Advertisement
Guest User

Untitled

a guest
Jan 25th, 2013
400
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.02 KB | None | 0 0
  1. Exim4.conf:
  2. .include /etc/exim4/macros.conf
  3. hide pgsql_servers = PGSQL_SERVERS
  4. #primary_hostname =
  5. domainlist local_domains = @ : localhost : localhost.localdomain
  6. domainlist relay_sql_domains = RELAY_SQL_DOMAINS
  7. domainlist relay_sql_smtp_domains = SMTP_SQL_DOMAINS
  8. domainlist relay_sql_lmtp_domains = LMTP_SQL_DOMAINS
  9. domainlist ldap_domains = LDAP_DOMAINS
  10. domainlist smtp_callback_domains = SMTP_CALLBACK_DOMAINS
  11. domainlist whitelisted_domains = WHITELISTED_DOMAINS
  12. domainlist blacklisted_domains = BLACKLISTED_DOMAINS
  13. addresslist whitelisted_addresses = WHITELISTED_ADDRESS
  14. addresslist blacklisted_addresses = BLACKLISTED_ADDRESS
  15. hostlist whitelisted_hosts = WHITELISTED_HOSTS
  16. hostlist blacklisted_hosts = BLACKLISTED_HOSTS
  17. hostlist relay_sql_hosts = RELAY_SQL_HOSTS
  18. hostlist relay_from_hosts = localhost : localhost.localdomain
  19. acl_smtp_rcpt = acl_check_rcpt
  20. acl_smtp_data = acl_check_data
  21. acl_smtp_mime = acl_check_mime
  22. acl_smtp_connect = acl_check_connect
  23. acl_smtp_helo = acl_check_helo
  24. acl_smtp_dkim = acl_check_dkim
  25. #queue_only = true
  26. #queue_only_override = false
  27. smtp_banner = Baruwa 2.0 $tod_full
  28. smtp_active_hostname = ${if !eq{$sender_host_address}{$received_ip_address}{${l}
  29. smtp_accept_max_per_connection = 60
  30. smtp_accept_max = 0
  31. smtp_load_reserve = 15
  32. smtp_receive_timeout = 3m
  33. smtp_accept_max_nonmail = 10
  34. smtp_max_unknown_commands = 1
  35. message_size_limit = 20M
  36. spool_directory = /var/spool/exim.in
  37. pipelining_advertise_hosts = 127.0.0.1
  38. process_log_path = /var/spool/exim/exim-process.info
  39. #log_file_path=:syslog
  40. #syslog_duplication=false
  41. #syslog_timestamp=false
  42. #log_selector = -rejected_header
  43. received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\}
  44. av_scanner = clamd:/var/run/clamav/clamd.sock
  45. #tls_advertise_hosts = *
  46. #tls_certificate = /etc/pki/baruwa/baruwa.pem
  47. #tls_privatekey = /etc/pki/baruwa/baruwa.key
  48. #tls_on_connect_ports = 465
  49. #tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DH
  50. daemon_smtp_ports = 25 : 465 : 587
  51. never_users = root
  52. rfc1413_hosts = *
  53. rfc1413_query_timeout = 0s
  54. ignore_bounce_errors_after = 1d
  55. timeout_frozen_after = 3d
  56. auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
  57. perl_startup = do '/etc/exim/baruwa/exim-bcrypt.pl'
  58. perl_at_start = true
  59. begin acl
  60. acl_check_rcpt:
  61. accept hosts = :
  62. control = submission
  63. drop message = REJECTED - Sender $sender_address is banned
  64. hosts = +blacklisted_hosts
  65. drop message = REJECTED - Domain $sender_address_domain is banned
  66. domains = +blacklisted_domains
  67. drop message = Dictionary attack detected
  68. condition = ${if >{$rcpt_fail_count}{3} {yes}{no}}
  69. delay = 10m
  70. drop message = Legitimate bounces are never sent to more than one re.
  71. senders = : postmaster@*
  72. condition = ${if >{$recipients_count}{1}{true}{false}}
  73. drop message = Restricted characters in address
  74. domains = +local_domains
  75. local_parts = ^[.] : ^.*[@%!/|]
  76. drop message = Restricted characters in address
  77. domains = !+local_domains
  78. local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  79. accept local_parts = postmaster
  80. domains = +local_domains : +relay_sql_domains
  81. accept hosts = +relay_from_hosts : +relay_sql_hosts
  82. control = submission/sender_retain
  83. accept authenticated = *
  84. control = submission/sender_retain
  85. require message = relay not permitted
  86. domains = +local_domains : +relay_sql_domains
  87. accept message = Authorized sender: $sender_address
  88. senders = +whitelisted_addresses
  89. accept message = Authorized sender: $sender_address_domain
  90. domains = +whitelisted_domains
  91. drop message = REJECTED - because $sender_host_address is in a blackg
  92. dnslists = zen.spamhaus.org
  93. ratelimit = 0 / 2h / strict / per_conn
  94. drop message = REJECTED - because $sender_host_address is in a blackt
  95. dnslists = bl.spamcop.net : cbl.abuseat.org
  96. ratelimit = 0 / 2h / strict / per_conn
  97. drop message = REJECTED - $dnslist_text
  98. dnslists = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain
  99. drop message = REJECTED - We don't accept messages from hosts withouS
  100. log_message = No reverse DNS
  101. !verify = reverse_host_lookup
  102. !verify = sender/no_details/callout=2m,defer_ok
  103. !condition = ${if eq{$sender_verify_failure}{}}
  104. drop message = REJECTED - Recipient Verification Failed - User Not Fd
  105. domains = +smtp_callback_domains
  106. #!verify = recipient/success_on_redirect/callout=2m,defer_ok,usr
  107. !verify = recipient/success_on_redirect/callout=2m,defer_ok
  108. drop message = REJECTED - User Not Found
  109. domains = +ldap_domains
  110. condition = ${lookup ldap{${expand:LDAP_LOOKUP}}{0}{1}}
  111. deny message = SPF_MSG
  112. #spf = = fail
  113. # deny message = $sender_host_address doesn't look trustworthy to me
  114. # #spf = _guess = fail
  115. accept
  116. acl_check_data:
  117. drop malware = *
  118. message = This message contains a virus ($malware_name).
  119. accept
  120. acl_check_mime:
  121. drop message = Blacklisted file extension detected
  122. condition = ${if match \
  123. {${lc:$mime_filename}} \
  124. {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
  125. {1}{0}}
  126. accept
  127. acl_check_connect:
  128. accept hosts = :
  129. drop message = REJECTED - because $sender_host_address is a banned sr
  130. hosts = +blacklisted_hosts
  131. accept message = Authorized sender: $sender_host_address
  132. hosts = +whitelisted_hosts
  133. defer ratelimit = 250 / 15m / strict
  134. message = You can only send $sender_rate_limit msgs per $senderd
  135. log_message = RATE: $sender_rate/$sender_rate_period (max $sender_r)
  136. accept
  137. acl_check_helo:
  138. drop message = REJECTED - no HELO/EHLO greeting
  139. log_message = remote host did not present greeting
  140. condition = ${if def:sender_helo_name {false}{true}}
  141. drop message = REJECTED - HELO is an IP address (See RFC2821 4.1.3)
  142. condition = ${if isip{$sender_helo_name}}
  143. accept
  144. acl_check_dkim:
  145. accept authenticated = *
  146. accept hosts = :
  147. accept hosts = +whitelisted_hosts
