###################################################################### # Runtime configuration file for Exim # ###################################################################### ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### CONFDIR=/usr/local/etc/exim perl_startup = do "CONFDIR/exim.pl" log_selector = +smtp_connection +smtp_protocol_error +smtp_syntax_error \ +lost_incoming_connection +connection_reject +dnslist_defer +host_lookup_failed \ -retry_defer -skip_delivery -queue_run -rejected_header primary_hostname = relay.deltamedical.com.ua smtp_accept_max = 500 smtp_accept_queue_per_connection = 200 hostlist relay_from_hosts = localhost : CONFDIR/hosts-relayfrom hostlist relay_white_list = CONFDIR/hosts-whitelist hostlist private_networks = CONFDIR/hosts-private domainlist local_domains = lsearch;CONFDIR/domains-local domainlist greylist_domains = lsearch;CONFDIR/domains-greylist hostlist skip_greylist_hosts = CONFDIR/skip_greylist_relays auth_advertise_hosts = * helo_try_verify_hosts = ! +relay_from_hosts helo_accept_junk_hosts = +relay_from_hosts hostlist host_drop_connection = CONFDIR/hosts-dropfrom hostlist hosts_blacklisted = CONFDIR/access-relay-blacklist hostlist hosts_blacklist_dialup = CONFDIR/access-relay-dialup hostlist skip_dnsbl_check = 127.0.0.1 : CONFDIR/skip_dnsbl_check hostlist skip_verify_sender = 127.0.0.1 : CONFDIR/skip_verify_sender_relay domainlist exchange_domains = lsearch;CONFDIR/domains-exchange ldap_default_servers = 192.168.100.2 : 192.168.100.1 domainlist virtuser_domains = lsearch;CONFDIR/domains-virtuser domainlist internal_domains = lsearch;CONFDIR/domains-internal #received_header_text = Received: \ # ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\ # {${if def:sender_ident {from $sender_ident }}\ # ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ # by $primary_hostname \ # ${if def:received_protocol {with $received_protocol}} \ # ${if def:tls_cipher {($tls_cipher)\n\t}}\ # (Exim $version_number (FreeBSD))\n\ # \tid $message_id\ # ${if def:received_for {\n\tfor $received_for}} received_header_text = Received: \ ${if def:sender_rcvhost \ {from $sender_rcvhost\n}\ {${if def:sender_ident {from $sender_ident }}\ ${if def:sender_helo_name {(helo=$sender_helo_name)\n}}}}\ \tby $primary_hostname \ ${if def:received_protocol {with $received_protocol}} \ ${if def:tls_cipher {($tls_cipher)\n\t}}\ id $message_id\ ${if def:received_for {\n\tfor $received_for}} acl_smtp_connect = acl_check_connect acl_smtp_helo = acl_check_helo acl_smtp_auth = acl_check_auth acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt acl_smtp_predata = acl_check_predata acl_smtp_mime = acl_check_mime acl_smtp_data = acl_check_data qualify_domain = deltamedical.com.ua # qualify_recipient = message_size_limit = 15M #return_size_limit = 10K bounce_return_size_limit = 10K exim_user = mailnull exim_group = mail # never_users = root system_filter = CONFDIR/system_filter system_filter_user = mailnull system_filter_pipe_transport = filter_pipe system_filter_reply_transport = address_reply system_filter_file_transport = address_file system_filter_directory_transport = address_directory message_body_visible = 5000 accept_8bitmime = true # The settings below, which are actually the same as the defaults in the # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up SMTP sessions. (The default was # reduced from 30s to 5s for release 4.61.) #rfc1413_hosts = * #rfc1413_query_timeout = 5s # turn off ident requests rfc1413_hosts = : rfc1413_query_timeout = 0s #rfc1413_hosts = +relay_from_hosts #rfc1413_query_timeout = 5s smtp_return_error_details = true host_lookup = * # When Exim can neither deliver a message nor return it to sender, it "freezes" # the delivery error message (aka "bounce message"). There are also other # circumstances in which messages get frozen. They will stay on the queue for # ever unless one of the following options is set. # This option unfreezes frozen bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than a week. timeout_frozen_after = 2d av_scanner = $acl_m0 spamd_address = 127.0.0.1 783 #dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9/-]*[^\W_])?)+$ dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9/-]*[^\W])?)+$ ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl acl_check_connect: drop hosts = +host_drop_connection warn set acl_c7 = condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} set acl_c7 = ${lookup dnsdb{ptr=$sender_host_address}} accept acl_check_helo: warn set acl_m_smtp_command_helo = $smtp_command accept acl_check_auth: warn set acl_m_smtp_command_auth = $smtp_command warn set acl_m_auth_restrict = deny condition = ${if eq{$acl_m_auth_restrict}{}{no}{yes}} message = $acl_m_auth_restrict \ accept acl_check_mail: warn set acl_m_smtp_command_mail_from = ${smtp_command}${if eq{$message_size}{-1}{}{ SIZE=$message_size}} warn hosts = : set acl_m13 = submitted=1 $acl_m13 warn hosts = +relay_from_hosts set acl_m13 = relay_from_hosts=1 $acl_m13 warn authenticated = * set acl_m13 = authenticated=1 $acl_m13 warn hosts = +relay_white_list # domains = +local_domains ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') set acl_m13 = white_list_relays=1 $acl_m13 warn set acl_m1 = no senders = @@wildlsearch;CONFDIR/senders-whitelist set acl_m1 = yes warn condition = ${lookup{$sender_address}wildlsearch{CONFDIR/senders-whitelist}{yes}{no}} set acl_m1 = yes warn condition = $acl_m1 # domains = +local_domains ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') set acl_m13 = white_list_senders=1 $acl_m13 accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m13}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m13}}}{1}}\ {eq{${extract{authenticated}{$acl_m13}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m13}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m13}}}{1}}\ }{yes}{no}} warn set acl_m8 = mark_hits=* action_hits=* user=* # Only spammers use 8-bit envelope senders, and it violates # RFC 2821 to boot. deny senders = \N^[^@]*[\x80-\xFF][^@]*\@.*\N message = 8-bit characters not allowed in envelope sender (see RFC 2821, section 4.1.2) log_message = 8-bit characters in envelope sender detected accept acl_check_rcpt: warn set acl_m_smtp_command_rcpt_to = $smtp_command warn set acl_m_smtp_command_rcpt_tos = ${acl_m_smtp_command_rcpt_tos}${smtp_command}\n warn set acl_m9 = ${sg{${sg{$acl_m13}{\Nabuse_or_postmaster=\d*\N}{}}}{\Nwhite_list_compat=\d*\N}{}} # обнуляем счетчик баллов для опционального грейлистинга warn set acl_c8 = scores=0 log_message= # Проверка адреса отправителя в blacklist-ах warn set acl_m0 = warn domains = +local_domains local_parts = postmaster : abuse set acl_m0 = skip warn set acl_m1 = condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${lookup{$sender_address}wildlsearch{CONFDIR/access-mail}\ {${if eq{$value}{}{REJECT}{$value}}}{}\ } condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{sender address blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} add_header = X-Warn-Sender: $acl_m2 warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} # Проверка существования получателей # Защита от словарных аттак drop log_message = Dictionary attack ($rcpt_fail_count failed probes). Dropping connection message = User unknown (${eval:$rcpt_fail_count+1} failed queries) condition = ${if >{$rcpt_fail_count}{${eval:5-2}} {1}{0}} delay = 30s domains = +local_domains ! verify = recipient # Поиск адреса получетеля в virtusertable warn set acl_m0 = warn condition = ${if eq{$acl_m0}{}{yes}{no}} domains = +virtuser_domains : +local_domains set acl_m0 = ${sg{\ ${lookup{$local_part@$domain}wildlsearch{CONFDIR/virtusertable}\ {$value}{\ ${lookup{@$domain}wildlsearch{CONFDIR/virtusertable}{$value}{}}\ }}\ }{\N%1\N}{$local_part}} deny condition = ${if match{$acl_m0}{\N(?i)^\s*(deny|reject)\s*:(.+)$\N}{yes}{no}} message = ${if match{$acl_m0}{\N(?i)^\s*(deny|reject)\s*:(.+)$\N}{$2}{}} defer condition = ${if match{$acl_m0}{\N(?i)^\s*defer\s*:(.+)$\N}{yes}{no}} message = ${if match{$acl_m0}{\N(?i)^\s*defer\s*:(.+)$\N}{$1}{}} # Проверка существования получателей из локальных доменов deny condition = ${if eq{$acl_m_skip_verify_recipient}{yes}{no}{yes}} domains = +local_domains message = User unknown log_message = User unknown ! verify = recipient # Проверка существования получетеля из домена MS Exchange deny domains = +exchange_domains ! recipients = @@wildlsearch;CONFDIR/skip_exch_check ! verify = recipient/callout deny hosts = +relay_from_hosts ! verify = recipient/defer_ok message = $local_part@$domain: Unrouteable address deny authenticated = * ! verify = recipient/defer_ok message = $local_part@$domain: Unrouteable address warn set acl_m0 = domains = +local_domains local_parts = postmaster : abuse set acl_m0 = abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m13 = abuse_or_postmaster=1 $acl_m13 warn set acl_m1 = no hosts = +relay_from_hosts set acl_m1 = yes warn authenticated = * set acl_m1 = yes warn condition = $acl_m1 condition = ${if eq{$acl_m0}{accept}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {0.0.0.0|$local_part@$domain|$sender_address}\ {\ block_expires=$tod_epoch \ record_expires=${eval:$tod_epoch+240*60} \ blocked_count=0 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} # accept condition = ${if eq{$acl_m9}{}{no}{yes}} accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ }{yes}{no}} acl = acl_check_rcpt_before_accept accept domains = +local_domains # condition = ${if eq{$acl_m9}{}{no}{yes}} # condition = ${if eq{${sg{$acl_m9}{\N\s*spam_hater=1\s*}{}}}{}{no}{yes}} condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m9}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m9}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m9}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m9}}}{1}}\ }{yes}{no}} acl = acl_check_rcpt_before_accept # Проверка корректности почтового ящика получателя deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # Проверка HELO/EHLO: # Наличие в HELO наших адресов/доменов # HELO used our own credentials deny condition = ${if eq{$interface_address}{}{no}{yes}} condition = ${if eq{$sender_helo_name}{[$interface_address]}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials deny condition = ${if eq{$sender_helo_name}{$primary_hostname}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials deny condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials # HELO, состоящих из одной точки, или без точки # HELO is With only Point or Without Point deny condition = ${if match{$sender_helo_name}{\N\|\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N^<.