Большая часть писем отбрасывается в логах как:
Код: Выделить всё
2008-10-31 03:18:30 [23442] H=sheep.nt.ru [89.175.73.111]:1829 I=[81.13.121.58]:25 incomplete transaction (connection lost) from <*********@nt.ru> for ***********@cybertronika.ru
/usr/local/etc/exim/configure
Код: Выделить всё
.include_if_exists /usr/local/etc/exim/includes/100.main.conf
begin acl
acl_check_rcpt:
.include_if_exists /usr/local/etc/exim/includes/200.acl_check_rcpt.conf
.include_if_exists /usr/local/etc/exim/includes/300.acl_check_rcpt_spam_rule.conf
.include_if_exists /usr/local/etc/exim/includes/400.acl_check_rcpt_end.conf
acl_check_data:
.include_if_exists /usr/local/etc/exim/includes/500.acl_check_data.conf
begin routers
.include_if_exists /usr/local/etc/exim/includes/600.routers.conf
begin transports
.include_if_exists /usr/local/etc/exim/includes/700.transports.conf
.include_if_exists /usr/local/etc/exim/includes/800.retry_and_rewrite.conf
begin authenticators
.include_if_exists /usr/local/etc/exim/includes/900.authenticators.conf
Код: Выделить всё
primary_hostname = mail.cybertronika.ru
hide mysql_servers = localhost/exim_db/exim_user/exim_pass
MS_EXCHANGE_DOMAIN = cybertronika.main
INTERNAL_IP = 192.168.0.1
ldap_default_servers = <; 192.168.0.250:3268
LDAP_AD_BINDDN = xxxxxxxx
LDAP_AD_PASS = xxxxxxxx
LDAP_AD_BASE_DN = DC=cybertronika,DC=main
# макрос для проверки пользователей в домене
LDAP_AD_MAIL_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN?mail?sub?\
(&(|(objectClass=user)(objectClass=publicFolder)(objectClass=group))\
(|(proxyAddresses=${quote_ldap:${local_part}@MS_EXCHANGE_DOMAIN})\
(proxyAddresses=smtp:${quote_ldap:${local_part}@MS_EXCHANGE_DOMAIN}))\
(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
domainlist local_domains = cybertronika.ru
domainlist relay_to_domains = cybertronika.ru
hostlist relay_from_hosts = localhost : 127.0.0.0/8 : 192.168.0.0/24
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd
qualify_domain = mail.cybertronika.ru
qualify_recipient = mail.cybertronika.ru
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d
helo_accept_junk_hosts = 192.168.0.0/24
auto_thaw = 5m
smtp_banner = "$primary_hostname, CyberMail Server"
smtp_accept_max = 400
smtp_accept_max_per_connection = 50
smtp_connect_backlog = 30
smtp_accept_max_per_host = 5
smtp_accept_reserve = 50
smtp_reserve_hosts = 192.168.0.250 : 83.222.23.128 : 83.222.23.178 : \
193.124.133.203 : \
93.95.97.33 : \
194.135.22.221 : \
194.135.22.210 : \
194.135.105.230 : \
93.95.97.34 : \
212.59.102.129
split_spool_directory = true
remote_max_parallel = 100
return_size_limit = 70k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector = \
+all
system_filter = /usr/local/etc/exim/filters/system-filter
system_filter_pipe_transport = address_pipe
system_filter_user = mailnull
system_filter_group = mail
syslog_timestamp = no
log_file_path = syslog : /var/log/exim/%s-%D.log
Код: Выделить всё
accept recipients = rs2000server@cybertronika.ru
accept senders = sveta@digital-tex.ru
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
delay = 30s
deny message = "incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
delay = 30s
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 30s
accept authenticated = *
deny message = We don't allow domain literals, many spam...
hosts = !+relay_from_hosts:*
condition = ${if isip{$sender_helo_name}{yes}{no}}
delay = 30s
deny condition = ${if match{$sender_helo_name}{\N_\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+20}
deny message = Invalid address
senders = \N^\.|\.@\N
/usr/local/etc/exim/includes/300.acl_check_rcpt_spam_rule.conf
Код: Выделить всё
warn set acl_m0 = 0
warn condition = ${if !eq{$sender_helo_name}{$sender_host_name}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+30}
warn condition = ${if eq{$host_lookup_failed}{1}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+30}
warn condition = ${if match{$sender_host_name} \
{\N((?>\w+[\.|\-]){4,})\N}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+40}
warn condition = ${if <{${strlen:$sender_address}}{25}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+10}
warn condition = ${lookup{$sender_host_name} \
wildlsearch{/usr/local/etc/exim/db/dialup_hosts} \
{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+60}
warn condition = ${lookup{$sender_helo_name} \
wildlsearch{/usr/local/etc/exim/db/dialup_hosts} \
{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+60}
warn condition = ${if >{$recipients_count}{4}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+($recipients_count*20)}
warn condition = ${if !eq{${lookup mysql{SELECT 1 FROM \
`list_top_level_domains` WHERE `zone` = \
LCASE(CONCAT('.', SUBSTRING_INDEX( \
'${quote_mysql:$sender_helo_name}', \
'.', -1)))}}}{1}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+150}
warn spf = fail
hosts = !+relay_from_hosts : *
set acl_m0 = ${eval:$acl_m0+60}
warn set acl_m2 = 0
warn condition = ${if eq{${lookup mysql{SELECT 1 FROM `sended_list` \
WHERE `user_to` = \
LCASE('${quote_mysql:$sender_address}') \
AND `user_from` \
= LCASE('${quote_mysql:$local_part@$domain}') \
AND `last_mail_timestamp` < `last_mail_timestamp` \
+ (60*24*60*60) LIMIT 1}}}{1}{yes}{no}}
condition = ${lookup mysql{INSERT IGNORE INTO `domain_whitelist` \
(`domainname`, `domain_ip`, `added_timestamp`, \
`last_mail_timestamp`, `mail_count`) VALUES \
(LCASE('${quote_mysql:$sender_address_domain}'), \
'${quote_mysql:$sender_host_address}', \
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1') \
ON DUPLICATE KEY UPDATE \
`last_mail_timestamp` = UNIX_TIMESTAMP(), \
`mail_count` = `mail_count` + 1}}
hosts = !+relay_from_hosts : *
set acl_m2 = 1
warn condition = ${if eq{${lookup mysql{SELECT 1 \
FROM `domain_whitelist` \
WHERE `domain_ip` = \
'${quote_mysql:$sender_host_address}' \
LIMIT 1}}}{1}{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m2 = 1
Код: Выделить всё
warn condition = ${if eq{$acl_m2}{1}{yes}{no}}
logwrite = Resetting acl_m0 $acl_m0 --> 0, host in whitelist \
($sender_address ==> $local_part@$domain)
set acl_m0 = 0
warn
set acl_c0 = 15s
warn
condition = ${if !eq{$acl_m0}{0}{yes}{no}}
condition = ${if >{$acl_m0}{150}{yes}{no}}
set acl_c0 = ${eval:$acl_m0/10}s
warn
hosts = +relay_from_hosts
set acl_c0 = 0s
warn
condition = ${if eq{$acl_m2}{1}{yes}{no}}
set acl_c0 = 0s
warn
delay = $acl_c0
deny message = "you in blacklist - $dnslist_domain --> \
$dnslist_text; $dnslist_value"
hosts = !+relay_from_hosts
delay = 10s
dnslists = psbl.surriel.com : \
no-more-funn.moensted.dk : \
db.wpbl.info : \
cn.countries.nerd.dk : \
pl.countries.nerd.dk : \
es.countries.nerd.dk : \
it.countries.nerd.dk : \
jp.countries.nerd.dk : \
tw.countries.nerd.dk : \
fr.countries.nerd.dk : \
bl.csma.biz : \
dul.ru : \
lv.countries.nerd.dk : \
dk.countries.nerd.dk : \
dnsbl.njabl.org : \
ee.countries.nerd.dk : \
dynablock.njabl.org : \
list.dsbl.org : \
dnsbl.ahbl.org : \
ircbl.ahbl.org : \
rhsbl.ahbl.org : \
dnsbl.net.au : \
bogons.cymru.com : \
ex.dnsbl.org : \
in.dnsbl.org : \
abuse.rfc-ignorant.org : \
bogusmx.rfc-ignorant.org : \
dsn.rfc-ignorant.org : \
postmaster.rfc-ignorant.org : \
whois.rfc-ignorant.org : \
dnsbl.rangers.eu.org : \
combined.dynablock.org : \
li.countries.nerd.dk
accept domains = +local_domains
verify = recipient
deny domains = +relay_to_domains
message = "Unknown user for this domain"
condition = ${if !match{${lookup ldap {LDAP_AD_MAIL_RCPT}}}\
{@cybertronika.main}{yes}{no}}
accept hosts = +relay_from_hosts
accept domains = +relay_to_domains
deny message = "Access deny - this not open relay!"
delay = 30s
Код: Выделить всё
deny message = contains $found_extension file (blacklisted).
demime = com:vbs:bat:pif:scr:exe
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
warn malware = *
logwrite = VIRUS from host $sender_host_name [$sender_host_address]. \
Mail from $sender_address to $local_part@$domain.
set acl_m1 = 1
logwrite = "In e-mail found VIRUS - $malware_name"
deny message = This message contains NUL characters
log_message = NUL characters!
condition = ${if >{$body_zerocount}{0}{1}{0}}
deny message = Incorrect headers syntax
hosts = !+relay_from_hosts:*
!verify = header_syntax
deny message = Administrative denied 'blind' ('hidden') copy messages
condition = ${if >{$acl_m0}{110}{yes}{no}}
hosts = !+relay_from_hosts:*
!verify = not_blind
warn condition = ${if eq{${lookup mysql{SELECT 1 FROM `sended_list` \
WHERE `user_to` = \
LCASE(SUBSTR('${quote_mysql:$reply_address}', \
POSITION('<' IN '${quote_mysql:$reply_address}') +1, \
POSITION('>' IN '${quote_mysql:$reply_address}') \
- POSITION('<' IN '${quote_mysql:$reply_address}') -1) \
) AND `user_from` \
= LCASE('${quote_mysql:$local_part@$domain}') AND \
`last_mail_timestamp` < `last_mail_timestamp` \
+ (60*24*60*60) LIMIT 1}}}{1}{yes}{no}}
condition = ${lookup mysql{INSERT IGNORE INTO `domain_whitelist` \
(`domainname`, `domain_ip`, `added_timestamp`, \
`last_mail_timestamp`, `mail_count`) VALUES \
(LCASE('${quote_mysql:$sender_address_domain}'), \
'${quote_mysql:$sender_host_address}', \
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1') \
ON DUPLICATE KEY UPDATE \
`last_mail_timestamp` = UNIX_TIMESTAMP(), \
`mail_count` = `mail_count` + 1}}
hosts = !+relay_from_hosts : *
set acl_m2 = 1
accept
Код: Выделить всё
conversion_router:
driver = redirect
data = ${lookup ldap {LDAP_AD_MAIL_RCPT}}
user = mailnull
group = mail
domains = +relay_to_domains
exchange_router:
driver = "manualroute"
domains = cybertronika.ru
transport = remote_smtp
route_list = * 192.168.0.250
no_more
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = mailnull
group = mail
file_transport = address_file
pipe_transport = address_pipe
allow_fail
allow_defer
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
Код: Выделить всё
remote_smtp:
driver = smtp
hosts_avoid_esmtp = ${lookup mysql{INSERT IGNORE INTO `sended_list` \
(`user_from`, `user_to`, `added_timestamp`, \
`last_mail_timestamp`, `mail_count`) VALUES \
(LCASE('${quote_mysql:$sender_address}'), \
LCASE('${quote_mysql:$local_part@$domain}'), \
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1') ON DUPLICATE \
KEY UPDATE `last_mail_timestamp` = UNIX_TIMESTAMP(), \
`mail_count` = `mail_count` + 1}}
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
user = $local_part
mode = 0660
no_mode_fail_narrower
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
null_transport:
driver = appendfile
file = /dev/null
Код: Выделить всё
begin retry
begin rewrite
Код: Выделить всё
Код: Выделить всё
logfile /var/log/exim/system-filter.log
# проверяем, нет ли вирусов
if $acl_m1 contains "1"
then
# копируем письма. с вирусами нам не нужны.
deliver viruses@eliron.ru
#no_more
else
# Спам
#logwrite "EXIM FILTER: debug - digit in variable acl_m0 = $acl_m0 (before)"
# Проверяем содержимое переменной про спам (содержит ли цифры)
if $acl_m0 matches ^\\d+
then
#logwrite "FILTER: debug - digit in variable acl_m0 = $acl_m0 (after first if)"
# Строим новую тему письма - если спам
# Проверяем содержимое переменной со счётчиком спамерских очков.
# На данный момент считаем - что если 60 и более - это спам.
# Добавляем заголовки с объяснением происходящего
headers add "X-Spam-Description: if spam count > 60 - this is spam"
headers add "X-Spam-Count: $acl_m0"
# рихтуем хеадеры
if $acl_m0 is above 59
then
# headers add "Old-Subject: $h_subject:"
# headers remove "Subject"
# headers add "Subject: (*** SPAM ***) $h_old-subject:"
headers add "X-Spam: YES"
# Старый заголовок оставляем, на всякий случай
#headers remove "Old-Subject"
#logwrite "EXIM FILTER: Spam count = $acl_m0 ; Added SPAM header"
endif
# Закрытие - содержит цифры
endif
#logwrite "EXIM FILTER: interface_address = $interface_address"
# перезапись заголовков, которые не окучены штатно - exim`ом
if $interface_address is INTERNAL_IP
then
headers add "Old-Disposition-Notification-To: $h_Disposition-Notification-To:"
headers add "Old-Return-Receipt-To: $h_Return-Receipt-To:"
headers remove "Disposition-Notification-To"
headers remove "Return-Receipt-To"
headers add "Disposition-Notification-To: <$sender_address>"
headers add "Return-Receipt-To: <$sender_address>"
logwrite "EXIM FILTER: heders rewritten in filter"
endif
# закрываем проверку на вирусы в письме
endif
