View previous topic :: View next topic |
Author |
Message |
baraka n00b
Joined: 16 Jan 2004 Posts: 3
|
Posted: Sat Jun 26, 2004 12:02 am Post subject: no log for exim |
|
|
Hi guys, i try to make exim works first without spam and anti-virus system, till now i was not able to send outside the world email neither receive (i have a mx record set to my mail server). The real annoying problem is pehaps i have log_file_path=syslog i was have notice no /var/log/exim/ files.
What can be happening? i need full logs to know what happening :/ |
|
Back to top |
|
|
baraka n00b
Joined: 16 Jan 2004 Posts: 3
|
Posted: Wed Jun 30, 2004 7:17 pm Post subject: Re: SMTP-Auth for inbound connections |
|
|
Cataclysm wrote: | Thanks and regards for the following go to Vinay Malkani, he send it to me by email.
Quote: | Smtp-auth (based on actual user logins) for inbound connections was extremely simple. I thought you might want to add it to your guide.
First create /etc/pam.d/exim (probably created for you when you emerged exim)
This file should read as follows:
--------BEGIN CODE-----------
# You may need to remove the "md5"
auth required pam_unix.so shadow md5
account required pam_unix.so
-------END CODE-------------
Next add to to your exim.conf file the following items
1.
---------BEGIN CODE--------
exim_user = root // add this to the top of the file
---------END CODE-------------
2. in the authenticators section add:
----------BEGIN CODE--------
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
--------END CODE-----------------
and thats it
|
|
I am using that code for authenticaton but maybe cause of the setting of never used:
Quote: |
never_users = root
|
i got a message from Mailer-Daemon like these:
Quote: |
...
The addresses to which the message has not yet been delivered are:
bar4ka@spymac.com
Delay reason: User 0 set for remote_smtp transport is on the never_users list
...
|
and this messages repeats until it give-up delivering.
I read something about this error messages and try to put the following:
Quote: |
system_filter_user = mail
|
but no luck too. Any help for this ? |
|
Back to top |
|
|
Zebbeman n00b
Joined: 14 Jun 2003 Posts: 69
|
Posted: Sun Jul 11, 2004 9:38 pm Post subject: |
|
|
I'm not sure if this is correct, but I think you cannot comment out never_users anymore. If it still works, you have to comment out # never_users if you are running Exim as root. I had a similar problem running exim as root after an update, so I changed from pam to sasl.
Pam needs Exim to be runned as root, sasl dont. |
|
Back to top |
|
|
catman__ n00b
Joined: 14 Jul 2004 Posts: 2
|
Posted: Wed Jul 14, 2004 10:06 am Post subject: exim must bounce incomming mail |
|
|
hi i want to bounce incomming mail with exim that are not used. With other words how can i bounce emails except the email adresses that i use.
tnx
catman _________________ just a gentoo user |
|
Back to top |
|
|
BakaO n00b
Joined: 27 Sep 2003 Posts: 74
|
Posted: Fri Aug 20, 2004 9:09 am Post subject: |
|
|
Hello,
first, i would like to thanks you all for making gentoo the best distro !
Thanks Cataclysm !
I have a question, what should the spam become once it is detected has spam ?
Is it deleted ? so why we can change the title with ***** SPAM ***** ?
Or maybe it is delivered but marked as deleted ?
One more : for my house, i configure fetchmail -> exim -> spammasssin / clamv -> maildir -> courier-imap
OK but when i look at the log, when a spam is find, exim tell me that it can't find the 'FETCHMAIL-DEAMON' user is it normal ?
Thanks for all. |
|
Back to top |
|
|
rex123 Apprentice
Joined: 21 Apr 2004 Posts: 272
|
Posted: Fri Aug 20, 2004 2:14 pm Post subject: |
|
|
I'm running a very similar set-up to the one in this how-to, on a server with about 10 mail users. I found that spamassassin works miles better (and it's really amazingly good) if you enable bayesian rules. I have one bayesian database for the whole server. The way to set this up is to create a user, with a home directory, and use sa-learn as that user. I have a user called spamd.
Then change the spamd part of exim.conf to something like this:
Code: |
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = spamd:true/defer_ok
warn message = X-Spam-Report: $spam_report
spam = spamd:true/defer_ok
# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = spamd/defer_ok
...
|
The /defer_ok tells exim not to defer the message if spamd is down for some reason - it just skips the spamassassin routine. Requires exiscan 4.33.
Train spamassassin using sa-learn, and you're away. It needs 200 ham and 200 spam to get going, then it just gets better. I have my filters set to reject at 5.0, and I treat anything scoring over 1.0 as suspect. This produces almost no false positives, and catches almost everything (but I've been training it for a while, and I get a lot of spam).[/b] |
|
Back to top |
|
|
McB4ne n00b
Joined: 25 Aug 2004 Posts: 17
|
Posted: Mon Aug 30, 2004 8:00 pm Post subject: |
|
|
Zebbeman wrote: | I'm not sure if this is correct, but I think you cannot comment out never_users anymore. If it still works, you have to comment out # never_users if you are running Exim as root. I had a similar problem running exim as root after an update, so I changed from pam to sasl.
Pam needs Exim to be runned as root, sasl dont. |
I tried commending out the whole line
#never_users = root
It gives the error of:
2004-08-30 19:57:07 1C1wxJ-0005Ss-Ty == mcbane@gmail.com R=dnslookup T=remote_smtp defer (-29): User 0 set for remote_smtp transport is on the fixed_never_users list
seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root? |
|
Back to top |
|
|
batzee Tux's lil' helper
Joined: 27 Apr 2004 Posts: 105
|
Posted: Wed Sep 01, 2004 2:01 pm Post subject: hmmmm.. that sucks! |
|
|
Could anyone who has successfully setup exim for smtp auth + relaying for authenticated clients only + no problems with never_users and exim_users please post how this can be done? If sasl really is the only way, could someone explain how to configure this?
thanks! |
|
Back to top |
|
|
rex123 Apprentice
Joined: 21 Apr 2004 Posts: 272
|
Posted: Wed Sep 01, 2004 3:19 pm Post subject: |
|
|
Quote: | Could anyone who has successfully setup exim for smtp auth + relaying for authenticated clients only + no problems with never_users and exim_users please post how this can be done? If sasl really is the only way, could someone explain how to configure this?
thanks!
|
This might help (I'm only including the relevant bits):
Code: |
# allow relaying from localhost
hostlist relay_from_hosts = 127.0.0.1
# I use tls. This means I can use pam, and shell accounts are still safe
tls_advertise_hosts = *
# You need to get hold of a certificate for this.
# See http://www.exim.org/exim-html-4.40/doc/html/spec_37.html#CHAP37
# for more info.
tls_certificate = /etc/exim/eximcert.pem
# define auth acl
acl_smtp_auth = acl_check_auth
# define rcpt acl
acl_smtp_rcpt = acl_check_rcpt
# other definitions here...
begin acl
acl_check_auth:
# Only care about authentication if it's encrypted (this is optional, clearly)
accept encrypted = *
deny message = Rejected authentication: Encryption required
acl_check_rcpt:
# Accept rcpt if the sender is authenticated
accept authenticated = *
# spam checks, HELO checks, sender verification checks etc here
# Check for local domain here...
# if we've reached here, then it's a relay attempt, by someone
# who is not authenticated, so deny
deny message = Rejected recipient: relay not permitted without encrypted authentication
# other acls here...
begin routers
# routers here
begin transports
#transports here
begin retry
# I have nothing here
begin rewrite
# Nor here
begin authenticators
# you need to have both of these if anyone uses Outlook.
# As you can see, I'm using pam with tls. It works well, but the
# client setup is slightly more effort than normal.
plain:
driver = plaintext
public_name = PLAIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
|
Sorry if I've missed out anything crucial. Someone will probably notice it anyway. |
|
Back to top |
|
|
batzee Tux's lil' helper
Joined: 27 Apr 2004 Posts: 105
|
Posted: Fri Sep 03, 2004 1:46 pm Post subject: |
|
|
Thanks for your help - now one more question: I am subscribed to some more or less high-volume mailinglists, each of them is filtered to a dedicated folder. Now what I would like to have is some tool which deletes old messages from these mailinglists folders automatically, maybe in a logrotate-like fashion (put old messages in an archive and zip it, delete the oldest of these archives each time).
Does anyone know if such a thing exists? |
|
Back to top |
|
|
BakaO n00b
Joined: 27 Sep 2003 Posts: 74
|
Posted: Sun Sep 12, 2004 9:11 pm Post subject: |
|
|
Hello,
I have a big question : here is how my server is configured :
1 computer (my server) is installed with courier-imap + fetchmail + exim + spamassasin
Fetchmail gather for me 6 mail box et for my sister 2 mail box.
