столкнулся и я с некоторой непоняткой в конфиге.
Когда пользователь находится в домашней сети(xxx.xxx.xxx.xxx/28) и отправляет письма с одного домена на другой (оба этот exim обслуживает), то почта ходит отлично.
Если же пользователь находится например дома(НЕ в домашней сети), то при отправке с одного домена на другой почта проверяется на разные кондишены и антиспам. и уже несколько раз от таких пользователей письма попадали в папку /.Spam.
Так вот вопрос - это так и должно быть или я что то в конфиге намудрил?
По идее после фразы accept authenticated = * не должно ничего проверяться, но тем не менее...
собсно сам конфиг.
Код: Выделить всё
#!/bin/sh
#****************************************************************************
#* Макросы для auto whitelist *
#****************************************************************************
MYSQL_DOMAINS = SELECT `domain` FROM `domain` WHERE `domain`='quote_mysql:$domain' AND `active`=1 LIMIT 1
MYSQL_MYLIST = INSERT INTO `mylist`(src_email,dst_email,record_expires) VALUES ('$sender_address','$acl_m4@$acl_m5',DATE_ADD(now(), INTERVAL 100 DAY))
MYSQL_UPDATEMYLIST = UPDATE `mylist` SET `record_expires`=DATE_ADD(now(), INTERVAL 30 DAY) WHERE `src_email`='$sender_address' AND `dst_email`='$acl_m4@$acl_m5'
MYSQL_DELMYLISTEXPIRED = DELETE FROM `mylist` WHERE `record_expires` < now()
MYSQL_TESTMYLIST = SELECT CASE WHEN now() - `record_expires` > 0 THEN 2 ELSE 1 END FROM `mylist` WHERE `src_email`='$sender_address' AND `dst_email`='$acl_m4@$acl_m5'
MYSQL_TESTCLIENTMYLIST = SELECT CASE WHEN now() - `record_expires` > 0 THEN 2 ELSE 1 END FROM `mylist` WHERE `dst_email`='$sender_address' AND `src_email`='$local_part@$domain'
#****************************************************************************
primary_hostname = ns.domen.ru
hide mysql_servers = localhost/dbname/dbuser/dbpassword
domainlist local_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}}
domainlist relay_to_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}}
hostlist relay_from_hosts = localhost:127.0.0.0/8:xxx.xxx.xxx.xxx/28
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
daemon_smtp_ports = 25
qualify_domain = ns.domen.ru
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
#host_lookup = *
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 45m
timeout_frozen_after = 5d
freeze_tell = support@domen.ru
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 70
#smtp_accept_max_perconnection = 50
smtp_connect_backlog = 70
smtp_accept_max_per_host = 50
split_spool_directory = true
remote_max_parallel = 30
return_size_limit = 10k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = true
accept_8bitmime = yes
#log_file_path = $spool_directory/log/%slog
log_selector = \
# +all
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run \
syslog_timestamp = no
#system_filter = /usr/local/etc/exim/exim.filter
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
######################################################################
# ACL RCPT #
######################################################################
acl_check_rcpt:
#****************************************************************************
# MySQL List
#****************************************************************************
warn set acl_m3 = ${lookup mysql{MYSQL_DOMAINS}}
set acl_m4 = $local_part
set acl_m5 = $domain
# Для наших пользователей записываем наш $sender_address и адрес получателя($local_part@$domain).
# Существуют записи для данной пары src-dst email? Если нет, вернёт 0.
warn
authenticated = *
set acl_m19 = ${lookup mysql{MYSQL_TESTMYLIST}{$value}{0}}
# Если существует, изменяем поле record_expire
warn
authenticated = *
condition = ${if and {{eq{$acl_m3}{}}{!eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_UPDATEMYLIST}}
# Если не существует такой записи, добавляем в базу.
warn
authenticated = *
domains = !+local_domains
condition = ${if and {{eq{$acl_m3}{}}{eq{$acl_m19}{0}}}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_MYLIST}}
# Белые списки
# Принимаем от пользователей (E-Mail'ов), которым мы посылали сообщения (10 дней максимум) 0 - Нет записи, 1 - Принимаем, 2 - Срок истёк.
warn set acl_m19 = ${lookup mysql{MYSQL_TESTCLIENTMYLIST}{$value}{0}}
accept domains = +local_domains
condition = ${if eq{$acl_m19}{1}{yes}{no}}
add_header = AutoWhitelist: $acl_m19
endpass
message = "Unknown user"
verify = recipient
#****************************************************************************
accept hosts = :
deny domains = +local_domains
!verify = recipient
message = "Unknown user"
deny message = "Restricted characters in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "Restricted characters in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
control = submission
# Рубаем нах, тех, кто подставляет IP в HELO
deny message = "Your hostname is bad. Test HELO/EHLO failed. IP in HELO"
hosts = !+relay_from_hosts
condition = ${if isip{$sender_helo_name}{yes}{no}}
# Рубаем тех, кто в HELO пихает только цифры
# (не бывает хостов ТОЛЬКО из цифр)
deny message = "Your hostname is bad. Test HELO/EHLO failed. Digits in HELO"
hosts = !+relay_from_hosts
condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
# Рубаем хосты типа *adsl*; *dialup*; *pool*;....
deny message = "Your hostname is bad. Test HELO/EHLO failed. Dynamic pool in HELO"
hosts = !+relay_from_hosts
condition = ${if match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}
#block from localhost.localdomain
deny message = "Your hostname is bad. Test HELO/EHLO failed. Localhost in HELO"
hosts = !+relay_from_hosts
condition = ${if match {$sender_helo_name}{localhost.localdomain}{yes}{no}}
#deny message = "Your hostname is bad. Test HELO/EHLO failed. To much subdomains in HELO"
# hosts = !+relay_from_hosts
# condition = ${if match{$sender_host_name}{\N((?>\w+[\.|\-]){4,})\N}{yes}{no}}
warn
set acl_m0 = 5s
warn
hosts = +relay_from_hosts
set acl_m0 = 0s
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
deny message = "you in blacklist - $dnslist_domain \n $dnslist_text"
dnslists= sbl.spamhaus.org:\
zen.spamhaus.org : \
opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org :\
dul.ru :\
bl.spamcop.net :\
dnsbl.void.ru
accept hosts = +relay_from_hosts
#****************************************************************************
# Очищаем в 12 часов список mylist c устаревшими записями каждого 1-го числа месяца
warn
set acl_m19 = ${substr{6}{4}{$tod_zulu}}
condition = ${if eq{$acl_m19}{0112}{yes}{no}}
set acl_m19 = ${lookup mysql{MYSQL_DELMYLISTEXPIRED}}
#****************************************************************************
deny message = "Relay not permitted"
# ACL DATA #
acl_check_data:
deny malware = *
hosts = !+relay_from_hosts
message = This message contains a virus ($malware_name).
deny message = Too many bad recipients
condition = ${if and {{>{$rcpt_count}{10}}{<{$recipients_count}{${eval:$rcpt_count/2}}}}{yes}{no}}
#****************************************************************************
#Зачем проверять содержимое на спам, если отправитель в AutoWhitelist?
accept
hosts = !+relay_from_hosts
condition = ${if eq{$acl_m19}{1}{yes}{no}}
#****************************************************************************
warn message = X-Spam-Score: $spam_score ($spam_bar)
hosts = !+relay_from_hosts
spam = nobody:true
warn message = X-Spam-Report: $spam_report
hosts = !+relay_from_hosts
spam = nobody:true
warn message = Subject: ***SPAM*** $h_Subject:
hosts = !+relay_from_hosts
spam = nobody
warn message = X-Spam-Status: ***SPAM*** $h_Subject:
hosts = !+relay_from_hosts
spam = nobody
deny message = This message scored $spam_score spam points.
hosts = !+relay_from_hosts
spam = nobody:true
condition = ${if >{$spam_score_int}{150}{1}{0}}
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
mysqluser_spam:
driver = accept
domains = +local_domains
condition = ${if >{$spam_score_int}{59}{yes}{no}}
transport = mysql_spam_delivery
no_verify
no_expn
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}}
vsem_mysql:
driver = redirect
domains = +local_domains
allow_fail
allow_defer
condition = ${if eq{$local_part}{send_all}{yes}{no}}
data = ${lookup mysql{ SELECT `username` FROM `mailbox` WHERE `domain`='${domain}' AND `active`=1 }}
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
begin transports
remote_smtp:
driver = smtp
mysql_spam_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup mysql{SELECT CONCAT('/usr/local/exim/', `domain`, '/', `maildir`, '/', '.Spam') \
#directory = ${lookup mysql{SELECT CONCAT('/usr/local/exim/','$domain', '/', '$localpart', '/', '.Spam') \
FROM `mailbox` WHERE `username`='${local_part}@${domain}'}}
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
#local_delivery:
# driver = appendfile
# file = /var/mail/$local_part
# delivery_date_add
# envelope_to_add
# return_path_add
# group = mail
# user = $local_part
# mode = 0660
# no_mode_fail_narrower
dovecot_delivery:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnull
address_pipe:
driver = pipe
return_output
#address_file:
# driver = appendfile
# delivery_date_add
# envelope_to_add
# return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin rewrite
begin authenticators
#auth_plain:
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if crypteq{$3}{${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$2}'}}}{yes}{no}}"
server_prompts = :
server_set_id = $2
# NE
auth_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = "${if crypteq{$2}{${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$1}'}}}{yes}{no}}"
server_set_id = $1
#TheBat!
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $auth2
