darkomen
Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору ### exim.conf ### ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # serial : 2006052602 MAILNAME = MAINDOMAIN = daemon_smtp_ports = 25 : 465 hide mysql_servers = localhost/exim/ #SMARTHOST_ROUTELIST = CERTNAME = /etc/ssl/certs/ca/mail.crt # Enable teergrubing on acl errors and say how long we delay (unset to disable). TEERGRUBE = 60s timezone = Europe/Moscow ALLOWEDRCPTFAIL = 3 HOSTREJECTRCPT1 = SELECT message FROM blacklists WHERE address='${sender_host_address}' AND type='REJRCPT' RFC1918 = 172.16.0.0/12 : 192.168.0.0/16 BOGUSIPS = 127.0.0.1/8 : 169.254.0.0/16 : 192.0.2.0/24 : RFC1918 NO_RANDOM_CALLBACK = SELECT domain FROM callbackdomains WHERE domain='${domain:$header_from:}' AND type='NORND' HDR_DOMAIN_DISABLE_CALLBACK = SELECT domain FROM callbackdomains WHERE domain='${domain:$header_from:}' AND type='NOHDR' BLOCKENVSEND1 = SELECT message FROM blacklists WHERE address='${sender_address}' AND type='SENDER' addresslist denyenvsenders = mysql;BLOCKENVSEND1 .ifdef MAILNAME primary_hostname = MAILNAME qualify_domain = MAINDOMAIN .else MAILNAME = @ .endif domainlist local_domains = @ : @[] : localhost : MAILNAME : \ ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}} domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND type='RELAY'}} domainlist envdomain_disable_callback = ${lookup mysql{SELECT domain \ FROM callbackdomains WHERE domain='${sender_host_name}' \ AND type='NOENV'}} domainlist domains_callback_norandom = mysql;NO_RANDOM_CALLBACK domainlist nodnsdomains = ${lookup mysql{SELECT domain FROM \ callbackdomains WHERE domain='${sender_host_name}' AND type='NODNS'}} localpartlist noenvfromcheck = ${lookup mysql{SELECT address FROM whitelist}} localpartlist noenvfromcallback = ${lookup mysql{SELECT address FROM whitelist}} localpartlist nosarej = ${lookup mysql{SELECT address FROM whitelist}} localpartlist nohdrsyncheck = ${lookup mysql{SELECT address FROM whitelist}} localpartlist nohdrfromcallback = ${lookup mysql{SELECT address FROM whitelist}} hostlist rfc1918 = RFC1918 hostlist bogusips = BOGUSIPS hostlist localadds = +rfc1918 : @ : @[] : localhost : \ ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}} hostlist host_reject = ${lookup mysql{SELECT address FROM blacklists \ WHERE address='${sender_host_address}' AND type='HOSTREJ'}} hostlist host_reject_rcpt = net-mysql;HOSTREJECTRCPT1 hostlist hosts_disable_callback = ${lookup mysql{SELECT hostname FROM \ hostlists WHERE hostname='${sender_host_address}' AND type='NOCALL'}} hostlist relay_from_hosts = +localadds : ${lookup mysql{SELECT domain \ FROM domains WHERE domain='${domain}' AND type='RELAY'}} hostlist auth_relay_hosts = * .ifdef CERTNAME hostlist auth_over_tls_hosts = * .endif hostlist expn_hosts = *.MAINDOMAIN:localhost hostlist vrfy_hosts = *.MAINDOMAIN:localhost hostlist hosts_avoid_tls = ${lookup mysql{SELECT hostname FROM hostlists \ WHERE hostname='${sender_host_address}' AND type='AVOIDTLS'}} hostlist hosts_try_auth = ${lookup mysql{SELECT hostname FROM hostlists \ WHERE hostname='${sender_host_address}' AND type='TRYAUTH'}} acl_smtp_connect = check_connect acl_smtp_starttls = check_tls acl_smtp_mail = check_mail acl_smtp_rcpt = check_rcpt acl_smtp_mime = check_mime #acl_smtp_data = check_data acl_smtp_auth = check_auth acl_smtp_vrfy = check_vrfy #acl_not_smtp = check_nonsmtp #local_scan_path = /usr/lib/sa-exim.so #av_scanner = clamd:/var/lib/clamav/clamd.socket