Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How To setup exim + exiscan-acl + SpamAssassin + clamav +...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Tue Jan 13, 2004 5:52 pm    Post subject: Reply with quote

Here i am again .... :D

adding the following line in the rewrite section of my config, let me send mails to all hosts, but still the reciever get the mail from matze@localhost
and not matz@my.dyndns.address.

Code:
matze@localhost   matze@my.dyndns.address    Fq


do i have to write the line for each user ?!


readya
matze
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Tue Jan 13, 2004 9:49 pm    Post subject: Reply with quote

Sending mails directly from a DUH (dialup host) is a *very* bad idea - all big hosters like t-online, aol, msn and alike simply block smtp-traffic from DUH's. That's the reason why you should always use a smarthost in case of DUH's.
I don't really understand why you forward so many ports to your server... mail comes in on only one port: 25 (SMTP). If you want to use pop3 oder imap from outside your lan, forward these ports too, but don't do it with all and everything that comes to mind (poses a security-thread if your server is not good configured, especially imap is known to have several flaws).

To your rewrite-rules: Try something like this:
*@localhost $1@my.dyndns.address Fq
Rewrites every user on your system to your dyndns-address.

Edit: Or you could change your dnsdomainname to your dyndns-address.
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 8:36 am    Post subject: Reply with quote

hello,

so now i'm a little bit confused, hope i understand you right.

Wenn i send mails by using a smarthost, all mails will get the address of the smart host?! When this is true then thats not the way i want to do this. I want to send emails with the dyndns aderess. And it worked yesterday, so i think my isp don't block the smtp-traffic. The only problem is that the mails don't have the dyndns name in it. I'm sure i set the dyndns address in /etc/dnsdomainname, but i will check it after work. I also will try your rewrite rule.

Now something about the ports.
i forwarded the smtp port in order to recieve mails. pop and imap are forwarded for clients outside my lan to use the services. i have to forward the dns port because when sending a mail the recieve host makes an reverse dns lookup and when this port is blocked my mail is rejected.

matze
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Wed Jan 14, 2004 3:12 pm    Post subject: Reply with quote

matze81 wrote:
Wenn i send mails by using a smarthost, all mails will get the address of the smart host?!

No. They will be send with the address you choose. But they no longer come from a DUH. Think of a smarthost as a relay between you and the receiver.
Quote:
I want to send emails with the dyndns aderess. And it worked yesterday, so i think my isp don't block the smtp-traffic.

Not your ISP blocks the mail, the receivers mailserver blocks it. Try to send a mail to any @aol.com address... In addition your mails will get a tremendious score in anti-spam software.
Quote:
The only problem is that the mails don't have the dyndns name in it. I'm sure i set the dyndns address in /etc/dnsdomainname, but i will check it after work. I also will try your rewrite rule.

Did you do "rc-update add domainname boot" ?

Quote:
i forwarded the smtp port in order to recieve mails. pop and imap are forwarded for clients outside my lan to use the services. i have to forward the dns port because when sending a mail the recieve host makes an reverse dns lookup and when this port is blocked my mail is rejected.

Huh? What does a mailserver want from _your_ hosts dns ? Your dns-information is hosted by dyndns.org, so the mailservers should never have to query you for any information. I also never noticed that behaviour. For security-reasons the dns-port is rejected in my firewall, and that's the way you should go. I also use dyndns.org.

Edit: That's nonsense up there from me. Didn't look close enough :-) The reverse dns-information should be provided by your ISP though.
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 4:18 pm    Post subject: Reply with quote

hello,

Quote:
Not your ISP blocks the mail, the receivers mailserver blocks it. Try to send a mail to any @aol.com address... In addition your mails will get a tremendious score in anti-spam software.


i tried to send emails to my web.de account and it works. But only with the forwarded dns port. Otherwise there will be a reverse dns lookup error.

Quote:
Did you do "rc-update add domainname boot" ?


Code:
/etc/init.d/damainname status

says started. it was added in default runlevel, putting it into boot didn't
change something. mail arrives at web.de with matze@localhost.
/etc/dnsdomainname shows my dyndns address.

Quote:
No. They will be send with the address you choose. But they no longer come from a DUH. Think of a smarthost as a relay between you and the receiver.


ok then because of this fact and because of my problem i would give this method a try. but i don't know what a "smarthost" is. Do i have to set up another server, could i use some server in the www for this ?!
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Wed Jan 14, 2004 4:41 pm    Post subject: Reply with quote

matze81 wrote:
Quote:
Did you do "rc-update add domainname boot" ?

Code:
/etc/init.d/damainname status

says started. it was added in default runlevel, putting it into boot didn't
change something. mail arrives at web.de with matze@localhost.
/etc/dnsdomainname shows my dyndns address.

What does "hostname -d" say?
Quote:
ok then because of this fact and because of my problem i would give this method a try. but i don't know what a "smarthost" is. Do i have to set up another server, could i use some server in the www for this ?!

A smarthost is a server with a static ip, running any kind of MTA (mail transport agent, eg. exim, sendmail, postfix, qmail....). This host accepts your mail (preferably after an appropriate authentication) and relays it to the receiver-mailserver. The receiver-host sees, that the mail comes from a static ip and voilá! it accepts it :-)
You cannot use any server you like for this, because nobody wants to relay mails without authentication - this has been abused a lot by spamers in the past. Maybe you should look at the webpages of your ISP - the german Telekom offers a smarthost to their customers (was free of charge, but since a year or so it costs a monthly fee :( ).

Edit: "static ip" means: An ip outside the DUH-ip-ranges. You could have a static ip, but it will still be blocked, because it's marked as a dialup-ip.
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 5:04 pm    Post subject: Reply with quote

ok i understand the "smarthost" method.

domainname -d shows my dyndns name.

ok i will search for an relay server, but i also would try to fix
the problem with the mail names. do you have more suggestions for me to solve the problem. i set the primary_hostname in the exim config too. no change!
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Wed Jan 14, 2004 5:19 pm    Post subject: Reply with quote

What's the first domainname (after "@ :") in "domainlist local_domains" in /etc/exim/exim.conf ? Which MUA do you use ?
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 5:32 pm    Post subject: Reply with quote

this option is set to

Code:
domainlist local_domains = @ : dyndns-adress : localhost


tried this too

Code:
domainlist local_domains = @ : dyndns-adress


i'm using squirrelmail for testing. now i tried it from a windows client using outlook express. mails arrive at my web.de address and other addresses with @localhost! :cry:
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 5:42 pm    Post subject: Reply with quote

mmh changing

Code:
domainlist local_domains = @ : dyndns-adress : localhost


to
Code:
domainlist local_domains = @ : localhost : dyndns-adress


fixed the problem for outlook express but not for squirrelmail.
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Wed Jan 14, 2004 5:49 pm    Post subject: Reply with quote

mmh, setting some options in the user specific setup from squirrelmail also fixed that problem. now the right email adress is shown.

but i think that means everybody could change his from adress, is this normal?
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Wed Jan 14, 2004 10:32 pm    Post subject: Reply with quote

I don't know squirrelmail too much, but it sounds normal. Take a look at the headers of the mails which have somebody@localhost as FROM: and look which envelope-address it has (Return-Path:) - with F in the rewriting-rules you rewrite that address, not the FROM-Header, which is left untouched.
I have my domainlist local_domains sorted in this order:
Code:
domainlist local_domains = @ : dyndns1-add : dyndns2-add : dyndns3-add : many-many-more-addresses : localhost

I thought you might have localhost as the first domain and that exim takes that as the primary domainname. But I think we have nailed your problem: You have to setup your mailclient to send mails out with a correct FROM-Header. Or you have to rewrite that header in your rewrite-rules too (for specifics read the spec-doc of exim).
Back to top
View user's profile Send private message
matze81
n00b
n00b


Joined: 12 Jan 2004
Posts: 20

PostPosted: Thu Jan 15, 2004 6:19 am    Post subject: Reply with quote

yep, i think we got it too.

i'm going to study the exim manual about the rewrite rules, and some resources about security.
yeah, it works, i'm very happy. :D

thank you very much.
Back to top
View user's profile Send private message
Lews_Therin
l33t
l33t


Joined: 03 Oct 2003
Posts: 657
Location: Banned

PostPosted: Sun Jan 25, 2004 1:55 am    Post subject: Reply with quote

I'm trying to send mail out to the big world, but from what I can tell there's an entry in exim.conf I need to edit. Unfortunately, I don't know what to edit it TO.

