Discussion:
SMTP error: 550 Administrative prohibition
Haines Brown
2007-12-25 00:01:12 UTC
Permalink
I've lost e-mail, and so in desperation turn to news groups.

In trying to configure my exim4 to use spamassassin, I apparently messed
up the confituration somehow. At first, all downloaded messages were
deleted as spam, and as I fiddled, fetchmail could not download messages
because the mail server did not like the information it received (SMTP
error: 550 Administrative prohibition), and now fetchmail does not even
see any messages.

I'm running debian etch. Doing # exim4 -d did not reveal anything
meaninfful to me. When all mail was rejected as spam, my exim4 reject
log had entries, but now no more.

Here is my exim4 configuration:

# It sounds like I should change it to true to get exim4 to use
# sa-exim:
local_scan_path='true'

# 2007april: I reduced dc_other_hostnames to just my FQDN
# I changed dc_local_interfaces='' to
# dc_local_interfaces='127.0.0.1'
dc_eximconfig_configtype='smarthost'
dc_other_hostnames='hartford-hwp.com'
dc_local_interfaces='127.0.0.1'
dc_readhost='hartford-hwp.com'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''

# 2007oct27: Web.com servers went SSL, and so I had to change smtp server
# name to first line, which is a link. Link could be broken, so change to
# hanme of link target. I tried but failed to revert from target to link.
# dc_smarthost='smtp.hartford-hwp.com'
dc_smarthost='mymail.myregisteredsite.com'

I'm not sure where to start.
--
Haines Brown, KB1GRM
Uwe Dippel
2007-12-25 03:11:25 UTC
Permalink
Post by Haines Brown
I've lost e-mail, and so in desperation turn to news groups.
In trying to configure my exim4 to use spamassassin, I apparently messed
up the confituration somehow. At first, all downloaded messages were
deleted as spam, and as I fiddled, fetchmail could not download messages
because the mail server did not like the information it received (SMTP
error: 550 Administrative prohibition), and now fetchmail does not even
see any messages.
This isn't all too helpful, I know. Exim in Debian is a political
decision; due to licensing. The first thing I always do to any Debian-box
is installing Postfix.
Not that I had anything against Exim, only at installing Debian, it would
offer several alternatives of configuring Exim that I, as a professional,
couldn't understand. That's useless software for you. My 2 sen.
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Haines Brown
2007-12-25 12:50:01 UTC
Permalink
Post by Uwe Dippel
Post by Haines Brown
I've lost e-mail, and so in desperation turn to news groups.
In trying to configure my exim4 to use spamassassin, I apparently messed
up the confituration somehow. At first, all downloaded messages were
deleted as spam, and as I fiddled, fetchmail could not download messages
because the mail server did not like the information it received (SMTP
error: 550 Administrative prohibition), and now fetchmail does not even
see any messages.
This isn't all too helpful, I know. Exim in Debian is a political
decision; due to licensing. The first thing I always do to any Debian-box
is installing Postfix.
Not that I had anything against Exim, only at installing Debian, it would
offer several alternatives of configuring Exim that I, as a professional,
couldn't understand. That's useless software for you. My 2 sen.
Thanks, Uwe. In fact, I used to run postfix, but when things got too
complicated for me in trying to reject spam, I retreated to exim4 on the
assumption it would work out of the box. I may well go back to postfix,
but right now need to communicate with the world.

There seems to be a problem getting my fetchmail requests being
authenticated at the mail server. Here's what fetchmail tells me:
...
fetchmail: Issuer Organization: Courier Mail Server
fetchmail: Issuer CommonName: localhost
fetchmail: Server CommonName: localhost
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
fetchmail: pop.hartford-hwp.com key fingerprint:
44:B3:8D:19:D1:83:C1:06:95:CB:22:69:73:CE:08:61
fetchmail: Server certificate verification error: self signed certificate
...

I assume this "Courier Mail Server" MTA is running on the mail server,
but it sends a set of error messages that sounds like it thinks I'm
running SSL, which I'm not. I don't know if fetchmail is telling me that
pop.hartford-hwp.com is not what it is looking for or if what it is
getting is not pop.hartford-hwp.com.

Also, while my hostname is "teufel", when I check for aliases:

$ hostname -a
teufel

I get only the hostname. Shouldn't it be something like:
localhost.localdoman teufel.hartford-hwp.com

My /etc/hosts has:

127.0.0.1 localhost.localdomain localhost
192.168.1.1 teufel.hartford-hwp.com teufel

I've not touched anything but exim4 and sa-exim.
--
Haines Brown, KB1GRM
John Hasler
2007-12-25 13:23:59 UTC
Permalink
Exim in Debian is a political decision; due to licensing.
Not true.
--
John Hasler
Uwe Dippel
2007-12-25 14:10:14 UTC
Permalink
Post by John Hasler
Exim in Debian is a political decision; due to licensing.
Not true.
Maybe what I wrote is not true, but when you search the archives,
the discussion has never ceased, from 1999 onwards. One term
you'll find is that postfix was not "DFSG-free". (DFSG=Debian Free
Software Guidelines.)

Uwe
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
John Hasler
2007-12-25 16:27:39 UTC
Permalink
Exim in Debian is a political decision; due to licensing.
Not true.
Maybe what I wrote is not true, but when you search the archives, the
discussion has never ceased, from 1999 onwards. One term you'll find is
that postfix was not "DFSG-free". (DFSG=Debian Free Software Guidelines.)
Postfix is in Debian/main. The license is clearly DFSG-free. Otherwise
Postfix would not be in Debian. And yes, of course the license was
discussed. New ones always are.
--
John Hasler
Uwe Dippel
2007-12-25 13:31:11 UTC
Permalink
Post by Haines Brown
There seems to be a problem getting my fetchmail requests being
...
fetchmail: Issuer Organization: Courier Mail Server
fetchmail: Issuer CommonName: localhost
fetchmail: Server CommonName: localhost
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
44:B3:8D:19:D1:83:C1:06:95:CB:22:69:73:CE:08:61
fetchmail: Server certificate verification error: self signed certificate
Okay, but this has nothing to do with Exim. Fetchmail doesn't touch it
here. You'd better off with a fetchmail/courier mailing list, eventually,
respectively Google.
I tried for you, "fetchmail: Server CommonName mismatch: localhost" and
got some promising results, like
http://www.dovecot.org/list/dovecot/2006-June/014043.html

I guess,
ping teufel
will show a proper resolution by your /etc/hosts.

Uwe
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Haines Brown
2007-12-25 18:37:59 UTC
Permalink
Post by Uwe Dippel
Post by Haines Brown
There seems to be a problem getting my fetchmail requests being
...
fetchmail: Issuer Organization: Courier Mail Server
fetchmail: Issuer CommonName: localhost
fetchmail: Server CommonName: localhost
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
44:B3:8D:19:D1:83:C1:06:95:CB:22:69:73:CE:08:61
fetchmail: Server certificate verification error: self signed certificate
Okay, but this has nothing to do with Exim. Fetchmail doesn't touch it
here.
I understand, and that's why I didn't understand what was going on, for
I did nothing to fetchmail. I inferred that fetchmail was sending the
mail server data that it didn't like.
Post by Uwe Dippel
I tried for you, "fetchmail: Server CommonName mismatch: localhost" and
got some promising results, like
http://www.dovecot.org/list/dovecot/2006-June/014043.html
I had looked at that site, but clearly it had to do with SSL, which I'm
not using.
Post by Uwe Dippel
I guess,
ping teufel
will show a proper resolution by your /etc/hosts.
Ping teufel does not run. I seem to have some problem with hostname
aliases:

$ hostname
teufel

$ hostname -a
teufel

I assume the response with the -a option would include
***@localdomain, etc., for:

127.0.0.1 localhost.localdomain localhost
192.168.1.1 teufel.hartford-hwp.com teufel

My my assumption correct, my mail server does not like the way I
identify myself, which apparently sa-exim or exim reconfigure somehow
changed.
--
Haines Brown, KB1GRM
Uwe Dippel
2007-12-26 00:17:10 UTC
Permalink
Post by Haines Brown
$ hostname
teufel
$ hostname -a
teufel
Here I have:
$ hostname
wira
$ hostname -a
wira
and fetchmail runs pretty well, including SSL.

Why would the whole fingerprint come up if you didn't use SSL ?
Have you tried telnet, then ? Does it work ?
Can you show your .fetchmailrc ?

Uwe
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Haines Brown
2007-12-26 10:34:02 UTC
Permalink
Uwe,

I find that if I revert to exim4 monolithic configuration, my e-mail
works, and so I've obviously done something to the split configuration
file. I'm subscribing to pkg-exim4-users and will try to resolve the
issue there.

Thanks.
--
Haines Brown, KB1GRM
Joey Hess
2007-12-26 16:28:59 UTC
Permalink
Post by Uwe Dippel
This isn't all too helpful, I know. Exim in Debian is a political
decision; due to licensing. The first thing I always do to any Debian-box
is installing Postfix.
Um, what? Postfix is DFSG free and included in Debian main.
--
see shy jo
Loading...