*>$\N}{no}{yes}} condition = ${if or{\ {!match{$sender_helo_name}{\N\.\N}} \ {match{$sender_helo_name}{\N^\.$\N}} \ {match{$sender_helo_name}{\N\.\.\N}} \ {match{$sender_helo_name}{\N^\.\N}} \ {match{$sender_helo_name}{\N^[^\.]+\.$\N}} \ {match{$sender_helo_name}{\N@\N}} \ }{yes}{no}} message = Invalid greeting used log_message = HELO is With only Point or Without Point ($sender_helo_name) # HELO в виде IP адреса # HELO used IP address # 5xx в случае указания IP адреса в качестве HELO deny condition = ${if isip{$sender_helo_name}{yes}{no}} message = Invalid greeting used log_message = HELO used IP address # Проверка наличия HELO в черном списке # в т. ч. проверка HELO в виде имени хоста, принадлежащего к dial-up/dsl/cable сетям warn set acl_m1 = set acl_m0 = ${lookup{$sender_host_address}\ iplsearch{CONFDIR/access-helo}\ {${if eq{$value}{}{REJECT}{$value}}}\ {\ ${lookup{$sender_helo_name}\ wildlsearch{CONFDIR/access-helo}\ {${if eq{$value}{}{REJECT}{$value}}}\ {no}}\ }} condition = ${if eq{$acl_m0}{no}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{helo $sender_helo_name blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} # set acl_m2 = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} # Warning в случае принадлежности HELO к blacklisted сетям # Warning if sender HELO in blacklisted network warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-HELO-Blacklisted: ${if eq{$acl_m2}{}{HELO $sender_helo_name is blacklisted}{$acl_m2}} log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} # Pause в случае принадлежности HELO к blacklisted сетям # Pause if sender HELO in blacklisted network warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # Reject в случае принадлежности HELO к blacklisted сетям # Reject if sender HELO in blacklisted network deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # Defer в случае принадлежности HELO к blacklisted сетям # Defer if sender HELO in blacklisted network defer condition = ${if match{$acl_m1}{defer}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # Drop в случае принадлежности HELO к blacklisted сетям # Drop if sender HELO in blacklisted network drop condition = ${if match{$acl_m1}{drop}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # warn on verify helo warn ! verify = helo log_message = verify HELO ($sender_helo_name) # Прием почты для abuse адресов accept domains = +local_domains local_parts = postmaster : abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m13 = abuse_or_postmaster=1 $acl_m13 # Проверка количества получателей в DSN warn senders = : condition = ${if >{$rcpt_count}{1} {1}} log_message = "Only one receipient accepted for NULL sender" ! hosts = +relay_from_hosts # Проверка рилея отправителя в blacklist-ах warn set acl_m1 = set acl_m0 = ${lookup{$sender_host_address}\ iplsearch{CONFDIR/access-relay}\ {${if eq{$value}{}{reject}{$value}}}\ {\ ${lookup{$sender_host_name}\ wildlsearch{CONFDIR/access-relay}\ {${if eq{$value}{}{reject}{$value}}}\ {no}}\ }} condition = ${if eq{$acl_m0}{no}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{relay $sender_host_name blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} # set acl_m2 = ${if eq{$acl_m2}{}{Access from relay $sender_host_name denied according to the local policy}{$acl_m2}} # Pause в случае принадлежности хоста рилея к blacklisted сетям # Pause if sender host in blacklisted network warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # Reject в случае принадлежности хоста рилея к blacklisted сетям # Reject if sender host in blacklisted network deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name denied according to the local policy}{$acl_m2}} log_message = $acl_m0 # Defer в случае принадлежности хоста рилея к blacklisted сетям # Defer if sender host in blacklisted network defer condition = ${if match{$acl_m1}{defer}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name defered according to the local policy}{$acl_m2}} log_message = $acl_m0 # Drop в случае принадлежности хоста рилея к blacklisted сетям # Drop if sender host in blacklisted network drop condition = ${if match{$acl_m1}{drop}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name droped according to the local policy}{$acl_m2}} log_message = $acl_m0 # Warning в случае принадлежности хоста рилея к blacklisted сетям # Warning if sender host in blacklisted network warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-Relay-BlackListed: ${if eq{$acl_m2}{}{relay $sender_host_name is blacklisted}{$acl_m2}} log_message = $acl_m0 # Reject в случае принадлежности хоста рилея к listed сетям # Reject if sender host in listed network deny condition = ${if eq{$acl_m0}{no}{yes}{no}} hosts = +hosts_blacklisted message = Access from relay $sender_host_address denied according to the local policy log_message = Sender relay $sender_host_address blacklisted # Warning в случае принадлежности хоста рилея к listed сетям # Warning if sender host in listed network warn condition = ${if match{$acl_m0}{no}{yes}{no}} hosts = +hosts_blacklist_dialup add_header = X-Warn-Relay-BlackListed: Access from dial-up/dsl/cable relays denied /A record/ # Warning в случае принадлежности хоста рилея к listed сетям # Warning if sender host in listed network log_message = Access from dial-up/dsl/cable relays denied /A record/ # Block messages where the sender domain resolves to bad IPs warn set acl_m0 = skip condition = ${if eq{$sender_address_domain}{}{no}{yes}} condition = ${if match_domain{$sender_address_domain}\ {+local_domains }\ {no}{yes}} set acl_c2 = CONFDIR/access-mail-domain-a condition = ${lookup{$sender_address_domain}wildlsearch{$acl_c2}{\ ${if eq{${lc:$value}}{ok}{no}{yes}}\ }{yes}} set acl_m0 = warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} set acl_m1 = a=$sender_address_domain acl = acl_dnsdb condition = ${if eq{$acl_m2}{defer}{no}{yes}} acl = acl_iplsearch defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m2}{defer}{yes}{no}} log_message = Cannot resolve A record for sender domain $sender_address_domain message = Cannot resolve A record for sender domain $sender_address_domain warn set acl_m1 = condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{Domain of sender $sender_address_domain has bad A record${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = $acl_m2 warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0 add_header = X-Warn-Mail-A: $acl_m0 # Проверка хоста отправителя на принадлежность к relay_from_hosts, # если домен адреса отправителя является внутренним warn ! hosts = +relay_from_hosts condition = ${lookup{$sender_address_domain} \ wildlsearch{CONFDIR/domains-internal}{yes}{no}} log_message = internal domain $sender_address_domain in MAIL FROM command add_header = X-Warn-Internal: internal domain $sender_address_domain in MAIL FROM command warn ! hosts = +relay_from_hosts condition = ${if or{\ {eq{${lookup{$sender_address}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ {eq{${lookup{$sender_address|from}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ }{yes}{no}} log_message = internal address $sender_address in MAIL FROM command add_header = X-Warn-Internal: internal address $sender_address in MAIL FROM command # Проверка хоста отправителя на принадлежность к relay_from_hosts, # если домен адреса получателя является внутренним warn ! hosts = +relay_from_hosts domains = +internal_domains log_message = Internal domain $domain in RCPT TO command add_header = X-Warn-Internal: Internal domain $domain in RCPT TO command warn ! hosts = +relay_from_hosts condition = ${if or{\ {eq{${lookup{$sender_address}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ {eq{${lookup{$sender_address|from}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ }{yes}{no}} log_message = internal address $local_part@$domain in RCPT TO command add_header = X-Warn-Internal: internal address $local_part@$domain in RCPT TO command # Проверка хоста отправителя на принадлежность к relay_from_hosts, если адреса # отправителя и получателя совпадают и домен в них является локальным warn set acl_m1 = hosts = +relay_from_hosts set acl_m1 = skip warn authenticated = * set acl_m1 = skip warn condition = ${if eq{$acl_m1}{skip}{no}{yes}} domains = +local_domains condition = ${if eq{$sender_address}{$local_part@$domain}{yes}{no}} set acl_m1 = WARN acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} set acl_m0 = The same local addresses in MAIL FROM and RCPT TO from nonlocal relay set acl_m2 = Access denied warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = $acl_m2 warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0 add_header = X-Warn-Local: $acl_m0 # Проверка резолвинга рилея в реверсной зоне DNS warn set acl_m0 = no_skip warn authenticated = * set acl_m0 = skip warn hosts = +relay_from_hosts set acl_m0 = skip # временные проблемы резолвинга записи рилея в реверсной зоне DNS # для неисключаемых из проверки возвращаем warn, # если в confCHECK_RELAY_RESOLVE и confCHECK_RELAY_FORGED нет reject или defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{0}{yes}{no}} # condition = ${if eq{$host_lookup_deferred}{1}{yes}{no}} log_message = Cannot resolve PTR record for $sender_host_address add_header = X-Warn-Resolve: Cannot resolve PTR record for $sender_host_address # несовпадение записи рилея в прямой и реверсной зонах DNS # в confCHECK_RELAY_FORGED не указаны reject, deny и defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} add_header = X-Warn-Resolve: IP name forged for $sender_host_address # отсутствие записи рилея в реверсной зоне DNS # в confCHECK_RELAY_RESOLVE не указаны reject, deny и defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} add_header = X-Warn-Resolve: IP name lookup failed for $sender_host_address log_message = IP name lookup failed for $sender_host_address\ # Проверка адреса отправителя warn set acl_m12 = deny \ hosts = !+skip_verify_sender ! authenticated = * ! senders = @@wildlsearch;CONFDIR/skip_verify_sender_mail ! verify = sender/callout=120s${acl_m12} # condition = ${if eq{$sender_verify_failure}{recipient}{yes}{no}} warn set acl_m0 = hosts = !+relay_from_hosts ! authenticated = * condition = ${if !match {${extract{2}{:}{$acl_m_smtp_command_mail_from}}}{\N^\s*<.*>\N}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = Go and read RFC2821. The angle brackets in MAIL FROM command are a requirement set acl_m0 = "$acl_m_smtp_command_mail_from" - MAIL FROM address without angle brackets warn condition = ${if eq{$acl_m0}{}{no}{yes}} add_header = X-Warn-Mail: $acl_m0 log_message = $acl_m0 warn condition = ${if eq{$acl_m0}{}{no}{yes}} delay = 20s set acl_m15 = ${acl_m15}\t\ delay=20s\t\t\ $acl_m0\n warn set acl_m0 = hosts = !+relay_from_hosts ! authenticated = * condition = ${if !match {${extract{2}{:}{$acl_m_smtp_command_rcpt_to}}}{\N^\s*<.*>\N}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = Go and read RFC2821. The angle brackets in RCPT TO command are a requirement set acl_m0 = "$acl_m_smtp_command_rcpt_to" - RCPT TO address without angle brackets warn condition = ${if eq{$acl_m0}{}{no}{yes}} add_header = X-Warn-Rcpt: $acl_m0 log_message = $acl_m0 warn condition = ${if eq{$acl_m0}{}{no}{yes}} delay = 20s set acl_m15 = ${acl_m15}\t\ delay=20s\t\t\ $acl_m0\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : helo.rbl.mx.org.ua set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain delay = 30s set acl_m15 = ${acl_m15}\t\ delay=30s\t\t\ $sender_host_address is in a black list at $dnslist_domain\n deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : rcpt.rbl.mx.org.ua set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain delay = 30s set acl_m15 = ${acl_m15}\t\ delay=30s\t\t\ $sender_host_address is in a black list at $dnslist_domain\n deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +defer_unknown : dul.ru set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dul.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dialups.mail-abuse.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dynablock.easynet.nl set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dynablock.njabl.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : bl.spamcop.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : cbl.abuseat.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : new.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : smtp.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : http.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : socks.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain warn condition = $acl_m0 condition = ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}} set acl_m_dnsbl = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain\n # Использование серых списков с кешем в DBM # определяем необходимость использования "серого списка" warn set acl_m0 = no_skip warn ! domains = +greylist_domains : +local_domains set acl_m0 = skip warn authenticated = * set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for authenticated sender\n warn hosts = +skip_greylist_hosts : +relay_from_hosts set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for +skip_greylist_hosts or +relay_from_hosts\n warn condition = ${if eq{$local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster address\n warn condition = ${if eq{$local_part}{abuse}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for abuse address\n warn condition = ${if eq{$sender_address_local_part}{}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for empty sender address\n warn condition = ${if eq{$sender_address_local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster sender address local part\n warn condition = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ lsearch{CONFDIR/skip_greylist}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by triplet of sender host address, sender address and recipient address\n warn recipients = @@wildlsearch;CONFDIR/skip_greylist_recipients set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by recipient address\n warn senders = @@wildlsearch;CONFDIR/skip_greylist_senders set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist sender address\n # если использовать серый список необходимо, # ищем запись о рилее/отправителе/получателе в "сером списке" warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} set acl_m0 = ${lookup{0.0.0.0|$sender_address|$local_part@$domain}\ dbm{/var/spool/exim/db/greylist.db}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} set acl_m0 = warn condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ dbm{/var/spool/exim/db/greylist.db}} # время блокировки записи в "сером списке" больше нуля # если запись в "сером списке" не найдена, создаем ее defer condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+9*60} \ record_expires=${eval:$tod_epoch+300*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, но истек record_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+9*60} \ record_expires=${eval:$tod_epoch+300*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, но не истек block_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if >{${extract{block_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${extract{record_expires}{$acl_m0}} \ blocked_count=${eval:${extract{blocked_count}{$acl_m0}}+1} \ passed_count=${extract{passed_count}{$acl_m0}} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, block_expires истек, а record_expires не истек warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${eval:$tod_epoch+36*24*60*60} \ blocked_count=${extract{blocked_count}{$acl_m0}} \ passed_count=${eval:${extract{passed_count}{$acl_m0}}+1} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} set acl_m15 = ${acl_m15}\t\ skip greylist: blocking time have expired but record TTL does not\n # Прием почты для получателей из локальных доменов accept domains = +local_domains endpass # Прием почты для получателей из доменов MS Exchange accept domains = +exchange_domains endpass # Отказ в приеме остальной почты deny message = Relay not permitted. Proper authentication required acl_check_predata: deny condition = ${if eq{$acl_m16}{}{no}{yes}} log_message = ${extract{1}{|}{$acl_m16}} message = ${extract{2}{|}{$acl_m16}} logwrite = original recipients: $recipients accept acl_check_mime: accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m13}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m13}}}{1}}\ {eq{${extract{authenticated}{$acl_m13}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m13}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m13}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m13}}}{1}}\ }{yes}{no}} accept acl_check_data: warn condition = ${if eq{$acl_m_fakereject}{}{no}{yes}} control = fakereject/${extract{3}{|}{$acl_m_fakereject}} log_message = ${extract{1}{|}{$acl_m_fakereject}} add_header = ${extract{2}{|}{$acl_m_fakereject}} add_header = X-Original-Recipients: $recipients logwrite = original recipients: $recipients # warn remove_header = X-Spam-Checker-Version:X-Spam-Info:X-Spam-Score:X-Spam-Status:X-Spam-Report:X-Spam-Flag:X-Spam-Level:X-Spam-Action:X-Spam-Original-Recipients # # Content Scanning # определение необходимости исклюения письма из проверки # # проверяем, надо ли делать исключение из проверки warn set acl_m5 = no_skip # делаем исключение, если это письмо для postmaster или abuse warn condition = ${if eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}{yes}{no}} add_header = X-Spam-Info: skip content checks on $primary_hostname for abuse addresses\n logwrite = skip content checks for abuse addresses set acl_m5 = skip # делаем исключение, если хост отправителя указан в глобальном white list warn condition = ${if eq{${extract{white_list_relays}{$acl_m13}}}{1}{yes}{no}} add_header = X-Spam-Info: skip content checks on $primary_hostname for white listed relay ($sender_host_address)\n logwrite = skip content checks for white listed relay set acl_m5 = skip warn condition = ${if eq{${extract{white_list_senders}{$acl_m13}}}{1}{yes}{no}} add_header = X-Spam-Info: skip content checks on $primary_hostname for white listed sender ($sender_address)\n logwrite = skip content checks for white listed sender set acl_m5 = skip # делаем исключение, если хост отправителя указан в +relay_from_hosts warn hosts = +relay_from_hosts add_header = X-Spam-Info: skip content checks on $primary_hostname for relay from host ($sender_host_address)\n logwrite = skip content checks for relay from host set acl_m5 = skip # делаем исключение, если отправитель аутентифицировался warn authenticated = * add_header = X-Spam-Info: skip content checks on $primary_hostname for authenticated sender\n logwrite = skip content checks for authenticated sender set acl_m5 = skip # делаем исключение, если размер сообщения превышает confCONTENT_SCANNING_MAX_MSG_SIZE warn condition = ${if >{$message_size}{192k}{yes}{no}} add_header = X-Spam-Info: skip content checks on $primary_hostname for large message ($message_size>192k)\n logwrite = skip content checks for large message (>192k) set acl_m5 = skip warn condition = ${if eq{$acl_m17}{quarantined}{yes}{no}} logwrite = original recipients: $recipients add_header = X-Original-Recipients: $recipients # Антивирусные проверки # Присвоение значения флагу warn set acl_c0 = clean # Проверка письма warn set acl_c1 = $acl_c0 set acl_c0 = clean set acl_m0 = clamd:/var/run/clamav/clamd set acl_m1 = skip_no_mbox_unspool set acl_m1 = check_no_mbox_unspool acl = acl_check_data_av warn condition = ${if eq{$acl_c0}{clean}{yes}{no}} add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: clean # Отмена удаления проверяемого письма из /var/spool/exim/scan в случае # DEFERа от антивируса # в параметреах был указан defer_no_mbox_unspool warn \ condition = ${if eq{$acl_m1}{check_no_mbox_unspool}{yes}{no}} condition = ${if eq{$acl_c0}{defer}{yes}{no}} control = no_mbox_unspool log_message = ClamAV: error while scanning message\ , spool files will not be deleted\ add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: deferred\ , mbox will not be unspooled\ # Фиктивный отказ от приема зараженного письма с пометкой письма # для помещения в карантин # REJECT, QUARANTINE warn \ condition = ${if eq{$acl_c0}{infected}{yes}{no}} set acl_c0 = quarantine control = fakereject/ClamAV found a virus: $malware_name logwrite = original recipients: $recipients add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: \ infected, malware $malware_name has been found\n\ X-Original-Recipients: $recipients log_message = ClamAV found a virus: $malware_name set acl_m7 = $acl_m7\ |ClamAV\ |$malware_name\ |/var/quarantine/AV/ClamAV/${malware_name}/${message_id}\ |"AntiVirus Admin "\ |$recipients\ |NEXT_PART_${sg{${tod_log}.${message_id}.${qualify_domain}.ClamAV}{\N\s\N}{.}}\ |${sg{CONFDIR/antivir_notification.txt}{CONFDIR}{/usr/local/etc/exim}} accept condition = ${if eq{$acl_c0}{quarantine}{yes}{no}} warn hosts = +relay_from_hosts condition = ${if def:h_Message-ID:{no}{yes}} add_header = Message-ID: warn authenticated = * condition = ${if def:h_Message-ID:{no}{yes}} add_header = Message-ID: warn condition = ${if def:h_Date:{no}{yes}} add_header = Date: $tod_full accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m13}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m13}}}{1}}\ {eq{${extract{authenticated}{$acl_m13}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m13}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m13}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m13}}}{1}}\ }{yes}{no}} acl = acl_smtp_data_before_accept add_header = X-Original-Recipients: $recipients # SpamAssassin # добавляем информацию о версии spamassassin warn add_header = X-Spam-Checker-Version: SpamAssassin Server version 3.1.8 on $primary_hostname\n warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} acl = acl_check_data_sa warn set acl_m0 = condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{no}{yes}} condition = ${if eq{$spam_score_int}{}{no}{yes}} condition = ${if <{$spam_score_int}{100}{no}{yes}} set acl_m0 = certainly_spam warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{yes}{no}} add_header = X-Spam-Info: spamd connection deferred on $primary_hostname\n log_message = spamd connection deferred # Add X-Spam-Flag if spam is over system-wide threshold warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{no}{yes}} spam = mailnull set acl_m_spamd_headers = ${sg{${acl_m_spamd_headers}}{\NX-Spam-Status: No\N}{X-Spam-Status: Yes}}\ X-Spam-Flag: YES\n\ X-Spam-Original-Recipients: $recipients\n logwrite = probably spam (score: $spam_score) warn add_header = $acl_m_spamd_headers # Reject and quarantine spam messages if spam score is over confSPAMASSASSIN_ACTION_SCORE warn condition = ${if eq{$acl_m0}{certainly_spam}{yes}{no}} control = fakereject/${if eq{$acl_m_dnsbl}{}{Spam blocked by content scanner}{$acl_m_dnsbl}} (${message_id})\n\ You may contact postmaster@$qualify_domain logwrite = Spam is blocked and quarantined ($spam_score ($spam_bar)) set acl_m_quarantined = yes add_header = \ X-Spam-Action: quarantined${if match{$spam_report}{BAYES_99}{}{ for learning}}\n\ \texim-conf version=4.67/2007-Nov-27 10:14/2007-11-27 10:23\n\ $acl_m15 accept condition = ${if eq{$acl_m0}{certainly_spam}{yes}{no}} logwrite = original recipients: $recipients warn acl = acl_smtp_data_before_accept accept acl_smtp_data_before_accept: accept acl_check_rcpt_before_accept: accept acl_dnsdb: # acl_m1 - запрос в виде тип_записи=аргумент # acl_m2 - результат запроса или defer в случае defer-а accept set acl_m2 = defer set acl_m2 = ${lookup dnsdb{$acl_m1}} accept set acl_m2 = acl_wildlsearch: # acl_m0 - результат # acl_m2 - список ключей # acl_c2 - путь к файлу данных accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m3 = ${extract{1}{\n}{$acl_m2}} set acl_m2 = ${sg{$acl_m2}{\N^.+\n?\N}{}} warn set acl_m0 = ${lookup{$acl_m3}wildlsearch{$acl_c2}{\ ${if eq{$value}{}{yes}{$value}}}{}} accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn acl = acl_wildlsearch accept acl_iplsearch: # acl_m0 - результат # acl_m2 - список A записей # acl_c2 - путь к файлу со списком сетей и хостов accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m3 = ${extract{1}{\n}{$acl_m2}} set acl_m2 = ${sg{$acl_m2}{\N^.+\n?\N}{}} warn set acl_m0 = ${lookup{$acl_m3}iplsearch{$acl_c2}{\ ${if eq{$value}{}{yes}{$value}}}{}} accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn acl = acl_iplsearch accept acl_ptrlist_iplsearch: # acl_m0 - результат # acl_m2 - список PTR записей # acl_c2 - путь к файлу со списком сетей и хостов accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m11 = ${extract{1}{\n}{$acl_m2}} set acl_m1 = ${sg{$acl_m2}{\N^.+\n?\N}{}} set acl_m2 = ${lookup dnsdb{a=$acl_m11}} acl = acl_iplsearch accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn set acl_m2 = $acl_m1 warn acl = acl_ptrlist_iplsearch accept normalize_action: accept set acl_m1 = ${sg{${sg{${sg{${sg{${sg{${sg{${sg{\ ${lc:$acl_m1}\ }{\N^\s+\N}{}}\ }{\N\s+$\N}{}}\ }{:}{=}}\ }{warn}{warn=yes}}\ }{deny}{reject}}\ }{delay}{pause}}\ }{greylisting}{greylist}} acl_check_data_av: warn set acl_c0 = defer accept ! malware = * set acl_c0 = clean warn set acl_c0 = infected accept acl_check_data_sa: warn set acl_c0 = defer # Always add X-Spam-Score and X-Spam-Report headers, using spamassassin system-wide settings warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} spam = mailnull:true set acl_m_spamd_headers = \ X-Spam-Score: $spam_score ($spam_bar)\n\ ${sg{\ ${sg{X-Spam-Report: $spam_report\n}{\N\n\s+(X-Spam-\S*:\s)\N}{\n\$1}}\ }{\N\n\s+(X-Daemon-Classification:\s)\N}{\n\$1}} set acl_c0 = accept condition = ${if eq{$acl_c0}{defer}{yes}{no}} warn set acl_c0 = nospam spam = mailnull set acl_c0 = spam accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers virtusertable: driver = redirect domains = +virtuser_domains : +local_domains condition = ${if match\ {${lookup{$local_part@$domain}wildlsearch{CONFDIR/virtusertable}\ {$value}{\ ${lookup{@$domain}wildlsearch{CONFDIR/virtusertable}{$value}{no}}\ }}}\ {\N(?i)^\s*(no|(warn|reject|deny|defer)\S*:)\N}{no}{yes}} data = ${sg{\ ${lookup{$local_part@$domain}wildlsearch{CONFDIR/virtusertable}\ {$value}{\ ${lookup{@$domain}wildlsearch{CONFDIR/virtusertable}{$value}{}}\ }}\ }{\N%1\N}{$local_part}} no_more exchange_router: driver = manualroute transport = remote_smtp domains = +exchange_domains # user disabled if userAccountControl && 2 == 2 route_data = ${lookup ldap{\ user="user@deltamedical.com.ua" pass=password \ ldap:///dc=deltamedical,dc=com,dc=ua?cn,proxyAddresses,userAccountControl?sub?\ (&\ (|\ (objectClass=user)\ (objectClass=publicFolder)\ (objectClass=group)\ )\ (proxyAddresses=SMTP:${quote_ldap:${local_part}@${domain}})\ )\ }\ {${if or{\ {eq{${extract{userAccountControl}{$value}}}{}}\ {!eq{${perl{and}{${extract{userAccountControl}{$value}}}{2}}}{2}}\ }{192.168.100.6}fail}\ }fail} cannot_route_message = ${lookup ldap{\ user="user@deltamedical.com.ua" pass=password \ ldap:///dc=deltamedical,dc=com,dc=ua?cn,proxyAddresses,userAccountControl?sub?\ (&\ (|\ (objectClass=user)\ (objectClass=publicFolder)\ (objectClass=group)\ )\ (proxyAddresses=SMTP:${quote_ldap:${local_part}@${domain}})\ )\ }\ {${if or{\ {eq{${extract{userAccountControl}{$value}}}{}}\ {!eq{${perl{and}{${extract{userAccountControl}{$value}}}{2}}}{2}}\ }{192.168.100.6}{User exists, but disabled}}\ }{Unrouteable address}} no_more dnslookup: driver = dnslookup transport = remote_smtp domains = ! +local_domains : ! +exchange_domains ignore_target_hosts = 0.0.0.0 \ : !+relay_from_hosts \ : +private_networks no_more system_aliases: driver = redirect domains = +local_domains allow_fail allow_defer require_files = CONFDIR/aliases.db data = ${lookup{$local_part}dbm{CONFDIR/aliases.db}} user = mailnull group = mail file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect domains = +local_domains check_local_user file = $home/.forward no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply require_files = $home/.forward localuser: driver = accept domains = +local_domains check_local_user transport = local_delivery ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports #fake_transport: # driver = appendfile # file = /dev/null remote_smtp: driver = smtp ##PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender ## was true (the default) a successful delivery failed to delete the retry ## item, thus causing premature timeout of the address. The bug is now ## fixed. # address_retry_include_sender = false local_delivery: driver = appendfile file = /var/mail/$local_part delivery_date_add envelope_to_add return_path_add group = mail user = $local_part mode = 0640 no_mode_fail_narrower filter_pipe: driver = pipe # user = mailnull # group = mail return_fail_output address_pipe: driver = pipe # return_output message_prefix = return_fail_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_directory: driver = appendfile delivery_date_add envelope_to_add return_path_add maildir_format = true # create_directory = true # directory_mode = 750 # mode = 0640 address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # Domain Error Retries # ------ ----- ------- #* * F,2h,15m; G,16h,1h,1.5; F,4d,6h * * F,2h,5m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### begin rewrite # From To # ---- -- #*@*.domain.tld $1@domain.tld #\N^(.+)@(.+)$\N ${lc:$1}@$2 hE *@* ${lc:$1}@$2 hE