Exim cheatsheet: Difference between revisions
No edit summary |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Exim]] | |||
=Fragen und Antworten= | =Fragen und Antworten= | ||
Line 78: | Line 79: | ||
===Ratelimit für einen User zurücksetzen | ==Display configured tls settings== | ||
===gnutls=== | |||
<syntaxhighlight lang=bash> | |||
$ gnutls-cli --list CIPHER --priority "$(exim -bP tls_require_ciphers | awk '{print $NF}')" | |||
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256 | |||
TLS_ECDHE_RSA_AES_256_CBC_SHA384 0xc0, 0x28 TLS1.2 | |||
TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.2 | |||
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2 | |||
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2 | |||
TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2 | |||
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2 | |||
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 0xc0, 0x23 TLS1.2 | |||
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2 | |||
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2 | |||
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2 | |||
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2 | |||
TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2 | |||
TLS_DHE_DSS_AES_256_GCM_SHA384 0x00, 0xa3 TLS1.2 | |||
TLS_DHE_DSS_AES_128_GCM_SHA256 0x00, 0xa2 TLS1.2 | |||
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2 | |||
TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2 | |||
TLS_DHE_RSA_AES_256_GCM_SHA384 0x00, 0x9f TLS1.2 | |||
TLS_DHE_RSA_AES_128_GCM_SHA256 0x00, 0x9e TLS1.2 | |||
TLS_DHE_RSA_CHACHA20_POLY1305 0xcc, 0xaa TLS1.2 | |||
Protocols: VERS-TLS1.2 | |||
Ciphers: AES-256-CBC, AES-128-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305 | |||
MACs: SHA256, SHA384, AEAD | |||
Key Exchange Algorithms: ECDHE-RSA, ECDHE-ECDSA, DHE-DSS, DHE-RSA | |||
Groups: GROUP-SECP256R1, GROUP-SECP384R1 | |||
PK-signatures: SIGN-RSA-SHA256 | |||
</syntaxhighlight> | |||
==Ratelimit für einen User zurücksetzen== | |||
Einträge finden: | Einträge finden: | ||
< | <syntaxhighlight lang=bash> | ||
# exim_dumpdb /var/spool/exim ratelimit | grep | # exim_dumpdb /var/spool/exim ratelimit | grep user | ||
24-Mar-2016 09:51:28.152687 rate: 218.512 key: 1d/per_rcpt/mail_recipients: | 24-Mar-2016 09:51:28.152687 rate: 218.512 key: 1d/per_rcpt/mail_recipients:user@server.de | ||
24-Mar-2016 09:51:28.098825 rate: 25.618 key: 1d/per_rcpt/failed_recipients: | 24-Mar-2016 09:51:28.098825 rate: 25.618 key: 1d/per_rcpt/failed_recipients:user@server.de | ||
</ | </syntaxhighlight> | ||
Einträge löschen: | Einträge löschen: | ||
Dafür nimmt man das etwas struppige Tool <i>exim_fixdb</i>. Man gibt den Key ein, den man aus den Ausgaben vom letzten Befehl hat und wählt damit den entsprechenden Eintrag in der DB aus. Als nächstes kommd dann d, wie Delete, gefolgt von einem Enter. Weg ist der entsprechende Eintrag. | Dafür nimmt man das etwas struppige Tool <i>exim_fixdb</i>. Man gibt den Key ein, den man aus den Ausgaben vom letzten Befehl hat und wählt damit den entsprechenden Eintrag in der DB aus. Als nächstes kommd dann d, wie Delete, gefolgt von einem Enter. Weg ist der entsprechende Eintrag. | ||
< | <syntaxhighlight lang=bash> | ||
# exim_fixdb /var/spool/exim ratelimit | # exim_fixdb /var/spool/exim ratelimit | ||
Modifying Exim hints database /var/spool/exim/db/ratelimit | Modifying Exim hints database /var/spool/exim/db/ratelimit | ||
> 1d/per_rcpt/mail_recipients: | > 1d/per_rcpt/mail_recipients:user@server.de | ||
24-Mar-2016 09:51:28 | 24-Mar-2016 09:51:28 | ||
0 time stamp: 24-Mar-2016 09:51:28 | 0 time stamp: 24-Mar-2016 09:51:28 | ||
Line 99: | Line 134: | ||
> d | > d | ||
deleted | deleted | ||
> 1d/per_rcpt/failed_recipients: | > 1d/per_rcpt/failed_recipients:user@server.de | ||
24-Mar-2016 09:51:28 | 24-Mar-2016 09:51:28 | ||
0 time stamp: 24-Mar-2016 09:51:28 | 0 time stamp: 24-Mar-2016 09:51:28 | ||
Line 107: | Line 142: | ||
deleted | deleted | ||
> ^D | > ^D | ||
</ | </syntaxhighlight> | ||
[[ | |||
==Spam== | |||
<syntaxhighlight lang=bash> | |||
for file in $(ls -1 /var/log/spamassassin/spamd-exim-acl.log* | sort -t'.' -k3n,3n) | |||
do | |||
if [ "$(basename $file .gz)" == "$(basename $file)" ] | |||
then | |||
command="cat" | |||
else | |||
command="gzip -cd" | |||
fi | |||
printf "%16s - %16s : %7s\t%s\n" \ | |||
"$(${command} ${file} | nawk 'NR==1{print $1,$2,$3}')" \ | |||
"$(${command} ${file} | tail -1 | nawk '{print $1,$2,$3}')" \ | |||
"$(${command} ${file} | grep -c 'result: Y')" \ | |||
"$(basename ${file})" | |||
done | |||
</syntaxhighlight> | |||
= Logrotation with datestamped logfiles = | |||
I love my logfiles datestamped: | |||
<syntaxhighlight lang=bash> | |||
# exim -bP log_file_path | |||
log_file_path = /var/log/exim/%slog-%D | |||
</syntaxhighlight> | |||
But the logrotate with this files is a little bit tricky. | |||
I found this as a good way to rotate the logfiles: | |||
== /etc/logrotate.d/exim == | |||
<pre> | |||
/var/log/exim/rotate_this_-_do_not_delete { | |||
daily | |||
rotate 0 | |||
ifempty | |||
create | |||
lastaction | |||
# gzip all files matching the regex that are not from today | |||
/usr/bin/find /var/log/exim -regextype posix-awk -regex '^/.*/((main|reject)log-[0-9]{8}|paniclog)' ! -mtime +0 -exec /usr/bin/gzip -9q {} \; | |||
# delete gzipped files matching the regex that are older than 90 days | |||
/usr/bin/find /var/log/exim -regextype posix-awk -regex '^/.*/((main|reject)log-[0-9]{8}|paniclog)\.gz' -mtime +90 -delete | |||
endscript | |||
} | |||
== touch the dummy rotate file == | |||
This one is needed to trigger the rotation even if it is a dummy. | |||
<syntaxhighlight lang=bash> | |||
# touch /var/log/exim/rotate_this_-_do_not_delete | |||
</syntaxhighlight> | |||
</pre> |
Latest revision as of 17:16, 7 March 2022
Fragen und Antworten
Header einer MailID ansehen
# exim -mvh <msgid>
Statistiken der aktuellen Queue ansehen
# exim -bpu | exiqsum <parameter>
Routing von Mails testen
Kurz und bündig
# exim -bv -v <Mailadresse>
Mit viel Debugging
# exim -bv -d+all <Mailadresse>
Wie stosse ich den Versand aller Mails für eine bestimmte Domain an?
# exim -Rff <Domain>
Wie stosse ich den Versand EINER bestimmten Mail erneut an?
# exim -M <message-id>
Wie ermittle ich, wieviele Mails in der Queue liegen?
# exim -bpc
Wie finde ich eine bestimmte Mail in der Queue?
Dazu kann entweder in den Logfiles gesucht werden
# exigrep <pattern> /var/log/exim/mainlog-jjjjmmdd
oder es kann in der Queue gesucht werden
# exiqgrep -r <pattern>
Besser, als exigrep ist exipick!
Ausgabe aller frozen Mails in der Queue:
# exipick -z
Ausgabe aller Mails an <reciepient> in der Queue:
# exipick -r <reciepient>
Ausgabe aller Mails von <sender> in der Queue:
# exipick -f <sender>
Ausggeben aller Mails, die Lokal abgesandt wurden in der Queue:
# exipick --or '$sender_host_address eq 127.0.0.1' '$received_protocol eq local'
Sogar der Body einer Mail kann durchsucht werden:
# /opt/exim/bin/exipick '$message_body =~ /.*Vjagra.*/'
Oder Ausgabe der sender_host_address für alle Mails die mehr als 40 und weniger als 50 Minuten alt sind und nicht im Status frozen sind:
# exipick --show-vars sender_host_address '$message_age > 40m' '$message_age < 50m' '!$deliver_freeze'
Was tun die Exim-Prozesse?
# exiwhat
Ausgeben von Exim-Parametern
# exim -bP <Parameter>
z.B.:
# exim -bP message_size_limit
Immer gut: queue files ansehen
# find $(exim -bP spool_directory | nawk '{print $NF;}')/input
Display configured tls settings
gnutls
$ gnutls-cli --list CIPHER --priority "$(exim -bP tls_require_ciphers | awk '{print $NF}')"
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA384 0xc0, 0x28 TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 0xc0, 0x23 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2
TLS_DHE_DSS_AES_256_GCM_SHA384 0x00, 0xa3 TLS1.2
TLS_DHE_DSS_AES_128_GCM_SHA256 0x00, 0xa2 TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384 0x00, 0x9f TLS1.2
TLS_DHE_RSA_AES_128_GCM_SHA256 0x00, 0x9e TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305 0xcc, 0xaa TLS1.2
Protocols: VERS-TLS1.2
Ciphers: AES-256-CBC, AES-128-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305
MACs: SHA256, SHA384, AEAD
Key Exchange Algorithms: ECDHE-RSA, ECDHE-ECDSA, DHE-DSS, DHE-RSA
Groups: GROUP-SECP256R1, GROUP-SECP384R1
PK-signatures: SIGN-RSA-SHA256
Ratelimit für einen User zurücksetzen
Einträge finden:
# exim_dumpdb /var/spool/exim ratelimit | grep user
24-Mar-2016 09:51:28.152687 rate: 218.512 key: 1d/per_rcpt/mail_recipients:user@server.de
24-Mar-2016 09:51:28.098825 rate: 25.618 key: 1d/per_rcpt/failed_recipients:user@server.de
Einträge löschen:
Dafür nimmt man das etwas struppige Tool exim_fixdb. Man gibt den Key ein, den man aus den Ausgaben vom letzten Befehl hat und wählt damit den entsprechenden Eintrag in der DB aus. Als nächstes kommd dann d, wie Delete, gefolgt von einem Enter. Weg ist der entsprechende Eintrag.
# exim_fixdb /var/spool/exim ratelimit
Modifying Exim hints database /var/spool/exim/db/ratelimit
> 1d/per_rcpt/mail_recipients:user@server.de
24-Mar-2016 09:51:28
0 time stamp: 24-Mar-2016 09:51:28
1 fract. time: .152687
2 sender rate: 218.512
> d
deleted
> 1d/per_rcpt/failed_recipients:user@server.de
24-Mar-2016 09:51:28
0 time stamp: 24-Mar-2016 09:51:28
1 fract. time: .098825
2 sender rate: 25.618
> d
deleted
> ^D
Spam
for file in $(ls -1 /var/log/spamassassin/spamd-exim-acl.log* | sort -t'.' -k3n,3n)
do
if [ "$(basename $file .gz)" == "$(basename $file)" ]
then
command="cat"
else
command="gzip -cd"
fi
printf "%16s - %16s : %7s\t%s\n" \
"$(${command} ${file} | nawk 'NR==1{print $1,$2,$3}')" \
"$(${command} ${file} | tail -1 | nawk '{print $1,$2,$3}')" \
"$(${command} ${file} | grep -c 'result: Y')" \
"$(basename ${file})"
done
Logrotation with datestamped logfiles
I love my logfiles datestamped:
# exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D
But the logrotate with this files is a little bit tricky. I found this as a good way to rotate the logfiles:
/etc/logrotate.d/exim
/var/log/exim/rotate_this_-_do_not_delete { daily rotate 0 ifempty create lastaction # gzip all files matching the regex that are not from today /usr/bin/find /var/log/exim -regextype posix-awk -regex '^/.*/((main|reject)log-[0-9]{8}|paniclog)' ! -mtime +0 -exec /usr/bin/gzip -9q {} \; # delete gzipped files matching the regex that are older than 90 days /usr/bin/find /var/log/exim -regextype posix-awk -regex '^/.*/((main|reject)log-[0-9]{8}|paniclog)\.gz' -mtime +90 -delete endscript } == touch the dummy rotate file == This one is needed to trigger the rotation even if it is a dummy. <syntaxhighlight lang=bash> # touch /var/log/exim/rotate_this_-_do_not_delete </syntaxhighlight>