Re: [exim] Help me to prevent spamming

Etusivu
Poista viesti
Vastaa
Lähettäjä: Er.shashank.singh
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] Help me to prevent spamming
Hi,

here is my exim conf file.

local_scan_path = /usr/lib/exim4/local_scan/sa-exim-4.2.so

#queue_only = true
#queue_domains = lsearch;/usr/exim/queue_domains

#log_selector = +all
log_selector = +incoming_interface +subject
daemon_smtp_ports = 25 : 587

# 1.
trusted_users = exim

# 2. ACL for Inbound SMTP after RCPT and DATA
#acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = check_recipient
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_content




smtp_accept_max = 200
smtp_accept_max_per_host = 200
smtp_accept_queue = 200
smtp_accept_max_per_connection = 200
smtp_accept_queue_per_connection = 200
#message_size_limit= ${lookup mysql { select concat(attachment_size,"M")
from eximcfg where domain = '$primary_hostname'}}
return_size_limit = 1K
message_size_limit = 20M


# 3. LOCALDOMAINS, For Local Delivery
domainlist local_domains = ${lookup mysql { select
replace(group_concat(LOCAL),',',':') as local_domains from LOCALDOMAINS }}
#       mysql;select 1 from LOCALDOMAINS where LOCAL='$domain'
domainlist rewrite_domains = lsearch;/usr/exim/rewrite
# 4. Outbound Relay Access
hostlist relay_hosts = ${lookup mysql { select
replace(group_concat(relay_hosts),',',' : ') as relay_to_domains from
eximcfg where domain = '$primary_hostname' }}


# 5. Hostname In SMTP Banner
primary_hostname = bluestarchannel.com

smtp_enforce_sync=false
auth_advertise_hosts = *
bounce_message_file = "/usr/exim/custom.mesg"
bounce_return_body = false
bounce_return_message = false


auto_thaw = 1h
timeout_frozen_after = 3d

# 6. Domain to be added on unqualified aliases
qualify_domain = wbox.net4india.com

# 7. No Local Deliveries Under root
never_users = root

# 8. Mysql Connection
mysql_servers = ""

# 9. System Filter
system_filter = /usr/exim/filter
system_filter_file_transport = address_file
system_filter_pipe_transport = address_pipe
system_filter_directory_transport = address_directory
system_filter_pipe_transport = address_pipe
system_filter_directory_transport = address_directory
system_filter_user = exim
message_body_visible = 5000



# 10. Spool Directory Option
split_spool_directory

# Set Header Text
received_header_text = "Received: \
         ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
         {${if def:sender_ident {from ${sender_ident} }}\
         ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
         by ${primary_hostname} \
         ${if def:received_protocol {with ${received_protocol}}} \
         ${if def:tls_cipher {\n\t(Cipher ${tls_cipher}) }}\
         ${if def:tls_peerdn {(PeerDN ${tls_peerdn}) }}\
         (Exim ${version_number} #${compile_number})\n\t\
         id ${message_id}\
         ${if def:authenticated_id { by authid <$authenticated_id>}}\
         ${if def:sender_host_authenticated { with
$sender_host_authenticated}}\
         ${if def:received_for {\n\tfor <$received_for>}}"



# 11. Access Control Lists

# EXISCAN GLOBALS #

av_scanner = clamd:127.0.0.1 3310

######################################################################
#                              ACL                                   #
######################################################################
begin acl



# ACL after RCPT



check_recipient:

#deny     message  = You Are Restricted From Sending Email To This Address
#        recipients = /usr/exim/restrict/receiversTSRW1
#        ! senders = lsearch;/usr/exim/restrict/sendersTSRW1


warn     message       = X-SA-Do-Not-Rej: Yes
          local_parts   = postmaster:abuse


warn     message       = X-SA-Do-Not-Run: Yes
           hosts         = +relay_hosts


warn     message       = X-SA-Do-Not-Run: Yes
           authenticated = *


warn     message       = X-SA-Do-Not-Run: Yes
           local_parts   = abuse:MAILER-DAEMON


#  warn     message       = X-SA-Do-Not-Run: Yes
#          sender_domains        = +local_domains


# Unknonw user verification

#  deny message = unknown user
#       ! recipients =  ${lookup mysql{select fqeid from EMAILADDS where
fqeid = '$local_part\@${domain}'}}
#       domains = ! +rewrite_domains


##################################Auth Id must be same as from
id####################
accept authenticated = *
#   deny    message       = "HELO/EHLO required by SMTP RFC"
 #         condition     = ${if eq{$sender_helo_name}{}{yes}{no}}


accept hosts = +relay_hosts

#       accept sender_domains = +local_domains
        require verify   = sender




 deny message = **** User Account Locked. *****
                recipients = /mail/Blocked/user_account_locked


 deny message = **** User Mailbox Quota Exceeded. *****
                recipients = /mail/Blocked/user_quota_exceeded


authenticated = *
    deny ratelimit = 100 / 1h / per_rcpt / strict / $authenticated_id
    log_message = Rejected $authenticated_id due over rate with
$sender_rate/$sender_rate_period
    message = Rate limited


accept domains = +local_domains

deny message = Relay is not permitted.


accept

acl_check_mime:

# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default

  # File extension filtering.
  deny message = Blacklisted file extension detected (${lc:$mime_filename})
       condition = ${if match \
                        {${lc:$mime_filename}} \


{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.HQX|\.DHX|\.B64|\.MIM|\.cmd|\.mim|\.Uu|\.UUE|\.hqx|\.dhx|\.b64|\.BHX|\.bhx|\.uue)$\N}
\
                     {1}{0}}


  # Reject messages that carry chinese character sets.
  # WARNING: This is an EXAMPLE.
  #deny message = Sorry, noone speaks chinese here
   #    condition = ${if eq{$mime_charset}{gb2312}{1}{0}}


accept

# ACL after DATA
acl_check_content:

  # Reject virus infested messages.
  deny  message = This message contains malware ($malware_name)
        malware = *


# finally accept all the rest
accept

# 12. Rewrite Configuration

######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################




begin authenticators

plain:
driver = plaintext
public_name = PLAIN
#server_condition = ${lookup mysql{select if(count(*), "1","0") from
EMAILADDS where POPID = '${quote_mysql:$2}' and
PASSWORD='${quote_mysql:$3}' and status='live'}}
server_condition = ${lookup mysql{select if(count(*), "1","0") from
EMAILADDS where FQEID = '${quote_mysql:$2}' and
PASSWORD='${quote_mysql:$3}' and status='yes' }}
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
#server_condition = ${lookup mysql{select if(count(*), "1","0") from
EMAILADDS where POPID = '${quote_mysql:$1}' and
PASSWORD='${quote_mysql:$2}' and status='live'}}
server_condition = ${lookup mysql{select if(count(*), "1","0") from
EMAILADDS where FQEID = '${quote_mysql:$1}' and
PASSWORD='${quote_mysql:$2}' }}
server_set_id = $1


*********************************************************************************************
But spammer are using password onf any user send chenge the from id for
example if my username is shashank@??? the user steal my password
anyhow and send mail with lot of from mail id like as@???, ab@???,
aw@??? and so on so the rate limit is also not working plaease help me
out of this.

and le me knoe if there's any document to harden the exim to prevent
spamming from my server


On Thu, Dec 12, 2013 at 1:24 AM, Heiko Schlittermann <hs@???>wrote:

> Hi,
>
> Er.shashank.singh <docs4shashank@???> (Mi 11 Dez 2013 19:18:53 CET):
> > Hi All,
> >
> > I am really frustrated because of spamming from my server. Can any one
> > please help me to hardening of exim to prevent spamming. I want to stop
> > stealing password and rate limit for outgoing mails and filter spam
> words.
>
> It sound that there is more then just a broken exim configuration. But
> we could start investigating your configuration, to be sure, that exim
> is not the primary reason for spamming.
>
> (How do you know that Exim is spamming? I've seen lots of sites
> spamming, but not via Exim.)
>
>     exim -bV | tail -n 1

>
> will tell you where your configuration file is. Just post a copy of this
> file, but be sure not to include any passwords or other sensible
> information. On the other hand, do not obfuscate it too much.
>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann
> --
>  SCHLITTERMANN.de ---------------------------- internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
>  gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
> (gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-

>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--



*Thanks & Regards, Shashank Kumar Singh Mob: +919891249097 email:
srinet1986raj@??? <srinet1986raj@???>*