* Re: [mlmmj] initial setup/exim sender verification
2014-03-09 16:29 [mlmmj] initial setup/exim sender verification David Bremner
@ 2014-03-09 19:21 ` Chris Knadle
2014-03-09 19:51 ` Chris Knadle
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Chris Knadle @ 2014-03-09 19:21 UTC (permalink / raw)
To: mlmmj
On Sunday, March 09, 2014 13:29:07 David Bremner wrote:
> Hi All;
>
> I've just (attempted) to configure 1.2.18.0 (the latest package on
> Debian) with exim. I think I followed
>
> http://mlmmj.org/docs/readme-exim4/
I'm guessing you chose to add both routers and transports, but I can't tell
which of them you're actually using. Did you create a "verp" file for this
mailing list such that you'd be using the verp_router and verp_smtp transport?
I used the same file above (which identical to the file in the Debian package)
but I chose to remove the "-F" from the "mlmmj_transport" section (but that
shouldn't be related to the problem you're having). The configuration worked
fine for me (on Debian Wheezy) and I believe (at least at one time) that I
also tried VERP.
> However, either I made a mistake, or the rest of my configuration
> interacts badly with mlmmj envelope senders. As the following slightly
> log shows, the sender address mlmmj-test+bounces-help@fqdn is
> being rejected as unroutable.
And I'm assuming you have an "mlmmj-test" alias in /etc/aliases that looks
like this?
mlmmj-test: "|/usr/bin/mlmmj-recieve -L /var/spool/mlmmj/mlmmj-test/"
> 2014-03-09 13:05:30 1WMgEE-0005IV-JE <= bremner@tethera.net U=remotemail
> P=local SF5 id\x1394381127.112497.24715.nullmailer@tethera.net 2014-03-09
> 13:05:30 H=localhost (yantan.tethera.net) [127.0.0.1] sender verify fail
> for <mlmmj-test+bounces-help@yantan.tethera.net>: Unrouteable address
> 2014-03-09 13:05:30 H=localhost (yantan.tethera.net) [127.0.0.1]
> F=<mlmmj-test+bounces-help@yantan.tethera.net> rejected RCPT
> <bremner@tethera.net>: Sender verify failed 2014-03-09 13:05:30
> 1WMgEE-0005IV-JE => mlmmj-test <mlmmj-test@lists.tethera.net>
> R=mlmmj_router T=mlmmj_transport
>
> If I try
>
> % /usr/sbin/exim4 -bt mlmmj-test+bounces-help@yantan.tethera.net
>
> I get
>
> R: system_aliases for mlmmj-test@yantan.tethera.net
> mlmmj-test+bounces-help@yantan.tethera.net is undeliverable
>
> I don't think it's a suffix issue, since i get the same results with
> mlmmj-test@yantan.tethera.net
>
> Any clues would be welcome. I guess I could turn off sender
> verification for those *bounces addresses; but I'm not really clear on
> how the listname@hostfqdn (as opposed to listname@listdomain) mail is
> supposed to be routed. Am I supposed to manually add aliases to
> /etc/aliases even if exim routers and transports are defined?
You need just the one alias entry I mentioned above, none others. The others
should be covered by these options in the mlmmj_router:
local_part_suffix = +*
local_part_suffix_optional
However if you understand Exim4 well, you'll notice that the entry in
/etc/aliases isn't actually being used for the routing and the command is
instead being overridden by the "command" entry in the mlmmj_transport
section. This is being done because the instructions for the mlmmj_router
uses the "accept" driver rather than the "redirect" driver and a
"pipe_transport" which is how Exim upstream suggests doing this. [1]
If you want to see an example of what the difference would look like for the
"redirect" router, have a look at Debian #739230 [2] for the lurker package in
which I wrote some README.exim4 instructions.
[1]: http://exim.org/exim-html-4.80/doc/html/spec_html/ch-the_redirect_router.html
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bugs9230
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [mlmmj] initial setup/exim sender verification
2014-03-09 16:29 [mlmmj] initial setup/exim sender verification David Bremner
2014-03-09 19:21 ` Chris Knadle
@ 2014-03-09 19:51 ` Chris Knadle
2014-03-10 2:50 ` David Bremner
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Chris Knadle @ 2014-03-09 19:51 UTC (permalink / raw)
To: mlmmj
On Sunday, March 09, 2014 13:29:07 David Bremner wrote:
[...]
Just noticed this part of your message:
> If I try
>
> % /usr/sbin/exim4 -bt mlmmj-test+bounces-help@yantan.tethera.net
>
> I get
>
> R: system_aliases for mlmmj-test@yantan.tethera.net
> mlmmj-test+bounces-help@yantan.tethera.net is undeliverable
That's the wrong router. I ran into something similar when setting up lurker,
and I ended up needing to do this:
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains : !+lurker_domains
...
you could try the same thing with !+mlmmj_domains and see if it helps.
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [mlmmj] initial setup/exim sender verification
2014-03-09 16:29 [mlmmj] initial setup/exim sender verification David Bremner
2014-03-09 19:21 ` Chris Knadle
2014-03-09 19:51 ` Chris Knadle
@ 2014-03-10 2:50 ` David Bremner
2014-03-10 3:25 ` Chris Knadle
2014-03-10 3:50 ` Chris Knadle
4 siblings, 0 replies; 6+ messages in thread
From: David Bremner @ 2014-03-10 2:50 UTC (permalink / raw)
To: mlmmj
Chris Knadle <Chris.Knadle@coredump.us> writes:
> And I'm assuming you have an "mlmmj-test" alias in /etc/aliases that looks
> like this?
>
> mlmmj-test: "|/usr/bin/mlmmj-recieve -L /var/spool/mlmmj/mlmmj-test/"
It seems that the problem was that the listaddress was set to
point mlmmj-test@yantan.tethera.net and not
mlmmj-test@lists.tethera.net. Once I fixed that, the correct router is
invoked, without needing an alias in /etc/aliases (as far as I
understand, that's the point of defining the router).
I'm not sure how mlmmj-make-ml would know what the list domain is; this
seems to require postprocessing currently.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [mlmmj] initial setup/exim sender verification
2014-03-09 16:29 [mlmmj] initial setup/exim sender verification David Bremner
` (2 preceding siblings ...)
2014-03-10 2:50 ` David Bremner
@ 2014-03-10 3:25 ` Chris Knadle
2014-03-10 3:50 ` Chris Knadle
4 siblings, 0 replies; 6+ messages in thread
From: Chris Knadle @ 2014-03-10 3:25 UTC (permalink / raw)
To: mlmmj
On Sunday, March 09, 2014 23:50:46 David Bremner wrote:
> Chris Knadle <Chris.Knadle@coredump.us> writes:
> > And I'm assuming you have an "mlmmj-test" alias in /etc/aliases that looks
> > like this?
> >
> > mlmmj-test: "|/usr/bin/mlmmj-recieve -L /var/spool/mlmmj/mlmmj-test/"
>
> It seems that the problem was that the listaddress was set to
> point mlmmj-test@yantan.tethera.net and not
> mlmmj-test@lists.tethera.net. Once I fixed that, the correct router is
> invoked, without needing an alias in /etc/aliases (as far as I
> understand, that's the point of defining the router).
Oh. Yeah, you've probably set relay_domains = +mlmmj_domains. This means
that Exim is accepting any mail to lists.tethera.net, /without/ checking the
local_part of destination addresses. That's not exactly a good thing; it can
cause backscatter. All one needs to do is send an email with the sending
email address faked to nonexistent@lists.tethera.net, then the mail will be
accepted based on the domain alone but then bounced back to the false sender.
Instead I've set +mlmmj_domains to the list of local_domains so that the
local_part of the address is always checked. So when I tested and when I
remove the mailing list alias from /etc/aliases, the result is an
"Unroutable address" error, as I think it should.
> I'm not sure how mlmmj-make-ml would know what the list domain is; this
> seems to require postprocessing currently.
AFAIK for MLMMJ the full address of the mailing list is specified in
/var/spool/mlmmj/<list>/control/listaddress. In your case you'll probably
find that /var/spool/mlmmj/mlmmj-test/control/listaddress contains
"mlmmj-test@lists.tethera.net".
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [mlmmj] initial setup/exim sender verification
2014-03-09 16:29 [mlmmj] initial setup/exim sender verification David Bremner
` (3 preceding siblings ...)
2014-03-10 3:25 ` Chris Knadle
@ 2014-03-10 3:50 ` Chris Knadle
4 siblings, 0 replies; 6+ messages in thread
From: Chris Knadle @ 2014-03-10 3:50 UTC (permalink / raw)
To: mlmmj
On Sunday, March 09, 2014 23:25:23 Chris Knadle wrote:
> On Sunday, March 09, 2014 23:50:46 David Bremner wrote:
> > Chris Knadle <Chris.Knadle@coredump.us> writes:
> > > And I'm assuming you have an "mlmmj-test" alias in /etc/aliases that
> > > looks
> > > like this?
> > >
> > > mlmmj-test: "|/usr/bin/mlmmj-recieve -L /var/spool/mlmmj/mlmmj-test/"
> >
> > It seems that the problem was that the listaddress was set to
> > point mlmmj-test@yantan.tethera.net and not
> > mlmmj-test@lists.tethera.net. Once I fixed that, the correct router is
> > invoked, without needing an alias in /etc/aliases (as far as I
> > understand, that's the point of defining the router).
>
> Oh. Yeah, you've probably set relay_domains = +mlmmj_domains. This means
> that Exim is accepting any mail to lists.tethera.net, /without/ checking the
> local_part of destination addresses. That's not exactly a good thing; it
> can cause backscatter. All one needs to do is send an email with the
> sending email address faked to nonexistent@lists.tethera.net, then the mail
> will be accepted based on the domain alone but then bounced back to the
> false sender.
Actually I think the above isn't true; Exim would normally accept the mail,
but due to the routing I believe MLMMJ ends up checking if the address matches
one of the addresses of its mailing lists, and the mail gets rejected
otherwise.
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
^ permalink raw reply [flat|nested] 6+ messages in thread