  148. deny message = REJECTED - DKIM failure: $dkim_verify_reason
  149. #dkim_status = none:invalid:fail
  150. dkim_status = none:invalid
  151. condition = ${if eq {$dkim_key_testing}{1} {no}{yes}}
  152. warn add_header = X-DKIM: Status on $received_ip_address using Baruwa 2\
  153. signing_identity="$dkim_cur_signer"
  154. accept
  155. begin routers
  156. split:
  157. driver = accept
  158. domains = +relay_sql_domains
  159. condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_coun}
  160. transport = send_to_self
  161. no_verify
  162. no_address_test
  163. message_checks:
  164. driver = redirect
  165. allow_defer
  166. data = :defer: queued for message checks
  167. no_verify
  168. no_address_test
  169. deliver_clean_smtp:
  170. driver = manualroute
  171. domains = +relay_sql_smtp_domains
  172. transport = remote_smtp
  173. route_data = ${lookup pgsql {ROUTE_QUERY}}
  174. no_more
  175. deliver_clean_lmtp:
  176. driver = manualroute
  177. domains = +relay_sql_lmtp_domains
  178. transport = remote_lmtp
  179. route_data = ${lookup pgsql {ROUTE_QUERY}}
  180. no_more
  181. dnslookup:
  182. driver = dnslookup
  183. domains = ! +local_domains : ! +relay_sql_domains
  184. transport = remote_smtp
  185. ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  186. no_more
  187. system_aliases:
  188. driver = redirect
  189. allow_fail
  190. allow_defer
  191. domains = @
  192. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  193. file_transport = address_file
  194. pipe_transport = address_pipe
  195. localuser:
  196. driver = accept
  197. check_local_user
  198. transport = local_delivery
  199. cannot_route_message = Unknown user
  200. begin transports
  201. send_to_self:
  202. driver = pipe
  203. batch_max = 1
  204. use_bsmtp
  205. command = /usr/sbin/exim -oMr split -bS
  206. user = Debian-exim
  207. remote_smtp:
  208. driver = smtp
  209. delay_after_cutoff = false
  210. remote_lmtp:
  211. driver = smtp
  212. protocol = lmtp
  213. delay_after_cutoff = false
  214. port = 25
  215. local_delivery:
  216. driver = appendfile
  217. file = /var/mail/$local_part
  218. delivery_date_add
  219. envelope_to_add
  220. return_path_add
  221. group = mail
  222. mode = 0660
  223. address_pipe:
  224. driver = pipe
  225. return_output
  226. address_file:
  227. driver = appendfile
  228. delivery_date_add
  229. envelope_to_add
  230. return_path_add
  231. begin retry
  232. * * F,2h,15m; G,16h,1h,1.5; F,14d,6h
  233. begin rewrite
  234. begin authenticators
  235. PLAIN:
  236. driver = plaintext
  237. server_prompts = :
  238. server_condition = ${if and{ {!eq {$auth2}{}} {!eq {$auth3}{}}\
  239. {bool{${perl{check_password}\
  240. {${lookup pgsql {ORG_CHECK_PLAIN}{$value}}}\
  241. {$auth3}}}\
  242. }\
  243. }\
  244. {yes}{no}}
  245. server_set_id = $2
  246. server_advertise_condition = ${if def:tls_cipher }
  247.  
  248. LOGIN:
  249. driver = plaintext
  250. server_prompts = "Username:: : Password::"
  251. server_condition = ${if and{ {!eq {$auth1}{}} {!eq {$auth2}{}}\
  252. {bool{${perl{check_password}\
  253. {${lookup pgsql {ORG_CHECK_LOGIN}{$value}}}\
  254. {$auth2}}}}\
  255. }\
  256. {yes}{no}}
  257. server_set_id = $1
  258. server_advertise_condition = ${if def:tls_cipher }
  259.  
  260.  
  261.  
  262.  
  263.  
  264.  
  265.  
  266.  
  267.  
  268.  
  269.  
  270.  
  271.  
  272.  
  273.  
  274.  
  275.  
  276.  
  277. Exim4_out.conf:
  278.  
