exim+dspam+exchange2000
Добавлено: 2009-01-19 15:30:29
Есть непонятная трабла. Приходит письмо на exim, переправляется в dspam, возвращается exim а дальше на exchange. Иногда в exchange проскакивают очень странные сообщения от пользователя dspam@domain.com.ua (exim берет пользователей с АД а там такого пользователя ы в помине нет).
Системма настроена для одного пользователя dspam. Все сообщения направляются пользователям.
Если есть идеи - выслушаю с удовольствием. Нужна будет дополнительная информация - выложу.
Конфиг exim:
Код: Выделить всё
From - Wed Dec 24 14:04:15 2008
X-Account-Key: account2
X-UIDL: AAg/UtvAAAQtLrs7wy82QukHWnnnLkvt
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from mx2.domain.com.ua ([10.0.5.4]) by mail.domain.com.ua with Microsoft SMTPSVC(5.0.2195.6713);
Wed, 24 Dec 2008 13:54:41 +0200
Received: from dspam by domain.com.ua with local-bsmtp (Exim 4.68)
(envelope-from <dspam@mx2.domain.com.ua>)
id 1LFSLg-0002O1-Km
for komp@domain.com.ua; Wed, 24 Dec 2008 13:56:24 +0200
Received: from [121.23.33.36] (helo=XFXTLSGYP)
by mx2.domain.com.ua with esmtp (Exim 4.68)
(envelope-from <mortgagersmn19@cryptivity.com>)
id 1LFSLd-0002NI-LP; Wed, 24 Dec 2008 13:56:24 +0200
MY_REPORT_RETURN: mortgagersmn19@cryptivity.com
X-FILTER-SPAM: ICF Team Spam Filter on mx2.domain.com.ua, Wed, 24 Dec 2008 13:56:24 +0200
X-SENDER-INFO: UID - 8, GID - 12
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 24 13:56:24 2008
X-DSPAM-Confidence: 0.9755
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4952236891796491211187
X-DSPAM-Factors: 27,
54+36, 0.00766,
com>+Subject, 0.00958,
ua>+Message, 0.01000,
type=original+Content, 0.01000,
transfer+encoding, 0.01000,
type+text/plain, 0.01000,
Content+type, 0.01000,
Wed+24, 0.01000,
24+Dec, 0.01000,
Content+transfer, 0.01000,
Date, 0.02603,
X, 0.02807,
X, 0.02807,
54, 0.02951,
Message, 0.02967,
36, 0.03085,
ua>, 0.03182,
ua>, 0.03182,
Dec+2008, 0.03334,
Subject, 0.03466,
19+54, 0.03716,
0+X, 0.03754,
From, 0.03844,
24, 0.04625,
Dec, 0.04877,
To, 0.04953,
19, 0.05059
Message-Id: <E1LFSLg-0002O1-Km@mx2.domain.com.ua>
From: added by portage for dspam <dspam@mx2.domain.com.ua>
Date: Wed, 24 Dec 2008 13:56:24 +0200
Return-Path: mortgagersmn19@cryptivity.com
Bcc:
X-OriginalArrivalTime: 24 Dec 2008 11:54:41.0882 (UTC) FILETIME=[67F12BA0:01C965BE]
X-EsetId: 4AEF762AF0386B6D55E9767DFA6E2E
MAIL FROM: <sinkholesc38@coat-it.com>
RCPT TO: <alka_chichkova@mail.domain.com.ua>
RCPT TO: <natela@mail.domain.com.ua>
RCPT TO: <ela@mail.domain.com.ua>
RCPT TO: <shishkin@mail.domain.com.ua>
RCPT TO: <dobik@mail.domain.com.ua>
RCPT TO: <dobrik@mail.domain.com.ua>
RCPT TO: <seagull@mail.domain.com.ua>
RCPT TO: <sebgull@mail.domain.com.ua>
RCPT TO: <dana@mail.domain.com.ua>
RCPT TO: <staff@mail.domain.com.ua>
DATA
Date: Wed, 24 Dec 2008 19:54:36 +0800
From: "Tracey Humphrey" <sinkholesc38@coat-it.com>
Subject: =?koi8-r?B?8M/EwdLJ1MUg3NTPIMLMydrLz83VIN7FzM/XxcvV?=
To: <alka_chichkova@mail.domain.com.ua>
Message-ID: <000d01c965be$64b98040$6400a8c0@sinkholesc38>
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
http://tutserial.ru
Если есть идеи - выслушаю с удовольствием. Нужна будет дополнительная информация - выложу.
Конфиг exim:
Код: Выделить всё
primary_hostname = mx2.domain.com.ua
helo_accept_junk_hosts= *
helo_allow_chars = _
smtp_banner= ESMTP $tod_full
message_size_limit = 15M
log_file_path=syslog
smtp_return_error_details
smtp_enforce_sync=false
smtp_accept_max = 1000
smtp_accept_queue_per_connection = 0
queue_only_load = 10
remote_max_parallel = 30
# smtp_reserve_hosts = +local_network
split_spool_directory = true
domainlist local_domains = localhost : mx2.domain.com.ua
domainlist relay_to_domains = mx2.domain.com.ua
hostlist relay_from_hosts = 127.0.0.0/8 : 10.0.6.0/24
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_spam
av_scanner = clamd:10.0.6.6 3310
spamd_address = 10.0.6.6 783
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 20m
timeout_frozen_after = 1h
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = +relay_from_hosts
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny domains = +local_domains
local_parts = staff : &management
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
accept domains = +local_domains
add_header = MY_REPORT_RETURN: $sender_address
endpass
verify = recipient
# Accept if the address is in a domain for which we are relaying, but again,
# only if the recipient can be verified.
# Рубаем нах, тех, кто подставляет свой IP в HELO
deny message = "Не надо пихать свой IP в качестве HELO!"
hosts = *:!+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
# Рубаем тех, кто в HELO пихает мой IP
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Это мой IP-адрес! Пшёл прочь!"
# Рубаем тех, кто в HELO пихает только цифры
# (не бывает хостов ТОЛЬКО из цифр)
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1:!localhost:*
message = "В HELO не могут быть тока цифры!"
accept domains = +relay_to_domains
endpass
message = "Моя сервера не знать маршрут на этот хост..."
verify = recipient
# Рубаем тех, кто в блэк-листах. Серваки перебираются
# сверху вниз, если не хост не найден на первом, то
# запрашивается второй, и т.д. Если не найден ни в одном
# из списка - то почта пропускается.
deny message = "Вы находитесь в "черном" списке - $dnslist_domain --> $dnslist_text"
dnslists = cbl.abuseat.org : \
bl.csma.biz : \
bl.spamcop.net : \
dnsbl.njabl.org : \
china.blackholes.us
# dynablock.njabl.org
accept hosts = +relay_from_hosts
accept authenticated = *
# deny message = relay not permited
deny message = "Свободен. Это тебе не ОпенРелей."
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.cpl)$\N}{1}{0}}
warn
deny message = This text contains the word (viagra)
mime_regex = \N(?i)(\A|\s+)v\s*i\s*a\s*g\s*r\s*a(\Z|\s+)\N
accept
acl_check_spam:
warn set acl_m2 = 7M
deny message = Big message
senders = !/etc/exim/big_sender.conf
condition = ${if >{$message_size}{$acl_m2}}
warn set acl_m0 = 0
accept message = contains mail delivery regex ($regex_match_string)
regex = delivery failed : mail delivery
add_header = MY_REPORT_SUBJ: $regex_match_string
set acl_m0 = 1
add_header = MY_REPORT_TEST: $acl_m0
deny malware = *
message = This message contains a virus ($malware_name).
deny message = Spam: This message probably spam
hosts = !+relay_from_hosts
condition = ${if <{$message_size}{100k}{1}{0}}
spam = mail:true
condition = ${if >{$spam_score_int}{49}{1}{0}}
# Рубаем письма с китайскими сиволами
deny message = "this is spam - denied"
condition = ${if match{$message_body} \
{105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
{yes}{no}}
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
to_dspam:
driver = accept
transport = dspam_transport
local_parts = dspam
mail_delivery_local:
driver = manualroute
domains = +local_domains
headers_add = Return-Path: $h_MY_REPORT_RETURN
condition = ${if eq {$acl_m0}{1}{yes}{no}}
route_list = * 10.0.6.5
transport = local_smtp
mail_delivery_no_local:
driver = accept
domains = !+local_domains
headers_add = Return-Path: $h_MY_REPORT_RETURN
condition = ${if eq {$acl_m0}{1}{yes}{no}}
transport = remote_smtp
incoming_spam:
driver = accept
local_parts = yakim
transport = add_incoming_spam
spamscan_router:
no_verify
headers_remove = X-FILTER-SPAM : X-Spam-Score : X-Spam-Score-Gate : X-Spam-Report : X-Spam-Gate-Subject : X-Spam-Flag : X-S
condition = "${if and {{!eq {$received_protocol}{spam-scanned}} {!def:h_X-FILTER-SPAM:} } {1}{0}}"
driver = accept
headers_add = X-FILTER-SPAM: ICF Team Spam Filter on $primary_hostname, $tod_full\n\
X-SENDER-INFO: ${if def:authenticated_id {ID - ${authenticated_id},}} \
${if def:authenticated_sender {authenticated_sender - ${authenticated_sender},}} \
${if def:sender_ident {rfc1413(ident) - ${sender_ident},}} \
${if def:originator_uid {UID - ${originator_uid},}} \
${if def:originator_gid {GID - ${originator_gid}}}
local_parts = !addham: !addspam: !ham: !spam: !nospam
senders = !/etc/exim/white_senders.conf
domains = +local_domains
transport = spamcheck_transport
require_files = /var/spool/dspam:/usr/bin/dspam
to_dspam2:
driver = accept
transport = dspam_transport
local_parts = dspam
copy:
driver = redirect
verify = yes
unseen = yes
allow_fail
allow_defer
senders = ${lookup{$sender_address_local_part}lsearch{/etc/mail/senders}}
data = ${lookup{$sender_address}lsearch{/etc/mail/copy}}
file_transport = address_file
pipe_transport = address_pipe
remove:
driver = redirect
verify = yes
allow_fail
allow_defer
senders = ${lookup{$sender_address_local_part}lsearch{/etc/mail/send_remove}}
data = ${lookup{$sender_address}lsearch{/etc/mail/send_copy}}
file_transport = address_file
pipe_transport = address_pipe
system_aliases:
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
file_transport = address_file
pipe_transport = address_pipe
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
aduser:
driver = manualroute
domains = +local_domains
condition = ${if eq {}{${lookup ldap {user="user@domain.com.ua" pass="password" ldap://10.0.6.5/dc=companion,dc=ua?objectClass?sub?proxyAddresses=smtp:${local_part}@${domain}}}}{no}{yes}}
headers_remove = Sender : Return-Path : X-DSPAM-Factors :
headers_add = Return-Path: $h_MY_REPORT_RETURN
transport = local_smtp
route_list = * 10.0.6.5
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
spamcheck_transport:
driver = pipe
command = "/usr/sbin/exim -oi -oMr spam-scanned -bS"
transport_filter = /usr/bin/dspam --stdout --deliver=innocent,spam --user dspam --mail-from "${lc:$sender_address}" --rcpt-to "${lc:$local_part}@${lc:$domain}"
user = dspam
group = dspam
use_bsmtp = true
home_directory = "/var/spool/dspam"
current_directory = "/var/spool/dspam"
delivery_date_add = true
return_path_add = false
envelope_to_add = true
log_fail_output = true
log_defer_output = true
temp_errors = *
add_incoming_spam:
driver = pipe
command = /usr/bin/dspam --user dspam --class=spam --source=inoculation
return_path_add = false
return_fail_output = true
log_output = true
home_directory = "/var/spool/dspam"
current_directory = "/var/spool/dspam"
user = dspam
group = dspam
message_prefix = ""
message_suffix = ""
# рСР ЯНГДЮЕРЯЪ ЯОЕЖХЮКЭМЮЪ ОЮОЙЮ
# ЙСДЮ ЯЙКЮДШБЮЕРЯЪ ОНЛЕВЕММШИ ЯОЮЛ ДКЪ
# ОНЯКЕДСЧЫЕЦН НЯЛНРПЮ Х ПЮГАНПЮ.
local_delivery_spam_transport:
driver = appendfile
file = /var/spool/dspam/data/domain.com.ua/dspam/dspam.mbox
delivery_date_add
envelope_to_add
return_path_add
group = dspam
user = dspam
mode = 0660
no_mode_fail_narrower
dspam_transport:
driver = appendfile
file = /var/spool/dspam/dspam.mbox
delivery_date_add
envelope_to_add
return_path_add
group = dspam
user = dspam
mode = 0660
no_mode_fail_narrower
remote_smtp:
driver = smtp
interface = IP
local_smtp:
driver = smtp
interface = IP
copy:
driver = smtp
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* * F,12h,1m; G,12h,1h,1; F,1d,1h
######################################################################
# E CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default configuration file.
begin authenticators
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = "${if saslauthd{{$1}{$2}}{1}{0}}"
server_set_id = $1
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1