checks for domain & mbox status, moved spam detectin and filtering up in the routers
This commit is contained in:
parent
8af6784761
commit
95a2affcf3
|
@ -656,18 +656,13 @@ acl_data:
|
||||||
|
|
||||||
# Warn unless there is a verifiable sender address in at least
|
# Warn unless there is a verifiable sender address in at least
|
||||||
# one of the "Sender:", "Reply-To:", or "From:" header lines.
|
# one of the "Sender:", "Reply-To:", or "From:" header lines.
|
||||||
#
|
warn
|
||||||
#
|
|
||||||
accept
|
|
||||||
message = X-Sender-Verify-Failed: No valid sender in message header
|
|
||||||
log_message = No valid sender in message header
|
|
||||||
!verify = header_sender
|
!verify = header_sender
|
||||||
|
log_message = No valid sender in message header
|
||||||
add_header = X-Sender-Verify-Failed: No valid sender in message header
|
add_header = X-Sender-Verify-Failed: No valid sender in message header
|
||||||
add_header = X-Junk-Flag: YES
|
|
||||||
|
|
||||||
# Deny if the message contains a virus. Before enabling this check, you
|
# Deny if the message contains a virus. Before enabling this check, you
|
||||||
# must install a virus scanner and set the av_scanner option above.
|
# must install a virus scanner and set the av_scanner option above.
|
||||||
|
|
||||||
## accept
|
## accept
|
||||||
## condition = ${if ! def:header_X-Junk-Flag: }
|
## condition = ${if ! def:header_X-Junk-Flag: }
|
||||||
## malware = */defer_ok
|
## malware = */defer_ok
|
||||||
|
@ -719,15 +714,45 @@ dnslookup:
|
||||||
|
|
||||||
# The remaining routers handle addresses in the local domain(s).
|
# The remaining routers handle addresses in the local domain(s).
|
||||||
|
|
||||||
|
virtual_alias:
|
||||||
|
driver = redirect
|
||||||
|
domains = +local_domains
|
||||||
|
local_part_suffix = +*
|
||||||
|
local_part_suffix_optional = true
|
||||||
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
|
data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='${local_part}' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status = '1' AND vm_mboxes.status = '1'}}
|
||||||
|
|
||||||
junk_filter:
|
junk_filter:
|
||||||
driver = accept
|
driver = accept
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
local_part_suffix = +*
|
local_part_suffix = +*
|
||||||
local_part_suffix_optional = true
|
local_part_suffix_optional = true
|
||||||
condition = ${if eq {$header_X-Junk-Flag:}{YES}}
|
condition = ${if and { \
|
||||||
|
{ !eq {$received_protocol}{spam-scanned}} \
|
||||||
|
{ eq {$header_X-Junk-Flag:}{YES}} \
|
||||||
|
{ !eq {$header_X-Whitelist-Flag:}{YES}} \
|
||||||
|
} {yes}{no}}
|
||||||
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter > '0'}}
|
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter > '0'}}
|
||||||
transport = junk_delivery
|
transport = junk_delivery
|
||||||
|
|
||||||
|
spamcheck_router:
|
||||||
|
driver = accept
|
||||||
|
domains = +local_domains
|
||||||
|
local_part_suffix = +*
|
||||||
|
local_part_suffix_optional = true
|
||||||
|
condition = ${if and { \
|
||||||
|
{ !eq {$received_protocol}{spam-scanned}} \
|
||||||
|
{ !eq {$sender_address_domain}{$domain}} \
|
||||||
|
{ < {$message_size}{512k}} \
|
||||||
|
{ !eq {$header_X-Junk-Flag:}{YES}} \
|
||||||
|
{ !eq {$header_X-Whitelist-Flag:}{YES}} \
|
||||||
|
{ eq {${lookup mysql{SELECT vm_mboxes.status FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1'}{$value}fail}}{1} } \
|
||||||
|
} {yes} {no}}
|
||||||
|
# check domain & mbox 'status'?
|
||||||
|
# Check for other headers too? Blacklist, SPF, DKIM failers go directly to Spam folder without spam scan??? - actually they should go to spam folder before this router is hit?
|
||||||
|
headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
|
||||||
|
transport = spamcheck
|
||||||
|
|
||||||
spam_filter:
|
spam_filter:
|
||||||
driver = accept
|
driver = accept
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
@ -736,6 +761,7 @@ spam_filter:
|
||||||
condition = ${if and { \
|
condition = ${if and { \
|
||||||
{ eq {$received_protocol}{spam-scanned}} \
|
{ eq {$received_protocol}{spam-scanned}} \
|
||||||
{ eq {$header_X-Spam-Flag:}{YES}} \
|
{ eq {$header_X-Spam-Flag:}{YES}} \
|
||||||
|
{ !eq {$header_X-Whitelist-Flag:}{YES}} \
|
||||||
} {yes}{no}}
|
} {yes}{no}}
|
||||||
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter = '2'}}
|
condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter = '2'}}
|
||||||
transport = junk_delivery
|
transport = junk_delivery
|
||||||
|
@ -745,7 +771,6 @@ virtual_vacation:
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
# do not reply to errors or lists or spam-scanned messages, require vacation message in db
|
# do not reply to errors or lists or spam-scanned messages, require vacation message in db
|
||||||
condition = ${if and { \
|
condition = ${if and { \
|
||||||
{ !eq {$received_protocol}{spam-scanned}} \
|
|
||||||
{!match {$h_precedence:} {(?i)junk|bulk|list}} \
|
{!match {$h_precedence:} {(?i)junk|bulk|list}} \
|
||||||
{!eq {$sender_address} {}} \
|
{!eq {$sender_address} {}} \
|
||||||
{ eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Vacation}} \
|
{ eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Vacation}} \
|
||||||
|
@ -771,7 +796,6 @@ virtual_autoresponder:
|
||||||
#local_part_suffix_optional = true
|
#local_part_suffix_optional = true
|
||||||
# do not reply to errors or lists or spam-scanned messages, require autoresponder message in db
|
# do not reply to errors or lists or spam-scanned messages, require autoresponder message in db
|
||||||
condition = ${if and { \
|
condition = ${if and { \
|
||||||
{ !eq {$received_protocol}{spam-scanned}} \
|
|
||||||
{!match {$h_precedence:} {(?i)junk|bulk|list}} \
|
{!match {$h_precedence:} {(?i)junk|bulk|list}} \
|
||||||
{!eq {$sender_address} {}} \
|
{!eq {$sender_address} {}} \
|
||||||
{ eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Autoresponder} } \
|
{ eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Autoresponder} } \
|
||||||
|
@ -794,36 +818,9 @@ virtual_forward:
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
local_part_suffix = +*
|
local_part_suffix = +*
|
||||||
local_part_suffix_optional = true
|
local_part_suffix_optional = true
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
|
||||||
data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' }}
|
data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' }}
|
||||||
unseen = ${lookup mysql{SELECT vm_forwards.id FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_forwards.save_local='1'}{true}{false}}
|
unseen = ${lookup mysql{SELECT vm_forwards.id FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_forwards.save_local='1'}{true}{false}}
|
||||||
|
|
||||||
virtual_alias:
|
|
||||||
driver = redirect
|
|
||||||
domains = +local_domains
|
|
||||||
local_part_suffix = +*
|
|
||||||
local_part_suffix_optional = true
|
|
||||||
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
|
||||||
data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='${local_part}' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status = '1' AND vm_mboxes.status = '1'}}
|
|
||||||
|
|
||||||
spamcheck_router:
|
|
||||||
driver = accept
|
|
||||||
domains = +local_domains
|
|
||||||
local_part_suffix = +*
|
|
||||||
local_part_suffix_optional = true
|
|
||||||
condition = ${if and { \
|
|
||||||
{ !eq {$received_protocol}{spam-scanned}} \
|
|
||||||
{ !eq {$sender_address_domain}{$domain}} \
|
|
||||||
{ < {$message_size}{512k}} \
|
|
||||||
{ !eq {$header_X-Junk-Flag:}{YES}} \
|
|
||||||
{ !eq {$header_X-Whitelist-Flag:}{YES}} \
|
|
||||||
{ eq {${lookup mysql{SELECT vm_mboxes.status FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1'}{$value}fail}}{1} } \
|
|
||||||
} {yes} {no}}
|
|
||||||
# check domain & mbox 'status'?
|
|
||||||
# Check for other headers too? Blacklist, SPF, DKIM failers go directly to Spam folder without spam scan??? - actually they should go to spam folder before this router is hit?
|
|
||||||
headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
|
|
||||||
transport = spamcheck
|
|
||||||
|
|
||||||
user_filter:
|
user_filter:
|
||||||
driver = redirect
|
driver = redirect
|
||||||
domains = +local_domains
|
domains = +local_domains
|
||||||
|
@ -851,6 +848,13 @@ lmtp_localuser:
|
||||||
transport = dovecot_lmtp
|
transport = dovecot_lmtp
|
||||||
cannot_route_message = Unknown user
|
cannot_route_message = Unknown user
|
||||||
|
|
||||||
|
# Support for catchall aliases. It is *not* recommended to use this.
|
||||||
|
virtual_alias_catchall:
|
||||||
|
driver = redirect
|
||||||
|
domains = +local_domains
|
||||||
|
condition = ${if !eq {$received_protocol}{spam-scanned}}
|
||||||
|
data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='catchall' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status='1' AND vm_mboxes.status='1'}}
|
||||||
|
|
||||||
# This router handles aliasing using a linearly searched alias file with the
|
# This router handles aliasing using a linearly searched alias file with the
|
||||||
# name SYSTEM_ALIASES_FILE. When this configuration is installed automatically,
|
# name SYSTEM_ALIASES_FILE. When this configuration is installed automatically,
|
||||||
# the name gets inserted into this file from whatever is set in Exim's
|
# the name gets inserted into this file from whatever is set in Exim's
|
||||||
|
@ -878,8 +882,8 @@ system_aliases:
|
||||||
allow_defer
|
allow_defer
|
||||||
data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
data = ${lookup{$local_part}lsearch{/etc/aliases}}
|
||||||
# user = exim
|
# user = exim
|
||||||
file_transport = address_file
|
# file_transport = address_file
|
||||||
pipe_transport = address_pipe
|
# pipe_transport = address_pipe
|
||||||
|
|
||||||
|
|
||||||
# This router handles forwarding using traditional .forward files in users'
|
# This router handles forwarding using traditional .forward files in users'
|
||||||
|
@ -1120,16 +1124,16 @@ begin rewrite
|
||||||
|
|
||||||
begin authenticators
|
begin authenticators
|
||||||
|
|
||||||
dovecot_login:
|
|
||||||
driver = dovecot
|
|
||||||
public_name = LOGIN
|
|
||||||
server_socket = /run/dovecot/auth-client
|
|
||||||
server_set_id = $auth1
|
|
||||||
|
|
||||||
dovecot_plain:
|
dovecot_plain:
|
||||||
driver = dovecot
|
driver = dovecot
|
||||||
public_name = PLAIN
|
public_name = PLAIN
|
||||||
server_socket = /run/dovecot/auth-client
|
server_socket = /run/dovecot/auth-client
|
||||||
server_set_id = $auth1
|
server_set_id = $auth1
|
||||||
|
|
||||||
|
dovecot_login:
|
||||||
|
driver = dovecot
|
||||||
|
public_name = LOGIN
|
||||||
|
server_socket = /run/dovecot/auth-client
|
||||||
|
server_set_id = $auth1
|
||||||
|
|
||||||
# End of Exim configuration file
|
# End of Exim configuration file
|
||||||
|
|
Loading…
Reference in New Issue
Block a user