Hello,
I'm currently in the process of migrating my employer to Exim 4.69
from an Exchange server, and
I'm down to just a single issue. My mail server is scanning all of my
outgoing e-mails in addition to
the incoming e-mail, which is of course undesirable.
What I would like is for the ACL's to be skipped when the client uses
SMTP authentication, and this
appears to be working fine for the acl_check_rcpt, but not for the
data/mime sections.
Please advise if you have any insight on my issue.
Thanks
Niles
# $Cambridge: exim/exim-src/src/configure.default,v 1.12 2006/10/25
08:42:57 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
######################################################################
ldap_default_servers = 192.168.1.10::3268
perl_startup = do '/usr/exim/exim.pl'
.include /usr/exim/exim_ldap.conf
primary_hostname = exim.zionsville.lib.in.us
domainlist local_domains = @
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
hostlist relay_hosts =
hostlist auth_relay_hosts = *
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = $acl_m0
spamd_address = /var/run/spamd_socket
auth_advertise_hosts = *
tls_advertise_hosts = *
tls_certificate = /usr/exim/zionsville.lib.in.us.crt
tls_privatekey = /usr/exim/zionsville.lib.in.us.key
tls_on_connect_ports = 465
daemon_smtp_ports = 25 : 465 : 587
untrusted_set_sender=*
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster:abuse
domains = +local_domains
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission
require verify = recipient
warn message = X-blacklisted-at: $dnslist_domain
dnslists =
dnsbl
.njabl
.org:cbl
.abuseat.org:accredit.habeas.com:plus.bondedsender.org:iadb.isipp.com
deny dnslists =
sbl.spamhaus.org:bl.spamcop.net:cbl.abuseat.org
warn set acl_m1 = ${perl{Greylist::defercheck}{lc:
$sender_address}{lc:$local_part@$domain}{$sender_host_address}}
defer domains = +local_domains
hosts = !+relay_hosts
condition = ${if eq {$acl_m1}{0}{0}{1}}
message = You have been greylisted. This is part of
our standard anti-spam measures and your mail system \
should automatically try again later. We
will accept this mail from you in \
${if >{$acl_m1}{119}{${eval:$acl_m1/60}
minutes}{$acl_m1 seconds}}.
require message = relay not permitted
domains = +local_domains : +relay_to_domains
accept
acl_check_data:
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
# add second subject line with *SPAM* marker when message is over
threshold
warn message = Subject: *SPAM* $h_Subject:
spam = nobody
# reject spam at high scores (> 12)
deny message = This message scored $spam_score spam points.
spam = nobody:true
condition = ${if >{$spam_score_int}{120}{1}{0}}
deny message = This message contains malware ($malware_name)
set acl_m0 = cmdline:/usr/local/bin/clamscan -i --unzip --
unrar --arj --unzoo --lha --tar --tgz %s:FOUND: :: (.+) FOUND
malware = */defer_ok
accept
acl_check_mime:
accept
begin routers
# Outgoing TMDA Router - sends all first run of outgoing mail for tmda
users to tmda-inject.
outgoing_tmda:
driver = accept
senders = *
domains = !+local_domains
condition = "${if !def:header_X-Delivery-Agent:{1}{0}}"
transport = outgoing_tmda_pipe
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
ldap_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/usr/exim/ldap_aliases}}
file_transport = address_file
pipe_transport = address_pipe
ldapuser:
driver = redirect
domains = exim.zionsville.lib.in.us
condition=${if match{${lookup ldap {LDAP_AD_MAIL_RCPT ldap:///
LDAP_AD_BASE_DN?sAMAccountName?sub?(&(sAMAccountName=$local_part))}}}
{$local_part}{yes}{no}}
data = /var/mail/${domain}/users/${local_part}
allow_fail
allow_defer
local_part_suffix = +* : -*
local_part_suffix_optional
file_transport = local_delivery
cannot_route_message = Unknown user
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
#hard-code the domain, to allow easy transition between testing &
going live.
local_delivery:
driver = appendfile
maildir_format = true
directory = /var/mail/zionsville.lib.in.us/users/${local_part}
maildirfolder_create_regex = /\.[^/]+$
delivery_date_add
envelope_to_add
return_path_add
# Outgoing tmda transport - pipes email in batch to tmda-inject
outgoing_tmda_pipe:
driver = pipe
batch_max = 1000
home_directory = /var/mail/zionsville.lib.in.us/users/${lc:
$sender_address_local_part}
command = /usr/local/tmda/bin/tmda-inject $pipe_addresses
user = exim
group = exim
environment = HOST=$sender_address_domain:\
HOMEDIR=/var/mail/zionsville.lib.in.us/users/${lc:
$sender_address_local_part}:\
USER=$sender_address_local_part:\
PASS_USER=$sender_address_local_part
address_pipe:
driver = pipe
return_fail_output
return_path_add
environment = EXTENSION=${substr_1:$local_part_suffix}; DOMAIN=$
{domain}; LOCAL=${local_part}
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${perl{imapLogin}{localhost}{$auth2}{$auth3}}
server_set_id = $auth2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${perl{imapLogin}{localhost}{$auth1}{$auth2}}
server_set_id = $1
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${perl{imapLogin}{$auth2}{$auth3}}
server_set_id = $auth2
