Exim ACL To Send Mailer Daemon Messages To ":fail:"
Apr 18, 2007
One of my users is receiving way too many Mailer Daemon messages and his mailbox is full. I've had this problem from time to time and I am trying to figure out how to block mailer daemon messages for a specific domain so that they do not even get on the mailing queue...much like when you set a default address to ":fail:". So I came up with this:
refuse_md1:
deny message = The original message did not come from this site.
condition = ${if eq{$sender_address}{}{yes}{no}}
condition = ${if eq{$local_part}{userdomain.com}{yes}{no}}
log_message = Refused a bounce message for userdomain.com
However, this doesn't help. The emails are still going to the mailing queue and when I look at the Exim log I see the usual error message saying that the email was blocked because the account has run out of space.
I am programming a bulk email sending for a client. I need a hosting company who can allow me to use Require 'Mail.php' to send about 5000 emails continuosly without fail.
running WHM at Fedora 6... WHM 11.11.0 cPanel 11.16.0-R18546
I have a problem with spoofing spammers.. my queue is plenty of non-delivered emails from externals SMTP, sended to NON-existents address on my server...
The question is the destination domain (mydomain.com b.example) has already its ":fail: No Such User Here" alias.
SMF records applied, but not the most external SMTP servers checks them nowadays...
Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.
Well, in my case it justs receives message and then frozen it!
210P Received: from [203.162.168.16] (port=1839 helo=luatvietnam.vn) by myserver.mine.com with smtp (Exim 4.68) id 1JMoh4-0004UG-Pz for dlsex-ireddols@mydomain.com; Wed, 06 Feb 2008 19:08:23 +0100 069P Received: (qmail 6913 invoked for bounce); 5 Feb 2008 09:04:11 -0500 032 Date: 5 Feb 2008 09:04:11 -0500 032F From: postmaster@luatvietnam.vn 039T To: dlsex-ireddols@mydomain.com 024 Subject: failure notice
WHEN TRYING TO DELIVER FROM QUEUE:
Message 1JMoh4-0004UG-Pz is no longer frozen LOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1JMoh4-0004UG-Pz delivering 1JMoh4-0004UG-Pz LOG: MAIN ** dlsex-ireddols@mydomain.com F=<> R=virtual_aliases: No Such User Here LOG: MAIN Frozen (delivery error message)
AT LOGS (first time):
2008-02-06 19:08:17 SMTP connection from [203.162.168.16]:1839 I=[85.112.9.44]:25 (TCP/IP connection count = 9) 2008-02-06 19:08:20 no host name found for IP address 203.162.168.16 2008-02-06 19:08:22 H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 Warning: Sender rate 0.0 / 1h 2008-02-06 19:08:23 1JMoh4-0004UG-Pz <= <> H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 P=smtp S=2405 T="failure notice" from <> for dlsex-ireddols@mydomain.com 2008-02-06 19:08:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1JMoh4-0004UG-Pz 2008-02-06 19:08:23 1JMoh4-0004UG-Pz ** dlsex-ireddols@mydomain.com F=<> R=virtual_aliases: No Such User Here 2008-02-06 19:08:23 1JMoh4-0004UG-Pz Frozen (delivery error message) 2008-02-06 19:08:24 SMTP connection from (luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 closed by QUIT
We're on a VPS and lately we've been getting a few 'exim has failed...A restart was attempted automagicly.' messages. Support indicated that we're hitting our limits and suggested that we move to a bigger package or remove accounts. I only have 2 active sites on this account. We're new at this and don't know if there's anything else we can do.
Does anyone know what could be causing exim to fail?
exim queue is always being filled by millions of spam mails...
In 5 minutes more than 1000 messages..
I have removed all several times but they insist in coming back..
In 1 one min:
1Ju7q6-00039t-031mDeleteDeliver Now ALEXNSONIA@MSN.COM 1Ju7q6-00039w-161mDeleteDeliver Now ALEXNSTEPH4-1-98@MSN.COM 1Ju7q6-0003A0-2s1mDeleteDeliver Now ALEXIA27@BELLSOUTH.NET ...
For the last 5 days, exim has been retrying to resend email to a recipent every 1 millisecond.
As result, logs are huge, and load is being affected.
So I'd like to know how can I set/configure exim to ingore sending to any email I'd tell it.
I mean is there any config file I can look into, to set a ignore list, or even how to have it so that it retries sending every 1 hour, instead of every 1 millisecond.
We have a reseler that wants his clients to receive the system warning and the account creation from a mail that he wants , not from the administrative mail that is default .
I've looked through my exim logs a number of times and I see emails being sent out with "from:" fields with email addresses of other domains. Usually they are spam related and fraudulent.
How can exim be setup to only send out emails that have localdomains in their from fields?
E.g. if I have account bob.com on my server then the owner of bob.com can only send out emails "xxxx@bob.com" no matter what else he tries to do that's all exim will send out.
How can you get exim to do this? I have been using filtering to block commonly spammed domains like aol.com hotmail.com etc - any emails sent out with these in their from fields are filtered and blocked - but rather building up a larger and larger filter of commonly abused domains - why not just block everything except domains on your server.
I installed exim and have been able to successfully use it as an smtp server. My test setup was as follows:
email client uses smtp.MYSERVER.com, my login, and password
The email is successfully forwarded to the appropriate recipient. However, when I create a new user, and test it's email capabilities, it does not work. I get a 535 error:
535 Incorrect authentication data
I have double checked the login and password, and I've tried this on multiple accounts. Is there an issue with how I'm creating the users? (useradd)
Just started to have problems sending emails out but no problem receiving.
Seems to be a exim problem.. tried updating it but the problem still exist but everytime I restart exim then it works for a few hours before the problem comes back.
I've just came across an issue with mailing list on a Linux server. Problem is that when a message is broadcasted from a mailing list having around 1500 subscribers, most of them having @yahoo.com and @hotmail.com addresses, message to most of the recepients fails with following error...
Code: 2009-07-09 12:26:25 1MOn2u-0001CB-QJ SMTP error from remote mail server after RCPT TO:<he***k@yahoo.com>: host c.mx.mail.yahoo.com [216.39.53.3]: 452 Too many recipients It is becuase exim tries to send a message to as many recepients as it could to users on same domain
On a Windows server, i was running Merak mail server and there was an option to send separate message to all mailing list subscribers, but i don't know where it could be located in exim config, or even if it has!
Not far ago somebody hacked our customer account through the vulnerability in phpBB Album module and uploaded some scripts. Then it started to send nigerian spam using exim and apache. These scripts were found and deleted and the Album module was fully deleted too. But when I look at the processes now I see that exim and httpd still start very often so the system resources are probably overused by them ......
I have just noticed that for several days I'm constantly receiving these infos in /var/log/messages. I haven't done anything that would invoke them. How can I disable these messages? Are they anything to worry about?
Code: Feb 6 14:28:18 server kernel: [<c014f600>] find_extend_vma+0x12/0x4f Feb 6 14:28:18 server kernel: [<c0134383>] get_futex_key+0x39/0x108 Feb 6 14:28:18 server kernel: [<c011d305>] finish_task_switch+0x30/0x66 Feb 6 14:28:18 server kernel: [<c02cf618>] schedule+0x844/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<f8d8a555>] ip6_push_pending_frames+0x340/0x369 [ipv6] Feb 6 14:28:18 server kernel: [<f8d9883f>] udp_v6_push_pending_frames+0x169/0x185 [ipv6]Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<c0278fa8>] Feb 6 14:28:18 server kernel: [<f8d98e7d>] udpv6_sendmsg+0x622/0x770 [ipv6] Feb 6 14:28:18 server kernel: [<c027a498>] __kfree_skb+0x55/0xf7 Feb 6 14:28:18 server kernel: [<c027e1b8>] skb_dequeue+0x40/0x46 Feb 6 14:28:18 server kernel: [<c027b009>] net_tx_action+0x60/0xfc Feb 6 14:28:18 server kernel: [<c0126354>] skb_recv_datagram+0x61/0x9b Feb 6 14:28:18 server kernel: [<c02b1ed7>] __do_softirq+0x4c/0xb1 Feb 6 14:28:18 server kernel: [<c010814b>] do_softirq+0x4f/0x56 Feb 6 14:28:18 server kernel: ======================= Feb 6 14:28:18 server kernel: [<c0107a60>] do_IRQ+0x1a2/0x1ae Feb 6 14:28:18 server kernel: [<c02d1d3c>] udp_recvmsg+0x5f/0x271 Feb 6 14:28:18 server kernel: [<c02b7b35>] common_interrupt+0x18/0x20 Feb 6 14:28:18 server kernel: [<c02d007b>] inet_sendmsg+0x38/0x42 Feb 6 14:28:18 server kernel: [<c02757f5>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c011fee1>] autoremove_wake_function+0x0/0x2d Feb 6 14:28:18 server kernel: [<c027a89e>] verify_iovec+0x76/0xc2 Feb 6 14:28:18 server kernel: [<c0276f44>] sys_sendmsg+0x1ee/0x23b Feb 6 14:28:18 server kernel: [<c011cb7d>] activate_task+0x88/0x95 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c0170776>] inode_update_time+0x80/0x87 Feb 6 14:28:18 server kernel: [<c0164748>] pipe_writev+0x310/0x31c Feb 6 14:28:18 server kernel: [<c02cf622>] schedule+0x84e/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<f8d98ef7>] udpv6_sendmsg+0x69c/0x770 [ipv6] Feb 6 14:28:18 server kernel: [<c027a498>] skb_dequeue+0x40/0x46 Feb 6 14:28:18 server kernel: [<c027b009>] skb_recv_datagram+0x61/0x9b Feb 6 14:28:18 server kernel: [<c02b1ed7>] udp_recvmsg+0x5f/0x271 Feb 6 14:28:18 server kernel: [<c02b7b35>] inet_sendmsg+0x38/0x42 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c011fee1>] autoremove_wake_function+0x0/0x2d Feb 6 14:28:18 server kernel: [<c027a89e>] verify_iovec+0x76/0xc2 Feb 6 14:28:18 server kernel: [<c0276f44>] sys_sendmsg+0x1ee/0x23b Feb 6 14:28:18 server kernel: [<c011cb7d>] activate_task+0x88/0x95 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c0170776>] inode_update_time+0x80/0x87 Feb 6 14:28:18 server kernel: [<c0164748>] pipe_writev+0x310/0x31c Feb 6 14:28:18 server kernel: [<c02cf622>] schedule+0x84e/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e
# Added for me hostlist privaterelay_hosts = lsearch;/etc/privaterelay
And changed this:
accept hosts = +relay_hosts
Into this:
accept hosts = +relay_hosts +privaterelay_hosts
within the Exim Advanced configuration editor. Cause I wish to allow a relay without authentification.
This morning, I've got this:
cPanel was unable to automatically merge your Exim configuration with the new settings that shipped with the build you have installed (11.23.6-RELEASE_27698) because you have a custom ACL configuration which cannot be automatically configured.
To avoid any mail downtime, we thought it was best to leave your previous configuration intact until the new configuration can be properly installed. In order to complete this configuration update, you will need to manually merge your configuration with the new configuration settings. Please follow the steps below to complete this update:
1. Enter the Advanced Configuration Editor
2. Notate any custom changes you have made in the ACL section. You may also which to make a copy of /etc/exim.conf.local and /etc/exim.conf.localopts as custom settings are contained in these files.
3. Click the 'Reset ACL Config to Defaults' button.
4. Reinstall your advanced custom settings.
Until you manually complete this update, automatic spam filtering may have been rendered inoperable to prevent any mail loss. (This generally only applied is you were upgrading from cPanel 10.x)
Current Config Version: unknown New Config Version: 4.900000
What can I do to prevent this ? Cause last time, all mail was receiving a 550 (SMTP Protocol Returned a Permanent Error 550 Sender verify failed) which is pretty bad...