SpamBlocker 4.5.0

DirectAdmin Support · Oct 17, 2016

Hello,

We're please to announce a new minor version of SpamBlocker 4: Version 4.5.0.

Here's the diff from 4.4.6 to 4.5.0.

The change in minor version was due to the significant adjustment of core code, required to address the SRS issue, where the sender rewrite only happened if both the forwarder and the local mailbox also existed (srs doesn't work with "unseen" routers, so we had to flip the logic to the inverse)
http://forum.directadmin.com/showthread.php?t=53184&p=275890#post275890

Change also includes moving the SSL/TLS settings into the exim.variables.conf file, which will allow you to set your own ciphers.

Example, create: /etc/exim.variables.conf.custom
with code (as an example):

Code:

tls_require_ciphers=AES128+EECDH:AES128+EDH

followed by

Code:

./build exim_conf

to merge the exim.variables.conf.default and exim.variables.conf.custom into the final exim.variables.conf.
Forum thread:
http://forum.directadmin.com/showthread.php?t=53834

John

zEitEr · Oct 18, 2016

Hello John,

Thank you for your work. Installed, and now testing

@All,

Here are instructions on how to install the new configs:

Code:

cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build eximconf

Erulezz · Oct 19, 2016

Just tried it out and everything seems to work fine. However when installing I did get this warning;

2016-10-19 15:08:31 Warning: No server certificate defined; TLS connections will fail.
Suggested action: either install a certificate or change tls_advertise_hosts option

Probably a onetime warning message because tls_certificate and tls_privatekey are moved to the variables file and after the automatic restart it works fine. However I am trying to adjust the cipher list but that is not working for me

Code:

cat /etc/exim.variables.conf.custom | grep "tls_"
tls_require_ciphers=AES128+EECDH:AES128+EDH

And after a ./build rewrite_confs still the old ones:

Code:

cat /etc/exim.variables.conf | grep "tls_"
tls_certificate=/etc/exim.cert
tls_privatekey=/etc/exim.key
tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

//edit

It's not ./build rewrite_confs but ./build exim_conf.

DirectAdmin Support · Oct 19, 2016

Thanked, I've edited my post to show

Code:

./build exim_conf

websafe · Nov 6, 2016

Hello,

I tried:

#Mail Settings
exim=no
eximconf=yes
eximconf_release=4.5
blockcracking=no
easy_spam_fighter=no
spamassassin=yes
sa_update=daily
dovecot=yes
dovecot_conf=yes
pigeonhole=yes

but I'm getting:

2016-11-06 17:55:26 Exim configuration error in line 1 of /etc/exim.srs.conf:
main option "srs_config" unknown

zEitEr · Nov 6, 2016

./build exim

It will solve the issue

websafe · Nov 6, 2016

OK, problem fixed. Changing `exim=no` to `exim=yes` solved this problem. That's somehow strange, because I'm running custombuild2 on a clean server, so exim should be compiled despite `exim=no`, or am I wrong?

zEitEr · Nov 6, 2016

As far as I know after installation of Directadmin you get exim=no options.conf. And custombuild won't compile exim if you have exim=no in the file.

websafe · Nov 6, 2016

zEitEr said:
As far as I know after installation of Directadmin you get exim=no options.conf. And custombuild won't compile exim if you have exim=no in the file.

Hmm, but how is exim then installed? From packages? I wrote a script that installs everything (deps + DA) on Centos 7 minimal and exim was being installed by custombuild (2.0) even with `exim` set to `no` in options.conf. Just this one issue with `eximconf_release=4.5`.

When I left the default eximconf_release=4.4 everything was fine (despite custombuild was in this case using eximconf 2.1 somehow). By the way - I think that's something what should be fixed, because when:

#Mail Settings
exim=no
eximconf=no
eximconf_release=4.4

(eximconf_release=4.4 is a default comming with custombuild)

custombuild will use eximconf_release 2.1. Not 4.4 as in the default options.conf.

zEitEr · Nov 6, 2016

The answer is in this script: /usr/local/directadmin/scripts/exim.sh and in da_exim*.rpm (http://files.directadmin.com/services/)

websafe · Nov 6, 2016

OK, now I get it

Thank you.

websafe · Nov 6, 2016

And it's me again ;-) Another problem:

2016-11-06 22:09:09 Exim configuration error in line 2 of /etc/exim.dkim.conf:
"dkim_domain" option set for the second time

but:

# grep -R dkim_domain /etc/
/etc/exim.dkim.conf: dkim_domain = $sender_address_domain

returns only one result...

My options.conf:

#Mail Settings
exim=yes
eximconf=yes
eximconf_release=4.5
blockcracking=yes
easy_spam_fighter=yes
spamassassin=yes
sa_update=daily
dovecot=yes
dovecot_conf=yes
pigeonhole=yes

Again - that's a clean installation. Server reinstalled (Centos 7 minimal) and a fresh custombuild 2.0.

And to be sure:

# grep -R dkim /etc
/etc/exim.easy_spam_fighter/check_dkim.conf: add_header = X-DKIM: signer='$dkim_cur_signer' status='$dkim_verify_status' reason='$dkim_verify_reason'
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = invalid
/etc/exim.easy_spam_fighter/check_dkim.conf: log_message = DKIM: Invalid. reason='$dkim_verify_reason'. May be a temporary problem.
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = fail
/etc/exim.easy_spam_fighter/check_dkim.conf: log_message = DKIM: Failed. reason='$dkim_verify_reason'
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = pass
/etc/exim.conf:acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
/etc/exim.conf:acl_check_dkim:
/etc/exim.conf: .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.dkim.conf: dkim_domain = $sender_address_domain
/etc/exim.dkim.conf: dkim_selector = x
/etc/exim.dkim.conf: dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}}
/etc/exim.dkim.conf: dkim_canon = relaxed
/etc/exim.dkim.conf: dkim_strict = 0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/spool/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/lib/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/spool/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/etc/mail/dkim-milter/keys(/.*)? system_ubject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/opendkim -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/opendmarc -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/dkim-filter -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/spool/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/lib/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/spool/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/etc/mail/dkim-milter/keys(/.*)? system_ubject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/opendkim -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/opendmarc -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/dkim-filter -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/spool/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/spool/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/mail/dkim-milter/keys(/.*)? system_ubject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/opendkim -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/opendmarc -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/dkim-filter -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/spool/opendkim(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/lib/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/dkim-milter(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/spool/opendmarc(/.*)? system_ubject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/etc/mail/dkim-milter/keys(/.*)? system_ubject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/opendkim -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/opendmarc -- system_ubject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/dkim-filter -- system_ubject_r:dkim_milter_exec_t:s0

And I found the problem - somehow `.include_if_exists /etc/exim.dkim.conf` appears twice in /etc/exim.conf:

/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf

Exactly here:

#COMMENT#61:
remote_smtp:
driver = smtp
.include_if_exists /etc/exim.dkim.conf
headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
.include_if_exists /etc/exim.dkim.conf

BUG? Or me again? ;-)

zEitEr · Nov 6, 2016

The original version of exim.conf has the line only once.
http://files.directadmin.com/services/SpamBlocker/

websafe · Nov 7, 2016

zEitEr said:
The original version of exim.conf has the line only once.
http://files.directadmin.com/services/SpamBlocker/

OK, solved, the problem was in my script because when using `eximconf_release=4.5`
step 2. of https://help.directadmin.com/item.php?id=569 is no longer needed,
because `.include_if_exists /etc/exim.dkim.conf` is already there.

SpamBlocker 4.5.0

DirectAdmin Support

Administrator

zEitEr

Super Moderator

Erulezz

Verified User

DirectAdmin Support

Administrator

websafe

Verified User

zEitEr

Super Moderator

websafe

Verified User

zEitEr

Super Moderator

websafe

Verified User

zEitEr

Super Moderator

websafe

Verified User

websafe

Verified User

zEitEr

Super Moderator

websafe

Verified User