[Exim] Sanity Check: blacklisting, "Unrouteable"

Góra strony
Delete this message
Reply to this message
Autor: Rory Campbell-Lange
Data:  
Dla: exim-users
Temat: [Exim] Sanity Check: blacklisting, "Unrouteable"
I'd be very grateful for some help.

I'm running exim4.22 on linux, debian testing. The host is working as a
passthrough host protecting an NT4 box running Exchange.

Exim4 is doing a great job of killing spam and rejecting unwanted email
for our office. It is also configured to keep a copy of all incoming and
outgoing email. However there are some issues I can't get to the bottom
of, despite peering unproductively at the exim4 book.

We send and receive about 32000 emails a month (after splitting all the
mails to each sender, etc). Perhaps this amounts to something like a
total of 32000/4 ~ 8000 emails a month, for an office of about 80
people.

    EXIM total reject/filter results Tue Jan 20 00:00:05 2004
    ---------------------------------------------------------


    Stats for the last 10 days:


    SPAM REJECT  : spam score reject                     1002
    SPAM FILTER  : spam filtered                          169
    RBL          : realtime blacklist                     141
    SIZE         : oversize email                          29
    DEMIME       : com:vbs:bat:pif:scr:exe attachment      12
    MALWARE      : virus found                              0


The problems:

1. "Unrouteable address"
------------------------

   I have, in the last 2 days, started to see "Unrouteable address"
   messages that quickly bounce mail emanating from our network back
   to the sender.
   Queries: a. I just don't know where 'dip.t-dialin.net' comes from!
            b. Does 'Unrouteable' here mean there is no route
               configured, or that something like a DNS error occurred?


2004-01-21 15:59:35 1AjKlT-0000nI-VE no IP address found for host dip.t-dialin.net
2004-01-21 15:59:37 1AjKlT-0000nI-VE <= user.f@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2086
2004-01-21 15:59:58 1AjKlT-0000nI-VE ** sender.m@??? <sender.m@???>: Unrouteable address
2004-01-21 15:59:58 1AjKlT-0000nI-VE => sender.m <sender.m@???> R=shadow_all T=shadow_delivery
2004-01-21 15:59:58 1AjKlq-0000nR-EQ <= <> R=1AjKlT-0000nI-VE U=mail P=local S=2897
2004-01-21 15:59:58 1AjKlT-0000nI-VE Completed

2004-01-21 17:29:01 1AjMA1-0001Da-NH no IP address found for host dip.t-dialin.net
2004-01-21 17:29:02 1AjMA1-0001Da-NH <= user2.r@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2671
2004-01-21 17:29:10 1AjMA1-0001Da-NH ** sender.2@??? <sender.2@???>: Unrouteable address
2004-01-21 17:29:10 1AjMA1-0001Da-NH => sender.2 <sender.2@???> R=shadow_all T=shadow_delivery
2004-01-21 17:29:11 1AjMAA-0001Dj-W1 <= <> R=1AjMA1-0001Da-NH U=mail P=local S=3501
2004-01-21 17:29:11 1AjMA1-0001Da-NH Completed

2. Blocking blacklisted hosts
-----------------------------

My attempts to set up a local host blacklist doesn't seem to work. Do
I need an lsearch statement in the conditional statement?

deny message = sender IP address $sender_host_address is locally blacklisted \
               here. If you think this is wrong, get in touch with postmaster
        !acl = acl_whitelist_local_deny
         hosts = ${if exists{CONFDIR/local_host_blacklist}\
                            {CONFDIR/local_host_blacklist}\
                            {}}
        log_message   = "BLACKLIST: $sender_fullhost"


And local_host_blacklist contains entries like:

    217.205.170.210
    61.241.148.11
    *.attbi.com
    *.cable.mindspring.com
    mail.ru


--------------------------------------------------------------------------
# exim4 -bV
Exim version 4.22 #1 built 19-Sep-2003 14:48:39
Copyright (c) University of Cambridge 2003
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (June 16, 2003)
Support for: iconv() IPv6 PAM Perl GnuTLS
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Contains exiscan-acl patch revision 12 (c) Tom Kistner [http://duncanthrax.net/exiscan/]
Configuration file is /var/lib/exim4/config.autogenerated

--------------------------------------------------------------------------
Configuration file: (distilled from autogenerated file)

exim_path = /usr/sbin/exim4
CONFDIR = /etc/exim4
MESSAGE_SIZE_LIMIT = 5M

.ifdef DC_minimaldns
primary_hostname = mail.mydomain.co.uk
.else
.endif

domainlist local_domains = @:mail.mydomain.co.uk:localhost:mydomain.co.uk:mydomain.com
domainlist relay_to_domains = mydomain.co.uk:10.0.0.*:mydomain.com:localhost:127.0.0.1
hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 10.0.0.1:10.0.0.3:10.0.0.24
qualify_domain = mail.mydomain.co.uk

