» FAQ по Exim MTA #2

Nekt
Цитата:

не очень могу понять

Да что там понимать? Криво твой хост настроен. Но в чем именно кривизна, при таких скудных исходных данных - только к телепатам.

vlary
а чего ещё подкинуть?

Nekt

Цитата:

а чего ещё подкинуть?

Имя почтового домена, вестимо...
Оно не секретное, его весь интернет знает. Наверное, для того и создавалось.

у меня виртуальная площадка, почта шлется на mail.ru. в том случае...
причем хост мой под айпи, на него ссылается домен с другого хоста.
phpbb отправляет почту.

Nekt
Цитата:

у меня виртуальная площадка

Ну, теперь мне картина понятна.
Кратко резюмируя - Exim здесь вообще не при делах, как говорится, "на его месте мог бы оказаться каждый".
Вне зависимости от того, где находится почтовый сервер, в чулане, в Африке, на собачьей площадке, он должен соответствовать некоторым требованиям.
Если он не соответствует, то это не сервер, а спам-машина, и уважающие себя
почтовые сервера почту от него принимать не будут.
Об этом много писали здесь: Почтовый сервер с Нуля либо переходим на свой почтовый сервер. , либо Как быть, когда mail.ru не принимает почту.
Читай, просвещайся.

Alukardd спасибо. Не пришло в голову посмотреть конфиг, там забавно все было до меня сделано

Теперь пытаюсь понять почему при рассылке почты клиентам из программы самописной в логах проскакивают такие вот месяги:


+++ 1V5DGr-0000Qb-Nj has not completed +++
2013-08-02 15:11:46 [1649] 1V5DGr-0000Qb-Nj SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1V5DGr-0000Qb-Nj). From <************@***********.ru> (host=***.**.****.** [***.**.*.***]) for ****@YANDEX.RU
2013-08-02 15:11:46 [1649] 1V5DGr-0000Qb-Nj SMTP connection lost after final dot H=***.**.****.** (SignOnEdit) [***.**.*.***]:2876 I=[***.**.*.***]:25 P=smtp

iceplane
Показывайте конфиг в more.

[more]
Цитата:

Показывайте конфиг в more.

К своему стыду, не понял что это значит.

Вот конфиг, которой exim собирает в итоге (как я понял)

Код:
#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file was generated dynamically from
# split config files in the /etc/exim4/conf.d/ directory.
# The config files are supplemented with package installation/configuration
# settings managed by debconf. This data is stored in
# /etc/exim4/update-exim4.conf.conf
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS=true
CHECK_MAIL_HELO_ISSUED=true
REMOTE_SMTP_HOSTS_AVOID_ESMTP= (тут куча ip)
exim_path = /usr/sbin/exim4

.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif

UPEX4CmacrosUPEX4C = 1
##############################################
# the following macro definitions were created
# dynamically by /usr/sbin/update-exim4.conf
.ifndef MAIN_LOCAL_INTERFACES
MAIN_LOCAL_INTERFACES=0.0.0.0
.endif
.ifndef MAIN_PACKAGE_VERSION
MAIN_PACKAGE_VERSION=4.80-7
.endif
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS=@:localhost: домены рабочие
.endif
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS=empty
.endif
.ifndef ETC_MAILNAME
ETC_MAILNAME=домен
.endif
.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=mail_spool
.endif
.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS=внутренние айпишники
.endif
.ifndef DCreadhost
DCreadhost=empty
.endif
.ifndef DCsmarthost
DCsmarthost=empty
.endif
.ifndef DC_eximconfig_configtype
DC_eximconfig_configtype=internet
.endif
.ifndef DCconfig_internet
DCconfig_internet=1
.endif
##############################################


domainlist local_domains = MAIN_LOCAL_DOMAINS

domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS

hostlist relay_from_hosts = MAIN_RELAY_NETS

.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif

.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif

.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=mail_spool
.endif

gecos_pattern = ^([^,:]*)
gecos_name = $1

.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif

.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif

.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif

.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL

.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT

.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA

.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif

av_scanner = clamd:/var/run/clamav/clamd.ctl

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif

.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif

.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif

rfc1413_hosts = *
rfc1413_query_timeout = 0s

.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif

smtp_accept_max=8192
smtp_accept_max_per_host=32

.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif

.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER

.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER

.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL

.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR

.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif

.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS

.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif

.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
                 {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES

.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif

.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif

.endif

local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so

system_filter=/etc/exim4/out_filter.exim
system_filter_pipe_transport=shell_pipe

MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject +smtp_connection

.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif

begin acl

acl_local_deny_exceptions:
accept
hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
{CONFDIR/host_local_deny_exceptions}\
{}}
accept
senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
{CONFDIR/sender_local_deny_exceptions}\
{}}
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}

.ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.endif

.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif

acl_check_mail:
.ifdef CHECK_MAIL_HELO_ISSUED
deny
message = no HELO given before MAIL command
condition = ${if def:sender_helo_name {no}{yes}}
.endif

accept
authenticated = *

drop
message = HELO doesn't look like a hostname
log_message = Not a hostname
condition = ${if match{$sender_helo_name} {\N^[^.].*\.[^.]+$\N}{no}{yes}}
hosts = !+relay_from_hosts
!acl = acl_local_deny_exceptions

accept

acl_check_rcpt:

warn hosts = +relay_from_hosts:127.0.0.1/8
set acl_m0 = do-not-scan



warn hosts = внутренние айпи
set acl_m0 = do-not-scan

accept
hosts = :
control = dkim_disable_verify

.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif



.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif

accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains

.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif

deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout

accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify

accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify

require
message = relay not permitted
domains = +local_domains : +relay_to_domains

require
verify = recipient

deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout

deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}

deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}

.ifdef CHECK_RCPT_REVERSE_DNS
warn
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
.endif

.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}

warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}

warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
{pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif

.ifdef CHECK_RCPT_IP_DNSBLS
warn
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif

.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
.endif

.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif

accept
domains = +relay_to_domains
endpass
verify = recipient

accept

acl_check_data:

.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_local_deny_exceptions
!verify = header_syntax
.endif

.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif

deny
malware = *
message = This message was detected as possible malware ($malware_name).

.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif

accept

begin routers

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif

hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
same_domain_copy_routing = yes
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp

.ifdef DCconfig_internet

dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = локальные айпи
no_more

.endif

.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more

.endif

.ifdef DCconfig_smarthost DCconfig_satellite

smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more

.endif

COND_LOCAL_SUBMITTER = "\
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
        }"

real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif

.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user

hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
check_local_user
.endif

userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.

procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
require_files = ${local_part}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn

maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif

.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif

COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
${if and{{! match_ip{$sender_host_address}{:@[]}}\
{<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
{1}{0}\
        }"

lowuid_aliases:
debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
check_local_user
driver = redirect
allow_fail
domains = +local_domains
condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
data = ${if exists{CONFDIR/lowuid-aliases}\
{${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
{$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}

everybody_router:
debug_print = "R: everybody for $local_part@$domain"
driver = accept
domains = $domain
local_parts = everybody
condition = ${if match_ip{$sender_host_address}{айпи}}
transport = everybody_transport

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user

mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

begin transports

.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif

.ifdef REMOTE_SMTP_HELO_FROM_DNS
.ifdef REMOTE_SMTP_HELO_DATA
REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.else
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
.endif

address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false

maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add

procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif

shell_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/bin/bash"
user = Debian-exim
return_path_add
delivery_date_add
envelope_to_add

everybody_transport:
debug_print = "T: everybody for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/etc/exim4/send_to_all"
user = Debian-exim
return_path_add
delivery_date_add
envelope_to_add

address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
maildir_format

begin retry

* * F,2h,3m; G,16h,20m,1.1; F,4d,30m
zzzyyyzzz.ru            *    F,3h,3m; G,24h,10m,1.1; F,5d,30m
zzzyyyzzz.ru            *    F,3h,3m; G,24h,10m,1.1; F,5d,30m
zzzyyyzzz.ru                *    F,3h,3m; G,24h,10m,1.1; F,5d,30m
zzzyyyzzz.ru            *    F,3h,1m; G,24h,15m,1.1; F,5d,30m

begin rewrite

.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
.endif

begin authenticators

plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif

login_saslauthd_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif

cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}

PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
     }\
     {\\N[\\^]\\N}\
     {^^}\
     }

plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
         ^${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}\
         }fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
         ^${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.endif

login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if and{\
{!eq{$tls_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.else
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
         ; ${sg{PASSWDLINE}{\\N([^:]+(.*)\\N}{\\$2}}"
.endif

Бяда бяда! походу у одного из клиентов сидит вирус который делает рассылки из-за чего постоянно ип одного почтового сервера попадает в самые популярные DNSBL!
Вопрос: Как включить логирование исходящих писем чтобы отследить спамера?

DJs3000
Оно и так по умолчанию включено и пишется в mainlog вместе со входящими...
Обратить внимание стоит на log_selector.

DJs3000
Цитата:

Как включить логирование исходящих писем чтобы отследить спамера?

Собственно, тебе нужны не исходящие, а входящие, которые идут из локалки либо с авторизацией. Логирование легко настраивается в аккцесс-листах с любыми необходимыми тебе параметрами. Например, назначаешь акцесс-лист для acl_smtp_rcpt,
и там логируешь все сообщения с локальными адресами для нелокальных

Код: warn
senders = *@company.ru
domains = !+our_domains
log_message = ATT!: from $sender_address ip $sender_host_address to $local_part@$domain

vlary Спасибо думаю это то что мне нужно!

в приведенном коде я так понимаю нужно подправить только senders = *@company.ru
где company.ru пишу свой домен?

DJs3000 Совершенно верно. Ну и определить что входит в our_domains в конфиге.
domainlist our_domains = company.ru
И код поставить в начале акцесс-листа для RCPT TO:.

vlary
cat configure |grep acl_
acl_smtp_rcpt = acl_check_rcpt
acl_check_rcpt:
set acl_m0 = 0s
set acl_m0 = 0s
logwrite = Delay $acl_m0 for $sender_host_name \
delay = $acl_m0

Это не то у меня уже есть? не понимаю я как работают ACL

DJs3000
Цитата:

Это не то у меня уже есть?

Это то. Вот под этим и можешь поместить.

Цитата:

не понимаю я как работают ACL

А зря, у Эксима это основное. Учи матчасть.
Chapter 42 - Access control lists

Есть такая проблема, не могу в исключения добавить сервер чтобы он не проверялся по спамбазам.
запись в строке hosts !IP ничего не дает.
Сервер достался в наследство, настраивал не я.


Код:
deny message = "you in blacklist - $dnslist_domain --> $dnslist_text; $dnslist_value"
hosts = !localhost : !127.0.0.1
!authenticated = *
delay = 30s
dnslists = zen.spamhaus.org : \
dnsbl.njabl.org : \
dialups.mail-abuse.org : \
dul.ru : \
sbl.spamhaus.org : \
bl.spamcop.net : \
kr.countries.nerd.dk : \
cn.countries.nerd.dk : \
au.countries.nerd.dk : \
hu.countries.nerd.dk : \
jp.countries.nerd.dk : \
pl.countries.nerd.dk : \
hk.countries.nerd.dk : \
fr.countries.nerd.dk : \
at.countries.nerd.dk : \
br.countries.nerd.dk : \
cbl.abuseat.org : \

require verify = sender

Ermashov
Ну видимо добавить
!senders = dnsbl.notcheck.ru

Помогите допилить конфиг, ПОЖАЛУЙСТА ибо новичок я

Задача поднять второй МХ для домена. Exim 4.80 Freebsd 9.1

Вообщем-то все уже настроено, почта принимается для домена и релеится на основоной МХ, когда он становится доступным.
Однако ж, вторичный принимает кучу барахла для несуществующих почтовых ящиков домена, с пустым обратным адресом и такие письма морозятся.
Захотелось сделать проверку существования ящика.
Есть файлик, в котором все ящики и алиасы домена (/usr/local/etc/exim/west.email) и файл с доменами, для которых разрешен релай

Помогите, пожалуйста, написать роутер! Сам я как-то плохо понимаю

По аналогии с существующим переписал новый роутер relay_domains, но что-то подсказывает что не заработает


Код:
begin routers
dnslookup:
driver = dnslookup
domains = !+dummy_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
self = pass
no_more

disabled_domains:
driver = redirect
condition = ${extract{3}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
allow_fail = yes
data = :fail: Domain disabled
no_more

disabled_users:
driver = redirect
condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}
}
allow_fail = yes
data = :fail: User disabled
no_more

quota_check:
driver = redirect
domains = +local_domains
allow_defer
condition = ${if and{\
{exists{/usr/local/ispmgr/var/eximquota.pid}}\
{match{${readsocket{/usr/local/ispmgr/var/eximquota.sock}{$local_part@$domain:$message_size}}}{\Nover quota\N}}\
}{yes}{no}}
data = efer: $local_part@$domain is over quota

relay_domains:
driver = redirect
condition = ${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/west.email}{no}{yes}}
data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/my_domains.conf}}}}
cannot_route_message = UNKNOWN USER!
no_more

local_domains:
driver = redirect
condition = ${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}{no}{yes}}
data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
cannot_route_message = Unknown user
no_more

group_aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/aliases}}}}
condition = ${if and{\
{exists{/usr/local/etc/exim/aliases}}\
{eq {${extract{2}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/aliases}}}}} {group} }\
} {yes} {no} }
redirect_router = a_dnslookup
pipe_transport = address_pipe

aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/aliases}}}}
condition = ${if exists{/usr/local/etc/exim/aliases} {yes} {no} }
pipe_transport = address_pipe

local_users:
driver = redirect
condition = ${lookup {$local_part@$domain} lsearch {/usr/local/etc/exim/passwd} {yes} {no} }
data = $local_part@$domain
redirect_router = autoreplay

.ifdef MAILMAN_ENABLE
mailman:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman

mailman_isp:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part-$domain/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman_isp
.endif

catchall_for_domains:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{2}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
file_transport = local_delivery

unknown_users:
driver = redirect
allow_fail = yes
data = :fail: Unknown user
no_more

autoreplay:
driver = accept
condition = ${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/vaclist}{yes}{no}}
retry_use_local_part
transport = address_reply
unseen

.ifdef LDA_ENABLE
procmail:
no_verify
driver = accept
transport = maildrop_pipe
# condition = ${if exists{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}}/.procmailrc} {yes} {no}}
transport_home_directory = ${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}}
.endif

localuser:
driver = accept
transport = local_delivery

# Same routers without autoreplay

a_dnslookup:
driver = dnslookup
domains = !+dummy_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
self = pass
no_more

a_disabled_domains:
driver = redirect
condition = ${extract{3}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
allow_fail = yes
data = :fail: Domain disabled
no_more

a_disabled_users:
driver = redirect
condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}}
allow_fail = yes
data = :fail: User disabled
no_more

a_local_domains:
driver = redirect
data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
cannot_route_message = Unknown user
redirect_router = a_dnslookup
no_more

a_aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/aliases}}}}
condition = ${if exists{/usr/local/etc/exim/aliases} {yes} {no} }
redirect_router = a_dnslookup
pipe_transport = address_pipe

.ifdef LDA_ENABLE
a_procmail:
no_verify
driver = accept
transport = maildrop_pipe
# condition = ${if exists{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}}/.procmailrc} {yes} {no}}
transport_home_directory = ${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/usr/local/etc/exim/passwd}}}}
.endif

a_local_users:
driver = accept
transport = local_delivery
condition = ${lookup {$local_part@$domain} lsearch {/usr/local/etc/exim/passwd} {yes} {no} }

.ifdef MAILMAN_ENABLE
a_mailman:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman

a_mailman_isp:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part-$domain/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman_isp
.endif

a_catchall_for_domains:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{2}{:}{${lookup{$domain}lsearch{/usr/local/etc/exim/domains}}}}
file_transport = local_delivery
redirect_router = a_dnslookup

Clop345
Цитата:

переписал новый роутер relay_domains

Зачем новый роутер? Достаточно правильно прописать акцесс-лист на acl_smtp_rcpt
Типа того:

Код: acl_smtp_rcpt = acl_check_rcpt
.............
localpartlist knownusers = lsearch;/usr/local/etc/exim/west.email
..........
acl_check_rcpt:
accept hosts = :
accept hosts = : +local_hosts : +relay_from_hosts
# accept mail to known users
accept domains = +local_domains : +relay_to_domains
local_parts = +knownusers
deny
message = $local_part@$domain - unknown mailbox name

vlary
Цитата:

local_parts = +knownusers

Супер - спасибо!
А как должен выглядеть файлик этот списка?
Будет ли проверяться соответствие юзер@домен если доменов два, три и т.п.
Скажем user1@domain1.net существует, а user1@domain2.net не существует...

Clop345
Цитата:

А как должен выглядеть файлик этот списка?

Зависит. Если в данном варианте, тогда просто имена без домена по одному на строчке или несколько через двоеточие. Но это будет срабатывать для всех доменов.
Если в каждом домене разные юзеры, то либо модифицировать

Код: localpartlist knownusers1 = lsearch;/usr/local/etc/exim/domain1.email
localpartlist knownusers2 = lsearch;/usr/local/etc/exim/domain2.email
................
accept domains = +domain1.ru
local_parts = +knownusers1
accept domains = +domain2.ru
local_parts = +knownusers2

Помогите, пожалуйста, найти ошибку в конфиге с квотированием.

Требуется реализовать два вида квоты: квота на ящик и общая квота на домен. Квота на ящик – обычная квота из файла maildirsize. Квота на домен – задана в mysql-таблице domains, в поле quota. Суммарный текущий размер почты всех ящиков хранится в поле size, также в таблице domains.

Квота на ящик работает корректно, а раутер с квотой на домен (virtual_domain_quota_defer) по какой то неведомой причине не срабатывает ((

Сконфигурено всё следующим образом:

# Определяем квоту для ящика
GET_QUOTA=${lookup mysql{SELECT quota FROM users \
WHERE login='${local_part}' AND domain='${domain}'}{${value}M}}

MAILDIR_SIZE=${eval:${sg{${sg{${readfile{/var/exim/$domain/$local_part/maildirsize} {\n}}}{\N^.+?\n\N}{}}}{\N(?s)\s+-?\d+\n\N}{+}}0+500K}

# Определяем квоту для домена
GET_DOMAIN_QUOTA=${lookup mysql{SELECT quota FROM domains WHERE domain='${domain}'}{$value}fail}

# Текущий суммарный размер всех ящиков в домене
DOMAIN_SIZE=${lookup mysql{SELECT size FROM domains WHERE domain='${domain}'}{$value}fail}

….

# Раутер для per-mailbox квоты
virtual_user_quota_defer:
driver = redirect
domains = +local_domains
condition = ${if and{\
{exists{/var/mail/$domain/$local_part}}\
{exists{/var/mail/$domain/$local_part/maildirsize}}\
{>{GET_QUOTA}{0}}\
{>={MAILDIR_SIZE}{GET_QUOTA}}\
} }
data = :fail: Over quota!
verify_sender = false
allow_fail

# Раутер квоты для домена (не срабатывает!)
virtual_domain_quota_defer:
driver = redirect
domains = +local_domains
condition = ${if and{\
{>{GET_DOMAIN_QUOTA}{0}}\
{>={DOMAIN_SIZE}{GET_DOMAIN_QUOTA}}\
} }
data = :fail: Over quota for domain!
verify_sender = false
allow_fail

fakeroot
Цитата:

DOMAIN_SIZE=${lookup mysql{SELECT size FROM domains WHERE domain='${domain}'}{$value}fail}

Наверное, все-таки не size, а sum(size)?

Цитата:

DOMAIN_SIZE=${lookup mysql{SELECT size FROM domains WHERE domain='${domain}'}{$value}fail}
Наверное, все-таки не size, а sum(size)?

В поле size хранится текущий суммарный размер всех ящиков в конкретном домене (оно по шедулеру скриптом периодически обновляется). По этой причине sum не нужен.

fakeroot
Запусти дебаг сессии (exim -bh) с письмом в домен с оверквотой,
посмотри значения своих переменных, срабатывание условий,
и все выяснишь.

Спасибо! Сегодня обязательно попробую.

Уважаемые, подскажите есть ли в народе опыт модерирования исходящей почты?
Т.е. что бы письма от определённых ящиков не уходили сразу наружу, а где-то повисали и через web-интерфейс админ(ответственный) мог бы решать можно ли их отправлять или нет (тупо кнопки да/нет), разумеется что бы содержимое показывалось, а не только от кого и кому.

В наличии exim 4.80 на Debian'е, в связке с Dovecot 2.1.17.

Alukardd Тоже вдруг захотелось странного?
Ну, навскидку, через ACL для RCPT TO: можно переписать адрес получателя на определенный почтовый ящик либо заставить двигаться другим транспортом.
Потом через обычную веб-морду смотреть содержимое этого спец-ящика.
Ну а дальше просто сделать форвард этого письма оригинальному получателю.
Поскольку при этом MAIL FROM: будет от спецэккаунта, письмо уйдет по назначению.
Поля в его теле From:, To:, Reply-To: по идее измениться не должны.

vlary
Ну примерный план рождения костыля я тоже знал, думал вдруг есть известные извращения...
Спасибо)

А можно мне ещё странненького?) Хотя это больше похоже на нормальное желание:

Есть запись в файл /etc/aliases: user2: user1

Соответственно, если письмо отправить на оба адреса сразу (user1, user2), то бедный user1 получит 2 копии письма, как можно этого избежать?