Need help with exim.

mkp · 11-14-2009, 01:36 PM

Hi, i have mail server with exim+spamassassin, some of users start to get message from MAILER-DAEMON or mail delivery subsystem, i think this is a bounce messages. What i need to change in exim to reject them. This is my exim.conf:

Code:

domainlist 
domainlist local_domains = domain.com
relay_to_domains =
hostlist   relay_from_hosts = 127.0.0.1: 192.168.0.0/16
log_file_path = syslog
message_size_limit = 30M
smtp_receive_timeout=5m
smtp_accept_queue = 100
smtp_accept_max = 40
smtp_accept_max_per_host = 5
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = /var/run/spamd.sock
#spamd_address = 127.0.0.1 783
never_users = root
#host_lookup =
host_lookup = 0.0.0.0/0
host_lookup_order = byaddr
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 1d
errors_reply_to = postmaster@domain.com
timeout_frozen_after = 3d
timeout_frozen_after = 3d
helo_allow_chars = _
begin acl
acl_check_rcpt:
  accept  hosts = :
  deny    hosts = 

  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  accept  local_parts   = postmaster
          domains       = +local_domains
  require verify        = sender
  accept  domains       = +local_domains
          endpass
          verify        = recipient
  accept  hosts         = +relay_from_hosts
          control       = submission
                  domains               = !+local_domains
  accept  authenticated = *
          control       = submission
  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient
  deny    message       = relay not permitted
acl_check_data:

  deny message = Serious MIME defect detected ($demime_reason)
  demime = *
  deny    message   = This message contains a virus ($malware_name) and has been rejected.
        # skip virus check when message is larger than 1MB
        condition = ${if <{$message_size}{1m}{1}{0}}
        demime = *
        malware = *


#    warn    message = X-SA-Report: $spam_report
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{0}{1}{0}}
#    warn    message = X-SA-Status: Yes
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{40}{1}{0}}
#    deny    message = This message scored $spam_score spam points.
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{120}{1}{0}}



      warn message   = X-Spam_score: $spam_score\n\
                       X-Spam_score_int: $spam_score_int:\n\
                       X-Spam_bar: $spam_bar\n\
                       X-Spam_report: $spam_report
#                      X-Spam_flag: Yes
#                 condition = ${if <{$message_size}{100k}{1}{0}}
                     spam      = mail:true
      deny message = This message was classified as SPAM
                  condition = ${if >{$spam_score_int}{55}}
  accept
begin routers


spamassassin_router:
        driver = accept
        transport = spamassassin
        condition = ${if eq {$received_protocol}{smtp}{}}
#        no_verify
#       no_expn

first_liases:
        driver = redirect
        domains = +local_domains
        data = ${lookup{$local_part@$domain}lsearch{/etc/aliases}}
        user = mail
        file_transport = address_file
        pipe_transport = address_pipe
        allow_fail
        allow_defer


localuser:
        driver = accept
        domains = +local_domains
        check_local_user
        address_data = "spam_score=40 use_spam_folder=1 mark_spam_prio=1"
        transport = local_delivery
        cannot_route_message = Unknown user


dnslookup:
        driver = dnslookup
        domains = ! +local_domains
        transport = remote_smtp
        ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

last_fail:
        driver = redirect
        allow_fail
        data = :fail:No such user $local_part at $domain
        no_more
begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp

local_delivery:
  driver = appendfile
  user = $local_part
  group = mail
  maildir_format
  delivery_date_add
  envelope_to_add
  return_path_add
  mode = 0660
  headers_remove=${if and{{MARK_SPAM}{or{{IS_SPAM}{IS_LOW_PRIO}}}}{X-MSMail-Priority:X-Priority}{}}
  headers_add  = ${if and{{MARK_SPAM}{IS_SPAM}}{X-MSMail-Priority: Low}{}}
  directory = $home/Maildir${if and{{IS_SPAM}{USE_SPAM_FLDR}}{/.SPAM}{}}
address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply



antivirus:
  driver = pipe
  batch_max = 200
  command = /bin/nice -19 /inet/src/scan/ph ${pipe_addresses}
  return_output = false
  return_path_add = false
  user = mail
  group = mail

spamassassin:
  driver = pipe
  use_bsmtp = true
  command = /usr/exim/bin/exim -bS -oMr sa-checked
  transport_filter = /usr/bin/spamc -f
  home_directory = /tmp
  current_directory = /tmp
  user = mail
  group = mail
  log_output = true
begin retry

begin rewrite


begin authenticators

dovecot_plain:
        driver = dovecot
        public_name = LOGIN
        #server_prompts = "Username:: : Password::"
        server_socket = /var/run/dovecot/auth-client

repo · 11-14-2009, 01:40 PM

Quote:

i think this is a bounce messages.

First figure out what the messages are.

mkp · 11-14-2009, 01:54 PM

1:
Return-path: <>
Envelope-to: ludmil@domain.com
Delivery-date: Fri, 13 Nov 2009 18:29:08 +0200
Received: from nvkbank.ru ([88.147.255.114] helo=mailsrv2.nvk.int)
by mail.domain.com with esmtp (Exim 4.68)
id 1N8z1G-0000Pj-Pz
for ludmil@domain.com; Fri, 13 Nov 2009 18:29:08 +0200
From: postmaster@nvk.int
To: ludmil@domain.com
Date: Fri, 13 Nov 2009 19:27:58 +0300
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01CA639C022DF13600006D5Cmailsrv2.nvk.int"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <hO06wLJkI000032ce@mailsrv2.nvk.int>
Subject: Delivery Status Notification (Failure)
X-Spam_score: 1.1
X-Spam_score_int: 11:
X-Spam_bar: +
X-Spam_report: Spam detection software, running on the system "mail.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable
to connect successfully to the destination mail server. icepskav_1955@nvkbank.ru
ieawypakbttv@nvkbank.ru ign@nvkbank.ru igor@nvkbank.ru iholimpo@nvkbank.ru
ik@nvkbank.ru ike-8224645@nvkbank.ru ikonorova@nvkbank.ru ilya@nvkbank.ru
[...]
Content analysis details: (1.1 points, 4.0 required)
pts rule name description

2:
Return-path: <>
Envelope-to: ludmil@domain.com
Delivery-date: Sat, 14 Nov 2009 11:00:35 +0200
Received: from ws002.soc-ws.pu.ru ([195.70.218.2] helo=hq.soc.pu.ru)
by mail.domain.com with esmtp (Exim 4.68)
id 1N9EUj-0003s1-9q
for ludmil@domain.com; Sat, 14 Nov 2009 11:00:35 +0200
Received: from localhost (localhost)
by hq.soc.pu.ru (8.13.6/8.13.6) id nADDBkp8094355;
Sat, 14 Nov 2009 11:46:46 +0300 (MSK)
(envelope-from MAILER-DAEMON)
Date: Sat, 14 Nov 2009 11:46:46 +0300 (MSK)
From: Mail Delivery Subsystem <MAILER-DAEMON@hq.soc.pu.ru>
Message-Id: <200911140846.nADDBkp8094355@hq.soc.pu.ru>
To: <ludmil@domain.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="nADDBkp8094355.1258188406/hq.soc.pu.ru"
Content-Transfer-Encoding: 8bit
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam_score: 3.3
X-Spam_score_int: 33:
X-Spam_bar: +++
X-Spam_report: Spam detection software, running on the system "mail.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

May be i'm wrong about bounce messages.

mkp · 11-15-2009, 12:20 PM

Anyone?

Smartpatrol · 11-15-2009, 10:55 PM

mkp · 11-16-2009, 12:33 AM

Thanks, i'll try it, i have domainlist local_domains = domain.com , just miss to post it.

mkp · 11-16-2009, 06:40 AM

Smartpatrol,not work. Maybe i miss something. Where i need put domainlist local_domains = domain.com , now it's on top in exim.conf.

mkp · 11-18-2009, 01:37 AM

Smartpatrol · 11-20-2009, 10:36 PM

mkp · 11-23-2009, 12:59 AM

When put this in exim.conf

Code:

deny   condition      = ${if match {$sender_address_domain}\
                          {\N^(localhost|local|localhost\.localdomain|localdomain)$\N}\
                          {yes}{no}}

i recieve error 451 while trying to send message:

The message could not be sent. The authentication setting might not be correct for your outgoing e-mail [SMTP] server. For help solving this problem, go to Help, search for "Troubleshoot Windows Mail", and read the "I'm having problems sending e-mail" section. If you need help determining the proper server settings, please contact your e-mail service provider.

The rejected e-mail address was 'user@domain.com'. Subject 'test', Account: 'mail.domain.com (1)', Server: 'mail.domain.com', Protocol: SMTP, Server Response: '451 Temporary local problem - please try later', Port: 25, Secure(SSL): No, Server Error: 451, Error Number: 0x800CCC79

Is it good idea to change outgoing port from 25 to 587?

My new exim.conf:

Code:

primary_hostname = mail.domain.com
domainlist local_domains = domain.com
domainlist domains_we_reject = *.*.*.ru:*.*.ru:*.ru:*.br:*.in:*.cn:*.rus
domainlist relay_to_domains =
hostlist   relay_from_hosts = 127.0.0.1: 192.168.0.0/16
log_file_path = syslog
message_size_limit = 30M
smtp_receive_timeout=5m
smtp_accept_queue = 100
smtp_accept_max = 40
smtp_accept_max_per_host = 5
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = /var/run/spamd.sock
#spamd_address = 127.0.0.1 783
never_users = root
#host_lookup =
host_lookup = 0.0.0.0/0
host_lookup_order = byaddr
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 1d
errors_reply_to = postmaster@domain.com
timeout_frozen_after = 3d
timeout_frozen_after = 3d
helo_try_verify_hosts = !+relay_from_hosts
helo_allow_chars = 
begin acl
acl_check_rcpt:
check_recipient:
# stop bounce from us, lets do it by sender's server
accept domains = +local_domains
endpass
message = unknown user
verify = recipient

  accept  hosts = :
  deny    hosts = 
  deny
          log_message = match in spam list
          dnslists = bl.spamcop.net:sbl.spamhaus.org
  deny    sender_domains = +domains_we_reject
          message = Unknown users
  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  accept  local_parts   = postmaster
          domains       = +local_domains
  require verify        = sender
  accept  domains       = +local_domains
          endpass
          verify        = recipient
  accept  hosts         = +relay_from_hosts
          control       = submission
          domains               = !+local_domains
  accept  authenticated = *
          control       = submission
  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient
  deny    message       = relay not permitted

acl_check_data:

  deny message = Serious MIME defect detected ($demime_reason)
  demime = *
  deny    message   = This message contains a virus ($malware_name) and has been rejected.
        # skip virus check when message is larger than 1MB
        condition = ${if <{$message_size}{1m}{1}{0}}
        demime = *
        malware = *


#    warn    message = X-SA-Report: $spam_report
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{0}{1}{0}}
#    warn    message = X-SA-Status: Yes
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{40}{1}{0}}
#    deny    message = This message scored $spam_score spam points.
#               spam = mail:true
#       condition = ${if >{$spam_score_int}{120}{1}{0}}



      warn message   = X-Spam_score: $spam_score\n\
                       X-Spam_score_int: $spam_score_int:\n\
                       X-Spam_bar: $spam_bar\n\
                       X-Spam_report: $spam_report
#                      X-Spam_flag: Yes
                 condition = ${if <{$message_size}{500k}{1}{0}}
                     spam      = mail:true
      deny message = This message was classified as SPAM
                  condition = ${if >{$spam_score_int}{55}}
  accept
begin routers


spamassassin_router:
        driver = accept
        transport = spamassassin
        condition = ${if eq {$received_protocol}{smtp}{}}
#       no_verify
#       no_expn

first_liases:
        driver = redirect
        domains = +local_domains
        data = ${lookup{$local_part@$domain}lsearch{/etc/aliases}}
        user = mail
        file_transport = address_file
        pipe_transport = address_pipe
        allow_fail
        allow_defer


localuser:
        driver = accept
        domains = +local_domains
        check_local_user
        address_data = "spam_score=40 use_spam_folder=1 mark_spam_prio=1"
        transport = local_delivery
        cannot_route_message = Unknown user


dnslookup:
        driver = dnslookup
        domains = ! +local_domains
        transport = remote_smtp
        ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
	no_more

last_fail:
        driver = redirect
        allow_fail
        data = :fail:No such user $local_part at $domain
        no_more

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp

local_delivery:
  driver = appendfile
  user = $local_part
  group = mail
  maildir_format
  delivery_date_add
  envelope_to_add
  return_path_add
  mode = 0660
  headers_remove=${if and{{MARK_SPAM}{or{{IS_SPAM}{IS_LOW_PRIO}}}}{X-MSMail-Priority:X-Priority}{}}
  headers_add  = ${if and{{MARK_SPAM}{IS_SPAM}}{X-MSMail-Priority: Low}{}}
  directory = $home/Maildir${if and{{IS_SPAM}{USE_SPAM_FLDR}}{/.SPAM}{}}
address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply



antivirus:
  driver = pipe
  batch_max = 200
  command = /bin/nice -19 /inet/src/scan/ph ${pipe_addresses}
  return_output = false
  return_path_add = false
  user = mail
  group = mail

spamassassin:
  driver = pipe
  use_bsmtp = true
  command = /usr/exim/bin/exim -bS -oMr sa-checked
  transport_filter = /usr/bin/spamc -f
  home_directory = /tmp
  current_directory = /tmp
  user = mail
  group = mail
  log_output = true
  return_fail_output = true

begin retry

begin rewrite


begin authenticators

dovecot_plain:
        driver = dovecot
        public_name = LOGIN
        #server_prompts = "Username:: : Password::"
        server_socket = /var/run/dovecot/auth-client

Smartpatrol · 11-24-2009, 03:35 PM

mkp · 11-25-2009, 12:50 AM