[volunteers] Renewal reminder mails from joker.com

Rick Moen rick at linuxmafia.com
Mon Aug 1 18:08:25 PDT 2016


Marc, can you spot what ACL needs tweaking?  Thanks for any help.


svlug.org was due to expire on Aug. 6th.  As mentioned, I was on the
ball and renewed it.  Joker.com's renewal reminders were supposed to go to
'president at svlug.org', which resolves locally to this mailing list.  We
didn't get them.


NOTE:  Never rely on reminder e-mails.  As if that weren't obvious.


On lists.svlug.org, in the chroot, in /var/log/exim4/rejectlog, one
sees:

2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58759 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58761 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required

Earlier, in rejectlog.6.gz, we see:

2016-07-27 03:50:40 H=mailout1.joker.csl.de [194.245.148.146]:36968 I=[71.19.144.13]:25 F=<donotreplyerrp-president=svlug.org at bounce.joker.com> rejected RCPT <president at svlug.org>: authentication required


mainlog has:


2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58759 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58761 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required


Can be verified manually:


[rick at linuxmafia] 
~ $ telnet lists.svlug.org 25
Trying 71.19.144.13...
Connected to lists.svlug.org.
Escape character is '^]'.
220 mail.svlug.org ESMTP Exim 4.44 #1 Mon, 01 Aug 2016 17:43:51 -0700 - mm9
HELO joker.com
250 mail.svlug.org Hello linuxmafia.com [198.144.195.186]
MAIL FROM: <joker-bounce at joker.com>
250 OK
RCPT TO: <president at svlug.org>
550 authentication required
quit
221 mail.svlug.org closing connection
Connection closed by foreign host.
[rick at linuxmafia]
~ $ 


The 'authentication required' SMTP 550 refusal is somewhat generic.  The
receiving MTA is basically just saying it doesn't like the claimed
sender and isn't really saying why.


As a scattershot (because I haven't taken the time to dig deeper), I've
tried adding the sending MTA's IP or hostname (as appropriate) to a
bunch of the Exim ACL files in /etc/exim4/acls, but made no improvement.
(I just backed out those additions, as they didn't help.)


The check in question appears to be:

lists:/etc/exim4/acls# cd ..
lists:/etc/exim4# grep -r 'authentication required' *
conf.d/acl/29_check_rcpt_end:          message	= authentication required
lists:/etc/exim4# 


That rules file contains:

  # Accept if the address is in a local domain, but only if the recipient can
  # be verified. Otherwise deny. The "endpass" line is the border between
  # passing on to the next ACL statement (if tests above it fail) or denying
  # access (if tests below it fail).
  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient

  # Accept if the address is in a domain for which we are relaying, but again,
  # only if the recipient can be verified (this saves your secondary
  # MXes from accepting mail that they then can't send to your primary
  # MX)
  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient/callout=30s/callout_defer_ok

  # If control reaches this point, the domain is neither in +local_domains
  # nor in +relay_to_domains.

  # Accept if the message comes from one of the hosts for which we are an
  # outgoing relay. Recipient verification is omitted here, because in many
  # cases the clients are dumb MUAs that don't cope well with SMTP error
  # responses. If you are actually relaying out from MTAs, you should probably
  # add recipient verification here.
  accept  hosts         = +localadds:+relay_from_hosts
          verify        = recipient


  accept  hosts         = +auth_relay_hosts
          endpass
          message       = authentication required
          authenticated = *

  warn    message       = X-Broken-Reverse-DNS: no host name found for IP addres
s $sender_host_address
         !verify        = reverse_host_lookup


  # Reaching the end of the ACL causes a "deny", but we might as well give
  # an explicit message.
  deny    message       = relay not permitted
          delay         = TEERGRUBE



More information about the volunteers mailing list