log_selector = \ +address_rewrite \ +all_parents \ +arguments \ +connection_reject \ +delay_delivery \ +delivery_size \ +dnslist_defer \ +incoming_interface \ +incoming_port \ +lost_incoming_connection \ +queue_run \ +received_sender \ +received_recipients \ +retry_defer \ +sender_on_delivery \ +size_reject \ +skip_delivery \ +smtp_confirmation \ +smtp_connection \ +smtp_protocol_error \ +smtp_syntax_error \ +subject \ +tls_cipher \ +tls_peerdn #system_filter = /etc/exim/system-filter #system_filter_file_transport = address_file #system_filter_pipe_transport = address_pipe .ifdef CERTNAME tls_certificate = CERTNAME tls_privatekey = /etc/ssl/certs/ca/mail.key tls_on_connect_ports = 465 tls_advertise_hosts = ${if exists {CERTNAME}{*}{127.0.0.1/8}} .endif ###############################CLAMAV####################### acl_smtp_data = acl_check_content av_scanner = clamd:/usr/local/clamav/var/tmp/clamd.sock spamd_address = 127.0.0.1 783 ############################################################ allow_domain_literals = false never_users = root host_lookup = * helo_allow_chars = _ trusted_users = mail:www trusted_groups = mail rfc1413_hosts = !* rfc1413_query_timeout = 0s auth_advertise_hosts = !+relay_from_hosts : +auth_relay_hosts helo_verify_hosts = !* helo_try_verify_hosts = !* helo_accept_junk_hosts = !* smtp_accept_max_nonmail_hosts = * ignore_bounce_errors_after = 30m timeout_frozen_after = 3d #gecos_pattern = ^([^,:]*) #gecos_name = $1 freeze_tell = postmaster auto_thaw = 1h message_body_visible = 5000 message_size_limit = 200M smtp_accept_max = 50 smtp_accept_max_per_connection = 50 smtp_accept_queue_per_connection = 100 smtp_connect_backlog = 50 smtp_accept_max_per_host = 25 split_spool_directory = true syslog_timestamp = false message_logs = false remote_max_parallel = 15 smtp_reserve_hosts = +relay_from_hosts smtp_load_reserve = 40 smtp_accept_max_nonmail = 7 smtp_max_unknown_commands = 1 sender_unqualified_hosts = +localadds recipient_unqualified_hosts = +localadds host_reject_connection = +host_reject ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl check_connect: accept .ifdef CERTNAME check_tls: accept .endif check_mail: accept check_rcpt: accept hosts = 192.168.5.108 : accept authenticated = * accept hosts = 127.0.0.1/8 : 192.168.5.204 deny local_parts = ^.*[@%!/|] : ^\\. warn message = X-WhitelistedRCPT-nohdrsyncheck: Yes local_parts = +nohdrsyncheck:postmaster:abuse warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes local_parts = +nohdrfromcallback:postmaster:abuse warn message = X-SA-Do-Not-Rej: Yes local_parts = +nosarej:postmaster:abuse warn message = X-SA-Do-Not-Run: Yes hosts = +relay_from_hosts warn message = X-SA-Do-Not-Run: Yes authenticated = * warn message = X-Broken-Reverse-DNS: no host name for IP address $sender_host_address !verify = reverse_host_lookup accept local_parts = postmaster domains = +local_domains deny message = "HELO/EHLO required by SMTP RFC" condition = ${if eq{$sender_helo_name}{}{yes}{no}} .ifdef TEERGRUBE delay = TEERGRUBE .endif deny message = Forged domain detected in HELO/EHLO - $sender_helo_name condition = ${if and{{match{$sender_helo_name} \ {(example|yahoo|hotmail|compuserve)}} \ {!match{$sender_host_name}{${rxquote:$1}}}}{yes}{no}} .ifdef TEERGRUBE delay = TEERGRUBE .endif deny message = Only one recipient accepted for NULL sender senders = : condition = ${if >{$rcpt_count}{1}{1}} .ifdef TEERGRUBE delay = TEERGRUBE .endif .ifdef TEERGRUBE deny log_message = Teergrube: dictionnary attack (ALLOWEDRCPTFAIL failed probes) message = unknown user condition = ${if >{$rcpt_fail_count}{1} {1}{0}} .else drop log_message = Dictionnary attack ($rcpt_fail_count failed probes). Dropping connection message = unknown user ($rcpt_fail_count failed queries) condition = ${if >{$rcpt_fail_count}{${eval:ALLOWEDRCPTFAIL-2}} {1}{0}} .endif delay = ${eval:30*$rcpt_fail_count}s domains = +local_domains !verify = recipient deny condition = ${if eq{$sender_ident}{CacheFlow Server}{1}{0}} message = Rejected - appears to be an unsecured proxy: $sender_ident deny hosts = +host_reject_rcpt message = Host $sender_host_address is blocked: ${lookup mysql{HOSTREJECTRCPT1}{$value}{"unspecified reason"}} .ifdef TEERGRUBE delay = TEERGRUBE .endif deny senders = +denyenvsenders message = Sender $sender_address is blocked: ${lookup mysql{BLOCKENVSEND1}{$value}{"unspecified reason"}} deny local_parts = !+noenvfromcheck !verify = sender .ifdef TEERGRUBE delay = TEERGRUBE .endif # deny message = $sender_host_address is not allowed to send mail from $sender_address_domain # spf = softfail : neutral # !authenticated = * #.ifdef TEERGRUBE # delay = TEERGRUBE #.endif deny hosts = !+localadds:!+hosts_disable_callback:* sender_domains = !+envdomain_disable_callback:!+domains_callback_norandom:* local_parts = !+noenvfromcallback !verify = sender/callout=90s,random,postmaster # !spf = pass .ifdef TEERGRUBE delay = TEERGRUBE .endif deny hosts = !+localadds:!+hosts_disable_callback:* sender_domains = +domains_callback_norandom local_parts = !+noenvfromcallback !verify = sender/callout=90s,postmaster # !spf = pass .ifdef TEERGRUBE delay = TEERGRUBE .endif # warn message = $spf_received # domains = +local_domains deny message = host is listed in $dnslist_domain log_message = found in $dnslist_domain !authenticated = * dnslists = sbl-xbl.spamhaus.org : relays.ordb.org : \ combined.njabl.org : bl.spamcop.net .ifdef TEERGRUBE delay = TEERGRUBE .endif # deny message = Spam blocked see: \ # http://www.spamcop.net/w3m?action=checkblock&ip=$sender_host_address # log_message = found in $dnslist_domain # !authenticated = * # dnslists = bl.spamcop.net accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains endpass message = unrouteable address verify = recipient/callout=30s/callout_defer_ok accept hosts = +localadds:+relay_from_hosts verify = recipient accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted .ifdef TEERGRUBE delay = TEERGRUBE .endif check_mime: warn decode = default deny message = Blacklisted file extension detected condition = ${if match {${lc:$mime_filename}} \ {\N(\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}} deny message = Sorry, noone speaks Chinese here condition = ${if eq{$mime_charset}{gb2312}{1}{0}} accept check_data: deny !verify = header_syntax !condition = $header_X-WhitelistedRCPT-nohdrsyncheck: .ifdef TEERGRUBE delay = TEERGRUBE .endif accept hosts = : accept hosts = 127.0.0.1/8 deny hosts = !+localadds:!+hosts_disable_callback:* !condition = $header_X-WhitelistedRCPT-nohdrfromcallback: !condition = ${lookup mysql{HDR_DOMAIN_DISABLE_CALLBACK} {yes}{no}} !condition = ${lookup mysql{NO_RANDOM_CALLBACK} {yes}{no}} !verify = header_sender/callout=90s,postmaster,random .ifdef TEERGRUBE delay = TEERGRUBE .endif deny hosts = !+localadds:!