AlexFeoEkb
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору ldap_default_servers = ads.account.domain.ru LDAP_AD_BINDDN = "cn=usr,cn=users,dc=account,dc=domain,dc=ru" LDAP_AD_PASS = pswd LDAP_AD_BASE_DN = "dc=account,dc=domain,dc=ru" LDAP_AD_MAIL_RCPT = user=LDAP_AD_BINDDN passLDAP_AD_PASS \ ldap://dc=account,dc=domain,dc=ru(&(objectClass=person)(mail=${quote_ldap:${local_part}@${domain}})) ####################################################### # MAIN CONFIGURATION SETTINGS # ###################################################### primary_hostname = mail.domain.ru domainlist local_domains = @ : localhost : localhost.localdomain : domain.ru domainlist relay_to_domains = hostlist relay_from_hosts = 127.0.0.1 : localhost acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mime = acl_check_mime daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 qualify_domain = domain.ru qualify_recipient = mail.domain.ru allow_domain_literals = false never_users = root rfc1413_query_timeout = 5s ignore_bounce_errors_after = 45m timeout_frozen_after = 3d auth_advertise_hosts = * helo_accept_junk_hosts = 192.168.12.0/24 auto_thaw = 15m message_size_limit = 40M helo_allow_chars = _ smtp_enforce_sync = true syslog_timestamp = no split_spool_directory = true remote_max_parallel = 15 smtp_accept_max = 60 system_filter = /etc/exim/forward.conf ################################################## # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ##################################################### begin acl acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ require verify = sender deny senders = /etc/exim/deny_senders message = "You don't access to send email." deny senders = /etc/exim/local_senders domains = !+local_domains message = "You allow to send email only to local_domain." accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission require message = relay not permitted domains = +local_domains ########################################################################## accept condition = ${lookup{$sender_host_address}iplsearch{/etc/exim/friendly_hosts_ip}{yes}{no}} domains = +local_domains accept condition = ${lookup{$sender_host_name}wildlsearch{/etc/exim/whitelist_sender_hosts}{yes}{no}} domains = +local_domains accept condition = ${lookup{$sender_address}wildlsearch{/etc/exim/whitelist_senders}{yes}{no}} domains = +local_domains ########################################################################## drop message = Bad HELO: I am the localhost! condition = ${if eq{localhost}{$sender_helo_name}} drop message = Bad HELO: Host impersonating [$sender_helo_name] condition = ${if match{$sender_helo_name}{$primary_hostname}{yes}{no}} drop message = Bad HELO: Host impersonating [$sender_helo_name] condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}} drop message = Bad HELO: empty. Required by RFC. condition = ${if eq {$sender_helo_name}{}{yes}{no}} drop condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}} message = "550 - Main IP in your HELO! Access denied! Email for contact to us: administrator@domain.ru." drop condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}} message = "550 - Can not be only number in HELO! Email for contact to us: administrator@domain.ru." drop message = "550 - Your helo is bad (adsl,pool,ppp & etc). Email for contact to us: administrator@domain.ru." condition = ${if match{$sender_helo_name} \ {astral|bbtec|broadband|cable|chello|client|cable|comcast|dsl|dslam|dial|dialin|dynamic|dynip|home|host-|hsd|hlfx|kabel|node|pool|peer|ppp|ipconnect|res|static|dhcp}{yes}{no}} deny message = "550 - Access denied - pleace, contact with postmaster!" condition = ${if match{$sender_helo_name}{\N((?>\w+[\-]){3,})\N}{yes}{no}} ########################################################################## warn condition = ${if eq{$sender_address}{}{yes}{no}} message = "550 - You HELO is empty! Access denied!" deny message = "550 - Broken Reverse DNS: no host name for sender IP address $sender_host_address." !verify = reverse_host_lookup deny message = "550 - Access denied - pleace, contact with postmaster!" condition = ${if match{$sender_host_name}{\N((?>\w+[\-]){3,})\N}{yes}{no}} deny message = "550 - Access denied - pleace, contact with postmaster! Email for contact to us: administrator@domain.ru." condition = ${if match{$sender_host_name}{\N((?>\w+[\.