RE: [exim] how to stop exim from reverse lookup check for tr…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Mark Smith
Fecha:  
A: 'KHALID SHAWKAT', exim-users, 'SALES'
Cc: 
Asunto: RE: [exim] how to stop exim from reverse lookup check for trustedIPs...

Khalid

Try replacing everything in your ACL section with the contents of the
attached file, and see whether it makes any difference.

You can test it yourself by going into SSH and typing

exim -bhc 70.156.1.178
EHLO FALCON
MAIL FROM: user@???
RCPT TO: localuser@???
DATA
Whatever
.
QUIT

- Mark
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study #!!# them and rewrite as necessary.

begin acl


#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

accept domains = +relay_domains

  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
        hosts = +relay_hosts
  accept  hosts = +relay_hosts


  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
        condition = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}


  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *


  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}


#sender verifications are required for all messages that are not sent to lists

require verify = sender

accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. $acl_verify_message"
verify = recipient

accept
domains = +local_domains
local_parts = postmaster:abuse
!hosts = @[]
!authenticated = *

deny 
   message = Message rejected because your mail server $sender_fullhost \ is blacklisted at $dnslist_domain for sending spams  ($dnslist_text)...
   dnslists = relays.ordb.org :\
              sbl-xbl.spamhaus.org :\
              hil.habeas.com :\
              list.dsbl.org :\
              cbl.abuseat.org : \
              bl.spamcop.net :\
              dnsbl.njabl.org :\
              blackholes.easynet.nl : \
              dynablock.easynet.nl :\
              proxies.blackholes.easynet.nl :\
              spam.dnsbl.sorbs.net :\
              korea.services.net :\
              brazil.blackholes.us :\
              nigeria.blackholes.us :\
              argentina.blackholes.us :\
              malaysia.blackholes.us  :\
              singapore.blackholes.us :\
              taiwan.blackholes.us :\
              porn.rhs.mailpolice.com
              delay = 3s


require verify = reverse_host_lookup
       message = your mail server IP address ($sender_host_address) has no reverse DNS PTR hostname. \
       Please consider contacting us through our website or call us...\



#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
##### clamav ACL, reject virus infected mails with proper error

deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$

deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok

deny message = Potentially executable attachment ".$found_extension". If you meant \
to send this file then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

# Add X-Scanned Header

warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

##### end clamav ACL
accept