unix:exim-conf-sample-auth
Используя данный конфиг не корректно отрабатывалась SMTP авторизация. Проблема решена, надо было к каждому accept'у в acl_check_rcpt добавить authenticated = *
- exim.configure
###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### primary_hostname = test.local domainlist local_domains = test.local domainlist relay_to_domains = hostlist relay_from_hosts = localhost acl_smtp_rcpt = acl_check_rcpt INTERNAL_IP = 192.168.0.70 daemon_smtp_ports = 25 qualify_domain = test.local allow_domain_literals = true exim_user = mail exim_group = exim never_users = root host_lookup = * rfc1413_query_timeout = 0s sender_unqualified_hosts = +relay_from_hosts recipient_unqualified_hosts = +relay_from_hosts ignore_bounce_errors_after = 2d timeout_frozen_after = 7d auth_advertise_hosts = * smtp_accept_max = 200 smtp_accept_max_per_connection = 25 smtp_connect_backlog = 30 smtp_accept_max_per_host = 10 split_spool_directory = false remote_max_parallel = 15 return_size_limit = 70k message_size_limit = 50M helo_allow_chars = _ smtp_enforce_sync = true log_selector = \ +all_parents \ +connection_reject \ +incoming_interface \ +lost_incoming_connection \ +received_sender \ +received_recipients \ +smtp_confirmation \ +smtp_syntax_error \ +smtp_protocol_error \ -queue_run syslog_timestamp = no ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission require message = relay not permitted domains = +local_domains : +relay_to_domains require verify = recipient #Рубим тех, кто не обменивается приветственными сообщениями (HELO/EHLO) deny message = "HELO/EHLO require by SMTP RFC" condition = ${if eq{$sender_helo_name}{}{yes}{no}} #Рубим тех, кто подставляет свой IP в HELO deny message = "Your IP in HELO - access denied!" hosts = * : !+relay_from_hosts condition = ${if eq{$sender_helo_name}\ {$sender_host_address}{true}{false}} #Рубим тех, кто в HELO пихает мой IP deny condition = ${if eq{$sender_helo_name}\ {$interface_address}{yes}{no}} hosts = !127.0.0.1 : !localhost : * message = "main IP in your HELO! Access denied!" # Рубим хосты типа *adsl*; *dialup*; *pool*;.... deny message = "your hostname is bad (adsl, ppp & etc)." condition = ${if match{$sender_host_name} \ {adsl|dialup|peer|dhcp} \ {yes}{no}} # Задержка. warn # ставим дефолтовую задержку в 30 секунд set acl_m0 = 30s warn # ставим задержку в 0 секунд своим хостам и дружественным сетям hosts = +relay_from_hosts set acl_m0 = 0s warn # пишем в логи задержку logwrite = Delay $acl_m0 for $sender_host_name \ [$sender_host_address] with HELO=$sender_helo_name. Mail \ from $sender_address to $local_part@$domain. delay = $acl_m0 # Проверка получателя в локальных доменах. accept domains = +local_domains endpass message = "In my mailserver not stored this user" verify = recipient logwrite = Accept $sender_host_name (local_domains) # Проверяем получателя в релейных доменах accept domains = +relay_to_domains endpass message = "main server not know how relay to this address" verify = recipient logwrite = Accept $sender_host_name (local_domains) # Рубим тех, кто в блэк-листах. Серваки перебираются сверху вниз. deny message = "you in blacklist - $dnslist_domain --> $dnslist_text" dnslists = sbl-xbl.spamhaus.org : \ bl.spamcop.net : \ dul.ru : \ dul.dnsbl.sorbs.net : \ opm.blitzed.org : \ cbl.abuseat.org : \ bl.csma.biz : \ cbl.abuseat.org # Разрешаем почту от доменов в списке relay_from_hosts accept hosts = +relay_from_hosts logwrite = Accept $sender_host_name (relay_from_hosts) # Если неподошло ни одно правило. deny message = "relay not permitted" deny ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/aliases}} user = exim file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect check_local_user file = $home/.forward allow_filter no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply procmail: driver = accept check_local_user require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail transport = procmail no_verify localuser: driver = accept check_local_user transport = procmail cannot_route_message = Unknown user ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports remote_smtp: driver = smtp procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" return_path_add delivery_date_add envelope_to_add user = $local_part group = mail initgroups return_output local_delivery: driver = appendfile file = /var/mail/${local_part} delivery_date_add envelope_to_add return_path_add group = mail mode = 0660 no_mode_fail_narrower address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # Address or Domain Error Retries # ----------------- ----- ------- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### LOGIN: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${if pam {$auth1:$auth2}{yes}{no}}" server_set_id = $auth1 PLAIN: driver = plaintext public_name = PLAIN server_condition = "${if pam {$auth2:$auth3}{yes}{no}}" server_set_id = $auth2
unix/exim-conf-sample-auth.txt · Последнее изменение: 2024/05/02 13:20 — 127.0.0.1