Ru-Board.club
← Вернуться в раздел «В помощь системному администратору»

» FAQ по Exim MTA

Автор: Phoenix666
Дата сообщения: 26.11.2007 11:42
До этого работал с серверами под Win, так там везде были правила для почты. Поставил Exim+Dovecot+ClamAV+MySQL на Debian, все пользователи виртуальные. Оно работает, но возникли вопросы по поводу реализации правил и фильтров... документация не прибавила понимания. Поэтому вопрос:
1. На ящик A@domain приходит письмо с B@extdomain. Необходимо, чтобы _копия_ данного письма (при наличии в Теме определенных слов) попадала на C@domain и D@domain. Как и куда это написать?
При этом таких правил для разных ящиков может быть несколько.

2. Можно сделать (и как) чтобы все письма адресованные в домен но не имеющие получатиля скидывались в некотрый почтовый ящик вместо выдачи сообщения user unknown?

Спасибо!
Автор: DarkHost
Дата сообщения: 26.11.2007 12:37
Phoenix666
1. Никак и никуда. При существующей массе кодировок(кирилических), это практически невозможно.
2. Можно, допишите еще один роутер на получение последним. А из предпоследнего уберите cannot_route_message.
Автор: osipen
Дата сообщения: 17.12.2007 09:42
Hi
Установив Virtual Exim я столкнулся с проблемой, по SMTP письма могут слать кто угодно, абсолютно не важно создан ли пользователь или нет. Как сделать так что бы письма могли слать только пользователи прошедшие успешную авторизацию.
Автор: osipen
Дата сообщения: 18.12.2007 11:37
Вопрос снят
Автор: fly_house
Дата сообщения: 21.12.2007 12:39
Exim version 4.69
-----------------

TK/01 Add preliminary DKIM support. Currently requires a forked version of
ALT-N's libdkim that I have put here:
http://duncanthrax.net/exim-experimental/

Note to Michael Haardt: I had to rename some vars in sieve.c. They
were called 'true' and it seems that C99 defines that as a reserved
keyword to be used with 'bool' variable types. That means you could
not include C99-style headers which use bools without triggering
build errors in sieve.c.

NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
as mailq or other aliases. Changed the --help handling significantly
to do whats expected. exim_usage() emits usage/help information.

SC/01 Added the -bylocaldomain option to eximstats.

NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr

NM/03 Bugzilla 613: Documentation fix for acl_not_smtp

NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall)


Добавлено:
что такое DKIM, и чем он может быть полезен?
Автор: tankistua
Дата сообщения: 21.12.2007 19:07
Что такое Google и чем он может быть полезен ?
Автор: osipen
Дата сообщения: 21.12.2007 23:25
Значит задача такая. Имеем MTA Exim, нужно сделать, что бы письма приходили с внешних email. Но при это должна работать авторизация пользователей. Проблема такая:
domainlist local_domains = 127.0.0.1 (то почта ходит только локально, не приходят письма с внешних email)
или
domainlist local_domains = 127.0.0.1 : test.ru (то любой пользователь даже не созданный *@test.ru может слать письма куда угодно, зато письма приходят с внешних email)

в ACL CONFIGURATION
accept domains = +local_domains
endpass
verify = recipientaccept

authenticated = *


deny message = relay not permitted

в ROUTERS CONFIGURATION

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

Как сделать так что бы письма приходили с внешних email но при этом работала авторизация? Задавал вопрос на многих форумах так и остался без ответа, просьба умников которые даже не вникают в суть проблемы не отправлять мануалы читать.
Автор: fly_house
Дата сообщения: 22.12.2007 20:03

Цитата:
нужно сделать, что бы письма приходили с внешних email. Но при это должна работать авторизация пользователей.


как связано одно с другим?

Добавлено:
osipen
В domaillist пропиши свой реальный домен, и отключи релей с локальной сетки, отправляй только по авторизации.
Автор: osipen
Дата сообщения: 23.12.2007 21:16
"нужно сделать, что бы письма приходили с внешних email. Но при это должна работать авторизация пользователей." - да именно так.

fly_house
"В domaillist пропиши свой реальный домен, и отключи релей с локальной сетки, отправляй только по авторизации." - приведи пожалусто пример. А то я приблезительно так делаю нехрена не получается.
Автор: georgesitov
Дата сообщения: 24.12.2007 07:53
Подскажите плиз,
хочу прикрутить amavisd к exim, но ничего не выходит
В секцию роутинга добавил

amavis:
driver = manualroute
condition = "${if eq {$interface_port}{10025} {0}{1}}"
# if scanning incoming mails, uncomment the following line and
# change local_domains accordingly
# domains = +local_domains
transport = amavis
route_list = "* localhost byname"
self = send

В транспорт
amavis:
driver = smtp
port = 10024
allow_localhost

Также добавил парпаметр
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025

После чего почта перестает работать (

В логе следующее :
2007-12-24 08:40:01 H=localhost.me.ru (localhost) [127.0.0.1]:53110 I=[127.0.0.1]:10025 sender verify fail for <office@mail.me.ru>: Unrouteable address
2007-12-24 08:40:01 H=localhost.me.ru (localhost) [127.0.0.1]:53110 I=[127.0.0.1]:10025 F=<office@mail.me.ru> rejected RCPT <usual.man@gmail.com>: Sender verify failed

Да, письмо отправляю с аторизацией по логину и паролю.
Автор: tankistua
Дата сообщения: 24.12.2007 09:25
Поставь clamav :)
Автор: georgesitov
Дата сообщения: 24.12.2007 09:30
То есть ?
мне антимспам нужен
Автор: tankistua
Дата сообщения: 24.12.2007 09:34
AMaViS - A Mail Virus Scanner

я чего-то не понимаю ?:)
Автор: georgesitov
Дата сообщения: 24.12.2007 09:38
amavisd-new
Это интерейс к спамассасину, кламу и прочему
Автор: tankistua
Дата сообщения: 24.12.2007 09:50
так почему не повесить отдельно спамассашин и отдельно кламав ?
Автор: georgesitov
Дата сообщения: 24.12.2007 11:40
Ну в общем не знаю, наверное так и сделаю, попробую правда dspam ещё )
Автор: SharmanshikKarlo
Дата сообщения: 25.12.2007 17:54
Приветстую, есть вопрос по таблице aliases:

в вашем конфиге она имеет вид:

alias | domain | user

и поиск и выбор кому доставить письмо производится таким образом:


Код:
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}
Автор: twilightDream
Дата сообщения: 05.01.2008 23:42

Здравствуйте. Может правильнее сюда записать мой вопрос . Помогите пожалуйста разобраться с вопросом или подскажите где почитать можно на русском.
Излагаю суть:
Написали клиентский веб интерфейс для эксим. Сам эксим работает не с MySQL, а стандартная конфигурацция. (Вы уж простите, но у нас нет сисадминов. Одни програмеры. Пытаемся вот разобраться.))
Пользователей всегда добавляли через Direct Admin. Но это неудобно. Хотим написать свою админку к эксим, чтобы можно было добавлять пользователей. Подскажите пожалуйста в какие файлы что надо дописать, чтобы добавился виртуальный пользователь.
Такой же вопрос относится и к добавлению доменов.
Спасибо за внимание.
Автор: tankistua
Дата сообщения: 06.01.2008 10:40
twilightDream
зачем писать ? есть прекрасно работающий vexim , ставил я его годика полтора тому назад, но хуже он точо не стал за это время.

если вдруг фря стоит - так вообще просто, он в портах есть
http://www.freshports.org/mail/vexim/
Автор: twilightDream
Дата сообщения: 06.01.2008 10:45
Стоит Федора. vExim конечно штука хорошая, но не соответствует нужным задачам. Поэтому и написали своего клиента.
Автор: georgesitov
Дата сообщения: 06.01.2008 16:12
twilightDream
если виртуальные пользователь - то соответственно в конфиге должно быть
virtual:
driver = redirect
domains = dsearch;/etc/mail/virtual
data = ${lookup{$local_part}lsearch{/etc/mail/virtual/$domain}}



my_domains:
driver = accept
domains = dsearch;/etc/mail/domains
local_parts = lsearch;/etc/mail/domains/$domain
transport = my_mailboxes
no_more

Соответственно в /etc/mail/virtual/$domain - альясы для переадресации виртуальных пользователей, а в /etc/mail/domains - находится файлы с именами пользоваелей, для которых система принимает почту.
к примеру уесли у вас домен domen.ru
то должен быть файл
/etc/mail/domains/domain.ru
а в нем должны быть пользователи
user1
user2
Автор: twilightDream
Дата сообщения: 07.01.2008 12:10
georgesitov
Спасибо большое за подсказку. Теперь хоть знаю с чего начать.

Автор: twilightDream
Дата сообщения: 10.01.2008 16:31
Всё таки непонятно. Ниже привожу конфигурационный файл, чтобы было понятнее, как всё настроено. Всё таки. куда дописать строчку, чтобы добавить домен, и куда дописать, чтобы добавить пользователя. Причем пароли то шифруются. Шифровать самому, или это сделает эксим?
[more]
######################################################################
# SpamBlocker.exim.conf.2.0-release #
# Runtime configuration file for DirectAdmin/Exim 4.24 and above #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# WARNING! Be sure to back up your previous exim.conf file before #
# attempting to use this exim.conf file. #
# #
# Do may not use this exim.conf Exim configuration file unless you #
# make the required modifications to your Exim configuration #
# following the instructions in the README file included in this #
# distribution. #
# #
# This is version "2.0 of the SpamBlocker exim.conf file as #
# distributed by NoBaloney Internet Services for DirectAdmin based #
# servers. #
# #
# More information about NoBaloney.net may be found at: #
# http://www.nobaloney.net/ #
# #
# More information about DirectAdmin may be found at: #
# http://www.directadmin.com/ #
# #
# This Exim configuration file has been modified from the original #
# as distributed with Exim 4. The modifications have been made by: #
# #
# Jeff Lasman #
# NoBaloney Internet Services #
# 1254 So. Waterman Ave., Suite 50 #
# San Bernardino, CA 92408 #
# spamblocker@nobaloney.net #
# (909) 266-9209 #
# #
# The SpamBlocker exim.conf file has been modified from the original #
# exim.conf file as distributed with Exim 4, which includes the #
# following copyright notice: #
# #
# Copyright (C) 2002 University of Cambridge, Cambridge, UK #
# #
# Portions of the file are taken from the exim.conf file as #
# distributed with DirectAdmin (http://www.directadmin.com/), #
# #
# Copyright (C) 2003 JBMC Software, St Albert, AB, Canada #
# #
# Portions of this file are written by Jeff Lasman, of #
# NoBaloney Internet Services and are copyright as follows: #
# #
# Copyright (C) 2004-2005 NoBaloney Internet Services, #
# San Bernardino, Calif., USA #
# #
# The entire Exim 4 distribution, including the exim.conf file, is #
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, #
# June 1991. If you do not have a copy of the GNU GENERAL #
# PUBLIC LICENSE you may download it, in it's entirety, from #
# the website at: #
# #
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt #
# #
######################################################################
# #
# The most recent version of this SpamBlocker exim.conf file may #
# always downloaded from the website at #
# #
# http://www.nobaloney.net/exim/exim.conf.spamblocked #
# #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# #
# Whenever you change Exim's configuration file, you *must* remember #
# to HUP the Exim daemon, because it will not pick up the new #
# configuration until you do. However, any other Exim processes that #
# are started, for example, a process started by an MUA in order to #
# send a message, will see the new configuration as soon as it is in #
# place. #
# #
# You do not need to HUP the daemon for changes in auxiliary files #
# that are referenced from this file. They are read every time they #
# are used. #
# #
# It is usually a good idea to test a new configuration for #
# syntactic correctness before installing it (for example, by #
# running the command "exim -C /config/file.new -bV"). #
# #
### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ###
# #
# YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as #
# documented in the README file. #
# #
# The README file for this version is named: #
# README.SpamBlocker.exim.conf.2.0 #
# #
######################################################################

# Specify your host's canonical name here. This should normally be the
# fully qualified "official" name of your host. If this option is not
# set, the uname() function is called to obtain the name. In many cases
# this does the right thing and you need not set anything explicitly.

## Find primary_hostname and add the following line above
av_scanner = clamd:/var/run/clamav/clamd

# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =

# the next line is required to start the smtp auth script included
# in DirectAdmin

perl_startup = do '/etc/exim.pl'

# the next line is required to start the system_filter included in
# DirectAdmin to refuse potentiallly harmful payloads in
# email messages

system_filter = /etc/system_filter.exim

# next line to allow incoming email submission port 587
# see also check_recipient second ruleset

daemon_smtp_ports = 25 : 587

# SET SOME MEANINGFUL LIMITS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true

# ALLOW UNDERSCORE IN EMAIL DOMAIN NAME
# domains shouldn't use the underscore character "_" but some
# may. Because John Postel, one of the architects of the Internet,
# said "Be liberal in what you accept and conservative in what you
# transmit, we choose to allow underscore in email domain names so we
# can receive email form domains which use the underscore character
# in their domain name.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

helo_allow_chars = _

# CHANGE LOGGING BEHAVIOR
# We weren't happy with the default Exim logging behavior through
# syslog; it didn't give us enough information. So we turned off
# syslog behavior and changed the logging behavior to give us what we
# felt was more helpful information. You may choose to delete or modify
# this section.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery

syslog_duplication = false

# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

# define local lists

addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts

# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.

# DO NOT ALLOW HOST LITERALS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to uncomment the line
# below and change the allow_domain_literals line below to true
# to allow domain literals in your environment

# local_domains_include_host_literals

# The following line prevents Exim from recognizing addresses of the form
# "user@[111.111.111.111]" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.

allow_domain_literals = false

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

# DO HOST LOOKUP
# OPTIONAL MODIFICATIONS:
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *

# DISALLOW IDENT CALLBACKS
# OPTIONAL MODIFICATIONS:
# Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session. By default
# we disable callbacks for incoming SMTP calls. You may change
# rfc1413_query_timeout to 30s or some other positive number of seconds to
# enable callbacks for incoming SMTP calls.

rfc1413_hosts = *
rfc1413_query_timeout = 0s

# BOUNCE MESSAGES
# OPTIONAL MODIFICATIONS:
# When Exim can neither deliver a message nor return it to sender, it
# "freezes" the delivery error message (aka "bounce message"). There are also
# other circumstances in which messages get frozen. They will stay on the
# queue forever unless one or both of the following options is set.

# This option unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than five days.

timeout_frozen_after = 5d

# TRUSTED USERS
# OPTIONAL MODIFICATIONS:
# if you must add additional trusted users, do so here; continue the
# colon-delimited list

trusted_users = mail:majordomo:apache:diradmin

# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *
#auth_over_tls_hosts = *

######################################################################
# ACLs #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{587} {yes}{no}}
endpass
message = relay not permitted, authentication required
authenticated = *

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# local source whitelist
# accept if the source is local SMTP (i.e. not over TCP/IP).
# Test for this by testing for an empty sending host field.
accept hosts = :

# sender domains whitelist
# accept if sender domain is in whitelist
accept sender_domains = +whitelist_domains

# sender hosts whitelist
# accept if sender host is in whitelist
accept hosts = +whitelist_hosts
accept hosts = +whitelist_hosts_ip

# envelope senders whitelist
# accept if envelope sender is in whitelist
accept senders = +whitelist_senders

# accept mail to postmaster in any local domain, regardless of source
accept local_parts = postmaster
domains = +local_domains

# accept mail to abuse in any local domain, regardless of source
accept local_parts = abuse
domains = +local_domains

# accept mail to hostmaster in any local domain, regardless of source
accept local_parts = hostmaster
domains =+local_domains

# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out. However, if you'll be telling your senders of blocked
# email to send an email to errors@yourdomain.com, then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.

# accept mail to errors@example.com, regardless of source
# accept local_parts = errors
# domains = example.com

# deny so-called "legal" spammers"
deny message = Email blocked by LBL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains

# deny using hostname in bad_sender_hosts blacklist
deny message = Email blocked by BSHL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
hosts = +bad_sender_hosts

# deny using IP in bad_sender_hosts blacklist
deny message = Email blocked by BSHL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
hosts = +bad_sender_hosts_ip

# deny using email address in blacklist_senders
deny message = Email blocked by BSAL - to unblock see http://www.example.com/
domains = use_rbl_domains
deny senders = +blacklist_senders

# By default we do NOT require sender verification.
# Sender verification denies unless sender address can be verified:
# If you want to require sender verification, i.e., that the sending
# address is routable and mail can be delivered to it, then
# uncomment the next line. If you do not want to require sender
# verification, leave the line commented out

#require verify = sender

# deny using .spamhaus
deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = sbl.spamhaus.org

# deny using ordb
deny message = Email blocked by ORDB - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = relays.ordb.org

# deny using sorbs smtp list
deny message = Email blocked by SORBS - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users

# deny using spamcop
deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = bl.spamcop.net

# deny using njabl
deny message = Email blocked by NJABL - to unblock see http://www.example.com/
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = dnsbl.njabl.org

# deny using cbl
deny message = Email blocked by CBL - to unblock see http://www.example.com/
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = cbl.abuseat.org

# deny using all other sorbs ip-based blocklist besides smtp list
deny message = Email blocked by SORBS - to unblock see http://www.example.com/
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = dnsbl.sorbs.net!=127.0.0.6

# deny using sorbs name based list
deny message = Email blocked by SORBS - to unblock see http://www.example.com/
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
     message = "Unknown User"
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted

# ACL that is used after the DATA command
check_message:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
accept

######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{smtpauth}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1


######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################

begin routers

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.

lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more

# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.

# domain_literal:
# driver = ipliteral
# transport = remote_smtp

######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
#######&#35##############################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).

# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { \
            {!def:h_X-Spam-Flag:} \
            {!eq {$received_protocol}{spam-scanned}} \
            {!eq {$received_protocol}{local}} \
            {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
        } {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify

majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
driver = redirect
allow_defer
allow_fail
#condition = "${if eq {$received_protocol} {local} {true} {false} }"
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo

domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
directory_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true

virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true

# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim

localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery

# This director matches local user mailboxes.

######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo

# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = /home/$local_part/Maildir/
directory_mode = 770
create_directory = true
maildir_format
group = mail
mode = 0660
return_path_add
user = ${local_part}

## for delivering virtual domains to their own mail spool

virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
maildir_format
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

## vacation transport
uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
text = "\
    ------ ------\n\n\
    This message was automatically generated by email software\n\
    The delivery of your message has not been affected.\n\n\
    ------ ------\n\n"
to = "${sender_address}"
user = mail
    #once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
driver = autoreply

######################################################################
# RETRY CONFIGURATION #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------


begin retry

* * F,2h,15m; G,16h,1h,1.5; F,4d,8h


# End of Exim 4 configuration

[/more]
Автор: DenisKh
Дата сообщения: 11.01.2008 16:39
Мое почтение всем,стоит связка Exim + Dovecot + Roundcube в качестве веб оболочки для почты.
Квотирование почтовых ящиков осуществляется посредством exim.Проблема в том что в Roundcube никак не получается настроить отображение квоты установленной в Exim.
Из Dovecot таких проблем нет..а вот вот мониторинг квоты из Exim настроить никак не получается.
Автор: UnnamedHero
Дата сообщения: 15.01.2008 08:52
Привет всем. Возможно ли, используя exim+courier+ещё что понадобиться реализовать следующее:
Есть офис, есть хостинг с сайтом/почтой (всё на площадке хостера). У пользователей есть потовые ящики бла-бла@фирма.ру . Надо организвать внутри локальной сети фирмы некий почтовый сервер, который бы:
-если вася@фирма.ру пишет письмо маша@фирма.ру, то письмо шло бы только через локальный сервер, а не через почту хостера (экономия трафика и времени).
-если вася@фирма.ру пишет письмо john@contora.com, то письмо уходило бы в инет.
-вся корреспонденция пользователей, падающая в ящики на хостинге скачивалась на локальный сервер, проверялась на вирусы, и распихивалась по пользователям.
-соотвественно, пользователи для почты пользуются только внутренним сервером.

Всю ветку читать нет времени, всё как обычно надо срочно, а опыта - только вот начал читать... Я не прошу готового решения, мне интересно, реализуемо ли это и в каком направлении копать.
Автор: kid79
Дата сообщения: 15.01.2008 14:25
Прошу помощи, стоит свзка exim4+spamassasis+clamav+virtual users+vexim в качестве web интерфейса horde3+imp4 никак не могу побороть размер атачментов, везде показывает 2 мегабайта, хотя в vexim поставлено размер письма 10Мб, пробовал в exim4.cont.template прописать вместо
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif

message_size_limit =10Mb
все равно не получается вкладывать файлы более 2-х мегов.
Автор: davidgilmour
Дата сообщения: 21.01.2008 05:48
Пожалуйста, HELP!
Стоит FreeBSD сервер, на нем Sqid, Apache, Exim+Dovecot+SQLite+clamav.

Поднимал его один парень, которого не найти.
Почтовые пользователи создавались при помощи команды "mailedit", про которую гуглу ничего неизвестно.

Пользователей всего штук 15. Но почему-то письма от одного юзера (генер. дир-ра, как на зло) стали приходить еще и секретарше. Случилось это после создания акаунта почты support@"domain.XX"

Вся база пользователей содерж. в одном файле mail.db.
Автор: tankistua
Дата сообщения: 21.01.2008 08:28
davidgilmour

Цитата:
Случилось это после создания акаунта почты support@"domain.XX"

ну так удалите его :)
Автор: Yakon
Дата сообщения: 30.01.2008 08:54
Есть настроенная связка Exim-mysql 4.69 - Clamd-0.92 - Spamassassin-3.2.3 - Dovecot-1.0.10

84998 SJ 46:32.91 0 127 88 69228 36952 - 3656 0.0 0.9 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/m
92833 SsJ 0:08.76 19 127 48 42240 40244 - 48 0.0 1.0 /usr/local/sbin/clamd
92890 SJ 0:11.26 18 127 0 31704 30424 - 8 1.4 0.7 spamd child (perl5.8.8)
92876 SsJ 0:00.56 0 127 0 27148 26360 - 8 0.0 0.6 /usr/local/bin/spamd -c -Q -A 127.0.0.1 -A 87.242.116.107
2714 IJ 0:00.85 42 127 18 26608 19228 - 196 0.0 0.5 /usr/local/sbin/httpd -DSSL
7015 IJ 0:00.23 47 98 0 26504 19056 - 196 0.0 0.5 /usr/local/sbin/httpd -DSSL
4315 IWsJ 0:00.00 127 127 0 12388 0 - 856 0.0 0.0 /usr/local/bin/php -c /etc/adminpanel/etc/php.ini /etc/ad
4317 IsJ 0:00.04 127 127 47 12384 1364 - 856 0.0 0.0 /usr/local/bin/php -c /etc/adminpanel/etc/php.ini /etc/ad
68111 SsJ 0:00.15 0 127 0 15072 7204 - 196 0.0 0.2 /usr/local/sbin/httpd -DSSL
4951 IJ 0:00.01 97 127 0 6296 3088 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
2750 IJ 0:00.01 126 127 0 6168 2992 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
6409 I+J 0:00.24 21 127 5 4020 2192 - 616 0.0 0.1 mc
4491 IsJ 0:00.01 42 127 0 6120 2956 - 752 0.0 0.1 /usr/local/sbin/exim -Mc 1JK6aZ-0001AQ-PX (exim-4.69-0)
4496 IJ 0:00.00 42 127 0 6120 2968 - 752 0.0 0.1 /usr/local/sbin/exim -Mc 1JK6aZ-0001AQ-PX (exim-4.69-0)
5788 IJ 0:00.00 127 127 0 6112 2896 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
6624 IJ 0:00.00 127 127 0 6112 2896 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
7108 IJ 0:00.00 87 88 0 6112 2896 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
94227 SsJ 0:00.05 18 127 0 6076 2892 - 752 0.0 0.1 /usr/local/sbin/exim -bd -q30m (exim-4.69-0)
4133 SsJ 0:21.98 9 127 9 3576 696 - 384 0.0 0.0 proftpd: (accepting connections) (proftpd)
89507 SsJ 0:00.02 0 127 2 3152 1800 - 564 0.0 0.0 -bash (bash)
6233 IsJ 0:00.01 127 127 2 3152 1808 - 564 0.0 0.0 -bash (bash)
6411 Is+J 0:00.01 127 127 0 3152 1808 - 564 0.0 0.0 bash -rcfile .bashrc
89427 SsJ 0:00.30 0 127 31 6152 2316 - 156 0.0 0.1 sshd: root@ttyp0 (sshd)
68001 SJ 0:00.09 1 127 0 2120 1404 - 176 0.0 0.0 dovecot-auth
6156 IsJ 0:00.13 21 127 24 6112 2404 - 156 0.0 0.1 sshd: root@ttyp1 (sshd)
4265 IsJ 0:13.54 42 127 42 3352 256 - 156 0.0 0.0 /usr/sbin/sshd
68000 SsJ 0:00.15 0 127 0 1400 952 - 112 0.0 0.0 /usr/local/sbin/dovecot
68023 SJ 0:00.11 0 127 0 2712 1776 - 92 0.0 0.0 pop3-login
68021 SJ 0:00.11 0 127 0 2704 1768 - 92 0.0 0.0 pop3-login
68024 SJ 0:00.10 0 127 0 2704 1768 - 92 0.0 0.0 pop3-login
68025 SJ 0:00.10 0 127 0 2704 1764 - 100 0.0 0.0 imap-login
68026 SJ 0:00.10 0 127 0 2704 1764 - 100 0.0 0.0 imap-login
68027 SJ 0:00.10 0 127 0 2704 1764 - 100 0.0 0.0 imap-login
84975 IJ 0:00.01 127 127 0 1652 908 - 100 0.0 0.0 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=
4272 SsJ 0:07.23 6 127 2 1328 528 - 28 0.0 0.0 /usr/sbin/cron -s
4048 SsJ 1:42.54 5 127 4 1300 428 - 32 0.0 0.0 /usr/sbin/syslogd -ss
7317 ZJ 0:00.01 0 1 0 0 0 - 0 0.0 0.0 <defunct>

Лимит памяти на VPS 256Мб. Поток спама на сервер достаточно ощутимый. И связка начала вылезать за пределы. См. выше.
Clamd с каждым обновлением прибавляет в весе. Spamd меньше 25Мб не бывает.
И так уже оставил spamd всего один дочерний процесс. В spamd не отправляю письма более 200k. В Clamd более 1m. Нельзя ли как-то урезать их потребление памяти? А то письма переодически и так застревают, то to many smtp connection, то то свободного spamd сервера нет.
Автор: tankistua
Дата сообщения: 30.01.2008 09:05
ограничь spamd до 100К и сламав до 500К.

З.Ы. в настройки лучше не лезь, добавь памяти.

Страницы: 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768

Предыдущая тема: MS Outlook Возвращает: Не удается доставить.


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.