Sitemap
Links
+++ erd.trabant +++

+++ erd.trabant +++

blablabla

blablabla

Exim4 - VHost/PGSQL/SA/VScan Configuration

  1. #main
  2. #sql makros
  3. #acl rcpt
  4. #acl data
  5. #router
  6. #transports
  7. #retry
  8. #rewrite
  9. #auth

#acl rcpt Exim4.6 Config

#################################################################
# ACL #
#################################################################

begin acl

#################################################################
# ACL RCPT #
#################################################################

acl_check_rcpt:

####### add some headers

#warn message = X-Test2: true

# warn set acl_m3 = ${lookup pgsql{SQL_ACCOUNT_NAME}{$value}{0}}
# authenticated = *
# warn message = X-Authed-User: $acl_m3
# authenticated = *


warn message = X-Authed-User: ${lookup pgsql{SQL_ACCOUNT_NAME}{$value}{0}}
authenticated = *

warn message = X-Relay-Host: Yes
hosts = +relay_from_hosts

#not added ? why not?
warn message = X-Local-Host: Yes
hosts = :


############################

accept hosts = :

### attention: exim bug?????: ' is totally ignored here in the regex! use quote_pgsql!!!!!
# deny local_parts = ^[.] : ^.*[@%!/|] : ^[./|] : ^.*[@%!] : ^.*/\\.\\./

deny local_parts = ^.*[@%!/|']
message = invalid characters in local part. We have never seen ., @, %, !, /, or | \
in an any e-mail address. Neither should you.

deny local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = Restricted characters in address
domains = !+local_domains

# Always accept mail to postmaster & abuse for any local domain
accept local_parts = postmaster:abuse
domains = +local_domains

# check Helo
deny message = "HELO/EHLO required by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}

# If the remote host greets with an IP address, then reject the mail.
deny message = Using IP Address in HELO/EHLO Greeting - Message was delivered by ratware
log_message = remote host used IP address in HELO/EHLO greeting
condition = ${if isip {$sender_helo_name}{true}{false}}

# only 1 recipient for null sender!
deny message = Only one receipient accepted for NULL sender
senders = :
condition = ${if >{$rcpt_count}{1} {1}}

require verify = sender

#hey, this does not work??? :
##########acl for dictionairy attacks....,
##########e.g. if a virus collects mails and sends through authed client.....ouch
##########blacklist host if failed rcpt count is greater than xx rcpts
#drop hosts = /home/Exim/deny_smtp.lst
# message = Connection denied from $sender_host_address after dictionairy attack!\
# Please check your systemfor viruses and re-connect. Maybe you \
# have to redial your internetconnection.\
# Please inform your Administrator. Blacklisting will be revoked \
# after 15 Minutes of inactivity. Please \
# check your system for viruses again! thx.
#
# deny message = Appears to be a dictionairy Attack, please check recipients and\
# check system for viruses
# Your Host is added to the local Blacklist! \
# Please Contact your Administrator.
# condition = ${if > {${eval:$rcpt_fail_count}}{1}{yes}{no}}
# condition = ${run{/home/Exim/scr/blacklist.sh $sender_host_address }{yes}{no}}
# !verify = recipient




#add spamcheck header and define acl-makros, headers can be faked by users!!!!
#prevents authed users and relayhosts from spamchecking! (run condition in sa-exim.conf!)

# #do not reject messages to abuse/postmaster
# warn message = X-SA-Do-Not-Rej: Yes
# set acl_m1 = do-not-reject-sa
# #set acl_m2 = do-not-run-sa
# local_parts = postmaster:abuse
# #local_parts = +donotrejectbysa


#do not scan messages for spam from relay hosts
warn message = X-SA-Do-Not-Run: Yes
set acl_m2 = do-not-run-sa
hosts = +relay_from_hosts

# #do not scan for spam when sending from local, non-smtp connection
# warn message = X-SA-Do-Not-Run: Yes
# set acl_m2 = do-not-run-sa
# hosts = :


#do not scan messages for spam from authed users
warn message = X-SA-Do-Not-Run: Yes
set acl_m2 = do-not-run-sa
authenticated = *
#

############################

#accept mails to local domains
accept domains = +local_domains
endpass
message = unknown user
verify = recipient

#accept mails to virtual hosted domains
accept domains = +relay_to_domains
endpass
message = unrouteable adress
verify = recipient

#accept relay hosts
accept
hosts = : +relay_from_hosts

#accept authenticated users
accept
authenticated = *



## RBL Bypass Local Domain List
#!domains = +rbl_bypass
## RBL Whitelist incoming hosts
#!hosts = +rbl_whitelist
##**#
##**# RBL List End
##**##
#


#small rbl checking
deny dnslists = sbl.spamhaus.org : \
dialup.mail-abuse.org : \
proxies.blackholes.easynet.nl : \
list.dsbl.org : \
cbl.abuseat.org : \
relays.ordb.org
!hosts = +relay_from_hosts
domains = ! +relay_to_domains : ! +local_domains
message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text


deny message = Authorative prohibition - relaying not permitted, \
only authorized users can send mails through this host.\
$sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 10 minutes or do not have SMTP Authentication turned on \
in your email client.

#finally accept mail
accept


>>PopUP / Drucken / Print<<
blablabla