Re: [Exim] Sanity Check: blacklisting, "Unrouteable"

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Rory Campbell-Lange
Dátum:  
Címzett: exim-users
Tárgy: Re: [Exim] Sanity Check: blacklisting, "Unrouteable"
Hi Everyone

I'd be grateful to know how to rephrase my questions re "Unrouteable"
addresses and using lsearch so that they might invite a response.

Thanks!
Rory

On 22/01/04, Rory Campbell-Lange (rory@???) wrote:
> I'd be very grateful for some help.
>
> I'm running exim4.22 on linux, debian testing. The host is working as a
> passthrough host protecting an NT4 box running Exchange.
>
> Exim4 is doing a great job of killing spam and rejecting unwanted email
> for our office. It is also configured to keep a copy of all incoming and
> outgoing email. However there are some issues I can't get to the bottom
> of, despite peering unproductively at the exim4 book.
>
> We send and receive about 32000 emails a month (after splitting all the
> mails to each sender, etc). Perhaps this amounts to something like a
> total of 32000/4 ~ 8000 emails a month, for an office of about 80
> people.
>
>     EXIM total reject/filter results Tue Jan 20 00:00:05 2004
>     ---------------------------------------------------------

>
>     Stats for the last 10 days:

>
>     SPAM REJECT  : spam score reject                     1002
>     SPAM FILTER  : spam filtered                          169
>     RBL          : realtime blacklist                     141
>     SIZE         : oversize email                          29
>     DEMIME       : com:vbs:bat:pif:scr:exe attachment      12
>     MALWARE      : virus found                              0

>
> The problems:
>
> 1. "Unrouteable address"
> ------------------------
>
>    I have, in the last 2 days, started to see "Unrouteable address"
>    messages that quickly bounce mail emanating from our network back
>    to the sender.
>    Queries: a. I just don't know where 'dip.t-dialin.net' comes from!
>             b. Does 'Unrouteable' here mean there is no route
>                configured, or that something like a DNS error occurred?

>
> 2004-01-21 15:59:35 1AjKlT-0000nI-VE no IP address found for host dip.t-dialin.net
> 2004-01-21 15:59:37 1AjKlT-0000nI-VE <= user.f@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2086
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE ** sender.m@??? <sender.m@???>: Unrouteable address
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE => sender.m <sender.m@???> R=shadow_all T=shadow_delivery
> 2004-01-21 15:59:58 1AjKlq-0000nR-EQ <= <> R=1AjKlT-0000nI-VE U=mail P=local S=2897
> 2004-01-21 15:59:58 1AjKlT-0000nI-VE Completed
>
> 2004-01-21 17:29:01 1AjMA1-0001Da-NH no IP address found for host dip.t-dialin.net
> 2004-01-21 17:29:02 1AjMA1-0001Da-NH <= user2.r@??? H=mhpnt1 (mhp_nt1.mydomain.co.uk) [10.0.0.24] P=esmtp S=2671
> 2004-01-21 17:29:10 1AjMA1-0001Da-NH ** sender.2@??? <sender.2@???>: Unrouteable address
> 2004-01-21 17:29:10 1AjMA1-0001Da-NH => sender.2 <sender.2@???> R=shadow_all T=shadow_delivery
> 2004-01-21 17:29:11 1AjMAA-0001Dj-W1 <= <> R=1AjMA1-0001Da-NH U=mail P=local S=3501
> 2004-01-21 17:29:11 1AjMA1-0001Da-NH Completed
>
> 2. Blocking blacklisted hosts
> -----------------------------
>
>    My attempts to set up a local host blacklist doesn't seem to work. Do
>    I need an lsearch statement in the conditional statement?

