Если у меня опускаются руки, это значит, я потянулся к кувалде
https://forum.lissyara.su/
Код: Выделить всё
# Проверка SPF
deny message = "[SPF] $sender_host_address is not allowed to send mail from $sender_address_domain"
log_message = SPF check failed
spf = fail
hosts = !+relay_from_hosts : !+my_lan_hosts : *
Код: Выделить всё
# Прибиваем всякие dialup и т.п.
deny message = "SPAM!!! If you think that system is mistaken, please report details to postmaster@domain.ru"
condition = ${if match{$sender_host_name}{client|node|ppp|cable|dialup|pool|peer|dhcp|dslam}{yes}{no}}
Код: Выделить всё
# Проверяем, существует ли домен отправителя
deny log_message = Sender verify failed
!verify = sender/callout=5s,maxwait=30s
Код: Выделить всё
hostlist my_lan_hosts = 192.168.x.x/24
Мог. :-)DeVeO писал(а):Понятно. А ты не мог бы пояснить как работает правило с SPF (в Exim'e)? Не очень понимаю...
Код: Выделить всё
ns# nslookup -type=txt mail.ru
mail.ru text = "v=spf1 ip4:194.67.57.0/24 ip4:194.67.23.0/24 ip4:194.67.45.0/24 ~all"
ns# nslookup -type=txt inbox.ru
inbox.ru text = "v=spf1 ip4:194.67.57.0/24 ip4:194.67.23.0/24 ip4:194.67.45.0/24 ~all"
Код: Выделить всё
2006-12-25 17:00:08 Exim configuration error in line 416 of /usr/local/etc/exim/configure:
error in ACL: unknown ACL condition/modifier in "spf = fail"
)Код: Выделить всё
# ACL for entire mail
begin acl
# This rules are work for all
acl_check_rcpt:
# Allow mail from localhost not for TCP/IP
accept hosts = :
# Check for incorrect symbols in address @; %; !; /; |.
# If `percent_hack_domains` enabled than % should be removed
# Check local domains
deny message = "Incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# Check not local domains
deny message = "Incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# Accept mail for local-domain postmasters
accept local_parts = postmaster
domains = +local_domains
# Sender address verification
#require verify = sender
# Deny all without HELO/EHLO
deny message = "Where your HELO/EHLO?! Gona read RFC..."
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
# Allow all from auth users
accept authenticated = *
# Deny from all who send IP in HELO
deny message = "Your IP in HELO??? Hmm... I think you're spammer!"
hosts = * : !+relay_from_hosts : !192.168.0.0/24
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
# Deny from all who send our IP in HELO
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "My IP in YOUR HELO??? Hmm... I think you're spammer!"
# Deny from all who send my hostname in HELO
deny condition = ${if eq{$sender_helo_name}{$primary_hostname}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "My hostname in YOUR HELO??? Hmm... I think you're spammer!"
# Deny from all who send just numeric HELO
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Your HELO containts only number! Gona read RFC..."
# Deny from all who didn't send sender address
# deny condition = ${if eq{$sender_address}{}{yes}{no}}
# hosts = !127.0.0.1 : !localhost : *
# message = "Where sender of this mail?! Gona read RFC..."
Код: Выделить всё
# Deny from all who didn't send sender address (Space)
deny condition = ${if match{$sender_address}{\N^\s+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Where _RIGHT_ sender of this mail?! Gona read RFC..."
# Deny all from adsl, pppoe, etc...
deny message = "Your hostname is very bad to send email (adsl, poll, ppp & etc). You should use provider's SMTP server."
condition = ${if match{$sender_host_name} \
{adsl|dialup|dial-up|pool|peer|dhcp|pppoe|dynamic} \
{yes}{no}}
# DELAY
warn
# Default delay
set acl_m0 = 20s
warn
# For friendly hosts delay 0s
hosts = +relay_from_hosts:my_own_friendly_servers_net/24
set acl_m0 = 0s
warn
# Delay logging
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
# Check recipient in local domains
# If not match go to other ACL
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
# Check recipient in relayed domains
# If not match go to other ACL
accept domains = +relay_to_domains
endpass
message = "Mail server not know how relay to this address"
verify = recipient
# Use public blacklist's databases
deny message = "Your IP in blacklist. See $dnslist_domain \n $dnslist_text"
dnslists = relays.ordb.org : \
opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org : \
relays.ordb.org
# Allow mail from relay_from_hosts list
accept hosts = +relay_from_hosts
# !!!ALL OTHER DENY!!!
deny message = "Hey, man! I think you're spammer... So, no any mail from your! Bye!"
# ACL for mail body
acl_check_data:
# Deny China messages
deny message = "Hm... China Spam??? Gona Hell!"
condition = ${if match{$message_body} \
{105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
{yes}{no}}
# Check mail for viruses
deny malware = *
message = "In e-mail found VIRUS - $malware_name"
# Other allow
accept
любопытно.. ждем-с..lissyara писал(а):Щас для телекомовской мыльницы конфиг пишу. Доделаю - выложу.
Очень много интересных идей, явялющихся продолжением старых....
