На всякий случай вот ссыллка на оригинал конфига - может я просто неправильно понял автора при замене переменных на свои ?:
http://samag.ru/uploads/artpdf/1322461774configure_Exim
Код: Выделить всё
2013-03-02 16:00:13 [21494] End queue run: pid=21494
2013-03-02 16:00:17 [21509] 1UBmz3-0005av-UQ SA: Debug: SAEximRunCond expand returned: '1'
2013-03-02 16:00:17 [21509] 1UBmz3-0005av-UQ SA: Debug: check succeeded, running spamc
2013-03-02 16:00:19 [21509] 1UBmz3-0005av-UQ SA: Action: scanned but message isn't spam: score=-0.0 required=5.0 (scanned in 2/2 secs | Message-Id: E1UBmz3-0005av-UQ@mx.emorion.com.ua). From <root@mx.emorion.com.ua> (local) for kobzar@emorion.com.ua
2013-03-02 16:00:19 [21509] 1UBmz3-0005av-UQ <= root@mx.emorion.com.ua U=root P=local S=754 T="Test" from <root@mx.emorion.com.ua> for kobzar@emorion.com.ua
2013-03-02 16:00:19 [21513] 1UBmz3-0005av-UQ == kobzar@emorion.com.ua R=ldap_EXTdistrib_group defer (-1): condition check lookup deferНо где я ошибаюсь понять не могу.
ниже конфиг ексима. Доступ к лдапу есть. (проверял через ldapsearch)
Посмотрите опытным взглядом... где ж я туплю то так ацки ?
Конфиг Ексима:
Код: Выделить всё
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mx.emorion.com.ua
domainlist local_domains = @
domainlist relay_to_domains = emorion.com.ua
domainlist trust_domains = kuz.com.ua
hostlist local_net = 172.16.16.0/24 : 172.16.100.0/24
hostlist nonauth_hosts = 172.16.16.10
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
ldap_default_servers = 172.16.16.2::3268 : 172.16.16.4::3268
LDAP_AUTH = user="unix_ldap@jsp.local" pass="Пароль"
LDAP_BASE_SEARCH = ldap:///DC=jsp,DC=local
LDAP_DOMAIN = jsp.local
LDAP_MAIL_FILTER = (&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectClass=user)(mail=${quote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain}))
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
#SMTP SSL
# Какой порт будет слушать демон Exim
tls_advertise_hosts = *
tls_certificate = /usr/local/etc/exim/ssl/exim.crt
tls_privatekey = /usr/local/etc/exim/ssl/exim.key
tls_on_connect_ports = 465
daemon_smtp_ports = 25:465
exim_user = mailnull
exim_group = mailnull
never_users = root
host_lookup = !+local_net
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 1d
split_spool_directory = true
helo_accept_junk_hosts = +local_net
smtp_banner = $primary_hostname ESMTP server
smtp_receive_timeout = 3m
smtp_accept_max = 100
smtp_accept_max_per_host = 10
smtp_accept_max_per_connection = 10
remote_max_parallel = 15
recipients_max = 120
message_size_limit = 10M
auth_advertise_hosts = +local_net : localhost
log_selector = \
+all \
-arguments \
-smtp_connection \
-all_parents \
-ident_timeout \
-incoming_port \
-outgoing_port \
-queue_time \
-queue_time_overall
syslog_timestamp = no
log_file_path = /var/log/exim/%s-%D.log
system_filter = /usr/local/etc/exim/filters/system-filter
system_filter_pipe_transport = address_pipe
system_filter_user = mailnull
system_filter_group = mailnull
# Скрипт для встроенного Perl. Использую для групп рассылок.
perl_startup = do '/usr/local/etc/exim/scripts/group_distrib_AD.pl'
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +relay_to_domains
local_parts = ^[.] : ^.*[@%!/|]
delay = 30s
deny message = Restricted characters in address
domains = !+relay_to_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
delay = 30s
accept hosts = !+local_net : !localhost
domains = +relay_to_domains
condition = ${lookup{$sender_address_domain}wildlsearch\
{/usr/local/etc/exim/db/whitelist}{yes}{no}}
logwrite = OK! The host $sender_address_domainis in the WHITE list
accept hosts = +nonauth_hosts
domains = +relay_to_domains
warn set acl_c1 = 0
warn condition = ${if eq{$sender_helo_name}{}{yes}{no}}
logwrite = SPAM. Send HELO/EHLO and your name first
set acl_c1 = ${eval:$acl_c1+1}
deny message = You are not allowed to send mail outside the own domain.
hosts = +local_net : localhost
domains = !+relay_to_domains
condition = ${if eqi{LD}{${lookup ldapm{LDAP_AUTH \
LDAP_BASE_SEARCH?physicalDeliveryOfficeName?sub?\
(samaccountName=$sender_address_local_part)}}}{yes}{no}}
accept hosts = +local_net : localhost
authenticated = *
control = dkim_disable_verify
drop message = Forbidden to send mail on behalf of users domain \
$sender_address_domain
hosts = !+local_net : !localhost
condition = ${if match_domain{$sender_address_domain}\
{$primary_hostname : +local_domains : +relay_to_domains}\
{yes}{no}}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if or {{ isip{$sender_helo_name}}\
{eq{$sender_helo_name}{[$sender_host_address]}}}{yes}{no}}
logwrite = SPAM. Forbidden to use IP-address instead of the host name in HELO
set acl_c1 = ${eval:$acl_c1+2}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if match_domain{$sender_helo_name}\
{$primary_hostname : +local_domains : +relay_to_domains}{yes}{no}}
logwrite = SPAM. In HELO a name of our server
set acl_c1 = ${eval:$acl_c1+3}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if eq{$host_lookup_failed}{1}{yes}{no}}
logwrite = SPAM. Yours PTR and A records DNS do not conform
set acl_c1 = ${eval:$acl_c1+4}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${lookup{$sender_host_name}wildlsearch\
{/usr/local/etc/exim/db/blacklist}{yes}{no}}
logwrite = SPAM. $sender_host_name in our local blacklist
set acl_c1 = ${eval:$acl_c1+6}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if and {{match{$sender_host_name}\
{\N(?>[^.]+[.]){5,}|(?>[^-]+[\-]){4,}\N}}\
{!match{$sender_host_name}{\N\.yahoo\.com$\N}}}{yes}{no}}
logwrite = SPAM. Too many point or hyphens in the hostname ($sender_host_name)
set acl_c1 = ${eval:$acl_c1+7}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
condition = ${if !match{$sender_host_name}{\N\.yahoo\.com$\N}{yes}{no}}
condition = ${lookup{$sender_host_name}\
wildlsearch{/usr/local/etc/exim/db/dialup_hosts}{yes}{no}}
logwrite = SPAM. $sender_host_name possibly represents dialup host
set acl_c1 = ${eval:$acl_c1+8}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
dnslists = cbl.abuseat.org : sbl-xbl.spamhaus.org : bl.spamcop.net
logwrite = SPAM. You in blacklist - $dnslist_domain --> $dnslist_text; \
$dnslist_value
set acl_c1 = ${eval:$acl_c1+9}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
spf = fail
logwrite = SPAM. SPF check failed: $sender_host_address is not allowed to\
send mail from $sender_address_domain
set acl_c1 = ${eval:$acl_c1+10}
warn hosts = !+local_net : !localhost
condition = ${if eq{$acl_c1}{0}{yes}{no}}
!verify = sender/no_details/callout=15s
logwrite = SPAM. $acl_verify_message: $sender_address - does not exist
set acl_c1 = ${eval:$acl_c1+11}
warn hosts = !+local_net : !localhost
delay = 20s
accept domains = +relay_to_domains
hosts = !+local_net : !localhost
drop message = Access deny - this not open relay!
###################################################################################
### Проверяем тело письма ###
acl_check_data:
deny message = contains $found_extension file (blacklisted)
demime = com:vbs:bat:cmd:pif:scr:exe
deny malware = *
message = This message contains a virus ($malware_name).
deny message = This message contains a MIME error $demime_reason
demime = *
condition = ${if >{$demime_errorlevel}{2}{yes}{no}}
deny message = Incorrect headers syntax
hosts = !+local_net
!verify = header_syntax
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
dnslookup:
driver = dnslookup
domains = !+relay_to_domains : !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
more = no
cannot_route_message = Remote domain not found in DNS
ldap_EXTdistrib_group:
driver = redirect
domains = +relay_to_domains
allow_fail
allow_defer
condition = ${if eqi{${quote:$local_part}@$domain}{${lookup ldapdn{LDAP_AUTH ldap:///DC=jsp,DC=local?mail?sub?(objectClass=group)}}}{no}{yes}}
data = ${perl{get_mail_lists}{${quote:$local_part}@$domain}}
ldap_INTdistrib_group:
driver = redirect
domains = +relay_to_domains
allow_fail
allow_defer
condition = ${if and{{match{$local_part}{\N^dg_\N}}{match_domain\
{$sender_address_domain}{+relay_to_domains : +trust_domains}}}}
data = ${perl{get_mail_lists}{${quote:$local_part}@$domain}}
ldap_aliases:
driver = redirect
domains = +relay_to_domains
allow_fail
allow_defer
data = ${lookup ldapm{LDAP_AUTH LDAP_BASE_SEARCH\
?mail?sub?(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))\
(objectClass=user)(url=${quote_ldap:$local_part}\
${quote_ldap:@}${quote_ldap:$domain}))}}
ldap_forwarding:
driver = redirect
domains = +relay_to_domains
allow_fail
allow_defer
data = ${lookup ldapm{LDAP_AUTH LDAP_BASE_SEARCH?otherTelephone?sub?\
(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))\
(objectClass=user)(mail=${quote_ldap:$local_part}${quote_ldap:@}\
${quote_ldap:$domain}))}},${quote:$local_part}@${quote:$domain}
ldap_dovecot:
debug_print = "R: ldap_local_user for $local_part@$domain"
driver = accept
domains = +relay_to_domains
condition = ${if eq{}{${lookup ldapdn{LDAP_AUTH LDAP_BASE_SEARCH\
??sub?LDAP_MAIL_FILTER}}}{no}{yes}}
transport = dovecot_lda
router_home_directory = ${lookup ldapm{LDAP_AUTH LDAP_BASE_SEARCH\
?samaccountName?sub?LDAP_MAIL_FILTER}{/mail/$value/}}
user = 26
group = 26
more = no
cannot_route_message = Unknown address
system_aliases:
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = mailnull
group = mail
file_transport = address_file
pipe_transport = address_pipe
localuser:
driver = accept
domains = +local_domains
check_local_user
transport = local_delivery
cannot_route_message = Unknown address
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
begin transports
remote_smtp:
driver = smtp
dovecot_lda:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnull
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
local_delivery:
driver = appendfile
file = /mail/UNIX/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
user = $local_part
mode = 0660
no_mode_fail_narrower
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
* quota
* * F,2h,15m; G,8h,1h,1.5
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth2
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_gssapi:
driver = dovecot
public_name = GSSAPI
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
# End of Exim configuration file
Код: Выделить всё
#!/usr/bin/perl -w
use strict;
use warnings;
use Net::LDAP;
my %ldap_connect=(
HOST=>"172.16.16.4",
PORT=>"3268",
TIMEOUT=>"120",
BASE_DN=>"DC=JSP,DC=LOCAL",
BIND_DN=>"CN=unix_ldap,CN=Users,DC=JSP,DC=LOCAL",
BIND_PASS=>"Password",
VERSION=>"3"
);
sub get_mail_lists
{
my $address = shift;
my ($user_mail, $dn, $mesg, $entry, $mail_lists);
my (@array_of_ldap_search, @entries);
$mail_lists="";
my $ldap = Net::LDAP->new($ldap_connect{'HOST'}, version=>$ldap_connect{'VERSION'}, \
port=>$ldap_connect{'PORT'}, timeout=>$ldap_connect{'TIMEOUT'}) or die exit 0;
$mesg=$ldap->bind($ldap_connect{'BIND_DN'}, password => $ldap_connect{'BIND_PASS'}) or die exit 0;
$mesg = $ldap->search(
base => $ldap_connect{'BASE_DN'},
scope => 'sub',
filter => "(&(objectClass=top)(objectClass=group)(mail=$address))",
attrs => ['member']
);
foreach $entry ($mesg->entries) {
@array_of_ldap_search = $entry->get_value("member");
}
foreach $dn (@array_of_ldap_search) {
$mesg = $ldap->search(filter=>"(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectClass=user)(objectClass=person)(distinguishedName=$dn))",
base=>$ldap_connect{'BASE_DN'},
scope =>'sub',
attrs=>['mail']
);
@entries = $mesg->entries;
foreach $entry (@entries) {
$user_mail = $entry->get_value("mail");
$mail_lists = $mail_lists."\n".$user_mail;
}
}
$ldap->unbind;
return $mail_lists;
}
#print get_mail_lists('mf@emorion.com.ua'),"\n";
Так же всегда доступен в гуглтолке и аське maodzedun_at_gmail.com icq:125551140 могу и в скайп зайти... Хоть пост и похож на вопрос идиота, все же надеюсь что найдется человек который потратит немного своего времени и укажет камраду на ошибки !
