EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты
Модератор: xM
Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
-
digital_punk
- мл. сержант
- Сообщения: 143
- Зарегистрирован: 2010-07-02 11:40:24
Непрочитанное сообщение
digital_punk » 2013-10-02 16:34:56
Система: FreeBSD-8.2
Spamassassin 3.3.2
Exim 4.80.1
Собственно проблема - никакой реакции со стороны spamassassina. То есть он обучен, вроде бы все ок. Но когда приходит явный спам - он не помечает его как таковой.Конфиг ассасина прилагается:
Код: Выделить всё
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****
add_header all Score _STARS(*)_
add_header all Status _YESNO_ score=_SCORE_
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
trusted_networks 192.168.105.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
use_bayes_rules 1
bayes_file_mode 0777
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
use_dcc 1
bayes_min_spam_num 200
bayes_min_ham_num 200
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
whitelist_from *@diwaeve.com
whitelist_from *@ab-com.nl
whitelist_from *@elsi.com.ua
whitelist_from *@rozetka.com.ua
blacklist_from *@seomaster.kiev.ua
blacklist_from *@delivery-city.com
ok_locales ru en
ok_languages ru en
report_charset windows-1251
#lang ru
#score NAME_OF_TEST 3.0
score MIME_HTML_ONLY 2.0
#score HTML_FONTCOLOR_RED 2.0
#score FROM_ILLEGAL_CHARS 1.5
#score HEAD_ILLEGAL_CHARS 1.5
#score SUBJ_FULL_OF_8BITS 0.0
#score HEADER_8BITS 0.0
#score HTML_COMMENT_8BITS 0.01
score TO_NO_USER 0.01
score FORGED_MUA_OUTLOOK 0.5
score X_AUTH_WARNING 0.01
score SUBJ_HAS_UNIQ_ID 9.99
score HTTP_USERNAME_USED 9.99
score FORGED_YAHOO_RCVD 9.99
score FORGED_JUNO_RCVD 16
score UNWANTED_LANGUAGE_BODY 1.02
score MLM 5.55
score RCVD_NUMERIC_HELO 4.95
score BAYES_00 0.0001 0.0001 -6.0 -6.0
score BAYES_05 0.0001 0.0001 -3.0 -3.0
score BAYES_20 0.0001 0.0001 -1.0 -1.0
score BAYES_50 0.0001 0.0001 1.6 1.6
score BAYES_60 0.0001 0.0001 2.0 2.0
score BAYES_80 0.0001 0.0001 4.0 4.0
score BAYES_95 0.0001 0.0001 6.5 6.5
score BAYES_99 0.0001 0.0001 10.0 10.0
score RDNS_NONE 0.0001 0.0001 3.0 3.0
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
В чем я не прав?
У Шамана три руки!!!
digital_punk
-
Хостинг HostFood.ru
-
Хостинг HostFood.ru
Тарифы на хостинг в России, от 12 рублей:
https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.:
https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах:
https://www.host-food.ru/domains/
-
ChihPih
- ст. прапорщик
- Сообщения: 568
- Зарегистрирован: 2009-09-04 12:23:30
- Откуда: Где-то в России...
-
Контактная информация:
Непрочитанное сообщение
ChihPih » 2013-10-03 14:59:14
А конфиг exim,а где?
ChihPih
-
digital_punk
- мл. сержант
- Сообщения: 143
- Зарегистрирован: 2010-07-02 11:40:24
Непрочитанное сообщение
digital_punk » 2013-10-04 15:07:48
Код: Выделить всё
MY_IP = 333.444.222.111
primary_hostname = example.com
smtp_banner = "mail.example.com"
daemon_smtp_ports = 25 : 2525
hide mysql_servers = localhost/vexim/vexim/ffggff
VIRTUAL_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'local' AND enabled = '1' AND domain = '${quote_mysql:$domain}'
RELAY_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay' AND domain = '${quote_mysql:$domain}'
ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'
system_filter = /usr/local/etc/exim/system_filter.conf
HELOREJECTRCPT1=/usr/local/etc/exim/helorejectrcpt
domainlist local_domains = ${lookup mysql{VIRTUAL_DOMAINS}} : ${lookup mysql{ALIAS_DOMAINS}}
#domainlist relay_to_domains = :
domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}}
hostlist relay_from_hosts = 127.0.0.0/8 : 192.168.105.2 : 192.168.105.3 : 192.168.105.4
qualify_domain = example.com
hostlist whiteip = /usr/local/etc/exim/whitehost
trusted_users = www:clamav
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_content
acl_smtp_helo = acl_check_helo
acl_smtp_connect = acl_4_denyhosts
av_scanner = clamd:127.0.0.1 3310
spamd_address = 127.0.0.1 783
exim_user = mailnull
exim_group = mail
never_users = root
host_lookup = *
#rfc1413_hosts = *
rfc1413_query_timeout = 0s
smtp_accept_max = 1000
smtp_receive_timeout = 10m
remote_max_parallel = 300
return_size_limit = 70k
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
log_file_path = /var/log/exim/%s.log
message_size_limit = 64M
smtp_enforce_sync = true
# log section;
log_selector = \
+all_parents \
+connection_reject \
+delay_delivery \
+delivery_size \
+deliver_time \
+queue_time \
+dnslist_defer \
+incoming_interface \
-incoming_port \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+retry_defer \
+sender_on_delivery \
+size_reject \
+skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_protocol_error \
+smtp_syntax_error \
-subject \
-queue_run
# acl section;
begin acl
# .include /usr/local/etc/exim/vexim-acl-check-spf.conf
#greylist_acl:
# .include /usr/local/etc/exim/greylists-acl-check.conf
acl_check_helo:
.include /usr/local/etc/exim/vexim-acl-check-helo.conf
acl_4_denyhosts:
accept hosts = :
drop hosts = /usr/local/etc/exim/ip.txt
message = "Connect not allowed, your ip: $sender_host_address in my spam-list\n"
accept
acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^.*[@%!+/|] : ^\\.
