Сегодня когда заглянул на сервак был в шоке, отправлено 60к писем+ 15к в очереди....
когда посмотрел лог то увидел что отправляли и неопознаного Айпи с логином и паролем для авторизации одного из сотрудников...
Ну понятно, шо сразу поменял пароль, удалил письма в очереди, на данный момент вроди бы все спокойно, но как застраховаться от таких неприятностей??
Вот я и подумал, как сделать так что бы отправка писем возможна была только с локалхоста, что бы при конекте на 25 порт на отправку через сервер даже авторизированых пользователей их посылало надолго???
Мой конфиг екзима:
Код: Выделить всё
#!/bin/sh
primary_hostname = xxxxxxxxxxxxxxxxx.com.ua
hide mysql_servers = localhost/чччччч/чччччч/чччччччччччччч
domainlist local_domains = ччччччччччччч.com.ua
domainlist relay_to_domains = ччччччччччччч.com.ua
hostlist relay_from_hosts = localhost:127.0.0.0/8
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
hostlist bad_senders = /usr/local/etc/exim/spamersip
log_file_path = /var/log/exim/%slog
write_rejectlog = no
qualify_domain = ччччччччччччч.com.ua
qualify_recipient = ччччччччччччч.com.ua
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 2d
freeze_tell = xxxx@ччччччччччччч.com.ua
helo_accept_junk_hosts = localhost:127.0.0.0/8
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 50
smtp_accept_max_per_connection = 25
smtp_connect_backlog = 30
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 20
return_size_limit = 70k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = true
auth_advertise_hosts = *
log_selector =\
# +all
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
+queue_run
syslog_timestamp = yes
begin acl
acl_check_rcpt:
accept hosts = :
deny message = "Yours IP is BANNED"
hosts = +bad_senders
deny message = "Invalid characters in the address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "Invalid characters in the address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept authenticated = *
control = submission/sender_retain
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = "HELO / EHLO required by SMTP RFC be"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
#control = submission
deny message = "No need to push its own IP as the HELO!"
hosts = *:!+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "This is my IP-address! Go away!"
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1:!localhost:*
message = "In the HELO can be only numbers!"
deny condition = ${if match{$sender_address}{\N^\s+$\N}{yes}{no}}
hosts = * : !localhost : !127.0.0.1 : !+relay_from_hosts
message = "Where sender of this mail?!"
#---------------------------------------------------------------------
deny condition = ${if match{$sender_host_name}{\N^[a-z\-\.]*[0-9]{3, }.*?(\.cable|\.\w?dsl|\.\w?dsl-dhcp|\.(dialup|dial-up)[0-9\-\.]*|\.dyn[0-9\-\.]*|\
\.(dial\dial-access|pool)[0-9\-\.]*|\.ppp[0-9\-\.]*|\.slip[0-9\-\.]*)\..*$\N}{1}{0}}
log_message = Blocked by ACL (cable/dsl/modem) (1)
message = No cable/dsl/modem users, use your ISP smtp server instead\n\
Please contact postmaster\@ with any questions
#---------------------------------------------------------------------
deny condition = ${if match{$sender_host_name}{\N^[0-9\-\.]{3, }[a-z\-\.].*?(\.cable|\.w?dsl|\.\w?dsl-dhcp|\.(dialup|dial-up)[0-9\-\.]*|\.dyn[0-9\-\.]*|\
\.(dial\dial-access)[0-9\-\.]*|\.ppp[0-9\-\.]*|\.slip[0-9\-\.]*)\..*$\N}{1}{0}}
log_message = Blocked by ACL (cable/dsl/modem) (2)
message = No cable/dsl/modem users, use your ISP smtp server instead\n\
Please contact postmaster\@ with any questions
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Reject mail from AT&T xDSL clients
#---------------------------------------------------------------------
deny condition = ${if match{$sender_host_name}{\N^[0-9a-z\-]{3, }(\.[a-z]{2,4})?\.client\d*\.attbi\.com$\N}{1}{0}}
log_message = Blocked by ACL (AT&T xDSL client)
message = No cable/dsl/modem users, use your ISP smtp server instead\n\
Please contact postmaster\@ with any questions
#---------------------------------------------------------------------
# DNSBL ACL part of Exim configuration file.
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://www.spamhaus.org/sbl/
dnslists = sbl.spamhaus.org
#---------------------------------------------------------------------
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://dsbl.org/
dnslists = list.dsbl.org
#---------------------------------------------------------------------
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://spamcop.net/bl.shtml
dnslists = bl.spamcop.net
#---------------------------------------------------------------------
#---------------------------------------------------------------------
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://spamcop.net/bl.shtml
dnslists = zen.spamhaus.org
#---------------------------------------------------------------------
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://spamcop.net/bl.shtml
dnslists = dnsbl.ahbl.org
#---------------------------------------------------------------------
deny hosts = !+relay_from_hosts : !localhost : !127.0.0.1
log_message = Host listed in $dnslist_domain
message = 550 Mail from $sender_host_address refused - see http://spamcop.net/bl.shtml
dnslists = dnsbl.njabl.org
warn
set acl_m0 = 20s
warn
hosts = +relay_from_hosts
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address] with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "In this domain there is no such user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "My server does not know the route to this host"
verify = recipient
accept hosts = +relay_from_hosts
deny message = "This is not OpenReley.."
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.cpl|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
accept
acl_check_data:
deny malware = *
message = "In e-mail found VIRUS - $malware_name"
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Scanned: Yes
warn message = X-Spam-Scanner: SpamAssassin running
accept
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}}
mysqluser:
driver = accept
condition = ${if eq{}{${lookup mysql{SELECT `maildir` FROM `mailbox` WHERE `username`='${quote_mysql:$local_part@$domain}'}}}{no}{yes}}
transport = mysql_delivery
begin transports
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup mysql{SELECT CONCAT('/var/mail/exim/', `maildir`) FROM `mailbox` WHERE `username`='${local_part}@${domain}'}}
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$1}' AND `password` = '${quote_mysql:$2}'}{yes}{no}}
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$1}' AND `password` = '${quote_mysql:$2}'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$1}'}{$value}fail}
server_set_id = $1
