Код: Выделить всё
primary_hostname = mail.ruskon.biz
hide mysql_servers = localhost/exim/exim/exim
domainlist local_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}}
domainlist relay_to_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}}
hostlist relay_from_hosts = localhost:127.0.0.1/8:192.168.0.0/16
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd
qualify_domain = mail.ruskon.biz
qualify_recipient = mail.ruskon.biz
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d
freeze_tell = test@ruskon.biz
helo_accept_junk_hosts = 192.168.0.0/16
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 50
smtp_accept_max_per_connection = 25
smtp_connect_backlog = 30
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = false
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
system_filter = /usr/local/etc/exim/copy_mail.conf
##############
# Белый список E-Mail'ов
MYSQL_MYLIST = INSERT INTO mylist(src_email,dst_email,record_expires) VALUES ('$sender_address','$acl_m4@$acl_m5',DATE_ADD(now(), INTERVAL 100 DAY)
MYSQL_UPDATEMYLIST = UPDATE mylist SET record_expires=DATE_ADD(now(), INTERVAL 100 DAY) WHERE src_email='$sender_address' AND dst_email='$acl_m4@$acl_m5'
MYSQL_DELMYLISTEXPIRED = DELETE FROM mylist WHERE record_expires < now()
MYSQL_TESTMYLIST = SELECT CASE WHEN now() - record_expires > 0 THEN 2 ELSE 1 END FROM mylist WHERE src_email='$sender_address' AND dst_email='$acl_m4@$
MYSQL_TESTCLIENTMYLIST = SELECT CASE WHEN now() - record_expires > 0 THEN 2 ELSE 1 END FROM mylist WHERE dst_email='$sender_address' AND src_email='$local_pa
##############
begin acl
# Эти правила срабатывают для каждого получателя
acl_check_rcpt:
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# Проверка на открытый релей
deny condition = ${if !eq{$sender_helo_name}{$sender_host_name}{yes}{no}}
hosts = !+relay_from_hosts : *
!senders = :
message = "Not Open relay"
deny message = "incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts : !81-196.ruskon.biz
condition = ${if eq{$sender_helo_name}{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "main IP in your HELO! Access denied!"
deny condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "can not be only number in HELO!"
deny message = "your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}
warn
set acl_m0 = 30s
warn
hosts = +relay_from_hosts:194.169.250.90:88.227.11.246
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address] with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
deny message = "you in blacklist - $dnslist_domain \n $dnslist_text"
dnslists = opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org
accept hosts = +relay_from_hosts
deny message = "Homo hominus lupus est"
#############################
warn set acl_m3 = ${lookup mysql{MYSQL_DOMAINS}}
set acl_m4 = $local_part
set acl_m5 = $domain
# Принимаем аутентифицированных для нашего домена
accept authenticated = *
domains = +local_domains
endpass
message = "Unknown user"
verify = recipient
# Проверяем, существует ли домен получателя
deny log_message = Recipient verify failed
authenticated = *
!verify = recipient
# Для наших пользователей записываем наш $sender_address и адрес получателя($local_part@$domain).
# Существуют записи для данной пары src-dst email? Если нет, вернёт 0.
warn
authenticated = *
set acl_m19 = ${lookup mysql{MYSQL_TESTMYLIST}{$value}{0}}
# Если существует, изменяем поле record_expire
warn
authenticated = *
condition = ${if and {{eq{$acl_m3}{}}{!eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_UPDATEMYLIST}}
# Если не существует такой записи, добавляем в базу.
warn
authenticated = *
condition = ${if and {{eq{$acl_m3}{}}{eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_MYLIST}}
# Принимаем аутентифицированных для нашего домена
accept authenticated = *
domains = +local_domains
endpass
message = "Unknown user"
verify = recipient
# Проверяем, существует ли домен получателя
deny log_message = Recipient verify failed
authenticated = *
!verify = recipient
# Для наших пользователей записываем наш $sender_address и адрес получателя($local_part@$domain).
# Существуют записи для данной пары src-dst email? Если нет, вернёт 0.
warn
authenticated = *
set acl_m19 = ${lookup mysql{MYSQL_TESTMYLIST}{$value}{0}}
# Если существует, изменяем поле record_expire
warn
authenticated = *
condition = ${if and {{eq{$acl_m3}{}}{!eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_UPDATEMYLIST}}
# Если не существует такой записи, добавляем в базу.
warn
authenticated = *
condition = ${if and {{eq{$acl_m3}{}}{eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_MYLIST}}
########################
acl_check_data:
deny malware = *
message = "In e-mail found VIRUS - $malware_name"
accept
begin routers
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}}
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
begin transports
remote_smtp:
driver = smtp
dovecot_delivery:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnull
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth2}' AND `password` = '${quote_mysql:$auth3}'}{yes}
server_prompts = :
server_set_id = $auth2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth1}' AND `password` = '${quote_mysql:$auth2}'}{yes}
server_prompts = Username:: : Password::
server_set_id = $auth1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $auth2