  279. .include /etc/exim4/macros.conf
  280. hide pgsql_servers = PGSQL_SERVERS
  281. #primary_hostname =
  282. domainlist local_domains = @ : localhost : localhost.localdomain
  283. domainlist relay_sql_rand_smtp = SMTP_RAND_DOMAINS
  284. domainlist relay_sql_nonrand_smtp = SMTP_NONRAND_DOMAINS
  285. domainlist relay_sql_rand_lmtp = LMTP_RAND_DOMAINS
  286. domainlist relay_sql_nonrand_lmtp = LMTP_NONRAND_DOMAINS
  287. domainlist relay_sql_domains = RELAY_SQL_DOMAINS
  288. hostlist relay_from_hosts =
  289. acl_smtp_rcpt = acl_check_rcpt
  290. acl_smtp_data = acl_check_data
  291. acl_smtp_mime = acl_check_mime
  292. acl_smtp_connect = acl_check_connect
  293. acl_smtp_helo = acl_check_helo
  294. smtp_banner = Baruwa 2.0 $tod_full
  295. #disable_ipv6 = true
  296. smtp_load_reserve = 10
  297. tls_advertise_hosts = *
  298. tls_certificate = /etc/pki/baruwa/baruwa.pem
  299. tls_privatekey = /etc/pki/baruwa/baruwa.key
  300. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DEH
  301. daemon_smtp_ports = 25
  302. #log_file_path=:syslog
  303. #syslog_duplication=false
  304. #syslog_timestamp=false
  305. never_users = root
  306. rfc1413_hosts = *
  307. rfc1413_query_timeout = 0s
  308. ignore_bounce_errors_after = 3d
  309. timeout_frozen_after = 7d
  310. auth_advertise_hosts =
  311. #dbl_delivery_query = DELIVERY_QUERY
  312. begin acl
  313. acl_check_rcpt:
  314. accept
  315. acl_check_data:
  316. accept
  317. acl_check_mime:
  318. accept
  319. acl_check_connect:
  320. accept
  321. acl_check_helo:
  322. accept
  323. begin routers
  324. deliver_clean_randomize:
  325. driver = manualroute
  326. domains = +relay_sql_rand_smtp
  327. transport = remote_smtp
  328. hosts_randomize = true
  329. route_data = ${lookup pgsql {ROUTE_QUERY}}
  330. deliver_clean_norandomized:
  331. driver = manualroute
  332. domains = +relay_sql_nonrand_smtp
  333. transport = remote_smtp
  334. hosts_randomize = false
  335. route_data = ${lookup pgsql {ROUTE_QUERY}}
  336. deliver_clean_randomize_lmtp:
  337. driver = manualroute
  338. domains = +relay_sql_rand_lmtp
  339. transport = remote_lmtp
  340. hosts_randomize = true
  341. route_data = ${lookup pgsql {ROUTE_QUERY}}
  342. deliver_clean_norandomized_lmtp:
  343. driver = manualroute
  344. domains = +relay_sql_nonrand_lmtp
  345. transport = remote_lmtp
  346. hosts_randomize = false
  347. route_data = ${lookup pgsql {ROUTE_QUERY}}
  348. dnslookup:
  349. driver = dnslookup
  350. domains = ! +local_domains : ! +relay_sql_domains
  351. transport = remote_smtp
  352. ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  353. no_more
  354. system_aliases:
  355. driver = redirect
  356. allow_fail
  357. allow_defer
  358. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  359. file_transport = address_file
  360. pipe_transport = address_pipe
  361. localuser:
  362. driver = accept
  363. check_local_user
  364. transport = local_delivery
  365. cannot_route_message = Unknown user
  366. begin transports
  367. remote_smtp:
  368. driver = smtp
  369. #dbl_host_defer_query = DEFER_QUERY
  370. delay_after_cutoff = false
  371. dkim_domain = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_address_\
  372. {${lc:$sender_address_domain}}{}}
  373. dkim_selector = baruwa
  374. dkim_private_key = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_add\
  375. {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domai}
  376. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !H
  377. remote_lmtp:
  378. driver = smtp
  379. protocol = lmtp
  380. port = 25
  381. #dbl_host_defer_query = DEFER_QUERY
  382. delay_after_cutoff = false
  383. dkim_domain = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_address_\
  384. {${lc:$sender_address_domain}}{}}
  385. dkim_selector = baruwa
  386. dkim_private_key = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_add\
  387. {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domai}
  388. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !H
  389. local_delivery:
  390. driver = appendfile
  391. file = /var/mail/$local_part
  392. delivery_date_add
  393. envelope_to_add
  394. return_path_add
  395. group = mail
  396. mode = 0660
  397. address_pipe:
  398. driver = pipe
  399. return_output
  400. address_file:
  401. driver = appendfile
  402. delivery_date_add
  403. envelope_to_add
  404. return_path_add
  405. begin retry
  406. * * F,2h,15m; G,16h,1h,1.5; F,14d,6h
  407. begin rewrite
  408. begin authenticators
  409. root@relay-1:/etc/exim4#
  410.  
  411.  
  412. Macros.conf
  413.  
  414. root@relay-1:/etc/exim4# cat macros.conf
  415. ROUTE_QUERY = SELECT '"<+ ' || array_to_string(ARRAY(SELECT address FROM routeda
  416. SMTP_NONRAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_p\
  417. AND delivery_mode=2 AND protocol=1;
  418. SMTP_RAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsq\
  419. AND delivery_mode=1 AND protocol=1;
  420. LMTP_NONRAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_p\
  421. AND protocol=2 AND delivery_mode=2;
  422. LMTP_RAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsq\
  423. AND protocol=2 AND delivery_mode=1;
  424. SMTP_SQL_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql\
  425. AND protocol=1;
  426. LMTP_SQL_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql\
  427. AND protocol=2;
  428. LDAP_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql:$do\
  429. AND ldap_callout='t';
  430. SMTP_CALLBACK_DOMAINS = pgsql;SELECT name FROM mtasettings where name='${quote_\
  431. AND smtp_callout='t';
  432. RELAY_SQL_DOMAINS = pgsql;SELECT name FROM relaydomains WHERE name='${quote_pgs;
  433. WHITELISTED_DOMAINS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  434. BLACKLISTED_DOMAINS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  435. WHITELISTED_ADDRESS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  436. BLACKLISTED_ADDRESS = pgsql;SELECT from_address from lists WHERE to_address='an;
  437. WHITELISTED_HOSTS = pgsql;SELECT from_address FROM lists WHERE to_address='any';
  438. BLACKLISTED_HOSTS = pgsql;SELECT from_address FROM lists WHERE to_address='any';
  439. RELAY_SQL_HOSTS = pgsql;SELECT address FROM relaysettings WHERE enabled='t' AND;
  440. PGSQL_SERVERS = 127.0.0.1::5432/baruwa/baruwa/verysecretpw
  441. SPF_MSG = Please see http://www.openspf.org/Why?scope=${if def:sender_address_ds
  442. LDAP_LOOKUP = ${lookup pgsql {SELECT url FROM ldaplookup WHERE name='${quote_pg}
  443. DELIVERY_QUERY = ${lookup pgsql {INSERT INTO messagestatus (messageid, hostname\
  444. VALUES('${quote_pgsql:$message_exim_id}', '${qu\
  445. ${quote_pgsql:$dbl_delivery_port}, '${quote_pgs}
  446. DEFER_QUERY = ${lookup pgsql {INSERT INTO messagestatus (messageid, hostname, i\
  447. VALUES('${quote_pgsql:$message_exim_id}', '${quote\
  448. ${quote_pgsql:$dbl_delivery_port}, '${quote_pgsql:\
  449. '${quote_pgsql:$dbl_defer_errstr}')}}
  450. DKIM_STATUS = ${lookup pgsql {SELECT name FROM maildomains,dkim_keys WHERE mail}
  451. PASSWD_CHECK_LOGIN = SELECT password FROM users WHERE username='${quote_pgsql:$'
  452. PASSWD_CHECK_PLAIN = SELECT password FROM users WHERE username='${quote_pgsql:$'
  453. ORG_CHECK_LOGIN = SELECT password FROM relaysettings WHERE username='${quote_pg'
  454. ORG_CHECK_PLAIN = SELECT password FROM relaysettings WHERE username='${quote_pg'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement