On Tue, Aug 09, 2011 at 06:56:24PM +0100, Drav Sloan wrote:
> The Doctor wrote:
> > someone hijecked www to senjd thousands of spam and exim did not drop it.
> >
> > what am I missing?
> >
> > I would gladly post me configure but first to get rid of the comments.
>
> You should probably read your acls, as I imagine one rule in there is
> accepting them wholesale. Exim only does what Exim is told to do.
>
> Regards
>
> D.
>
Here is the configuration:
primary_hostname = doctor.nl2k.ab.ca
local_interfaces = 0.0.0.0.25 : 0.0.0.0.465 : 0.0.0.0.587
domainlist local_domains = @:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca:doctor.nl2k.ab.ca:lsearch;/usr/exim/vdom3
domainlist relay_to_domains =
hostlist relay_from_hosts = 204.209.81.0/24 : 127.0.0.1 : 208.118.93.0/24: 208.118.94.0/24
trusted_users = exim : majordomo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:127.0.0.1 3310
spamd_address = 127.0.0.1 783
tls_advertise_hosts = *
tls_certificate = /usr/exim/ca.crt
tls_privatekey = /usr/exim/ca.key
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2h
timeout_frozen_after = 6h
auto_thaw = 1m
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_enable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
accept domains = +local_domains
endpass
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.$\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
condition = ${if match{$sender_helo_name}{$primary_hostname}}
drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = $interface_address is _my_ address
drop message = Bad helo name
condition = ${if \
and{ \
{isip {$sender_helo_name}} \
{match_ip{$sender_helo_name}{@[]}} \
}{yes}{no} \
}
drop message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"\n\n\
The return address you are using for this email message <$sender_address>\
does not seem to be a working account.
log_message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"
!hosts = +no_verify
!verify = sender/callout=2m,defer_ok
condition = ${if eq{recipient}{$sender_verify_failure}}
drop message = REJECTED - Sender Verify Failed and no RDNS
log_message = REJECTED - Sender Verify Failed and no RDNS
!verify = reverse_host_lookup
!verify = sender/callout=2m,defer_ok,mailfrom=sender-verify@???
!condition = ${if eq{$sender_verify_failure}{}}
deny message = REJECTED - Recipient Verify Failed - User Not Found
domains = +all_mail_handled_locally
!verify = recipient/callout=2m,defer_ok,use_sender
warn domains = +local_domains
!verify = recipient
set acl_c0 = ${eval: $acl_c0+1}
delay = ${eval: ($acl_c0 - 1) * 60}s
drop message = Legitimate bounces are never sent to more than one recipient.
senders = : postmaster@*
condition = ${if >{$recipients_count}{0}{true}{false}}
deny message = REJECTED - No Subject or Body
!condition = ${if def:h_Subject:}
condition = ${if <{$body_linecount}{1}{true}{false}}
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
dnslists = sbl-xbl.spamhaus.org : zen.spamhaus.org : dnsbl.njabl.org : combined.njabl.org : dev.null.dk : relays.visi.com : bl.spamcop.net : iscbl.anti-spam.org.cn : cbl.anti-spam.org.cn : cblplus.anti-spam.org.cn : cblless.anti-spam.org.cn : hostkarma.junkemailfilter.com=127.0.0.2
log_message = found in $dnslist_domain
deny message = Rejected sender
domains = dhl.com
local_parts = adminsu*
deny message = Rejected sender
domains = *.com
local_parts = postmail-*
deny message = Rejected sender
domains = usa.com
local_parts = express.deli*
deny message = Rejected sender
domains = gmail.com
local_parts = emarketing2*
accept
acl_check_data:
deny malware = *
message = This message contains a virus ($malware_name).
drop message = This message is denied by policy : $spam_score spam points
spam = nobody:true
condition = ${if > {$spam_score_int}{409}{1}{0}}
warn spam = nobody
message = Subject: {SPAM?} $rh_subject:
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
accept
begin routers
check_dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
verify_only
no_more
check_system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
check_localuser:
driver = accept
check_local_user
verify_only
failed_address_router:
driver = accept
verify_only
fail_verify
domains_virtual:
domains = +local_domains
driver = redirect
data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}
domains_virtual_others:
domains = +local_domains
driver = redirect
data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
procmail:
driver = accept
check_local_user
require_files = $home/.procmailrc
transport = procmail_pipe
lists:
driver = redirect
file = /usr/home/majordomo/lists/$local_part
forbid_pipe
forbid_file
errors_to = $local_part-request@???
user = majordomo
no_more
begin transports
remote_smtp:
driver = smtp
procmail_pipe:
driver = pipe
command = /usr/bin/procmail -d $local_part
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
umask = 077
user = $local_part
group = mail
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0600
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* data_4xx F,1h,15m; G,2h,30m,1.5; F,3h,10m
* mail_4xx F,1h,15m; G,2h,30m,1.5; F,3h,10m
* rcpt_4xx F,1h,15m; G,2h,30m,1.5; F,3h,10m
* lost_connection F,1h,15m; G,2h,30m,1.5; F,3h,10m
* refused_MX F,1h,15m; G,2h,30m,1.5; F,3h,10m
* refused_A F,1h,15m; G,2h,30m,1.5; F,3h,10m
* refused F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout_connect_MX F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout_connect_A F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout_connect F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout_MX F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout_A F,1h,15m; G,2h,30m,1.5; F,3h,10m
* timeout F,1h,15m; G,2h,30m,1.5; F,3h,10m
127.0.0.1 * F,1h,1m; G,2h,10m,1.5; F,5h,10m
204.209.81.1 * F,1h,1m; G,2h,10m,1.5; F,3h,10m
204.209.81.3 * F,1h,1m; G,2h,10m,1.5; F,5h,10m
* * F,1h,2m; G,4h,1h,1.5; F,5h,10m
begin rewrite
begin authenticators
PLAIN:
driver = plaintext
public_name = PLAIN
server_set_id = $auth2
server_prompts = :
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
public_name = LOGIN
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
END
DO I need something in the ACL check data?
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
--
Member - Liberal International This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done! http://groups.google.com/group/rec.arts.drwho/about
