Exim rejects recipient address on my domain
Solution 1
Dunno excatly yet, but I have the same problem here since about 22hrs ago...
Maybe you should have a look at this http://forums.debian.net/viewtopic.php?f=11&t=58312 and that http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_got_installed_on_my/
Maybe you got rooted?
Solution 2
A very handy trick to see what exim is doing with an email address is to run:
exim -bt [email protected]
If it immediately uses the remote_smtp transport, then you need to tell exim what domains it's responsible for.
Solution 3
Had the same issue. Here's what I did to troubleshoot.
See where it fails by running (change [email protected] to your destination)
exim -bt [email protected]
Check if your hosts are getting resolved properly by running these commands on the terminal.
# the following should show the short 'hostname'
hostname
# following should show the full domain name (without www or subdomains)
hostname --fqdn
# following should show the external IP (not 127.0.0.1)
hostname -i
If all is good, and if the block is still unroutable, force the exim configuration to route it. So edit /etc/exim/exim4.conf.template
file, and find the block within .ifdef DCconfig_internet
. Add this as the first rule. (Change example.com to your domain)
my_domain_routing:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = example.com
transport = remote_smtp
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
Run the routing test again to see if it passes now.
Note about exim4.conf.template
file. This can get regenerated if you run the config utility again. To avoid this, duplicate this change in the /etc/exim/conf.d/routing/
folder as well.
Reference: SMTP unroutable address Understanding exim configuration files https://stackoverflow.com/questions/17351634/unrouteable-address-with-exim4
Solution 4
Looks as though you're using /etc/exim4/exim4.conf.template
as your /etc/exim4/exim4.conf
file, verbatim, which is broken.
You should look at /usr/share/doc/exim4-base/README.Debian.gz
as this is all Debian-specific. Stock Exim from upstream does not have any macro pre-processing or split configurations or the like. Section 2.1.6.1 talks about how you use a single config file, which is what I think you've tried to do.
Try first mv /etc/exim4/exim4.conf /etc/exim4/exim4.conf-old
and then running: update-exim4.conf
. (You could also first check that update-exim4.conf.conf
is up-to-date.).
Ultimately, you'll want exim -bV
to show that the configuration file in use is /var/lib/exim4/config.autogenerated
, which means that the mass of tangled definitions all comes into play.
Related videos on Youtube
Nicolas
Updated on September 17, 2022Comments
-
Nicolas over 1 year
I have a dedicated server (debian) on which I have installed Exim and Dovecot. Everything worked fine until around a month ago. I tried to reinstall and reconfigure exim but I keep having all the incoming emails rejected.
Outlook says:A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected] SMTP error from remote mail server after RCPT TO:: host mail.mydomain.com [94.76.##.##]: 550 relay not permitted
GMAIL:
Delivery to the following recipient failed permanently:
Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).
On the server side, my rejectlog file shows:2011-01-04 17:09:21 H=mail-qw0-f53.google.com [209.85.216.53] F=<####@gmail.com> rejected RCPT : relay not permitted
... and the mainlog file:
2011-01-04 17:00:01 1PaAEr-0007vN-DX <= root@ETC_MAILNAME U=root P=local S=869
2011-01-04 17:00:01 1PaAEr-0007vN-DX ** root@etc_mailname: Unrouteable address
2011-01-04 17:00:01 1PaAEr-0007vY-Kn Error while reading message with no usable sender address (R=1PaAEr-0007vN-DX): at least one malformed recipient address: root@ETC_MAILNAME - malformed address: _MAILNAME may not follow root@ETC
2011-01-04 17:00:01 1PaAEr-0007vN-DX Process failed (1) when writing error message to root@ETC_MAILNAME (frozen)
2011-01-04 17:09:21 no IP address found for host MAIN_RELAY_NETS (during SMTP connection from mail-qw0-f53.google.com [209.85.216.53])
2011-01-04 17:09:21 H=mail-qw0-f53.google.com [209.85.216.53] F=<####@gmail.com> rejected RCPT : relay not permittedthen after the message becomes frozen:
2011-01-04 17:28:44 1PaAEr-0007vN-DX Message is frozen
Thank you for your help, any idea/comment is welcomed as I am really running out of idea to fix this issue,
Nicolas.
Oh and the PHP mail() function does not do anything as well, would it be linked to? I think mail() uses sendmail from my php.ini.-
Aleksandr Levchuk over 13 yearsA recent bug in Exim debian.org/security/2010/dsa-2131 allowed an attacker to open remote a shell anonymously on our server. Exim4 also allowed that shell to execute commands as root! This caused damage. A quick research (security-tracker.debian.org/tracker/source-package/exim4) shows that Exim had 7 arbitrary code execution bugs since 2002. Four (4) of those are doable remotely. After the incident we switched to Postfix (security-tracker.debian.org/tracker/source-package/postfix) - as you can see it also has 7 security bugs, but none are remote, most are DOS related.
-
Nicolas over 13 yearsYeah I saw it, and it was EXACTLY my issue, we switched to Google Apps mail. Thank you for your input.
-
-
Nicolas over 13 yearsHi, the file did not exist but putting mydomain.com in a new file /etc/mailname did not fix the issue -unfortunately-. What I do not understand is I even uninstalled and reinstalled it and nothing's changed. Cheers
-
Nicolas over 13 yearsHi Niall, here's the result of the
exim -bt ######@gmail.com
command:######@gmail.com is undeliverable: Unrouteable address
. Cheers -
Niall Donegan over 13 yearsThen your exim.conf is well and truly screwed in some way. Can you try running "dpkg-reconfigure exim4-config" and see if you can reset the config?
-
Nicolas over 13 yearsHi, I have all the same symptoms! Even the
/etc/init.d/xfs3
, what should I do now? -
Nicolas over 13 yearsInstructions:
rm /dev/null && mknod /dev/null c 1 3 && chmod 666 /dev/null chattr -ai /var/spool/exim4/s* rm -r /var/spool/exim4/{a.conf*,e.conf*,rk*,s*,setuid*} chattr -ai /usr/include/sslv3/{dropbear,mig} rm -r /usr/include/sslv3/ update-rc.d -f xfs3 remove rm /etc/init.d/xfs3 rm /usr/include/mysql/mysql.hh1 chattr -ai /usr/bin/free /bin/kill /usr/bin/pgrep /usr/bin/pkill /usr/bin/pmap /bin/ps /usr/bin/pwdx /usr/bin/skill /usr/bin/slabtop /usr/bin/snice /sbin/sysctl /usr/bin/tload /usr/bin/top /usr/bin/uptime /usr/bin/vmstat /usr/bin/w /usr/bin/watch rm /usr/bin/w aptitude reinstall procps
-
Nicolas over 13 yearsFollowing the instructions pasted above thanks to davemmm on reddit.com/r/netsec/comments/en650/… , I cleaned everything on the server and jsut got rid of exim by using Google Apps SMTP feature instead. Thanks a LOT for that!
-
Lost Carrier over 13 yearsI'm afraid, but following this instructions is just some kind of quick-fix, workaround or something. There may be more rootkits installed. For example: my machine didn't have dorpbear installed, but at least there were a few irc-bots and a "patched" sshd. I cleand what I could find, but to make sure that you have a clean machine you have to set it up from scratch. Well, mine is still online, too. I'm currently thinking of moving to Google and switching off this machine...
-
Nicolas over 13 yearsI've cleaned the ssh connections as well, and I had dropbear installed. Everything exactly like him. As I am not using Exim anymore and I think I've cleaned a lot of things already I'm going to keep my server as it is -plus it's a live server...-. Google Apps is worth the changes.