Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » FAQ по Exim MTA #2

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR

 Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

Открыть новую тему     Написать ответ в эту тему

Alukardd



Gold Member
Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
exim_path = /usr/sbin/exim4
exim_user = Debian-exim
exim_group = mail
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
CHECK_MAIL_HELO_ISSUED = true
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
CHECK_RCPT_POSTMASTER = true
CHECK_RCPT_VERIFY_SENDER = true
CHECK_RCPT_REVERSE_DNS = true
CHECK_RCPT_IP_DNSBLS = dnsbl.njabl.org : dnsbl.net.au : dul.ru : bl.spamcop.net
CHECK_DATA_VERIFY_HEADER_SENDER = true
CHECK_RCPT_SPF = true
MAIN_TLS_ENABLE = true
GREYLIST_TEST=SELECT concat("id=",id," ts=",(unix_timestamp()-block_expires)) \
        from Greylist \
        where relay_ip='${quote_mysql:$sender_host_address}' and \
        sender='${quote_mysql:$sender_address}' and \
        recipient='${quote_mysql:$local_part}@${quote_mysql:$domain}' limit 1
GREYLIST_ADD=INSERT into Greylist (relay_ip,sender,recipient,\
        block_expires,record_expires,create_time,block_count,ehlo) \
        values \
        ('${quote_mysql:$sender_host_address}',\
        '${quote_mysql:$sender_address}',\
        '${quote_mysql:$local_part}@${quote_mysql:$domain}',\
        unix_timestamp()+5,unix_timestamp()+60*60*24,unix_timestamp(),1,\
        '${quote_mysql:$sender_helo_name}')
GREYLIST_UPD1=UPDATE Greylist set pass_count=pass_count+1,\
        record_expires=unix_timestamp()+60*60*24 where id=$acl_m2
GREYLIST_UPD2=UPDATE Greylist set block_count=block_count+1 where id=$acl_m2
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
UPEX4CmacrosUPEX4C = 1
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains WHERE domain='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1/8
hostlist auth_relay_hosts = *
MAIN_QUALIFY_DOMAIN = company.org
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=maildir_home
.endif
gecos_pattern = ^([^,:]*)
gecos_name = $1
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
av_scanner = clamd:/var/run/clamav/clamd.ctl
spamd_address = 127.0.0.1 783
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
MAIN_HARDCODE_PRIMARY_HOSTNAME = mail.company.org
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
rfc1413_hosts = *
rfc1413_query_timeout = 1s
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 1d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
smtp_banner = $smtp_active_hostname handmade MTA $tod_full
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = ${if eq {$interface_port}{587}{*}{}}
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
                                    {/etc/ssl/certs/ca-certificates.crt}\
                                    {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS =  
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
hide mysql_servers = localhost/exim/sqlmail/MyPaSsWoRd
begin acl
spf_rcpt_acl:
    # Check envelope sender
    warn     set acl_m8  = $sender_address
    deny     !acl        = spf_check      
    warn     message     = Received-SPF: $acl_m8 ($acl_m7)
    accept                                                
spf_from_acl:
    # Check header From:
    warn     set acl_m8  = ${address:$h_from:}
    deny     !acl        = spf_check          
    warn     message     = Received-SPF: $acl_m8 ($acl_m7)
    accept                                                
spf_check:
    warn     set acl_m9  = ${readsocket{/var/run/spfd/spfd.sock}\
                           {ip=$sender_host_address\n\
                           helo=${if def:sender_helo_name\
                           {$sender_helo_name}{NOHELO}}\  
                           \nsender=$acl_m8\n\n}{20s}{\n}{socket failure}}
    # Defer on socket error
    defer    condition   = ${if eq{$acl_m9}{socket failure}{yes}{no}}
             message     = Cannot connect to spfd                    
    # Prepare answer and get results
    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown}}
             set acl_m7  = ${extract{header_comment}{$acl_m9}{$value}{}}
    # Check for fail
    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no}}
             message     = ${extract{smtp_comment}{$acl_m9}{$value}{}}
             log_message = Not authorized by SPF  
             
    # Check for neutral
    accept
acl_local_deny_exceptions:
  accept
    hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
                 {CONFDIR/host_local_deny_exceptions}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
                   {CONFDIR/sender_local_deny_exceptions}\
                   {}}
  accept
    hosts = ${if exists{CONFDIR/local_host_whitelist}\
                 {CONFDIR/local_host_whitelist}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/local_sender_whitelist}\
                   {CONFDIR/local_sender_whitelist}\
                   {}}
  .ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
  .include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
  .endif
   
  .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .endif
acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO/EHLO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif
  deny
    message       = $sender_host_address is not allowed to send mail from $sender_address_domain
    !acl          = spf_rcpt_acl
    hosts         = !+relay_from_hosts
     
  accept
acl_check_rcpt:
  accept
    hosts = :
    deny
      message = Authentication required before MAIL command
         !authenticated = *
         condition = ${if eq {$interface_port}{587}{true}}
  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
  deny
    domains = +local_domains
    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
    message = restricted characters in address
  .endif
   
   
  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
  deny
    domains = !+local_domains
    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
    message = restricted characters in address
  .endif
  accept
    .ifndef CHECK_RCPT_POSTMASTER
    local_parts = postmaster
    .else
    local_parts = CHECK_RCPT_POSTMASTER
    .endif
    domains = +local_domains : +relay_to_domains
  .ifdef CHECK_RCPT_VERIFY_SENDER
  deny
    message = Sender verification failed
    !acl = acl_local_deny_exceptions
    !verify = sender
  .endif
  deny
    !acl = acl_local_deny_exceptions
    senders = ${if exists{CONFDIR/local_sender_callout}\
                         {CONFDIR/local_sender_callout}\
                   {}}
    !verify = sender/callout
  accept
    hosts = +relay_from_hosts
    control = submission/sender_retain
    accept
         authenticated = *
         control = submission/sender_retain
         control = dkim_disable_verify
  require
    message = relay not permitted
    domains = +local_domains : +relay_to_domains
  require
    verify = recipient
  deny
    !acl = acl_local_deny_exceptions
    recipients = ${if exists{CONFDIR/local_rcpt_callout}\
                            {CONFDIR/local_rcpt_callout}\
                      {}}
    !verify = recipient/callout
  deny
    message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_local_deny_exceptions
    senders = ${if exists{CONFDIR/local_sender_blacklist}\
                   {CONFDIR/local_sender_blacklist}\
                   {}}
  deny
    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_local_deny_exceptions
    hosts = ${if exists{CONFDIR/local_host_blacklist}\
                 {CONFDIR/local_host_blacklist}\
                 {}}
  .ifdef CHECK_RCPT_REVERSE_DNS
  deny
    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
    condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
                      {yes}{no}}
  .endif
     
  deny
    senders         = :
    hosts           = ! +relay_from_hosts
    !acl            = spf_from_acl
    message         = Your sender is not permitted (read spf.pobox.com)
  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
              Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
    log_message = SPF check failed.
    !acl = acl_local_deny_exceptions
    condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
                     {no}{${if eq {$runrc}{1}{yes}{no}}}}
    # моя попытка изменить условие
    #condition = ${run{/usr/bin/spfquery --ip ${sender_host_address} --mail-from ${sender_address} --helo ${sender_helo_name}}\
    #                 {no}{${if eq {$runrc}{1}{yes}{no}}}}
  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}
  warn
    message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
                                 {${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}
  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}
  warn
    message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
                                {pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
                                {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}
  .endif
  .ifdef CHECK_RCPT_IP_DNSBLS
  deny
    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    dnslists = CHECK_RCPT_IP_DNSBLS
  .endif
  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
  warn
    message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                    {CONFDIR/local_domain_dnsbl_whitelist}\
                    {}}
    dnslists = CHECK_RCPT_DOMAIN_DNSBLS
  .endif
  .ifdef CHECK_RCPT_LOCAL_ACL_FILE
  .include CHECK_RCPT_LOCAL_ACL_FILE
  .endif
   
   
   
  accept
    domains = +relay_to_domains
    endpass
    verify = recipient
  accept
acl_check_spamsenders:
  accept
    dkim_status = pass
    log_message = Pass throw by DKIM
   
  warn set acl_m1 = ${lookup mysql{GREYLIST_TEST}{$value}{id=-1 ts=0}}
       set acl_m2 = ${extract{id}{$acl_m1}{$value}{unknown}}
       set acl_m3 = ${extract{ts}{$acl_m1}{$value}{unknown}}
  defer   hosts = ! +relay_from_hosts
          condition = ${if < {$acl_m2}{0}{yes}{no}}
          set acl_m4 = ${lookup mysql{GREYLIST_ADD}{$value}{0}}
  defer   hosts = ! +relay_from_hosts
          condition = ${if > {$acl_m2}{0}{yes}{no}}
          condition = ${if < {$acl_m3}{0}{yes}{no}}
          set acl_m4 = ${lookup mysql{GREYLIST_UPD2}{$value}{0}}
  warn    hosts = ! +relay_from_hosts
          set acl_m4 = ${lookup mysql{GREYLIST_UPD1}{$value}{0}}
  accept
acl_check_data:
  deny
    senders = :
    !acl = spf_from_acl
  deny
    message = contains $found_extension file (blacklisted).
    demime  = exe : com : lnk : pif : prf
  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_local_deny_exceptions
    !verify = header_syntax
  .endif
  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_local_deny_exceptions
    !verify = header_sender
  .endif
  deny
    malware = *
    message = This message was detected as possible malware ($malware_name).
   warn
     spam = Debian-exim:true
     message = X-Spam_score: $spam_score\n\
               X-Spam_score_int: $spam_score_int\n\
               X-Spam_bar: $spam_bar\n\
               X-Spam_report: $spam_report
               
   #warn
   #  message = X-Spam_Flag: Yes
   #  condition = ${if >{$spam_score_int}{50}{yes}{no}}
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif
  accept
begin routers
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
  debug_print = "R: domain_literal for $local_part@$domain"
  driver = ipliteral
  domains = ! +local_domains
  transport = remote_smtp
.endif
hubbed_hosts:
  debug_print = "R: hubbed_hosts for $domain"
  driver = manualroute
  domains = "${if exists{CONFDIR/hubbed_hosts}\
                   {partial-lsearch;CONFDIR/hubbed_hosts}\
              fail}"
  same_domain_copy_routing = yes
  route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
  transport = remote_smtp
.ifdef DCconfig_internet
dnslookup_relay_to_domains:
  debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains : +relay_to_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  no_more
dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
            255.255.255.255
  no_more
.endif
.ifdef DCconfig_local
nonlocal:
  debug_print = "R: nonlocal for $local_part@$domain"
  driver = redirect
  domains = ! +local_domains
  allow_fail
  data = :fail: Mailing to remote domains not supported
  no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
  debug_print = "R: smarthost for $local_part@$domain"
  driver = manualroute
  domains = ! +local_domains
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = deauth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}fer
  same_domain_copy_routing = yes
  no_more
.endif
COND_LOCAL_SUBMITTER = "\
               ${if match_ip{$sender_host_address}{:@[]}\
                    {1}{0}\
        }"
real_local:
  debug_print = "R: real_local for $local_part@$domain"
  driver = accept
  domains = +local_domains
  condition = COND_LOCAL_SUBMITTER
  local_part_prefix = real-
  check_local_user
  transport = LOCAL_DELIVERY
system_aliases:
  debug_print = "R: system_aliases for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  allow_fail
  allow_defer
  data = ${lookup mysql{SELECT recipients FROM aliases WHERE local_part='${local_part}' AND domain='${domain}'}}
  .ifdef SYSTEM_ALIASES_USER
  user = SYSTEM_ALIASES_USER
  .endif
  .ifdef SYSTEM_ALIASES_GROUP
  group = SYSTEM_ALIASES_GROUP
  .endif
  .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
  file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
  pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  .endif
   
   
rassylka:
        debug_print = "R: rassylka for $local_part@$domain"
        driver = redirect
        allow_fail
        allow_defer
        senders = ${lookup mysql{SELECT who FROM userforward WHERE local_part='${local_part}' AND domain='${domain}'}}
        data = ${lookup mysql{SELECT recipients FROM userforward WHERE local_part='${local_part}' AND domain='${domain}'}}
        forbid_pipe
        forbid_file
        errors_to = postmaster
         
.ifdef DCconfig_satellite
hub_user:
  debug_print = "R: hub_user for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = ${local_part}@DCreadhost
  check_local_user
hub_user_smarthost:
  debug_print = "R: hub_user_smarthost for $local_part@$domain"
  driver = manualroute
  domains = DCreadhost
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = defer
  same_domain_copy_routing = yes
  check_local_user
.endif
local_delivery_spam_router:
    driver = accept
    domains = +local_domains
    condition = ${if >{$spam_score_int}{75}{yes}{no}}
    transport = local_delivery_spam_transport
    no_more  
userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  check_local_user
  file = $home/.forward
  no_expn
  check_ancestor
  allow_filter = true
  forbid_smtp_code = true
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.
procmail:
  debug_print = "R: procmail for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = procmail_pipe
  require_files = ${local_part}:\
                  ${if exists{/etc/procmailrc}\
                    {/etc/procmailrc}{${home}/.procmailrc}}:\
                  +/usr/bin/procmail
  no_verify
  no_expn
maildrop:
  debug_print = "R: maildrop for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = maildrop_pipe
  require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
  no_verify
  no_expn
.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif
.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif
COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
               ${if and{{! match_ip{$sender_host_address}{:@[]}}\
                        {<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
                    {1}{0}\
        }"
lowuid_aliases:
  debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
  check_local_user
  driver = redirect
  allow_fail
  domains = +local_domains
  condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
  data = ${if exists{/etc/exim4/lowuid-aliases}\
              {${lookup{$local_part}lsearch{/etc/exim4/lowuid-aliases}\
              {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  local_parts = ! root
  transport = dovecot_delivery
mail4root:
  debug_print = "R: mail4root for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = /var/mail/mail
  file_transport = address_file
  local_parts = root
  user = mail
  group = mail
mysqluser:
  debug_print = "R: mysqluser for $local_part@$domain"
  driver = accept
  condition = ${if eq{} {${lookup mysql{SELECT home FROM users WHERE id='${local_part}' AND mbox_host='${domain}' AND active='Y'}}}{no}{yes}}
  transport = dovecot_delivery
   
begin transports
local_delivery_spam_transport:
  debug_print = "R: mysql_transport for $local_part@$domain"
  driver = appendfile
  check_string = ""
  create_directory
  delivery_date_add
  directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir/.Junk") FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}}
  directory_mode = 660
  envelope_to_add
  user = ${lookup mysql{SELECT uid FROM users WHERE id='${local_part}'}}
  group = mail
  maildir_format
  maildir_tag = ,S=$message_size
  message_prefix = ""
  message_suffix = ""
  mode = 0600
  quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
  quota_size_regex = S=(\d+)$
  quota_warn_threshold = 75%
  return_path_add
dovecot_delivery:
  debug_print = "T: dovecot_deliver for $local_part@$domain"
  driver = pipe
  command = /usr/lib/dovecot/deliver -e -k -s -f "$sender_address" -a "$original_local_part@$original_domain"
  use_shell
  environment = USER=$local_part@$domain
  umask = 002
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  log_defer_output
  return_fail_output
  freeze_exec_fail
  temp_errors = 64 : 69 : 70 : 71 : 72 : 73 : 74 : 75 : 78
   