Code:

send_to_relay:
  driver = manualroute
  domains = ! +local_domains
  transport = remote_smtp
  route_list = * your.smart.host.some.where


Whenever I try to send a mail to my aol account (pity me :P ), I get this in my logs:

Code:
2003-01-14 17:51:42 18YciU-00012A-P7 <= xxxxxx@lews.gotdns.org U=xxxxxx P=local S=444 id=20030115014315.GA3956@lews.gotdns.org
2003-01-14 17:51:44 18YciU-00012A-P7 no IP address found for host your.smart.host.some.where
2003-01-14 17:51:44 18YciU-00012A-P7 == xxxxxx@aol.com R=send_to_relay defer (-1): lookup of host "your.smart.host.some.where" failed in send_to_relay router
2003-01-14 17:51:44 18YciU-00012A-P7 Frozen


From higher up in this thread, it seems I need a "smart host", but I have a static IP for my computer. How do I fix this so that I can use this computer for my main e-mail?
Back to top
View user's profile Send private message
Cataclysm
n00b
n00b


Joined: 11 Sep 2003
Posts: 31

PostPosted: Sun Jan 25, 2004 2:54 am    Post subject: Reply with quote

Comment out the smarthost block, and the dnslookup delivery will be used (which is bad for you too, because you also have a dialup-ip (no matter if it's static or not static)), or get a smarthost, as explained earlier in this thread.
Back to top
View user's profile Send private message
Lews_Therin
l33t
l33t


Joined: 03 Oct 2003
Posts: 657
Location: Banned

PostPosted: Sun Jan 25, 2004 3:13 am    Post subject: Reply with quote

Well, I commented out the block...and you were right. AOL rejected me...but I DID manage to connect to them, which is good. Gonna try the smart host thing now.

EDIT: Seems that my isp doesn't provide a smart host, or at least not one that I can find. Since it's fair to assume other isps won't accept mail from an open relay any more than they will from me, looks like I'm stuck with aol :?
Back to top
View user's profile Send private message
der-pima
n00b
n00b


Joined: 10 Mar 2003
Posts: 28

PostPosted: Sun Feb 08, 2004 12:40 pm    Post subject: Reply with quote

Hi Guys.

I will post my config-files, because i think my system_filter and spamassassin arent working.
maybe you find a mistake.


EXIM
######

Quote:

system_filter = /etc/exim/system_filter.exim
message_body_visible = 5000

tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/rsa.pem
tls_privatekey = /etc/ssl/certs/rsa-key.pem
tls_dhparam = /etc/ssl/certs/dhparam.pem

hide mysql_servers = localhost/webspace/root/password


######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################


primary_hostname = xxx.com

domainlist local_domains = @:${lookup mysql {SELECT userid FROM domains WHERE userid="${quote_mysql:${domain}}" }}

domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1

hostlist auth_relay_hosts = *
hostlist auth_over_tls_hosts = *


av_scanner = clamd:/tmp/clamd

spamd_address = 127.0.0.1 783

acl_smtp_rcpt = acl_check_rcpt

acl_smtp_data = acl_check_content



# qualify_domain =

# qualify_recipient =

# allow_domain_literals

never_users = root
#trusted_users = amavis

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 30s


received_header_text = Received: \
${if def:sender_fullhost {from ${sender_fullhost}\
${if def:sender_ident {(${sender_ident})}}}\
{${if def:sender_ident {from ${sender_ident} }}}}\
by ${primary_hostname}\
${if def:received_protocol {with ${received_protocol}}}\
${if def:tls_cipher {(tls_cipher ${tls_cipher})}}\
${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}}\
(Exim ${version_number} #${compile_number} (Gentoo Linux 1.4))\
id ${message_id}




ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d


#specific

smtp_accept_max = 100


# Max number of waiting SMTP connections.
# Default is 20
smtp_connect_backlog = 30

# Max number of MAIL commands that Exim is prepared to accept over a
# single SMTP connection, after which a 421 is given. Default is 1000
smtp_accept_max_per_connection = 500

# Max number of simultaneous incoming SMTP calls before messages
# are just placed on the queue. Default is 0 (no limit)
smtp_accept_queue = 400

# Max number of delivery processes that Exim starts automatically when
# receiving messages via SMTP before starting to queue. Default is 10
smtp_accept_queue_per_connection = 15

# Max message size to accept
# Default is 50M
message_size_limit = 10M

# Max bounce message size to send
# Default is 100K
return_size_limit = 100K

# Clean up tweaks
#
# Redundant pairs of angle brackets around addresses are removed
# Default is false
strip_excess_angle_brackets = true

# Ignore a trailing dot at the end of a domain in an address
# Default is false
strip_trailing_dot = true

#
# Processing tweaks
#
# Intervals a warning message to the sender when there is a delay
# Default is 24h
delay_warning = 2h:8h:24h:48h

# Who to send a mail to when a message is frozen
freeze_tell = postmaster

# Time before a queue runner will try a new delivery attempt
# on any frozen message. Default is 0s
auto_thaw = 4d


# Abandon queue runs if system load is greater than this
# Default is unset
deliver_queue_load_max = 20

# If system load is higher than this queue incoming messages
# Default is unset
queue_only_load = 20

# Max queue-runner processes to run simultaneously
# Default is 5
queue_run_max = 30



######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################

begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = :

# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local part
# is used as a file name (e.g. for a mailing list).

deny local_parts = ^.*[@%!/|] : ^\\.

# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.

accept local_parts = postmaster
domains = +local_domains

# Deny unless the sender address can be verified.

require verify = sender


accept domains = +local_domains
endpass
message = unknown user
verify = recipient

# Accept if the address is in a domain for which we are relaying, but again,
# only if the recipient can be verified.

accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient


accept hosts = +relay_from_hosts

# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.

accept authenticated = *

# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.

deny message = relay not permitted


#NEU


acl_check_content:

# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension ($found_extension)
demime = scr:vbs:bat:lnk:pif:exe

# Reject virus infested messages.
deny message = This message contains malware ($malware_name)
demime = *
malware = *

# Add X-Scanned Header
warn message = X-Antivirus-Scanned: Clean

# Reject messages containing "viagra" in all kinds of whitespace/case combinations
# WARNING: this is an example !
deny message = This message matches a blacklisted regular expression ($regex_match_string)
regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]

# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
# (user "nobody"), no matter if over threshold or not.
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true

# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = nobody

# Reject spam messages with score over 5.0, using an extra condition.
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{50}{1}{0}}

warn message = Subject: ***SPAM*** $h_subject
spam = nobody
condition = ${if >{$spam_score_int}{50}{1}{0}}

warn message = X-New-Subject: ***SPAM*** $h_subject:
spam = nobody
condition = ${if >{$spam_score_int}{50}{1}{0}}


# finally accept all the rest
accept

#ENDENEU


######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers


# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp



dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more



#NEU

localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
# The remaining routers handle addresses in the local domain(s).



system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe


mail_aliases:
driver = redirect
data = ${lookup mysql{ SELECT alias FROM alias WHERE address='${quote_mysql:${local_part}@${domain}}' }}
qualify_preserve_domain
file_transport = address_file
pipe_transport = address_pipe


virtual_user:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{ SELECT maildir FROM users WHERE id='${quote_mysql:${local_part}@${domain}}' }}
# directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe


mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql {SELECT username FROM users WHERE username='$local_part' AND domainname='$domain' AND status='1'}}}{no}{yes}}
transport = local_delivery

#NEU

mysql_catch_all:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{ SELECT alias FROM alias WHERE address='*@$domain' }{$value}fail}
file_transport = address_file
pipe_transport = address_pipe


mysql_aliases:
driver = redirect
file_transport = address_file
pipe_transport = address_pipe
data = ${lookup mysql{SELECT sendto FROM aliases \
WHERE (username='$local_part' AND domainname='$domain') \
OR (username='*' AND domainname='$domain')}}

mysql_autorespond:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT autoresponder \
FROM users WHERE autoresponder='yes' \
AND username='$local_part' \
AND domainname='$domain' AND status='1'}}}{no}{yes}}
no_verify
no_expn
unseen
transport = address_mysql




