Последовательность проверки наличия юзвера

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
limit
рядовой
Сообщения: 23
Зарегистрирован: 2007-08-15 11:44:00

Последовательность проверки наличия юзвера

Непрочитанное сообщение limit » 2007-08-27 15:31:12

Уважаемый Алл, подскажите, как научить ексим сначала смотреть домен, для которого пришла почта если есть то, потом проверять юзвера и лишь, потом проверять на всё остальное. Потому как письма в режиме frozen достали.

Заранее благодарю, за ответ.

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2460 рублей (8 CPU, 8Gb RAM, 2x500Gb HDD, RAID 3ware 9750):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35069
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение Alex Keda » 2007-08-27 15:45:30

конфиг?
Убей их всех! Бог потом рассортирует...

limit
рядовой
Сообщения: 23
Зарегистрирован: 2007-08-15 11:44:00

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение limit » 2007-08-27 15:52:55

lissyara писал(а):конфиг?

Код: Выделить всё

acl_check_rcpt:
  accept  hosts = :
  deny    message       = "incorrect symbol in address"
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    message       = "incorrect symbol in address"
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny    message       = "HELO/EHLO require by SMTP RFC"
          condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

  deny    message       = "Your IP in HELO - access denied!"
          hosts         =  * : !+relay_from_hosts
          condition     = ${if eq{$sender_helo_name}{$sender_host_address}{true}{false}}

  deny    condition     = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "Main IP in your HELO! Access denied!"

  deny    condition     = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "Can not be only number in HELO!"

    deny    condition     = ${if eq{$sender_address}{}{yes}{no}}
            hosts         = !127.0.0.1 : !localhost : *
            message       = "А какого HELO пустое?! Не по RFC..."

    deny    condition     = ${if match{$sender_address}{\N^\s+$\N}{yes}{no}}
            hosts         = !127.0.0.1 : !localhost : *
            message       = "А какого HELO пустое (тока пробелы)?! Не по RFC..."

    deny    condition     = ${if eq{$sender_address}{}{yes}{no}}
            hosts         = !127.0.0.1 : !localhost : *
            message       = "Where sender of this mail?!"

  deny        message    = Unknow User
              domains = +local_domains
              local_parts = root : clamav : uucp
              !hosts = 127.0.0.1/8

  accept  domains       = +relay_to_domains
          endpass
          message       = "Main server not know how relay to this address"
          verify        = recipient/callout=20s,defer_ok

  deny    message       = "Unknown user"
          senders       = : verify@*

  accept  domains       = +local_domains
          hosts         = !192.168.0.0/16
          endpass
          message       = unknown user
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          message       = "Main server not know how relay to this address"
          verify        = recipient

  accept  hosts         = +relay_from_hosts
 deny    message       = "Your hostname is bad (adsl, poll, ppp & etc)."
            condition     = ${if match{$sender_host_name} \
                               {adsl|dialup|pool|peer|dhcp} \
                               {yes}{no}}

 deny    message       = Your IP adress in blacklist - $dnslist_domain \n $dnslist_text
          dnslists      = opm.blitzed.org : \
                          cbl.abuseat.org : \
                          bl.csma.biz : \
                          dynablock.njabl.org : \
                          blackholes.mail-abuse.org: \
                          dialups.mail-abuse.org: \
                          relays.mail-abuse.org: \
                          work.drbl.caravan.ru: \
                          dul.ru: \
                          sbl.spamhaus.org

  warn
        set acl_m0 = 30s
  warn
        hosts = +relay_from_hosts:192.168.0.0/16:193.110.106.218/32
        set acl_m0 = 0s
  warn
        logwrite = Delay $acl_m0 for $sender_host_name \
        [$sender_host_address] with HELO=$sender_helo_name. Mail \
        from $sender_address to $local_part@$domain.
        delay = $acl_m0

  accept  authenticated = *
  deny    message       = "Relay not permit!"

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35069
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение Alex Keda » 2007-08-27 16:28:51

это не весь
Убей их всех! Бог потом рассортирует...

limit
рядовой
Сообщения: 23
Зарегистрирован: 2007-08-15 11:44:00

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение limit » 2007-08-27 16:36:13

