Hello,
I configured exim 4.63-17 on a Debian (sarge) system with apt-get.
Exim is working well, with mysql-db in background.
Depending on the increase of daily spam-mails i choosed to install
greylisting. So I installed greylistd with apt-get.
Greylistd is working well, exim also, but mails are saved twice.
Every mail coming in is saved twice.
Can anyone explain this?
Here my exim4.conf:
MYSQL_SERVER=localhost
MYSQL_USER=eximuser
MYSQL_PASSWORD=eximpassword
MYSQL_DB=exim
MYSQL_EMAILTABLE=emailtable
MYSQL_DOMAINTABLE=domaintable
MYSQL_DOMAINRTABLE=relaytable
MYSQL_ALIASTABLE=aliases
MYSQL_WHITETABLE=whitelist
MYSQL_BLACKTABLE=blacklist
MYSQL_AUTHTABLE=boxauth
MYSQL_Q_ALIASES=SELECT destination FROM MYSQL_ALIASTABLE WHERE
alias='${quote_mysql:$local_part}'
MYSQL_Q_ISAWAY=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND is_away='yes'
MYSQL_Q_AWAYTEXT=SELECT away_text FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND local_part='${quote_mysql:$local_part}'
MYSQL_Q_FORWARD=SELECT forward FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND forward != ''
MYSQL_Q_CC=SELECT cc FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND local_part='${quote_mysql:$local_part}'
MYSQL_Q_LOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND box != ''
MYSQL_Q_WCLOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND local_part='*' AND forward != ''
MYSQL_Q_WCLOCFW=SELECT forward FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND local_part='*' AND forward != ''
MYSQL_Q_LDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE
domain='$domain'
MYSQL_Q_RDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINRTABLE WHERE
domain='$domain'
MYSQL_Q_BOXNAME=SELECT box FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND local_part='${quote_mysql:$local_part}'
MYSQL_Q_SPAMC=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND opt_spamscan='yes'
MYSQL_Q_VSCAN=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND opt_virscan='yes'
MYSQL_Q_SPAMPURGE=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND opt_spampurge='yes'
MYSQL_Q_DISABLED=SELECT domain FROM MYSQL_EMAILTABLE WHERE
domain='${quote_mysql:$domain}' AND
local_part='${quote_mysql:$local_part}' AND is_enabled='no'
MYSQL_Q_WHITELIST=SELECT DISTINCT MYSQL_WHITETABLE.domain FROM
MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE
whitelist.domain
MYSQL_Q_BLACKLIST=SELECT DISTINCT MYSQL_BLACKTABLE.domain FROM
MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE
blacklist.domain
MYSQL_Q_AUTHPWD1=SELECT email FROM MYSQL_AUTHTABLE WHERE email='$2' AND
boxpwd='$3'
MYSQL_Q_AUTHPWD2=SELECT email FROM MYSQL_AUTHTABLE WHERE email='$1' AND
boxpwd='$2'
hide mysql_servers = "MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD"
#hier entweder: hostname.domain.de oder einfach nur domain.de rein
primary_hostname = adriana.addit.at
domainlist local_domains = mysql;MYSQL_Q_LDOMAIN
domainlist relay_to_domains = mysql;MYSQL_Q_RDOMAIN
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_rcpt = acl_check_rcpt
#hier auch nochmal die domain.de rein, das braucht man für mailx und cron...
qualify_domain = adriana.addit.at
never_users = root
trusted_users =
# ich habe hier den rfc1413 timeout auf 0 sec gestellt, sonst dauert
mails versneden ewig und 3 tage...
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
check_spool_space = 50M
check_log_space = 20M
return_size_limit = 20k
#naja, bei mir halt 20mb... wer mehr will anpassen.
message_size_limit = 20M
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
deliver_queue_load_max = 8
queue_only_load = 10
remote_max_parallel = 15
# wer TLS für smtp haben möchte, das folgende bitte einkommentieren und
mit korrekten zertifikaten versehen
#tls_certificate = /etc/certs/zertifikat.cert
#tls_privatekey = /etc/certs/zertifikat.key
#tls_advertise_hosts = *
# das hier ist wichtig für den amavisd. Wenn dem howto gefolgt wird
kanns so bleiben
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025
#local_interfaces = 0.0.0.0.25
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
defer
message = $sender_host_address is not yet authorized to
deliver \
mail from <$sender_address> to
<$local_part@$domain>. \
Please try again later.
log_message = greylisted.
!senders = :
!hosts = : +relay_from_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
!authenticated = *
domains = +local_domains : +relay_to_domains
verify = recipient/callout=20s,use_sender,defer_ok
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey \
$sender_host_address \
$sender_address \
$local_part@$domain}\
{5s}{}{false}}
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
acl_check_data:
defer
message = $sender_host_address is not yet authorized to
deliver \
mail from <$sender_address> to <$recipients>. \
Please try again later.
log_message = greylisted.
senders = :
!hosts = : +relay_from_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
!authenticated = *
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey \
$sender_host_address \
$recipients}\
{5s}{}{false}}
deny message = This message contains not
allowed attachments.
demime =
bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
fail_router:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_DISABLED}{$value}}
data = ":fail:"
allow_fail
amavis_director:
driver = manualroute
condition = "${if eq {$interface_port}{25} {1}{0}}"
domains = ${lookup mysql {MYSQL_Q_VSCAN}{$value}}
transport = amavis
route_list = "* localhost byname"
self = send
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
blacklist_router:
driver = manualroute
senders = ${lookup mysql {MYSQL_Q_BLACKLIST}{$value}}
condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
headers_add = X-Spam-Flag: YES
route_list = * localhost
self = pass
#system_aliases:
# driver = redirect
# allow_fail
# allow_defer
# data = ${lookup mysql {MYSQL_Q_ALIASES}{$value}}
# file_transport = address_file
# pipe_transport = address_pipe
#
mysql_aliases:
driver = redirect
file_transport = address_file
pipe_transport = address_pipe
data = ${lookup mysql{SELECT sendto FROM aliases \
WHERE (username='$local_part' AND domainname='$domain') \
OR (username='*' AND domainname='$domain')}}
spamcheck_director:
driver = manualroute
domains = ${lookup mysql {MYSQL_Q_SPAMC}{$value}}
senders = ! ${lookup mysql {MYSQL_Q_WHITELIST}{$value}}
condition = ${if and { \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
} {1}{0}}
headers_remove = X-Spam-Flag
route_list = "* localhost byname"
transport = spamcheck
verify = false
spampurge_director:
driver = manualroute
domains = ${lookup mysql {MYSQL_Q_SPAMPURGE}{$value}}
condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
route_list = "* localhost byname"
transport = devnull_transport
verify = false
vacation_director:
driver = accept
domains = ${lookup mysql {MYSQL_Q_ISAWAY}{$value}}
transport = vacation_autoreply
unseen
virtual_cc_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_CC}{$value}}
unseen
virtual_forward_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_FORWARD}{$value}}
virtual_local_mailbox:
driver = accept
domains = ${lookup mysql {MYSQL_Q_LOCAL}{$value}}
transport = virtual_local_md_delivery
virtual_wclocal_redirect:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_WCLOCAL}{$value}}
data = ${lookup mysql {MYSQL_Q_WCLOCFW}{$value}}
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
devnull_delivery:
driver = appendfile
file = /dev/null
group = Debian-exim
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
amavis:
driver = smtp
port = 10024
allow_localhost
spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = "/usr/bin/spamc"
home_directory = "/tmp"
current_directory = "/tmp"
user = Debian-exim
group = Debian-exim
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
virtual_local_md_delivery:
driver = appendfile
#ich stopfe alle meine mail user nach /home/vmail wenn ihr das gerne
nach /var/ oder sonstwohin wollt dann muss das hier angepasst werden.
directory = /home/vmail/${lookup mysql {MYSQL_Q_BOXNAME}{$value}}
maildir_format
# ich verwende mail:mail für user und gruppe. Wenn ihr hier was anderes
bevorzugt, muss das auch geändert werden.
user = Debian-exim
group = Debian-exim
mode = 0660
directory_mode = 0770
vacation_autoreply:
driver = autoreply
to = ${sender_address}
from = "vacation@${domain}"
subject = "Ihre Nachricht an ${local_part}@${domain}"
text = ${lookup mysql {MYSQL_Q_AWAYTEXT}{$value}}
devnull_transport:
driver = appendfile
file = /dev/null
user = Debian-exim
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default
configuration file.
begin authenticators
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD1}{1}fail}
server_set_id = $2
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD2}{1}fail}
server_set_id = $1
# End of Exim configuration file
And here the configuration file of grelistd:
[timeouts]
retryMin = 600
retryMax = 28800
expire = 5184000
[socket]
path = /var/run/greylistd/socket
mode = 0660
[data]
update = 600
statefile = /var/lib/greylistd/states
tripletfile = /var/lib/greylistd/triplets
savetriplets = true
singlecheck = false
singleupdate = false
Thanks in future for help
Michael
