Re: [exim] exim subjecting outbound e-mail to spamd and viru…

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Drav Sloan
CC: exim-users
Subject: Re: [exim] exim subjecting outbound e-mail to spamd and viruschecks
On Tue, Aug 09, 2011 at 06:56:24PM +0100, Drav Sloan wrote:
> The Doctor wrote:
> > someone hijecked www to senjd thousands of spam and exim did not drop it.
> >
> > what am I missing?
> >
> > I would gladly post me configure but first to get rid of the comments.
>
> You should probably read your acls, as I imagine one rule in there is
> accepting them wholesale. Exim only does what Exim is told to do.
>
> Regards
>
> D.
>



Here is the configuration:


primary_hostname = doctor.nl2k.ab.ca
local_interfaces = 0.0.0.0.25 :  0.0.0.0.465 : 0.0.0.0.587 
domainlist local_domains = @:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca:doctor.nl2k.ab.ca:lsearch;/usr/exim/vdom3 
domainlist relay_to_domains =
hostlist relay_from_hosts = 204.209.81.0/24 : 127.0.0.1 : 208.118.93.0/24: 208.118.94.0/24
trusted_users = exim : majordomo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:127.0.0.1 3310
spamd_address = 127.0.0.1 783
tls_advertise_hosts = *
tls_certificate = /usr/exim/ca.crt
tls_privatekey = /usr/exim/ca.key
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports =   465 
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2h
timeout_frozen_after = 6h
auto_thaw = 1m 
begin acl
acl_check_rcpt:
  accept  hosts = :
          control = dkim_enable_verify
  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  accept  local_parts   = postmaster
          domains       = +local_domains
  accept  domains       = +local_domains
  endpass
deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL
drop
    condition   = ${if isip{$sender_helo_name}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
    condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
    condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
    condition   = ${if match{$sender_helo_name}{\N\.$\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop  message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
      condition = ${if match{$sender_helo_name}{$primary_hostname}}
  drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
       message   = $interface_address is _my_ address
   drop    message     = Bad helo name
           condition   = ${if  \
                            and{    \
                                {isip {$sender_helo_name}}  \
                                {match_ip{$sender_helo_name}{@[]}}  \
                            }{yes}{no}  \
                        }
drop    message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"\n\n\
The return address you are using for this email message <$sender_address>\
does not seem to be a working account.
        log_message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"
        !hosts = +no_verify
        !verify = sender/callout=2m,defer_ok
        condition = ${if eq{recipient}{$sender_verify_failure}}
drop    message     = REJECTED - Sender Verify Failed and no RDNS
        log_message = REJECTED - Sender Verify Failed and no RDNS
        !verify = reverse_host_lookup
        !verify = sender/callout=2m,defer_ok,mailfrom=sender-verify@???
        !condition =  ${if eq{$sender_verify_failure}{}}
deny    message   = REJECTED - Recipient Verify Failed - User Not Found
        domains   = +all_mail_handled_locally
        !verify   = recipient/callout=2m,defer_ok,use_sender
warn    domains = +local_domains
                !verify = recipient
                set acl_c0 = ${eval: $acl_c0+1}
                delay = ${eval: ($acl_c0 - 1) * 60}s
drop    message = Legitimate bounces are never sent to more than one recipient.
        senders = : postmaster@*
        condition = ${if >{$recipients_count}{0}{true}{false}}
deny    message = REJECTED - No Subject or Body
        !condition = ${if def:h_Subject:}
        condition = ${if <{$body_linecount}{1}{true}{false}}
  accept  hosts         = +relay_from_hosts
          control       = submission
          control       = dkim_disable_verify
  accept  authenticated = *
          control       = submission/sender_retain
          control       = dkim_disable_verify
  require message = relay not permitted
          domains = +local_domains : +relay_to_domains
  require verify = recipient
   deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text 
       dnslists = sbl-xbl.spamhaus.org : zen.spamhaus.org : dnsbl.njabl.org : combined.njabl.org : dev.null.dk : relays.visi.com : bl.spamcop.net : iscbl.anti-spam.org.cn : cbl.anti-spam.org.cn : cblplus.anti-spam.org.cn : cblless.anti-spam.org.cn : hostkarma.junkemailfilter.com=127.0.0.2
           log_message   = found in $dnslist_domain
  deny    message       = Rejected sender
          domains       = dhl.com
          local_parts   = adminsu*
  deny    message       = Rejected sender
          domains       = *.com
          local_parts   = postmail-*
  deny    message       = Rejected sender
          domains       = usa.com
          local_parts   = express.deli*
  deny    message       = Rejected sender
          domains       = gmail.com
          local_parts   = emarketing2*
  accept
acl_check_data:
   deny    malware    = *
           message    = This message contains a virus ($malware_name).
  drop message = This message is denied by policy : $spam_score spam points
       spam = nobody:true
       condition = ${if > {$spam_score_int}{409}{1}{0}}
   warn    spam       = nobody
         message = Subject: {SPAM?} $rh_subject: 
           add_header = X-Spam_score: $spam_score\n\
                        X-Spam_score_int: $spam_score_int\n\
                        X-Spam_bar: $spam_bar\n\
                        X-Spam_report: $spam_report
  accept
begin routers
check_dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  verify_only
  no_more
check_system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  verify_only
check_localuser:
  driver = accept
  check_local_user
  verify_only
failed_address_router:
  driver = accept
  verify_only
  fail_verify
domains_virtual:
  domains       = +local_domains
  driver = redirect
  data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}
domains_virtual_others:
  domains       = +local_domains
  driver = redirect
  data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more
system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
userforward:
  driver = redirect
  check_local_user
  file = $home/.forward
  allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
localuser:
  driver = accept
  check_local_user
  transport = local_delivery
  cannot_route_message = Unknown user
procmail:
  driver = accept
  check_local_user
  require_files = $home/.procmailrc
  transport = procmail_pipe
lists:
  driver = redirect
  file = /usr/home/majordomo/lists/$local_part
  forbid_pipe
  forbid_file
  errors_to = $local_part-request@???
  user = majordomo
  no_more
begin transports
remote_smtp:
  driver = smtp
procmail_pipe:
  driver = pipe
  command = /usr/bin/procmail -d $local_part
  return_path_add
  delivery_date_add
  envelope_to_add
  check_string = "From "
  escape_string = ">From "
  umask = 077
  user = $local_part
  group = mail
local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0600
address_pipe:
  driver = pipe
  return_output
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
address_reply:
  driver = autoreply
begin retry
*                      data_4xx           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      mail_4xx           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      rcpt_4xx           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      lost_connection           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      refused_MX           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      refused_A           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      refused           F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout_connect_MX          F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout_connect_A          F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout_connect          F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout_MX          F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout_A          F,1h,15m; G,2h,30m,1.5; F,3h,10m
*                      timeout          F,1h,15m; G,2h,30m,1.5; F,3h,10m
127.0.0.1              *           F,1h,1m; G,2h,10m,1.5; F,5h,10m
204.209.81.1              *           F,1h,1m; G,2h,10m,1.5; F,3h,10m
204.209.81.3              *           F,1h,1m; G,2h,10m,1.5; F,5h,10m
*                      *           F,1h,2m; G,4h,1h,1.5; F,5h,10m
begin rewrite
begin authenticators
PLAIN:
  driver                     = plaintext
  public_name                = PLAIN
  server_set_id              = $auth2
  server_prompts             = :
  server_condition           = ${if saslauthd{{$2}{$3}}{1}{0}}
  server_advertise_condition = ${if def:tls_cipher }
LOGIN:
  driver                     = plaintext
  public_name                = LOGIN
  server_set_id              = $auth1
 server_prompts             = <| Username: | Password:
 server_condition           = ${if saslauthd{{$1}{$2}}{1}{0}}
  server_advertise_condition = ${if def:tls_cipher }



END

DO I need something in the ACL check data?

> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


-- 
Member - Liberal International    This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done!  http://groups.google.com/group/rec.arts.drwho/about