? Note also I ckecked manually the df plugin: munin-run df returns 30 for /home

I have a VPS server, which is used to send emails. On that server I have 2 domain names attached and correctly configured with 2 different IP's. DNS is set as well to match sending IP's accordingly: mail.moneymattersforum.com mail.globe-forum.com DNS A records for mail.* transparently reveals corresponding IP, so forward and reverse DNS resolutions match. Everything seems good, and domains even deliver most of the time, however, the VPS hostname set to mail.moneymattersforum.com and Exim 4 uses it to advertise in HELO/EHLO upon ANY connection. I've read and tried to fix this with + Exim restart: REMOTE_SMTP_HELO_DATA=$sender_address_domain and smtp transport's -> helo_data=$sender_address_domain with no any luck, seems like the edits have no effect at all. What I try to achieve: HELO/EHLO + SMTP banner should match the sending domain, eg if name@moneymattersforum.com sending => then HELO/EHLO should be mail.moneymattersforum.com AND if name@globe-forum.com sending -> then HELO/EHLO should match mail.globe-forum.com. More information: /etc/exim4/update-exim4.conf.conf (generated by updateconfexim and copied):

dc_eximconfig_configtype='internet'
dc_other_hostnames='moneymattersforum.com; globe-forum.com'
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains='moneymattersforum.coml globe-forum.com'
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

/etc/exim4/exim4.conf.template I've added these: REMOTE_SMTP_HELO_FROM_DNS='true' REMOTE_SMTP_HELO_DATA=$sender_address_domain /etc/exim4/conf.d/main/00_local_settings

REMOTE_SMTP_HELO_FROM_DNS='true' REMOTE_SMTP_HELO_DATA=$sender_address_domain`

/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp/: debug_print = "T: remote_smtp for $local_part@$domain" driver = smtp helo_data = $sender_address_domain REMOTE_SMTP_HELO_DATA=$sender_address_domain I see that exim-update conf says it's single file config, however just in case added everywhere. And it still have no effect. Also I've noticed that transport macros have a code to get domain from IP - to advertise in HELO, however nothing works - Exim only advertise hostname, alas. added these lines to /etc/exim4.conf as well:

REMOTE_SMTP_HELO_FROM_DNS='true' REMOTE_SMTP_HELO_DATA=$sender_address_domain
HELO_DATA = "mail.${sender_address_domain}"

Nothing helps :-( Please explain step by step how to generate new config for exim allowing HELO to be extracted from sending IP or domain name. Thank you

I executed dpkg-reconfigure exim4-config and it generated /var/lib/exim4/config.autogenerated. I believe that this is the master configuration. However on our older server with an older version of Exim I have seen exim.conf in the /etc folder. What is the purpose of this file and how can I generate it? Is there a tool that can generate it and is it recommended to have this file?

I'm trying to understand and fix at least one tainted statement within exim and I don't understand how it is supposed to be quoted. The line I believe is causing the grief is:

domainlist local_domains = @:domain1.org:domain2.org:domain2.org:\
         pgsql;select domain from virtdomains where domain='$domain'

The output it provides when running exim -C /etc/exim/exim.conf -d+all -bv test@test.com is below. I'm sure it is something simple, but I didn't set this up but now trying to learn now to maintain it and this is preventing me from upgrading.

...
11:06:52 33945 routing test@test.com
11:06:52 33945 --------> dnslookup router <--------
11:06:52 33945 local_part=test domain=test.com
11:06:52 33945 checking domains
11:06:52 33945  ╭considering: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ├───────text: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='
11:06:52 33945  ├considering: $domain'
11:06:52 33945  ├considering: '
11:06:52 33945  ├───────text: '
11:06:52 33945  ├──expanding: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ╰─────result: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='test.com'
11:06:52 33945             ╰──(tainted)
11:06:52 33945 search_open: pgsql "NULL"
11:06:52 33945 search_find: file="NULL"
11:06:52 33945   key="select domain from virtdomains where domain='test.com'" partial=-1 affix=NULL starflags=0 opts=NULL
11:06:52 33945 LRU list:
11:06:52 33945 internal_search_find: file="NULL"
11:06:52 33945   type=pgsql key="select domain from virtdomains where domain='test.com'" opts=NULL
11:06:52 33945 database lookup required for select domain from virtdomains where domain='test.com'
11:06:52 33945                              (tainted)
11:06:52 33945 LOG: MAIN PANIC
11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
11:06:52 33945 PostgreSQL query: "select domain from virtdomains where domain='test.com'" opts 'NULL'11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
...

We are running Exim4 mailserver version 4.90.1 on Ubuntu Server 18.04.1 LTS which is in DMZ and sends out emails from LAN out to the internet. Sometimes (maybe a couple of mails per 24h of thousands of successfully sent mails) Exim has a temporary dns problem and because of that defers the mail: > defer (-1): host lookup did not complete But when I make a manual DNS test (e.g. with dig), the MX record is fetched without problem for the receiver domain. Exim defers the mail, and on the next try (after 20 or 30 minutes), the mail gets sent out OK, no DNS problem anymore. We have not found out why there are sometimes short dns problems for some rare mails out of thousands. But I think software (in this case exim) should be so robust that it can handle a DNS timeout of some seconds. In the example our bind DNS server had the following entry in the query-error log:

22-Aug-2023 17:20:28.639 query-errors: debug 1: client @0x7f56f74b2050 195.xxx.xxx.87#45395 (examplecustom.com): query failed (SERVFAIL) for examplecustom.com/IN/MX at ../../../bin/named/query.c:8402

Below you see an example case where because of the above error, the mail is completed with a delay of 20 minutes. My question is: How can we configure Exim that it retries on DNS lookup error every minute for 20 minutes? So in the best case when there is a DNS problem for some seconds, the mail is sent after one minute, when retry is OK. Currently, the delay can be up to 30 minutes and that is not acceptable. I have read https://www.exim.org/exim-html-current/doc/html/spec_html/ch-retry_configuration.html and tried the following line in /etc/exim4.conf.template:

# DNS(Lookup) retry every minute for 20 minutes, first
*                      lookup      F,20m,1m; G,16h,1h,1.5; F,4d,6h
# This is Exim default rule
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

But unfortunately, that did not change anything, the below example had occured with the above extra rule being active. We have QUEUEINTERVAL='10m' set in /etc/default/exim4. In this example I would want that the mail would have been sent at 17:28:47, but instead Exim says "retry time not reached" and we lose another 12 minutes. I would like that the retry time would have been reached already at that time. This aggressive retry setting should be specifically for DNS lookup error, only.

2023-08-22 17:20:19 1qBTYB5-0006NM-Nv  john.doe@examplecustom.com R=dnslookup T=remote_smtp H=mx01.hornetsecurity.com [94.100.132.8] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes C="250 2.0.0 OK accept as AC027FA06BA:4f234742f62fac6098baf99d16db6d79 by mx-gate97-hz1"
2023-08-22 17:40:59 1qBTYB5-0006NM-Nv Completed

I have bad actors attempting to figure out valid user names on my exim4 server. Many times a day, I'll get a connection that tries 100 RCPT commands with random-ish account names. They have the correct domain, and plausible user names, but so far, they haven't hit on a valid user name. This all happens in less than one second. It seems to be exactly 100 attempts every time. How can I limit how many bad RCPT commands can be issued per session? These attempts originate at different IP addresses every time and happen so fast that fail2ban can't help. Thanks

**Summary:** I have a mail server (exim 4, Debian 10) in an LXC container. The host is running Debian 11. Since yesterday evening spam traffic has been coming in that appears to come from the LXC Host. However, tcpdump logs show that it is actually remote traffic. What is going on? This is an example of an exim4 log entry on the mail server, for a spam mail seemingly coming from the lxc host:

2023-07-23 11:15:51 1qNX42-009wSW-VR  MAILSERVERCONTAINER.smtp: Flags [P.], seq 5672:5702, ack 1397, win 27, options [nop,nop,TS val 1151815058 ecr 475541370], length 30: SMTP: MAIL FROM:

So the traffic appears to come from the (Chinese) IP 39.170.36.149. (This IP does not appear at all in the container logs.) So why does this traffic appear as coming from the host to the mail server? The relevant network interfaces on the host are: - eno1, the physical interface - br0, a bridge connecting the phyiscal interface with several lxc containers The tcpdump command on the host that shows the spammy traffic is:

tcpdump -i br0 port 25 and dst host [MAILSERVERIPV4]