+hosts_disable_callback:* !condition = $header_X-WhitelistedRCPT-nohdrfromcallback: !condition = ${lookup mysql{HDR_DOMAIN_DISABLE_CALLBACK} {yes}{no}} condition = ${lookup mysql{NO_RANDOM_CALLBACK} {yes}{no}} !verify = header_sender/callout=90s,postmaster .ifdef TEERGRUBE delay = TEERGRUBE .endif deny message = Serious MIME defect detected ($demime_reason) demime = * condition = ${if >{$demime_errorlevel}{2}{1}{0}} # deny message = This message contains VIRUS ($malware_name) # malware = * accept check_auth: .ifdef CERTNAME accept hosts = +auth_over_tls_hosts endpass message = STARTTLS required before AUTH encrypted = * .endif accept check_expn: accept hosts = +expn_hosts deny message = expn not allowed from this host, sorry .ifdef TEERGRUBE delay = TEERGRUBE .endif check_vrfy: accept hosts = +vrfy_hosts deny message = vrfy not allowed from this host, sorry .ifdef TEERGRUBE delay = TEERGRUBE .endif check_nonsmtp: acl_check_content: accept authenticated = * deny message = Virus found ($malware_name) malware = * !authenticated = * warn message = X-Spam-Score: $spam_score ($spam_bar) hosts = !+relay_from_hosts spam = nobody:true warn message = X-Spam-Report: $spam_report\nX-Spam-Score-Int:$spam_score_int condition = ${if <{$message_size}{200k}{1}{0}} hosts = +relay_from_hosts spam = spamd:true warn message = Subject: ***SPAM*** $h_Subject: hosts = !+relay_from_hosts spam = nobody deny message = This message scored $spam_score spam points. !hosts = +relay_from_hosts condition = ${if >{$spam_score_int}{120}{1}{0}} accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers always_verify: driver = manualroute domains = +nodnsdomains verify_sender verify_only route_list = * .ifdef SMARTHOST_ROUTELIST smarthost: driver = manualroute domains = ! +local_domains route_list = SMARTHOST_ROUTELIST ignore_target_hosts = +bogusips no_verify host_find_failed = defer same_domain_copy_routing = yes transport = remote_smtp .endif dnslookup: driver = dnslookup domains = ! +local_domains ignore_target_hosts = +bogusips same_domain_copy_routing = yes transport = remote_smtp no_more system_aliases: driver = redirect allow_defer allow_fail data = ${lookup mysql{SELECT recipients FROM aliases \ WHERE local_part='${local_part}' AND domain='${domain}'}} domain_forward: driver=redirect allow_fail allow_defer data = ${local_part}@${lookup mysql{SELECT dest FROM rdomain \ WHERE domain = '${domain}'}} condition = ${if eq {${domain}} {ctrv.ru} {yes} {no}} userforward: driver = redirect allow_fail allow_defer data = ${lookup mysql{\ SELECT recipients FROM userforward \ WHERE local_part='${local_part}' AND domain='${domain}' \ UNION SELECT recipients FROM userforward WHERE local_part = '${local_part}' AND domain = '*'\ UNION SELECT recipients FROM userforward WHERE local_part = '*' AND domain = '${domain}'\ UNION SELECT recipients FROM userforward WHERE local_part = '*' AND domain = '*' LIMIT 0 , 1 }} spamd_router: no_verify driver = accept check_local_user condition = ${if and{{def:spam_score_int}{>{$spam_score_int}{55}}}{yes}{no}} transport = spamd_delivery cannot_route_message = Unknown user mysqluser: driver = accept condition = ${if eq{} {${lookup mysql{SELECT home FROM users \ WHERE id='${local_part}' AND mbox_host='${domain}' \ AND active='Y'}}}{no}{yes}} local_part_suffix = +* local_part_suffix_optional transport = mysql_delivery ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports mysql_delivery: driver = appendfile maildir_format create_directory maildir_tag = ,S=$message_size directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users \ WHERE id='${local_part}' AND mbox_host='${domain}'}} return_path_add delivery_date_add envelope_to_add group = mail mode = 0660 no_mode_fail_narrower headers_remove = "Lines" headers_add = "Lines: $body_linecount\n" check_string = "" directory_mode = 700 message_prefix = "" message_suffix = "" quota = ${lookup mysql{SELECT quota FROM users \ WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}} quota_size_regex = S=(\d+)$ quota_warn_threshold = 75% address_pipe: driver = pipe log_defer_output log_fail_output path = "/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin" return_output user = mail group = mail headers_remove = "Lines" headers_add = "Lines: $body_linecount\n" address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add user = mail group = mail address_reply: driver = autoreply spamd_delivery: driver = appendfile check_string = "" create_directory delivery_date_add directory = /mail/vmail/domains/dtb.ru/spam/Maildir directory_mode = 770 envelope_to_add group = mail maildir_format maildir_tag = ,S=$message_size message_prefix = "" message_suffix = "" mode = 0600 return_path_add remote_smtp: driver = smtp dns_qualify_single = false hosts_nopass_tls = * hosts_avoid_tls = +hosts_avoid_tls hosts_try_auth = +hosts_try_auth # headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned:X-SA-Exim-Mail-From:X-SA-Exim-Rcpt-To:X-SA-Exim-Connect-IP" ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # Domain Error Retries # ------ ----- ------- * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### begin rewrite ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### begin authenticators #auth_plain: # driver = plaintext # public_name = PLAIN # server_condition = ${lookup mysql{SELECT id FROM users \ # WHERE id = '${quote_mysql:${local_part:$2}}' \ # AND mbox_host = '${quote_mysql:${domain:$2}}' \ # AND passwd = '${quote_mysql:$3}' \ # AND active = 'Y'}{yes}{no}} # server_prompts = : #server_set_id = $2 # #auth_login: # driver = plaintext # public_name = LOGIN # server_condition = ${lookup mysql{SELECT id FROM users \ # WHERE id = '${quote_mysql:${local_part:$1}}' \ # AND mbox_host = '${quote_mysql:${domain:$1}}' \ # AND passwd = '${quote_mysql:$2}' \ # AND active = 'Y'}{yes}{no}} # server_prompts = Username:: : Password:: #server_set_id = $1 auth_plain: driver = plaintext public_name = PLAIN server_condition = ${if crypteq{$3} \ {${lookup mysql{SELECT crypt FROM users \ WHERE id = '${quote_mysql:${local_part:$2}}' \ AND mbox_host = '${quote_mysql:${domain:$2}}' \ # AND passwd = '${quote_mysql:$3}' \ AND active = 'Y'}{$value}{*}}}{yes}{no}} server_prompts = : server_set_id = $2 # AUTH LOGIN authentication method used by MS Outlook. auth_login: driver = plaintext public_name = LOGIN server_condition = ${if crypteq{$2} {${lookup mysql{SELECT crypt FROM users \ WHERE id = '${quote_mysql:${local_part:$1}}' \ AND mbox_host = '${quote_mysql:${domain:$1}}' \ # AND passwd = '${quote_mysql:$2}' \ AND active = 'Y'}{$value}{*}}}{yes}{no}} server_prompts = Username:: : Password:: server_set_id = $1 auth_cram_md5: driver = cram_md5 public_name = CRAM-MD5 server_secret = ${lookup mysql{SELECT passwd FROM users \ WHERE id = '${quote_mysql:${local_part:$1}}' \ AND mbox_host = '${quote_mysql:${domain:$1}}' \ AND active = 'Y'}{$value}fail} server_set_id = $1 # End of Exim configuration file | Всего записей: 272 | Зарегистр. 26-08-2003 | Отправлено: 10:42 20-06-2006 | Исправлено: darkomen, 10:43 20-06-2006 |
|