API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2013
363
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.02 KB | None | 0 0
raw download clone embed print report
  1. Exim4.conf:
  2. .include /etc/exim4/macros.conf
  3. hide pgsql_servers = PGSQL_SERVERS
  4. #primary_hostname =
  5. domainlist local_domains = @ : localhost : localhost.localdomain
  6. domainlist relay_sql_domains = RELAY_SQL_DOMAINS
  7. domainlist relay_sql_smtp_domains = SMTP_SQL_DOMAINS
  8. domainlist relay_sql_lmtp_domains = LMTP_SQL_DOMAINS
  9. domainlist ldap_domains = LDAP_DOMAINS
  10. domainlist smtp_callback_domains = SMTP_CALLBACK_DOMAINS
  11. domainlist whitelisted_domains = WHITELISTED_DOMAINS
  12. domainlist blacklisted_domains = BLACKLISTED_DOMAINS
  13. addresslist whitelisted_addresses = WHITELISTED_ADDRESS
  14. addresslist blacklisted_addresses = BLACKLISTED_ADDRESS
  15. hostlist whitelisted_hosts = WHITELISTED_HOSTS
  16. hostlist blacklisted_hosts = BLACKLISTED_HOSTS
  17. hostlist relay_sql_hosts = RELAY_SQL_HOSTS
  18. hostlist relay_from_hosts = localhost : localhost.localdomain
  19. acl_smtp_rcpt = acl_check_rcpt
  20. acl_smtp_data = acl_check_data
  21. acl_smtp_mime = acl_check_mime
  22. acl_smtp_connect = acl_check_connect
  23. acl_smtp_helo = acl_check_helo
  24. acl_smtp_dkim = acl_check_dkim
  25. #queue_only = true
  26. #queue_only_override = false
  27. smtp_banner = Baruwa 2.0 $tod_full
  28. smtp_active_hostname = ${if !eq{$sender_host_address}{$received_ip_address}{${l}
  29. smtp_accept_max_per_connection = 60
  30. smtp_accept_max = 0
  31. smtp_load_reserve = 15
  32. smtp_receive_timeout = 3m
  33. smtp_accept_max_nonmail = 10
  34. smtp_max_unknown_commands = 1
  35. message_size_limit = 20M
  36. spool_directory = /var/spool/exim.in
  37. pipelining_advertise_hosts = 127.0.0.1
  38. process_log_path = /var/spool/exim/exim-process.info
  39. #log_file_path=:syslog
  40. #syslog_duplication=false
  41. #syslog_timestamp=false
  42. #log_selector = -rejected_header
  43. received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\}
  44. av_scanner = clamd:/var/run/clamav/clamd.sock
  45. #tls_advertise_hosts = *
  46. #tls_certificate = /etc/pki/baruwa/baruwa.pem
  47. #tls_privatekey = /etc/pki/baruwa/baruwa.key
  48. #tls_on_connect_ports = 465
  49. #tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DH
  50. daemon_smtp_ports = 25 : 465 : 587
  51. never_users = root
  52. rfc1413_hosts = *
  53. rfc1413_query_timeout = 0s
  54. ignore_bounce_errors_after = 1d
  55. timeout_frozen_after = 3d
  56. auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
  57. perl_startup = do '/etc/exim/baruwa/exim-bcrypt.pl'
  58. perl_at_start = true
  59. begin acl
  60. acl_check_rcpt:
  61. accept hosts = :
  62. control = submission
  63. drop message = REJECTED - Sender $sender_address is banned
  64. hosts = +blacklisted_hosts
  65. drop message = REJECTED - Domain $sender_address_domain is banned
  66. domains = +blacklisted_domains
  67. drop message = Dictionary attack detected
  68. condition = ${if >{$rcpt_fail_count}{3} {yes}{no}}
  69. delay = 10m
  70. drop message = Legitimate bounces are never sent to more than one re.
  71. senders = : postmaster@*
  72. condition = ${if >{$recipients_count}{1}{true}{false}}
  73. drop message = Restricted characters in address
  74. domains = +local_domains
  75. local_parts = ^[.] : ^.*[@%!/|]
  76. drop message = Restricted characters in address
  77. domains = !+local_domains
  78. local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  79. accept local_parts = postmaster
  80. domains = +local_domains : +relay_sql_domains
  81. accept hosts = +relay_from_hosts : +relay_sql_hosts
  82. control = submission/sender_retain
  83. accept authenticated = *
  84. control = submission/sender_retain
  85. require message = relay not permitted
  86. domains = +local_domains : +relay_sql_domains
  87. accept message = Authorized sender: $sender_address
  88. senders = +whitelisted_addresses
  89. accept message = Authorized sender: $sender_address_domain
  90. domains = +whitelisted_domains
  91. drop message = REJECTED - because $sender_host_address is in a blackg
  92. dnslists = zen.spamhaus.org
  93. ratelimit = 0 / 2h / strict / per_conn
  94. drop message = REJECTED - because $sender_host_address is in a blackt
  95. dnslists = bl.spamcop.net : cbl.abuseat.org
  96. ratelimit = 0 / 2h / strict / per_conn
  97. drop message = REJECTED - $dnslist_text
  98. dnslists = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain
  99. drop message = REJECTED - We don't accept messages from hosts withouS
  100. log_message = No reverse DNS
  101. !verify = reverse_host_lookup
  102. !verify = sender/no_details/callout=2m,defer_ok
  103. !condition = ${if eq{$sender_verify_failure}{}}
  104. drop message = REJECTED - Recipient Verification Failed - User Not Fd
  105. domains = +smtp_callback_domains
  106. #!verify = recipient/success_on_redirect/callout=2m,defer_ok,usr
  107. !verify = recipient/success_on_redirect/callout=2m,defer_ok
  108. drop message = REJECTED - User Not Found
  109. domains = +ldap_domains
  110. condition = ${lookup ldap{${expand:LDAP_LOOKUP}}{0}{1}}
  111. deny message = SPF_MSG
  112. #spf = = fail
  113. # deny message = $sender_host_address doesn't look trustworthy to me
  114. # #spf = _guess = fail
  115. accept
  116. acl_check_data:
  117. drop malware = *
  118. message = This message contains a virus ($malware_name).
  119. accept
  120. acl_check_mime:
  121. drop message = Blacklisted file extension detected
  122. condition = ${if match \
  123. {${lc:$mime_filename}} \
  124. {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
  125. {1}{0}}
  126. accept
  127. acl_check_connect:
  128. accept hosts = :
  129. drop message = REJECTED - because $sender_host_address is a banned sr
  130. hosts = +blacklisted_hosts
  131. accept message = Authorized sender: $sender_host_address
  132. hosts = +whitelisted_hosts
  133. defer ratelimit = 250 / 15m / strict
  134. message = You can only send $sender_rate_limit msgs per $senderd
  135. log_message = RATE: $sender_rate/$sender_rate_period (max $sender_r)
  136. accept
  137. acl_check_helo:
  138. drop message = REJECTED - no HELO/EHLO greeting
  139. log_message = remote host did not present greeting
  140. condition = ${if def:sender_helo_name {false}{true}}
  141. drop message = REJECTED - HELO is an IP address (See RFC2821 4.1.3)
  142. condition = ${if isip{$sender_helo_name}}
  143. accept
  144. acl_check_dkim:
  145. accept authenticated = *
  146. accept hosts = :
  147. accept hosts = +whitelisted_hosts
  148. deny message = REJECTED - DKIM failure: $dkim_verify_reason
  149. #dkim_status = none:invalid:fail
  150. dkim_status = none:invalid
  151. condition = ${if eq {$dkim_key_testing}{1} {no}{yes}}
  152. warn add_header = X-DKIM: Status on $received_ip_address using Baruwa 2\
  153. signing_identity="$dkim_cur_signer"
  154. accept
  155. begin routers
  156. split:
  157. driver = accept
  158. domains = +relay_sql_domains
  159. condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_coun}
  160. transport = send_to_self
  161. no_verify
  162. no_address_test
  163. message_checks:
  164. driver = redirect
  165. allow_defer
  166. data = :defer: queued for message checks
  167. no_verify
  168. no_address_test
  169. deliver_clean_smtp:
  170. driver = manualroute
  171. domains = +relay_sql_smtp_domains
  172. transport = remote_smtp
  173. route_data = ${lookup pgsql {ROUTE_QUERY}}
  174. no_more
  175. deliver_clean_lmtp:
  176. driver = manualroute
  177. domains = +relay_sql_lmtp_domains
  178. transport = remote_lmtp
  179. route_data = ${lookup pgsql {ROUTE_QUERY}}
  180. no_more
  181. dnslookup:
  182. driver = dnslookup
  183. domains = ! +local_domains : ! +relay_sql_domains
  184. transport = remote_smtp
  185. ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  186. no_more
  187. system_aliases:
  188. driver = redirect
  189. allow_fail
  190. allow_defer
  191. domains = @
  192. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  193. file_transport = address_file
  194. pipe_transport = address_pipe
  195. localuser:
  196. driver = accept
  197. check_local_user
  198. transport = local_delivery
  199. cannot_route_message = Unknown user
  200. begin transports
  201. send_to_self:
  202. driver = pipe
  203. batch_max = 1
  204. use_bsmtp
  205. command = /usr/sbin/exim -oMr split -bS
  206. user = Debian-exim
  207. remote_smtp:
  208. driver = smtp
  209. delay_after_cutoff = false
  210. remote_lmtp:
  211. driver = smtp
  212. protocol = lmtp
  213. delay_after_cutoff = false
  214. port = 25
  215. local_delivery:
  216. driver = appendfile
  217. file = /var/mail/$local_part
  218. delivery_date_add
  219. envelope_to_add
  220. return_path_add
  221. group = mail
  222. mode = 0660
  223. address_pipe:
  224. driver = pipe
  225. return_output
  226. address_file:
  227. driver = appendfile
  228. delivery_date_add
  229. envelope_to_add
  230. return_path_add
  231. begin retry
  232. * * F,2h,15m; G,16h,1h,1.5; F,14d,6h
  233. begin rewrite
  234. begin authenticators
  235. PLAIN:
  236. driver = plaintext
  237. server_prompts = :
  238. server_condition = ${if and{ {!eq {$auth2}{}} {!eq {$auth3}{}}\
  239. {bool{${perl{check_password}\
  240. {${lookup pgsql {ORG_CHECK_PLAIN}{$value}}}\
  241. {$auth3}}}\
  242. }\
  243. }\
  244. {yes}{no}}
  245. server_set_id = $2
  246. server_advertise_condition = ${if def:tls_cipher }
  247.  
  248. LOGIN:
  249. driver = plaintext
  250. server_prompts = "Username:: : Password::"
  251. server_condition = ${if and{ {!eq {$auth1}{}} {!eq {$auth2}{}}\
  252. {bool{${perl{check_password}\
  253. {${lookup pgsql {ORG_CHECK_LOGIN}{$value}}}\
  254. {$auth2}}}}\
  255. }\
  256. {yes}{no}}
  257. server_set_id = $1
  258. server_advertise_condition = ${if def:tls_cipher }
  259.  
  260.  
  261.  
  262.  
  263.  
  264.  
  265.  
  266.  
  267.  
  268.  
  269.  
  270.  
  271.  
  272.  
  273.  
  274.  
  275.  
  276.  
  277. Exim4_out.conf:
  278.  
  279. .include /etc/exim4/macros.conf
  280. hide pgsql_servers = PGSQL_SERVERS
  281. #primary_hostname =
  282. domainlist local_domains = @ : localhost : localhost.localdomain
  283. domainlist relay_sql_rand_smtp = SMTP_RAND_DOMAINS
  284. domainlist relay_sql_nonrand_smtp = SMTP_NONRAND_DOMAINS
  285. domainlist relay_sql_rand_lmtp = LMTP_RAND_DOMAINS
  286. domainlist relay_sql_nonrand_lmtp = LMTP_NONRAND_DOMAINS
  287. domainlist relay_sql_domains = RELAY_SQL_DOMAINS
  288. hostlist relay_from_hosts =
  289. acl_smtp_rcpt = acl_check_rcpt
  290. acl_smtp_data = acl_check_data
  291. acl_smtp_mime = acl_check_mime
  292. acl_smtp_connect = acl_check_connect
  293. acl_smtp_helo = acl_check_helo
  294. smtp_banner = Baruwa 2.0 $tod_full
  295. #disable_ipv6 = true
  296. smtp_load_reserve = 10
  297. tls_advertise_hosts = *
  298. tls_certificate = /etc/pki/baruwa/baruwa.pem
  299. tls_privatekey = /etc/pki/baruwa/baruwa.key
  300. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DEH
  301. daemon_smtp_ports = 25
  302. #log_file_path=:syslog
  303. #syslog_duplication=false
  304. #syslog_timestamp=false
  305. never_users = root
  306. rfc1413_hosts = *
  307. rfc1413_query_timeout = 0s
  308. ignore_bounce_errors_after = 3d
  309. timeout_frozen_after = 7d
  310. auth_advertise_hosts =
  311. #dbl_delivery_query = DELIVERY_QUERY
  312. begin acl
  313. acl_check_rcpt:
  314. accept
  315. acl_check_data:
  316. accept
  317. acl_check_mime:
  318. accept
  319. acl_check_connect:
  320. accept
  321. acl_check_helo:
  322. accept
  323. begin routers
  324. deliver_clean_randomize:
  325. driver = manualroute
  326. domains = +relay_sql_rand_smtp
  327. transport = remote_smtp
  328. hosts_randomize = true
  329. route_data = ${lookup pgsql {ROUTE_QUERY}}
  330. deliver_clean_norandomized:
  331. driver = manualroute
  332. domains = +relay_sql_nonrand_smtp
  333. transport = remote_smtp
  334. hosts_randomize = false
  335. route_data = ${lookup pgsql {ROUTE_QUERY}}
  336. deliver_clean_randomize_lmtp:
  337. driver = manualroute
  338. domains = +relay_sql_rand_lmtp
  339. transport = remote_lmtp
  340. hosts_randomize = true
  341. route_data = ${lookup pgsql {ROUTE_QUERY}}
  342. deliver_clean_norandomized_lmtp:
  343. driver = manualroute
  344. domains = +relay_sql_nonrand_lmtp
  345. transport = remote_lmtp
  346. hosts_randomize = false
  347. route_data = ${lookup pgsql {ROUTE_QUERY}}
  348. dnslookup:
  349. driver = dnslookup
  350. domains = ! +local_domains : ! +relay_sql_domains
  351. transport = remote_smtp
  352. ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  353. no_more
  354. system_aliases:
  355. driver = redirect
  356. allow_fail
  357. allow_defer
  358. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  359. file_transport = address_file
  360. pipe_transport = address_pipe
  361. localuser:
  362. driver = accept
  363. check_local_user
  364. transport = local_delivery
  365. cannot_route_message = Unknown user
  366. begin transports
  367. remote_smtp:
  368. driver = smtp
  369. #dbl_host_defer_query = DEFER_QUERY
  370. delay_after_cutoff = false
  371. dkim_domain = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_address_\
  372. {${lc:$sender_address_domain}}{}}
  373. dkim_selector = baruwa
  374. dkim_private_key = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_add\
  375. {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domai}
  376. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !H
  377. remote_lmtp:
  378. driver = smtp
  379. protocol = lmtp
  380. port = 25
  381. #dbl_host_defer_query = DEFER_QUERY
  382. delay_after_cutoff = false
  383. dkim_domain = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_address_\
  384. {${lc:$sender_address_domain}}{}}
  385. dkim_selector = baruwa
  386. dkim_private_key = ${if exists{/etc/MailScanner/baruwa/dkim/${lc:$sender_add\
  387. {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domai}
  388. tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !H
  389. local_delivery:
  390. driver = appendfile
  391. file = /var/mail/$local_part
  392. delivery_date_add
  393. envelope_to_add
  394. return_path_add
  395. group = mail
  396. mode = 0660
  397. address_pipe:
  398. driver = pipe
  399. return_output
  400. address_file:
  401. driver = appendfile
  402. delivery_date_add
  403. envelope_to_add
  404. return_path_add
  405. begin retry
  406. * * F,2h,15m; G,16h,1h,1.5; F,14d,6h
  407. begin rewrite
  408. begin authenticators
  409. root@relay-1:/etc/exim4#
  410.  
  411.  
  412. Macros.conf
  413.  
  414. root@relay-1:/etc/exim4# cat macros.conf
  415. ROUTE_QUERY = SELECT '"<+ ' || array_to_string(ARRAY(SELECT address FROM routeda
  416. SMTP_NONRAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_p\
  417. AND delivery_mode=2 AND protocol=1;
  418. SMTP_RAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsq\
  419. AND delivery_mode=1 AND protocol=1;
  420. LMTP_NONRAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_p\
  421. AND protocol=2 AND delivery_mode=2;
  422. LMTP_RAND_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsq\
  423. AND protocol=2 AND delivery_mode=1;
  424. SMTP_SQL_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql\
  425. AND protocol=1;
  426. LMTP_SQL_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql\
  427. AND protocol=2;
  428. LDAP_DOMAINS = pgsql;SELECT name FROM mtasettings WHERE name='${quote_pgsql:$do\
  429. AND ldap_callout='t';
  430. SMTP_CALLBACK_DOMAINS = pgsql;SELECT name FROM mtasettings where name='${quote_\
  431. AND smtp_callout='t';
  432. RELAY_SQL_DOMAINS = pgsql;SELECT name FROM relaydomains WHERE name='${quote_pgs;
  433. WHITELISTED_DOMAINS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  434. BLACKLISTED_DOMAINS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  435. WHITELISTED_ADDRESS = pgsql;SELECT from_address FROM lists WHERE to_address='an;
  436. BLACKLISTED_ADDRESS = pgsql;SELECT from_address from lists WHERE to_address='an;
  437. WHITELISTED_HOSTS = pgsql;SELECT from_address FROM lists WHERE to_address='any';
  438. BLACKLISTED_HOSTS = pgsql;SELECT from_address FROM lists WHERE to_address='any';
  439. RELAY_SQL_HOSTS = pgsql;SELECT address FROM relaysettings WHERE enabled='t' AND;
  440. PGSQL_SERVERS = 127.0.0.1::5432/baruwa/baruwa/verysecretpw
  441. SPF_MSG = Please see http://www.openspf.org/Why?scope=${if def:sender_address_ds
  442. LDAP_LOOKUP = ${lookup pgsql {SELECT url FROM ldaplookup WHERE name='${quote_pg}
  443. DELIVERY_QUERY = ${lookup pgsql {INSERT INTO messagestatus (messageid, hostname\
  444. VALUES('${quote_pgsql:$message_exim_id}', '${qu\
  445. ${quote_pgsql:$dbl_delivery_port}, '${quote_pgs}
  446. DEFER_QUERY = ${lookup pgsql {INSERT INTO messagestatus (messageid, hostname, i\
  447. VALUES('${quote_pgsql:$message_exim_id}', '${quote\
  448. ${quote_pgsql:$dbl_delivery_port}, '${quote_pgsql:\
  449. '${quote_pgsql:$dbl_defer_errstr}')}}
  450. DKIM_STATUS = ${lookup pgsql {SELECT name FROM maildomains,dkim_keys WHERE mail}
  451. PASSWD_CHECK_LOGIN = SELECT password FROM users WHERE username='${quote_pgsql:$'
  452. PASSWD_CHECK_PLAIN = SELECT password FROM users WHERE username='${quote_pgsql:$'
  453. ORG_CHECK_LOGIN = SELECT password FROM relaysettings WHERE username='${quote_pg'
  454. ORG_CHECK_PLAIN = SELECT password FROM relaysettings WHERE username='${quote_pg'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!