Muff's website forum

Пожалуйста, войдите или зарегистрируйтесь.

Расширенный поиск  

Новости:

SMF - Just Installed!

Автор Тема: exim smtp фвторизация  (Прочитано 21681 раз)

DN

  • Пионер
  • *
  • Karma: 0
  • Оффлайн Оффлайн
  • Сообщений: 3
    • Просмотр профиля
exim smtp фвторизация
« : Декабря 22, 2013, 02:53:12 am »

всем еще раз привет
знающие и опытные люди помогите пожалуйста решить проблем
начальство уже лишает премии
проблема в следующем приходит спам от самого себя же, да и вообще куча спама каждый день по 50-70 спама, в exime не спец
на форумах куча всякой инфы и не понятно где готовое рабочее решение как сделать авторизацию

спам приходит не смоего ip
конфиг exima
    smtp_accept_max = 100
    MAILMAN_HOME=/usr/local/mailman
    MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
    MAILMAN_USER=mailnull
    MAILMAN_GROUP=mail
    MY_IP = 192.168.50.1
    VIRTUAL_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'local' AND enabled = '1' AND domain = '${quote_mysql:$domain}'
    RELAY_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay'  AND domain = '${quote_mysql:$domain}'
    ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'
    domainlist local_domains = @ : mydomain.ru : mydomain.ru : ${lookup mysql{VIRTUAL_DOMAINS}} : ${lookup mysql{ALIAS_DOMAINS}}
    domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}}
    hostlist   relay_from_hosts = localhost : 192.168.50.0/24 : MY_IP
    trusted_users = www
    hide mysql_servers = localhost::(/tmp/mysql.sock)/vexim/vexim/*********
    acl_smtp_rcpt = acl_check_rcpt
    acl_smtp_data = acl_check_content
    acl_smtp_helo = acl_check_helo
    av_scanner = clamd:/var/run/clamav/clamd.sock
    spamd_address = 127.0.0.1 783
    exim_user = mailnull
    exim_group = mail
    never_users = root
    host_lookup = *
    rfc1413_hosts = *
    rfc1413_query_timeout = 0s
    ignore_bounce_errors_after = 2d
    timeout_frozen_after = 7d
    log_selector = +all
    begin acl
      .include /usr/local/etc/exim/vexim-acl-check-spf.conf
    acl_check_helo:
      .include /usr/local/etc/exim/vexim-acl-check-helo.conf
    acl_check_rcpt:
      .include /usr/local/etc/exim/vexim-acl-check-rcpt.conf
      deny    local_parts   = ^.*[@%!/|] : ^\\.
      accept  local_parts   = postmaster
              domains       = +local_domains
      require verify        = sender
      accept  domains       = +local_domains
              endpass
              verify        = recipient
      accept  domains       = +relay_to_domains
              endpass
              verify        = recipient
      accept  hosts         = +relay_from_hosts
      accept  authenticated = *
      deny    message       = relay not permitted
    acl_check_content:
      .include /usr/local/etc/exim/vexim-acl-check-content.conf
      accept

    begin routers
    dnslookup:
      driver = dnslookup
      domains = ! +local_domains
      transport = remote_smtp
      no_more
    mailman_router:
      driver = accept
      require_files = MAILMAN_HOME/lists/$local_part/config.pck
      local_part_suffix_optional
      local_part_suffix = -bounces : -bounces+* : \
                          -confirm+* : -join : -leave : \
                          -owner : -request : -admin
      headers_remove = X-Spam-Score:X-Spam-Report
      transport = mailman_transport
    ditch_maxmsgsize:
      driver = redirect
      allow_fail
      condition = ${if >{$message_size}{${lookup mysql{select users.maxmsgsize from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.maxmsgsize > 0 \
                    and users.domain_id=domains.domain_id }{${value}K}fail}} {yes}{no}}
      data = :fail:\n\Your message is too big.\n \
                    Your message was rejected because the user $local_part@$domain\n \
                    does not accept messages larger than \
                    ${lookup mysql{select users.maxmsgsize from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.maxmsgsize > 0 \
                    and users.domain_id=domains.domain_id}{${value}K}fail} Kb.
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
    ditch_malware:
      driver = redirect
      allow_fail
      data = :blackhole:
      condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
                             {eq {${lookup mysql{select users.on_avscan from users,domains \
                                    where localpart = '${quote_mysql:$local_part}' \
                                    and domain = '${quote_mysql:$domain}' \
                                    and users.on_avscan = '1' \
                                    and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
    ditch_hdrmailer:
      driver = redirect
      allow_fail
      data = :blackhole:
      condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                            where blocklists.blockhdr = 'x-mailer' \
                            and blocklists.blockval = '${quote_mysql:$h_x-mailer:}' \
                            and users.localpart = '${quote_mysql:$local_part}' \
                            and domains.domain = '${quote_mysql:$domain}' \
                            and domains.domain_id=blocklists.domain_id \
                            and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
    ditch_hdrto:
      driver = redirect
      allow_fail
      data = :blackhole:
      condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                            where blocklists.blockhdr = 'to' \
                            and blocklists.blockval = '${quote_mysql:$h_to:}' \
                            and users.localpart = '${quote_mysql:$local_part}' \
                            and domains.domain = '${quote_mysql:$domain}' \
                            and domains.domain_id=blocklists.domain_id \
                            and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
    ditch_hdrfrom:
      driver = redirect
      allow_fail
      data = :blackhole:
      condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                            where blocklists.blockhdr = 'from' \
                            and blocklists.blockval = '${quote_mysql:$h_from:}' \
                            and users.localpart = '${quote_mysql:$local_part}' \
                            and domains.domain = '${quote_mysql:$domain}' \
                            and domains.domain_id=blocklists.domain_id \
                            and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
    ditch_hdrsubject:
      driver = redirect
      allow_fail
      data = :blackhole:
      condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                            where blocklists.blockhdr = 'subject' \
                            and blocklists.blockval = '${quote_mysql:$h_subject:}' \
                            and users.localpart = '${quote_mysql:$local_part}' \
                            and domains.domain = '${quote_mysql:$domain}' \
                            and domains.domain_id=blocklists.domain_id \
                            and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
    virtual_vacation:
      driver = accept
      condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk|list}} \
                             {eq {${lookup mysql{select users.on_vacation from users,domains \
                                    where localpart = '${quote_mysql:$local_part}' \
                                    and domain = '${quote_mysql:$domain}' \
                                    and users.on_vacation = '1' \
                                    and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
      no_verify
      no_expn
      unseen
      transport = virtual_vacation_delivery
    virtual_forward:
      driver = redirect
      check_ancestor
      unseen = ${if eq {${lookup mysql{select unseen from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.on_forward = '1' \
                    and users.domain_id=domains.domain_id}}}{1} {yes}{no}}
      data = ${lookup mysql{select forward from users,domains \
            where localpart='${quote_mysql:$local_part}' \
            and domain='${quote_mysql:$domain}' \
            and users.domain_id=domains.domain_id \
            and on_forward = '1'}}
      condition = ${if and { {!match {$h_precedence:}{(?i)junk}} \
                             {eq {${lookup mysql{select users.on_forward from users,domains \
                                    where localpart = '${quote_mysql:$local_part}' \
                                    and domain = '${quote_mysql:$domain}' \
                                    and users.on_forward = '1' \
                                    and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }

    virtual_domains:
      driver = redirect
      allow_fail
      data = ${lookup mysql{select smtp from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and domains.enabled = '1' \
                    and users.enabled = '1' \
                    and users.domain_id = domains.domain_id}}
      headers_add = ${if >{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.on_spamassassin = '1' \
                    and users.domain_id=domains.domain_id }{$value}fail}} {X-Spam-Flag: YES\n}{} }
      headers_remove = ${if or { { <{$spam_score_int}{1} } \
                                 { <{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                                   where localpart = '${quote_mysql:$local_part}' \
                                   and domain = '${quote_mysql:$domain}' \
                                   and users.on_spamassassin = 1 \
                                   and users.domain_id=domains.domain_id}{$value}fail}} } \
                                 { eq {0}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                                   where localpart = '${quote_mysql:$local_part}' \
                                   and domain = '${quote_mysql:$domain}' \
                                   and users.on_spamassassin = 0 \
                                   and users.domain_id=domains.domain_id}{$value}fail}}} \
                               } {X-Spam-Score:X-Spam-Report} }
      local_part_suffix = -*
      local_part_suffix_optional
      retry_use_local_part
      file_transport = virtual_delivery
      reply_transport = address_reply
      pipe_transport = address_pipe

    .include /usr/local/etc/exim/vexim-group-router.conf
    virtual_domains_catchall:
      driver = redirect
      allow_fail
      data = ${lookup mysql{select smtp from users,domains where localpart = '*' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.domain_id = domains.domain_id}}
      retry_use_local_part
      file_transport = virtual_delivery
      reply_transport = address_reply
      pipe_transport = address_pipe_catchall
    virtual_domain_alias:
      driver = redirect
      allow_fail
      data = ${lookup mysql{select concat('${quote_mysql:$local_part}@', domain) \
                    from domains,domainalias where domainalias.alias = '${quote_mysql:$domain}' \
                    and domainalias.domain_id = domains.domain_id}}
      retry_use_local_part

    system_aliases:
      driver = redirect
      allow_fail
      allow_defer
      data = ${lookup{$local_part}lsearch{/etc/aliases}}
      user = mailnull
      group = mail
      file_transport = address_file
      pipe_transport = address_pipe
    userforward:
      driver = redirect
      check_local_user
      file = $home/.forward
      no_verify
      no_expn
      check_ancestor
      file_transport = address_file
      pipe_transport = address_pipe_local
      reply_transport = address_reply
      condition = ${if exists{$home/.forward} {yes} {no} }
      group = mail
    localuser:
      driver = accept
      check_local_user
      transport = local_delivery
      cannot_route_message = Unknown user
    begin transports
    remote_smtp:
      driver = smtp
    local_delivery:
      driver = appendfile
      file = /var/mail/$local_part
      delivery_date_add
      envelope_to_add
      return_path_add
      group = mail
      user = $local_part
      mode = 0660
      no_mode_fail_narrower
    virtual_delivery:
      driver = appendfile
      envelope_to_add
      return_path_add
      mode = 0600
      maildir_format = true
      create_directory = true
      directory = ${lookup mysql{select smtp from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.domain_id = domains.domain_id}}
      user = ${lookup mysql{select users.uid  from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.domain_id = domains.domain_id}}
      group = ${lookup mysql{select users.gid from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.domain_id = domains.domain_id}}
      quota = ${lookup mysql{select users.quota from users,domains \
                    where localpart = '${quote_mysql:$local_part}' \
                    and domain = '${quote_mysql:$domain}' \
                    and users.domain_id = domains.domain_id}{${value}M}}
      quota_is_inclusive = false
      quota_warn_threshold = 75%
      maildir_use_size_file = false
      quota_warn_message = "To: $local_part@$domain\n\
                            Subject: Mailbox quota warning\n\n\
                            This message was automatically generated by the mail delivery software.\n\n\
                            You are now using over 75% of your allocated mail storage quota.\n\n\
                            If your mailbox fills completely, further incoming messages will be automatically\n\
                            returned to their senders.\n\n\
                            Please take note of this and remove unwanted mail from your mailbox.\n"
    virtual_vacation_delivery:
      driver   = autoreply
      from     = "${local_part}@${domain}"
      to       = ${sender_address}
      subject  = "Autoreply from ${local_part}@${domain}"
      text     = ${lookup mysql{select vacation from users,domains \
                    where domain='${quote_mysql:$domain}' \
                    and localpart='${quote_mysql:$local_part}' \
                    and users.domain_id=domains.domain_id}}
    mailman_transport:
      driver = pipe
      command = MAILMAN_WRAP \
                '${if def:local_part_suffix \
                      {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                      {post}}' \
                $local_part
      current_directory = MAILMAN_HOME
      home_directory = MAILMAN_HOME
      user = MAILMAN_USER
      group = MAILMAN_GROUP
    address_pipe:
      driver = pipe
      return_output
      user = ${lookup mysql{select users.uid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = d
      group = ${lookup mysql{select users.gid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id =
    address_pipe_catchall:
      driver = pipe
      return_output
      user = ${lookup mysql{select users.uid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
      user = ${lookup mysql{select users.uid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = d
      group = ${lookup mysql{select users.gid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id =
    address_pipe_catchall:
      driver = pipe
      return_output
      user = ${lookup mysql{select users.uid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
      group = ${lookup mysql{select users.gid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
    address_pipe_local:
      driver = pipe
      return_output
    address_file:
      driver = appendfile
      delivery_date_add
      envelope_to_add
      return_path_add
    address_reply:
      driver = autoreply
    begin retry
    *                      *           F,2h,15m; G,16h,1h,1.5; F,14d,6h
    begin rewrite
    begin authenticators
    plain_login:
            driver = plaintext
            public_name = PLAIN
            server_condition = ${lookup mysql{SELECT '1' FROM users \
                                    WHERE username = '${quote_mysql:$2}' \
                                    AND clear = '${quote_mysql:$3}'} {yes}{no}}
            server_set_id = $2
    fixed_login:
            driver = plaintext
            public_name = LOGIN
            server_prompts = "Username:: : Password::"
            server_condition = ${lookup mysql{SELECT '1' FROM users \
                                    WHERE username = '${quote_mysql:$1}' \
                                    AND clear = '${quote_mysql:$2}'} {yes}{no}}
            server_set_id = $1
    fixed_cram:
            driver = cram_md5
            public_name = CRAM-MD5
            server_secret = ${lookup mysql{SELECT clear FROM users \
                                    WHERE username = '${quote_mysql:$1}'}{$value}fail}
            server_set_id = $1

почта нужно что бы работала и по лакалке и с миром
если все заработает отблагодарю финансово
« Последнее редактирование: Декабря 24, 2013, 03:10:59 pm от muff »
Записан

muff

  • Administrator
  • Долгожитель
  • ***
  • Karma: 0
  • Оффлайн Оффлайн
  • Сообщений: 283
    • Просмотр профиля
    • IT, Network, Beer!
Re: exim smtp фвторизация
« Ответ #1 : Декабря 24, 2013, 03:09:31 pm »

Как вариант можете сделать выборку ACL из конфига, который есть в этой статье: http://muff.kiev.ua/content/exim-nastroika-pochtovogo-servera-na-baze-exim-s-khraneniem-spiska-polzovatelei-v-bd-mysql-i и прицепить к своему конфигу.
Также дополнительно можете "прицепить" SpamProbe: http://muff.kiev.ua/content/spamprobe-filtruem-spam

P.S. Реквизиты доступа к БД не публикуйте в открытую, проверяйте конфиги перед публикацией на вхождение логинов/паролей. Поменял пароль к БД на звездочки.
« Последнее редактирование: Декабря 24, 2013, 03:15:27 pm от muff »
Записан
Если нет ответа, то давайте подумаем...
 

Страница сгенерирована за 0.276 секунд. Запросов: 28.