Everything is ok : exim accept mail from fetchmail in local, and let me send mail (smtp) with a computer in the local network.
But (here is my problem) : i want to enable auth smtp for let me use my server everywhere inthe world, but it this time, fetchmail is blocked (it don't use auth).
So : is there a thing do change in my exim conf file to let smtp in local without auth, or everything else ?
thanks. |
|
Back to top |
|
|
Golbez Tux's lil' helper
Joined: 03 May 2004 Posts: 96
|
Posted: Thu Sep 16, 2004 11:56 pm Post subject: |
|
|
hey batzee, did that setup work, cause I know the exact problems you are having and feel your pain |
|
Back to top |
|
|
Zebbeman n00b
Joined: 14 Jun 2003 Posts: 69
|
Posted: Tue Oct 12, 2004 2:40 pm Post subject: |
|
|
McB4ne wrote: |
seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root? |
Pam is simple, but I think it needs Exim to be runned as root. This is a security issue, so I changed to sasl.
I think I only changed "if pam" to "if saslauthd" in exim.conf and set "SASL_AUTHMECH=shadow" in saslauthd.
Since I used pam with Exim as root, the log files had root permissions, so I had to change them too. |
|
Back to top |
|
|
marcelser Tux's lil' helper
Joined: 30 Sep 2004 Posts: 99
|
Posted: Wed Oct 20, 2004 9:08 am Post subject: clamassassin |
|
|
Hi Everyone,
I setup exim, clamav,spamassasin and courier-imap as described in this guide. Now I saw that there's a mailfilter called clamassassin. What do I have to change in exim.conf tu use clamassasin filter instead of clamav? As I'm a totally Exim newbie it would take me days to figure out how to include clamassasin.
Thanks for any help on this subject. |
|
Back to top |
|
|
Golbez Tux's lil' helper
Joined: 03 May 2004 Posts: 96
|
Posted: Mon Nov 01, 2004 4:12 pm Post subject: |
|
|
Zebbeman wrote: | McB4ne wrote: |
seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root? |
Pam is simple, but I think it needs Exim to be runned as root. This is a security issue, so I changed to sasl.
I think I only changed "if pam" to "if saslauthd" in exim.conf and set "SASL_AUTHMECH=shadow" in saslauthd.
Since I used pam with Exim as root, the log files had root permissions, so I had to change them too. |
I just tried this and it didnt work
do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd?
It just keeps prompting me for my password over and over like it wont authenticate
I get this in my exim_main.log:
Code: | 2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd |
|
|
Back to top |
|
|
marcelser Tux's lil' helper
Joined: 30 Sep 2004 Posts: 99
|
Posted: Tue Nov 02, 2004 8:51 am Post subject: |
|
|
Golbez wrote: | I just tried this and it didnt work
do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd? |
I'm using Code: | SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam" | in /etc/conf.d/saslauthd as authentication method, so you still use pam but you don't have to run it with root privileges.
Golbez wrote: | It just keeps prompting me for my password over and over like it wont authenticate
I get this in my exim_main.log:
Code: | 2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd |
|
I had exactly the same problem and I had to change the exim.conf to the following lines:
Code: | plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if saslauthd{{$2}{$3}{exim}}{yes}{no}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if saslauthd{{$1}{$2}{exim}}{yes}{no}}"
server_set_id = $1 |
What I had to add is the {exim} part in the conf file, I think this can be anything, you could also use {smtp} or something else. This is the sasl's realm, and it seems that it needs something in there. Hope this helps.
But I have another question. I also used exim with pam before I changed to sasl and instead of running it as root, I ran it as user "mail" and group "exim" (which I created). Then I changed the group of the "shadow" and "shadow-" file to "exim". Can someone tell me what the original permissions and groups for "shadow" and "shadow-" should because I want to remove this hack. I think the group should be root but I'm not sure about the permissions.
Thanks. |
|
Back to top |
|
|
Golbez Tux's lil' helper
Joined: 03 May 2004 Posts: 96
|
Posted: Wed Nov 03, 2004 12:37 am Post subject: |
|
|
marcelser wrote: | Golbez wrote: | I just tried this and it didnt work
do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd? |
I'm using Code: | SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam" | in /etc/conf.d/saslauthd as authentication method, so you still use pam but you don't have to run it with root privileges.
