Есть сервер (192.168.1.5), проверяющий только на черные списки и передающий всю почту для локальных доменов "разгребающему". По идее он должен отсеять по черным спискам и все что для наших доменов пришло передать другому серверу (192.168.1.1). Но он релеит по-черному:
Код: Выделить всё
From ttt@ttt.ru Thu Sep 15 15:39:08 2011
Return-path: <ttt@ttt.ru>
Received: from [ххх.ххх.ххх.ххх] (port=49598 helo=mydomain.ru)
by mx21.mail.ru with esmtp
id 1R4AHb-00011u-00
for test_for_spam@mail.ru; Thu, 15 Sep 2011 15:39:07 +0400
Received-SPF: none (mx21.mail.ru: domain of ttt@ttt.ru does not provide an SPF record) envelope-from=ttt@ttt.ru;
X-Mru-BL: 0
X-Mru-PTR: mail.mydomain.ru
X-Mru-NR: 1
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: RU
Message-Id: <1316086747.3902639118@mx21.mail.ru>
From: ttt@ttt.ru
Date: Thu Sep 15 15:39:07 2011 (MSK)
Received: from mail.mydomain.local ([192.168.1.5] helo=mail.mydomain.ru)
by mail.mydomain.ru with esmtp (Exim 4.43)
id 1R4AHa-0006vd-Jh
for test_for_spam@mail.ru; Thu, 15 Sep 2011 15:39:06 +0400
Received: from otherdomain.ru ([83.154.13.18])
by mail.mydomain.ru with smtp (Exim 4.43)
id 1R4AHM-00089o-KH
for test_for_spam@mail.ru; Thu, 15 Sep 2011 15:39:07 +0400
Bcc:
X-Spam: Not detected
X-Mras: Ok
Код: Выделить всё
######################################################################
# Runtime configuration file for Exim #
######################################################################
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = mail.mydomain.ru
domainlist local_domains = @:localhost:lsearch;/etc/exim/aliases/domains.local (список локальных доменов)
domainlist relay_to_domains = m1.mydomain.ru:m2.mydomain.ru
hostlist relay_from_hosts = 127.0.0.1:localhost
hostlist trusted_hosts_list = 127.0.0.1:/etc/exim/trusted_hosts (белый список айпишников)
hostlist deny_hosts_list = 127.0.0.1:/etc/exim/deny_hosts (черный список айпишников)
acl_smtp_rcpt = acl_check_rcpt
qualify_domain = mydomain.ru
allow_domain_literals = false
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
local_interfaces = 127.0.0.1 : 192.168.1.5
log_selector = -skip_delivery +received_recipients +delivery_size +queue_time
ignore_bounce_errors_after = 1d
timeout_frozen_after = 2d
message_size_limit = 10M
smtp_accept_max = 800
smtp_accept_max_per_host = \
${lookup{$sender_host_address}nwildlsearch{/etc/exim/max-per-host}}
smtp_accept_queue_per_connection = 30
smtp_accept_reserve = 200
smtp_reserve_hosts = \
${lookup{$sender_host_address}nwildlsearch{/etc/exim/reserve_host}}
system_filter_user = exim
system_filter_group = exim
system_filter_file_transport = address_file
acl_smtp_mail = acl_check_sender
acl_smtp_connect = acl_check_connect
smtp_banner = "Unknown ESMTP Windows"
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_connect:
accept hosts = /etc/exim/no_enforce.list
control = no_enforce_sync
accept
acl_check_sender:
deny
log_message = match host_reject.list
senders = /etc/exim/reject.list
accept
acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = +local_domains
local_parts = ^.*rjnr* : /etc/exim/rejected_to.list
local_parts = match /etc/exim/rejected_to.list
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
deny message = "your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name} \
{adsl|dialup|pool|peer|dhcp} \
{yes}{no}}
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny sender_domains = +deny_hosts
message = You are rejected!
deny sender_domains = +local_domains
!hosts = +relay_from_hosts
!authenticated = *
message = You are not authorized!
deny message = From $sender_host_address sended only viruses or a SPAM. Sorry try send from other server
hosts = +deny_hosts_list
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
!hosts = +trusted_hosts_list
dnslists = zen.spamhaus.org : http.dnsbl.sorbs.net : socks.dnsbl.sorbs.net : smtp.dnsbl.sorbs.net : dul.ru : dul.dnsbl.sorbs.net : dynablock.njabl.org
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
smart_route:
driver = manualroute
transport = remote_smtp
route_list = * 192.168.1.1
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
maildir_format
directory = /home/$local_part/Maildir
create_directory=true
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
... далее все стандартное ...