Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How To setup exim + exiscan-acl + SpamAssassin + clamav +...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
baraka
n00b
n00b


Joined: 16 Jan 2004
Posts: 3

PostPosted: Sat Jun 26, 2004 12:02 am    Post subject: no log for exim Reply with quote

Hi guys, i try to make exim works first without spam and anti-virus system, till now i was not able to send outside the world email neither receive (i have a mx record set to my mail server). The real annoying problem is pehaps i have log_file_path=syslog i was have notice no /var/log/exim/ files.

What can be happening? i need full logs to know what happening :/
Back to top
View user's profile Send private message
baraka
n00b
n00b


Joined: 16 Jan 2004
Posts: 3

PostPosted: Wed Jun 30, 2004 7:17 pm    Post subject: Re: SMTP-Auth for inbound connections Reply with quote

Cataclysm wrote:
Thanks and regards for the following go to Vinay Malkani, he send it to me by email.

Quote:
Smtp-auth (based on actual user logins) for inbound connections was extremely simple. I thought you might want to add it to your guide.
First create /etc/pam.d/exim (probably created for you when you emerged exim)
This file should read as follows:

--------BEGIN CODE-----------

# You may need to remove the "md5"
auth required pam_unix.so shadow md5
account required pam_unix.so

-------END CODE-------------

Next add to to your exim.conf file the following items
1.

---------BEGIN CODE--------

exim_user = root // add this to the top of the file

---------END CODE-------------

2. in the authenticators section add:

----------BEGIN CODE--------



plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1

--------END CODE-----------------

and that’s it



I am using that code for authenticaton but maybe cause of the setting of never used:

Quote:

never_users = root


i got a message from Mailer-Daemon like these:

Quote:

...
The addresses to which the message has not yet been delivered are:

bar4ka@spymac.com
Delay reason: User 0 set for remote_smtp transport is on the never_users list
...


and this messages repeats until it give-up delivering.
I read something about this error messages and try to put the following:

Quote:

system_filter_user = mail


but no luck too. Any help for this ?
Back to top
View user's profile Send private message
Zebbeman
n00b
n00b


Joined: 14 Jun 2003
Posts: 69

PostPosted: Sun Jul 11, 2004 9:38 pm    Post subject: Reply with quote

I'm not sure if this is correct, but I think you cannot comment out never_users anymore. If it still works, you have to comment out # never_users if you are running Exim as root. I had a similar problem running exim as root after an update, so I changed from pam to sasl.

Pam needs Exim to be runned as root, sasl dont.
Back to top
View user's profile Send private message
catman__
n00b
n00b


Joined: 14 Jul 2004
Posts: 2

PostPosted: Wed Jul 14, 2004 10:06 am    Post subject: exim must bounce incomming mail Reply with quote

hi i want to bounce incomming mail with exim that are not used. With other words how can i bounce emails except the email adresses that i use.

tnx

catman
_________________
just a gentoo user
Back to top
View user's profile Send private message
BakaO
n00b
n00b


Joined: 27 Sep 2003
Posts: 74

PostPosted: Fri Aug 20, 2004 9:09 am    Post subject: Reply with quote

Hello,

first, i would like to thanks you all for making gentoo the best distro !

Thanks Cataclysm !

I have a question, what should the spam become once it is detected has spam ?

Is it deleted ? so why we can change the title with ***** SPAM ***** ?
Or maybe it is delivered but marked as deleted ?

One more : for my house, i configure fetchmail -> exim -> spammasssin / clamv -> maildir -> courier-imap

OK but when i look at the log, when a spam is find, exim tell me that it can't find the 'FETCHMAIL-DEAMON' user 8O is it normal ?

Thanks for all.
Back to top
View user's profile Send private message
rex123
Apprentice
Apprentice


Joined: 21 Apr 2004
Posts: 272

PostPosted: Fri Aug 20, 2004 2:14 pm    Post subject: Reply with quote

I'm running a very similar set-up to the one in this how-to, on a server with about 10 mail users. I found that spamassassin works miles better (and it's really amazingly good) if you enable bayesian rules. I have one bayesian database for the whole server. The way to set this up is to create a user, with a home directory, and use sa-learn as that user. I have a user called spamd.

Then change the spamd part of exim.conf to something like this:

Code:

warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = spamd:true/defer_ok
  warn  message = X-Spam-Report: $spam_report
        spam = spamd:true/defer_ok

  # Add X-Spam-Flag if spam is over system-wide threshold
  warn message = X-Spam-Flag: YES
       spam = spamd/defer_ok
...


The /defer_ok tells exim not to defer the message if spamd is down for some reason - it just skips the spamassassin routine. Requires exiscan 4.33.

Train spamassassin using sa-learn, and you're away. It needs 200 ham and 200 spam to get going, then it just gets better. I have my filters set to reject at 5.0, and I treat anything scoring over 1.0 as suspect. This produces almost no false positives, and catches almost everything (but I've been training it for a while, and I get a lot of spam).[/b]
Back to top
View user's profile Send private message
McB4ne
n00b
n00b


Joined: 25 Aug 2004
Posts: 17

PostPosted: Mon Aug 30, 2004 8:00 pm    Post subject: Reply with quote

Zebbeman wrote:
I'm not sure if this is correct, but I think you cannot comment out never_users anymore. If it still works, you have to comment out # never_users if you are running Exim as root. I had a similar problem running exim as root after an update, so I changed from pam to sasl.

Pam needs Exim to be runned as root, sasl dont.


I tried commending out the whole line

#never_users = root

It gives the error of:

2004-08-30 19:57:07 1C1wxJ-0005Ss-Ty == mcbane@gmail.com R=dnslookup T=remote_smtp defer (-29): User 0 set for remote_smtp transport is on the fixed_never_users list

:lol: seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root?
Back to top
View user's profile Send private message
batzee
Tux's lil' helper
Tux's lil' helper


Joined: 27 Apr 2004
Posts: 105

PostPosted: Wed Sep 01, 2004 2:01 pm    Post subject: hmmmm.. that sucks! Reply with quote

Could anyone who has successfully setup exim for smtp auth + relaying for authenticated clients only + no problems with never_users and exim_users please post how this can be done? If sasl really is the only way, could someone explain how to configure this?

thanks!
Back to top
View user's profile Send private message
rex123
Apprentice
Apprentice


Joined: 21 Apr 2004
Posts: 272

PostPosted: Wed Sep 01, 2004 3:19 pm    Post subject: Reply with quote

Quote:
Could anyone who has successfully setup exim for smtp auth + relaying for authenticated clients only + no problems with never_users and exim_users please post how this can be done? If sasl really is the only way, could someone explain how to configure this?

thanks!


This might help (I'm only including the relevant bits):

Code:

# allow relaying from localhost
hostlist   relay_from_hosts = 127.0.0.1

# I use tls. This means I can use pam, and shell accounts are still safe
tls_advertise_hosts = *
# You need to get hold of a certificate for this.
# See http://www.exim.org/exim-html-4.40/doc/html/spec_37.html#CHAP37
# for more info.
tls_certificate = /etc/exim/eximcert.pem

# define auth acl
acl_smtp_auth = acl_check_auth
# define rcpt acl
acl_smtp_rcpt = acl_check_rcpt

# other definitions here...

begin acl

acl_check_auth:

  # Only care about authentication if it's encrypted (this is optional, clearly)

  accept  encrypted = *

  deny    message       = Rejected authentication: Encryption required

acl_check_rcpt:

# Accept rcpt if the sender is authenticated
  accept  authenticated = *

# spam checks, HELO checks, sender verification checks etc here

# Check for local domain here...

# if we've reached here, then it's a relay attempt, by someone
# who is not authenticated, so deny

  deny    message       = Rejected recipient: relay not permitted without encrypted authentication

# other acls here...

begin routers

# routers here

begin transports

#transports here

begin retry

# I have nothing here

begin rewrite

# Nor here

begin authenticators

# you need to have both of these if anyone uses Outlook.
# As you can see, I'm using pam with tls. It works well, but the
# client setup is slightly more effort than normal.

plain:
  driver = plaintext
  public_name = PLAIN
  server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
  server_condition = "${if pam{$2:$3}{1}{0}}"
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
  server_prompts = "Username:: : Password::"
  server_condition = "${if pam{$1:$2}{1}{0}}"
  server_set_id = $1




Sorry if I've missed out anything crucial. Someone will probably notice it anyway.
Back to top
View user's profile Send private message
batzee
Tux's lil' helper
Tux's lil' helper


Joined: 27 Apr 2004
Posts: 105

PostPosted: Fri Sep 03, 2004 1:46 pm    Post subject: Reply with quote

Thanks for your help - now one more question: I am subscribed to some more or less high-volume mailinglists, each of them is filtered to a dedicated folder. Now what I would like to have is some tool which deletes old messages from these mailinglists folders automatically, maybe in a logrotate-like fashion (put old messages in an archive and zip it, delete the oldest of these archives each time).

Does anyone know if such a thing exists?
Back to top
View user's profile Send private message
BakaO
n00b
n00b


Joined: 27 Sep 2003
Posts: 74

PostPosted: Sun Sep 12, 2004 9:11 pm    Post subject: Reply with quote

Hello,
I have a big question : here is how my server is configured :

1 computer (my server) is installed with courier-imap + fetchmail + exim + spamassasin

Fetchmail gather for me 6 mail box et for my sister 2 mail box.

Everything is ok : exim accept mail from fetchmail in local, and let me send mail (smtp) with a computer in the local network.

But (here is my problem) : i want to enable auth smtp for let me use my server everywhere inthe world, but it this time, fetchmail is blocked (it don't use auth).

So : is there a thing do change in my exim conf file to let smtp in local without auth, or everything else ?

thanks.
Back to top
View user's profile Send private message
Golbez
Tux's lil' helper
Tux's lil' helper


Joined: 03 May 2004
Posts: 96

PostPosted: Thu Sep 16, 2004 11:56 pm    Post subject: Reply with quote

hey batzee, did that setup work, cause I know the exact problems you are having and feel your pain :)
Back to top
View user's profile Send private message
Zebbeman
n00b
n00b


Joined: 14 Jun 2003
Posts: 69

PostPosted: Tue Oct 12, 2004 2:40 pm    Post subject: Reply with quote

McB4ne wrote:

:lol: seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root?


Pam is simple, but I think it needs Exim to be runned as root. This is a security issue, so I changed to sasl.
I think I only changed "if pam" to "if saslauthd" in exim.conf and set "SASL_AUTHMECH=shadow" in saslauthd.
Since I used pam with Exim as root, the log files had root permissions, so I had to change them too.
Back to top
View user's profile Send private message
marcelser
Tux's lil' helper
Tux's lil' helper


Joined: 30 Sep 2004
Posts: 92

PostPosted: Wed Oct 20, 2004 9:08 am    Post subject: clamassassin Reply with quote

Hi Everyone,

I setup exim, clamav,spamassasin and courier-imap as described in this guide. Now I saw that there's a mailfilter called clamassassin. What do I have to change in exim.conf tu use clamassasin filter instead of clamav? As I'm a totally Exim newbie it would take me days to figure out how to include clamassasin.

Thanks for any help on this subject.
Back to top
View user's profile Send private message
Golbez
Tux's lil' helper
Tux's lil' helper


Joined: 03 May 2004
Posts: 96

PostPosted: Mon Nov 01, 2004 4:12 pm    Post subject: Reply with quote

Zebbeman wrote:
McB4ne wrote:

:lol: seroiusly I dont want to install cyrus-sasl cause it completely screwed my exim last time, and pam is so simple but how can I get this to work either with exim happy as root or pam happy as not root?


Pam is simple, but I think it needs Exim to be runned as root. This is a security issue, so I changed to sasl.
I think I only changed "if pam" to "if saslauthd" in exim.conf and set "SASL_AUTHMECH=shadow" in saslauthd.
Since I used pam with Exim as root, the log files had root permissions, so I had to change them too.


I just tried this and it didnt work :(

do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd?

It just keeps prompting me for my password over and over like it wont authenticate

I get this in my exim_main.log:
Code:
2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd
Back to top
View user's profile Send private message
marcelser
Tux's lil' helper
Tux's lil' helper


Joined: 30 Sep 2004
Posts: 92

PostPosted: Tue Nov 02, 2004 8:51 am    Post subject: Reply with quote

Golbez wrote:
I just tried this and it didnt work :(

do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd?

I'm using
Code:
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"                                                                                                         
in /etc/conf.d/saslauthd as authentication method, so you still use pam but you don't have to run it with root privileges.

Golbez wrote:
It just keeps prompting me for my password over and over like it wont authenticate

I get this in my exim_main.log:
Code:
2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd

I had exactly the same problem and I had to change the exim.conf to the following lines:

Code:
plain:                                                                                                                                           
  driver = plaintext                                                                                                                             
  public_name = PLAIN                                                                                                                           
  server_condition = "${if saslauthd{{$2}{$3}{exim}}{yes}{no}}"                                                                                 
  server_set_id = $2                                                                                                                             
                                                                                                                                                 
login:                                                                                                                                           
  driver = plaintext                                                                                                                             
  public_name = LOGIN                                                                                                                           
  server_prompts = "Username:: : Password::"                                                                                                     
  server_condition = "${if saslauthd{{$1}{$2}{exim}}{yes}{no}}"                                                                                 
  server_set_id = $1


What I had to add is the {exim} part in the conf file, I think this can be anything, you could also use {smtp} or something else. This is the sasl's realm, and it seems that it needs something in there. Hope this helps.

But I have another question. I also used exim with pam before I changed to sasl and instead of running it as root, I ran it as user "mail" and group "exim" (which I created). Then I changed the group of the "shadow" and "shadow-" file to "exim". Can someone tell me what the original permissions and groups for "shadow" and "shadow-" should because I want to remove this hack. I think the group should be root but I'm not sure about the permissions.

Thanks.
Back to top
View user's profile Send private message
Golbez
Tux's lil' helper
Tux's lil' helper


Joined: 03 May 2004
Posts: 96

PostPosted: Wed Nov 03, 2004 12:37 am    Post subject: Reply with quote

marcelser wrote:
Golbez wrote:
I just tried this and it didnt work :(

do you put SASL_AUTHMECH=shadow in /etc/conf.d/saslauthd?

I'm using
Code:
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"                                                                                                         
in /etc/conf.d/saslauthd as authentication method, so you still use pam but you don't have to run it with root privileges.

Golbez wrote:
It just keeps prompting me for my password over and over like it wont authenticate

I get this in my exim_main.log:
Code:
2004-11-01 10:38:28 login authenticator failed for c-67-166-219-252.client.comcast.net ([127.0.0.1]) [67.166.219.252]: 435 Unable to authenticate at present (set_id=cgee): too few arguments or bracketing error for saslauthd

I had exactly the same problem and I had to change the exim.conf to the following lines:

Code:
plain:                                                                                                                                           
  driver = plaintext                                                                                                                             
  public_name = PLAIN                                                                                                                           
  server_condition = "${if saslauthd{{$2}{$3}{exim}}{yes}{no}}"                                                                                 
  server_set_id = $2                                                                                                                             
                                                                                                                                                 
login:                                                                                                                                           
  driver = plaintext                                                                                                                             
  public_name = LOGIN                                                                                                                           
  server_prompts = "Username:: : Password::"                                                                                                     
  server_condition = "${if saslauthd{{$1}{$2}{exim}}{yes}{no}}"                                                                                 
  server_set_id = $1


What I had to add is the {exim} part in the conf file, I think this can be anything, you could also use {smtp} or something else. This is the sasl's realm, and it seems that it needs something in there. Hope this helps.

But I have another question. I also used exim with pam before I changed to sasl and instead of running it as root, I ran it as user "mail" and group "exim" (which I created). Then I changed the group of the "shadow" and "shadow-" file to "exim". Can someone tell me what the original permissions and groups for "shadow" and "shadow-" should because I want to remove this hack. I think the group should be root but I'm not sure about the permissions.

Thanks.


Tried that, didnt work, same error :(
Back to top
View user's profile Send private message
marcelser
Tux's lil' helper
Tux's lil' helper


Joined: 30 Sep 2004
Posts: 92

PostPosted: Wed Nov 03, 2004 7:08 am    Post subject: Version Reply with quote

Do you use the newest versions of Exim and SASL? I found out that different versions may require different configurations. The example I gave below should work with the newest version, at least it does for me. This is what my exim_main.log shows when sending a mail:
Code:
2004-11-01 11:00:21 1COYys-0005H2-Vk <= marc@shadowsrealm.ch H=fw.20minuten.ch ([127.0.0.1]) [62.12.146.130] P=esmtpa A=plain:marc S=1171 id=4186
091E.7000205@shadowsrealm.ch
2004-11-01 11:00:23 1COYys-0005H2-Vk => marc.elser@20minuten.ch R=dnslookup T=remote_smtp H=smtp.20minuten.ch [62.12.146.134]
2004-11-01 11:00:23 1COYys-0005H2-Vk Completed
20
Back to top
View user's profile Send private message
Zebbeman
n00b
n00b


Joined: 14 Jun 2003
Posts: 69

PostPosted: Thu Dec 09, 2004 10:43 am    Post subject: Reply with quote

Golbez:
This is how I set it up:
#/etc/exim/exim.conf:
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}

#/etc/conf.d/saslauthd:
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a shadow"
Back to top
View user's profile Send private message
Reepicheep
n00b
n00b


Joined: 29 Mar 2004
Posts: 10

PostPosted: Sat Feb 05, 2005 7:43 pm    Post subject: courier-imap authdaemond Reply with quote

Hey I thought I would through this into the mix.. To get auth to use the local users I use courier authdaemond socket without running exim as root.

I just set my server_condition to :

PLAIN :
Code:
 
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
    {AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n} {no}{yes}}


LOGIN :
Code:

server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
    {AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n} {no}{yes}}


I use courier-imap anyway but it probably would work with just starting the authdaemond, then you can use what ever imap daemond you want.
Back to top
View user's profile Send private message
dUSk
n00b
n00b


Joined: 11 Jun 2004
Posts: 15

PostPosted: Wed Jun 01, 2005 11:47 am    Post subject: Re: courier-imap authdaemond Reply with quote

Reepicheep wrote:
Hey I thought I would through this into the mix.. To get auth to use the local users I use courier authdaemond socket without running exim as root.

I just set my server_condition to :

PLAIN :
Code:
 
server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
    {AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n} {no}{yes}}


LOGIN :
Code:

server_condition = ${if eq {${readsocket{/var/lib/courier-imap/authdaemon/socket} \
    {AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n} {no}{yes}}


I use courier-imap anyway but it probably would work with just starting the authdaemond, then you can use what ever imap daemond you want.


I had to change the courier-auth socket path from /var/lib/courier-imap/authdaemon/socket to /var/lib/courier/authdaemon/socket and it works! ;) thx
Back to top
View user's profile Send private message
sleepingsun
Guru
Guru


Joined: 03 May 2006
Posts: 382
Location: Bosnia

PostPosted: Fri Oct 13, 2006 11:34 am    Post subject: Need Help Reply with quote

I instal and follow instruction but when i wont to start exim i get this error !

Code:
# /etc/init.d/exim start
 * Starting exim ...
2006-10-13 13:32:40 Exim configuration error in line 306 of /etc/exim/exim.conf:
  error in ACL: unknown ACL condition/modifier in "$dnslist_domain\n$dnslist_text"                                            [ !! ]
Back to top
View user's profile Send private message
doublehp
Guru
Guru


Joined: 11 Apr 2005
Posts: 472
Location: FRANCE

PostPosted: Fri Dec 22, 2006 2:04 pm    Post subject: Reply with quote

For
Quote:
T=remote_smtp defer (-42): authentication required but server did not advertise AUTH support


I explain a fix here: https://forums.gentoo.org/viewtopic-p-3794054.html#3794054

In short, comment (or cleverly tweak) the line:
Quote:
hosts_require_auth=*

_________________
DEMAINE Benoît-Pierre (aka DoubleHP ) http://www.demaine.info/
>o_/ Coin coin coin \_o<
to contact me (MSN,ICQ, JABBER, Skype ... ) http://benoit.demaine.info/contact.png
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum