Spamhaus rejection for inbound messages

Community Support Mail
41

What a mess.

cat /etc/hosts
dig micro365vn.com mx
cat /etc/exim4/update-exim4.conf.conf
ls -l /etc/exim4/domains/

Also:

v-rebuild-user admin yes
v-rebuild-mail-domains admin
v-rebuild-web-domains admin yes

And check if you see the files and dirs on file manager.

42

Here is the result, bro

root@vn1:~# cat /etc/hosts
127.0.0.1       localhost
127.0.0.1 ***.***vm.com

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
root@vn1:~# dig micro365vn.com mx

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> micro365vn.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42745
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;micro365vn.com.                        IN      MX

;; ANSWER SECTION:
micro365vn.com.         300     IN      MX      10 mail.micro365vn.com.

;; Query time: 52 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sat Sep 14 21:18:04 +07 2024
;; MSG SIZE  rcvd: 64

root@vn1:~# cat /etc/exim4/update-exim4.conf.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='local'
dc_other_hostnames='***.***vm.com'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
root@vn1:~# ls -l /etc/exim4/domains/
total 0
lrwxrwxrwx 1 root root 31 Aug 26 18:00 ********.com -> /home/admin/conf/mail/********.com
lrwxrwxrwx 1 root root 36 Sep 12 10:45 micro365vn.com -> /home/admin/conf/mail/micro365vn.com
lrwxrwxrwx 1 root root 38 Aug 26 18:00 ********.com -> /home/admin/conf/mail/********.com
lrwxrwxrwx 1 root root 34 Aug 30 15:10 ********.vn -> /home/admin/conf/mail/********.vn

Voila, the F.M is working correctly again

43

For some reason, exim thinks micro365vn.com is a remote domain instead of a local domain

grep 'local_domains =' /etc/exim4/exim4.conf.template
ls -la /etc/exim4/domains/micro365vn.com/
1 Like
44

This is the result of these commands, bro

root@vn1:~# grep 'local_domains =' /etc/exim4/exim4.conf.template
domainlist local_domains = dsearch;/etc/exim4/domains/
root@vn1:~# ls -la /etc/exim4/domains/micro365vn.com/
total 56
drwxrwx--x 3 Debian-exim mail  4096 Sep 14 21:19 .
drwxr-x--x 6 admin       admin 4096 Sep 12 10:45 ..
-rw-rw---- 1 Debian-exim mail    37 Sep 14 21:19 accounts
-rw-rw---- 1 Debian-exim mail     0 Sep 14 21:19 aliases
-rw-rw---- 1 Debian-exim mail     0 Sep 14 21:19 antispam
-rw-rw---- 1 Debian-exim mail     0 Sep 14 21:19 antivirus
-rw-r----- 1 root        admin  210 Sep 14 21:19 apache2.conf
-rw-r----- 1 root        admin  371 Sep 14 21:19 apache2.ssl.conf
-rw-rw---- 1 Debian-exim mail   916 Sep 14 21:19 dkim.pem
-rw-rw---- 1 Debian-exim mail     0 Sep 14 21:19 fwd_only
-rw-rw---- 1 Debian-exim mail    16 Sep 14 21:19 ip
-rw-rw---- 1 Debian-exim mail    26 Sep 14 21:19 limits
-rw-r----- 1 root        admin  521 Sep 14 21:19 nginx.conf
-rw-rw---- 1 Debian-exim mail   159 Sep 12 10:54 nginx.conf_letsencrypt
-rw-r--r-- 1 root        root    45 Sep 14 21:19 nginx.forcessl.conf
-rw-r----- 1 root        admin  843 Sep 14 21:19 nginx.ssl.conf
lrwxrwxrwx 1 Debian-exim mail    59 Sep 12 10:54 nginx.ssl.conf_letsencrypt -> /home/admin/conf/mail/micro365vn.com/nginx.conf_letsencrypt
-rw-rw---- 1 dovecot     mail   136 Sep 14 21:19 passwd
drwxr-x--- 2 Debian-exim mail  4096 Sep 14 21:19 ssl
45

I’ve realized that you used the commands I posted in this way:

command1 && command2 && command3

So if a command fails, the others won’t be executed. Execute them one by one or separate them with ; instead of &&

2 Likes
46

I have just re-run all your chown & chmod commands then I run v-rebuild commands but the last line shows DNS_SERVER is not enable

root@vn1:~# chmod 771 /home/admin/conf/mail/micro365vn.com ; chmod 660 /home/admin/conf/mail/micro365vn.com/* ; chown -R Debian-exim:mail /home/admin/conf/mail/micro365vn.com ; chown -R dovecot:mail /home/admin/conf/mail/micro365vn.com/passwd ; chown Debian-exim:mail /home/admin/conf/mail/micro365vn.com/accounts ; chmod 770 /home/admin/mail/micro365vn.com ; chown -R admin:mail /home/admin/mail/micro365vn.com
root@vn1:~# chmod a+x /home/admin ; chown admin:admin /home/admin ; chmod a+x /home/admin/conf ; chown root:root /home/admin/conf ; chmod 751 /home/admin/conf/web ; chmod 751 /home/admin/web ; chmod 771 /home/admin/tmp ; chown --no-dereference root:admin /home/admin/web ; chmod 771 /home/admin/conf/dns ; chown bind:bind /home/admin/conf/dns ; chmod 751 /home/admin/mail ; chmod 751 /home/admin/conf/mail ; chmod 751 "/home/admin/web/micro365vn.com" ; chown --no-dereference admin:admin /home/admin/web/micro365vn.com ; chown -R admin:admin /home/admin/web/micro365vn.com/document_errors ; chmod 551 /home/admin/web/micro365vn.com ; chmod 551 /home/admin/web/micro365vn.com/stats ; chmod 751 /home/admin/web/micro365vn.com/private ; chown --no-dereference admin:www-data /home/admin/web/micro365vn.com/public_*html ; chmod 640 /home/admin/conf/dns/micro365vn.com.db ; chown root:bind /home/admin/conf/dns/micro365vn.com.db ; chown bind:bind /home/admin/conf/dns/micro365vn.com.db ; chmod 771 /home/admin/conf/mail/micro365vn.com ; chmod 660 /home/admin/conf/mail/micro365vn.com/* ; chmod 770 /home/admin/mail/micro365vn.com ; chown -R Debian-exim:mail /home/admin/conf/mail/micro365vn.com ; chown -R dovecot:mail /home/admin/conf/mail/micro365vn.com/passwd ; chown Debian-exim:mail /home/admin/conf/mail/micro365vn.com/accounts ; chown admin:mail /home/admin/mail/micro365vn.com
chmod: changing permissions of '/home/admin/conf': Operation not permitted
chown: changing ownership of '/home/admin/conf': Operation not permitted
chmod: cannot access '/home/admin/conf/dns': No such file or directory
chown: invalid user: ‘bind:bind’
chmod: cannot access '/home/admin/conf/dns/micro365vn.com.db': No such file or directory
chown: invalid group: ‘root:bind’
chown: invalid user: ‘bind:bind’
root@vn1:~# v-rebuild-user admin yes ; v-rebuild-mail-domains admin ; v-rebuild-web-domains admin yes
root@vn1:~# v-rebuild-all admin
Error: DNS_SYSTEM is not enabled
47

That’s ok.

ls -la /home/admin/conf/
systemctl restart exim4
tail /var/log/exim4/paniclog
48

Wait…
I just recognize that I didn’t install Bind9 & Named while deploying HestiaCP.
Is it a hinder of surmounting this trouble ?

49

Here is the result of these commands (there is no log for micro365vn.com)

root@vn1:~# ls -la /home/admin/conf/
total 16
drwxr-xr-x   4 root  root  4096 Aug 18 12:37 .
drwxr-xr-x+ 13 root  root  4096 Sep 12 13:00 ..
drwxr-x--x   6 admin admin 4096 Sep 12 10:45 mail
drwxr-x--x   7 admin admin 4096 Sep 12 10:52 web
root@vn1:~# systemctl restart exim4
root@vn1:~# tail /var/log/exim4/paniclog
2024-09-14 22:14:39 1sp51H-000NKm-0o Tainted filename '/etc/exim4/domains/********.vn/ip'
2024-09-14 22:14:39 1sp51H-000NKm-0o == noreply@********.vn R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/********.vn/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:14:39 1sp4hO-000NHQ-37 Tainted filename '/etc/exim4/domains/********.com/ip'
2024-09-14 22:14:39 1sp4hO-000NHQ-37 == noreply@********.vn R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/********.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:14:39 1sojma-0006bG-26 Tainted filename '/etc/exim4/domains/********.vn/ip'
2024-09-14 22:14:39 1sojma-0006bG-26 == noreply@********.vn R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/********.vn/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:14:39 1soiEI-0003nA-2M Tainted filename '/etc/exim4/domains/********.com/ip'
2024-09-14 22:14:39 1soiEI-0003nA-2M == noreply@********.vn R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/********.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:14:40 1sotRg-000EE7-0Y Tainted filename '/etc/exim4/domains/********.com/ip'
2024-09-14 22:14:40 1sotRg-000EE7-0Y == noreply@********.vn R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/********.com/ip: Permission denied (euid=104 egid=112)
50

You don’t need it.

lsattr -d /home/admin/conf/
lsattr /home/admin/conf/
grep micro365vn /var/log/exim4/paniclog
51

The rule is 32,000 characters limit so I eliminate the log of 12/09 & 13/09

root@vn1:~# lsattr -d /home/admin/conf/
----i---------e------- /home/admin/conf/
root@vn1:~# lsattr /home/admin/conf/
--------------e------- /home/admin/conf/web
--------------e------- /home/admin/conf/mail
root@vn1:~# grep micro365vn /var/log/exim4/paniclog
2024-09-14 00:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 00:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 00:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 00:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 01:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 01:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 01:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 01:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 02:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 02:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 02:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 02:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 03:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 03:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 03:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 03:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 04:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 04:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 04:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 04:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 05:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 05:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 05:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 05:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 06:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 06:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 06:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 06:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 07:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 07:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 07:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 07:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 08:00:08 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 08:00:08 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 08:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 08:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 09:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 09:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 09:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 09:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 10:00:15 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 10:00:15 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 10:25:55 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 10:25:55 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 11:00:16 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 11:00:16 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 11:25:54 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 11:25:54 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 11:55:55 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 11:55:55 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 12:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 12:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 12:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 12:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 13:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 13:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 13:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 13:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 14:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 14:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 14:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 14:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 15:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 15:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 15:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 15:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 16:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 16:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 16:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 16:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 17:00:32 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 17:00:32 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 17:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 17:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 18:00:06 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 18:00:06 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 18:30:06 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 18:30:06 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 19:00:08 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 19:00:08 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 19:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 19:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 20:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 20:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 20:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 20:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 21:00:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 21:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 21:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 21:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:00:06 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 22:00:06 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-14 22:14:39 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-14 22:14:39 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
52 
chattr -i /home/admin/conf/
chown root:root /home/admin/conf
chown root:root /home/admin/conf/mail
chown root:root /home/admin/conf/web
chattr +i /home/admin/conf/
53

I am done now
What I need to you next, bro

54

So, no errors?

systemctl restart exim4
date && grep micro365vn /var/log/exim4/paniclog | tail -n5
55

yeah I run it without any issue

root@vn1:~# systemctl restart exim4
root@vn1:~# date && grep micro365vn /var/log/exim4/paniclog | tail -n5
Sun Sep 15 02:50:39 PM +07 2024
2024-09-15 14:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-15 14:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-15 14:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-15 14:50:29 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-15 14:50:29 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
56

yeah I run it without any issue

root@vn1:~# systemctl restart exim4
root@vn1:~# date && grep micro365vn /var/log/exim4/paniclog | tail -n5
Sun Sep 15 02:50:39 PM +07 2024
2024-09-15 14:00:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-15 14:30:07 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-15 14:30:07 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
2024-09-15 14:50:29 1sobd6-000HZt-15 Tainted filename '/etc/exim4/domains/micro365vn.com/ip'
2024-09-15 14:50:29 1sobd6-000HZt-15 == [email protected] R=dnslookup T=remote_smtp defer (-1): failed to expand "interface" option for remote_smtp transport: failed to open /etc/exim4/domains/micro365vn.com/ip: Permission denied (euid=104 egid=112)
57

I don’t know the reason exim thinks the file is tainted, show again the output of these commands:

cat -A /etc/exim4/domains/micro365vn.com/ip
namei -mo /etc/exim4/domains/micro365vn.com/ip
ip a
1 Like
58

check this, bro :smiley:

root@vn1:~# cat -A /etc/exim4/domains/micro365vn.com/ip
103.188.***.***$
root@vn1:~# namei -mo /etc/exim4/domains/micro365vn.com/ip
f: /etc/exim4/domains/micro365vn.com/ip
 drwxr-xr-x root        root /
 drwxr-xr-x root        root etc
 drwxr-xr-x root        root exim4
 drwxr-xr-x root        root domains
 lrwxrwxrwx root        root micro365vn.com -> /home/admin/conf/mail/micro365vn.com
   drwxr-xr-x root        root /
   drwxr-xr-x root        root home
   drwxr-xr-x root        root admin
   drwxr-xr-x root        root conf
   drwxr-x--x root        root mail
   drwxrwx--x Debian-exim mail micro365vn.com
 -rw-rw---- Debian-exim mail ip
root@vn1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:3e:**:**:** brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
    inet 103.188.***.***/23 brd 103.188.***.*** scope global eth0
       valid_lft forever preferred_lft forever
    inet6 ****::****:****:****:5740/64 scope link 
       valid_lft forever preferred_lft forever
59

The perms are ok now and if the ip that you see in cat and ip a commands is the same, I don’t know what’s going on :frowning:

60

tainted files are caused by the incorrect exim config.

What is the exim version?