Hi,
although I thought my exim config is ok (i read the book (it's always
under my pillow :-D) and the mailing list ), i was a mail relay last
night :-(
The problem is: I don't know why. Perhaps you can give me a hint.
The logfile section of one mail which looks quite normal except the
A=cram authenticator:
2010-12-03 23:11:36 1POdqq-0005Dd-Lg <= notmylocale1@notmydomain1
H=static-mum-XX.XXX.XXX.XX.YYYY.net.in (ZZZZ.com) [XX.XXX.XXX.XX]
P=esmtpa A=cram: S=1541
id=bffc0c4db7014b5f85f70fd3366406e2@5596f1f9ac9a4e95972a770a95afed48
from <notmylocale1@notmydomain1> for notmylocale3@notmydomain3
2010-12-03 23:11:40 1POdqt-0005Dd-Lp <= notmylocale2@notmydomain2
H=static-mum-XX.XXX.XXX.XX.YYY.net.in (ZZZZ.com) [XX.XXX.XX.XX] P=esmtpa
A=cram: S=1420
id=66f95d560e354a95905d29ba7a939ae3@266eba13b7e640dca0c0f1f0b0044aff
from <notmylocale2@notmydomain2> for notmylocale3@notmydomain3
2010-12-03 23:11:40 1POdqq-0005Dd-Lg Completed QT=4s
So, i checked the cram config and I think it's incomplete. I totally
oversee this :-( It seems to allow everything, i comment it out for now.
So how has it to be correct for cram auth? Whats the thing with server
and client config?
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup pgsql{PG_Q_AUTH_CRAMMD5}}
server_set_id = $auth1
Here is my current acl. Perhaps it is somewhere broken, too.
Thank you
Alexander
# Anfang der ACL
begin acl
acl_check_connect:
defer
condition = ${if eq{disabled}{${lookup pgsql{PG_Q_CHECK_RUN}}}}
message = Service is down for maintenance - please try later
log_message = REJECTED by preferences $sender_host_name
accept
acl_check_helo:
# drop connection if HELO/EHLO is empty
drop
condition = ${if eq{$sender_helo_name}{}}
message = REJECTED - HELO is empty Polite hosts say HELO first Please
see RFC 2821 section 4.1.1.1
log_message = REJECTED - HELO is empty Polite hosts say HELO first
Please see RFC 2821 section 4.1.1.1
# drop connection if HELO/EHLO contains IP 127.0.0.1
drop
condition = ${if eq{127.0.0.1}{$sender_helo_name}}
message = REJECTED - HELO $sender_helo_name is loop address
log_message = REJECTED - HELO $sender_helo_name is loop address
# drop connection if HELO/EHLO contains my IP
drop
condition = ${if eq{$interface_address}{$sender_helo_name}}
message = REJECTED - HELO $interface_address is MY address
log_message = REJECTED - HELO $interface_address is MY address
# beende Verbindung wenn im HELO/EHLO meine IP ist mit eckigen Klammern
drop
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = REJECTED - HELO [$interface_address] is MY address
log_message = REJECTED - HELO [$interface_address] is MY address
# beende Verbindung wenn im HELO/EHLO eine IP ist
drop
condition = ${if isip{$sender_helo_name}}
message = REJECTED - Invalid HELO name (See RFC2821 4.1.3)
log_message = REJECTED - HELO ($sender_helo_name) is IP only (See
RFC2821 4.1.3)
# beende Verbindung wenn im HELO/EHLO mein Hostname ist
drop
condition = ${if match{$sender_helo_name}{$primary_hostname}}
message = REJECTED - This is MY hostname
log_message = REJECTED - HELO ($sender_helo_name) uses MY hostname
accept
acl_check_rcpt:
warn
message = $sender_address_domain is listed in $dnslist_domain
($dnslist_text)
log_message = $sender_address_domain is listed in $dnslist_domain
($dnslist_text)
dnslists = dsn.rfc-ignorant.org/$sender_address_domain :
postmaster.rfc-ignorant.org/$sender_address_domain
drop
# condition = ${if match_ip{$sender_host_address}{${lookup
pgsql{PG_Q_BLACKLIST}}}{yes}{no}}
!authenticated = *
message = REJECTED - blacklisted - your appeal to my humanity is
pointless.
log_message = REJECTED - blacklisting is active for <$sender_address>
to <$local_part@$domain>.
condition = ${if match_ip{$sender_host_address}{${lookup
pgsql{PG_Q_BLACKLIST}}}{yes}{no}}
defer
message = $sender_host_address is not yet authorized to deliver mail
from <$sender_address> to <$local_part@$domain>. \
Greylisting is in effect. Please try later.
log_message = REJECTED - Greylisted in acl_check_rcpt.
!senders = :
!hosts = : +relay_from_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
!authenticated = *
domains = +local_domains : +virtual_domains
verify = recipient/callout=20s,use_sender,defer_ok
condition = ${readsocket{/var/run/greylistd/socket}{--grey
$sender_host_address $sender_address $local_part@$domain}{5s}{}{false}}
# Deny if blacklisted by greylist
drop
message = $sender_host_address is blacklisted from delivering mail
from <$sender_address> to <$local_part@$domain>.
log_message = REJECTED - blacklisted in acl_check_rcpt.
!senders = :
!authenticated = *
verify = recipient/callout=20s,use_sender,defer_ok
condition = ${readsocket{/var/run/greylistd/socket}{--black
$sender_host_address $sender_address $local_part@$domain}{5s}{}{false}}
accept
hosts = :
accept
local_parts = postmaster
domains = +local_domains : +virtual_domains
require
verify = sender/callout=20s,defer_ok
message = REJECTED - sender verify failed: $acl_verify_message
log_message = REJECTED - sender verify failed: $acl_verify_message
accept
hosts = relay_from_hosts
accept
authenticated = *
control = submission/sender_retain/domain=
require
domains = +local_domains : +virtual_domains
message = REJECTED - relay not permitted.
log_message = REJECTED - relay not permitted.
require
verify = recipient
message = REJECTED - sorry, no mailbox here by that name.
log_message = REJECTED - sorry, no mailbox here by that name.
accept
acl_check_data:
# drop mail if there is no subject or body
drop
message = REJECTED - message without subject or body
log_message = REJECTED - message without subject or body
!condition = ${if def:h_Subject:}
condition = ${if <{$body_linecount}{1}{true}{false}}
# drop mail if certain files are found
drop
message = REJECTED - $found_extension files are not accepted here.
log_message = REJECTED - $found_extension files are not accepted here.
demime = com:exe:vbs:bat:pif:reg:scr
# drop mail with serious MIME defects
drop
message = REJECTED - Serious MIME defect detected ($demime_reason).
log_message = REJECTED - Serious MIME defect detected ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# drop mail without message-id (presumbly SPAM)
# HINT: very strict, blocks monster.com => only warn
# warn
# condition = ${if !def:h_Message-ID: {1}}
# message = RFC2822 says that all mail SHOULD have a Message-ID
header.\nMost messages without it are spam, so your mail has been rejected.
# log_message = RFC2822 says that all mail SHOULD have a Message-ID
header.\nMost messages without it are spam, so your mail has been rejected.
defer
message = $sender_host_address is not yet authorized to deliver mail
from <$sender_address> to <$recipients>. Greylisting is in effect.
Please try later.
log_message = REJECTED - greylisted in acl_check_data.
senders = :
!hosts = : +relay_from_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
!authenticated = *
condition = ${readsocket{/var/run/greylistd/socket}{--grey
$sender_host_address $recipients}{5s}{}{false}}
# Deny if blacklisted by greylist
drop
message = $sender_host_address is blacklisted from delivering mail
from <$sender_address> to <$recipients>.
log_message = REJECTED - blacklisted in acl_check_data.
!senders = :
!authenticated = *
condition = ${readsocket{/var/run/greylistd/socket}{--black
$sender_host_address $recipients}{5s}{}{false}}
drop
condition = ${if eq{t}{${lookup pgsql{PG_Q_VIRUS_CHECK}}} }
add_header = X-Virus-Check: ${primary_hostname}
message = REJECTED - This message contains malware ($malware_name)
log_message = REJECTED - This message contains malware ($malware_name)
malware = */defer_ok
drop
!authenticated = *
condition = ${if eq{t}{${lookup pgsql{PG_Q_SPAM_CHECK}}} }
spam = $recipients:true/defer_ok
condition = ${if >{$spam_score_int} { ${lookup pgsql
{PG_Q_SPAMSCORE} {$value}{200}} } {true}{false}}
message = REJECTED - This message scored $spam_score spam
points, which is too much.
log_message = REJECTED - This message scored $spam_score spam
points, which is too much.
warn
add_header = X-Spam-Check: ${primary_hostname}
condition = ${if eq{t}{${lookup pgsql{PG_Q_SPAM_CHECK}}} }
spam = $recipients/defer_ok
add_header = X-Spam-Checked-Int: yes
log_message = WARNING - SPAM FOUND $spam_score
add_header = X-Spam-Score: $spam_score
add_header = X-Spam-Scorebar: $spam_bar
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Subject: ${lookup pgsql{PG_Q_SPAMTAG}} $h_Subject:
accept
# Ende der ACL