######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp


#NEU

#remote_tlssmtp:
# driver = smtp
# hosts_require_tls=*
# hosts_require_auth=*
# auth_over_tls_hosts = *


# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
create_directory
directory_mode = 700
headers_remove = "Bcc"
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 660
directory = /var/spool/mail
maildir_format
mode_fail_narrower = false


quota = ${lookup mysql{SELECT quota FROM users WHERE username='$local_part' \
AND domainname='$domain'}{$value}{100M}}


quota_warn_threshold = ${lookup mysql{SELECT quotawarn FROM users \
WHERE username='$local_part' \
AND domainname='$domain'}{$value}{80%}}





address_pipe:
driver = pipe
return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.

address_reply:
driver = autoreply


#ALT
#address_directory:
# driver = appendfile
# maildir_format

#NEU

address_directory:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
maildir_format



address_mysql:
driver = autoreply
reply_to = "${local_part}@${domain}"
to = ${sender_address}
subject = ${lookup mysql{SELECT arsubject FROM users WHERE \
username='$local_part' AND domainname='$domain'}{$value} \
{Automatic reply from ${local_part}@${domain}}}
text = ${lookup mysql{SELECT artext FROM users WHERE \
username='$local_part' AND domainname='$domain'}{$value}}



######################################################################
# RETRY CONFIGURATION #
######################################################################

begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------

* * F,2h,15m; G,16h,1h,1.5; F,4d,6h



######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT if(count(*), "1", "0") FROM users WHERE id='$2'}}
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql {SELECT if(count(*), "1", "0") FROM users WHERE pfid='$1'}}
server_set_id = $1


######################################################################
# CONFIGURATION FOR local_scan() #
######################################################################

# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.

# begin local_scan


# End of Exim configuration file


EXIM_SYSTEM_FILTER

Quote:


# Exim filter
## Version: 0.13
# $Id: system_filter.exim,v 1.1 2001/08/14 20:17:21 lamer Exp $

## If you haven't worked with exim filters before, read
## the install notes at the end of this file.

#
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
finish
endif

# Check for MS buffer overruns as per latest BUGTRAQ.
# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
fail text "Die Datei/Mail wurde 'rejected', weil sie ein\n\
\tevtl. falsches Datum bzw.ein ueberlanges Datum enthaelt,\n\
\twelches Microsoft Mail-Programme manipulieren kann!"
seen finish
endif


# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|pif)\")"
then
fail text "Die Datei/Mail wurde 'rejected', weil Sie\n\
\teinen gefaehrlichen Dateianhang (z.B. *.exe) $1\n\
\tenthaelt und eine Virusgefahr darstellen koennte.\n\
\tBitte senden Sie die Datei erneut als zip-Datei.Danke!"
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=([\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|pif))"
then
fail text "Die Datei/Mail wurde 'rejected', weil Sie\n\
\teinen gefaehrlichen Dateianhang (z.B. *.exe) $1\n\
\tenthaelt und eine Virusgefahr darstellen koennte.\n\
\tBitte senden Sie die Datei erneut als zip-Datei.Danke!"
seen finish
endif


# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|pif)\")[\\\\s;]"
then
fail text "Die Datei/Mail wurde 'rejected', weil Sie\n\
\teinen gefaehrlichen Dateianhang (z.B. *.exe) $1\n\
\tenthaelt und eine Virusgefahr darstellen koennte.\n\
\tBitte senden Sie die Datei erneut als zip-Datei.Danke!"
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))([\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|pif))[\\\\s;]"
then
fail text "Die Datei/Mail wurde 'rejected', weil Sie\n\
\einen gefaehrlichen Dateianhang (z.B. *.exe) $1\n\
\tenthaelt und eine Virusgefahr darstellen koennte.\n\
\tBitte senden Sie die Datei erneut als zip-Datei.Danke!"
seen finish
endif


if "${if def:header_X-New-Subject: {there}}" is there
then
headers remove subject
headers add "Subject: $h_X-New-Subject:"
headers remove X-New-Subject
endif



ClamAV

Quote:


##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M

# Log time with an each message.
LogTime

# Use system logger (can work together with LogFile).
#LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid

# Path to a directory containing .db files.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# it depends on installation options).
#DataDirectory /var/lib/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd

# TCP port address.
#TCPSocket 3310
#TCPSocket 784

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
#StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks

# Follow regular file symlinks.
#FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
#User clamav

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

# Don't fork into background. Useful in debugging.
#Foreground

##
## Mail support
##

# Uncomment this option if you are planning to scan mail files.
ScanMail

##
## Archive support
##


# Comment this line to disable scanning of the archives.
ScanArchive

# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
# archives are decompressed to the memory. That's why never disable
# this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.

ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system !!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
#ClamukoScanOnLine

# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
ClamukoExcludePath /var/mail

# Limit the file size to be scanned (probably you don't want to scan your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M

# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
ClamukoScanArchive


SPAMASSASSIN
Quote:


# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits 7.5

# Whether to change the subject of suspected spam
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
subject_tag ***SPAM***

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report 0

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 0
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all

score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_DUL_FH 0
score X_OSIRU_OPEN_RELAY 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_SPAM_SRC 0



Thank you very much
Back to top
View user's profile Send private message
matspi
n00b
n00b


Joined: 20 Jan 2004
Posts: 6

PostPosted: Thu Feb 12, 2004 9:45 am    Post subject: Reply with quote

Hi,

Is there a way to specify a timeout for the actions taken in the ACL section.

My router seems to be too slow for exim.

Thx

matspi
Back to top
View user's profile Send private message
paul_zm
n00b
n00b


Joined: 01 Jan 2004
Posts: 13
Location: Woudenberg

PostPosted: Sun Feb 22, 2004 12:45 pm    Post subject: Reply with quote

I want the following section in exim.conf to catch more spam by adding diacritical characters.

Code:
  # Reject messages containing "viagra" in all kinds of whitespace/case combinations
  # WARNING: this is an example !
  deny  message = This message matches a blacklisted regular expression ($regex_match_string)
        regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]


I have now the following regex:
Code:
 regex = [Vv] *[IiìíîïÌÍÎÏ1¡] *[Aaàáâã@ÀÁÂÃÄŪ] *[Gg] *[Rr] *[Aaàáâã@ÀÁÂÃÄŪ]

Somehow it doesn't seem to work. I think has something to do with the character sets or with the regular expression syntax. Can somebody tell me what I'm doing wrong here?
Back to top
View user's profile Send private message
NightSpirit
n00b
n00b


Joined: 27 Sep 2003
Posts: 71
Location: North London, UK

PostPosted: Tue Feb 24, 2004 2:51 am    Post subject: Reply with quote

Personally I don't use the exim config for catching spam (that's what spamassassin is for :)) but looking at your code I would guess that it's not working because some characters you list are reserved/special characters. It is late and so I might miss some, but try:
Code:
regex = [Vv] *[IiìíîïÌÍÎÏ1\¡] *[Aaàáâã\@ÀÁÂÃÄŪ] *[Gg] *[Rr] *[Aaàáâã\@ÀÁÂÃÄŪ]


I know for certain that the @ symbol needs to be escaped by preceding with a \ and presuming that the semi-colon does too. As for the others I really don't know, but try the above and see if that helps.

Edit: as an additional, you may want to add "\!" to the "i" part of the above too, have seen that used before.
_________________
Currently playing with Applescript ... hmmm
Back to top
View user's profile Send private message
spline
n00b
n00b


Joined: 27 Nov 2003
Posts: 13

PostPosted: Wed Feb 25, 2004 3:07 pm    Post subject: Reply with quote

Hi,

i set up my machine like describes in this thread.
My problem is the following:

I send myself an email with the subject "Viagra" to test my configurtaion.
This message was send using a completly different machine.
The mail was routed to the account where i get my mails using fetchmail (web.de).
Fetchmail tries to get the mail, exim/spamassassin scans the mail (while SMTP connection still open) and then rejects the mail because of the subject. As i started fetchmail manually i see the message:
Quote:

reading message xxx@pop3.web.de:1 of 1 (1113 octets) .fetchmail: SMTP error: 550 *[Gg] *[Rr] *[Aa])
fetchmail: mail from FETCHMAIL-DAEMON@yyy.homelinux.org bounced to aaa@bbb.cc
not flushed


exim_main.log
Quote:

2004-02-25 15:07:30 1Aw0dG-0008MN-Hn H=xxx.homelinux.org (localhost) [127.0.0.1] F=<aaa.bbb.cc> rejected after DATA: This message matches a blacklisted regular expression ([Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa])
2004-02-25 15:07:30 1Aw0dG-0008MP-Kx H=xxx.homelinux.org (localhost) [127.0.0.1] F=<FETCHMAIL-DAEMON@xxx.homelinux.org> rejected after DATA: This message matches a blacklisted regular expression ([Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa])


But neither me as sender nor me as recipient get an message, that the mail was bounced.
My understandig is, that this mail will stay on the server forever or until y hava a look in this mailbox manually. But is this the way it should be. This could exceed ma mail qouta on the server.
Is there a solution for this?

Regards
Back to top
View user's profile Send private message
altere
n00b
n00b


Joined: 26 Feb 2004
Posts: 1

PostPosted: Thu Feb 26, 2004 11:04 pm    Post subject: Reply with quote

would anyone be running this setup using mysql and virtual domains with exim and imap?
Back to top
View user's profile Send private message
haven
Tux's lil' helper
Tux's lil' helper


Joined: 19 Nov 2003
Posts: 141
Location: Belfast, Uk

PostPosted: Tue May 25, 2004 3:02 pm    Post subject: Reply with quote

Quote:
But neither me as sender nor me as recipient get an message, that the mail was bounced.
My understandig is, that this mail will stay on the server forever or until y hava a look in this mailbox manually. But is this the way it should be. This could exceed ma mail qouta on the server.
Is there a solution for this?


My solution which was partially successful is to use the following commands to drop mail in fetchmail once they have been read:

flush
no keep
no fetchall

You can look up their full meaning in the fetchmail manual but that should put you on track. This is successful for 5xx errors as they are dropped. Temporary errors however still get stuck as there is no way (that I know of) to make fetchmail drop those once they have been read once.

Hopefully that helps a little.

Right my own question that I can on here to ask involves exiscan - I have an X-header setup, using the exiscan ACL's in exim, to show the spam score. The score shows fine i.e:

Quote:
not spam (whitelisted), SpamAssassin (score=0, required 5.5)


But in my /etc/mail/spamassassin/local.cf I have set the required hits to 5.0 and not 5.5 ... somehow its not picking it up.

Thinking I may be going insane I changed the /etc/conf.d/spamd file to specifically include this config as its primary i.e:

Quote:
--siteconfigpath=/etc/mail/spamassassin/local.cfg


Yet it still insists on thinking the required hits are 5.5 and not 5 - this makes me think that my local.cf file is being ignored which is definately not good.

Can anyone offer any ideas or is there something blindingly obvious that I have missed.

Thanks in advance for your time.
Back to top
View user's profile Send private message
ryker
Guru
Guru


Joined: 28 May 2003
Posts: 412
Location: Portage, IN

PostPosted: Tue May 25, 2004 3:43 pm    Post subject: Reply with quote

Since this is a thread about installing Exim, I was wondering if anyone could tell me why you would use Exim over QMail or Postfix or some other mta. Maybe someone here has past experience with several mta's and might comment.
_________________
Athlon 64 3200+, 80G WD sata hd + 200G IDE, 1G Geil DDR400, MSI K8T Neo
IntelCore2Duo 2.0Ghz MSI laptop,100G SATA hd, 2G RAM
Back to top
View user's profile Send private message
codemonk
n00b
n00b


Joined: 28 Nov 2003
Posts: 10

PostPosted: Wed Jun 09, 2004 9:29 pm    Post subject: Reply with quote

Hi,
i left out the part with rewriting all mails to cat, but now i get 550 (User not Local) if i send an email to my server, any idear?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum