Hi, I'm trying to troubleshoot an email server running exim 4.22. I
cannot upgrade the MTA or install packages on the machine. The issue I'm
trying to resolve is that the smtp server is considered an open relay
from spamlists and thus it's getting banned.
I've been working on the ACL configuration without success, basicly I
need all local users to be able to send out mails, and only
authenticated users should be able to send mail form outer domains.
Here is the acl_check_rcpt part, I know it's really messy. I've been
trying to patch it following suggestions all over the net, without
success. Can anyone help me spotting where the error is?
I suspect there is a lot of redundancy here.
Also is there a way to show the values that the variables like
local_domains have?
Thanks in advance for any suggestion.
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept hosts = +relay_from_hosts
accept authenticated = *
require message = relay not permitted
domains = +local_domains : +relay_domains
require verify = recipient
drop message = REJECTED - ${sender_host_address} is blacklisted at
$dnslist_domain ($dnslist_value); ${dnslist_text}
dnslists =
sbl-xbl.spamhaus.org/<;$sender_host_address;$sender_address_domain
drop message = REJECTED - ${sender_address_domain} is blacklisted at
${dnslist_domain}; ${dnslist_text}
dnslists = nomail.rhsbl.sorbs.net/$sender_address_domain
drop message = REJECTED - ${sender_host_address} is blacklisted at
${dnslist_domain}; ${dnslist_text}
dnslists = bl.spamcop.net : cbl.abuseat.org : list.dsbl.org
deny message = Feel dizzy, spammer?
hosts = !+relay_from_hosts
!authenticated = *
log_message = blatantly bogus HELO
!acl = acl_whitelist_local_deny
condition = ${if or {\
{match
{$sender_helo_name}{^(.*\\\.)?(PUBLIC_DOMAIN\\\.com|ubi\\\.intra|PUBLIC_DOMAIN\\\.it)\$}}\
{match
{$sender_helo_name}{^\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+\$}}\
{eq {$sender_helo_name}{PRIVATE_IP}}\
} {1}{0}}
deny message = Direct-to-MX transfers are deprecated, especially on
bogus hosts.
hosts = !+relay_from_hosts
log_message = unqualified HELO
!authenticated = *
!acl = acl_whitelist_local_deny
condition = ${if match {$sender_helo_name}{\\\.} {0}{1}}
deny message = Bhahwhahaha!!!
hosts = !+relay_from_hosts
log_message = External mail for root not allowed.
local_parts = root
condition = ${if eq {$received_protocol}{local} {0}{1}}
# Use WCM to defer messages that are coming from outside networks
defer hosts = !+relay_from_hosts
!authenticated = *
!acl = acl_whitelist_local_deny
verify = recipient
log_message = WCM caused defer
condition = ${run {/usr/lib/exim4/wcm /var/lib/exim4/wcm.btree
$sender_host_address $sender_helo_name $sender_address $rcpt_count}{1}{0}}
discard hosts = +relay_from_hosts
condition = ${if eq {$received_protocol}{local} {0}{1}}
senders = :
# Do not accept remote drops for local emails
deny message = Sorry, this email address is configured for internal
use only.
hosts = !+relay_from_hosts
!acl = acl_whitelist_local_deny
!authenticated = *
verify = recipient
local_parts = /etc/localonly
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
# try to verify the original sender before relaying anyway
deny log_message = Sender verification failed.
sender_domains = *.intra
!acl = acl_whitelist_local_deny
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
deny domains = !+local_domains
message = Relaying denied
deny message = relay not permitted
--
Paolo Crosato
Ubiest SPA
http://www.ubiest.com