Код: Выделить всё

acl_check_data:
  deny    senders       = :
          message       = A valid sender header is required for bounces
          !verify       = header_sender
  deny    message       = Syntax error in Sender, From, Reply-To, To, Cc, or Bcc header
          !verify       = header_syntax
  deny    message       = Go Away! Eat Your Spam Self!
          condition     = ${if match{$message_body} {105[-_]*51[-_]*86|778[-_]*98[-_]*94} {yes}{no}}
  deny    message       = This message contains a MIME error ($demime_reason)
          demime        = *
          condition     = ${if >{$demime_errorlevel}{2}{1}{0}}
  deny    message       = Hiding of file extensions is not allowed!
          log_message   = Dangerous extension (CLSID hidden)
          regex         = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
  deny    message       = Error: this message matches a blacklisted regular expression ($regex_match_string)
          regex         = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]
        deny malware = *
        hosts = *
        message = "In e-mail found VIRUS - $malware_name"
        warn spam = spamd
        add_header = X-Spam_score: $spam_score\n\
                      X-Spam_score_int: $spam_score_int\n\
                      X-Spam_bar: $spam_bar\n\
                      X-Spam_report: $spam_report
        warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = nobody:true
        warn message = X-Spam-Scanned: Yes
        warn message = X-Spam-Scanner: SpamAssassin running on burka.kiev.ua
accept
acl_check_mime:
warn decode = default
deny   message = Blacklisted file extension detected
        condition       = ${if match {${lc:$mime_filename}}{\N(\.wav|\.cpl|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}}
 deny   message = Sorry, noone speaks chinese here
        condition       = ${if eq{$mime_charset}{gb2312}{1}{0}}
 accept

begin routers
always_verify:
  driver = manualroute
  domains = !local_domains
  verify_sender
  verify_only
  route_list = *

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = +bogusips
  same_domain_copy_routing = yes
  transport = remote_smtp
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup mysql{SELECT recipients FROM aliases \
                WHERE local_part='${local_part}' AND domain='${domain}'}}

userforward:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup mysql{SELECT recipients FROM userforward \
                WHERE local_part='${local_part}' AND domain='${domain}'}}
mysqluser:
  driver = accept
  condition = ${if eq{} {${lookup mysql{SELECT home FROM users \
                WHERE id='${local_part}' AND mbox_host='${domain}'\
                AND active='Y'}}}{no}{yes}}
  local_part_suffix = +*
  local_part_suffix_optional
  transport = mysql_delivery

begin transports

remote_smtp:
  driver = smtp

mysql_delivery:
  driver = appendfile
  maildir_format
  create_directory
  maildir_tag = ,S=$message_size
  directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users \
                WHERE id='${local_part}' AND mbox_host='${domain}'}}
  return_path_add
  delivery_date_add
  envelope_to_add
  check_string = ""
  directory_mode = 770
  user = vmail
  group = mail
  message_prefix = ""
  message_suffix = ""
  mode = 0600
  no_mode_fail_narrower
  headers_remove = "Lines"
  headers_add = "Lines: $body_linecount\n"
  quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
  quota_size_regex = S=(\d+)$
  quota_warn_message = "\
        To: $local_part@domain\n\
        From: postmaster@domain\n\
        Subject: Your maildir is going full\n\
        This message is automaticaly gnerated by your mail server.\n\
        This means, that your mailbox is 75% full. If you would \n\
        override this limit new mail would not be delivered to you!\n"
  quota_warn_threshold = 75%

address_pipe:
  driver = pipe
  log_defer_output
  log_fail_output
  return_output
  user = vmail
  group = mail
  headers_remove = "Lines"
 headers_add = "Lines: $body_linecount\n"

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  user = vmail
  group = mail

address_reply:
  driver = autoreply

begin retry
*                      quota
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if crypteq{$3} {${lookup mysql{SELECT crypt FROM users \
        WHERE id = '${quote_mysql:${local_part:$2}}' \
        AND mbox_host = '${quote_mysql:${domain:$2}}' \
        AND passwd = '${quote_mysql:$3}' \
        AND active = 'Y'}{$value}{*}}}{yes}{no}}
  server_prompts = :
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_condition = ${if crypteq{$2} {${lookup mysql{SELECT crypt FROM users \
        WHERE id = '${quote_mysql:${local_part:$1}}' \
        AND mbox_host = '${quote_mysql:${domain:$1}}' \
        AND passwd = '${quote_mysql:$2}' \
        AND active = 'Y'}{$value}{*}}}{yes}{no}}
  server_prompts = Username:: : Password::
server_set_id = $1

auth_cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  server_secret = ${lookup mysql{SELECT passwd FROM users \
                        WHERE id = '${quote_mysql:${local_part:$1}}' \
                        AND mbox_host = '${quote_mysql:${domain:$1}}' \
                        AND active = 'Y'}{$value}fail}
server_set_id = $1

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35069
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение Alex Keda » 2007-08-27 16:43:57

ЭТО НЕ ВЕСЬ КОНФИГ
Убей их всех! Бог потом рассортирует...

limit
рядовой
Сообщения: 23
Зарегистрирован: 2007-08-15 11:44:00

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение limit » 2007-08-27 16:56:28

Код: Выделить всё

primary_hostname = XXXX.kiev.ua
hide mysql_servers = localhost/exim/exim/exim
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \
                                WHERE domain='${domain}' AND \
                                (type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
                                WHERE domain='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1/8
daemon_smtp_ports = 25 : 465
hostlist rfc1918 = RFC1918
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
qualify_domain = XXXX.kiev.ua
qualify_recipient = XXXX.kiev.ua
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = daemon:root:bin:bind
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 3d
freeze_tell = postmaster
helo_accept_junk_hosts = 192.168.0.0/16
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 500
smtp_accept_max_per_connection = 50
smtp_connect_backlog = 300
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 100k
message_size_limit = 10M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector =  \
        +address_rewrite \
        +all_parents \
        +arguments \
        +connection_reject \
        +delay_delivery \
        +delivery_size \
        +dnslist_defer \
        +incoming_interface \
        +incoming_port \
        +lost_incoming_connection \
        +queue_run \
        +received_sender \
        +received_recipients \
        +retry_defer \
        +sender_on_delivery \
        +size_reject \
        +skip_delivery \
        +smtp_confirmation \
        +smtp_connection \
        +smtp_protocol_error \
        +smtp_syntax_error \
        +subject \
        +tls_cipher \
        +tls_peerdn
syslog_timestamp = no
log_file_path=/var/log/exim/exim-%s-%D.log
trusted_users = mailnull
received_header_text = "Received: \
                 ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
                 {${if def:sender_ident {from ${sender_ident} }}\
                 ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}} by ${primary_hostname} \
                 ${if def:received_protocol {with ${received_protocol}}} \
                 ${if def:tls_cipher {\n\t(Cipher ${tls_cipher}) }}\
                 ${if def:tls_peerdn {(PeerDN ${tls_peerdn}) }}\
                 (Exim ${version_number} #${compile_number})\n\t\
                 id ${message_id}\
                 ${if def:authenticated_id { by authid <$authenticated_id>}}\
                 ${if def:sender_host_authenticated { with $sender_host_authenticated}}\
                 ${if def:received_for {\n\tfor <$received_for>}}"
tls_certificate = /usr/local/ssl/mail.pem
tls_privatekey = /usr/local/ssl/mail.pem
tls_advertise_hosts = *
tls_verify_certificates = *
tls_on_connect_ports = 465
Это точно весь.

cat /var/log/exim.log

Код: Выделить всё

2007-08-27 02:20:34 1IPTEq-000Ose-4x ** ljshlgjvylfd@rrginc.net F=<> R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<ljshlgjv
ylfd@rrginc.net>: host rrginc.net [204.202.11.192]: 553 5.3.0 <ljshlgjvylfd@rrginc.net>... User unknown
2007-08-27 02:20:34 1IPTEq-000Ose-4x ljshlgjvylfd@rrginc.net: error ignored
2007-08-27 02:20:34 1IPTEq-000Ose-4x Completed
2007-08-27 02:20:34 1IOKPc-000BLu-OF == incinerators@conferencemasters.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:34 1IPU0c-000P1x-Ff Message is frozen
2007-08-27 02:20:34 1IPR5a-000OX2-Ap == sales@kghastaloswebos.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:34 1IPEYa-000M8i-0b == lecarqj@fuckdaddy.com <Lecarqj@fuckdaddy.com> R=dnslookup T=remote_smtp defer (-53): retry time not reached for an
y host
2007-08-27 02:20:41 1IOaCp-000EFx-U2 == infoeuromillionn@aim.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:41 1IPTxV-000P1p-P2 Message is frozen
2007-08-27 02:20:41 1IPLsV-000Nci-Q0 == hateleysgjzu@ofrate.infonegocio.com <Hateleysgjzu@ofrate.infonegocio.com> routing defer (-51): retry time not reac
hed
2007-08-27 02:20:41 1IP0nV-000JGA-Bi == yurika641@trenshow.net <Yurika641@trenshow.net> routing defer (-51): retry time not reached
2007-08-27 02:20:43 1IOSsN-000Cp4-DY == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:43 1IOSsk-000CpT-R9 == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:44 1IOSsx-000CpY-Ci == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:21:59 1IPTFx-000Osz-Aj rrinformatica.info [64.74.223.6] Operation timed out
2007-08-27 02:21:59 1IPTFx-000Osz-Aj == xbpnrcyw@rrinformatica.info R=dnslookup T=remote_smtp defer (60): Operation timed out
2007-08-27 02:21:59 1IPTFK-000Osn-9l Unfrozen by errmsg timer

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35069
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение Alex Keda » 2007-08-27 17:05:04

Код: Выделить всё

acl_check_data:
в конце этой acl добавь проверку домена. перед accept
Убей их всех! Бог потом рассортирует...

limit
рядовой
Сообщения: 23
Зарегистрирован: 2007-08-15 11:44:00

Re: Последовательность проверки наличия юзвера

Непрочитанное сообщение limit » 2007-08-27 17:09:55

lissyara писал(а):

Код: Выделить всё

acl_check_data:
в конце этой acl добавь проверку домена. перед accept
А конкретней, можно пример?