Tag Archives: mail

Clear exim queue

The queue can be viewed with mailq, which is the same as exim -bp.
You can view individual messages using exim -Mvc <message-id>. Once you’re done, run

exim -bp | grep -Eo "[[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2}" | xargs exim -Mrm

Advertisements

Exim: force retrying delivery of mail in local spool

My mail got stuck in the spool a few days ago due to misconfiguration of ~/.forward. After fixing the file, the commands to force retry of delivery are:

cd /var/spool/exim/msglog
exim -M *

or

exim -qf

Provided, of course, your shell is smart enough to do * expansion properly.

Exim 4.69 (or 4.71) ACL for SpamAssassin

I was having trouble with Exim not adding headers to SpamAssassin-checked emails. One day, when I should have really been doing something else, I read Chapter 40 of Exim’s specification, and all became clear.

Here’s what my appropriate ACL (in /etc/mail/exim.conf) looks now, almost completely by-the-book:

acl_check_data:
  
  # ...
  # malware section
  # ...
  
  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You may also need to set the spamd_address  
  # option above.
  
  # spams are never big and spamassassin can die on big emails, so we  
  # limit its use under 100kb  
  accept  condition = ${if >={$message_size}{100k}{yes}{no}}

  # put headers in all messages (no matter if spam or not)
  warn  spam = spamd:true
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        add_header = X-Spam-Report: $spam_report
  
  # add second subject line with *SPAM* marker when message
  # is over threshold
  warn  spam = spamd
        add_header = Subject: *SPAM* $h_Subject:

  # reject spam at high scores (> 20)
  deny  message = This message scored $spam_score spam points.
        spam = spamd:true
        condition = ${if >{$spam_score_int}{200}{1}{0}}

  # Accept the message.
  accept

Kiddies playing

Here’s what exim caught:

> 2009-09-15 23:59:31 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="GET http://www.scanproxy.com:80/p-25.html
+HTTP/1.0\r\nContent-Type: text/html\r\nProxy-Connection: keep-alive\r\nHost: http://www.scanproxy.com\r\nAccept:
+image/gif,"
> 2009-09-15 23:59:32 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="0401"
> 2009-09-15 23:59:33 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="0501"

220.139.127.112 is Chunghwa Telecom Co., Ltd. in Taiwan.

SpamAssassin and Exim on Arch Linux: some config trouble

I had this happen – SA wasn’t reading user_prefs out of a proper home dir:

[12071] info: spamd: creating default_prefs: //.spamassassin/user_prefs
[12071] dbg: config: using "/.spamassassin" for user state dir
[12071] dbg: config: mkdir /.spamassassin failed: mkdir /.spamassassin: Permission denied at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 1577
[12071] dbg: config: Permission denied
[12071] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory
[12071] info: spamd: failed to create readable default_prefs: //.spamassassin/user_prefs
[12071] dbg: config: read_scoreonly_config: cannot open "//.spamassassin/user_prefs": No such file or directory

I thought this was due to the way spamassassin was invoked, so I tried specifying the user and homedir explicitly. It didn’t work. I tried creating a ‘spamd’ user, a homedir, changing the invocation to that:

sudo spamd -c --max-children 3 --username spamd -H "/var/lib/spamassassin/" -s stderr -D

Didn’t help.

Then I RTFMed some. That reminded me of writing something about user ‘nobody’ in exim.conf. That’s the user for which spam filtering is invoked; so if you allow per-user configuration, it doesn’t really matter that you specify “/var/lib/spamassassin” as a homedir, that’s just for the parent spamd process. For every child, the directory will be changed; for ‘nobody’ it’s ‘/’.

So I changed that line to have ‘spamd’ instead, and voila!

[12071] info: spamd: creating default_prefs: /var/lib/spamassassin/.spamassassin/user_prefs
[12071] dbg: config: using "/var/lib/spamassassin/.spamassassin" for user state dir
[12071] warn: config: created user preferences file: /var/lib/spamassassin/.spamassassin/user_prefs
[12071] dbg: conf: finish parsing

Configuring Exim to use SpamAssassin in ArchLinux

There’s a lot of outdated stuff floating on the internets. This one was most useful to me.

