Последовательность проверки наличия юзвера
Модератор: xM
Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
-
- рядовой
- Сообщения: 23
- Зарегистрирован: 2007-08-15 11:44:00
Последовательность проверки наличия юзвера
Уважаемый Алл, подскажите, как научить ексим сначала смотреть домен, для которого пришла почта если есть то, потом проверять юзвера и лишь, потом проверять на всё остальное. Потому как письма в режиме frozen достали.
Заранее благодарю, за ответ.
Заранее благодарю, за ответ.
Услуги хостинговой компании Host-Food.ru
Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/
- Alex Keda
- стреляли...
- Сообщения: 35456
- Зарегистрирован: 2004-10-18 14:25:19
- Откуда: Made in USSR
- Контактная информация:
-
- рядовой
- Сообщения: 23
- Зарегистрирован: 2007-08-15 11:44:00
Re: Последовательность проверки наличия юзвера
lissyara писал(а):конфиг?
Код: Выделить всё
acl_check_rcpt:
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts
condition = ${if eq{$sender_helo_name}{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Main IP in your HELO! Access denied!"
deny condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Can not be only number in HELO!"
deny condition = ${if eq{$sender_address}{}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "А какого HELO пустое?! Не по RFC..."
deny condition = ${if match{$sender_address}{\N^\s+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "А какого HELO пустое (тока пробелы)?! Не по RFC..."
deny condition = ${if eq{$sender_address}{}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Where sender of this mail?!"
deny message = Unknow User
domains = +local_domains
local_parts = root : clamav : uucp
!hosts = 127.0.0.1/8
accept domains = +relay_to_domains
endpass
message = "Main server not know how relay to this address"
verify = recipient/callout=20s,defer_ok
deny message = "Unknown user"
senders = : verify@*
accept domains = +local_domains
hosts = !192.168.0.0/16
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = "Main server not know how relay to this address"
verify = recipient
accept hosts = +relay_from_hosts
deny message = "Your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name} \
{adsl|dialup|pool|peer|dhcp} \
{yes}{no}}
deny message = Your IP adress in blacklist - $dnslist_domain \n $dnslist_text
dnslists = opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org : \
blackholes.mail-abuse.org: \
dialups.mail-abuse.org: \
relays.mail-abuse.org: \
work.drbl.caravan.ru: \
dul.ru: \
sbl.spamhaus.org
warn
set acl_m0 = 30s
warn
hosts = +relay_from_hosts:192.168.0.0/16:193.110.106.218/32
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
accept authenticated = *
deny message = "Relay not permit!"
- Alex Keda
- стреляли...
- Сообщения: 35456
- Зарегистрирован: 2004-10-18 14:25:19
- Откуда: Made in USSR
- Контактная информация:
-
- рядовой
- Сообщения: 23
- Зарегистрирован: 2007-08-15 11:44:00
Re: Последовательность проверки наличия юзвера
Код: Выделить всё
acl_check_data:
deny senders = :
message = A valid sender header is required for bounces
!verify = header_sender
deny message = Syntax error in Sender, From, Reply-To, To, Cc, or Bcc header
!verify = header_syntax
deny message = Go Away! Eat Your Spam Self!
condition = ${if match{$message_body} {105[-_]*51[-_]*86|778[-_]*98[-_]*94} {yes}{no}}
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = Hiding of file extensions is not allowed!
log_message = Dangerous extension (CLSID hidden)
regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
deny message = Error: this message matches a blacklisted regular expression ($regex_match_string)
regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]
deny malware = *
hosts = *
message = "In e-mail found VIRUS - $malware_name"
warn spam = spamd
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Scanned: Yes
warn message = X-Spam-Scanner: SpamAssassin running on burka.kiev.ua
accept
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}}{\N(\.wav|\.cpl|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}}
deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
begin routers
always_verify:
driver = manualroute
domains = !local_domains
verify_sender
verify_only
route_list = *
dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = +bogusips
same_domain_copy_routing = yes
transport = remote_smtp
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}
userforward:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM userforward \
WHERE local_part='${local_part}' AND domain='${domain}'}}
mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT home FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'\
AND active='Y'}}}{no}{yes}}
local_part_suffix = +*
local_part_suffix_optional
transport = mysql_delivery
begin transports
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
maildir_format
create_directory
maildir_tag = ,S=$message_size
directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'}}
return_path_add
delivery_date_add
envelope_to_add
check_string = ""
directory_mode = 770
user = vmail
group = mail
message_prefix = ""
message_suffix = ""
mode = 0600
no_mode_fail_narrower
headers_remove = "Lines"
headers_add = "Lines: $body_linecount\n"
quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
quota_size_regex = S=(\d+)$
quota_warn_message = "\
To: $local_part@domain\n\
From: postmaster@domain\n\
Subject: Your maildir is going full\n\
This message is automaticaly gnerated by your mail server.\n\
This means, that your mailbox is 75% full. If you would \n\
override this limit new mail would not be delivered to you!\n"
quota_warn_threshold = 75%
address_pipe:
driver = pipe
log_defer_output
log_fail_output
return_output
user = vmail
group = mail
headers_remove = "Lines"
headers_add = "Lines: $body_linecount\n"
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
user = vmail
group = mail
address_reply:
driver = autoreply
begin retry
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if crypteq{$3} {${lookup mysql{SELECT crypt FROM users \
WHERE id = '${quote_mysql:${local_part:$2}}' \
AND mbox_host = '${quote_mysql:${domain:$2}}' \
AND passwd = '${quote_mysql:$3}' \
AND active = 'Y'}{$value}{*}}}{yes}{no}}
server_prompts = :
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_condition = ${if crypteq{$2} {${lookup mysql{SELECT crypt FROM users \
WHERE id = '${quote_mysql:${local_part:$1}}' \
AND mbox_host = '${quote_mysql:${domain:$1}}' \
AND passwd = '${quote_mysql:$2}' \
AND active = 'Y'}{$value}{*}}}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT passwd FROM users \
WHERE id = '${quote_mysql:${local_part:$1}}' \
AND mbox_host = '${quote_mysql:${domain:$1}}' \
AND active = 'Y'}{$value}fail}
server_set_id = $1
- Alex Keda
- стреляли...
- Сообщения: 35456
- Зарегистрирован: 2004-10-18 14:25:19
- Откуда: Made in USSR
- Контактная информация:
Re: Последовательность проверки наличия юзвера
ЭТО НЕ ВЕСЬ КОНФИГ
Убей их всех! Бог потом рассортирует...
-
- рядовой
- Сообщения: 23
- Зарегистрирован: 2007-08-15 11:44:00
Re: Последовательность проверки наличия юзвера
Код: Выделить всё
primary_hostname = XXXX.kiev.ua
hide mysql_servers = localhost/exim/exim/exim
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND \
(type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1/8
daemon_smtp_ports = 25 : 465
hostlist rfc1918 = RFC1918
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
qualify_domain = XXXX.kiev.ua
qualify_recipient = XXXX.kiev.ua
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = daemon:root:bin:bind
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 3d
freeze_tell = postmaster
helo_accept_junk_hosts = 192.168.0.0/16
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 500
smtp_accept_max_per_connection = 50
smtp_connect_backlog = 300
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 100k
message_size_limit = 10M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector = \
+address_rewrite \
+all_parents \
+arguments \
+connection_reject \
+delay_delivery \
+delivery_size \
+dnslist_defer \
+incoming_interface \
+incoming_port \
+lost_incoming_connection \
+queue_run \
+received_sender \
+received_recipients \
+retry_defer \
+sender_on_delivery \
+size_reject \
+skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_protocol_error \
+smtp_syntax_error \
+subject \
+tls_cipher \
+tls_peerdn
syslog_timestamp = no
log_file_path=/var/log/exim/exim-%s-%D.log
trusted_users = mailnull
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}} by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
${if def:tls_cipher {\n\t(Cipher ${tls_cipher}) }}\
${if def:tls_peerdn {(PeerDN ${tls_peerdn}) }}\
(Exim ${version_number} #${compile_number})\n\t\
id ${message_id}\
${if def:authenticated_id { by authid <$authenticated_id>}}\
${if def:sender_host_authenticated { with $sender_host_authenticated}}\
${if def:received_for {\n\tfor <$received_for>}}"
tls_certificate = /usr/local/ssl/mail.pem
tls_privatekey = /usr/local/ssl/mail.pem
tls_advertise_hosts = *
tls_verify_certificates = *
tls_on_connect_ports = 465
cat /var/log/exim.log
Код: Выделить всё
2007-08-27 02:20:34 1IPTEq-000Ose-4x ** ljshlgjvylfd@rrginc.net F=<> R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<ljshlgjv
ylfd@rrginc.net>: host rrginc.net [204.202.11.192]: 553 5.3.0 <ljshlgjvylfd@rrginc.net>... User unknown
2007-08-27 02:20:34 1IPTEq-000Ose-4x ljshlgjvylfd@rrginc.net: error ignored
2007-08-27 02:20:34 1IPTEq-000Ose-4x Completed
2007-08-27 02:20:34 1IOKPc-000BLu-OF == incinerators@conferencemasters.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:34 1IPU0c-000P1x-Ff Message is frozen
2007-08-27 02:20:34 1IPR5a-000OX2-Ap == sales@kghastaloswebos.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:34 1IPEYa-000M8i-0b == lecarqj@fuckdaddy.com <Lecarqj@fuckdaddy.com> R=dnslookup T=remote_smtp defer (-53): retry time not reached for an
y host
2007-08-27 02:20:41 1IOaCp-000EFx-U2 == infoeuromillionn@aim.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:41 1IPTxV-000P1p-P2 Message is frozen
2007-08-27 02:20:41 1IPLsV-000Nci-Q0 == hateleysgjzu@ofrate.infonegocio.com <Hateleysgjzu@ofrate.infonegocio.com> routing defer (-51): retry time not reac
hed
2007-08-27 02:20:41 1IP0nV-000JGA-Bi == yurika641@trenshow.net <Yurika641@trenshow.net> routing defer (-51): retry time not reached
2007-08-27 02:20:43 1IOSsN-000Cp4-DY == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:43 1IOSsk-000CpT-R9 == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:20:44 1IOSsx-000CpY-Ci == jrandallzzqn@kaplancollege.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2007-08-27 02:21:59 1IPTFx-000Osz-Aj rrinformatica.info [64.74.223.6] Operation timed out
2007-08-27 02:21:59 1IPTFx-000Osz-Aj == xbpnrcyw@rrinformatica.info R=dnslookup T=remote_smtp defer (60): Operation timed out
2007-08-27 02:21:59 1IPTFK-000Osn-9l Unfrozen by errmsg timer
- Alex Keda
- стреляли...
- Сообщения: 35456
- Зарегистрирован: 2004-10-18 14:25:19
- Откуда: Made in USSR
- Контактная информация:
Re: Последовательность проверки наличия юзвера
Код: Выделить всё
acl_check_data:
Убей их всех! Бог потом рассортирует...
-
- рядовой
- Сообщения: 23
- Зарегистрирован: 2007-08-15 11:44:00
Re: Последовательность проверки наличия юзвера
А конкретней, можно пример?lissyara писал(а):в конце этой acl добавь проверку домена. перед acceptКод: Выделить всё
acl_check_data: