primary_hostname gate domain1 ru domainlist local_domains lookup mysql

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
primary_hostname = gate.domain1.ru
domainlist local_domains = ${lookup mysql{SELECT domainname FROM domains \
WHERE domainname='${domain}' AND \
(type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domainname FROM domains \
WHERE domainname='${domain}' AND type='RELAY'}}
hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd
qualify_domain = domain1.ru
log_selector = \
+all_parents \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
allow_domain_literals = false
never_users = root:daemon:bin
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 30m
timeout_frozen_after = 30d
freeze_tell = postmaster
auto_thaw = 1h
message_size_limit = 16M
smtp_accept_max = 50
smtp_accept_max_per_connection = 50
smtp_connect_backlog = 50
smtp_accept_max_per_host = 25
split_spool_directory = true
remote_max_parallel = 15
# вводим параметры подключения к MySQL серверу хост/БД/имя_пользователя/пароль
hide mysql_servers = localhost/exim/exim/exim
begin acl
acl_check_rcpt:
accept hosts = :
# Задержка приёма письма - как средство борьбы со спамом -
# спамерам некогда ждать по 99 секунд :)
warn
set acl_m0 = 0s
warn
hosts = !+relay_from_hosts:!213.234.195.226/32
set acl_m0 = 30s
warn
condition = ${if and {\
{match{$sender_host_name}\
{\N^[-a-z]*\d{0,3}[-a-z]*\.?[-a-z]*\d{0,3}[-a-z]*\.\w+$\N}} \
{!eq{$acl_c0}{outblaze_helo}} \
}{yes}{no}}
set acl_m0 = 1s
warn
condition = ${if and {\
{match{$sender_helo_name}{\N^\w*\.\w{3}$\N}} \
{eq{$acl_c1}{}} \
}{yes}{no}}
set acl_m0 = 99s
warn
condition = ${if and {\
{!match{$sender_host_name}{\N.+.outblaze.com$\N}} \
{eq{$acl_c0}{outblaze_helo}} \
}{yes}{no}}
set acl_m0 = 99s
warn
condition = ${if and {\
{!match{$sender_host_name}{\N.+.outblaze.com$\N}} \
{eq{$acl_c2}{outblaze_domain}} \
}{yes}{no}}
set acl_m0 = 99s
warn
condition = ${if or {\
{eq{$sender_address}{}} \
{eq{$acl_m1}{0s}} \
} {yes}{no}}
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. \
Mail from $sender_address to $local_part@$domain.
set acl_m1 = 0s
delay = $acl_m0
############ ###################
deny local_parts = ^.*[@%!/|] : ^\\.
# Приём писем для постмастера локальных доменов без проверок
# accept local_parts = postmaster
# domains = +local_domains
require verify = sender
deny message = HELO/EHLO required by SMTP RFC
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
deny message = Go Away! You are spammer.
condition = ${if match{$sender_host_name} \
{bezeqint\\.net|net\\.il|dialup|pool|peer|dhcp} \
{yes}{no}}
deny message = host is listed in $dnslist_domain
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
opm.blitzed.org : \
proxies.blackholes.easynet.nl
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = RELAY NOT PERMITTED
acl_check_data:
deny message = Go Away! Eat Your Spam Self!
condition = ${if match{$message_body} \
{105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
{yes}{no}}
deny malware = *
message = Virus found ($malware_name)
accept
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/24
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM aliases WHERE \
to_user='${quote_mysql:$local_part@$domain}' OR \
to_user='${quote_mysql:@$domain}'}}
mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT home FROM users \
WHERE id='${quote_mysql:$local_part@$domain}' OR \
id='${quote_mysql:@$domain}'}}}{no}{yes}}
transport = mysql_delivery
begin transports
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup mysql{SELECT CONCAT(home, '${local_part}@${domain}')\
FROM users WHERE id='${local_part}@${domain}'}}
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT id FROM users \
WHERE id = '${quote_mysql:$1}' \
AND passwd = '${quote_mysql:$2}' \
AND active = 'Y'}{yes}{no}}
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT id FROM users \
WHERE id = '${quote_mysql:$1}' \
AND passwd = '${quote_mysql:$2}' \
AND active = 'Y'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT passwd FROM users \
WHERE id = '${quote_mysql:$1}' \
AND active = 'Y'}{$value}fail}
server_set_id = $1