improved ISPConfig mail

tbrehm

2005-12-17 c9d1c43703241901002705a2125c4c59e181f6d7

 config/exim4/exim4.conf.template

@@ -15,6 +15,7 @@
# Server ID for Multiserver Setups
MAILSERVER_ID=1
MAILSERVER_HOSTNAME=mail.
MAILSERVER_IP=192.168.0.108
MAILSERVER_EXIM_BINARY=/usr/sbin/exim4
MAILSERVER_SPAMC_BINARY=/usr/bin/spamc

@@ -47,7 +48,7 @@
hostlist   relay_from_hosts = 127.0.0.1
domainlist mmdomains = ${lookup mysql {SELECT domain FROM mail_mailman_domain}}

acl_smtp_rcpt = acl_check_rcpt
# acl_smtp_rcpt = acl_check_rcpt

qualify_domain = 
# qualify_recipient =
@@ -92,7 +93,17 @@
# Require auth over SSL only.
# auth_over_tls_hosts = *

helo_try_verify_hosts = !+relay_from_hosts

av_scanner = clamd:/var/run/clamav/clamd.ctl
spamd_address = 127.0.0.1 783

acl_smtp_rcpt = acl_check_rcpt
#acl_smtp_mail = acl_check_sender
acl_smtp_connect = acl_check_host
acl_smtp_data = acl_check_data
acl_smtp_helo = acl_check_helo


######################################################################
#                       ACL CONFIGURATION                            #
@@ -102,36 +113,94 @@
begin acl

acl_check_rcpt:

  accept  hosts = :

  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains

  require verify        = sender

  # Blacklist management
  deny    senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address \
                                    AND (recipient = '' OR recipient = '${quote_mysql:$domain}' OR recipient = '${quote_mysql:$local_part}@${quote_mysql:$domain}') \
                                    AND active = '1' AND server_id = 'MAILSERVER_ID'}{$value}}
         log_message     = Blacklisted. Sender: <$sender_address> Recipient: <$local_part@$domain>

  accept  domains       = +local_domains
          endpass
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient

  accept  hosts         = +relay_from_hosts

  accept  authenticated = *

  deny    message       = relay not permitted

acl_check_data:
  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = nobody:true
  warn  message = X-Spam-Report: $spam_report
        spam = nobody:true
  warn  message = Subject: *SPAM* $h_Subject
        spam = nobody

  # reject spam at high scores (> 12)
  deny   message = This message scored $spam_score spam points.
         spam = nobody:true
         condition = ${if >{$spam_score_int}{120}{1}{0}}
acl_check_host:
        accept
                hosts = +relay_from_hosts
        #deny    
        #        log_message = match host_reject.list
        #        hosts = /etc/exim4/filters/host_reject.list

        accept

acl_check_helo:
        accept  hosts = +relay_from_hosts
   # If the HELO pretend to be this host
   deny   condition = ${if or { \
               {eq {${lc:$sender_helo_name}}{MAILSERVER_HOSTNAME}} \
               {eq {${lc:$sender_helo_name}}{MAILSERVER_IP}} \
                } {true}{false} }
        # by default we accept
        accept


acl_check_data:

        accept  hosts = +relay_from_hosts

        # if there is a windows executable as attachment then we reject
        deny    message = This message contains an attachment of a type which we do not accept (.$found_extension) 
                demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url

        # spamassassin
        warn    message = X-SA-Score: $spam_score 
                spam = nobody:true

        warn    message = X-SA-Report: $spam_report 
                spam = nobody:true

                condition = ${if >{$spam_score_int}{0}{true}{false}}
        warn    message = X-SA-Status: Yes 
                spam = nobody:true
                condition = ${if >{$spam_score_int}{50}{true}{false}}

        deny    message = This message scored $spam_score spam points. 
                spam = nobody:true 
                condition = ${if >{$spam_score_int}{70}{true}{false}}

        # clamav
        deny    message = This message contains a virus or other harmful content ($malware_name)
                demime = * 
                malware = *
                log_message = Virus found in Message

        # accept by default
        accept




@@ -176,13 +245,16 @@
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

blacklist_router:
  driver = manualroute
  senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address}{$value}}
  condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
  headers_add = X-Spam-Flag: YES
  route_list = * localhost
  self = pass
# Blacklists werden jetzt in den ACL geprüft
#blacklist_router:
#  driver = manualroute
#  senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address AND recipient = '${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
#  # condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
#  # headers_add = X-Spam-Flag: YES
#  route_list = * localhost
#  # self = pass
#  transport = devnull_transport
#  verify = false

#system_aliases:
#  driver = redirect
@@ -203,11 +275,11 @@
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'alias'}}
   data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}' AND type = 'alias'}}

mysql_email_forward:
   driver = redirect
   data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'forward'}}
   data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}' AND type = 'forward'}}

#spamcheck_router:
#  driver = manualroute
@@ -222,15 +294,52 @@
#  transport = spamcheck
#  verify = false

#spamdelete_router:
#  driver = manualroute
#  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamdelete = '1'}{$value}}
#  # condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
#  condition = "${if match{$h_X-Spam-Flag}{YES} {1}{0}}"
#  route_list = "* localhost byname"
#  transport = devnull_transport
#  verify = false


spamrewrite_router:
  driver = manualroute
  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
  senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
  condition = ${if and { \
    {>{$spam_score_int}{${lookup mysql {SELECT spam_rewrite_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}}\
    {!eq {$received_protocol}{spam-rewrite}} \
    {!eq {$received_protocol}{local}} \
    }{true}{false}}
  headers_remove = Subject
  headers_add = Subject: ${lookup mysql {SELECT spam_rewrite_subject FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}} $header_subject
  route_list = "* localhost byname"
  transport = spamrewrite_transport
  verify = false

spamredirect_router:
  driver = manualroute
  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
  senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
  condition = ${if >{$spam_score_int}{${lookup mysql {SELECT spam_redirect_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}{true}{false}}
  route_list = "* localhost byname"
  transport = spamredirect_transport
  verify = false

spamdelete_router:
  driver = manualroute
  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamdelete = '1'}{$value}}
  # condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
  condition = "${if match{$h_X-Spam-Flag}{YES} {1}{0}}"
  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
  senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
  condition = ${if and { \
    {>{$spam_score_int}{${lookup mysql {SELECT spam_delete_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}}\
    {!eq {$received_protocol}{spam-rewrite}} \
    {!eq {$received_protocol}{local}} \
    }{true}{false}}
  route_list = "* localhost byname"
  transport = devnull_transport
  verify = false


autoresponder_router:
  driver = accept
@@ -257,11 +366,6 @@
   data=${lookup mysql{ SELECT destination FROM mail_domain_catchall WHERE domain='${domain}'}}
   allow_fail
   allow_defer

#domain_catchall_director:
#  driver = redirect
#  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
#  data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
      
######################################################################
#                      TRANSPORTS CONFIGURATION                      #
@@ -272,26 +376,16 @@

begin transports

########################
# Remote smtp transport
########################

remote_smtp:
  driver = smtp

devnull_delivery:
  driver = appendfile
  file = /dev/null
  group = mail

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply
###################
# Mailman transport
###################

mailman_transport:
   driver = pipe
@@ -305,11 +399,15 @@
   user = ${lookup mysql{SELECT mm_user FROM mail_mailman_domain WHERE domain='${domain}'}}
   group = ${lookup mysql{SELECT mm_group FROM mail_mailman_domain WHERE domain='${domain}'}}

spamcheck:

#################################################################################
# This transport is only for rewriting the header of the message with ***SPAM***
#################################################################################

spamrewrite_transport:
  driver = pipe
  command = MAILSERVER_EXIM_BINARY -oMr spam-scanned -bS
  command = MAILSERVER_EXIM_BINARY -oMr spam-rewrite -bS
  use_bsmtp = true
  transport_filter = MAILSERVER_SPAMC_BINARY
  home_directory = "/tmp"
  current_directory = "/tmp"
  user = mail
@@ -320,6 +418,23 @@
  message_prefix =
  message_suffix =

######################################################
# This transport is only for redirecting SPAM messages
######################################################

spamredirect_transport:
  driver = appendfile
  directory = ${lookup mysql {SELECT concat(spam_redirect_maildir,'/Maildir') FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
  maildir_format
  user = mail
  group = mail
  mode = 0660
  directory_mode = 0770

##########################
# Local delivery transport
##########################

local_delivery:
  driver = appendfile
  directory = ${lookup mysql {SELECT concat(maildir,'/Maildir') FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
@@ -328,7 +443,8 @@
  group = mail
  quota = ${lookup mysql{select quota from MYSQL_EMAILTABLE where email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{${value}M}}
  quota_is_inclusive = false
  #quota_size_regex = ,S=(\d+):
  maildir_tag = ,S=$message_size
  quota_size_regex = ,S=(\d+):
  quota_warn_threshold = 75%
  maildir_use_size_file = false
  quota_warn_message = "To: $local_part@$domain\n\
@@ -340,20 +456,10 @@
         Please take note of this and remove unwanted mail from your mailbox.\n"
  mode = 0660
  directory_mode = 0770
  
#mysql_delivery:
#   driver = appendfile
#   maildir_format
#   directory = \
#      ${lookup mysql{SELECT maildir FROM passwd \
#      WHERE email='${local_part}@${domain}'}}
#   user = \
#      ${lookup mysql{SELECT uid FROM passwd \
#      WHERE email='${local_part}@${domain}'}}
#   group = \
#      ${lookup mysql{SELECT gid FROM passwd \
#      WHERE email='${local_part}@${domain}'}}

##########################
# autoresponder transport
##########################

autoresponder_transport:
  driver = autoreply
@@ -362,11 +468,16 @@
  subject = "Autoresponder: ${local_part}@${domain}"
  text = ${lookup mysql {SELECT autoresponder_text FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}

##########################
# devnull transport
##########################

devnull_transport:
  driver = appendfile
  file = /dev/null
  user = mail


######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################