FAQ по Exim MTA - [612] :: В помощь системному администратору

######################################################################
# Runtime configuration file for Exim #
######################################################################
#######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################

primary_hostname = mydomain.ru
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND \
(type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1 : 172.17.24.0/24
auth_advertise_hosts = *
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/mail.pem
tls_privatekey = /etc/ssl/certs/mail.pem
log_selector = \
+all_parents \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_content
av_scanner = clamd:/usr/local/clamav/var/tmp/clamd.sock
spamd_address = 127.0.0.1 783
qualify_domain = mydomain.ru
allow_domain_literals = false
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 30m
timeout_frozen_after = 3d
freeze_tell = postmaster
message_size_limit = 10M
smtp_accept_max = 100
smtp_accept_max_per_connection = 5
#smtp_connect_backlog = 50
smtp_accept_max_per_host = 2
split_spool_directory = true
remote_max_parallel = 15
smtp_banner = "Welcome on our mail server!\n\
This system does not accept Unsolicited \
Commercial Email\nand will blacklist \
offenders via our spam processor.\nHave a \
nice day!\n\n${primary_hostname} ESMTP"

hide mysql_servers = localhost/exim/sqlmail/my_password

######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl

acl_check_rcpt:

accept hosts = :

deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

accept local_parts = postmaster
domains = +local_domains

require verify = sender

deny message = HELO/EHLO required by SMTP RFC
condition = ${if eq{$sender_helo_name}{}{yes}{no}}

deny message = Go Away! You are spammer.
condition = ${if match{$sender_host_name} \
{bezeqint\\.net|net\\.il|dialup|dsl|pool|peer|dhcp} \
{yes}{no}}

deny message = rejected because \
$sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = relays.ordb.org
deny message = message from \
$sender_host_address rejected - see http://njabl.org/
log_message = found in $dnslist_domain
dnslists = dnsbl.njabl.org
deny message = rejected because \
$sender_host_address for bad WHOIS info, see http://www.rfc-ignorant.org/
log_message = found in $dnslist_domain
dnslists = ipwhois.rfc-ignorant.org
deny message = rejected because $sender_host_address \
is in a black list at $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = dialups.mail-abuse.org
deny message = rejected because $sender_host_address \
is in a black list at $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = list.dsbl.org
deny message = Spam blocked see: \
http://www.spamcop.net/w3m?action=checkblock&ip=$sender_host_address
log_message = found in $dnslist_domain
dnslists = bl.spamcop.net
deny message = rejected, $sender_host_address \
Open Proxy, see: $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = dnsbl.void.ru

accept domains = +local_domains
endpass
message = unknown user
verify = recipient

accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient

accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted

acl_check_mime:

warn decode = default

deny message = Blacklisted file extension detected ($mime_filename)
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs|\.cpl)$\N} \
{1}{0}}

deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}

accept

acl_check_content:

deny message = Virus found ($malware_name)
malware = *

warn message = X-Spam-Score: $spam_score ($spam_bar)
hosts = !+relay_from_hosts
spam = nobody:true

warn message = X-Spam-Report: $spam_report
hosts = !+relay_from_hosts
spam = nobody:true

warn message = Subject: ***SPAM*** $h_Subject:
hosts = !+relay_from_hosts
spam = nobody

deny message = This message scored $spam_score spam points.
spam = nobody:true
hosts = !+relay_from_hosts
condition = ${if >{$spam_score_int}{120}{1}{0}}

accept

######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}

userforward:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM userforward \
WHERE local_part='${local_part}' AND domain='${domain}'}}

virtual_localuser:
driver = accept
domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}}
local_parts = ${lookup mysql{SELECT login from users \
WHERE login='${local_part}' AND domain='${domain}'}}
transport = local_delivery

######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################

begin transports

remote_smtp:
driver = smtp

local_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = /var/mail/$domain/$local_part
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0660
quota = ${lookup mysql{SELECT quota FROM users \
WHERE login='${local_part}' AND domain='${domain}'}{${value}M}}
quota_size_regex = S=(\d+)$
quota_warn_threshold = 75%
return_path_add

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

######################################################################
# RETRY CONFIGURATION #
######################################################################

begin retry

* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

######################################################################
# REWRITE CONFIGURATION #
######################################################################

begin rewrite

######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

begin authenticators

auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT login FROM users \
WHERE login = '${quote_mysql:${local_part:$2}}' \
AND domain = '${quote_mysql:${domain:$2}}' \
AND decrypt = '${quote_mysql:$3}' \
AND status = '1'}{yes}{no}}
server_prompts = :
server_set_id = $2

auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT login FROM users \
WHERE login = '${quote_mysql:${local_part:$1}}' \
AND domain = '${quote_mysql:${domain:$1}}' \
AND decrypt = '${quote_mysql:$2}' \
AND status = '1'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1

auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT decrypt FROM users \
WHERE login = '${quote_mysql:${local_part:$1}}' \
AND domain = '${quote_mysql:${domain:$1}}' \
AND status = '1'}{$value}fail}
server_set_id = $1

# End of Exim configuration file

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
ShriEkeR (16-05-2011 18:50): FAQ по Exim MTA #2	Версия для печати • Подписаться • Добавить в закладки
На первую страницу • к этому сообщению • к последнему сообщению