Golbez wrote: | It just keeps prompting me for my password over and over like it wont authenticate
I get this in my exim_main.log:
Code: | 2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd |
|
I had exactly the same problem and I had to change the exim.conf to the following lines:
Code: | plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if saslauthd{{$2}{$3}{exim}}{yes}{no}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if saslauthd{{$1}{$2}{exim}}{yes}{no}}"
server_set_id = $1 |
What I had to add is the {exim} part in the conf file, I think this can be anything, you could also use {smtp} or something else. This is the sasl's realm, and it seems that it needs something in there. Hope this helps.
But I have another question. I also used exim with pam before I changed to sasl and instead of running it as root, I ran it as user "mail" and group "exim" (which I created). Then I changed the group of the "shadow" and "shadow-" file to "exim". Can someone tell me what the original permissions and groups for "shadow" and "shadow-" should because I want to remove this hack. I think the group should be root but I'm not sure about the permissions.
Thanks. |
Tried that, didnt work, same error |
|
Back to top |
|
|
marcelser Tux's lil' helper
Joined: 30 Sep 2004 Posts: 99
|
Posted: Wed Nov 03, 2004 7:08 am Post subject: Version |
|
|
Do you use the newest versions of Exim and SASL? I found out that different versions may require different configurations. The example I gave below should work with the newest version, at least it does for me. This is what my exim_main.log shows when sending a mail:
Code: | 2004-11-01 11:00:21 1COYys-0005H2-Vk <= marc@shadowsrealm.ch H=fw.20minuten.ch ([127.0.0.1]) [62.12.146.130] P=esmtpa A=plain:marc S=1171 id=4186
091E.7000205@shadowsrealm.ch
2004-11-01 11:00:23 1COYys-0005H2-Vk => marc.elser@20minuten.ch R=dnslookup T=remote_smtp H=smtp.20minuten.ch [62.12.146.134]
2004-11-01 11:00:23 1COYys-0005H2-Vk Completed
20 |
|
|
Back to top |
|
|
Zebbeman n00b
Joined: 14 Jun 2003 Posts: 69
|
Posted: Thu Dec 09, 2004 10:43 am Post subject: |
|
|
Golbez:
This is how I set it up:
#/etc/exim/exim.conf:
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
#/etc/conf.d/saslauthd:
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a shadow" |
|
Back to top |
|
|
Reepicheep n00b
Joined: 29 Mar 2004 Posts: 10
|
Posted: Sat Feb 05, 2005 7:43 pm Post subject: courier-imap authdaemond |
|
|
Hey I thought I would through this into the mix.. To get auth to use the local users I use courier authdaemond socket without running exim as root.
I just set my server_condition to :
PLAIN :
Code: |
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n} {no}{yes}}
|
LOGIN :
Code: |
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n} {no}{yes}}
|
I use courier-imap anyway but it probably would work with just starting the authdaemond, then you can use what ever imap daemond you want. |
|
Back to top |
|
|
dUSk n00b
Joined: 11 Jun 2004 Posts: 15
|
Posted: Wed Jun 01, 2005 11:47 am Post subject: Re: courier-imap authdaemond |
|
|
Reepicheep wrote: | Hey I thought I would through this into the mix.. To get auth to use the local users I use courier authdaemond socket without running exim as root.
I just set my server_condition to :
PLAIN :
Code: |
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n} {no}{yes}}
|
LOGIN :
Code: |
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n} {no}{yes}}
|
I use courier-imap anyway but it probably would work with just starting the authdaemond, then you can use what ever imap daemond you want. |
I had to change the courier-auth socket path from /var/lib/courier-imap/authdaemon/socket to /var/lib/courier/authdaemon/socket and it works! thx |
|
Back to top |
|
|
sleepingsun Guru
Joined: 03 May 2006 Posts: 458 Location: Bosnia
|
Posted: Fri Oct 13, 2006 11:34 am Post subject: Need Help |
|
|
I instal and follow instruction but when i wont to start exim i get this error !
Code: | # /etc/init.d/exim start
* Starting exim ...
2006-10-13 13:32:40 Exim configuration error in line 306 of /etc/exim/exim.conf:
error in ACL: unknown ACL condition/modifier in "$dnslist_domain\n$dnslist_text" [ !! ] |
|
|
Back to top |
|
|
doublehp Guru
Joined: 11 Apr 2005 Posts: 473 Location: FRANCE
|
|
Back to top |
|
|
|