[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: [exim] Tighten the Spam Grip
From: "Grant Peel" <gpeel () thenetnow ! com>
Date: 2008-03-30 14:35:40
Message-ID: 001e01c89273$53e3ee00$6501a8c0 () GRANT
[Download RAW message or body]
Hi all,
Up until now, I have been accepting mail based on the acl below, and distributing it \
based on the router shown below. Since I have mail comming into the server from \
remote SMTPs and we need to send mail to remote SMTPs my question is two fold:
Can acls be used for incomming mail to determine if any of these criteria exist
-Virtual User must exist
-Virtual Alias must exist
and can the acl be used for sending mail out, as it is written now, considering the \
question above?
So, I suppose I am asking, can the acl be re written to:
check if incomming mail is from a local domain, and process it accorningly, or chek \
if mail is from a remote smtp and deny it (at RCPT time) if a virtual alias or \
virtual user does not exist?
TIA,
-Grant
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mydomain.com
domainlist local_domains = /etc/virtual/domains
domainlist relay_to_domains =
hostlist relay_from_hosts = /etc/virtual/domains
hostlist blacklisted_domains = /etc/virtual/blacklist
acl_smtp_rcpt = acl_check_rcpt
trusted_users = mailnull:root:webmail:www
exim_user = mailnull
exim_group = mail
never_users =
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 0s
timeout_frozen_after = 1d
return_path_remove
untrusted_set_sender = *
helo_allow_chars = _
daemon_smtp_ports = 25 : 109
bounce_message_file = /usr/local/etc/exim/bounce_message_file
warn_message_file = /usr/local/etc/exim/warn_message_file
return_size_limit = 10000
bounce_return_message = false
delay_warning = 72h
log_selector = +incoming_interface
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny senders = :
dnslists = ips.backscatterer.org
message = This message looks like a bounce, and your server is listed \
at \
ips.backscatterer.org, so I assume that this is "backscatter". \
Please configure your mail server to not send "backscatter spam". \
For advice, try http://www.dontbouncespam.org/
log_message = ATTENTION BACKSCATTERER
deny local_parts = ^.*[@%!/|] : ^\\.
deny senders = :
condition = ${if ! eq{$recipients_count}{1}{1}}
message = Bounces must have only a single recipient
log_message = Another denied due to backscatter-Single Recipient
# accept local_parts = postmaster
# domains = +local_domains
require verify = sender
deny message = rejected because $sender_host_address was \
found in our blacklist
log_message = domain found in $blacklisted_domains
hosts = +blacklisted_domains
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
dnslookup_owm:
driver = dnslookup
domains = ! +local_domains
condition = ${if eq {$sender_host_address}{127.0.0.1} {yes}{no}}
transport = remote_smtp_owm
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
virtual_alias:
driver = redirect
allow_defer
allow_fail
data = ${lookup {$local_part} lsearch {/home/$domain/mail/aliases}}
domains = /etc/virtual/domains
require_files = /home/$domain/mail/aliases
condition = ${lookup {$local_part} lsearch {/home/$domain/mail/aliases} {yes}{no}}
qualify_preserve_domain
retry_use_local_part
check_ancestor
one_time
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
spamcheck_router:
driver = accept
no_verify
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq \
{$received_protocol}{spam-scanned}}} {1}{0}}" transport = spamcheck
autoreply_router:
driver = accept
require_files = /home/$domain/mail/auto-replies/$local_part
transport = autoreply_transport
no_verify
unseen
virtual_localuser:
driver = accept
require_files = /etc/virtual/$domain/passwd
domains = /etc/virtual/domains
condition = ${lookup {$local_part} lsearch {/etc/virtual/$domain/passwd}{$value}}
transport = virtual_localdelivery
virtual_catchall:
driver = redirect
allow_defer
allow_fail
data = ${lookup {catchall} lsearch {/home/$domain/mail/aliases}}
domains = /etc/virtual/domains
require_files = /home/$domain/mail/aliases
condition = ${lookup {catchall}lsearch{/home/$domain/mail/aliases} {yes}{no}}
qualify_preserve_domain
retry_use_local_part
check_ancestor
one_time
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
condition = ${lookup {$sender_helo_name} lsearch {/etc/virtual/domains}{YES}{NO}}
transport = local_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp_owm:
driver = smtp
helo_data = $sender_address_domain
interface = ${lookup dnsdb{a=$sender_address_domain}}
return_path_add = true
debug_print = "XX T: remote_smtp for $local_part@$domain Sent VIA \
$interface_address XX"
remote_smtp:
driver = smtp
helo_data = ${lookup \
dnsdb{defer_never,ptr=$interface_address}{$value}{$primary_hostname}} interface = \
$interface_address return_path_add = true
debug_print = "XX T: remote_smtp for $local_part@$domain Sent VIA \
$interface_address XX"
autoreply_transport:
driver = pipe
command = /usr/local/bin/autoreply.pl /home/$domain/mail/auto-replies/$local_part
spamcheck:
driver = pipe
command = /usr/local/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/local/bin/spamc -u \
${lookup{$domain}lsearch{/etc/virtual/domains_users}} home_directory = "/tmp"
current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in!
user = mailnull
group = mailnull
log_output = true
return_fail_output = false
return_path_add
message_prefix =
message_suffix =
virtual_localdelivery:
driver = appendfile
create_directory = true
directory_mode = 700
file = /var/spool/virtual/${domain}/${local_part}
headers_remove = "Bcc"
return_path_add
user = ${lookup{$domain}lsearch{/etc/virtual/domains_users}}
group = mail
mode = 660
local_delivery:
driver = appendfile
file = /$home/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
user = mailnull
group = mail
mode = 0660
address_pipe:
driver = pipe
return_output
user = thenetnow
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* quota_7d
* quota F,72h,1h;
* * F,12h,15m; F,24h,30m; F,36h,60m
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default configuration file.
begin authenticators
# For Netscape/Mozilla
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if and{ {!eq{$2}{}}{!eq{$3}{}} \
{crypteq {$3} {${lookup {${local_part:$2}} lsearch \
{/etc/virtual/${domain:$2}/passwd}\
{$value} {*:*}}}} } {1}{0}}"
server_set_id = $2
# For Outlook/Outlook Express
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if and{ {!eq{$1}{}}{!eq{$2}{}} \
{crypteq {$2} {${lookup {${local_part:$1}} lsearch \
{/etc/virtual/${domain:$1}/passwd}\
{$value} {*:*}}}} } {1}{0}}"
server_set_id = $1
# End of Exim configuration file
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic