Autor: Alexandr Kobzarenko Data: Para: exim-users Assunto: [exim] Exim + AD (trouble)
Hi people.
First, forgive me for my bad English.
NOw i tryed configure Exim to work with 2008 serrver AD (LDAP) users.
But have some trouble, and dont know how to fix it..
When i try send mail from zerg@??? to zerg@???
i see the error in log
As i undestand, i have error in this sections in my config
"ldap_EXTdistrib_group"
But in global i have error on ldap filters. May be some one can show me
to my mistake.
# Скрипт для встроенного Perl. Использую для групп рассылок.
perl_startup = do '/usr/local/etc/exim/scripts/group_distrib_AD.pl'
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
accept hosts = !+local_net : !localhost
domains = +relay_to_domains
condition = ${lookup{$sender_address_domain}wildlsearch\
{/usr/local/etc/exim/db/whitelist}{yes}{no}}
logwrite = OK! The host $sender_address_domainis in the WHITE list
warn condition = ${if eq{$sender_helo_name}{}{yes}{no}}
logwrite = SPAM. Send HELO/EHLO and your name first
set acl_c1 = ${eval:$acl_c1+1}
deny message = You are not allowed to send mail outside the own domain.
hosts = +local_net : localhost
domains = !+relay_to_domains
condition = ${if eqi{LD}{${lookup ldapm{LDAP_AUTH \
LDAP_BASE_SEARCH?physicalDeliveryOfficeName?sub?\
(samaccountName=$sender_address_local_part)}}}{yes}{no}}
drop message = Forbidden to send mail on behalf of users domain \
$sender_address_domain
hosts = !+local_net : !localhost
condition = ${if match_domain{$sender_address_domain}\
{$primary_hostname : +local_domains : +relay_to_domains}\
{yes}{no}}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if or {{ isip{$sender_helo_name}}\
{eq{$sender_helo_name}{[$sender_host_address]}}}{yes}{no}}
logwrite = SPAM. Forbidden to use IP-address instead of the host name in
HELO
set acl_c1 = ${eval:$acl_c1+2}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if match_domain{$sender_helo_name}\
{$primary_hostname : +local_domains : +relay_to_domains}{yes}{no}}
logwrite = SPAM. In HELO a name of our server
set acl_c1 = ${eval:$acl_c1+3}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if eq{$host_lookup_failed}{1}{yes}{no}}
logwrite = SPAM. Yours PTR and A records DNS do not conform
set acl_c1 = ${eval:$acl_c1+4}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${lookup{$sender_host_name}wildlsearch\
{/usr/local/etc/exim/db/blacklist}{yes}{no}}
logwrite = SPAM. $sender_host_name in our local blacklist
set acl_c1 = ${eval:$acl_c1+6}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if and {{match{$sender_host_name}\
{\N(?>[^.]+[.]){5,}|(?>[^-]+[\-]){4,}\N}}\
{!match{$sender_host_name}{\N\.yahoo\.com$\N}}}{yes}{no}}
logwrite = SPAM. Too many point or hyphens in the hostname
($sender_host_name)
set acl_c1 = ${eval:$acl_c1+7}
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
dnslookup:
driver = dnslookup
domains = !+relay_to_domains : !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
more = no
cannot_route_message = Remote domain not found in DNS
#!/usr/bin/perl -w
use strict;
use warnings;
use Net::LDAP;
my %ldap_connect=(
HOST=>"172.16.16.4",
PORT=>"3268",
TIMEOUT=>"120",
BASE_DN=>"DC=JSP,DC=LOCAL",
BIND_DN=>"CN=unix_ldap,CN=Users,DC=JSP,DC=LOCAL",
BIND_PASS=>"Password",
VERSION=>"3"
);
sub get_mail_lists
{
my $address = shift;
my ($user_mail, $dn, $mesg, $entry, $mail_lists);
my (@array_of_ldap_search, @entries);
$mail_lists="";
my $ldap = Net::LDAP->new($ldap_connect{'HOST'},
version=>$ldap_connect{'VERSION'}, \
port=>$ldap_connect{'PORT'}, timeout=>$ldap_connect{'TIMEOUT'}) or die
exit 0;
$mesg=$ldap->bind($ldap_connect{'BIND_DN'}, password =>
$ldap_connect{'BIND_PASS'}) or die exit 0;