1
Почта / SMTP авторизацию в exim
« : Марта 23, 2012, 11:25:17 am »
Здравствуйте.
Пересмотрел весь инет но решения для себя пока не нашел.
Может кто подскажет.
Если в exim.conf ставишь hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24 то идет ошибка relay not permitted, если добавляешь
белый ip все нормально рабатает, но исходящая почта идет без авторизациию.Спамером быть не хочется.
Конфиг exim.conf представляю
[spoiler]
primary_hostname = maydomen.ru
domainlist local_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
domainlist relay_to_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24
acl_smtp_rcpt = acl_check_rcpt
#acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data
# av_scanner = clamd:/tmp/clamd
# spamd_address = 127.0.0.1 783
# Allow any client to use TLS.
# tls_advertise_hosts = *
# Аутентификация по паролю для следующих хостов:
auth_advertise_hosts = *
# tls_certificate = /etc/ssl/exim.crt
# tls_privatekey = /etc/ssl/exim.pem
daemon_smtp_ports = 25 : 465 : 587
# tls_on_connect_ports = 465
qualify_domain = maydomen.ru
qualify_recipient = maydomen.ru
allow_domain_literals = false
# Пользователь от которого работает exim
exim_user = mail
# группа в кторой работает exim
exim_group = mail
# Note that the default setting means you cannot deliver mail addressed to root
# as if it were a normal user. This isn't usually a problem, as most sites have
# an alias for root that redirects such mail to a human administrator.
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
smtp_banner = Privet Chuvak
hide mysql_servers = 127.0.0.1/exim/exim/exim
log_selector = \
-all_parents \
-connection_reject \
-incoming_interface \
-lost_incoming_connection \
-received_sender \
-received_recipients \
-smtp_confirmation \
-smtp_syntax_error \
-smtp_protocol_error \
-queue_run
# Убираем собственную временную метку exim`a из логов, её ставит
# сам syslogd - нефига дублировать
syslog_timestamp = no
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
# Пропускаем аутентифицированных пользователей
accept authenticated = *
# Пропускаем указанные компьютеры
accept domains = +local_domains
accept hosts = +relay_from_hosts
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
accept
acl_check_data:
accept
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}}
# data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
# This router runs procmail if users have a .procmailrc file
procmail:
check_local_user
driver = accept
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
# This router runs maildrop if users have a .mailfilter file
maildrop:
check_local_user
driver = accept
transport = maildrop_pipe
require_files = ${local_part}:+${home}:+${home}/.mailfilter:+/usr/bin/maildrop
no_verify
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
# Всё что осталось - это локальные адресаты.
# Доставляем почту в dovecot
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM \
`alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# Доставка локальным адресатам - в dovecot
dovecot_delivery:
driver = pipe
command = /usr/libexec/dovecot/deliver -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mail
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
address_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
address_reply:
driver = autoreply
# This transport is used for procmail
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
# This transport is used for courier-maildrop filtering (Maildir filter system)
maildrop_pipe:
driver = pipe
command = "/usr/bin/maildrop -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin authenticators
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = <| Username: | Password:
server_condition = ${lookup mysql{SELECT `username` FROM \
`mailbox` WHERE `username` = \
'${quote_mysql:$auth1}' AND `password` = \
'${quote_mysql:$auth2}'}{yes}{no}}
server_advertise_condition = ${if def:tls_cipher }
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${lookup mysql{SELECT `username` FROM \
`mailbox` WHERE `username` = \
'${quote_mysql:$auth1}' AND `password` = \
'${quote_mysql:$auth2}'}{yes}{no}}
server_advertise_condition = ${if def:tls_cipher }
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM \
`mailbox` WHERE `username` \
= '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $1
# begin local_scan
# End of Exim configuration file
[/spoiler]
Пересмотрел весь инет но решения для себя пока не нашел.
Может кто подскажет.
Если в exim.conf ставишь hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24 то идет ошибка relay not permitted, если добавляешь
белый ip все нормально рабатает, но исходящая почта идет без авторизациию.Спамером быть не хочется.
Конфиг exim.conf представляю
[spoiler]
primary_hostname = maydomen.ru
domainlist local_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
domainlist relay_to_domains = ${lookup mysql{SELECT `domain` \
FROM `domain` WHERE \
`domain`='${domain}' AND \
`active`='1'}}
hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24
acl_smtp_rcpt = acl_check_rcpt
#acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data
# av_scanner = clamd:/tmp/clamd
# spamd_address = 127.0.0.1 783
# Allow any client to use TLS.
# tls_advertise_hosts = *
# Аутентификация по паролю для следующих хостов:
auth_advertise_hosts = *
# tls_certificate = /etc/ssl/exim.crt
# tls_privatekey = /etc/ssl/exim.pem
daemon_smtp_ports = 25 : 465 : 587
# tls_on_connect_ports = 465
qualify_domain = maydomen.ru
qualify_recipient = maydomen.ru
allow_domain_literals = false
# Пользователь от которого работает exim
exim_user = mail
# группа в кторой работает exim
exim_group = mail
# Note that the default setting means you cannot deliver mail addressed to root
# as if it were a normal user. This isn't usually a problem, as most sites have
# an alias for root that redirects such mail to a human administrator.
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
smtp_banner = Privet Chuvak
hide mysql_servers = 127.0.0.1/exim/exim/exim
log_selector = \
-all_parents \
-connection_reject \
-incoming_interface \
-lost_incoming_connection \
-received_sender \
-received_recipients \
-smtp_confirmation \
-smtp_syntax_error \
-smtp_protocol_error \
-queue_run
# Убираем собственную временную метку exim`a из логов, её ставит
# сам syslogd - нефига дублировать
syslog_timestamp = no
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
# Пропускаем аутентифицированных пользователей
accept authenticated = *
# Пропускаем указанные компьютеры
accept domains = +local_domains
accept hosts = +relay_from_hosts
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
accept
acl_check_data:
accept
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}}
# data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
# This router runs procmail if users have a .procmailrc file
procmail:
check_local_user
driver = accept
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
# This router runs maildrop if users have a .mailfilter file
maildrop:
check_local_user
driver = accept
transport = maildrop_pipe
require_files = ${local_part}:+${home}:+${home}/.mailfilter:+/usr/bin/maildrop
no_verify
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
# Всё что осталось - это локальные адресаты.
# Доставляем почту в dovecot
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM \
`alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# Доставка локальным адресатам - в dovecot
dovecot_delivery:
driver = pipe
command = /usr/libexec/dovecot/deliver -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mail
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
address_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
address_reply:
driver = autoreply
# This transport is used for procmail
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
# This transport is used for courier-maildrop filtering (Maildir filter system)
maildrop_pipe:
driver = pipe
command = "/usr/bin/maildrop -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin authenticators
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = <| Username: | Password:
server_condition = ${lookup mysql{SELECT `username` FROM \
`mailbox` WHERE `username` = \
'${quote_mysql:$auth1}' AND `password` = \
'${quote_mysql:$auth2}'}{yes}{no}}
server_advertise_condition = ${if def:tls_cipher }
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${lookup mysql{SELECT `username` FROM \
`mailbox` WHERE `username` = \
'${quote_mysql:$auth1}' AND `password` = \
'${quote_mysql:$auth2}'}{yes}{no}}
server_advertise_condition = ${if def:tls_cipher }
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT `password` FROM \
`mailbox` WHERE `username` \
= '${quote_mysql:$auth1}'}{$value}fail}
server_set_id = $1
# begin local_scan
# End of Exim configuration file
[/spoiler]