Re: [exim] Weird SMTP auth issue

Góra strony
Delete this message
Reply to this message
Autor: Marcin Krol
Data:  
Dla: exim users
Temat: Re: [exim] Weird SMTP auth issue
Hello John,

>> If anybody sends a hint why this happens, it would be greatly appreciated.


> Can you post your config? I don't think what you posted alone will allow
> anyone to see what's happening.


Here's the whole thing:


perl_startup = do '/etc/exim.pl'


system_filter = /etc/system_filter.exim


daemon_smtp_ports = 25 : 587

av_scanner = clamd:/var/run/clamav/clamd


message_size_limit = 30M
smtp_receive_timeout = 2m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true
smtp_banner = $smtp_active_hostname ESMTP $tod_full


helo_allow_chars = _



log_selector = \
+address_rewrite \
+all_parents \
+arguments \
+connection_reject \
+delay_delivery \
+delivery_size \
+dnslist_defer \
+etrn \
+incoming_interface \
+incoming_port \
+lost_incoming_connection \
+queue_run \
+received_sender \
+received_recipients \
-retry_defer \
+sender_on_delivery \
+size_reject \
+skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_protocol_error \
+smtp_syntax_error \
+subject \
+tls_cipher \
+tls_peerdn

syslog_duplication = false


acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message


addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/domeny/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts

domainlist nsvdomains = partial1-lsearch;/etc/domeny/nsvdomains






allow_domain_literals = false


never_users = root


host_lookup = *


rfc1413_hosts = *
rfc1413_query_timeout = 0s



ignore_bounce_errors_after = 8h


timeout_frozen_after = 4d


trusted_users = mail:majordomo:apache:diradmin

tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *


begin acl


acl_nsvdom:
        accept condition = ${lookup {${lc:$sender_address_domain}} partial1-lsearch {/etc/domeny/wildcard_whitelist_domains} {yes}{no}}
        require verify = sender/callout=120s,defer_ok
        accept



check_recipient:

  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]


accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *


  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


accept hosts = :

accept sender_domains = +whitelist_domains

accept hosts = +whitelist_hosts
accept hosts = +whitelist_hosts_ip

accept senders = +whitelist_senders

  accept  local_parts = postmaster
          domains     = +local_domains


  accept  local_parts = abuse
          domains     = +local_domains


  accept  local_parts = hostmaster
          domains     =+local_domains




accept authenticated = *

  deny message = Email blocked by LBL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       sender_domains = +blacklist_domains


  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts


  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts_ip


deny message = Email blocked by BSAL - to unblock see http://www.example.com/
domains = use_rbl_domains
deny senders = +blacklist_senders


require verify = sender
acl = acl_nsvdom

deny dnslists = list.dsbl.org
log_message = BLOKOWANIE PRZEZ RBL list.dsbl.org $tod_log
!authenticated = *

deny dnslists = sbl.spamhaus.org
log_message = BLOKOWANIE PRZEZ RBL sbl.spamhaus.org $tod_log
!authenticated = *

deny dnslists = dnsbl.njabl.org
log_message = BLOKOWANIE PRZEZ RBL dnsbl.njabl.org $tod_log
!authenticated = *



  accept  domains = +local_domains
          endpass
          message = "Unknown User"
          verify = recipient


  accept  domains = +relay_domains
          endpass
          verify=recipient



  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted


  deny    message = relay not permitted


check_message:
  deny  malware = *
         message = ${if match{$malware_name}\
                          {\N\.Sanesecurity\.\N}\
                          {Blocked Phishing/Spam: $malware_name}\
                          {Blocked Virus: $malware_name}\
                }


accept



begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{smtpauth}}"
    server_set_id = $2


login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}}"
    server_set_id = $1






begin routers



lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more





spamcheck_director:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
                } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify


majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo


domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
directory_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true

virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
#file_transport = address_file
file_transport = devnull
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true


userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim

localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery





begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!


majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo


local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = /home/$local_part/Maildir/
directory_mode = 770
create_directory = true
maildir_format
group = mail
mode = 0660
return_path_add
user = ${local_part}


virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
maildir_format
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
        ------                                                           ------\n\n\
        This message was automatically generated by email software\n\
        The delivery of your message has not been affected.\n\n\
        ------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
        #once = /etc/virtual/${domain}/reply/${local_part}.once


userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

devnull:
driver = appendfile
file = /dev/null


remote_smtp:
driver = smtp


address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"


address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


address_reply:
driver = autoreply





begin retry


*                      rcpt_4xx    F,3h,15m; F,4d,8h
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h








--
Marcin Krol