DCreadhost =
DCsmarthost =
local_interfaces = 10.0.0.23:127.0.0.1

LOCAL_DELIVERY=mail_spool

gecos_pattern = ^([^,:]*)
gecos_name = $1

DCconfig_internet = 1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

.ifndef DC_minimaldns
host_lookup = *
.endif

rfc1413_hosts = *
rfc1413_query_timeout = 30s

ignore_bounce_errors_after = 3d
timeout_frozen_after = 14d
freeze_tell = postmaster
trusted_users = uucp
never_users = root
av_scanner = clamd:/var/run/clamd.ctl
helo_allow_chars = _

smtp_accept_queue_per_connection = 100

###################################### ACL ######################################

begin acl

acl_whitelist_local_deny:
  accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
                        {CONFDIR/local_host_whitelist}\
                        {}}
  accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
                        {CONFDIR/local_sender_whitelist}\
                        {}}


acl_check_rcpt:
accept hosts = :

deny local_parts = ^.*[@%!/|] : ^\\.

  accept local_parts = postmaster
         domains = +local_domains


  deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
       !acl = acl_whitelist_local_deny
       senders = ${if exists{CONFDIR/local_sender_blacklist}\
                             {CONFDIR/local_sender_blacklist}\
                             {}}


  deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
       !acl = acl_whitelist_local_deny
       hosts = ${if exists{CONFDIR/local_host_blacklist}\
                             {CONFDIR/local_host_blacklist}\
                             {}}


  accept domains = +local_domains
         endpass
         message = unknown user
         verify = recipient


  accept domains = +relay_to_domains
         endpass
         message = unrouteable address
         verify = recipient


accept hosts = +relay_from_hosts

accept authenticated = *

deny message = relay not permitted

acl_check_data:

  deny message = sender IP address $sender_host_address is locally blacklisted \
                 here. If you think this is wrong, get in touch with postmaster
          !acl = acl_whitelist_local_deny
           hosts = ${if exists{CONFDIR/local_host_blacklist}\
                              {CONFDIR/local_host_blacklist}\
                              {}}
          log_message   = "BLACKLIST: $sender_fullhost"


   deny message = No verifiable sender address in message headers
      !acl = acl_whitelist_local_deny
      !verify = header_sender


   deny message = "\n\
          Message size $message_size is larger than limit of MESSAGE_SIZE_LIMIT\n\
          Please compress your attachments in a zip file or divide your\n\
          email into a number of smaller emails.\n\
          Please contact the Hopkins IT department (it@???)\n\
          for further information.\n\
          "
             condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{yes}{no}}
          log_message   = "SIZE: $message_size"


   deny   message       = $sender_host_address is in a black list at \
                          $dnslist_domain"
          log_message   = "RBL: $dnslist_domain"
          dnslists      = relays.ordb.org : sbl.spamhaus.org


   deny message = X-deny-message: $found_extension files are not accepted.
           demime = com:vbs:bat:pif:scr:exe
           log_message   = "DEMIME: $found_extension"


   deny message = X-malware-message: This message contains malware ($malware_name)
           demime = *
           malware = *
           log_message   = "MALWARE: $malware_name"


   deny message = Spam score too high ($spam_score)
           condition = ${if <{$message_size}{80k}{1}{0}}
           spam = mail:true
           condition = ${if >{$spam_score_int}{60}{1}{0}}
           log_message   = "SPAM REJECT: $spam_score_int"


   warn message = X-Redirect-To: spam@???
           condition = ${if <{$message_size}{80k}{1}{0}}
           spam = mail:true
           condition = ${if >{$spam_score_int}{25}{1}{0}}
           log_message   = "SPAM FILTER: $spam_score_int"


accept

################################### ROUTERS #####################################

begin routers

.ifdef DCconfig_internet

scan_redirect:
driver = redirect
domains = mydomain.co.uk
condition = ${if def:h_X-Redirect-To: {1}{0}}
headers_add = X-Original-Recipient: $local_part@$domain
data = $h_X-Redirect-To:
headers_remove = X-Redirect-To
redirect_router = accept_relay_for_mydomain

shadow_all:
driver = accept
transport = shadow_delivery
unseen

accept_relay_for_mydomain:
driver = accept
domains = mydomain.co.uk
transport = local_smtp_mydomain
no_more

dnslookup_relay_to_domains:
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more


.endif

real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe

userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  check_ancestor
  allow_filter
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.


procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
check_local_user
transport = procmail_pipe
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
no_verify
no_expn

maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY

mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

begin transports

address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
directory = $home/Maildir
delivery_date_add
envelope_to_add
return_path_add
maildir_format
mode = 0600
mode_fail_narrower = false

maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add

procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

local_smtp_mydomain:
debug_print = "T: smtp for mydomain for $local_part@$domain"
driver = smtp
hosts = 10.0.0.24
hosts_override

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp

address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format

shadow_delivery:
debug_print = "T: shadow_dleivery"
driver = appendfile
group = mail
user = mail
mode = 0660
envelope_to_add = true
directory=/home/mailbackup
maildir_format

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail} Ffrs


*@+local_domains "${if exists {CONFDIR/email-addresses}\
                    {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
            {$value}fail}}fail}" Ffrs


.ifdef DCconfig_satellite
*@+local_domains ${local_part}@DCreadhost Ffr
.endif

begin authenticators

cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
               {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
             ^${extract{2}{::}\
               {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
           }fail}"


login:
  driver = plaintext
  public_name = LOGIN
  client_send = "${if !eq{$tls_cipher}{}{}fail}\
                 : ${extract{1}{::}\
                {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
         : ${extract{2}{::}\
             {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"


--
Rory Campbell-Lange
<rory@???>
<www.campbell-lange.net>