Bug#598555: exim4: local_sender_blacklist no longer works

Mark Hedges hedges at formdata.biz
Mon Oct 4 22:30:08 UTC 2010 

Thank you so much for your help.  I hope this wasn't just my mistake
deleting something obvious.  But I don't think I did, which makes me
wonder if some upgrade accidentally un-did something.

On Mon, 4 Oct 2010, Marc Haber wrote:

> On Sun, Oct 03, 2010 at 04:14:16PM -0700, Mark Hedges wrote:
> > Then I logged onto that other server (a CentOS server on
> > another network) and tried to send mail to the address on my
> > Lenny server with the problem.  It went through and was not
> > blocked.
>
> Is that other server allowed to relay through your exim?

No.  I don't allow relaying for any server.  Just to make
sure, I cleared all the /etc/exim4/*_whitelist files.  I
have no relay_domains file.  (Is that somewhere else?)  The
local_sender_blacklist file has just this one off-site
address, but it still says Ok to the MAIL FROM: when
telnetting into 25 from the remote server.

> > I also tried telnetting to the debian server port 25
> > from the CentOS server and typing MAIL FROM, but it
> > replied OK for the address that I had put in
> > local_sender_blacklist.
>
> Try the same with exim -d -bh
> <address-of-your-centos-box" on the exim
> box and see whether the (copious) debugging output is of any help.
>

I assume you meant `exim -d -bh 1.2.3.4` and not `exim -d -bh <1.2.3.4"`.
No luck.  I've attached an archive of my (sanitized) config files.


@li16-163:/etc/exim4$ sudo exim -d -bh <1.2.3.4
-bash: 1.2.3.4: No such file or directory
hedges at li16-163:/etc/exim4$ sudo exim -d -bh 1.2.3.4
Exim version 4.69 uid=0 gid=0 pid=19095 D=fbb95cfd
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=19095
  auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
trusted user
admin user
changed uid/gid: privilege not needed
  uid=102 gid=104 pid=19095
  auxiliary group list: 104
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
sender address = root at scriptdolphin.com
sender_fullhost = [1.2.3.4]
sender_rcvhost = [1.2.3.4]

**** SMTP testing session as if from host 1.2.3.4
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
  SMTP connection from [1.2.3.4]
host in host_lookup? yes (matched "*")
looking up host name for 1.2.3.4
DNS lookup of 29.82.151.207.in-addr.arpa (PTR) succeeded
IP address lookup yielded centosserver.mywork.net
gethostbyname2(af=inet6) returned 4 (NO_DATA)
gethostbyname2 looked up these IP addresses:
  name=centosserver.mywork.net address=1.2.3.4
checking addresses for centosserver.mywork.net
  1.2.3.4 OK
sender_fullhost = centosserver.mywork.net [1.2.3.4]
sender_rcvhost = centosserver.mywork.net ([1.2.3.4])
set_process_info: 19095 handling incoming connection from centosserver.mywork.net [1.2.3.4]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 li16-163.members.linode.com ESMTP Exim 4.69 Mon, 04 Oct 2010 15:14:05 -0700
220 li16-163.members.linode.com ESMTP Exim 4.69 Mon, 04 Oct 2010 15:14:05 -0700
smtp_setup_msg entered
EHLO centosserver.mywork.net
SMTP<< EHLO centosserver.mywork.net
sender_fullhost = centosserver.mywork.net [1.2.3.4]
sender_rcvhost = centosserver.mywork.net ([1.2.3.4])
set_process_info: 19095 handling incoming connection from centosserver.mywork.net [1.2.3.4]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? yes (matched "*")
250-li16-163.members.linode.com Hello centosserver.mywork.net [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
SMTP>> 250-li16-163.members.linode.com Hello centosserver.mywork.net [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
MAIL FROM: hedges at the_domain_in_local_sender_blacklist.net
SMTP<< MAIL FROM: hedges at the_domain_in_local_sender_blacklist.net
using ACL "acl_check_mail"
processing "accept"
accept: condition test succeeded
SMTP>> 250 OK
250 OK
QUIT
SMTP<< QUIT
SMTP>> 221 li16-163.members.linode.com closing connection
221 li16-163.members.linode.com closing connection
LOG: smtp_connection MAIN
  SMTP connection from centosserver.mywork.net [1.2.3.4] closed by QUIT
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=19095 terminating with rc=0 >>>>>>>>>>>>>>>>



Looks like here's the problem, in conf.d/acl/30_exim4-config_check_mail:


### acl/30_exim4-config_check_mail
#################################

# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif

  accept



What happened?  Did I delete a file or something?  This used to work.

Thanks for your help.  I don't think I deleted a file... is it possible
an upgrade deleted something?

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exim4_configdir.tar.bz2
Type: application/octet-stream
Size: 29098 bytes
Desc: exim4_configdir.tar.bz2
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20101004/7a7db0a2/attachment-0001.obj>

More information about the Pkg-exim4-maintainers mailing list