Skocz do zawartości
alesniak

Probel ze spamem wychodzącym z mojego serwera

Polecane posty

Witam,

 

Nie jestem adminem, dostałem serwer skonfigurowany przez dostawcę hostingu, ale chyba nie do końca tak jak sie należy.

 

Od kilku dni coś wysyła spam z mojego serwera. Blokuję adresy, z których jest połączenie na firewall'u ale na następny dzień idzie znowu z innych adresów.

 

Oto fragment logów z mainlog'a:

 

2017-01-20 02:41:39 SMTP connection from [198.20.83.172]:54327 I=[ip_mojego_serwera]:25 (TCP/IP connection count = 2)
2017-01-20 02:41:40 198.20.83.172 whitelisted in local domains whitelist
2017-01-20 02:41:42 1cUOCz-0007DA-Nr <= pnjfc@gmail.com H=(server01windows) [198.20.83.172]:54327 I=[ip_mojego_serwera]:25 P=esmtp S=1184 T="Re: Aumente seu P�nis em at�\n 10cm Naturalmente! M�todo Comprovado." from <pnjfc@gmail.com> for karech@uol.com.br karech@uol.com.br criss_sjc@hotmail.com silviapaula7@yahoo.com.br i.abreu@grupofiat.com.br rsfaca@hotmail.com mines_minas@yahoo.com.br edgaroliveira1979@yahoo.com.br helenammpataro@gmail.com nolletas@hotmail.com filipemodelo@hotmail.com
2017-01-20 02:41:42 SMTP connection from (server01windows) [198.20.83.172]:54327 I=[ip_mojego_serwera]:25 closed by QUIT
2017-01-20 02:41:46 SMTP connection from [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 (TCP/IP connection count = 2)
2017-01-20 02:41:46 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <sheilafreire.miranda@hotmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:46 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <sheilafreire.miranda@hotmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:46 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <xer@netwizard.com.br>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:47 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <mercinho_gatinho100@hotmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:48 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <hondex@gmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:49 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <msposito@zipmail.com.br>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2017-01-20 02:41:51 H=(server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 F=<jucci@hotmail.com> rejected RCPT <djdf_ailton@hotmail.com>: REJECTED - Too many failed recipients - count = 6: response to "RCPT TO:<djdf_ailton@hotmail.com>" from mx2.hotmail.com [65.54.188.126] was: 550 Requested action not taken: mailbox unavailable
2017-01-20 02:41:51 SMTP connection from (server01windows) [198.20.83.172]:54400 I=[ip_mojego_serwera]:25 closed by DROP in ACL
Z tego co sprawdziłem to można bez problemu słać maile przez mój serwer przez port 25 bez autoryzacji i chyba taką metodą jestem nękany.
Pytanie w jaki sensowny sposób mogę to załatać. Port 25 nie jest mi potrzebny dla użytkowników bo wszyscy są skonfigurowani na 587.
Konfiguracja systemu:
CentOS 7.0 + Exim 4.87 + csf: v9.29 + DirectAdmin
Będę wdzięczny za sugestie.
pozdr.
AL

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

 

 

2017-01-20 02:41:40 198.20.83.172 whitelisted in local domains whitelist

 

Brak konieczności autoryzacji może powodować to, że adres zdalnego serwera jest na white liście. Poszukaj w jakich okolicznościach tam trafił.

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

 

Brak konieczności autoryzacji może powodować to, że adres zdalnego serwera jest na white liście. Poszukaj w jakich okolicznościach tam trafił.

 

A gdzie szukać pliku z tą whitelistą?

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
Gość cien

Wklej plik konfiguracyjny exim'a, możesz też sprawdzić czy ip nie jest w /etc/virtual/pophosts

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

W pophosts nie ma tych ip.

 

A oto plik konfiguracyjny exim'a

# SpamBlockerTechnology* powered exim.conf, Version 4.4.3
# Dec 5, 2015
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl version 21 or higher
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# http://www.nobaloney.net
# 
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
# 
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
# 
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
# 
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin (http://www.directadmin.com/)
# 
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
# 
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
# 
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
# 
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
# 
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt
# 
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
# 
# The most recent version of this file may always downloaded from the website
# at: http://www.nobaloney.net/downloads/spamblocker
# 
# MODIFICATION INSTRUCTIONS
# 
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
# 
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt

# CONFIGURATION STARTS HERE

#EDIT#1:
# primary_hostname =
smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}

#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
.include_if_exists /etc/exim.clamav.load.conf

#Block Cracking variables
.include_if_exists /etc/exim.blockcracking/variables.conf

#Easy Spam Figher variables
.include_if_exists /etc/exim.easy_spam_fighter/variables.conf

#SRS
.include_if_exists /etc/exim.srs.conf

#EDIT#3:
# qualify_domain =

#EDIT#4:
perl_startup = do '/etc/exim.pl'

#EDIT#5:
system_filter = /etc/system_filter.exim

#EDIT#6:
untrusted_set_sender = *

#EDIT#7:
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465

#EDIT#8:
local_from_check = false

RBL_DNS_LIST=\
       cbl.abuseat.org : \
       bl.spamcop.net : \
       combined.rbl.msrbl.net : \
       b.barracudacentral.org : \
       zen.spamhaus.org : \
       hostkarma.junkemailfilter.com=127.0.0.2

.include /etc/exim.variables.conf
.include /etc/exim.strings.conf
.include_if_exists /etc/exim.strings.conf.custom

#EDIT#10:
helo_allow_chars = _

#EDIT#11:
#log_selector = \
#  +delivery_size \
#  +sender_on_delivery \
#  +received_recipients \
#  +received_sender \
#  +smtp_confirmation \
#  +subject \
#  +smtp_incomplete_transaction \
#  -dnslist_defer \
#  -host_lookup_failed \
#  -queue_run \
#  -rejected_header \
#  -retry_defer \
#  -skip_delivery \
#  +arguments
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

#EDIT#12:
syslog_duplication = false

#EDIT#13:
acl_not_smtp = acl_script
acl_smtp_auth = acl_check_auth
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = ${if ={$interface_port}{587} {accept}{acl_check_mail}}
acl_smtp_rcpt = acl_check_recipient
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_smtp_data = acl_check_message
acl_smtp_mime = acl_check_mime

#EDIT#14:
addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames

#EDIT#15:
#domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains

#EDIT#16:
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts

#EDIT#17:
never_users = root

#EDIT#18:
host_lookup = *

#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s

#EDIT#20:
#exim.variables.conf

#EDIT#21:
#exim.variables.conf

#EDIT#22:
#exim.variables.conf

#EDIT#23:
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *

.include_if_exists /etc/exim.variables.conf.post

##################################################################################
# Access Control Lists
##################################################################################
begin acl


######################################
# ACL CONNECT
######################################
#EDIT#24:
acl_connect:
  warn set acl_m_spam_assassin_has_run = 0
  warn set acl_m_is_whitelisted = 0
  .include_if_exists /etc/exim.easy_spam_fighter/connect.conf
  accept hosts = *


######################################
# ACL CHECK MAIL
######################################
acl_check_mail:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

#EDIT#31:
  accept  sender_domains = +whitelist_domains
          logwrite = $sender_host_address whitelisted in local domains whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts
          logwrite = $sender_host_address whitelisted in local hosts whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts_ip
          logwrite = $sender_host_address whitelisted in local hosts IP whitelist
          set acl_m_is_whitelisted = 1
  # accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders
          logwrite = $sender_host_address whitelisted in local sender whitelist
          set acl_m_is_whitelisted = 1

  .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
  accept


######################################
# ACL CHECK AUTH
######################################
#EDIT#24.5#
acl_check_auth:
  drop  set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
        condition = ${if >{$acl_m_authcount}{2}}
        delay = 10s
        message = ONLY_ONE_AUTH_PER_CONN

  accept


######################################
# ACL CHECK HELO
######################################
#EDIT#25:
acl_check_helo:
  # accept mail originating on this server unconditionally
  accept  hosts = @[] : @
  # deny if the HELO pretends to be this host
    deny message = HELO_HOST_IMPERSANATION
      condition = ${if or { \
                            {eq{$sender_helo_name}{$smtp_active_hostname}} \
                            {eq{$sender_helo_name}{[$interface_address]}} \
                          } {true}{false} }
  # deny if the HELO is an IP address
    deny message = HELO_IS_IP
         condition   = ${if eq{$interface_port}{25}}
         condition   = ${if isip{$sender_helo_name}}
  # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
    deny message = HELO_BLOCKED_FOR_ABUSE
         condition   = ${if eq{$sender_helo_name}{ylmf-pc}}
  # deny if the HELO pretends to be one of the domains hosted on the server
    deny message = HELO_IS_LOCAL_DOMAIN
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts
  accept


######################################
# ACL SCRIPT
######################################
acl_script:
  discard set acl_m_uid = ${perl{find_uid}}
          set acl_m_username = ${perl{get_username}{$acl_m_uid}}
          condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
          condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
          message = USER_TOO_MANY

  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT

  .include_if_exists /etc/exim.blockcracking/script.conf

  accept

  .include_if_exists /etc/exim.blockcracking/script.recipients.conf


######################################
# ACL CHECK RECIPIENT
######################################
#EDIT#26:
acl_check_recipient:
  # block certain well-known exploits, Deny for local domains if
  # local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

  # If you've hit the limit, you can't send anymore. Requires exim.pl 17+
  drop  message = AUTH_TOO_MANY
        condition = ${perl{auth_hit_limit_acl}}
        authenticated = *

  drop  message = MULTIPLE_BOUNCE_RECIPIENTS
        senders = : postmaster@*
        condition = ${if >{$recipients_count}{0}{true}{false}}

  drop  message = TOO_MANY_FAILED_RECIPIENTS
        log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
        condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
        !verify = recipient/callout=2m,defer_ok,use_sender

  drop  message = DOMAIN_SUSPENDED
        domains = +local_domains
        condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_USERNAMES}}
        set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
        set acl_m_username = ${perl{get_username}{$acl_m_uid}}
        condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
        condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

  #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking
  .include_if_exists /etc/exim.blockcracking/auth.conf

  # restrict port 587 to authenticated users only
  # see also daemon_smtp_ports above
  accept  hosts = +auth_relay_hosts
	  condition = ${if eq {$interface_port}{587} {yes}{no}}
	  endpass
	  message = RELAY_NOT_PERMITTED_AUTH
	  authenticated = *
  # Deny all Mailer-Daemon messages not for us:
  deny message = We didn't send the message
       senders = :
       domains = !+relay_domains

  # Deny if the recipient doesn't exist:
    deny message = NO_SUCH_RECIPIENT
         domains = +local_domains
	 !verify = recipient
  # Remaining Mailer-Daemon messages must be for us
    accept senders = :
	   domains = +relay_domains

#EDIT#27:
  # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
    deny message = R1: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
         condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  #  deny message = R2: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  # 3rd deny makes sure the hostname has no double-dots (invalid)
    deny message = R3: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  #  deny message = R4: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition  = ${if match{$sender_helo_name}{\N\.home$\N}}

#EDIT#28:
  # warn domains = +skip_av_domains
  # set acl_m0 = $tod_epoch

#EDIT#29:
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

#EDIT#30:
  accept  hosts = :
          logwrite = Whitelisted as having local origination

#EDIT#32:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
    domains = +use_rbl_domains
    domains = !+skip_rbl_domains
    hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
    senders = +blacklist_senders

#EDIT#33:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       hosts = +bad_sender_hosts

#EDIT#34:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
       hosts = +bad_sender_hosts_ip

#EDIT#35:
  accept domains = +local_domains
         sender_domains = !+blacklist_domains
         hosts = !+bad_sender_hosts
         hosts = !+bad_sender_hosts_ip
         dnslists = list.dnswl.org
         logwrite = $sender_host_address whitelisted in list.dnswl.org

#EDIT#36:
  # accept domains = +local_domains
  #        dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  #        logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com

#EDIT#37:
  # accept  local_parts = whitelist
  #         domains     = example.com

#EDIT#38:
  require verify = sender

#EDIT#39:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       sender_domains = +blacklist_domains

#EDIT#40:
#    deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
#         senders = *@paypal.com
#         condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}

#EDIT#41:
  warn hosts = +skip_rbl_hosts
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
  warn hosts = +skip_rbl_hosts_ip
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
  warn domains = +skip_rbl_domains
       logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
  
  deny message = RBL_BLOCKED_BY_LIST
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       !authenticated = *
       dnslists = RBL_DNS_LIST

  .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf

#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
  # accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
	  message = UNKNOWN_USER
          verify = recipient
#COMMENT#44
  # accept if address is in a domain for which we relay as long as recipient
  # can be verified
  accept  domains = +relay_domains
          endpass
          verify = recipient
#EDIT#45:
  accept  hosts = +relay_hosts
          add_header = X-Relay-Host: $sender_host_address

  accept  hosts = +auth_relay_hosts
          endpass
          message = AUTH_REQUIRED
          authenticated = *

# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  # default at end of acl causes a "deny", but line below will give
  # an explicit error message:
  deny    message = RELAY_NOT_PERMITTED


######################################
# ACL CHECK DKIM
######################################
acl_check_dkim:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
          
  .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
  accept


######################################
# ACL CHECK MESSAGE
######################################
# ACL that is used after the DATA command (ClamAV)
acl_check_message:
	deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok
deny message = This message contains an attachment of a type which we  do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

  .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf

#EDIT#46:
.include_if_exists /etc/exim.clamav.conf

  ## accept without checking if in skip_av_domains
  # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}

  ## deny if email contains malformed MIME header
  # deny message = CLAM_MALFORMED_MIME
  # demime = *
  # condition = ${if >{$demime_errorlevel}{2}{1}{0}}

  ## deny if email containing virus or other harmful content
  # deny message = CLAM_HAS_VIRUS
  # demime = *
  # malware = *
 
  ## deny  if email contains an attachment of type we don't accept.
  # deny message = CLAM_BAD_ATTACHMENT
  # demime = bat:com:pif:prf:scr:vbs:html
 
  ## Accept but put warning into headers if message over 1000k
  # warn message = CLAM_SKIPPED
  # condition = ${if >={$message_size}{1000k} {1}{0}}
 
  # warn message = CLAM_CLEAN

  ## The end of the acl_check_message acl (ClamAV)
  ## Do NOT comment out the line below or all messages will be denied.
  accept


######################################
# ACL that is used for each MIME attachment in the email.
acl_check_mime:

  .include_if_exists /etc/exim.check_mime.conf.custom
  .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf

  accept


##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $1

#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here



##################################################################################
# ROUTERS CONFIGURATION
##################################################################################
begin routers
#EDIT#48:

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# RELATED: http://help.directadmin.com/item.php?id=153
# smart_route:
#   driver = manualroute
#   domains = ! +local_domains
#   ignore_target_hosts = 127.0.0.0/8
#   condition = "${perl{check_limits}}"
#   route_list = !+local_domains HOSTNAME-or-IP#
#   transport = remote_smtp

#COMMENT#49:
#DIRECTORS CONFIGURATION

.include_if_exists /etc/exim.spamassassin.conf

#EDIT#50:
# Spam Assassin
#spamcheck_director removed. Use the exim.spamassassin.conf

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
  # uservacation reply to all except errors, bounces, lists
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = uservacation
  unseen

userautoreply:
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = userautoreply
  unseen

virtual_aliases_nostar:
  driver = redirect
  srs = forward
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  unseen
  #include_domain = true

virtual_user:
  driver = accept
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = dovecot_lmtp_udp

# accept only if local_part is not in the aliases file
# (this implements catch-all)
virtual_aliases:
  driver = redirect
  srs = forward
  allow_defer
  allow_fail
  condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  #include_domain = true

#COMMENT#51:
drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true
  
srs_router:
  driver = redirect
  srs = reverseandforward
  data = ${srs_recipient}

#COMMENT#52:
userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

#COMMENT#53:
##################################################################################
# TRANSPORTS CONFIGURATION
##################################################################################
begin transports

#COMMENT#54:
spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix = 
  message_suffix = 
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail

#COMMENT#55:
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

#COMMENT#56:
local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = /home/$local_part/Maildir/
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

#COMMENT#57:
virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

#EDIT#58:
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {I am on vacation}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#59:
userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {Autoreply Message}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#60:
devnull:
  driver = appendfile
  file = /dev/null

#COMMENT#61:
remote_smtp:
  driver = smtp
  headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
  interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
  helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
.include_if_exists /etc/exim.dkim.conf

#EDIT#62:
address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
.include_if_exists /etc/exim.cagefs.pipe.conf

#COMMENT#63:
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

#COMMENT#64:
address_reply:
  driver = autoreply

dovecot_lmtp_udp:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  #maximum number of deliveries per batch, default 1
  batch_max = 200
  delivery_date_add
  envelope_to_add
  return_path_add
  user = mail

##################################################################################
# RETRY CONFIGURATION
##################################################################################
#EDIT#65:
# Domain               Error       Retries
# ------               -----       -------
begin retry
*                      quota
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Tylko zarejestrowani użytkownicy mogą komentować zawartość tej strony

Utwórz konto

Zarejestruj nowe konto, to proste!

Zarejestruj nowe konto

Zaloguj się

Posiadasz własne konto? Użyj go!

Zaloguj się


×