[exim] Re: smtp transport, deferred messages and wrong interface
Il 31/01/2025 10:53, Jeremy Harris via Exim-users ha scritto: Well, you've not said what version Exim you are running so I can only guess it's something modern. You could split out to separate named-queues during reception, and have separate queue-runners. Or you could run two totally separate Exim instances (again, I'm having to go on the limited assumption of "two" on the info you gave). However, I'm quite dubious that you're running a legitimate high-level architecture. Perhaps you'd be better off adjusting those SPF records. I'm currently running Exim 4.93. I have 10 different interfaces with 10 different IP addresses, used for different mail flows and/or different customers. If one IP address is reserved for one specific customer I should not add that to the SPF record of a different customer... Splitting the messages in different queues is interesting though. Could you point me to some documentation on how to implement that? Thanks M. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] smtp transport, deferred messages and wrong interface
Hello everyone, I have a remote_smtp transport configured to send messages using the same interface that originally received such message. All is working well a part from one specific case: defers. When messages are deferred due to termporary errors from the remote hosts, it happens that after a while they are delivered using a different interface, not the one that was previously designated. After a long investigation, I noticed that it happens when the following situation arises: 1. *msg1 *received from *interface1* and addressed to *hostA*. 2. *msg1 *delivery attempt using *interface1 *failed due to temporary error of remote *hostA *(defer). 3. *msg2 *received from *interface2 *** and addressed to *hostA*. 4. *msg2 *delivery attempt using *interface2 *failed due to temporary error of remote *hostA *(defer). 5. *msg3 *received from *interface3* and addressed to *hostA*. 6. *msg3 *delivery attempt using *interface3 *successful (exim logs mark the interface address on the "=>" line like this: I=[interface3]). 7. *msg1 *delivery attempt using *interface3 *successful (exim logs mark the interface address on the "=>" line using a "*" like this: I=[interface3]*). 8. *msg2 *delivery attempt using *interface3 *successful (exim logs mark the interface address on the "=>" line using a "*" like this: I=[interface3]*). Exim knows that is using the wrong interface to deliver the messages, because it puts a "*" near the interface in the logs! Summarizing, the first interface that is able to deliver a message to a host that has a retry time configured on other interfaces is used by Exim to deliver every message that was previously deferred, with disregard of the interface that was set at the transport level. That, of course, is causing issues with SPF. The messages have to be sent using the right interface (IP address)! Is there a way to disable or control this behavior? It would also be a useful feature it there was a way to select a fallback interface following some configurable rules. Thanks in advance for your help! Matteo Bonora -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: "No errors" in $spf_header_comment
On 30.01.2025 18:33, Andreas Metzler via Exim-users wrote: libspf2 also comes with a command-line program (spfquery) - Perhaps Patrik can reproduce the issue with spfquery. $ echo "1.1.1.1"a...@many-spf.hp-mail-infra-test-01.ch helohost.com | spfquery -f - StartError Context: Failed to query MAIL-FROM ErrorCode: (32) Multiple SPF or TXT records for domain. Error: Multiple SPF records for 'many-spf.hp-mail-infra-test-01.ch' EndError permerror spfquery: error in processing during lookup of domain of many-spf.hp-mail-infra-test-01.ch: No errors Received-SPF: permerror (spfquery: error in processing during lookup of domain of many-spf.hp-mail-infra-test-01.ch: No errors) client-ip=1.1.1.1;envelope-from=a...@many-spf.hp-mail-infra-test-01.ch; helo=helohost.com; I guess this puts exim definitely in the clear. Sorry for the noise. Regards, Patrik OpenPGP_signature.asc Description: OpenPGP digital signature -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
On 31/01/2025 10:08, Matteo Bonora via Exim-users wrote: Splitting the messages in different queues is interesting though. Could you point me to some documentation on how to implement that? https://exim.org/exim-html-4.93/doc/html/spec_html/index.html Concept index. Named queues, and the "queue" ACL modifier. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
Unfortunately I cannot do that... That would be detrimental for hosts which rate limits the connection number. We currently have "connection_max_messages = 20" Setting it to an higher value would get us blocked due to "too many messages in one connection". Setting it to a lower value we would hit the connections limit per time unit. This is an high traffic SMTP and we had to tune it that way to get the best deliverability. I'm open to alternatives ;) Thanks Matteo Il 31/01/2025 10:16, Jeremy Harris via Exim-users ha scritto: Try setting "connection_max_messages = 1" on the transport. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
On 30/01/2025 18:34, Matteo Bonora via Exim-users wrote: Is there a way to disable or control this behavior? Try setting "connection_max_messages = 1" on the transport. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
On 31/01/2025 09:30, Matteo Bonora via Exim-users wrote: I'm open to alternatives ;) Well, you've not said what version Exim you are running so I can only guess it's something modern. You could split out to separate named-queues during reception, and have separate queue-runners. Or you could run two totally separate Exim instances (again, I'm having to go on the limited assumption of "two" on the info you gave). However, I'm quite dubious that you're running a legitimate high-level architecture. Perhaps you'd be better off adjusting those SPF records. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Is anyone using Exim with OpenSSL v1.1.1 or earlier ?