>
> deny message = sender IP address $sender_host_address is locally blacklisted \
>                here. If you think this is wrong, get in touch with postmaster
>         !acl = acl_whitelist_local_deny
>          hosts = ${if exists{CONFDIR/local_host_blacklist}\
>                             {CONFDIR/local_host_blacklist}\
>                             {}}
>         log_message   = "BLACKLIST: $sender_fullhost"

>
> And local_host_blacklist contains entries like:
>
>     217.205.170.210
>     61.241.148.11
>     *.attbi.com
>     *.cable.mindspring.com
>     mail.ru

>
> --------------------------------------------------------------------------
> # exim4 -bV
> Exim version 4.22 #1 built 19-Sep-2003 14:48:39
> Copyright (c) University of Cambridge 2003
> Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (June 16, 2003)
> Support for: iconv() IPv6 PAM Perl GnuTLS
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Contains exiscan-acl patch revision 12 (c) Tom Kistner [http://duncanthrax.net/exiscan/]
> Configuration file is /var/lib/exim4/config.autogenerated
>
> --------------------------------------------------------------------------
> Configuration file: (distilled from autogenerated file)
>
> exim_path = /usr/sbin/exim4
> CONFDIR = /etc/exim4
> MESSAGE_SIZE_LIMIT = 5M
>
> .ifdef DC_minimaldns
> primary_hostname = mail.mydomain.co.uk
> .else
> .endif
>
> domainlist local_domains = @:mail.mydomain.co.uk:localhost:mydomain.co.uk:mydomain.com
> domainlist relay_to_domains = mydomain.co.uk:10.0.0.*:mydomain.com:localhost:127.0.0.1
> hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 10.0.0.1:10.0.0.3:10.0.0.24
> qualify_domain = mail.mydomain.co.uk
>
> DCreadhost =
> DCsmarthost =
> local_interfaces = 10.0.0.23:127.0.0.1
>
> LOCAL_DELIVERY=mail_spool
>
> gecos_pattern = ^([^,:]*)
> gecos_name = $1
>
> DCconfig_internet = 1
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
>
> .ifndef DC_minimaldns
> host_lookup = *
> .endif
>
> rfc1413_hosts = *
> rfc1413_query_timeout = 30s
>
> ignore_bounce_errors_after = 3d
> timeout_frozen_after = 14d
> freeze_tell = postmaster
> trusted_users = uucp
> never_users = root
> av_scanner = clamd:/var/run/clamd.ctl
> helo_allow_chars = _
>
> smtp_accept_queue_per_connection = 100
>
> ###################################### ACL ######################################
>
> begin acl
>
> acl_whitelist_local_deny:
>   accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
>                         {CONFDIR/local_host_whitelist}\
>                         {}}
>   accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
>                         {CONFDIR/local_sender_whitelist}\
>                         {}}

>
> acl_check_rcpt:
> accept hosts = :
>
> deny local_parts = ^.*[@%!/|] : ^\\.
>
>   accept local_parts = postmaster
>          domains = +local_domains

>
>   deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
>        !acl = acl_whitelist_local_deny
>        senders = ${if exists{CONFDIR/local_sender_blacklist}\
>                              {CONFDIR/local_sender_blacklist}\
>                              {}}

>
>   deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
>        !acl = acl_whitelist_local_deny
>        hosts = ${if exists{CONFDIR/local_host_blacklist}\
>                              {CONFDIR/local_host_blacklist}\
>                              {}}

>
>   accept domains = +local_domains
>          endpass
>          message = unknown user
>          verify = recipient

>
>   accept domains = +relay_to_domains
>          endpass
>          message = unrouteable address
>          verify = recipient

>
> accept hosts = +relay_from_hosts
>
> accept authenticated = *
>
> deny message = relay not permitted
>
> acl_check_data:
>
>   deny message = sender IP address $sender_host_address is locally blacklisted \
>                  here. If you think this is wrong, get in touch with postmaster
>           !acl = acl_whitelist_local_deny
>            hosts = ${if exists{CONFDIR/local_host_blacklist}\
>                               {CONFDIR/local_host_blacklist}\
>                               {}}
>           log_message   = "BLACKLIST: $sender_fullhost"

>
>    deny message = No verifiable sender address in message headers
>       !acl = acl_whitelist_local_deny
>       !verify = header_sender

>
>    deny message = "\n\
>           Message size $message_size is larger than limit of MESSAGE_SIZE_LIMIT\n\
>           Please compress your attachments in a zip file or divide your\n\
>           email into a number of smaller emails.\n\
>           Please contact the Hopkins IT department (it@???)\n\
>           for further information.\n\
>           "
>              condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{yes}{no}}
>           log_message   = "SIZE: $message_size"

>
>    deny   message       = $sender_host_address is in a black list at \
>                           $dnslist_domain"
>           log_message   = "RBL: $dnslist_domain"
>           dnslists      = relays.ordb.org : sbl.spamhaus.org

>
>    deny message = X-deny-message: $found_extension files are not accepted.
>            demime = com:vbs:bat:pif:scr:exe
>            log_message   = "DEMIME: $found_extension"

>
>    deny message = X-malware-message: This message contains malware ($malware_name)
>            demime = *
>            malware = *
>            log_message   = "MALWARE: $malware_name"

>
>    deny message = Spam score too high ($spam_score)
>            condition = ${if <{$message_size}{80k}{1}{0}}
>            spam = mail:true
>            condition = ${if >{$spam_score_int}{60}{1}{0}}
>            log_message   = "SPAM REJECT: $spam_score_int"

>
>    warn message = X-Redirect-To: spam@???
>            condition = ${if <{$message_size}{80k}{1}{0}}
>            spam = mail:true
>            condition = ${if >{$spam_score_int}{25}{1}{0}}
>            log_message   = "SPAM FILTER: $spam_score_int"

>
>    accept

>
> ################################### ROUTERS #####################################
>
> begin routers
>
> .ifdef DCconfig_internet
>
> scan_redirect:
> driver = redirect
> domains = mydomain.co.uk
> condition = ${if def:h_X-Redirect-To: {1}{0}}
> headers_add = X-Original-Recipient: $local_part@$domain
> data = $h_X-Redirect-To:
> headers_remove = X-Redirect-To
> redirect_router = accept_relay_for_mydomain
>
> shadow_all:
> driver = accept
> transport = shadow_delivery
> unseen
>
> accept_relay_for_mydomain:
> driver = accept
> domains = mydomain.co.uk
> transport = local_smtp_mydomain
> no_more
>
> dnslookup_relay_to_domains:
> driver = dnslookup
> domains = ! +local_domains : +relay_to_domains
> transport = remote_smtp
> same_domain_copy_routing = yes
> no_more
>
> dnslookup:
>   driver = dnslookup
>   domains = ! +local_domains
>   transport = remote_smtp
>   same_domain_copy_routing = yes
>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
>                         172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
>   no_more

>
> .endif
>
> real_local:
> debug_print = "R: real_local for $local_part@$domain"
> driver = accept
> local_part_prefix = real-
> check_local_user
> transport = LOCAL_DELIVERY
>
> system_aliases:
> debug_print = "R: system_aliases for $local_part@$domain"
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
>
> userforward:
>   debug_print = "R: userforward for $local_part@$domain"
>   driver = redirect
>   check_local_user
>   file = $home/.forward
>   no_verify
>   no_expn
>   check_ancestor
>   allow_filter
>   directory_transport = address_directory
>   file_transport = address_file
>   pipe_transport = address_pipe
>   reply_transport = address_reply
>   skip_syntax_errors
>   syntax_errors_to = real-$local_part@$domain
>   syntax_errors_text = \
>     This is an automatically generated message. An error has\n\
>     been found in your .forward file. Details of the error are\n\
>     reported below. While this error persists, you will receive\n\
>     a copy of this message for every message that is addressed\n\
>     to you. If your .forward file is a filter file, or if it is\n\
>     a non-filter file containing no valid forwarding addresses,\n\
>     a copy of each incoming message will be put in your normal\n\
>     mailbox. If a non-filter file contains at least one valid\n\
>     forwarding address, forwarding to the valid addresses will\n\
>     happen, and those will be the only deliveries that occur.

>
> procmail:
> debug_print = "R: procmail for $local_part@$domain"
> driver = accept
> check_local_user
> transport = procmail_pipe
> require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
> no_verify
> no_expn
>
> maildrop:
> debug_print = "R: maildrop for $local_part@$domain"
> driver = accept
> check_local_user
> transport = maildrop_pipe
> require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
> no_verify
> no_expn
>
> local_user:
> debug_print = "R: local_user for $local_part@$domain"
> driver = accept
> check_local_user
> local_parts = ! root
> transport = LOCAL_DELIVERY
>
> mail4root:
> debug_print = "R: mail4root for $local_part@$domain"
> driver = redirect
> data = /var/mail/mail
> file_transport = address_file
> local_parts = root
> user = mail
> group = mail
>
> begin transports
>
> address_file:
> debug_print = "T: address_file for $local_part@$domain"
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
>
> address_pipe:
> debug_print = "T: address_pipe for $local_part@$domain"
> driver = pipe
> return_fail_output
>
> address_reply:
> debug_print = "T: autoreply for $local_part@$domain"
> driver = autoreply
>
> mail_spool:
> debug_print = "T: appendfile for $local_part@$domain"
> driver = appendfile
> file = /var/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
> group = mail
> mode = 0660
> mode_fail_narrower = false
>
> maildir_home:
> debug_print = "T: maildir_home for $local_part@$domain"
> driver = appendfile
> directory = $home/Maildir
> delivery_date_add
> envelope_to_add
> return_path_add
> maildir_format
> mode = 0600
> mode_fail_narrower = false
>
> maildrop_pipe:
> debug_print = "T: maildrop_pipe for $local_part@$domain"
> driver = pipe
> path = "/bin:/usr/bin:/usr/local/bin"
> command = "/usr/bin/maildrop"
> return_path_add
> delivery_date_add
> envelope_to_add
>
> procmail_pipe:
> debug_print = "T: procmail_pipe for $local_part@$domain"
> driver = pipe
> path = "/bin:/usr/bin:/usr/local/bin"
> command = "/usr/bin/procmail"
> return_path_add
> delivery_date_add
> envelope_to_add
>
> local_smtp_mydomain:
> debug_print = "T: smtp for mydomain for $local_part@$domain"
> driver = smtp
> hosts = 10.0.0.24
> hosts_override
>
> remote_smtp:
> debug_print = "T: remote_smtp for $local_part@$domain"
> driver = smtp
>
> address_directory:
> debug_print = "T: address_directory for $local_part@$domain"
> driver = appendfile
> envelope_to_add = true
> return_path_add = true
> check_string = ""
> escape_string = ""
> maildir_format
>
> shadow_delivery:
> debug_print = "T: shadow_dleivery"
> driver = appendfile
> group = mail
> user = mail
> mode = 0660
> envelope_to_add = true
> directory=/home/mailbackup
> maildir_format
>
> begin retry
>
> *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

>
> begin rewrite
>
> *@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
>                    {$value}fail} Ffrs

>
> *@+local_domains "${if exists {CONFDIR/email-addresses}\
>                     {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
>             {$value}fail}}fail}" Ffrs

>
> .ifdef DCconfig_satellite
> *@+local_domains ${local_part}@DCreadhost Ffr
> .endif
>
> begin authenticators
>
> cram_md5:
> driver = cram_md5
> public_name = CRAM-MD5
> client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
> client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
>
> plain:
>   driver = plaintext
>   public_name = PLAIN
>   client_send = "${if !eq{$tls_cipher}{}{\
>                      ^${extract{1}{::}\
>                {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
>              ^${extract{2}{::}\
>                {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
>            }fail}"

>
> login:
>   driver = plaintext
>   public_name = LOGIN
>   client_send = "${if !eq{$tls_cipher}{}{}fail}\
>                  : ${extract{1}{::}\
>                 {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
>          : ${extract{2}{::}\
>              {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"

>
> --
> Rory Campbell-Lange
> <rory@???>
> <www.campbell-lange.net>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--
Rory Campbell-Lange
<rory@???>
<www.campbell-lange.net>