если не сложно поделись реализациейlissyara писал(а):А я как раз белый лист реализовал
в смысле "не понимаю, не вникал "? видимо ты очень счастливый человек..... нету у тебя спама.lissyara писал(а):А вот грейлистинга этого непонимаю - вернее, не вникал - некогда пока
Этак вежливо напоминаюlissyara писал(а): А белые листы - тока во вторник - щас с домашней машиной ковыряюсь
)Код: Выделить всё
remote_smtp:
driver = smtp
# Это - необязательно :)
headers_add = "X-Descriptions: powered by www.lissyara.su"
hosts_avoid_esmtp = ${lookup mysql{INSERT IGNORE INTO `sended_list` \
(`user_from`, `user_to`, `added_timestamp`, \
`last_mail_timestamp`, `mail_count`) VALUES \
('${quote_mysql:$sender_address}', \
'${quote_mysql:$local_part@$domain}', \
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1') ON DUPLICATE \
KEY UPDATE `last_mail_timestamp` = UNIX_TIMESTAMP(), \
`mail_count` = `mail_count` + 1}}Код: Выделить всё
# Вводим acl_m2 с нулевым значением
warn set acl_m2 = 0
# Проверяем - не было ли писем НА домен отправителя от наших юзеров.
# Если были - то потом, в фильтре, обнулим количество насчитанных очков.
warn condition = ${if eq{${lookup mysql{SELECT 1 FROM `sended_list` \
WHERE `user_to` = \
'${quote_mysql:$sender_address}' AND `user_from` \
= '${quote_mysql:$local_part@$domain}' AND \
`last_mail_timestamp` < `last_mail_timestamp` \
+ (60*24*60*60)}}}{1}{yes}{no}}
condition = ${lookup mysql{INSERT IGNORE INTO `domain_whitelist` \
(`domainname`, `domain_ip`, `added_timestamp`, \
`last_mail_timestamp`, `mail_count`) \
VALUES ('${quote_mysql:$sender_address_domain}', \
'${quote_mysql:$sender_host_address}', \
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1') ON \
DUPLICATE KEY UPDATE \
`last_mail_timestamp` = UNIX_TIMESTAMP(), \
`mail_count` = `mail_count` + 1}}
hosts = !+relay_from_hosts : *
set acl_m2 = 1
logwrite = STAGE12: $sender_address ==> $local_part@$domain; setting acl_m2 = $acl_m2; WHITELIST for this addresses
# Переменная изменилась лишь если это были те же самые получатели,что и общались
# при внесении данных в транспорте. Для остальных этот домен так и остался
# без изменений. Соответственно надо сделать его и для остальных белым.
warn condition = ${if eq{${lookup mysql{SELECT 1 FROM `domain_whitelist` \
WHERE `domain_ip` = \
'${quote_mysql:$sender_host_address}'}}}{1} \
{yes}{no}}
hosts = !+relay_from_hosts : *
set acl_m2 = 1
logwrite = STAGE13: $sender_address ==> $local_part@$domain; setting acl_m2 = $acl_m2; WHITELIST for ALL domainsКод: Выделить всё
--
-- Структура таблицы `domain_whitelist`
--
CREATE TABLE `domain_whitelist` (
`id` int(9) NOT NULL auto_increment,
`domainname` varchar(64) collate cp1251_bin NOT NULL,
`domain_ip` varchar(16) collate cp1251_bin NOT NULL,
`added_timestamp` int(32) NOT NULL,
`last_mail_timestamp` int(32) NOT NULL,
`mail_count` int(9) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `domainname` (`domainname`,`domain_ip`)
) ENGINE=MyISAM DEFAULT CHARSET=cp1251 COLLATE=cp1251_bin COMMENT='Таблица белых доменов' AUTO_INCREMENT=1;Код: Выделить всё
--
-- Структура таблицы `sended_list`
--
CREATE TABLE `sended_list` (
`id` int(32) NOT NULL auto_increment,
`user_from` varchar(64) collate cp1251_bin NOT NULL,
`user_to` varchar(64) collate cp1251_bin NOT NULL,
`added_timestamp` int(32) NOT NULL,
`last_mail_timestamp` int(32) NOT NULL,
`mail_count` int(6) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `user_from` (`user_from`,`user_to`)
) ENGINE=MyISAM DEFAULT CHARSET=cp1251 COLLATE=cp1251_bin COMMENT='Таблица белых хостов' AUTO_INCREMENT=1;Код: Выделить всё
# Сбрасываем спамерскую переменную, если домен в белом списке
warn condition = ${if eq{$acl_m2}{1}{yes}{no}}
set acl_m0 = 1
logwrite = Resetting acl_m0 $acl_m0 --> 0, host in whitelistКод: Выделить всё
warn
# condition = ${if !eq{$acl_m0}{0}{yes}{no}}
# condition = ${if <{$acl_m0}{60}{yes}{no}}
set acl_c0 = 5s
warn
#
condition = ${if !eq{$acl_m0}{0}{yes}{no}}
condition = ${if <{$acl_m0}{150}{yes}{no}}
set acl_c0 = 15s
warn
# Вычисляем задержку на основании насчитанных за спам очков:
condition = ${if !eq{$acl_m0}{0}{yes}{no}}
condition = ${if >{$acl_m0}{150}{yes}{no}}
set acl_c0 = ${eval:$acl_m0/10}s
warn
# ставим задержку в 0 секунд своим хостам и
# дружественным сетям (соседняя контора :))
hosts = +relay_from_hosts
set acl_c0 = 0s
warn
# Ставим нулевую задержку хостам, с которми юзеры переписываются
condition = ${if eq{$acl_m2}{1}{yes}{no}}
set acl_c0 = 0s
warn
# пишем в логи задержку (если оно вам надо)
logwrite = Delay $acl_c0 (spam counter = $acl_m0; white host = $acl_m2) for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_c0Код: Выделить всё
ON DUPLICATE KEY UPDATE