[exim-conf] auto whitelist средствами exim-conf
Sasha Usov
blessendor на gmail.com
Ср Окт 29 16:14:12 EET 2008
Victor Ustugov пишет:
> exim -bhc
>
> там все будет видно четко и ясно
>
>
>
Проверял... получается, что кондишн получает failed
>>> processing "accept"
>>> check condition = ${if
or{{eq{${extract{submitted}{$acl_m_wl_flag_msg}}}{1}}{eq{${extract{relay_from_hosts}{$acl_m_wl_flag_msg}}}{1}}{eq{${extract{authenticated}{$acl_m_wl_flag_msg}}}{1}}{eq{${extract{white_list_relays}{$acl_m_wl_flag_msg}}}{1}}{eq{${extract{white_list_senders}{$acl_m_wl_flag_msg}}}{1}}}{yes}{no}}
>>> = no
>>> accept: condition test failed
=========
Может еще какие-то нужны параметры конфига, от которых зависит
правильное (своевременное) применения кондишина?
Как я понял из features/awl.m4, ключевая переменная - acl_m9. Вывод exim
-bhc не содержит такой. Если есть время пробежаться по полному списку
конфига для конфигуратора:
dnl ##################################################################
dnl GENERAL CONFIGURATION CONTROLS
dnl ##################################################################
define(`confCONFIGURE_GENERAL', `/usr/local/etc/exim/configure.general')dnl
define(`confEXIM_USER', `mailnull')dnl
define(`confEXIM_GROUP', `mail')dnl
define(`confMESSAGE_SIZE_LIMIT', `20M')
define(`confIGNORE_BOUNCE_ERRORS_AFTER', `2d')dnl
define(`confTIMEOUT_FROZEN_AFTER', `7d')dnl
define(`confPERL', `CONFDIR/exim.pl')dnl
dnl ##################################################################
dnl FEATURES
dnl ##################################################################
define(`confMYSQL', `******************************')
define(`confVIRTUSERTABLE', `MYSQL')dnl
define(`confVIRTUSERTABLE_MYSQL', `SELECT goto FROM alias WHERE
address="${quote_mysql:$local_part@$domain}"')dnl
define(`confVIRTUSERTABLE_DOMAIN_MYSQL', `SELECT goto FROM alias WHERE
address="${quote_mysql:@$domain}"')dnl
define(`confDELIVERY_TO', `MDIR_VIRTUAL')dnl
define(`confVIRT_MDIR_ROOT', `/var/vmail')dnl
define(`confVIRT_MDIR_PATH', confVIRT_MDIR_ROOT`/$domain/$local_part')
define(`confVIRT_MDIR_USER', `mailnull')dnl
define(`confVIRT_MDIR_GROUP', `mail')dnl
define(`confVIRT_MDIR_CHOWN_RECURSIVE', `YES')dnl
define(`confVIRT_MDIR_CHMOD_RECURSIVE', `YES')dnl
define(`confVIRT_MDIR_DIR_MODE', `0770')dnl
define(`confVIRT_MDIR_FILE_MODE', `0640')dnl
define(`confVIRT_MDIR_USERLIST', `MYSQL')dnl
define(`confVIRT_MDIR_MYSQL', `SELECT username, maildir as home, maildir
= "/var/vmail/$domain/$local_part" FROM mailbox WHERE
username="${quote_mysql:$local_part@$domain}"')dnl
define(`confVIRT_MDIR_ALIASES', `MYSQL')dnl
define(`confVIRT_MDIR_MYSQL_ALIAS', `SELECT goto FROM alias WHERE
address="${quote_mysql:$local_part@$domain}"')dnl
define(`confVIRT_MDIR_QUOTA', `NO')dnl
define(`confSECONDARY_RELAY', `YES')dnl
define(`confMAILERTABLE', `TEXT')dnl
define(`confMAILERTABLE_CALLOUTTABLE', `YES')dnl
define(`confGREYLIST', `OPTIONAL')dnl
define(`confGREYLIST_BLOCKED', `6')dnl
define(`confGREYLIST_RECORD_EXPIRE_MIN', `300')dnl
define(`confGREYLIST_BACKEND', `SQLITE')dnl
define(`confGREYLIST_SQLITE_CACHE',
`/var/spool/exim/db/greylistsqlite.db')dnl
dnl при SQLITE в confGREYLIST_BACKEND:
dnl
define(`confGREYLIST_SQLITE_SELECT_PRELOAD', `\
SELECT * FROM greylist \
WHERE sender_host_address="0.0.0.0" AND
sender_address="${quote_sqlite:$local_part@$domain}" AND
recipient_address="${quote_sqlite:$sender_address}";')dnl
define(`confGREYLIST_SQLITE_UPDATE_PRELOAD', `\
UPDATE greylist \
SET block_expires=$tod_epoch,
record_expires=${eval:$tod_epoch+confGREYLIST_ADDR_PRELOAD_TTL*60},
passed_count=passed_count+1, last_update=$tod_epoch \
WHERE sender_host_address="0.0.0.0" AND
sender_address="${quote_sqlite:$local_part@$domain}" AND
recipient_address="${quote_sqlite:$sender_address}";')dnl
define(`confGREYLIST_SQLITE_INSERT_PRELOAD', `\
INSERT INTO greylist (sender_host_address, sender_address,
recipient_address, block_expires, record_expires, blocked_count,
passed_count, aborted_count, origin_type, create_time, last_update) \
VALUES ("0.0.0.0", "${quote_sqlite:$local_part@$domain}",
"${quote_sqlite:$sender_address}", $tod_epoch,
${eval:$tod_epoch+confGREYLIST_ADDR_PRELOAD_TTL*60}, 0, 0, 0, "AUTO",
$tod_epoch, $tod_epoch);')dnl
dnl
define(`confGREYLIST_SQLITE_CHECK_PRELOAD', `\
SELECT * FROM greylist \
WHERE sender_host_address="0.0.0.0" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
define(`confGREYLIST_SQLITE_DELETE_PRELOAD', `\
DELETE FROM greylist \
WHERE sender_host_address="0.0.0.0" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
dnl
define(`confGREYLIST_SQLITE_SELECT', `\
SELECT * FROM greylist \
WHERE sender_host_address="${quote_sqlite:$sender_host_address}" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
dnl
define(`confGREYLIST_SQLITE_INSERT', `\
INSERT INTO greylist (sender_host_address, sender_address,
recipient_address, block_expires, record_expires, blocked_count,
passed_count, aborted_count, origin_type, create_time, last_update) \
VALUES ("$sender_host_address", "${quote_sqlite:$sender_address}",
"${quote_sqlite:$local_part@$domain}",
${eval:$tod_epoch+confGREYLIST_BLOCKED*60},
${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, 1, 0, 0, "AUTO",
$tod_epoch, $tod_epoch);')dnl
define(`confGREYLIST_SQLITE_UPDATE_INIT', `\
UPDATE greylist \
SET block_expires=${eval:$tod_epoch+confGREYLIST_BLOCKED*60},
record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60},
blocked_count=1, passed_count=0, aborted_count=0, origin_type="AUTO",
create_time=$tod_epoch, last_update=$tod_epoch \
WHERE sender_host_address="$sender_host_address" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
define(`confGREYLIST_SQLITE_UPDATE_BLOCK', `\
UPDATE greylist \
SET blocked_count=blocked_count+1, last_update=$tod_epoch \
WHERE sender_host_address="$sender_host_address" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
define(`confGREYLIST_SQLITE_UPDATE_PASS', `\
UPDATE greylist \
SET
record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE*24*60*60},
passed_count=passed_count+1, last_update=$tod_epoch \
WHERE (sender_host_address="$sender_host_address" OR
sender_host_address="0.0.0.0") AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
dnl
define(`confGREYLIST_SQLITE_LEARN_INSERT', `\
INSERT INTO greylist (sender_host_address, sender_address,
recipient_address, block_expires, record_expires, blocked_count,
passed_count, aborted_count, origin_type, create_time, last_update) \
VALUES ("$sender_host_address", "${quote_sqlite:$sender_address}",
"${quote_sqlite:$local_part@$domain}", $tod_epoch,
${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, 1, 0, 0, "AUTO",
$tod_epoch, $tod_epoch);')dnl
define(`confGREYLIST_SQLITE_LEARN_UPDATE_INIT', `\
UPDATE greylist \
SET block_expires=$tod_epoch,
record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60},
blocked_count=1, passed_count=0, aborted_count=0, origin_type="AUTO",
create_time=$tod_epoch, last_update=$tod_epoch \
WHERE sender_host_address="$sender_host_address" AND
sender_address="${quote_sqlite:$sender_address}" AND
recipient_address="${quote_sqlite:$local_part@$domain}";')dnl
dnl
define(`confGREYLIST_SQLITE_DELETE_EXPIRED', `DELETE FROM greylist WHERE
block_expires < strftime(\"%s\",\"now\");')dnl
define(`confGREYLIST_SKIP', `AUTH FROM_<> FROM_POSTMASTER TO_POSTMASTER
TO_ABUSE TLS_PASS')
define(`confGREYLIST_MESSAGE', `Mail server too busy. Please try again
later...')dnl
define(`confGREYLIST_BLOCKED_OPTIONAL', `10')dnl
define(`confGREYLIST_ADDR_PRELOAD', `YES')
define(`confGREYLIST_ADDR_PRELOAD_TTL',`240')
define(`confSTARTTLS', `YES')dnl
define(`confTLS_CERTIFICATE', `CONFDIR/exim.pem')dnl
define(`confTLS_PRIVATEKEY', `CONFDIR/exim.pem')dnl
define(`confSMTP_AUTH', `YES')dnl
define(`confSMTP_AUTH_LOGIN', `YES')dnl
define(`confSMTP_AUTH_SOURCE', `LDAPAUTH')dnl
define(`confSMTP_AUTH_LDAPAUTH_HOST', `192.168.0.2')dnl
define(`confSMTP_AUTH_LDAPAUTH_LOGIN',
`cn=LOGIN,cn=Users,dc=deltamedical,dc=com,dc=ua')dnl
define(`confSMTP_AUTH_LDAPAUTH_LOGIN', `LOGIN на deltamedical.com.ua')dnl
define(`confSMTP_AUTH_LDAP_HOST', `192.168.0.2')dnl
define(`confSMTP_AUTH_LDAP_LOGIN', `admin')dnl
define(`confSMTP_AUTH_LDAP_PASS', `pass')dnl
define(`confSMTP_AUTH_LDAP_BASE', `dc=deltamedical,dc=com,dc=ua')dnl
define(`confSMTP_AUTH_LDAP_PASSWD_ATTR', `userPassword')dnl
define(`confSMTP_AUTH_LDAP_FILTER',
`(&(objectClass=posixAccount)(uid=LOGIN))')dnl
dnl ##################################################################
dnl RELAY
dnl ##################################################################
define(`confWHITE_LIST_RELAYS', `YES')dnl
define(`confWHITE_LIST_SENDERS', `YES')dnl
define(`confCHECK_RELAY_RESOLVE', `GREYLIST:10')dnl
define(`confCHECK_RELAY_FORGED', `GREYLIST:10')dnl
define(`confCHECK_RELAY_RESOLVE_SKIP', `AUTH RELAY_FROM ACCESS')dnl
define(`confCHECK_RELAY_ACCESS', `GREYLIST:10')dnl
define(`confCHECK_RELAY_DIALUP', `GREYLIST:10')dnl
define(`confCHECK_OPEN_PROXY', `NO')dnl
define(`confCHECK_OPEN_PROXY_CACHE', `/var/spool/exim/db/proxycheck.db')dnl
define(`confCHECK_OPEN_PROXY_CACHE_TTL', `1440')dnl
define(`confCHECK_OPEN_PROXY_TIMEOUT', `60')dnl
define(`confCHECK_OPEN_PROXY_HOST', `bsd.falbi.kiev.ua:25')dnl
define(`confCHECK_OPEN_PROXY_BANNER', `220 bsd.falbi.kiev.ua ESMTP
daemon')dnl
dnl ##################################################################
dnl ENVELOPE
dnl ##################################################################
define(`confVERIFY_HELO', `YES')dnl
define(`confCHECK_HELO_OWN', `REJECT')dnl
define(`confCHECK_HELO_MISCONFIGURED', `REJECT')dnl
define(`confCHECK_HELO_IP', `REJECT')dnl
define(`confCHECK_HELO_ACCESS', `REJECT')dnl
define(`confCHECK_HELO_FORGED', `YES')dnl
define(`confCHECK_HELO_FQDN', `REJECT')dnl
define(`confCHECK_HELO_FQDN_SKIP', `AUTH RELAY_FROM HOST_LIST')dnl
define(`confCHECK_HELO_TOP_LEVEL', `GREYLIST:10')dnl
define(`confCHECK_HELO_TOP_LEVEL_SKIP',
`ac:ad:ae:aero:af:ag:ai:al:am:an:ao:aq:ar:arpa:as:asia:at:au:aw:ax:az:ba:bb:bd:be:bf:bg:bh:bi:biz:bj:bm:bn:bo:br:bs:bt:bv:bw:by:bz:ca:cat:cc:cd:cf:cg:ch:ci:ck:cl:cm:cn:co:com:coop:cr:cu:cv:cx:cy:cz:de:dj:dk:dm:do:dz:ec:edu:ee:eg:er:es:et:eu:fi:fj:fk:fm:fo:fr:ga:gb:gd:ge:gf:gg:gh:gi:gl:gm:gn:gov:gp:gq:gr:gs:gt:gu:gw:gy:hk:hm:hn:hr:ht:hu:id:ie:il:im:in:info:int:io:iq:ir:is:it:je:jm:jo:jobs:jp:ke:kg:kh:ki:km:kn:kp:kr:kw:ky:kz:la:lb:lc:li:lk:lr:ls:lt:lu:lv:ly:ma:mc:md:me:mg:mh:mil:mk:ml:mm:mn:mo:mobi:mp:mq:mr:ms:mt:mu:museum:mv:mw:mx:my:mz:na:name:nc:ne:net:nf:ng:ni:nl:no:np:nr:nu:nz:om:org:pa:pe:pf:pg:ph:pk:pl:pm:pn:pr:pro:ps:pt:pw:py:qa:re:ro:rs:ru:rw:sa:sb:sc:sd:se:sg:sh:si:sj:sk:sl:sm:sn:so:sr:st:su:sv:sy:sz:tc:td:tel:tf:tg:th:tj:tk:tl:tm:tn:to:tp:tr:travel:tt:tv:tw:tz:ua:ug:uk:us:uy:uz:va:vc:ve:vg:vi:vn:vu:wf:ws:ye:yt:yu:za:zm:zw')dnl
define(`confCHECK_HELO_TOP_LEVEL_DEFER_OK', `NO')dnl
define(`confCHECK_MAIL_DOMAIN_A', `WARN GREYLIST:10')dnl
define(`confCHECK_MAIL_DOMAIN_MX', `WARN GREYLIST:10')dnl
define(`confVERIFY_SENDER', `REJECT')dnl
define(`confVERIFY_SENDER_SKIP', `RELAY AUTH MAIL RCPT')dnl
define(`confVERIFY_SENDER_TIMEOUT', `120s')dnl
define(`confVERIFY_SENDER_DEFER_OK_PHP', `YES')
define(`confVERIFY_SENDER_DEFER_OK_PHP_SENDER_LOCAL_PARTS',
`www|apache|nobody')
define(`confVERIFY_RECIPIENT_TIMEOUT', `120s')dnl
define(`confRECIPIENTS_SPAM_FRIENDS', `YES')dnl
define(`confRECIPIENTS_SPAM_HATERS', `YES')dnl
define(`confCHECK_DICT_ATTACK', `YES')dnl
define(`confCHECK_DICT_ATTACK_RCPT_FAIL_COUNT', `5')dnl
define(`confCHECK_DICT_ATTACK_DELAY', `30')dnl
define(`confCHECK_MAIL_ACCESS', `REJECT')dnl
define(`confAWL', `SQLITE')dnl
define(`confAWL_SENDER_DOMAINS', `+local_domains : +relay_to_domains')dnl
define(`confAWL_PERIOD', `60*24*2')dnl
define(`confAWL_SQLITE_FILE', `/var/spool/exim/db/awl.db')dnl
define(`confAWL_SQLITE_CHECK', `SELECT expires FROM awl WHERE
recipient="${quote_sqlite:$local_part@$domain}" AND
sender="${quote_sqlite:$sender_address}" AND expires > $tod_epoch;')dnl
define(`confAWL_SQLITE_SELECT', `SELECT expires FROM awl WHERE
recipient="${quote_sqlite:$sender_address}" AND
sender="${quote_sqlite:$local_part@$domain}" AND expires > $tod_epoch;')dnl
define(`confAWL_SQLITE_INSERT', `INSERT INTO awl (recipient, sender,
expires) VALUES ("${quote_sqlite:$sender_address}",
"${quote_sqlite:$local_part@$domain}", $tod_epoch+60*confAWL_PERIOD);')dnl
define(`confAWL_SQLITE_UPDATE', `UPDATE awl SET expires =
$tod_epoch+60*confAWL_PERIOD WHERE
recipient="${quote_sqlite:$sender_address}" AND
sender="${quote_sqlite:$local_part@$domain}";')dnl
define(`confAWL_SQLITE_DELETE', `DELETE FROM awl WHERE expires <
strftime(\"%s\",\"now\");')dnl
dnl ##################################################################
dnl HEADER
dnl ##################################################################
define(`confCHECK_FILE_EXT', `REJECT')dnl
define(`confCHECK_FILE_EXT_LIST',
`com:exe:bat:cmd:wsh:wsf:wsp:lnk:scr:pif:js:jse:vbs:vbe:hta:dll:hlp:chm:shs:cpl')dnl
define(`confCHECK_FILE_EXT_SKIP', `AUTH RELAY_FROM WHITE_LIST_RELAYS')dnl
dnl define(`confCHECK_MESSAGE_ID', `EMPTY:GREYLIST:10')dnl
dnl ##################################################################
dnl BODY
dnl ##################################################################
define(`confCONTENT_SCANNING', `SPAMASSASSIN')dnl
define(`confCONTENT_SCANNING_SKIP', `AUTH RELAY_FROM')dnl
define(`confCONTENT_SCANNING_MAX_MSG_SIZE', `192k')dnl
define(`confCONTENT_SCANNING_QUARANTINE', `SYSTEM')dnl
define(`confSPAMASSASSIN_ACTION_SCORE', `6')dnl
define(`confSPAMASSASSIN_NAME_VERSION', `spamd -V 2>/dev/null | head -n
1 | perl -p -e "chomp"')
define(`confSPAMASSASSIN_NAME_VERSION_DEFAULT', `SpamAssassin Server')
define(`confSPAMASSASSIN_SPAMD_ADDRESS', `127.0.0.1 783')
define(`confSPAMASSASSIN_USER', `mailnull')dnl
define(`confSPAMASSASSIN_DEFER_OK', `YES')
define(`confSPAMASSASSIN_ACTION', `REJECT QUARANTINE')dnl
define(`confSPAMASSASSIN_QUARANTINE_DIR',
`/var/vmail/web.deltamedical.com.ua/spamtrap/.SA-Spam/')dnl
define(`confSPAMASSASSIN_QUARANTINE_DIR_LEARN',
`/var/vmail/web.deltamedical.com.ua/spamtrap/.SA-Learn/')dnl
define(`confSPAMASSASSIN_OLD_HEADERS', `RENAME')dnl
define(`confSPAMASSASSIN_HEADERS',
`X-Spam-Checker-Version:X-Spam-Info:X-Spam-Score:X-Spam-Status:X-Spam-Report:X-Spam-Flag:X-Spam-Level:X-Spam-Action:X-Spam-Original-Recipients')dnl
define(`confSYSTEM_FILTER', `CONFDIR/system_filter')dnl
define(`confSYSTEM_FILTER_USER', confEXIM_USER)dnl
define(`confSYSTEM_FILTER_WARNINGS_DIR',
`/var/vmail/web.deltamedical.com.ua/spamtrap/.SysFilter-Warn')dnl
define(`confSYSTEM_FILTER_WARNINGS_AGE', `30')dnl
define(`confSYSTEM_FILTER_QUARANTINE_DIR',
`/var/vmail/web.deltamedical.com.ua/spamtrap/.SysFilter-Spam')dnl
define(`confSYSTEM_FILTER_QUARANTINE_AGE', `30')dnl
define(`confQUARANTINE_DIR',
`/var/vmail/web.deltamedical.com.ua/spamtrap/.AntiVirus')dnl
ANTIVIRUS(`ClamAV', `QUARANTINE REJECT', `clamd:/var/run/clamav/clamd',
`defer_ok defer_no_mbox_unspool')
define(`confAV_NOTIFY', `POSTMASTER')dnl
define(`confAV_ADMIN', `"AntiVirus Admin <root[]deltamedical.com.ua>"')dnl
define(`confAV_NOTIFY_FROM', `"AntiVirus Daemon
<spam[]deltamedical.com.ua>"')dnl
define(`confAV_NOTIFY_SUBJECT', `VIRUS HAS BEEN FOUND!')dnl
DNS_BL(`dul.ru', `deny', `defer',`dialup')
DNS_BL(`dialups.mail-abuse.org',`deny', `pass',
`dialup')
DNS_BL(`dynablock.easynet.nl', `deny', `pass',
`dialup')
DNS_BL(`dynablock.njabl.org', `deny', `pass',
`dialup')
DNS_BL(`new.dnsbl.sorbs.net',
`deny', `pass', `without_txt')
DNS_BL(`smtp.dnsbl.sorbs.net', `deny',
`pass', `without_txt')
DNS_BL(`http.dnsbl.sorbs.net', `deny',
`pass', `without_txt')
DNS_BL(`socks.dnsbl.sorbs.net', `deny',
`pass', `without_txt')
DNS_BL(`dul.dnsbl.sorbs.net', `deny', `pass',
`dialup')
DNS_BL(`bl.spamcop.net', `deny',
`pass', `without_txt')
DNS_BL(`cbl.abuseat.org', `deny',
`pass', `without_txt')
Подробная информация о списке рассылки exim-conf
