[решено] vexim: не работает blocklist

[решено] vexim: не работает blocklist

skeletor

Старожил

Сообщения: 257
Благодарности: 9

Есть сервер с vexim (Debian, exim). Конфиг дефолтный (99%). Не хочет работать блокировка (таблица blocklist). То есть я задаю параметры блокировки, но они не отрабатывают (задаю полностью адрес отправителя). Ниже конфиг

Код:

MAILMAN_HOME=/usr/local/mailman
MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
MAILMAN_USER=101
MAILMAN_GROUP=103
MY_IP = XX.XX.XX.XX

VIRTUAL_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'local' AND enabled = '1' AND domain = '${quote_mysql:$domain}'
RELAY_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay'  AND domain = '${quote_mysql:$domain}'
ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'

domainlist local_domains = @ : pear.silverwraith.com : ${lookup mysql{VIRTUAL_DOMAINS}} : ${lookup mysql{ALIAS_DOMAINS}}
domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}}
hostlist   relay_from_hosts = localhost : 10.1.0.0/16 : MY_IP
trusted_users = www-data:www-data

hide mysql_servers = localhost:3306/xx/xx/xx

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_content
acl_smtp_helo = acl_check_helo
av_scanner = clamd:/var/run/clamav/clamd.ctl
spamd_address = 127.0.0.1 9031

exim_user = Debian-exim
exim_group = mail
never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d

log_selector = +subject

begin acl
  .include /etc/exim4/vexim/vexim-acl-check-spf.conf

acl_check_helo:

  .include /etc/exim4/vexim/vexim-acl-check-helo.conf

acl_check_rcpt:

  accept  hosts = :

  .include /etc/exim4/vexim/vexim-acl-check-rcpt.conf

  deny    local_parts   = ^.*[@%!/|] : ^\\.

  accept  local_parts   = postmaster
          domains       = +local_domains

  accept  domains       = +local_domains
          endpass
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient

  accept  hosts         = +relay_from_hosts
  accept  authenticated = *

  deny    message       = relay not permitted

acl_check_content:

  .include /etc/exim4/vexim/vexim-acl-check-content.conf

  accept


begin routers


dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

mailman_router:
  driver = accept
  require_files = MAILMAN_HOME/lists/$local_part/config.pck
  local_part_suffix_optional
  local_part_suffix = -bounces : -bounces+* : \
                      -confirm+* : -join : -leave : \
                      -owner : -request : -admin
  headers_remove = X-Spam-Score:X-Spam-Report
  transport = mailman_transport



ditch_maxmsgsize:
  driver = redirect
  allow_fail
  condition = ${if >{$message_size}{${lookup mysql{select users.maxmsgsize from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.maxmsgsize > 0 \
                and users.domain_id=domains.domain_id }{${value}K}fail}} {yes}{no}}
  data = :fail:\n\Your message is too big.\n \
                Your message was rejected because the user $local_part@$domain\n \
                does not accept messages larger than \
                ${lookup mysql{select users.maxmsgsize from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.maxmsgsize > 0 \
                and users.domain_id=domains.domain_id}{${value}K}fail} Kb.
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

ditch_malware:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
                         {eq {${lookup mysql{select users.on_avscan from users,domains \
                                where localpart = '${quote_mysql:$local_part}' \
                                and domain = '${quote_mysql:$domain}' \
                                and users.on_avscan = '1' \
                                and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }

ditch_spam:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if >{$spam_score_int}{${lookup mysql{select users.sa_refuse * 10 from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.on_spamassassin = '1' \
                and users.domain_id=domains.domain_id \
                and users.sa_refuse > 0 }{$value}fail}} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

ditch_hdrmailer:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                        where blocklists.blockhdr = 'x-mailer' \
                        and blocklists.blockval = '${quote_mysql:$h_x-mailer:}' \
                        and users.localpart = '${quote_mysql:$local_part}' \
                        and domains.domain = '${quote_mysql:$domain}' \
                        and domains.domain_id=blocklists.domain_id \
                        and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

ditch_hdrto:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                        where blocklists.blockhdr = 'to' \
                        and blocklists.blockval = '${quote_mysql:$h_to:}' \
                        and users.localpart = '${quote_mysql:$local_part}' \
                        and domains.domain = '${quote_mysql:$domain}' \
                        and domains.domain_id=blocklists.domain_id \
                        and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

ditch_hdrfrom:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                        where blocklists.blockhdr = 'from' \
                        and blocklists.blockval = '${quote_mysql:$h_from:}' \
                        and users.localpart = '${quote_mysql:$local_part}' \
                        and domains.domain = '${quote_mysql:$domain}' \
                        and domains.domain_id=blocklists.domain_id \
                        and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

ditch_hdrsubject:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if eq {${lookup mysql{select count(*) from blocklists,users,domains \
                        where blocklists.blockhdr = 'subject' \
                        and blocklists.blockval = '${quote_mysql:$h_subject:}' \
                        and users.localpart = '${quote_mysql:$local_part}' \
                        and domains.domain = '${quote_mysql:$domain}' \
                        and domains.domain_id=blocklists.domain_id \
                        and users.user_id=blocklists.user_id}}}{1} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part

virtual_vacation:
  driver = accept
  condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk|list}} \
                         {eq {${lookup mysql{select users.on_vacation from users,domains \
                                where localpart = '${quote_mysql:$local_part}' \
                                and domain = '${quote_mysql:$domain}' \
                                and users.on_vacation = '1' \
                                and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
  no_verify
  no_expn
  unseen
  transport = virtual_vacation_delivery

virtual_forward:
  driver = redirect
  check_ancestor
  unseen = ${if eq {${lookup mysql{select unseen from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.on_forward = '1' \
                and users.domain_id=domains.domain_id}}}{1} {yes}{no}}
  data = ${lookup mysql{select forward from users,domains \
        where localpart='${quote_mysql:$local_part}' \
        and domain='${quote_mysql:$domain}' \
        and users.domain_id=domains.domain_id \
        and on_forward = '1'}}
  condition = ${if and { {!match {$h_precedence:}{(?i)junk}} \
                         {eq {${lookup mysql{select users.on_forward from users,domains \
                                where localpart = '${quote_mysql:$local_part}' \
                                and domain = '${quote_mysql:$domain}' \
                                and users.on_forward = '1' \
                                and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }

virtual_domains:
  driver = redirect
  allow_fail
  data = ${lookup mysql{select smtp from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and domains.enabled = '1' \
                and users.enabled = '1' \
                and users.domain_id = domains.domain_id}}
  headers_add = ${if >{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.on_spamassassin = '1' \
                and users.domain_id=domains.domain_id }{$value}fail}} {X-Spam-Flag: YES\n}{} }
  headers_remove = ${if or { { <{$spam_score_int}{1} } \
                             { <{$spam_score_int}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                               where localpart = '${quote_mysql:$local_part}' \
                               and domain = '${quote_mysql:$domain}' \
                               and users.on_spamassassin = 1 \
                               and users.domain_id=domains.domain_id}{$value}fail}} } \
                             { eq {0}{${lookup mysql{select users.sa_tag * 10 from users,domains \
                               where localpart = '${quote_mysql:$local_part}' \
                               and domain = '${quote_mysql:$domain}' \
                               and users.on_spamassassin = 0 \
                               and users.domain_id=domains.domain_id}{$value}fail}}} \
                           } {X-Spam-Score:X-Spam-Report} }
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part
  file_transport = virtual_delivery
  reply_transport = address_reply
  pipe_transport = address_pipe

.include /etc/exim4/vexim/vexim-group-router.conf

virtual_domains_catchall:
  driver = redirect
  allow_fail
  data = ${lookup mysql{select smtp from users,domains where localpart = '*' \
                and domain = '${quote_mysql:$domain}' \
                and users.domain_id = domains.domain_id}}
  retry_use_local_part
  file_transport = virtual_delivery
  reply_transport = address_reply
  pipe_transport = address_pipe_catchall

virtual_domain_alias:
  driver = redirect
  allow_fail
  data = ${lookup mysql{select concat('${quote_mysql:$local_part}@', domain) \
                from domains,domainalias where domainalias.alias = '${quote_mysql:$domain}' \
                and domainalias.domain_id = domains.domain_id}}
  retry_use_local_part

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  user = Debian-exim
  group = mail
  file_transport = address_file
  pipe_transport = address_pipe

userforward:
  driver = redirect
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe_local
  reply_transport = address_reply
  condition = ${if exists{$home/.forward} {yes} {no} }
  group = mail

localuser:
  driver = accept
  check_local_user
  transport = local_delivery
  cannot_route_message = Unknown user


begin transports



remote_smtp:
  driver = smtp


local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  user = $local_part
  mode = 0660
  no_mode_fail_narrower

virtual_delivery:
  driver = appendfile
  envelope_to_add
  return_path_add
  mode = 0600
  maildir_format = true
  create_directory = true
  directory = ${lookup mysql{select smtp from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.domain_id = domains.domain_id}}
  user = ${lookup mysql{select users.uid  from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.domain_id = domains.domain_id}}
  group = ${lookup mysql{select users.gid from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.domain_id = domains.domain_id}}
  quota = ${lookup mysql{select users.quota from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.domain_id = domains.domain_id}{${value}M}}
  quota_is_inclusive = false
  quota_warn_threshold = 75%
  maildir_use_size_file = false
  quota_warn_message = "To: $local_part@$domain\n\
                        Subject: Mailbox quota warning\n\n\
                        This message was automatically generated by the mail delivery software.\n\n\
                        You are now using over 75% of your allocated mail storage quota.\n\n\
                        If your mailbox fills completely, further incoming messages will be automatically\n\
                        returned to their senders.\n\n\
                        Please take note of this and remove unwanted mail from your mailbox.\n"

virtual_vacation_delivery:
  driver   = autoreply
  from     = "${local_part}@${domain}"
  to       = ${sender_address}
  subject  = "Autoreply from ${local_part}@${domain}"
  text     = ${lookup mysql{select vacation from users,domains \
                where domain='${quote_mysql:$domain}' \
                and localpart='${quote_mysql:$local_part}' \
                and users.domain_id=domains.domain_id}}

mailman_transport:
  driver = pipe
  command = MAILMAN_WRAP \
            '${if def:local_part_suffix \
                  {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                  {post}}' \
            $local_part
  current_directory = MAILMAN_HOME
  home_directory = MAILMAN_HOME
  user = MAILMAN_USER
  group = MAILMAN_GROUP


address_pipe:
  driver = pipe
  return_output
  user = ${lookup mysql{select users.uid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
  group = ${lookup mysql{select users.gid from users,domains where localpart = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}

address_pipe_catchall:
  driver = pipe
  return_output
  user = ${lookup mysql{select users.uid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
  group = ${lookup mysql{select users.gid from users,domains where localpart = '*' and domain = '${quote_mysql:$domain}' and users.domain_id = domains.domain_id}}
address_pipe_local:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply


begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,14d,6h

begin rewrite

Отправлено: 15:01, 16-09-2010

skeletor

Старожил

Сообщения: 257
Благодарности: 9

Профиль | Отправить PM | Цитировать

Всё оказалось намного проще: если запустить exim в режиме расширенного логгирование (exim -bd -d+all > /var/log/exim-debug.log 2>&1), то можно понять, что оно работает, но нужно задавать в БД не user@domain.com, а <user@domain.com> (с угловыми скобками). Это касается роутеров ditch_hdrfrom и ditch_hdrto. В остальных роутерах так же. То есть оно хочет точное совпадение. Что бы добавить возможность совпадения по шаблону или части слова делаем такое:

Цитата:

В роутере ditch_hdrmailer вместо строки

and blocklists.blockval = '${quote_mysql:$h_x-mailer:}' \

пишем такую

and '${quote_mysql:$h_x-mailer:}' like concat('%',blocklists.blockval,'%') \

собственно для остальных роутеров аналогично. После этого можно задавать не только адрес, но и домен.

Отправлено: 18:20, 04-10-2010 | #2

Для отключения данного рекламного блока вам необходимо зарегистрироваться или войти с учетной записью социальной сети.

Если же вы забыли свой пароль на форуме, то воспользуйтесь данной ссылкой для восстановления пароля.