попробуй вместо 127.0.0.1 указать 127/8
не канает
подсказали на другом форуме
man Mail::SpamAssassin::Conf :
Note: 127/8 is always included in trusted_networks, regardless
of your config.
exim/configure:
Код: Выделить всё
primary_hostname = mail
hide mysql_servers = localhost/exim/.....
domainlist local_domains = ${lookup mysql{SELECT domain FROM domain WHERE domain='${domain}' AND active='1'}}
domainlist relay_to_domains =${lookup mysql{SELECT domain FROM domain WHERE domain='${domain}' AND active='1'}}
hostlist relay_from_hosts = localhost:127.0.0.1/8:192.168.1.0/22
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = 127.0.0.1 783
qualify_domain = mail
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 25m
timeout_frozen_after = 7d
freeze_tell = admin@yyy.xx
helo_accept_junk_hosts = localhost:127.0.0.1/8:192.168.1.0/22
auto_thaw = 30m
split_spool_directory = true
smtp_banner = ""
smtp_accept_max = 50
smtp_accept_max_per_connection = 25
smtp_accept_max_per_host = 10
helo_allow_chars= _
smtp_enforce_sync = false
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts : !xxx.yy
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "main IP in your HELO! Access denied!"
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "can not be only number in HELO!"
deny condition = ${if eq{$sender_address}{}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "б ЛБЛПЗП HELO РХУФПЕ?! оЕ РП RFC..."
deny condition = ${if match{$sender_address}{\N^\s+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "б ЛБЛПЗП HELO РХУФПЕ (ФПЛБ РТПВЕМЩ)?! оЕ РП RFC..."
deny message = "your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name} \
{adsl|dialup|pool|peer|dhcp} \
{yes}{no}}
warn
set acl_m0 = 20s
warn
hosts = +relay_from_hosts:127.0.0.1/8:192.168.1.0/22
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
# deny message = "you in blacklist - $dnslist_domain \n $dnslist_text"
# dnslists = opm.blitzed.org : \
# cbl.abuseat.org : \
# bl.csma.biz : \
# dynablock.njabl.org
accept hosts = +relay_from_hosts
deny message = "Rumambaharumambarum!"
acl_check_data:
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option above.
#
deny malware = *
message = "Found virus - $malware_name"
#hosts = !192.168.1.0/22
warn spam = spamd
#hosts = !192.168.1.0/22
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int
deny message = "We don't need your spam"
#hosts = !192.168.1.0/22
condition = ${if>{$spam_score_int}{69}{1}{0}}
# Accept the message.
accept
begin routers
#dnslookup:
# driver = dnslookup
# domains = ! +local_domains
# transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.1.0/22
# no_more
send_to_gateway:
driver = manualroute
domains = !+local_domains
transport = remote_smtp
route_list = * mail.bbb.yy
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}}
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM `alias` WHERE `address`='${quote_mysql:$local_part@$domain}' OR `address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.
dovecot_delivery:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnull
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# WARNING: If you do not have any retry rules at all (this section of the
# configuration is non-existent or empty), Exim will not do any retries of
# messages that fail to get delivered at the first attempt. The effect will
# be to treat temporary errors as permanent. Therefore, DO NOT remove this
# retry rule unless you really don't want any retries.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
# PLAIN and LOGIN are enough to support most MUA software.
#
# These authenticators are not complete: you need to change the
# server_condition settings to specify how passwords are verified.
# They are set up to offer authentication to the client only if the
# connection is encrypted with TLS, so you also need to add support
# for TLS. See the global configuration options section at the start
# of this file for more about TLS.
#
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth2}' AND `password` = '${quote_mysql:$auth3}'}{yes}{no}}
server_prompts = :
server_set_id = $auth2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT `username` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth1}' AND `password` = '${quote_mysql:$auth2}'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $auth1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $auth2
#PLAIN:
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
#LOGIN:
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
######################################################################
# CONFIGURATION FOR local_scan() #
######################################################################
# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.
# begin local_scan
# End of Exim configuration file
local.cf
Код: Выделить всё
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails
rewrite_header Subject SPAM
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
trusted_networks 192.168.1.0/22
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
# use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
use_razor2 0
cat /var/log/maillog | grep spam :
Код: Выделить всё
Feb 16 10:12:56 inet-serv spamd[966]: spamd: connection from localhost [127.0.0.1] at port 58158
Feb 16 10:12:56 inet-serv spamd[966]: spamd: setuid to spamd succeeded
Feb 16 10:12:56 inet-serv spamd[966]: spamd: checking message (unknown) for spamd:58
Feb 16 10:12:56 inet-serv spamd[966]: spamd: clean message (0.8/5.0) for spamd:58 in 0.4 seconds, 2176 bytes.
Feb 16 10:12:56 inet-serv spamd[966]: spamd: result: . 0 - ALL_TRUSTED,AWL,FH_FROMEML_NOTLD,MISSING_DATE,MISSING_MID scantime=0.4,size=2176,user=spamd,uid=58,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=58158,mid=(unknown),autolearn=no
Feb 16 10:12:58 inet-serv spamd[966]: spamd: connection from localhost [127.0.0.1] at port 49487
Feb 16 10:12:58 inet-serv spamd[966]: spamd: setuid to spamd succeeded
Feb 16 10:13:07 inet-serv spamd[966]: spamd: checking message <005901c9900d$f64a5150$0701a8c0@GIGI> for spamd:58
Feb 16 10:13:16 inet-serv spamd[966]: spamd: clean message (2.4/5.0) for spamd:58 in 18.0 seconds, 10055725 bytes.
Feb 16 10:13:16 inet-serv spamd[966]: spamd: result: . 2 - ALL_TRUSTED,AWL,HTML_MESSAGE,MIME_HTML_MOSTLY,MISSING_SUBJECT,TVD_SPACE_RATIO scantime=18.0,size=10055725,user=spamd,uid=58,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49487,mid=<005901c9900d$f64a5150$0701a8c0@GIGI>,autolearn=no
cat /var/log/exim/mainlog :
Код: Выделить всё
2009-02-16 10:13:16 1LZ0Sd-0000Vh-Fk <= admin@xxxxx.xx H=(GIGI) [192.168.1.7] I=[192.168.1.1]:25 P=smtp S=10055644 id=005901c9900d$f64a5150$0701a8c0@GIGI from <admin@xxxxx.xx> for yyyy@xx.xx
...
# интересная строчка... раньше не обращал внимания rrrr.net - мой провайдер, через которого отправляю письма
2009-02-16 10:13:19 no IP address found for host localhost.rrrr.net (during SMTP connection from (inet-serv) [127.0.0.1] I=[127.0.0.1]:25)
Лучше выпить водки литр, чем не выпить водки литр...
