remove ifdef GREYLIST_ENABLED, misc fixes and updates
This commit is contained in:
parent
38fe0ebe2d
commit
0703ab4cc4
|
@ -108,7 +108,6 @@ GREYLIST_BOUNCE_LIFETIME = 0 HOUR
|
||||||
GREYLIST_TABLE=vm_greylisting
|
GREYLIST_TABLE=vm_greylisting
|
||||||
GREYLIST_RESENDERS_TABLE=vm_greylisting_resenders
|
GREYLIST_RESENDERS_TABLE=vm_greylisting_resenders
|
||||||
|
|
||||||
.ifdef GREYLIST_ENABLED
|
|
||||||
# database macros
|
# database macros
|
||||||
GREYLIST_TEST = SELECT CASE \
|
GREYLIST_TEST = SELECT CASE \
|
||||||
WHEN now() > block_expires THEN "accepted" \
|
WHEN now() > block_expires THEN "accepted" \
|
||||||
|
@ -167,7 +166,7 @@ GREYLIST_OK_BOUNCE = UPDATE GREYLIST_TABLE \
|
||||||
WHERE id = $acl_m9 AND type='AUTO'
|
WHERE id = $acl_m9 AND type='AUTO'
|
||||||
|
|
||||||
GREYLIST_RESENDERS_UPDATE = REPLACE INTO GREYLIST_RESENDERS_TABLE SET hostname = '${quote_mysql:$acl_m_sender}'
|
GREYLIST_RESENDERS_UPDATE = REPLACE INTO GREYLIST_RESENDERS_TABLE SET hostname = '${quote_mysql:$acl_m_sender}'
|
||||||
.endif
|
|
||||||
# No deliveries will ever be run under the uids of these users (a colon-
|
# No deliveries will ever be run under the uids of these users (a colon-
|
||||||
# separated list). An attempt to do so causes a panic error to be logged, and
|
# separated list). An attempt to do so causes a panic error to be logged, and
|
||||||
# the delivery to be deferred. This is a paranoic safety catch. Note that the
|
# the delivery to be deferred. This is a paranoic safety catch. Note that the
|
||||||
|
@ -235,7 +234,7 @@ begin acl
|
||||||
# since we use it inside a defer with acl = greylist_acl,
|
# since we use it inside a defer with acl = greylist_acl,
|
||||||
# accepting here makes the condition TRUE thus deferring,
|
# accepting here makes the condition TRUE thus deferring,
|
||||||
# denying here makes the condition FALSE thus not deferring
|
# denying here makes the condition FALSE thus not deferring
|
||||||
.ifdef GREYLIST_ENABLED
|
#
|
||||||
greylist_acl:
|
greylist_acl:
|
||||||
# For regular deliveries, check greylist.
|
# For regular deliveries, check greylist.
|
||||||
|
|
||||||
|
@ -278,21 +277,20 @@ greylist_acl:
|
||||||
deny
|
deny
|
||||||
add_header = X-DNS-Greylist: mail from $sender_address to $local_part@$domain accepted by greylisting
|
add_header = X-DNS-Greylist: mail from $sender_address to $local_part@$domain accepted by greylisting
|
||||||
condition = ${lookup mysql{GREYLIST_RESENDERS_UPDATE}}
|
condition = ${lookup mysql{GREYLIST_RESENDERS_UPDATE}}
|
||||||
.endif
|
|
||||||
# This access control list is used at the start of an incoming
|
# This access control list is used at the start of an incoming
|
||||||
# connection. The tests are run in order until the connection
|
# connection. The tests are run in order until the connection
|
||||||
# is either accepted or denied.
|
# is either accepted or denied.
|
||||||
|
#
|
||||||
acl_connect:
|
acl_connect:
|
||||||
|
|
||||||
# In this pass, we do not perform any checks here.
|
# In this pass, we do not perform any checks here.
|
||||||
accept
|
accept
|
||||||
|
|
||||||
|
|
||||||
# This access control list is used for the HELO or EHLO command in
|
# This access control list is used for the HELO or EHLO command in
|
||||||
# an incoming SMTP transaction. The tests are run in order until the
|
# an incoming SMTP transaction. The tests are run in order until the
|
||||||
# greeting is either accepted or denied.
|
# greeting is either accepted or denied.
|
||||||
|
#
|
||||||
acl_helo:
|
acl_helo:
|
||||||
|
|
||||||
# Early rejection of brute-force bots under the name 'ylmf-pc'
|
# Early rejection of brute-force bots under the name 'ylmf-pc'
|
||||||
|
@ -306,7 +304,6 @@ acl_helo:
|
||||||
# incoming SMTP transaction. The tests are run in order until the
|
# incoming SMTP transaction. The tests are run in order until the
|
||||||
# sender address is either accepted or denied.
|
# sender address is either accepted or denied.
|
||||||
#
|
#
|
||||||
|
|
||||||
acl_mail_from:
|
acl_mail_from:
|
||||||
|
|
||||||
# Accept the command.
|
# Accept the command.
|
||||||
|
@ -315,7 +312,7 @@ acl_mail_from:
|
||||||
# This access control list is used for every RCPT command in an
|
# This access control list is used for every RCPT command in an
|
||||||
# incoming SMTP message. The tests are run in order until the
|
# incoming SMTP message. The tests are run in order until the
|
||||||
# recipient address is either accepted or denied.
|
# recipient address is either accepted or denied.
|
||||||
|
#
|
||||||
acl_check_dkim:
|
acl_check_dkim:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -327,14 +324,14 @@ acl_check_dkim:
|
||||||
dkim_status = fail
|
dkim_status = fail
|
||||||
logwrite = DKIM test failed: $dkim_verify_reason
|
logwrite = DKIM test failed: $dkim_verify_reason
|
||||||
add_header = X-DKIM-Status: fail: $dkim_verify_reason
|
add_header = X-DKIM-Status: fail: $dkim_verify_reason
|
||||||
add_header = X-Junk-Flag: YES
|
set acl_m_junk = yes
|
||||||
|
|
||||||
# DKIM invalid
|
# DKIM invalid
|
||||||
accept
|
accept
|
||||||
dkim_status = invalid
|
dkim_status = invalid
|
||||||
logwrite = DKIM test invalid: $dkim_verify_reason
|
logwrite = DKIM test invalid: $dkim_verify_reason
|
||||||
add_header = X-DKIM-Status: invalid: $dkim_verify_reason
|
add_header = X-DKIM-Status: invalid: $dkim_verify_reason
|
||||||
add_header = X-Junk-Flag: YES
|
set acl_m_junk = yes
|
||||||
|
|
||||||
# DKIM none
|
# DKIM none
|
||||||
accept
|
accept
|
||||||
|
@ -364,11 +361,6 @@ acl_rcpt_to:
|
||||||
accept
|
accept
|
||||||
hosts = : +relay_from_hosts
|
hosts = : +relay_from_hosts
|
||||||
|
|
||||||
# Accept if the message arrived over an authenticated connection,
|
|
||||||
# from any host. Again, these messages are usually from MUAs, so
|
|
||||||
# recipient verification is omitted.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Get rate limit for user and log current rate.
|
# Get rate limit for user and log current rate.
|
||||||
# Hourly rate limit is extracted from db, multiplied by 10 to get daily rate limit.
|
# Hourly rate limit is extracted from db, multiplied by 10 to get daily rate limit.
|
||||||
# The idea being that the hourly rate limit should be a maximum, peak rate, not a sustained rate.
|
# The idea being that the hourly rate limit should be a maximum, peak rate, not a sustained rate.
|
||||||
|
@ -401,20 +393,17 @@ acl_rcpt_to:
|
||||||
accept
|
accept
|
||||||
authenticated = *
|
authenticated = *
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
# Hello checks
|
# Hello checks
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# If the remote host greets with an IP address, then reject the mail.
|
# If the remote host greets with an IP address, then reject the mail.
|
||||||
#
|
|
||||||
deny
|
deny
|
||||||
message = Message was delivered by ratware
|
message = Message was delivered by ratware
|
||||||
log_message = remote host used IP address in HELO/EHLO greeting
|
log_message = remote host used IP address in HELO/EHLO greeting
|
||||||
condition = ${if isip {$sender_helo_name}{true}{false}}
|
condition = ${if isip {$sender_helo_name}{true}{false}}
|
||||||
|
|
||||||
# Likewise if the peer greets with one of our own names
|
# Likewise if the peer greets with one of our own names
|
||||||
#
|
|
||||||
deny
|
deny
|
||||||
message = Message was delivered by ratware
|
message = Message was delivered by ratware
|
||||||
log_message = remote host used our name in HELO/EHLO greeting.
|
log_message = remote host used our name in HELO/EHLO greeting.
|
||||||
|
@ -427,10 +416,7 @@ acl_rcpt_to:
|
||||||
log_message = remote host did not present HELO/EHLO greeting.
|
log_message = remote host did not present HELO/EHLO greeting.
|
||||||
condition = ${if def:sender_helo_name {false}{true}}
|
condition = ${if def:sender_helo_name {false}{true}}
|
||||||
|
|
||||||
|
# If HELO verification fails, we add a X-HELO-Warning: header in the message.
|
||||||
# If HELO verification fails, we add a X-HELO-Warning: header in
|
|
||||||
# the message.
|
|
||||||
#
|
|
||||||
warn
|
warn
|
||||||
!verify = helo
|
!verify = helo
|
||||||
message = X-HELO-Warning: Remote host $sender_host_address \
|
message = X-HELO-Warning: Remote host $sender_host_address \
|
||||||
|
@ -515,7 +501,6 @@ acl_rcpt_to:
|
||||||
senders = : postmaster@*
|
senders = : postmaster@*
|
||||||
condition = $recipients_count
|
condition = $recipients_count
|
||||||
|
|
||||||
|
|
||||||
# Reject the recipient address if it is not in a domain for
|
# Reject the recipient address if it is not in a domain for
|
||||||
# which we are handling mail.
|
# which we are handling mail.
|
||||||
#
|
#
|
||||||
|
@ -523,7 +508,6 @@ acl_rcpt_to:
|
||||||
message = relay not permitted
|
message = relay not permitted
|
||||||
!domains = +local_domains : +relay_to_domains
|
!domains = +local_domains : +relay_to_domains
|
||||||
|
|
||||||
|
|
||||||
# Reject the recipient if it is not a valid mailbox.
|
# Reject the recipient if it is not a valid mailbox.
|
||||||
# If the mailbox is not on our system (e.g. if we are a
|
# If the mailbox is not on our system (e.g. if we are a
|
||||||
# backup MX for the recipient domain), then perform a
|
# backup MX for the recipient domain), then perform a
|
||||||
|
@ -541,11 +525,7 @@ acl_rcpt_to:
|
||||||
condition = WHITELISTED
|
condition = WHITELISTED
|
||||||
logwrite = From: $sender_address To: $local_part@$domain is whitelisted in sa_userpref
|
logwrite = From: $sender_address To: $local_part@$domain is whitelisted in sa_userpref
|
||||||
add_header = X-Whitelist-Flag: YES
|
add_header = X-Whitelist-Flag: YES
|
||||||
|
set acl_m_whitelist = yes
|
||||||
# skip any further checks if the address is already marked Junk (by DKIM)
|
|
||||||
accept
|
|
||||||
condition = ${if eq {$header_X-Junk-Flag:}{YES}}
|
|
||||||
logwrite = Skipping SPF/DNSBL/Greylist checks as message already failed DKIM
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
# DNS checks
|
# DNS checks
|
||||||
|
@ -570,33 +550,34 @@ acl_rcpt_to:
|
||||||
|
|
||||||
# add SPF header
|
# add SPF header
|
||||||
accept
|
accept
|
||||||
|
!senders = :
|
||||||
condition = ${run{/usr/bin/spfquery --scope mfrom \
|
condition = ${run{/usr/bin/spfquery --scope mfrom \
|
||||||
--identity ${quote:$sender_address} \
|
--identity ${quote:$sender_address} \
|
||||||
--ip-address ${quote:$sender_host_address}} \
|
--ip-address ${quote:$sender_host_address}} \
|
||||||
{no}{${if eq {$runrc}{1}{yes}{no}}}}
|
{no}{${if eq {$runrc}{1}{yes}{no}}}}
|
||||||
add_header = Received-SPF: fail
|
add_header = Received-SPF: fail
|
||||||
add_header = X-Junk-Flag: YES
|
set acl_m_junk = yes
|
||||||
## log_message = SPF check failed.
|
#log_message = SPF check failed.
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{0}{yes}{no}}
|
condition = ${if eq {$runrc}{0}{yes}{no}}
|
||||||
add_header = Received-SPF: pass
|
add_header = Received-SPF: pass
|
||||||
## log_message = SPF check: pass
|
#log_message = SPF check: pass
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{2}{yes}{no}}
|
condition = ${if eq {$runrc}{2}{yes}{no}}
|
||||||
add_header = Received-SPF: softfail
|
add_header = Received-SPF: softfail
|
||||||
## log_message = SPF check: softfail
|
#log_message = SPF check: softfail
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{3}{yes}{no}}
|
condition = ${if eq {$runrc}{3}{yes}{no}}
|
||||||
add_header = Received-SPF: neutral
|
add_header = Received-SPF: neutral
|
||||||
## log_message = SPF check: neutral
|
#log_message = SPF check: neutral
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{4}{yes}{no}}
|
condition = ${if eq {$runrc}{4}{yes}{no}}
|
||||||
add_header = Received-SPF: permerror
|
add_header = Received-SPF: permerror
|
||||||
## log_message = SPF check: permerror
|
#log_message = SPF check: permerror
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{5}{yes}{no}}
|
condition = ${if eq {$runrc}{5}{yes}{no}}
|
||||||
|
@ -606,7 +587,7 @@ acl_rcpt_to:
|
||||||
warn
|
warn
|
||||||
condition = ${if eq {$runrc}{6}{yes}{no}}
|
condition = ${if eq {$runrc}{6}{yes}{no}}
|
||||||
add_header = Received-SPF: none
|
add_header = Received-SPF: none
|
||||||
## log_message = SPF check: none
|
#log_message = SPF check: none
|
||||||
|
|
||||||
warn
|
warn
|
||||||
condition = ${if >{$runrc}{6}{yes}{no}}
|
condition = ${if >{$runrc}{6}{yes}{no}}
|
||||||
|
@ -618,35 +599,37 @@ acl_rcpt_to:
|
||||||
dnslists = zen.spamhaus.org
|
dnslists = zen.spamhaus.org
|
||||||
logwrite = Warning: $sender_host_address is listed in DNSBL $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
|
logwrite = Warning: $sender_host_address is listed in DNSBL $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
|
||||||
add_header = X-DNS-Blacklist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
|
add_header = X-DNS-Blacklist: $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
|
||||||
add_header = X-Junk-Flag: YES
|
set acl_m_junk = yes
|
||||||
|
|
||||||
# will never get here if X-Whitelist-Flag or X-Junk-Flag (gets set with X-DNS-Blacklist) or X-DNS-Whitelist headers are set above
|
# greylisting
|
||||||
.ifdef GREYLIST_ENABLED
|
# if $sender_host_name is set use that. run command strips of leftmost subdomain if this is a third or higher level domain
|
||||||
# if $sender_host_name is set use that.
|
|
||||||
# run command strips of leftmost subdomain if this is a third or higher level domain
|
|
||||||
warn
|
warn
|
||||||
condition = ${if def:sender_host_name}
|
condition = ${if def:sender_host_name}
|
||||||
set acl_m_sender = ${run{/bin/bash /etc/exim4/return-resender.sh $sender_host_name}{$value}{$sender_host_name}}
|
set acl_m_sender = ${run{/bin/bash /etc/exim4/return-resender.sh $sender_host_name}{$value}{$sender_host_name}}
|
||||||
# if $sender_host_name is not set use $sender_helo_name
|
|
||||||
# if sender_helo_name not set email was already rejected (deny) earlier in this acl
|
# if $sender_host_name is not set use $sender_helo_name. if sender_helo_name not set email was already rejected (deny) earlier in this acl
|
||||||
warn
|
warn
|
||||||
condition = ${if !def:sender_host_name}
|
condition = ${if !def:sender_host_name}
|
||||||
set acl_m_sender = $sender_helo_name
|
set acl_m_sender = $sender_helo_name
|
||||||
|
|
||||||
|
# bypass greylisting if sender listed in skip_greylisting_hosts
|
||||||
|
accept
|
||||||
|
hosts = +skip_greylisting_hosts
|
||||||
|
log_message = skipping greylisting due to match in skip_greylisting_hosts
|
||||||
|
|
||||||
# bypass greylisting if the sending host is a known resender
|
# bypass greylisting if the sending host is a known resender
|
||||||
accept
|
accept
|
||||||
condition = ${lookup mysql{SELECT id FROM GREYLIST_RESENDERS_TABLE WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{no}}
|
condition = ${lookup mysql{SELECT id FROM GREYLIST_RESENDERS_TABLE WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{no}}
|
||||||
condition = ${lookup mysql{UPDATE GREYLIST_RESENDERS_TABLE SET count=count+1, timestamp = NOW() WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{yes}}
|
condition = ${lookup mysql{UPDATE GREYLIST_RESENDERS_TABLE SET count=count+1, timestamp = NOW() WHERE hostname = '${quote_mysql:$acl_m_sender}'}{yes}{yes}}
|
||||||
add_header = X-DNS-Greylist: known resender
|
add_header = X-DNS-Greylist: known resender
|
||||||
logwrite = skipping greylisting for $acl_m_sender due to match in GREYLIST_RESENDERS_TABLE
|
logwrite = skipping greylisting for $acl_m_sender due to match in GREYLIST_RESENDERS_TABLE
|
||||||
accept
|
|
||||||
hosts = +skip_greylisting_hosts
|
# run greylisting acl
|
||||||
log_message = skipping greylisting due to match in skip_greylisting_hosts
|
|
||||||
defer
|
defer
|
||||||
!senders = : postmaster@*
|
!senders = : postmaster@*
|
||||||
!hosts = +skip_greylisting_hosts
|
!hosts = +skip_greylisting_hosts
|
||||||
acl = greylist_acl
|
acl = greylist_acl
|
||||||
message = greylisted - try again later
|
message = greylisted - try again later
|
||||||
.endif
|
|
||||||
|
|
||||||
# Otherwise, the recipient address is OK.
|
# Otherwise, the recipient address is OK.
|
||||||
#
|
#
|
||||||
|
@ -655,7 +638,7 @@ acl_rcpt_to:
|
||||||
# This access control list is used for message data received via
|
# This access control list is used for message data received via
|
||||||
# SMTP. The tests are run in order until the recipient address
|
# SMTP. The tests are run in order until the recipient address
|
||||||
# is either accepted or denied.
|
# is either accepted or denied.
|
||||||
|
#
|
||||||
acl_data:
|
acl_data:
|
||||||
|
|
||||||
# Add Message-ID if missing in messages received from our own hosts.
|
# Add Message-ID if missing in messages received from our own hosts.
|
||||||
|
@ -665,9 +648,10 @@ acl_data:
|
||||||
message = Message-ID: <E$message_id@$primary_hostname>
|
message = Message-ID: <E$message_id@$primary_hostname>
|
||||||
|
|
||||||
# add domain keys status header
|
# add domain keys status header
|
||||||
# warn
|
#
|
||||||
# message = DomainKey-Status: $dk_status
|
#warn
|
||||||
# !condition = ${if eq{$dk_status}{}{1}{0}}
|
# message = DomainKey-Status: $dk_status
|
||||||
|
# !condition = ${if eq{$dk_status}{}{1}{0}}
|
||||||
|
|
||||||
# Accept mail received over local SMTP (i.e. not over TCP/IP).
|
# Accept mail received over local SMTP (i.e. not over TCP/IP).
|
||||||
# We do this by testing for an empty sending host field.
|
# We do this by testing for an empty sending host field.
|
||||||
|
@ -689,17 +673,11 @@ acl_data:
|
||||||
# MESSAGE_SIZE_LIMIT
|
# MESSAGE_SIZE_LIMIT
|
||||||
# condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{true}{false}}
|
# condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{true}{false}}
|
||||||
|
|
||||||
# skip any further checks if the address is already marked Junk
|
# Check if the address list header is syntactically correct.
|
||||||
accept
|
|
||||||
condition = ${if eq {$header_X-Junk-Flag:}{YES}}
|
|
||||||
logwrite = Skipping header_syntax and header_sender checks as message already marked Junk
|
|
||||||
|
|
||||||
# Deny unless the address list header is syntactically correct.
|
|
||||||
# Note that some specialized MTAs, such as certain mailing list
|
# Note that some specialized MTAs, such as certain mailing list
|
||||||
# servers, do not automatically generate a Message-ID for bounces.
|
# servers, do not automatically generate a Message-ID for bounces.
|
||||||
# Thus, we add the check for a non-empty sender.
|
# Thus, we add the check for a non-empty sender.
|
||||||
# (email feedback reports from aol fail this check)
|
# (email feedback reports from aol fail this check)
|
||||||
#deny
|
|
||||||
accept
|
accept
|
||||||
message = X-RFC2822-Error: Your message does not conform to RFC2822 standard
|
message = X-RFC2822-Error: Your message does not conform to RFC2822 standard
|
||||||
log_message = message header failed RFC2822 syntax check
|
log_message = message header failed RFC2822 syntax check
|
||||||
|
@ -707,7 +685,7 @@ acl_data:
|
||||||
!senders = : postmaster@*
|
!senders = : postmaster@*
|
||||||
!verify = header_syntax
|
!verify = header_syntax
|
||||||
add_header = X-RFC2822-Error: Your message does not conform to RFC2822 standard
|
add_header = X-RFC2822-Error: Your message does not conform to RFC2822 standard
|
||||||
add_header = X-Junk-Flag: YES
|
set acl_m_junk = yes
|
||||||
|
|
||||||
# Warn unless there is a verifiable sender address in at least
|
# Warn unless there is a verifiable sender address in at least
|
||||||
# one of the "Sender:", "Reply-To:", or "From:" header lines.
|
# one of the "Sender:", "Reply-To:", or "From:" header lines.
|
||||||
|
@ -718,12 +696,12 @@ acl_data:
|
||||||
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
# Deny if the message contains a virus. Before enabling this check, you
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
# must install a virus scanner and set the av_scanner option above.
|
||||||
## accept
|
#
|
||||||
## condition = ${if ! def:header_X-Junk-Flag: }
|
#accept
|
||||||
## malware = */defer_ok
|
# malware = */defer_ok
|
||||||
## log_message = This message contains a virus ($malware_name).
|
# log_message = This message contains a virus ($malware_name).
|
||||||
## add_header = X-Virus-Warning: This message contains a virus ($malware_name).
|
# add_header = X-Virus-Warning: This message contains a virus ($malware_name).
|
||||||
## add_header = X-Junk-Flag: YES
|
# set acl_m_junk = yes
|
||||||
|
|
||||||
# Accept the message.
|
# Accept the message.
|
||||||
#
|
#
|
||||||
|
@ -805,29 +783,30 @@ virtual_alias:
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
local_part_suffix = +*
|
local_part_suffix = +*
|
||||||
local_part_suffix_optional = true
|
local_part_suffix_optional = true
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
## condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='${local_part}' AND vm_aliases.domain='${domain}'}}
|
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='${local_part}' AND vm_aliases.domain='${domain}'}}
|
||||||
|
|
||||||
junk_filter:
|
junk_filter:
|
||||||
driver = accept
|
driver = accept
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
condition = ${if eq{$acl_m_junk}{yes}}
|
||||||
|
condition = ${if !eq{$acl_m_whitelist}{yes}}
|
||||||
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
local_part_suffix = +*
|
local_part_suffix = +*
|
||||||
local_part_suffix_optional = true
|
local_part_suffix_optional = true
|
||||||
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter > '0'}}
|
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter > '0'}}
|
||||||
condition = ${if eq {$header_X-Junk-Flag:}{YES}}
|
headers_add = X-Junk-Flag: YES
|
||||||
condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}}
|
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
|
||||||
transport = junk_delivery
|
transport = junk_delivery
|
||||||
|
|
||||||
spam_filter:
|
spam_filter:
|
||||||
driver = accept
|
driver = accept
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
condition = ${if eq {$received_protocol}{spam-scanned}}
|
||||||
|
condition = ${if eq {$header_X-Spam-Flag:}{YES}}
|
||||||
|
## condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}}
|
||||||
local_part_suffix = +*
|
local_part_suffix = +*
|
||||||
local_part_suffix_optional = true
|
local_part_suffix_optional = true
|
||||||
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
|
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
|
||||||
condition = ${if eq {$received_protocol}{spam-scanned}}
|
|
||||||
condition = ${if eq {$header_X-Spam-Flag:}{YES}}
|
|
||||||
condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}}
|
|
||||||
transport = junk_delivery
|
transport = junk_delivery
|
||||||
|
|
||||||
virtual_vacation:
|
virtual_vacation:
|
||||||
|
@ -840,6 +819,7 @@ virtual_vacation:
|
||||||
# add options for start & end date fields to above query
|
# add options for start & end date fields to above query
|
||||||
# do not reply to errors or lists or spam-scanned messages, require vacation message in db
|
# do not reply to errors or lists or spam-scanned messages, require vacation message in db
|
||||||
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
|
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
|
||||||
|
condition = ${if !eq{$acl_m_junk}{yes}}
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
condition = ${if !eq {$sender_address} {}}
|
condition = ${if !eq {$sender_address} {}}
|
||||||
no_expn
|
no_expn
|
||||||
|
@ -864,6 +844,7 @@ virtual_autoresponder:
|
||||||
# add options for start & end date fields to above query
|
# add options for start & end date fields to above query
|
||||||
# do not reply to errors or lists or spam-scanned messages, require autoresponder message in db
|
# do not reply to errors or lists or spam-scanned messages, require autoresponder message in db
|
||||||
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
|
condition = ${if !match {$h_precedence:} {(?i)junk|bulk|list}}
|
||||||
|
condition = ${if !eq{$acl_m_junk}{yes}}
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
condition = ${if !eq {$sender_address} {}}
|
condition = ${if !eq {$sender_address} {}}
|
||||||
no_expn
|
no_expn
|
||||||
|
@ -899,13 +880,13 @@ spamcheck_router:
|
||||||
# uncomment next line to bypass spamcheck when testing address routing with "exim -bt user@example.com"
|
# uncomment next line to bypass spamcheck when testing address routing with "exim -bt user@example.com"
|
||||||
#address_test = false
|
#address_test = false
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
local_part_suffix = +*
|
|
||||||
local_part_suffix_optional = true
|
|
||||||
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0'}}
|
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
condition = ${if !eq {$sender_address_domain}{$domain}}
|
condition = ${if !eq {$sender_address_domain}{$domain}}
|
||||||
condition = ${if !eq {$header_X-Whitelist-Flag:}{YES}}
|
condition = ${if !eq{$acl_m_whitelist}{yes}}
|
||||||
condition = ${if < {$message_size}{512k}}
|
condition = ${if < {$message_size}{512k}}
|
||||||
|
local_part_suffix = +*
|
||||||
|
local_part_suffix_optional = true
|
||||||
|
local_parts = ${lookup mysql{SELECT vm_mboxes.mbox FROM vm_mboxes WHERE vm_mboxes.mbox='${local_part}' AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
|
||||||
headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
|
headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
|
||||||
transport = spamcheck
|
transport = spamcheck
|
||||||
|
|
||||||
|
@ -939,7 +920,7 @@ lmtp_localuser:
|
||||||
virtual_alias_catchall:
|
virtual_alias_catchall:
|
||||||
driver = redirect
|
driver = redirect
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
## condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='catchall' AND vm_aliases.domain='${domain}'}}
|
data = ${lookup mysql{SELECT CONCAT(vm_aliases.mbox,'@','${domain}') FROM vm_mboxes, vm_aliases WHERE vm_mboxes.mbox=vm_aliases.mbox AND vm_mboxes.domain='${domain}' AND vm_mboxes.status > '0' AND vm_aliases.alias='catchall' AND vm_aliases.domain='${domain}'}}
|
||||||
|
|
||||||
# This router handles aliasing using a linearly searched alias file with the
|
# This router handles aliasing using a linearly searched alias file with the
|
||||||
|
|
|
@ -2,14 +2,6 @@ qualify_domain = example.com
|
||||||
|
|
||||||
hide mysql_servers = localhost/vmail/vmail/password
|
hide mysql_servers = localhost/vmail/vmail/password
|
||||||
|
|
||||||
# comment out to disable Greylisting
|
|
||||||
GREYLIST_ENABLED=
|
|
||||||
|
|
||||||
# only use 1 of the following at a time:
|
|
||||||
# disable for now as clamav is not currently enabled
|
|
||||||
#VIRUS_WARN=
|
|
||||||
#VIRUS_DENY=
|
|
||||||
|
|
||||||
# Uncomment and change values to override defaults already in main config
|
# Uncomment and change values to override defaults already in main config
|
||||||
#smtp_accept_max = 50
|
#smtp_accept_max = 50
|
||||||
#smtp_accept_max_per_host = 10
|
#smtp_accept_max_per_host = 10
|
||||||
|
|
Loading…
Reference in New Issue
Block a user