Is anyone using Exim with OpenSSL v1.1.1 or earlier ? Context: https://bugs.exim.org/show_bug.cgi?id=3131 and the mailop list message below. (I still have a VM that can build Exim 4.98 with OpenSSL 1.O.2u but would not dare run it in listening mode.) Thanks, -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- Forwarded message -- Date: Fri, 31 Jan 2025 13:21:26 +1100 From: Viktor Dukhovni via mailop To: mai...@mailop.org Cc: Viktor Dukhovni Subject: Re: [mailop] Updating DANE support in exim - was Re: SMTP TLS Reports for forged senders. On Thu, Jan 30, 2025 at 06:38:14PM +, Andrew C Aitchison via mailop wrote: On Mon, 18 Nov 2024, Viktor Dukhovni via mailop wrote: Exim is after all (IIRC) still using my dated code for DANE cert validation over OpenSSL. Though with OpenSSL 1.0.2 long in the rear-view mirror, this might also be a good time to switch to the native OpenSSL DANE support. If you know anyone who might be interested in doing that, please have them get in touch if they need help. https://bugs.exim.org/show_bug.cgi?id=3131 DANE support was added in OpenSSL 1.1.0 and has been stable since. Both OpenSSL 1.1.0 and 1.1.1 (LTS) have been retired. The oldest still supported version is 3.0. So there should not IMHO be any concerns about requiring at least 1.1.1 and probably 3.0 in new version of Exim. The documentation for the native DANE support in OpenSSL is in: https://docs.openssl.org/3.0/man3/SSL_CTX_dane_enable/ The "EXAMPLES" section has a fairly detailed sketch of how the API might be used. In Postfix the code in question can be found at: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1076-L1169 https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L574-L597 [ Much of that is recently added code to support TLSRPT. ] -- -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
On Thu, Jan 30, 2025 at 07:34:31PM +0100, Matteo Bonora via Exim-users wrote: > I have a remote_smtp transport configured to send messages using the same > interface that originally received such message. Please, post here configuration of this transport, and explain how outgoing interface is bounded to incoming one. -- Eugene Berdnikov -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
Il 31/01/2025 15:05, Evgeniy Berdnikov via Exim-users ha scritto:
Attenzione: Questa email arriva da un mittente insolito.
Attenzione: Assicurati che sia qualcuno di cui ti fidi.
On Thu, Jan 30, 2025 at 07:34:31PM +0100, Matteo Bonora via Exim-users wrote:
I have a remote_smtp transport configured to send messages using the same
interface that originally received such message.
Please, post here configuration of this transport, and explain
how outgoing interface is bounded to incoming one.
This transport is really very simple and the bonding is done by the
"interface = $interface_address" line. It works perfectly in every case
but the one I described.
Here the configuration:
remote_smtp: driver = smtp interface = $interface_address helo_data =
${lookup{$interface_address}lsearch{/some/path/active_hostnames.txt}{$value}{$primary_hostname}}
multi_domain = false max_rcpt = 5 connection_max_messages = 20
dkim_domain = ... dkim_selector = ... dkim_private_key = ...
Thanks
Matteo
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Is anyone using Exim with OpenSSL v1.1.1 or earlier ?
On 31/01/2025 14:38, Jeremy Harris via Exim-users wrote: On 31/01/2025 11:35, Andrew C Aitchison via Exim-users wrote: Is anyone using Exim with OpenSSL v1.1.1 or earlier ? There's a buildfarm system running 1.0.2g (Solaris 10) and another running 1.0.2t (Solaris 11). Any informant notes that RHEL 8 and its clones are at 1.1.1k -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Is anyone using Exim with OpenSSL v1.1.1 or earlier ?
On 31/01/2025 11:35, Andrew C Aitchison via Exim-users wrote: Is anyone using Exim with OpenSSL v1.1.1 or earlier ? There's a buildfarm system running 1.0.2g (Solaris 10) and another running 1.0.2t (Solaris 11). -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
On 31/01/2025 17:08, Matteo Bonora via Exim-users wrote: This transport is really very simple and the bonding is done by the "interface = $interface_address" line. It works perfectly in every case but the one I described. Commit 237b2df13410 looks relevant. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
Why you have altered the original message? It is not fair and offensive. On Fri, 31 Jan 2025, Matteo Bonora via Exim-users wrote: Il 31/01/2025 15:05, Evgeniy Berdnikov via Exim-users ha scritto: Attenzione: Questa email arriva da un mittente insolito. Attenzione: Assicurati che sia qualcuno di cui ti fidi. -- Leonardo Boselli Firenze, Toscana, Europa http://i.trail.it tel:+393287329225 -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: smtp transport, deferred messages and wrong interface
Ehm... Sorry? If you are referring to the following 2 lines: Attenzione: Questa email arriva da un mittente insolito. Attenzione: Assicurati che sia qualcuno di cui ti fidi. They are simply a warning from our Email Security Gateway, added on top of messages, to alert the recipient about messages from new senders. I simply forgot to remove the lines before sending my reply... Nothing unfair or offensive... Matteo Il 31 gennaio 2025 19:19:55 CET, Leonardo Boselli ha scritto: > >Why you have altered the original message? >It is not fair and offensive. > >On Fri, 31 Jan 2025, Matteo Bonora via Exim-users wrote: > >> Il 31/01/2025 15:05, Evgeniy Berdnikov via Exim-users ha scritto: >>> Attenzione: Questa email arriva da un mittente insolito. >>> Attenzione: Assicurati che sia qualcuno di cui ti fidi. >-- >Leonardo Boselli >Firenze, Toscana, Europa >https://urlsand.esvalabs.com/?u=http%3A%2F%2Fi.trail.it&e=7b71de7d&h=9abcc19e&f=y&p=y > tel:+393287329225 > >-- -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