Basically, if you install Exim and SA from pacman, you’ve already got everything enabled. Filtering spam is done via an Access Control List (the last one in exim.conf). Don’t bother with transports unless you’re sure you want them.

Add spamd to daemons in rc.conf. If you want reject logging, append

-s /var/log/spamd.log -D check

to the string in /etc/config.d/spamd.

Multiple root mail redirect

Tip: you can have multiple aliases in /mail/aliases for root:

root: jack,joe

Don’t forget to run newaliases.

Trouble retrieving mail from remote host

I couldn’t retrieve mail (with fetchmail) to exim. The two errors were:

1) Upon telnet localhost 25:
451Temporarily unavailable - please try again later
(As always, I forgot to save the exact messagei.)

This is what appeared in /var/log/exim/mainlog:

2008-12-22 17:57:17 temporarily refused connection from [127.0.0.1] (tcp wrappers errno=10)

2) When trying fetchmail -v, the connection to the server was made, but then message couldn’t be delivered to localhost:

fetchmail: SMTP connection to localhost failed (or something like that)

I tried everything, and later found out my hosts.allow was empty!

Put this in:

ALL: LOCAL 127.0.0.1

Read man, modify.

Setting up Freemail with postfix and fetchmail

This was done on FreeBSD, bud should work elsewhere.

1. Freemail server.

First off, get Freemail and do what the manual tells you to do:

freemail% java -jar freemail.jar --newaccount thedude
freemail% java -jar freemail.jar --passwd thedude lebowski
freemail% java -jar freemail.jar --shortaddress thedude dude

Then, if your Freemail server is on a separate machine, edit the globalconfig file and change the IPs your server maps to.

I advise you start Freemail in foreground, this way you’ll have the error output right in front of you all the time:

freemail% java -jar Freemail.jar

2. Postfix.

Go to your postfix server’s /usr/local/etc/postfix/. If you’ve used it before, you should already have

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = !plain, static:rest
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

in main.cf. If not, add it and restart the postfix daemons.

Then, edit your transport file. This will relay all mail ending in .freemail to the appropriate server.

# relay freemail to headcleaner
.freemail smtp:[headcleaner.death.cd]:3025

Note there are no tabs here. Don’t know if they’re allowed. I hope they are.

Rebuild your transport.db database with

postfix% sudo postmap ./transport

Add your password to sasl_passwd:

[headcleaner.death.cd]:3025 thedude:lebowski

Note the port number is there, too!

And rebuild sasl_passwd.db:

postfix% sudo postmap ./sasl_passwd

3. fetchmail.

Now, this part isn’t really good yet, since I haven’t figured out how to fetch mail from IMAP as if it were POP. The idea here is to retrieve all mail and flush it from the server.

Ayway, edit your ~/.fetchmailrc:

poll headcleaner with proto IMAP port 3143
user 'thedude' there with password 'lebowski' is dude here

Now if you issue

~% fetchmail -v headcleaner

you’ll see your messages there.

I’ll finish with proper configuring instructions later.

Sources: A useful article on testing SMTP ovet telnet.

Also, this discussion was useful.

Thunderbird->mutt, sendmail->postfix (FreeBSD)

So, decided to make a switch.

As always, refer to the Handbook first. Here’s an excerpt from one of the pages:

FreeBSD ships with sendmail by default, responsible for receiving incoming mail as well as delivering outgoing mail. It is not responsible for the collection of mail using protocols such as POP or IMAP to read your email, nor does it allow connecting to local mbox or Maildir mailboxes.

So, I installed fetchmail (handbook section). That covers mail collection.

What about sending?

Well, it worked pretty well with sendmail, until I wanted SSL-encrypted connections to the POP3 server, so that the password wasn’t sent in plain text. (At least that’s what I think all the fuss is about. Do correct me if I’m wrong in my ignorance.)

Turned out SSL wasn’t compiled in.

I could do that, and probably should have, but at that point I read some discussions about sendmail’s insecurities, and decided I should switch to postfix.

Anyway, this whole thing ended up real bollockey. Postfix had trouble reading my self-signed certificate, not sure what was the cause.

Here’s some valuable links I came accross:

The directory for certificates is (I think) /usr/local/share/certs/.