message = "Use legal symbols in address!"
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = "Use legal symbols in address!"
# deny message = "Address ($sender_address) does not match with authenticated data ($authenticated_id). Check your email program settings."
# authenticated = *
# condition = ${if !eq{$authenticated_id}{$sender_address} {yes}{no}}
# deny hosts = !+relay_from_hosts
# domains = +local_domains
# condition = ${if or{ {eq{$sender_address}{$local_part@$domain}}}}
# log_message = The same local addresses or domain in MAIL FROM and RCPT TO from nonlocal relay
# message = Access denied
accept authenticated = *
verify = recipient
deny !hosts = +relay_from_hosts:+whiteip
message = "Your hostname is bad (adsl, poll, ppp & etc). Use SMTP your providers."
condition = ${if match{$sender_host_name}{dsl|adsl|ppp|pool|peer|dhcp|user|dynamic|cable}{yes}{no}}
.include /usr/local/etc/exim/vexim-acl-check-rcpt.conf
accept local_parts = postmaster
domains = +local_domains
# require verify = sender
accept domains = +local_domains
endpass
message = Not user in this domain!
verify = recipient
accept domains = +relay_to_domains
endpass
message = Unroutable address!
verify = recipient
accept hosts = +relay_from_hosts
deny message = Relay not permitted!
acl_check_content:
.include /usr/local/etc/exim/vexim-acl-check-content.conf
accept
begin routers
#smart_route:
# driver = manualroute
# domains = !+local_domains : !+relay_to_domains
# transport = remote_smtp
# route_list = * email.com.ua
# no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
# headers_remove = received
ditch_maxmsgsize:
driver = redirect
allow_fail
condition = ${if >{$message_size}{${lookup mysql{select users.maxmsgsize from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.maxmsgsize > 0 \
and users.domain_id=domains.domain_id }{${value}K}fail}} {yes}{no}}
data = :fail:\n\Your message is too big.\n \
Your message was rejected because the user $local_part@$domain\n \
does not accept messages larger than \
${lookup mysql{select users.maxmsgsize from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.maxmsgsize > 0 \
and users.domain_id=domains.domain_id}{${value}K}fail} Kb.
#local_part_suffix = -*
local_part_suffix_optional
retry_use_local_part
ditch_malware:
driver = redirect
allow_fail
data = :blackhole:
condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
{eq {${lookup mysql{select users.on_avscan from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_avscan = '1' \
and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
ditch_spam:
driver = redirect
allow_fail
data = :blackhole:
condition = ${if >{$spam_score_int}{${lookup mysql{select users.sa_refuse * 10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = '1' \
and users.domain_id=domains.domain_id \
and users.sa_refuse > 0 }{$value}fail}} {yes}{no}}
local_part_suffix = -*
local_part_suffix_optional
retry_use_local_part
#redire_spam:
# driver = redirect
# condition = ${if >{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
# where localpart = 'support' \
# and domain = '${quote_mysql:$domain}'}{$value}fail}}{yes}{no}}
# data = spam@lip.net.ua
virtual_vacation:
driver = accept
condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk|list}} \
{eq {${lookup mysql{select users.on_vacation from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_vacation = '1' \
and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
no_verify
no_expn
unseen
transport = virtual_vacation_delivery
virtual_forward:
driver = redirect
check_ancestor
unseen = ${if eq {${lookup mysql{select unseen from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_forward = '1' \
and users.domain_id=domains.domain_id}}}{1} {yes}{no}}
data = ${lookup mysql{select forward from users,domains \
where localpart='${quote_mysql:$local_part}' \
and domain='${quote_mysql:$domain}' \
and users.domain_id=domains.domain_id \
and on_forward = '1'}}
condition = ${if and { {!match {$h_precedence:}{(?i)junk}} \
{eq {${lookup mysql{select users.on_forward from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_forward = '1' \
and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
virtual_domains:
driver = redirect
allow_fail
data = ${lookup mysql{select smtp from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and domains.enabled = '1' \
and users.enabled = '1' \
and users.domain_id = domains.domain_id}}
headers_add = ${if >{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = '1' \
and users.domain_id=domains.domain_id }{$value}fail}} {X-Spam-Flag: YES\n}{} }
headers_remove = ${if or { { <{$spam_score_int}{1} } \
