exim - Open Relay
Добавлено: 2010-10-04 12:30:44
По видимому мой сервер ( exim 4.69) стал работать как open relay, хотя в конфе я все закрыл (часть конфига приведен ниже):
Проверял на тесте: http://tests.nettools.ru/ - говорит что все норм, как и этот тоже telnet relay-test.mail-abuse.org.
в день уходит порядка 40 тыс. писем, в очереди висит порядка 50 тыс. сообщений.
и главное что в адрес отправителя пихет не мой домен xxxx@mydomen.domen.ru а домен xxx@domen.ru
как побороть эту заразу, помоги советом.
заголовок письма отсылаемого сервером:
заранее спасибо.
Проверял на тесте: http://tests.nettools.ru/ - говорит что все норм, как и этот тоже telnet relay-test.mail-abuse.org.
в день уходит порядка 40 тыс. писем, в очереди висит порядка 50 тыс. сообщений.
и главное что в адрес отправителя пихет не мой домен xxxx@mydomen.domen.ru а домен xxx@domen.ru
как побороть эту заразу, помоги советом.
Код: Выделить всё
primary_hostname = mydomen.domen.ru
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND \
(type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
auth_advertise_hosts = *
daemon_smtp_ports = 25 : 465
#tls_on_connect_ports = 465
#tls_advertise_hosts = *
#tls_certificate = /etc/ssl/certs/mail.pem
#tls_privatekey = /etc/ssl/certs/mail.pem
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_content
spamd_address = 127.0.0.1 783
qualify_domain = mydomen.domen.ru
allow_domain_literals = false
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 30m
timeout_frozen_after = 3d
auto_thaw = 1h
freeze_tell = postmaster
message_size_limit = 100M
smtp_accept_max = 150
smtp_accept_max_per_connection = 300
smtp_accept_max_per_host = 20
# for subscribe
smtp_accept_max_nonmail_hosts = 192.168.2.11
smtp_accept_max_nonmail = 100
split_spool_directory = true
remote_max_parallel = 15
smtp_banner = "Welcome on our mail server!\n\
This system does not accept Unsolicited \
Commercial Email\nand will blacklist \
offenders via our spam processor.\nHave a \
nice day!\n\n${primary_hostname} ESMTP"
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = HELO/EHLO required by SMTP RFC
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
deny message = IP in HELO/EHLO
hosts = *:!+relay_from_hosts
condition = ${if eq{$sender_helo_name}{$sender_host_address}{true}{false}}
deny message = This is my ip! Go Away!
hosts = !127.0.0.1 : !localhost : *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
deny message = HELO is digit. Go Away!
hosts = !127.0.0.1:!localhost:*
condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
deny message = Go Away! You are spammer.
condition = ${if match{$sender_host_name} \
{bezeqint\\.net|net\\.il|dialup|dsl|.dsl.|pool|.pool.|peer|dhcp|dslam|dynamic|static|.wanadoo.|ppp|cable|customer|asianet|node|client|.free.fr\$} \
{yes}{no}}
accept
message = Your mail is right!
senders = lsearch*@;/usr/local/exim/rightsenders
accept
hosts = wildlsearch; /usr/local/exim/whitelist
warn
hosts = *:!+relay_from_hosts
set acl_m0 = 25s
warn
hosts = +relay_from_hosts
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
deny
message = "You are spammer in my blacklist! Go Away!"
hosts = wildlsearch; /usr/local/exim/spam
deny message = rejected because $sender_host_address \
is in a black list at $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = cbl.abuseat.org
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
deny message = Homo hominus lupus est
...
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}
userforward:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM userforward \
WHERE local_part='${local_part}' AND domain='${domain}'}}
virtual_localuser:
driver = accept
domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}}
local_parts = ${lookup mysql{SELECT login from users \
WHERE login='${local_part}' AND domain='${domain}'}}
transport = local_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = /var/mail/$domain/$local_part
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0660
quota = ${lookup mysql{SELECT quota FROM users \
WHERE login='${local_part}' AND domain='${domain}'}{${value}M}}
quota_size_regex = S=(\d+)$
quota_warn_threshold = 75%
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
....
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT login FROM users \
WHERE login = '${quote_mysql:${local_part:$2}}' \
AND domain = '${quote_mysql:${domain:$2}}' \
AND decrypt = '${quote_mysql:$3}' \
AND status = '1'}{yes}{no}}
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT login FROM users \
WHERE login = '${quote_mysql:${local_part:$1}}' \
AND domain = '${quote_mysql:${domain:$1}}' \
AND decrypt = '${quote_mysql:$2}' \
AND status = '1'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT decrypt FROM users \
WHERE login = '${quote_mysql:${local_part:$1}}' \
AND domain = '${quote_mysql:${domain:$1}}' \
AND status = '1'}{$value}fail}
server_set_id = $1
Код: Выделить всё
202P Received: from [80.92.107.71] (helo=ejotaflrw9)
by .domen.ru with smtp (Exim 4.69)
(envelope-from <ozp@domen.ru>)
id 1P12qd-0006Ks-Nu
for info@rainfun.com; Thu, 30 Sep 2010 04:02:00 +0800
038 Date: Thu, 30 Sep 2010 05:08:59 +0800
044F From: =?GB2312?B?zfXLrsHh?= <ozp@domen.ru>
041R Reply-To: "Mr.ptxc" <aseryseye@sina.com>
030T To: "info" <info@rainfun.com>
063 Subject: =?GB2312?B?xvPStbapwaLAzbavus/NrLXEs6O8+87zx/ihow==?=
046I Message-ID: <201009300508598539024@domen.ru>
038 X-Mailer: Foxmail 6, 10, 201, 20 [cn]
018 MIME-Version: 1.0
044 Content-Type: text/plain;
charset="GB2312"
034 Content-Transfer-Encoding: base64