Есть задача - разрешить командировочным сотрудникам слать почту через офисный сервер через 465.
Поставил exim + saslauth + dovecot
Код: Выделить всё
[root@gate /usr/local/etc]# cat /usr/local/etc/exim/configure
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mail.domen.com
domainlist local_domains = mail.domen.com
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost : 127.0.0.1 : 192.168.0.0/16
hostlist auth_relay_hosts = *
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
daemon_smtp_ports = 25:465:587
exim_user = mailnull
exim_group = mail
never_users = root
smtp_accept_max = 500
smtp_accept_max_per_connection = 30
smtp_accept_max_per_host = 40
smtp_enforce_sync = true
message_size_limit = 100M
#acl_smtp_helo = acl_check_helo
qualify_domain = mail.tynnyi.com
qualify_recipient = mail.tynnyi.com
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
helo_accept_junk_hosts = 192.168.0.0/16
#host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 10m
timeout_frozen_after = 7d
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = : +relay_from_hosts
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
#############################################################################
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
# accept hosts = +relay_from_hosts
#
# control = submission
# control = dkim_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.
accept authenticated = *
control = submission
control = dkim_disable_verify
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts : !81-196.lissyara.su
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "main IP in your HELO! Access denied!"
deny message = "your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
warn message = X-Quarantine-Me-Malware: $malware_name
log_message = malware: $malware_name
demime = *
malware = */defer_ok
warn message = X-Quarantine-Me-Spam: SA score $spam_score\n\
X-SA-Report: $spam_report
log_message = Spam score $spam_score > 5
spam = spamd/defer_ok
condition = ${if >{$spam_score_int}{50}{1}{0}}
# Accept the message.
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
check_malware:
driver = redirect
condition = ${if def:h_X-Quarantine-Me-Malware: {1}{0}}
headers_add = X-Quarantined-Malware: $h_X-Quarantine-Me-Malware:
headers_remove = X-Quarantine-Me-Malware
data = /var/quarantine/malware/malware.$tod_logfile
file_transport = address_file
check_spam:
driver = redirect
condition = ${if def:h_X-Quarantine-Me-Spam: {1}{0}}
headers_add = X-Quarantined-Spam: $h_X-Quarantine-Me-Spam:
headers_remove = X-Quarantine-Me-Spam
data = /var/quarantine/spam/spam.$tod_logfile
file_transport = address_file
no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = mailnull
group = mail
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
condition = ${if exists{$home/.forward} {yes} {no} }
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
# If you want this router to treat local parts with suffixes introduced by "-"
# or "+" characters as if the suffixes did not exist, uncomment the two local_
# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
# in the same way as xxxx@your.domain by this router.
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
user = $local_part
mode = 0660
no_mode_fail_narrower
address_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
#server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
#server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
#PLAIN:
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
#LOGIN:
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
######################################################################
# CONFIGURATION FOR local_scan() #
######################################################################
# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.
# begin local_scan
# End of Exim configuration file
Извне при попытке соединится просит пароль - ввожу %user% : %password% - не канает. Ввожу %user@mail.domen.com% : %password% тоже не катит. В логе
Код: Выделить всё
2011-06-13 21:35:59 plain authenticator failed for ([127.0.0.1]) [212.26.222.22] I=[195.177.222.222]:465: 535 Incorrect authentication data (set_id=user)
2011-06-13 21:35:59 login authenticator failed for ([127.0.0.1]) [212.26.222.22] I=[195.177.222.222]:465: 535 Incorrect authentication data (set_id=user)
Почем 465 порт - сотрудники частенько попадают в сети где 25 порт заблокирован.
Подскажите пожалуйста - как решить проблему?