mysql_delivery:
  debug_print = "R: mysql_transport for $local_part@$domain"
  driver = appendfile
  check_string = ""
  create_directory
  delivery_date_add
  directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}}
  directory_mode = 660
  envelope_to_add
  user = ${lookup mysql{SELECT uid FROM users WHERE id='${local_part}'}}
  group = mail
  maildir_format
  maildir_tag = ,S=$message_size
  message_prefix = ""
  message_suffix = ""
  mode = 0600
  quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
  quota_size_regex = S=(\d+)$
  quota_warn_threshold = 75%
  return_path_add
.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
address_file:
  debug_print = "T: address_file for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
address_pipe:
  debug_print = "T: address_pipe for $local_part@$domain"
  driver = pipe
  return_fail_output
address_reply:
  debug_print = "T: autoreply for $local_part@$domain"
  driver = autoreply
mail_spool:
  debug_print = "T: appendfile for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0660
  directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}}
  maildir_format
  mode_fail_narrower = false
maildir_home:
  debug_print = "T: maildir_home for $local_part@$domain"
  driver = appendfile
  .ifdef MAILDIR_HOME_MAILDIR_LOCATION
  directory = MAILDIR_HOME_MAILDIR_LOCATION
  .else
  directory = $home/Maildir
  .endif
  .ifdef MAILDIR_HOME_CREATE_DIRECTORY
  create_directory
  .endif
  .ifdef MAILDIR_HOME_CREATE_FILE
  create_file = MAILDIR_HOME_CREATE_FILE
  .endif
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  .ifdef MAILDIR_HOME_DIRECTORY_MODE
  directory_mode = MAILDIR_HOME_DIRECTORY_MODE
  .else
  directory_mode = 0700
  .endif
  .ifdef MAILDIR_HOME_MODE
  mode = MAILDIR_HOME_MODE
  .else
  mode = 0600
  .endif
  mode_fail_narrower = false
maildrop_pipe:
  debug_print = "T: maildrop_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/maildrop"
  return_path_add
  delivery_date_add
  envelope_to_add
procmail_pipe:
  debug_print = "T: procmail_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/procmail"
  return_path_add
  delivery_date_add
  envelope_to_add
remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
        {\
        ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
        }\
        {} \
      }
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
spamcheck:
    driver = pipe
    command = /usr/sbin/exim4 -oMr spam-scanned -bS
    use_bsmtp = true
    transport_filter = /usr/bin/spamc -u $local_part
    home_directory = "/tmp"
    current_directory = "/tmp"
    user = Debian-exim
    group = mail
    return_fail_output = true
    message_prefix =
    message_suffix =
     
spamassassin:
  driver = pipe
  use_bsmtp = true
  command = /usr/sbin/exim4 -bS -oMr sa-checked
  transport_filter = /usr/bin/spamc -f
  home_directory = "/tmp"
  current_directory = "/tmp"
  user = Debian-exim
  group = mail
  log_output = true
  return_fail_output = true
  return_path_add = false
address_directory:
  debug_print = "T: address_directory for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  check_string = ""
  escape_string = ""
  maildir_format
begin retry
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
.endif
begin authenticators
 plain_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${lookup mysql{SELECT id FROM users \
                         WHERE id = '${quote_mysql:${local_part:$auth2}}' \
                         AND mbox_host = '${quote_mysql:${domain:$auth2}}' \
                         AND password = '${quote_mysql:$auth3}' \
                         AND active = 'Y'}{yes}{no}}"
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif
 login_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition = "${lookup mysql{SELECT id FROM users \
                         WHERE id = '${quote_mysql:${local_part:$auth1}}' \
                         AND mbox_host = '${quote_mysql:${domain:$auth1}}' \
                         AND password = '${quote_mysql:$auth2}' \
                         AND active = 'Y'}{yes}{no}}"
   server_set_id = $auth1
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif
 cram_md5_server:
   driver = cram_md5
   public_name = CRAM-MD5
   server_secret = ${lookup mysql{SELECT password FROM users \
                         WHERE id = '${quote_mysql:${local_part:$auth1}}' \
                         AND mbox_host = '${quote_mysql:${domain:$auth1}}' \
                         AND active = 'Y'}{$value}fail}
   server_set_id = $auth1
cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
PASSWDLINE=${sg{\
                ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
            }\
            {\\N[\\^]\\N}\
            {^^}\
        }
plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if !eq{$tls_cipher}{}\
                    {^${extract{1}{:}{PASSWDLINE}}\
             ^${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}\
           }fail}"
.else
  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
            ^${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.endif
login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq{PASSWDLINE}{}}\
                         }\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.else
  client_send = "<; ${if !eq{PASSWDLINE}{}\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.endif

Всего записей: 6563 | Зарегистр. 28-08-2008 | Отправлено: 02:56 30-07-2011 | Исправлено: Alukardd, 02:57 30-07-2011
Открыть новую тему     Написать ответ в эту тему

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » FAQ по Exim MTA #2


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru