I am having a problem with a couple of small issues....
I just completed implementation of a new server that is utilizing a
PostgreSQL database for all lookup related to relays, user accounts,
etc. An issue that seems to have cropped up is that the server is not
verifying that the account located in the database actually exists. For
instance, we are having some idiot sending our users mail messages with
a zip file attached, which contains a virus, and it is coming from
admin@???. I have added an ACL but it did not accomplish
anything. You can send a message to any user from
zxcvzxcvz@???, which does not exist, and the server does not
care in the least. Please let me know what functionality causes this...
The following is the configuration file that we are using.
Also, exiscan is making system calls to AVP, but it is timing out
waiting for response. You will see references to exiscan in the
configuration.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mta01.dmz.ftsm.vlnx.net
local_interfaces = 0.0.0.0
LOCAL_RELAY_HOST = mta02.dmz.ftsm.vlnx.net
SERVER_ADMINISTRATOR = postmaster@???
domainlist domains_primary = @:pgsql;select domainname from
hostdomains where \
domainname =
'${quote_pgsql:$domain}' and acctstat = 1;
domainlist domains_backup = @:pgsql;select domainname from
hostdomains where \
domainname =
'${quote_pgsql:$domain}' and acctstat = 1;
hostlist relay_hosts = /etc/exim/relay.hosts
# hostlist relay_hosts = @:pgsql;select ipblockcidr
from relays where \
#
'${quote_pgsql:$sender_host_address}';
# hostlist black_hosts = @:pgsql;select ipaddr from
ipblacklist where \
#
'${quote_pgsql:$sender_host_address}'::::cidr << ipaddr::::text::::cidr
: \
# @:pgsql;select domainname
from domainblacklist where \
# domainname =
'${quote_pgsql:$sender_host_address}';
qualify_domain = valuelinx.net
helo_allow_chars = _
rfc1413_hosts = 0
rfc1413_query_timeout = 30s
domainlist local_domains = @
hostlist relay_from_hosts = 127.0.0.1
domainlist domains_local = @
# av_scanner = kavdaemon:/var/run/AvpCtl
spamd_address = 127.0.0.1 783
# allow_domain_literals
never_users = root
host_lookup = *
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
# percent_hack_domains =
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
retry_data_expire = 7d
auto_thaw = 1d
freeze_tell = SERVER_ADMINISTRATOR
errors_copy = SERVER_ADMINISTRATOR
errors_reply_to = SERVER_ADMINISTRATOR
log_selector = +all -arguments -queue_run
message_logs = false
split_spool_directory = true
queue_only_load = 8.00
queue_run_max = 5
smtp_reserve_hosts = +relay_hosts
smtp_accept_max = 350
smtp_accept_max_per_host = 20
smtp_accept_queue_per_connection = 40
smtp_accept_reserve = 100
smtp_connect_backlog = 50
smtp_load_reserve = 8.00
smtp_receive_timeout = 3m
acl_smtp_auth = acl_auth_main
acl_smtp_etrn = acl_etrn_main
acl_smtp_expn = acl_expn_main
acl_smtp_vrfy = acl_vrfy_main
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_content
hide pgsql_servers =
XXX.XXX.XXX.XXX/XXXXXXX/XXXXXXX/XXXXXXXXXX
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
deny log_message = Invalid characters in address
message = invalid characters in address
local_parts = ^.*[@%!/|] : ^\\.
deny message = Blacklisted spam by Valuelinx
message = This account does not exist,
please go away....
local_parts = admin@??? : admin
accept domains = +domains_primary :
+domains_backup
local_parts = postmaster
require log_message = bad sender address
($sender_address) from $sender_host_address
message = unable to verify the existance
of the senders address
require verify = sender
require log_message = bad recipient address from
$sender_host_address
message = unable to verify the existance
of the recipients address
verify = recipient
accept hosts = +relay_hosts
verify = recipient/callout=10s,defer_ok
# deny log_message = relaying denied to $domain
from $sender_host_address
# message = mail for $domain is not
handled by this server
deny message = $sender_host_address is
blacklisted in black.hosts
log_message = blacklisted sender
$sender_host_address
hosts = +black_hosts
deny message = $sender_host_address is
blacklisted at $dnslist_domain
log_message = blacklisted sender
$sender_host_address
dnslists = cbl.abuseat.org :
opm.blitzed.org : sbl.spamhaus.org
# deny log_message = relaying denied to
$domain from $sender_host_address
# message = mail for $domain is not
handled by this server
accept hosts = 127.0.0.1 : localhost :
localhost.localdomain
accept domains = +domains_primary :
+domains_backup
verify = recipient/callout=10s,defer_ok
# accept domains = +domains_primary :
+domains_backup
endpass
message = unknown user
verify = recipient
acl_check_content:
deny message = This message contains a MIME
error ($demime_reason)
demime = *
condition = ${if
>{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains an
unwanted file extension ($found_extension)
demime = scr:vbs:bat:lnk:pif:exe:com
# deny message = This message contains malware
($malware_name)
# demime = *
# malware = *
deny message = This message matches a
blacklisted regular expression ($regex_match_string)
regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr]
*[Aa]
warn message = X-Spam-Score: $spam_score
($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
warn message = X-Spam-Flag: YES
spam = nobody
deny message = This message scored
$spam_score points. Congratulations!
spam = nobody:true
condition = ${if
>{$spam_score_int}{100}{1}{0}}
accept
acl_auth_main:
accept
acl_etrn_main:
deny
acl_expn_main:
deny
acl_vrfy_main:
deny
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp
remote_delivery:
driver = dnslookup
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
domains = ! +domains_primary
remote_forward:
driver = manualroute
transport = remote_smtp
domains = +domains_primary
route_data = LOCAL_RELAY_HOST
ignore_target_hosts = 127.0.0.0/8 : 10.0.0.0/8 :
192.168.0.0/16
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup pgsql {select alias
from aliases where \
alias =
'${quote_pgsql:$local_part}' AND \
domainname = '${quote_pgsql:$domain}'}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_mailspool
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
local_mailspool:
driver = appendfile
directory = ${lookup pgsql{SELECT
mailspool from users \
where username =
'$local_part'}{$value}}
maildir_format = true
create_directory = true
directory_mode = 0770
mode = 0660
group = mail
quota = 20M
quota_warn_threshold = 75%
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
######################################################################
# CONFIGURATION FOR local_scan() #
######################################################################
# begin local_scan
