exim+dspam+exchange2000

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
taurus.rpd
рядовой
Сообщения: 21
Зарегистрирован: 2008-10-17 13:54:46

exim+dspam+exchange2000

Непрочитанное сообщение taurus.rpd » 2009-01-19 15:30:29

Есть непонятная трабла. Приходит письмо на exim, переправляется в dspam, возвращается exim а дальше на exchange. Иногда в exchange проскакивают очень странные сообщения от пользователя dspam@domain.com.ua (exim берет пользователей с АД а там такого пользователя ы в помине нет).

Код: Выделить всё

From - Wed Dec 24 14:04:15 2008
X-Account-Key: account2
X-UIDL: AAg/UtvAAAQtLrs7wy82QukHWnnnLkvt
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Received: from mx2.domain.com.ua ([10.0.5.4]) by mail.domain.com.ua with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 24 Dec 2008 13:54:41 +0200
Received: from dspam by domain.com.ua with local-bsmtp (Exim 4.68)
	(envelope-from <dspam@mx2.domain.com.ua>)
	id 1LFSLg-0002O1-Km
	for komp@domain.com.ua; Wed, 24 Dec 2008 13:56:24 +0200
Received: from [121.23.33.36] (helo=XFXTLSGYP)
	by mx2.domain.com.ua with esmtp (Exim 4.68)
	(envelope-from <mortgagersmn19@cryptivity.com>)
	id 1LFSLd-0002NI-LP; Wed, 24 Dec 2008 13:56:24 +0200
MY_REPORT_RETURN: mortgagersmn19@cryptivity.com
X-FILTER-SPAM: ICF Team Spam Filter on mx2.domain.com.ua, Wed, 24 Dec 2008 13:56:24 +0200
X-SENDER-INFO: UID - 8, GID - 12
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 24 13:56:24 2008
X-DSPAM-Confidence: 0.9755
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4952236891796491211187
X-DSPAM-Factors: 27,
	54+36, 0.00766,
	com>+Subject, 0.00958,
	ua>+Message, 0.01000,
	type=original+Content, 0.01000,
	transfer+encoding, 0.01000,
	type+text/plain, 0.01000,
	Content+type, 0.01000,
	Wed+24, 0.01000,
	24+Dec, 0.01000,
	Content+transfer, 0.01000,
	Date, 0.02603,
	X, 0.02807,
	X, 0.02807,
	54, 0.02951,
	Message, 0.02967,
	36, 0.03085,
	ua>, 0.03182,
	ua>, 0.03182,
	Dec+2008, 0.03334,
	Subject, 0.03466,
	19+54, 0.03716,
	0+X, 0.03754,
	From, 0.03844,
	24, 0.04625,
	Dec, 0.04877,
	To, 0.04953,
	19, 0.05059
Message-Id: <E1LFSLg-0002O1-Km@mx2.domain.com.ua>
From: added by portage for dspam <dspam@mx2.domain.com.ua>
Date: Wed, 24 Dec 2008 13:56:24 +0200
Return-Path: mortgagersmn19@cryptivity.com
Bcc:
X-OriginalArrivalTime: 24 Dec 2008 11:54:41.0882 (UTC) FILETIME=[67F12BA0:01C965BE]
X-EsetId: 4AEF762AF0386B6D55E9767DFA6E2E

MAIL FROM: <sinkholesc38@coat-it.com>
RCPT TO: <alka_chichkova@mail.domain.com.ua>
RCPT TO: <natela@mail.domain.com.ua>
RCPT TO: <ela@mail.domain.com.ua>
RCPT TO: <shishkin@mail.domain.com.ua>
RCPT TO: <dobik@mail.domain.com.ua>
RCPT TO: <dobrik@mail.domain.com.ua>
RCPT TO: <seagull@mail.domain.com.ua>
RCPT TO: <sebgull@mail.domain.com.ua>
RCPT TO: <dana@mail.domain.com.ua>
RCPT TO: <staff@mail.domain.com.ua>
DATA
Date: Wed, 24 Dec 2008 19:54:36 +0800
From: "Tracey Humphrey" <sinkholesc38@coat-it.com>
Subject: =?koi8-r?B?8M/EwdLJ1MUg3NTPIMLMydrLz83VIN7FzM/XxcvV?=
To: <alka_chichkova@mail.domain.com.ua>
Message-ID: <000d01c965be$64b98040$6400a8c0@sinkholesc38>
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal

http://tutserial.ru

Системма настроена для одного пользователя dspam. Все сообщения направляются пользователям.
Если есть идеи - выслушаю с удовольствием. Нужна будет дополнительная информация - выложу.
Конфиг exim:

Код: Выделить всё


primary_hostname = mx2.domain.com.ua
helo_accept_junk_hosts= *
helo_allow_chars = _
smtp_banner= ESMTP $tod_full
message_size_limit = 15M
log_file_path=syslog
smtp_return_error_details
smtp_enforce_sync=false
smtp_accept_max = 1000
smtp_accept_queue_per_connection = 0
queue_only_load = 10
remote_max_parallel = 30
# smtp_reserve_hosts = +local_network
split_spool_directory = true

domainlist local_domains = localhost : mx2.domain.com.ua
domainlist relay_to_domains = mx2.domain.com.ua
hostlist   relay_from_hosts = 127.0.0.0/8 : 10.0.6.0/24 

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_spam

av_scanner = clamd:10.0.6.6 3310
spamd_address = 10.0.6.6 783

never_users = root
host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 20m
timeout_frozen_after = 1h



######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl

acl_check_rcpt:

  accept  hosts = +relay_from_hosts
  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  deny    domains           = +local_domains
          local_parts = staff : &management
  accept  local_parts   = postmaster
          domains       = +local_domains

  # Deny unless the sender address can be verified.

  accept  domains       = +local_domains
        add_header = MY_REPORT_RETURN: $sender_address
          endpass
          verify        = recipient

  # Accept if the address is in a domain for which we are relaying, but again,
  # only if the recipient can be verified.

# Рубаем нах, тех, кто подставляет свой IP в HELO
  deny    message       = "Не надо пихать свой IP в качестве HELO!"
          hosts         =  *:!+relay_from_hosts
          condition     = ${if eq{$sender_helo_name}\
                           {$sender_host_address}{true}{false}}

# Рубаем тех, кто в HELO пихает мой IP 
  deny    condition     = ${if eq{$sender_helo_name}\
                           {$interface_address}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "Это мой IP-адрес! Пшёл прочь!"

# Рубаем тех, кто в HELO пихает только цифры
# (не бывает хостов ТОЛЬКО из цифр)
  deny    condition     = ${if match{$sender_helo_name}\
                           {\N^\d+$\N}{yes}{no}}
          hosts         = !127.0.0.1:!localhost:*
          message       = "В HELO не могут быть тока цифры!"

  accept  domains       = +relay_to_domains
          endpass
          message       = "Моя сервера не знать маршрут на этот хост..."
          verify        = recipient



# Рубаем тех, кто в блэк-листах. Серваки перебираются
# сверху вниз, если не хост не найден на первом, то
# запрашивается второй, и т.д. Если не найден ни в одном
# из списка - то почта пропускается.
  deny    message       = "Вы находитесь в "черном" списке - $dnslist_domain --> $dnslist_text"
          dnslists      = cbl.abuseat.org : \
                          bl.csma.biz : \
                          bl.spamcop.net : \
                          dnsbl.njabl.org : \
                          china.blackholes.us
#                         dynablock.njabl.org
  accept  hosts         = +relay_from_hosts
  accept  authenticated = *
#  deny    message       = relay not permited
  deny    message       = "Свободен. Это тебе не ОпенРелей."

acl_check_mime:

  warn    decode        = default
  deny    message       = Blacklisted file extension detected
          condition     = ${if match {${lc:$mime_filename}} \
                          {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.cpl)$\N}{1}{0}}

warn
        deny  message   = This text contains the word (viagra)
              mime_regex = \N(?i)(\A|\s+)v\s*i\s*a\s*g\s*r\s*a(\Z|\s+)\N

accept

acl_check_spam:

    warn set acl_m2 = 7M
    deny message = Big message
    senders =  !/etc/exim/big_sender.conf
    condition = ${if >{$message_size}{$acl_m2}}

    warn set acl_m0 = 0
    accept  message = contains mail delivery regex ($regex_match_string)
              regex = delivery failed : mail delivery
         add_header = MY_REPORT_SUBJ: $regex_match_string
         set acl_m0 = 1
         add_header = MY_REPORT_TEST: $acl_m0

   deny malware        = *
        message        = This message contains a virus ($malware_name).

   deny message        = Spam: This message probably spam
        hosts          = !+relay_from_hosts
        condition      = ${if <{$message_size}{100k}{1}{0}}
        spam           = mail:true
        condition      = ${if >{$spam_score_int}{49}{1}{0}}

# Рубаем письма с китайскими сиволами
   deny message = "this is spam - denied"
        condition = ${if match{$message_body} \
                     {105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
                     {yes}{no}}
   accept



######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################

begin routers

to_dspam:
  driver = accept
  transport = dspam_transport
  local_parts = dspam

mail_delivery_local:
  driver = manualroute
  domains = +local_domains
  headers_add = Return-Path: $h_MY_REPORT_RETURN
  condition = ${if eq {$acl_m0}{1}{yes}{no}}
  route_list = * 10.0.6.5
  transport = local_smtp

mail_delivery_no_local:
  driver = accept
  domains = !+local_domains
  headers_add = Return-Path: $h_MY_REPORT_RETURN
  condition = ${if eq {$acl_m0}{1}{yes}{no}}
  transport = remote_smtp

incoming_spam:
     driver = accept
     local_parts = yakim
     transport = add_incoming_spam

spamscan_router:
  no_verify
  headers_remove = X-FILTER-SPAM : X-Spam-Score : X-Spam-Score-Gate : X-Spam-Report : X-Spam-Gate-Subject : X-Spam-Flag : X-S
  condition = "${if and {{!eq {$received_protocol}{spam-scanned}} {!def:h_X-FILTER-SPAM:} } {1}{0}}"
  driver = accept
  headers_add = X-FILTER-SPAM: ICF Team Spam Filter on $primary_hostname, $tod_full\n\
                X-SENDER-INFO: ${if def:authenticated_id {ID - ${authenticated_id},}} \
                ${if def:authenticated_sender {authenticated_sender - ${authenticated_sender},}} \
                ${if def:sender_ident {rfc1413(ident) - ${sender_ident},}} \
                ${if def:originator_uid {UID - ${originator_uid},}} \
                ${if def:originator_gid {GID - ${originator_gid}}}

  local_parts = !addham: !addspam: !ham: !spam: !nospam
 senders =  !/etc/exim/white_senders.conf
  domains = +local_domains
  transport = spamcheck_transport
  require_files = /var/spool/dspam:/usr/bin/dspam

to_dspam2:
  driver = accept
  transport = dspam_transport
  local_parts = dspam

copy:
  driver = redirect
  verify = yes
  unseen = yes
  allow_fail
  allow_defer
  senders = ${lookup{$sender_address_local_part}lsearch{/etc/mail/senders}}
  data = ${lookup{$sender_address}lsearch{/etc/mail/copy}}
  file_transport = address_file
  pipe_transport = address_pipe

remove:
  driver = redirect
  verify = yes
  allow_fail
  allow_defer
  senders = ${lookup{$sender_address_local_part}lsearch{/etc/mail/send_remove}}
  data = ${lookup{$sender_address}lsearch{/etc/mail/send_copy}}
  file_transport = address_file
  pipe_transport = address_pipe

system_aliases:
  driver = redirect
  domains = +local_domains
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe

dnslookup:
  driver = dnslookup
  domains = !+local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

aduser:
  driver = manualroute
  domains = +local_domains
  condition = ${if eq {}{${lookup ldap {user="user@domain.com.ua" pass="password" ldap://10.0.6.5/dc=companion,dc=ua?objectClass?sub?proxyAddresses=smtp:${local_part}@${domain}}}}{no}{yes}}
  headers_remove = Sender : Return-Path : X-DSPAM-Factors :
  headers_add = Return-Path: $h_MY_REPORT_RETURN
  transport = local_smtp
  route_list = * 10.0.6.5
  cannot_route_message = Unknown user

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

begin transports

spamcheck_transport:
  driver = pipe
  command = "/usr/sbin/exim -oi -oMr spam-scanned -bS"
  transport_filter = /usr/bin/dspam --stdout --deliver=innocent,spam --user dspam --mail-from "${lc:$sender_address}" --rcpt-to "${lc:$local_part}@${lc:$domain}"
  user = dspam
  group = dspam
  use_bsmtp = true
  home_directory = "/var/spool/dspam"
  current_directory = "/var/spool/dspam"
  delivery_date_add = true
  return_path_add = false
  envelope_to_add = true
  log_fail_output = true
  log_defer_output = true
  temp_errors = *

add_incoming_spam:
  driver = pipe
  command = /usr/bin/dspam --user dspam --class=spam --source=inoculation
  return_path_add = false
  return_fail_output = true
  log_output = true
  home_directory = "/var/spool/dspam"
  current_directory = "/var/spool/dspam"
  user = dspam
  group = dspam
  message_prefix = ""
  message_suffix = ""



# рСР ЯНГДЮЕРЯЪ ЯОЕЖХЮКЭМЮЪ ОЮОЙЮ
# ЙСДЮ ЯЙКЮДШБЮЕРЯЪ ОНЛЕВЕММШИ ЯОЮЛ ДКЪ
# ОНЯКЕДСЧЫЕЦН НЯЛНРПЮ Х ПЮГАНПЮ.
local_delivery_spam_transport:
  driver = appendfile
  file = /var/spool/dspam/data/domain.com.ua/dspam/dspam.mbox
  delivery_date_add
  envelope_to_add
  return_path_add
  group = dspam
  user = dspam
  mode = 0660
  no_mode_fail_narrower

dspam_transport:
  driver = appendfile
  file = /var/spool/dspam/dspam.mbox
  delivery_date_add
  envelope_to_add
  return_path_add
  group = dspam
  user = dspam
  mode = 0660
  no_mode_fail_narrower


remote_smtp:
  driver = smtp
  interface = IP

local_smtp:
  driver = smtp
  interface = IP

copy:
  driver = smtp

######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

begin retry

# Domain               Error       Retries
# ------               -----       -------

*                      *           F,12h,1m; G,12h,1h,1; F,1d,1h

######################################################################
#                    E CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators

cram:
  driver = cram_md5
  public_name = CRAM-MD5
  server_secret = "${if saslauthd{{$1}{$2}}{1}{0}}"
  server_set_id = $1

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
  server_set_id = $1


Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35466
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: exim+dspam+exchange2000

Непрочитанное сообщение Alex Keda » 2009-01-23 12:54:56

чё-то я нифига не понял...
роуты поковыряйте, если письма не туда идут
Убей их всех! Бог потом рассортирует...