Exim – spam spreading by “exim -bpc”?

I found that server have low reputation on talosintelligence. When I search through exim logs I found that in each minute there is run of exim process to counting queue.

exim mainlog:

2019-04-21 11:45:37 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:46:34 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:47:35 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:48:34 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:49:40 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:50:48 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:51:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:52:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:53:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:54:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:55:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:56:51 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:57:53 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:58:53 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 11:59:53 cwd=/ 2 args: /usr/sbin/exim -bpc 2019-04-21 12:00:53 cwd=/ 2 args: /usr/sbin/exim -bpc 

In cron I don’t have about that (only spam checks – but run in 5min interval, not in 1min intervals)

cron log:

Apr 21 10:35:01 web1 CROND[16720]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) Apr 21 10:50:01 web1 CROND[20325]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) Apr 21 11:05:01 web1 CROND[23974]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) Apr 21 11:20:01 web1 CROND[27758]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) Apr 21 11:35:01 web1 CROND[31355]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) Apr 21 11:50:01 web1 CROND[2504]: (root) CMD (/usr/local/cpanel/scripts/eximstats_spam_check 2>&1) 

Maybe someone have idea where to search more about that thing?

cPanel version if needed v78.0.21

8bit to Quoted-Printable encoding in Exim

Is it at all possible, and how, to configure the Exim4 mail server to convert outgoing messages (or message parts) from 8bit encoding to Quoted-Printable (or Base64, although I’d prefer QP) before signing them with DKIM and transferring them?

We currently have a setup where messages containing 8bit parts get an invalid DKIM signature when arriving at the destination server because they are converted by an upstream server (which we have no control of) to Quoted-Printable. Unfortunately, we can’t really complain about the behaviour of the upstream server because RFC4871 clearly states that it is the signing server that has to reencode the mail in the appropriate encoding before signing (see RFC4871 section 5.3):

In order to minimize the chances of such breakage, signers SHOULD convert the message to a suitable MIME content transfer encoding such as quoted-printable or base64 as described in MIME Part One [RFC2045] before signing.

I would therefore expect this conversion to be a basic function of any mail server supporting DKIM, but as far as I searched in the exim manuals, there is nothing like that. Is it any known solution to this issue?

Exim denies or allow all incoming mails

I have strange problem. Exim4 deployment on ubuntu.

Desired configuration: – accept mails only for the local domain – deliver mails sent from locally authenticated users

With the default config exim acts as open relay which is terrible.

I’m using the following acl:

> acl_smtp_rcpt: >     accept hosts = : >     accept authenticated = * >     deny domains = !+local_domains >          message = Relaying denied >     accept 

I tried also:

> acl_smtp_rcpt: >     accept hosts = : >     accept authenticated = * >     deny domains = !mydomain.tld >          message = Relaying denied >     accept 

I also tried the reverse setting: using “accept domains” and “deny” at the end of the acl.

If I enable the acl all mails are declined with “550 Administrative prohibition” message. If I disable it, it accepts all mails to any address (open relay).

Any idea what could be wrong?

Alias to forward mail to all addresses for a domain using Exim

I’m using Exim v4.91 in a CentOS 7 server hosting more than one domain and I’d like to set up a group address/alias to forward mail messages to all addresses of a given domain (one for every domain). I.e. if I send an email to everyone@example.com it would be sent to *@example.com, all email to everyone@example2.com should be sent to *@example2.com, etc.

I’ve found how to set up catch-all aliases but what I want to achieve is the opposite, not an alias to receive all incoming messages but a forward-to-all-accounts all incoming messages.

Why is this Exim string expansion for an environment variable not working?

The problem

In short, using the following line in my Exim transport does not result in the string expansion (insertion) of the TESTVAR environment variable:

headers_add = "X-TESTVAR: $  {env{TESTVAR}{$  value}{The TESTVAR environment variable was not found}}" 

I never get $ value; I always get “The TESTVAR environment variable was not found”.

What am I doing wrong?


account@example.com [~]# cat /etc/redhat-release CentOS release 6.10 (Final) 

Exim version:

account@example.com [~]# exim --version Exim version 4.91 #1 built 11-May-2018 09:49:25 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 4.7.25: (September 12, 2013) Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DKIM DNSSEC Event I18N OCSP PRDR SPF Experimental_SRS Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz dnsdb passwd sqlite Authenticators: cram_md5 dovecot plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Configure owner: 0:0 Size of off_t: 8 2019-03-08 19:04:22 cwd=/home/account 2 args: exim --version Configuration file is /etc/exim.conf 

The relevant transport from my exim.conf:

dovecot_virtual_delivery:   driver = lmtp   socket = /var/run/dovecot/lmtp   batch_max = 200   rcpt_include_affixes   delivery_date_add   envelope_to_add   return_path_add   headers_add = "X-TESTVAR: $  {env{TESTVAR}{$  value}{The TESTVAR environment variable was not found}}" 

The commands I executed to send the email:

account@example.com [~]# export TESTVAR=hello account@example.com [~]# echo $  TESTVAR hello account@example.com [~]# exim -t to:me@example.com Hi there, this email should have a header named "X-TESTVAR" and it should have a value of "hello". account@example.com [~]#  

The resulting email:

Return-Path: <account@host.example.com> Delivered-To: me@example.com Received: from host.example.com     by host.example.com with LMTP id IH+3MCUQg1waLwAAx771+g     for <me@example.com>; Fri, 08 Mar 2019 19:00:21 -0600 Return-path: <account@host.example.com> Envelope-to: me@example.com Delivery-date: Fri, 08 Mar 2019 19:00:21 -0600 Received: from account by host.example.com with local (Exim 4.91)     (envelope-from <account@host.example.com>)     id 1h2QLV-0004Mo-Ee     for me@example.com; Fri, 08 Mar 2019 19:00:21 -0600 to:me@example.com Message-Id: <E1h2QLV-0004Mo-Ee@host.example.com> From: account@host.example.com Date: Fri, 08 Mar 2019 19:00:20 -0600 X-TESTVAR: The TESTVAR environment variable was not found  Hi there, this email should have a header named "X-TESTVAR" and it should have a value of "hello". 

Как настроить доступ в php.ini для exim из пакета vesta через ssh

Я на облачный сервер установил Vesta, по умолчанию там был php 5, я отдельно установил php 7.3 и появилась проблема, не работает функция mail(), вернее она работает, но письма не доходят. Мне кажется это из-за того, что в файле конфигурации php.ini стоит путь sendmail_path = /usr/sbin/sendmail -t -i Я никак не пойму, как в этой переменной прописать путь к exim?