|\-]){5,})\N}{yes}{no}} deny message = "550 - Your hostname is bad (adsl,pool,ppp & etc). Email for contact to us: administrator@domain.ru." condition = ${if match{$sender_host_name} \ {astral|bbtec|broadband|cable|chello|client|cable|comcast|dsl|dslam|dial|dialin|dyn|dynamic|dynip|home|host-|hsd|hlfx|kabel|node|pool|peer|ppp|ipconnect|res|static|dhcp}{yes}{no}} deny message = "550 - sender IP address $sender_host_address is locally blacklisted here. Email for contact to us: administrator@domain.ru." hosts = net-iplsearch;/etc/exim/blacklist_ip deny message = "550 - sender domain address $sender_host_address is locally blacklisted here. Email for contact to us: administrator@domain.ru." hosts = wildlsearch;/etc/exim/blacklist_domains deny message = "Sender rate SMTP overlimit - $sender_rate / $sender_rate_period. Email for contact to us: administrator@domain.ru." ratelimit = 100 / 1h / strict warn hosts = +relay_from_hosts hosts = net-lsearch;/etc/exim/friendly_hosts_ip hosts = wildlsearch;/etc/exim/whitelist_sender_hosts senders = wildlsearch;/etc/exim/whitelist_senders set acl_m0 = 0s require verify = recipient # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. accept # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. # Some suggested ways of configuring these tests are shown below, commented # out. Without any tests, this ACL accepts all messages. If you want to use # such tests, you must ensure that Exim is compiled with the content-scanning # extension (WITH_CONTENT_SCAN=yes in Local/Makefile). acl_check_data: accept acl_check_mime: # File extension filtering. deny message = Blacklisted file extension detected condition = ${if match \ {${lc:$mime_filename}} \ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ {1}{0}} accept ##################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ################################################## begin routers dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect check_local_user file = $home/.forward allow_filter no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply virtualuserforward: driver = redirect condition = ${lookup{$local_part}lsearch{/etc/dovecot.passwd}} file = /etc/exim/forward/$local_part no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply procmail: driver = accept check_local_user require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail transport = procmail no_verify virtual_users: driver = accept condition = ${lookup{$local_part}lsearch{/etc/dovecot.passwd}} transport = dovecot_virtual_delivery cannot_route_message = Unknown user ldap_check: driver = accept domains = +local_domains verify_recipient condition = ${lookup ldapm{user=LDAP_AD_BINDDN pass=LDAP_AD_PASS ldap:///dc=account,dc=domain,dc=ru?sAMAccountName?sub?(&(mail=${local_part}@${domain}))}{$value}} transport = ldap_delivery cannot_route_message = Unknown user ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### begin transports remote_smtp: driver = smtp procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" return_path_add delivery_date_add envelope_to_add user = $local_part initgroups return_output local_delivery: driver = appendfile maildir_format create_directory directory = /var/spool/mail/$domain/$local_part quota = 60M maildir_tag = ,S=$message_size quota_size_regex = ,S=(\d+) delivery_date_add envelope_to_add return_path_add group = mail directory_mode = 770 mode = 0660 dovecot_delivery: driver = pipe command = /usr/libexec/dovecot/deliver message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add ##group = dovecot ##user = dovecot dovecot_virtual_delivery: driver = pipe command = /usr/libexec/dovecot/deliver -d $local_part -f $sender_address message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add user = vmail ldap_delivery: driver = appendfile directory = /home/vmail/${lookup ldapm{user=LDAP_AD_BINDDN pass=LDAP_AD_PASS ldap:///dc=account,dc=domain,dc=ru?sAMAccountName?sub?(&(mail=${local_part}@${domain}))}{$value}}/Maildir/new user = vmail group = vmail delivery_date_add envelope_to_add return_path_add address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply ################################################### # RETRY CONFIGURATION # ################################################### begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,6h ######################################################### # AUTHENTICATION CONFIGURATION # ######################################################### begin authenticators dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 dovecot_login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 # End of Exim configuration file |