Kochan 0 Zgłoś post Napisano Lipiec 5, 2017 (edytowany) Witam, czy ktoś byłby w stanie zweryfikować moją konfigurację exima. Co jakiś czas pojawiają się informacje, że jakiś mail nie dotarł albo inne zwrotki. W przypadku pierwszej sytuacji adresy e-mail są poprawne, jedynie co przychodzi mi do głowy to wpadanie do SPAM'u. Dlatego wprowadziłem tez konfigurację DKIM'a. W przypadku weryfikacji log'ów wysyłki na właśnie taki adres @ trafiłem na H=ASPMX.L.GOOGLE.COM [2a00:1450:4010:c0b::1b] Network is unreachable -jakby coś blokowało/albo było niedostepne. dodam, że adres @ nie jest w domenie gmail.com tylko prywatnej firmy. W drugim przypadku (zwrotki) są to w większości zwrotki typu user not exist albo użytkownik zablokowany - tu sytuacje mam jasną. Wcześniej miałem problem z ClamAv exim paniclog /var/log/exim/paniclog on serwer. has non-zero size, mail system might be broken. The last 10 lines are quoted below.2017-07-03 08:40:12 1dRv1b-0005w1-Jp malware acl condition: clamd [127.0.0.1]:3310 : unable to read from socket (Connection timed out) Ubiłem wszystkie procesy clamAv oraz freshclam po czym zrestartowałem usługi - na tą chwilę wydaje się że jest ok. Edytowano Lipiec 5, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
Vasthi 74 Zgłoś post Napisano Lipiec 5, 2017 (edytowany) Edytowano Marzec 26, 2018 przez Vasthi (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
Gość Kamikadze Zgłoś post Napisano Lipiec 5, 2017 Wyłącz wysyłkę po ipv6 i sprawdź. Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 5, 2017 (edytowany) haha, sory za brak kodu + spf jest (z testu) SPF: sender matches SPF recordSuper! Twój SPF jest poprawny ###################################################################### # SpamBlocker.exim.conf.2.1.1-release # # 05-Jun-2007 # # Runtime configuration file for DirectAdmin/Exim 4.24 and above # # Requires exim.pl dated 20-Apr-2007 17:09 or later # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # WARNING! Be sure to back up your previous exim.conf file before # # attempting to use this exim.conf file. # # # # Do may not use this exim.conf Exim configuration file unless you # # make the required modifications to your Exim configuration # # following the instructions in the README file included in this # # distribution. # # # # This is version "2.0 of the SpamBlocker exim.conf file as # # distributed by NoBaloney Internet Services for DirectAdmin based # # servers. # # # # More information about NoBaloney.net may be found at: # # http://www.nobaloney.net/ # # # # More information about DirectAdmin may be found at: # # http://www.directadmin.com/ # # # # This Exim configuration file has been modified from the original # # as distributed with Exim 4. The modifications have been made by: # # # # Jeff Lasman # # NoBaloney Internet Services # # Post Office Box 52200 # # Riverside, CA 92517-3200 # # spamblocker@nobaloney.net # # (951) 643-5345 # # # # The SpamBlocker exim.conf file has been modified from the original # # exim.conf file as distributed with Exim 4, which includes the # # following copyright notice: # # # # Copyright © 2002 University of Cambridge, Cambridge, UK # # # # Portions of the file are taken from the exim.conf file as # # distributed with DirectAdmin (http://www.directadmin.com/), # # # # Copyright©2003-2007 JBMC Software, St Albert, AB, Canada T8N 5C9 # # # # Portions of this file are written by Jeff Lasman, of # # NoBaloney Internet Services and are copyright as follows: # # # # Copyright © 2004-2007 NoBaloney Internet Services, # # Riverside, Calif., USA # # # # The entire Exim 4 distribution, including the exim.conf file, is # # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # # June 1991. If you do not have a copy of the GNU GENERAL # # PUBLIC LICENSE you may download it, in it's entirety, from # # the website at: # # # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # # ###################################################################### # # # The most recent version of this SpamBlocker exim.conf file may # # always be downloaded from the website at # # # # http://www.nobaloney.net/exim/exim.conf.spamblocked # # # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # # # Whenever you change Exim's configuration file, you *must* remember # # to HUP the Exim daemon, because it will not pick up the new # # configuration until you do. However, any other Exim processes that # # are started, for example, a process started by an MUA in order to # # send a message, will see the new configuration as soon as it is in # # place. # # # # You do not need to HUP the daemon for changes in auxiliary files # # that are referenced from this file. They are read every time they # # are used. # # # # It is usually a good idea to test a new configuration for # # syntactic correctness before installing it (for example, by # # running the command "exim -C /config/file.new -bV"). # # # ### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ### # # # YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as # # documented in the README file. # # # # The README file for this version is named: # # README.SpamBlocker.exim.conf.2.1 # # # ###################################################################### # update information: changed blockists 29-May-2007 version 2.1 # ###################################################################### .include_if_exists /etc/exim.clamav.load.conf # Specify your host's canonical name here. This should normally be the # fully qualified "official" name of your host. If this option is not # set, the uname() function is called to obtain the name. In many cases # this does the right thing and you need not set anything explicitly. # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # the next line is required to start the smtp auth script included # in DirectAdmin keep_environment=PWD perl_startup = do '/etc/exim.pl' # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter = /etc/system_filter.exim # next line to allow incoming email submission port 587 # see also check_recipient second ruleset daemon_smtp_ports = 25 : 587 : 465 tls_on_connect_ports = 465 # SET SOME MEANINGFUL LIMITS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment message_size_limit = 20M smtp_receive_timeout = 5m smtp_accept_max = 100 smtp_accept_max_per_connection = 100 message_body_visible = 3000 print_topbitchars = true deliver_queue_load_max = 5 smtp_connect_backlog = 50 split_spool_directory = yes # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery syslog_duplication = false # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message # define local lists addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains hostlist auth_relay_hosts = * hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. You also need to comment "forbid_domain_literals" below. This is not # recommended for today's Internet. # DO NOT ALLOW HOST LITERALS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to uncomment the line # below and change the allow_domain_literals line below to true # to allow domain literals in your environment # local_domains_include_host_literals # The following line prevents Exim from recognizing addresses of the form # "user@[111.111.111.111]" that is, with a "domain literal" (an IP address) # instead of a named domain. The RFCs still require this form, but it makes # little sense to permit mail to be sent to specific hosts by their IP address # in the modern Internet, and this ancient format has been used by those # seeking to abuse hosts by using them for unwanted relaying. If you really # do want to support domain literals, remove the following line, and see # also the "domain_literal" router below. allow_domain_literals = false # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # DO HOST LOOKUP # OPTIONAL MODIFICATIONS: # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 0s # BOUNCE MESSAGES # OPTIONAL MODIFICATIONS: # When Exim can neither deliver a message nor return it to sender, it # "freezes" the delivery error message (aka "bounce message"). There are also # other circumstances in which messages get frozen. They will stay on the # queue forever unless one or both of the following options is set. # This option unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than five days. timeout_frozen_after = 5d # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key openssl_options = +no_sslv2 +no_sslv3 tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP tls_advertise_hosts = * #auth_over_tls_hosts = * ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # to restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = * # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # sender domains whitelist # accept if sender domain is in whitelist accept sender_domains = +whitelist_domains # sender hosts whitelist # accept if sender host is in whitelist accept hosts = +whitelist_hosts accept hosts = +whitelist_hosts_ip # envelope senders whitelist # accept if envelope sender is in whitelist accept senders = +whitelist_senders # accept mail to postmaster in any local domain, regardless of source # accept local_parts = postmaster # domains = +local_domains # accept mail to abuse in any local domain, regardless of source # accept local_parts = abuse # domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source # accept local_parts = hostmaster # domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" deny message = Email blocked by LBL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # deny using hostname in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts # deny using IP in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts_ip # deny using email address in blacklist_senders deny message = Email blocked by BSAL - to unblock see http://www.example.com/ domains = use_rbl_domains deny senders = +blacklist_senders # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out #require verify = sender # deny using spamhaus deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = zen.spamhaus.org # deny using njabl # deny message = Email blocked by NJABL - to unblock see http://www.example.com/ # hosts = !+relay_hosts # domains = +use_rbl_domains # !authenticated = * # dnslists = dnsbl.njabl.org # deny using cbl # deny message = Email blocked by CBL - to unblock see http://www.example.com/ # hosts = !+relay_hosts # domains = +use_rbl_domains # !authenticated = * # dnslists = cbl.abuseat.org ## deny using sorbs name based list # deny message = Email blocked by SORBS - to unblock see http://www.example.com/ # domains =+use_rbl_domains # # rhsbl list is name based # dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: .include_if_exists /etc/exim.clamav.conf accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # <user@[192.168.35.64]>. The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). .include_if_exists /etc/exim.spamassassin.conf # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # {<{$message_size}{500k}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" group = "mail" file = /etc/virtual/${domain}/filter directory_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} condition = ${perl{save_virtual_user}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery virtual_aliases: driver = redirect allow_defer allow_fail condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}} data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true #if we have an alias, but no passwd entry we have to drop the email because the #first alias is unseen (so that you can forward as well as save it) #The save part is "seen" (virtual_user), but the forward before it isn't. This #will be the spot where we "see" the email so that it doesn't send a bounce if #we have an alias but no pop. drop_solo_alias: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}} file_transport = devnull group = mail #pipe_transport = virtual_address_pipe pipe_transport = devnull retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add directory = /home/$local_part/Maildir/ directory_mode = 770 create_directory = true maildir_format group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 770 envelope_to_add directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir maildir_format group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once re-added May 16, 2008: once = /etc/virtual/${domain}/reply/${local_part}.once once_file_size = 100K once_repeat = 2d userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once re-added May 16, 2008: once = /etc/virtual/${domain}/reply/${local_part}.once once_file_size = 100K once_repeat = 2d devnull: driver = appendfile file = /dev/null # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp dkim_domain = $sender_address_domain dkim_selector = x dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}} dkim_canon = relaxed dkim_strict = 0 # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration w lokalizacji etc/ brak exim.variables.conf.custom abym zablokował IPv6 Edytowano Lipiec 5, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
Gość Kamikadze Zgłoś post Napisano Lipiec 5, 2017 Do google idzie po ipv6 wysyłka, do testów spf pewnie po ipv4 Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 5, 2017 (edytowany) ok tylko aby przyblokować wysyłkę po IPv6 muszę to zrobić w exim.variables.conf (którego u mnie nie ma). W exim.conf podejrzewam, że jak dodam disable_ipv6=true to najzwyczajniej Exim nie wstanie. \ //Edit: dorzuciłem do exim.conf i tak jak pisałem Exim już nie wstał. Dobra edycja powyższego Edita dorzuciłem disable_ipv6=true na samiutką górę i exim ruszył. Edytowano Lipiec 5, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
behemoth 230 Zgłoś post Napisano Lipiec 5, 2017 Dodaj do konfiguracji DA: ipv6=0 A później: cd /usr/local/directadmin/custombuild ./build update ./build eximconf I zobacz, czy śmiga. Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 5, 2017 (edytowany) Dodaj do konfiguracji DA: ipv6=0 A później: cd /usr/local/directadmin/custombuild ./build update ./build eximconf I zobacz, czy śmiga. Dorzuciłem na teraz to do exim,conf, przeładowałem konf i ruszył. Wysłałem testowego maila na serwer gmaila i nie widzę na ten moment błędu. Zostawię to jak teraz i jutro zerknę w log czy dalej się pojawia. Jeżeli będzie to zastosuję Twoją rade, dzięki! Edytowano Lipiec 5, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 7, 2017 (edytowany) Sprawdziłem logi i błędu już nie ma, dzięki! Natomiast natknąłem się jeszcze na coś takiego 2017-07-07 06:40:01 1dTL3h-0002vo-Dk [193.107.88.140] SSL verify error: depth=0 error=self signed certificate cert=/C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost No i wrócił mi ponownie problem z Eximem i ClamAv exim paniclog /var/log/exim/paniclog on serwer.kylos.net.pl has non-zero size, mail system might be broken. The last 10 lines are quoted below. 2017-07-06 08:18:04 1dT06q-0000mv-Dl malware acl condition: clamd [127.0.0.1]:3310 : unable to read from socket (Connection timed out) run-parts: /etc/cron.daily/exim exited with return code 123 OK, problem z SSL'em chyba rozwiązałem - system wysyła informacje na maila directadmin@nazwaserwera.pl zamiast na maila w domenie. Edytowano Lipiec 7, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
behemoth 230 Zgłoś post Napisano Lipiec 7, 2017 Nie masz kilku procesów clama odpalonych? Pokaż: ps xa|grep -i clam Odnośnie run-parts: http://forum.directadmin.com/showthread.php?t=54929 Btw clamava masz w najnowszej wersji? Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 7, 2017 (edytowany) Wersja ClamAv - ClamAV 0.99.2/23541/Fri Jul 7 06:08:28 2017 Wynik ps 10874 pts/0 S+ 0:00 grep -i clam 26772 ? Ssl 0:59 /usr/local/sbin/clamd --foreground=yes 30711 ? Ss 0:15 /usr/local/bin/freshclam -d Dzięki za run part's - zadanie crona usunięte. Edytowano Lipiec 7, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
behemoth 230 Zgłoś post Napisano Lipiec 7, 2017 Sprawdź ten temat: http://forum.directadmin.com/showthread.php?t=24792&page=2 Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 7, 2017 (edytowany) Sprawdź ten temat: http://forum.directadmin.com/showthread.php?t=24792&page=2 ok, działam. Wielkie dzięki za pomoc! Ok, zdjąłem # w linii LocalSocket /tmp/clamd. Sprawdziłem czy porty w clamd.conf i exim.clamav.load.conf się pokrywają (są ok 127.0.0.1 3310), poszedł restart exima i clamav. netstat -ntpl | grep clam - daje tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 19376/clamd Niestety komenda clamd / clamd status ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use ERROR: LOCAL: Socket file /tmp/clamd.socket is in use by another process. Edytowano Lipiec 7, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
behemoth 230 Zgłoś post Napisano Lipiec 7, 2017 Zabij proces (nie zatrzymuj) i uruchom go raz jeszcze. Sprawdź, czy problem nadal występuje. Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 7, 2017 ps xa|grep -i clam 20128 ? Ssl 0:06 /usr/local/sbin/clamd --foreground=yes 20171 ? Ss 0:00 /usr/local/bin/freshclam -d 25707 pts/0 S+ 0:00 grep -i clam root@serwer:~# kill 20128 root@serwer:~# clamd Nie wywalił poprzednich błędów. Udostępnij ten post Link to postu Udostępnij na innych stronach
behemoth 230 Zgłoś post Napisano Lipiec 7, 2017 Czyli problem rozwiązany? Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 7, 2017 Czyli problem rozwiązany? Wygląda, że tak będę jeszcze zerkał w logi czy przypadkiem się nie pojawi to ponownie. Dzięki! Udostępnij ten post Link to postu Udostępnij na innych stronach
Kochan 0 Zgłoś post Napisano Lipiec 10, 2017 (edytowany) Wszystko teraz lata, ale od wczoraj dostaję dziwne powiadomienie (masowo) Time: Mon Jul 10 09:44:54 2017 +0200Type: LOCALRELAY, Local Account - mailCount: 101 emails relayedBlocked: NoSample of the first 10 emails:2017-07-10 09:44:16 1dUTMe-00019E-Fs <= <> R=1dUTLw-0000eg-NS U=mail P=local S=8569 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:16 1dUTMe-00019M-TO <= <> R=1dUTLw-0000eZ-P0 U=mail P=local S=8558 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:16 1dUTMe-00019U-Vp <= <> R=1dUTMR-0000zh-E9 U=mail P=local S=8631 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:17 1dUTMf-00019Z-48 <= <> R=1dUTMT-00011T-JM U=mail P=local S=8603 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:18 1dUTMg-0001A1-4l <= <> R=1dUTMb-00017N-3F U=mail P=local S=8631 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:18 1dUTMg-0001A8-BN <= <> R=1dUTMf-00019b-DL U=mail P=local S=8650 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:18 1dUTMg-0001AR-Pf <= <> R=1dUTMU-000127-AI U=mail P=local S=8722 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:19 1dUTMh-0001Ad-5Q <= <> R=1dUTMf-00019n-SK U=mail P=local S=8782 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:19 1dUTMh-0001B1-S1 <= <> R=1dUTMg-0001A0-Dl U=mail P=local S=8775 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com2017-07-10 09:44:20 1dUTMi-0001Bi-Ic <= <> R=1dUTMX-00014J-6q U=mail P=local S=8562 T="Mail delivery failed: returning message to sender" from <> for anz.info@info.com W konfiguracji nie mam nawet utworzonego anz.info@info.com // ok chyba trafiłem na lokalny adres, który był spamowany przez to Edytowano Lipiec 10, 2017 przez Kochan (zobacz historię edycji) Udostępnij ten post Link to postu Udostępnij na innych stronach