The bridge interface is setup like this in /etc/network/interfaces:

auto br0                        
iface br0 inet static            
        bridge_ports regex eth.* regex eno.*
        bridge_fd 0          
        address HOSTADDRES
        netmask 255.255.255.192 
        gateway HOSTGATEWAY

Both container and host are up to date with security updates. But the host's uptime is 248 days, so it is possible that it is running outdated binaries. **UPDATE** I think the problem was caused by an iptables rule on the host, -t nat -A POSTROUTING -o br0 -j MASQUERADE. This rule is intended for containers without an external IP to reach the internet. I have apparently misunderstood what this does. Shouldn't it only masquerade traffic that is routed from internal IPs to the internet? As I understand it, external traffic to the mail server is bridged and not routed at all. Also, it's only one particular spammer that was able to exploit my setup. The normal traffic to my mail server shows external IPs. How did the spammer do this? **UPDATE 2:** The problems started after installing docker on the host. Could it be that docker and lxc interact in a way to create these problems?

I'm running an Exim MTA which only receives emails from a few other systems under my control. All these systems happily negotiate TLSv1.2/TLSv1.3 with my MTA. I would like to disable support for TLSv1.0 and TLSv1.1 but I can't find instructions on how to do so. All software is installed from the official Debian 10 repository (Exim 4.92, GnuTLS 3.6.6).

I am using /etc/aliases to direct group emails to multiple accounts, for example: postmaster: john abuse: john www: paul team: john, paul, ringo, george One of the lines is getting quite long due to the number of users it forwards to. Is it possible to wrap the line? I am using Exim as the MTA.

My domain getting lot of spam mail like xxx@mydomain.com, yyy@mydomain.com. We don't have such user's but we getting mails like that.Also getting lot of bounce mails, How to control spam like this in exim mail server.

I'm facing issue with tainted data from files. I even tried $domain_data instead of $domain, still not able to fix tainted data Error log main.log

2022-09-06 12:55:31 1oVdjO-000WZa-39 => info  R=localuser T=local_delivery
2022-09-06 12:55:31 1oVdjO-000WZa-39 == info@example.com R=autoreplay T=userautoreply defer (13): Permission denied: Tainted '/etc/exim/domains/example.com/autoreply.info.msg' (file for userautoreply transport) not permitted

If I manually put domain name (as below) in transports it works very well

# TRANSPORTS CONFIGURATION
userautoreply:
  driver = autoreply
  file = /etc/exim/domains/example.com/autoreply.info.msg
  debug_print = "${local_part}@${domain}"
  from = "${local_part}@${domain}"
  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
  to = "${sender_address}"

Here exim config Domains list

domainlist local_domains = lsearch;/etc/localdomains
domainlist relay_to_domains = +local_domains
localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N

# ROUTERS CONFIGURATION
autoreplay:
  driver = accept
  require_files = /etc/exim/domains/${lookup{$domain_data}dsearch{/etc/exim/domains/}}/autoreply.${local_part}.msg
  condition = ${if exists{/etc/exim/domains/${lookup{$domain_data}dsearch{/etc/exim/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
  domains = !$primary_hostname : +local_domains
  local_parts = +path_safe_localparts
  retry_use_local_part
  transport = userautoreply
  unseen

Below debug log

12:49:31.797 124677 --------> autoreplay router  aliases router <--------
12:49:31.798 124677 local_part=info domain=example.com
12:49:31.798 124677 checking require_files
12:49:31.798 124677  ╭considering: /etc/exim/domains/$domain/aliases
12:49:31.798 124677  ├───────text: /etc/exim/domains/
12:49:31.798 124677  ├considering: $domain/aliases
12:49:31.798 124677  ├considering: /aliases
12:49:31.798 124677  ├───────text: /aliases
12:49:31.798 124677  ├──expanding: /etc/exim/domains/$domain/aliases
12:49:31.798 124677  ╰─────result: /etc/exim/domains/example.com/aliases
12:49:31.798 124677             ╰──(tainted)
12:49:31.798 124677 file check: /etc/exim/domains/$domain/aliases
12:49:31.798 124677 expanded file: /etc/exim/domains/example.com/aliases
12:49:31.798 124677 stat() yielded -1
12:49:31.798 124677 errno = 2
12:49:31.798 124677 aliases router skipped: file check