[Exim] Questions.....

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Stephen D. Malenshek
Date:  
À: exim-users
Sujet: [Exim] Questions.....
I am having a problem with a couple of small issues....

I just completed implementation of a new server that is utilizing a
PostgreSQL database for all lookup related to relays, user accounts,
etc. An issue that seems to have cropped up is that the server is not
verifying that the account located in the database actually exists. For
instance, we are having some idiot sending our users mail messages with
a zip file attached, which contains a virus, and it is coming from
admin@???. I have added an ACL but it did not accomplish
anything. You can send a message to any user from
zxcvzxcvz@???, which does not exist, and the server does not
care in the least. Please let me know what functionality causes this...
The following is the configuration file that we are using.

Also, exiscan is making system calls to AVP, but it is timing out
waiting for response. You will see references to exiscan in the
configuration.

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


primary_hostname                        = mta01.dmz.ftsm.vlnx.net
local_interfaces                        = 0.0.0.0
LOCAL_RELAY_HOST                        = mta02.dmz.ftsm.vlnx.net
SERVER_ADMINISTRATOR                    = postmaster@???


domainlist domains_primary              = @:pgsql;select domainname from
hostdomains where \
                                                domainname =
'${quote_pgsql:$domain}' and acctstat = 1;
domainlist domains_backup               = @:pgsql;select domainname from
hostdomains where \
                                                domainname =
'${quote_pgsql:$domain}' and acctstat = 1;
hostlist relay_hosts                    = /etc/exim/relay.hosts


# hostlist relay_hosts                  = @:pgsql;select ipblockcidr
from relays where \
#
'${quote_pgsql:$sender_host_address}';
# hostlist black_hosts                    = @:pgsql;select ipaddr from
ipblacklist where \
#
'${quote_pgsql:$sender_host_address}'::::cidr << ipaddr::::text::::cidr
: \
#                                           @:pgsql;select domainname
from domainblacklist where \
#                                                 domainname =
'${quote_pgsql:$sender_host_address}';


qualify_domain                          = valuelinx.net
helo_allow_chars                        = _
rfc1413_hosts                           = 0
rfc1413_query_timeout                   = 30s
domainlist local_domains                = @
hostlist   relay_from_hosts             = 127.0.0.1
domainlist domains_local                = @
# av_scanner                            = kavdaemon:/var/run/AvpCtl
spamd_address                           = 127.0.0.1 783
# allow_domain_literals
never_users                             = root
host_lookup                             = *
# sender_unqualified_hosts              =
# recipient_unqualified_hosts           =
# percent_hack_domains                  =


ignore_bounce_errors_after              = 2d
timeout_frozen_after                    = 7d
retry_data_expire                       = 7d
auto_thaw                               = 1d


freeze_tell                             = SERVER_ADMINISTRATOR
errors_copy                             = SERVER_ADMINISTRATOR
errors_reply_to                         = SERVER_ADMINISTRATOR


log_selector                            = +all -arguments -queue_run
message_logs                            = false




split_spool_directory                   = true
queue_only_load                         = 8.00
queue_run_max                           = 5


smtp_reserve_hosts                      = +relay_hosts
smtp_accept_max                         = 350
smtp_accept_max_per_host                = 20
smtp_accept_queue_per_connection        = 40
smtp_accept_reserve                     = 100
smtp_connect_backlog                    = 50
smtp_load_reserve                       = 8.00
smtp_receive_timeout                    = 3m


acl_smtp_auth                           = acl_auth_main
acl_smtp_etrn                           = acl_etrn_main
acl_smtp_expn                           = acl_expn_main
acl_smtp_vrfy                           = acl_vrfy_main
acl_smtp_rcpt                           = acl_check_rcpt
acl_smtp_data                           = acl_check_content


hide pgsql_servers                      =
XXX.XXX.XXX.XXX/XXXXXXX/XXXXXXX/XXXXXXXXXX



######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl

acl_check_rcpt:

  deny    log_message                   = Invalid characters in address
          message                       = invalid characters in address
          local_parts                   = ^.*[@%!/|] : ^\\.


  deny    message                       = Blacklisted spam by Valuelinx
          message                       = This account does not exist,
please go away....
          local_parts                   = admin@??? : admin


  accept  domains                       = +domains_primary :
+domains_backup
          local_parts                   = postmaster


  require log_message                   = bad sender address
($sender_address) from $sender_host_address
          message                       = unable to verify the existance
of the senders address
          require verify                = sender


  require log_message                   = bad recipient address from
$sender_host_address
          message                       = unable to verify the existance
of the recipients address
          verify                        = recipient


  accept  hosts                         = +relay_hosts
          verify                        = recipient/callout=10s,defer_ok


#  deny    log_message                  = relaying denied to $domain
from $sender_host_address
#         message                       = mail for $domain is not
handled by this server


  deny    message                       = $sender_host_address is
blacklisted in black.hosts
          log_message                   = blacklisted sender
$sender_host_address
          hosts                         = +black_hosts


  deny    message                       = $sender_host_address is
blacklisted at $dnslist_domain
          log_message                   = blacklisted sender
$sender_host_address
          dnslists                      = cbl.abuseat.org :
opm.blitzed.org : sbl.spamhaus.org


#  deny  log_message                            = relaying denied to
$domain from $sender_host_address
#          message                      = mail for $domain is not
handled by this server


  accept  hosts                         = 127.0.0.1 : localhost :
localhost.localdomain


  accept  domains                       = +domains_primary :
+domains_backup
          verify                        = recipient/callout=10s,defer_ok


#  accept  domains                      = +domains_primary :
+domains_backup
          endpass
          message                       = unknown user
          verify                        = recipient



acl_check_content:

  deny    message                       = This message contains a MIME
error ($demime_reason)
          demime                        = *
          condition                     = ${if

>{$demime_errorlevel}{2}{1}{0}}


  deny    message                       = This message contains an
unwanted file extension ($found_extension)
          demime                        = scr:vbs:bat:lnk:pif:exe:com


#   deny    message                     = This message contains malware
($malware_name)
#         demime                        = *
#           malware                     = *


  deny    message                       = This message matches a
blacklisted regular expression ($regex_match_string)
          regex                         = [Vv] *[Ii] *[Aa] *[Gg] *[Rr]
*[Aa]


  warn    message                       = X-Spam-Score: $spam_score
($spam_bar)
          spam                          = nobody:true


  warn    message                       = X-Spam-Report: $spam_report
          spam                          = nobody:true


  warn    message                       = X-Spam-Flag: YES
          spam                          = nobody


  deny    message                       = This message scored
$spam_score points. Congratulations!
          spam                          = nobody:true
          condition                     = ${if

>{$spam_score_int}{100}{1}{0}}


accept

acl_auth_main:
        accept


acl_etrn_main:
        deny


acl_expn_main:
        deny


acl_vrfy_main:
        deny



######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################


begin routers

# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp

remote_delivery:
  driver                                = dnslookup
  transport                             = remote_smtp
  ignore_target_hosts                   = 0.0.0.0 : 127.0.0.0/8
  domains                               = ! +domains_primary


remote_forward:
  driver                                = manualroute
  transport                             = remote_smtp
  domains                               = +domains_primary
  route_data                            = LOCAL_RELAY_HOST
  ignore_target_hosts                   = 127.0.0.0/8 : 10.0.0.0/8 :
192.168.0.0/16


system_aliases:
  driver                                = redirect
  allow_fail
  allow_defer
  data                                  = ${lookup pgsql {select alias
from aliases where \
                                                alias =
'${quote_pgsql:$local_part}' AND \


domainname = '${quote_pgsql:$domain}'}}
  file_transport                        = address_file
  pipe_transport                        = address_pipe


userforward:
  driver                                = redirect
  check_local_user
  file                                  = $home/.forward
  no_verify
  no_expn
  check_ancestor
  file_transport                        = address_file
  pipe_transport                        = address_pipe
  reply_transport                       = address_reply


localuser:
  driver                                = accept
  check_local_user
  transport                             = local_mailspool


######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


begin transports

remote_smtp:
  driver                                = smtp


local_mailspool:
  driver                                = appendfile
  directory                             = ${lookup pgsql{SELECT
mailspool from users \
                                                where username =
'$local_part'}{$value}}
  maildir_format                        = true
  create_directory                      = true
  directory_mode                        = 0770
  mode                                  = 0660
  group                                 = mail
  quota                                 = 20M
  quota_warn_threshold                  = 75%
  maildir_tag                           = ,S=$message_size
  quota_size_regex                      = ,S=(\d+)
  delivery_date_add
  envelope_to_add
  return_path_add


address_pipe:
  driver                                = pipe
  return_output


address_file:
  driver                                = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add


address_reply:
  driver                                = autoreply




######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


begin retry

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h




######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


begin rewrite



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


begin authenticators



######################################################################
#                   CONFIGURATION FOR local_scan()                   #
######################################################################


# begin local_scan