Hi all,
I have been tinkering with greylisting, as some of you know.
I have moved most of my deny statemnts to the top.
I think I understand the greylist timeing, but can someone please explain
(breifly) how
to turn down the 10 minute delay to a 1 minute delay, and the 28 day record
expiry to 14 day. Is it as simple as changing the numbers in the
GREYLIST_ADD macro below?
Here is the latest ACL (I have reset the tabs to make it more readable):
Comments, concerns, criticisms and praise all welcome.
TIA,
-Grant
FreeBSD 6.3 Exim 4.63# more configure
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mydomain.com
domainlist local_domains = /etc/virtual/domains
domainlist relay_to_domains =
hostlist relay_from_hosts = /etc/virtual/domains
hostlist blacklisted_domains = /etc/virtual/blacklist
hostlist spf_bypass = /etc/virtual/spf_bypass
hostlist whitelist = /etc/virtual/whitelist
acl_smtp_rcpt = acl_check_rcpt
trusted_users = mailnull:root:webmail:www:majordom:thenetnow
exim_user = mailnull
exim_group = mail
never_users =
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 0s
timeout_frozen_after = 1d
return_path_remove
untrusted_set_sender = *
helo_allow_chars = _
daemon_smtp_ports = 25 : 109
bounce_message_file = /usr/local/etc/exim/bounce_message_file
warn_message_file = /usr/local/etc/exim/warn_message_file
return_size_limit = 10000
bounce_return_message = false
delay_warning = 72h
log_selector = +incoming_interface +deliver_time +delivery_size
+received_sender +received_recipients +sender_on_delivery +subject
+address_rewrite +all_parents
#
# My Attempt at greylisting
#
hide mysql_servers = localhost/exim_db/exim/<password_here>:
GREYLIST_TEST = SELECT IF(NOW() > block_expires, 2, 1) \
FROM exim_greylist \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_domain = '${quote_mysql:$sender_address_domain}' \
AND record_expires > NOW()
GREYLIST_ADD = INSERT INTO exim_greylist \
SET relay_ip = '${quote_mysql:$sender_host_address}', \
from_domain = '${quote_mysql:$sender_address_domain}', \
block_expires = DATE_ADD(NOW(), INTERVAL 10 MINUTE), \
record_expires = DATE_ADD(NOW(), INTERVAL 28 DAY), \
origin_type = 'AUTO', \
create_time = NOW()
GREYLIST_UPDATE = UPDATE exim_greylist \
SET record_expires = DATE_ADD(now(), INTERVAL 28 DAY) \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_domain = '${quote_mysql:$sender_address_domain}' \
AND record_expires > NOW()
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny message = rejected because $sender_host_address was
\
found in our blacklist
hosts = +blacklisted_domains
log_message = BLACKLISTED domain found in
$blacklisted_domains
deny senders = :
dnslists = ips.backscatterer.org
message = This message looks like a bounce, and your
server is listed at \
ips.backscatterer.org, so I assume that this
is "backscatter". \
Please configure your mail server to not
send "backscatter spam". \
For advice, try
http://www.dontbouncespam.org/
log_message = BACKSCATTER - INCOMING
deny local_parts = ^.*[@%!/|] : ^\\.
deny senders = :
condition = ${if ! eq{$recipients_count}{1}{1}}
message = Bounces must have only a single recipient
log_message = BACKSCATTER - MULTIPLE RECIPIENT
warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}}
defer ! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${if eq{$acl_m2}{0}{yes}}
condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}}
message = Now greylisted - please try again in five
minutes.
log_message = ADDING TO GREYLIST
defer ! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${if eq{$acl_m2}{1}{yes}}
message = Still greylisted - please try again in
five minutes.
log_message = STILL GREYLISTED
defer
! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${lookup mysql{GREYLIST_UPDATE}{no}{no}}
message = Greylist update failed
log_message = GREYLIST UPDATE FAILED
require verify = sender
accept hosts = +spf_bypass
spf = fail
logwrite = SPF - REFLEXION $sender_host_address is OK
for \
$sender_address_domain
deny message = SPF - INCOMING $sender_host_address \
is not allowed to send mail from \
$sender_address_domain
spf = fail
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
######################################################################
-Grant