{ <{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = 1 \
and users.domain_id=domains.domain_id}{$value}fail}} } \
{ eq {0}{${lookup mysql{select users.sa_tag * 10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = 0 \
and users.domain_id=domains.domain_id}{$value}fail}}} \
} {X-Spam-Score:X-Spam-Report} }
# local_part_suffix = -*
local_part_suffix_optional
retry_use_local_part
file_transport = virtual_delivery
reply_transport = address_reply
pipe_transport = address_pipe
.include /usr/local/etc/exim/vexim-group-router.conf
virtual_domains_catchall:
driver = redirect
allow_fail
data = ${lookup mysql{select smtp from users,domains where localpart = '*' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
retry_use_local_part
file_transport = virtual_delivery
reply_transport = address_reply
pipe_transport = address_pipe_catchall
virtual_domain_alias:
driver = redirect
allow_fail
data = ${lookup mysql{select concat('${quote_mysql:$local_part}@', domain) \
from domains,domainalias where domainalias.alias = '${quote_mysql:$domain}' \
and domainalias.domain_id = domains.domain_id}}
retry_use_local_part
begin transports
remote_smtp:
driver = smtp
virtual_delivery:
driver = appendfile
envelope_to_add
return_path_add
mode = 0660
directory_mode = 0770
maildir_format = true
create_directory = true
directory = ${lookup mysql{select smtp from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
user = ${lookup mysql{select users.uid from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
group = ${lookup mysql{select users.gid from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}}
quota = ${lookup mysql{select users.quota from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.domain_id = domains.domain_id}{${value}M}}
quota_is_inclusive = false
quota_warn_threshold = 75%
maildir_use_size_file = false
quota_warn_message = "To: $local_part@$domain\n\
Subject: Mailbox quota warning\n\n\
This message was automatically generated by the mail delivery software.\n\n\
You are now using over 75% of your allocated mail storage quota.\n\n\
If your mailbox fills completely, further incoming messages will be automatically\n\
returned to their senders.\n\n\
Please take note of this and remove unwanted mail from your mailbox.\n"
virtual_vacation_delivery:
driver = autoreply
from = "${local_part}@${domain}"
to = ${sender_address}
once = /var/spool/exim/vacation/$local_part.db
once_repeat = 7d
subject = "Autoreply from ${local_part}@${domain}"
text = ${lookup mysql{select vacation from users,domains \
where domain='${quote_mysql:$domain}' \
and localpart='${quote_mysql:$local_part}' \
and users.domain_id=domains.domain_id}}
address_pipe:
driver = pipe
return_output
user = ${lookup mysql{select users.uid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
group = ${lookup mysql{select users.gid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
address_pipe_catchall:
driver = pipe
return_output
user = ${lookup mysql{select users.uid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
group = ${lookup mysql{select users.gid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
address_pipe_local:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,5m; G,16h,1h,1.5; F,14d,6h
begin rewrite
begin authenticators
plain_login:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT '1' FROM users \
WHERE username = '${quote_mysql:$2}' \
AND clear = '${quote_mysql:$3}'} {yes}{no}}
server_prompts = ":"
server_set_id = $2
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{SELECT '1' FROM users \
WHERE username = '${quote_mysql:$1}' \
AND clear = '${quote_mysql:$2}'} {yes}{no}}
server_set_id = $1
fixed_cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT clear FROM users \
WHERE username = '${quote_mysql:$1}'}{$value}fail}
server_set_id = $1
У Шамана три руки!!!
digital_punk
-
ChihPih
- ст. прапорщик
- Сообщения: 568
- Зарегистрирован: 2009-09-04 12:23:30
- Откуда: Где-то в России...
-
Контактная информация:
Непрочитанное сообщение
ChihPih » 2013-10-04 16:20:57
отлаживать пробуйте через
exim -bhc
ChihPih
-
xM
- ст. лейтенант
- Сообщения: 1316
- Зарегистрирован: 2009-01-15 23:57:41
- Откуда: Königsberg
-
Контактная информация:
Непрочитанное сообщение
xM » 2013-12-02 13:14:36
В вашем конфиг Exim я не увидел правила с вызовом spamd.
xM
-
xM
- ст. лейтенант
- Сообщения: 1316
- Зарегистрирован: 2009-01-15 23:57:41
- Откуда: Königsberg
-
Контактная информация:
Непрочитанное сообщение
xM » 2013-12-02 14:09:44
digital_punk писал(а):Дело в том, что он подключается в другом месте через include
Я так и подумал.
xM