SpamBlocker 4.5.0

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,921
Hello,

We're please to announce a new minor version of SpamBlocker 4: Version 4.5.0.

Here's the diff from 4.4.6 to 4.5.0.

The change in minor version was due to the significant adjustment of core code, required to address the SRS issue, where the sender rewrite only happened if both the forwarder and the local mailbox also existed (srs doesn't work with "unseen" routers, so we had to flip the logic to the inverse)
http://forum.directadmin.com/showthread.php?t=53184&p=275890#post275890

Change also includes moving the SSL/TLS settings into the exim.variables.conf file, which will allow you to set your own ciphers.

Example, create: /etc/exim.variables.conf.custom
with code (as an example):
Code:
tls_require_ciphers=AES128+EECDH:AES128+EDH
followed by
Code:
./build exim_conf
to merge the exim.variables.conf.default and exim.variables.conf.custom into the final exim.variables.conf.
Forum thread:
http://forum.directadmin.com/showthread.php?t=53834

John
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Hello John,

Thank you for your work. Installed, and now testing ;)

@All,

Here are instructions on how to install the new configs:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build eximconf
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
Just tried it out and everything seems to work fine. However when installing I did get this warning;

2016-10-19 15:08:31 Warning: No server certificate defined; TLS connections will fail.
Suggested action: either install a certificate or change tls_advertise_hosts option
Probably a onetime warning message because tls_certificate and tls_privatekey are moved to the variables file and after the automatic restart it works fine. However I am trying to adjust the cipher list but that is not working for me:confused:

Code:
cat /etc/exim.variables.conf.custom | grep "tls_"
tls_require_ciphers=AES128+EECDH:AES128+EDH
And after a ./build rewrite_confs still the old ones:

Code:
cat /etc/exim.variables.conf | grep "tls_"
tls_certificate=/etc/exim.cert
tls_privatekey=/etc/exim.key
tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
//edit

It's not ./build rewrite_confs but ./build exim_conf.
 
Last edited:

websafe

Verified User
Joined
Jun 15, 2010
Messages
80
Location
Opole, PL
Hello,

I tried:

#Mail Settings
exim=no
eximconf=yes
eximconf_release=4.5
blockcracking=no
easy_spam_fighter=no
spamassassin=yes
sa_update=daily
dovecot=yes
dovecot_conf=yes
pigeonhole=yes
but I'm getting:

2016-11-06 17:55:26 Exim configuration error in line 1 of /etc/exim.srs.conf:
main option "srs_config" unknown
 

websafe

Verified User
Joined
Jun 15, 2010
Messages
80
Location
Opole, PL
OK, problem fixed. Changing `exim=no` to `exim=yes` solved this problem. That's somehow strange, because I'm running custombuild2 on a clean server, so exim should be compiled despite `exim=no`, or am I wrong?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
As far as I know after installation of Directadmin you get exim=no options.conf. And custombuild won't compile exim if you have exim=no in the file.
 

websafe

Verified User
Joined
Jun 15, 2010
Messages
80
Location
Opole, PL
As far as I know after installation of Directadmin you get exim=no options.conf. And custombuild won't compile exim if you have exim=no in the file.

Hmm, but how is exim then installed? From packages? I wrote a script that installs everything (deps + DA) on Centos 7 minimal and exim was being installed by custombuild (2.0) even with `exim` set to `no` in options.conf. Just this one issue with `eximconf_release=4.5`.

When I left the default eximconf_release=4.4 everything was fine (despite custombuild was in this case using eximconf 2.1 somehow). By the way - I think that's something what should be fixed, because when:

#Mail Settings
exim=no
eximconf=no
eximconf_release=4.4
(eximconf_release=4.4 is a default comming with custombuild)

custombuild will use eximconf_release 2.1. Not 4.4 as in the default options.conf.
 

websafe

Verified User
Joined
Jun 15, 2010
Messages
80
Location
Opole, PL
And it's me again ;-) Another problem:

2016-11-06 22:09:09 Exim configuration error in line 2 of /etc/exim.dkim.conf:
"dkim_domain" option set for the second time

but:

# grep -R dkim_domain /etc/
/etc/exim.dkim.conf: dkim_domain = $sender_address_domain
returns only one result...


My options.conf:

#Mail Settings
exim=yes
eximconf=yes
eximconf_release=4.5
blockcracking=yes
easy_spam_fighter=yes
spamassassin=yes
sa_update=daily
dovecot=yes
dovecot_conf=yes
pigeonhole=yes

Again - that's a clean installation. Server reinstalled (Centos 7 minimal) and a fresh custombuild 2.0.

And to be sure:

# grep -R dkim /etc
/etc/exim.easy_spam_fighter/check_dkim.conf: add_header = X-DKIM: signer='$dkim_cur_signer' status='$dkim_verify_status' reason='$dkim_verify_reason'
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = invalid
/etc/exim.easy_spam_fighter/check_dkim.conf: log_message = DKIM: Invalid. reason='$dkim_verify_reason'. May be a temporary problem.
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = fail
/etc/exim.easy_spam_fighter/check_dkim.conf: log_message = DKIM: Failed. reason='$dkim_verify_reason'
/etc/exim.easy_spam_fighter/check_dkim.conf: dkim_status = pass
/etc/exim.conf:acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
/etc/exim.conf:acl_check_dkim:
/etc/exim.conf: .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.dkim.conf: dkim_domain = $sender_address_domain
/etc/exim.dkim.conf: dkim_selector = x
/etc/exim.dkim.conf: dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}}
/etc/exim.dkim.conf: dkim_canon = relaxed
/etc/exim.dkim.conf: dkim_strict = 0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/spool/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/lib/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/run/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/var/spool/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/etc/mail/dkim-milter/keys(/.*)? system_u:eek:bject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/opendkim -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/opendmarc -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts.template:/usr/sbin/dkim-filter -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/spool/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/lib/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/run/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/var/spool/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/etc/mail/dkim-milter/keys(/.*)? system_u:eek:bject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/opendkim -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/opendmarc -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/modules/active/file_contexts:/usr/sbin/dkim-filter -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/spool/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/spool/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/mail/dkim-milter/keys(/.*)? system_u:eek:bject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/opendkim -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/opendmarc -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/dkim-filter -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/spool/opendkim(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/lib/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/run/dkim-milter(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/var/spool/opendmarc(/.*)? system_u:eek:bject_r:dkim_milter_data_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/etc/mail/dkim-milter/keys(/.*)? system_u:eek:bject_r:dkim_milter_private_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/opendkim -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/opendmarc -- system_u:eek:bject_r:dkim_milter_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/sbin/dkim-filter -- system_u:eek:bject_r:dkim_milter_exec_t:s0


And I found the problem - somehow `.include_if_exists /etc/exim.dkim.conf` appears twice in /etc/exim.conf:

/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf
/etc/exim.conf:.include_if_exists /etc/exim.dkim.conf

Exactly here:

#COMMENT#61:
remote_smtp:
driver = smtp
.include_if_exists /etc/exim.dkim.conf
headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
.include_if_exists /etc/exim.dkim.conf

BUG? Or me again? ;-)
 
Top