[exim] Troubleshooting

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: The Doctor
Data:  
Para: exim-users
Asunto: [exim] Troubleshooting
Right, I really want to ditch postfix
for good except on my main server that does Majordomo and
Virtual DNS, we are seeing high load that I am forced to switch back
to postfix.

MY configure file reads:



primary_hostname = primary server



domainlist local_domains = @:<huge list of Domain names>

domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 204.209.81.0/24 : 192.168.0.0/16 : 208.118.93.0/24: 208.118.94.0/24


trusted_users = exim : majordomo


acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

# acl_check_data access control list (see below).

av_scanner = clamd:127.0.0.1 3310


# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.

spamd_address = 127.0.0.1 783



# Allow any client to use TLS.

tls_advertise_hosts = *

tls_certificate = /usr/exim/exim.crt
tls_privatekey = /usr/exim/exim.key


daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

# qualify_domain =

# qualify_recipient =


# allow_domain_literals



never_users = root


host_lookup = *



rfc1413_hosts = *
rfc1413_query_timeout = 5s


#
# percent_hack_domains =
#

ignore_bounce_errors_after = 2d


timeout_frozen_after = 7d

auto_thaw = 1m


# split_spool_directory = true

#spool_directory = /var/spool/exim.in
#log_file_path=/var/log/exim/%s

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl


acl_check_rcpt:


  accept  hosts = :
          control = dkim_disable_verify



  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]



  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  accept  local_parts   = postmaster
          domains       = +local_domains



  require verify        = sender



  accept  hosts         = +relay_from_hosts
          control       = submission
          control       = dkim_disable_verify



  accept  authenticated = *
          control       = submission
          control       = dkim_disable_verify



  require message = relay not permitted
          domains = +local_domains : +relay_to_domains



require verify = recipient

  #
   deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text


            dnslists = sbl-xbl.spamhaus.org : \
             dnsbl.njabl.org : \
             combined.njabl.org : \
             dev.null.dk : \
             flowgoaway.com : \
             relays.visi.com : \
             bl.spamcop.net : \
             hostkarma.junkemailfilter.com=127.0.0.2
  #
   warn   dnslists = sbl-xbl.spamhaus.org: \
             dnsbl.njabl.org : \
             combined.njabl.org : \
             dev.null.dk : \
             flowgoaway.com : \
             relays.visi.com : \
             bl.spamcop.net : \
             hostkarma.junkemailfilter.com=127.0.0.2  
           add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
           log_message   = found in $dnslist_domain


# require verify = csa

accept



acl_check_data:

   deny    malware    = *
           message    = This message contains a virus ($malware_name).


   warn    spam       = nobody
           add_header = X-Spam_score: $spam_score\n\
                        X-Spam_score_int: $spam_score_int\n\
                        X-Spam_bar: $spam_bar\n\
                        X-Spam_report: $spam_report


accept




begin routers


dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more



#virtual system_aliases1

system_aliases1:
driver = redirect
allow_fail
allow_defer
qualify_preserve_domain
data = ${lookup{$local_part@$domain}lsearch{/usr/exim/virtual/virtualemail}}
user = exim
file_transport = address_file
pipe_transport = address_pipe

#main system aliases

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe



userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply



localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user

# For virtual hosting

#virtual:
# driver = redirect
# domains = dsearch;/usr/exim/virtual
# data = ${lookup{$local_part}lsearch{/usr/exim/virtual/$domain}}
# no_more


#For virtual hosting

system_aliases2:
driver = redirect
allow_fail
allow_defer
qualify_preserve_domain
data = ${lookup{@$domain}lsearch{/usr/exim/virtual/virtualemail}}
user = exim
file_transport = address_file
pipe_transport = address_pipe

#Majordomo

lists:
driver = redirect
# domains = nk.ca
file = /usr/home/majordomo/lists/$local_part
forbid_pipe
forbid_file
errors_to = $local_part-request@???
user = majordomo
no_more


begin transports



remote_smtp:
driver = smtp



local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0600



address_pipe:
driver = pipe
return_output



address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add



address_reply:
driver = autoreply




begin retry


# Address or Domain    Error       Retries
# -----------------    -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h





begin rewrite




begin authenticators


PLAIN:
  driver                     = plaintext
  server_set_id              = $auth2
  server_prompts             = :
  server_condition           = Authentication is not yet configured
  server_advertise_condition = ${if def:tls_cipher }



LOGIN:
  driver                     = plaintext
  server_set_id              = $auth1
 server_prompts             = <| Username: | Password:
 server_condition           = Authentication is not yet configured
  server_advertise_condition = ${if def:tls_cipher }




# begin local_scan


# End of Exim configuration file

Right, where do I start? No problem on sec server.

Also running current Clamav and SpamAssassin

-- 
Member - Liberal International    This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
UK Time for a Common Sense change vote Liberal Democrat / Alliance