From c9d1c43703241901002705a2125c4c59e181f6d7 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sat, 17 Dec 2005 09:57:54 -0500
Subject: [PATCH] improved ISPConfig mail
---
config/exim4/exim4.conf.template | 239 +++++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 175 insertions(+), 64 deletions(-)
diff --git a/config/exim4/exim4.conf.template b/config/exim4/exim4.conf.template
index c211e2e..4bed325 100644
--- a/config/exim4/exim4.conf.template
+++ b/config/exim4/exim4.conf.template
@@ -15,6 +15,7 @@
# Server ID for Multiserver Setups
MAILSERVER_ID=1
MAILSERVER_HOSTNAME=mail.
+MAILSERVER_IP=192.168.0.108
MAILSERVER_EXIM_BINARY=/usr/sbin/exim4
MAILSERVER_SPAMC_BINARY=/usr/bin/spamc
@@ -47,7 +48,7 @@
hostlist relay_from_hosts = 127.0.0.1
domainlist mmdomains = ${lookup mysql {SELECT domain FROM mail_mailman_domain}}
-acl_smtp_rcpt = acl_check_rcpt
+# acl_smtp_rcpt = acl_check_rcpt
qualify_domain =
# qualify_recipient =
@@ -92,7 +93,17 @@
# Require auth over SSL only.
# auth_over_tls_hosts = *
+helo_try_verify_hosts = !+relay_from_hosts
+
+av_scanner = clamd:/var/run/clamav/clamd.ctl
spamd_address = 127.0.0.1 783
+
+acl_smtp_rcpt = acl_check_rcpt
+#acl_smtp_mail = acl_check_sender
+acl_smtp_connect = acl_check_host
+acl_smtp_data = acl_check_data
+acl_smtp_helo = acl_check_helo
+
######################################################################
# ACL CONFIGURATION #
@@ -102,36 +113,94 @@
begin acl
acl_check_rcpt:
+
accept hosts = :
+
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
+
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
accept local_parts = postmaster
domains = +local_domains
+
require verify = sender
+
+ # Blacklist management
+ deny senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address \
+ AND (recipient = '' OR recipient = '${quote_mysql:$domain}' OR recipient = '${quote_mysql:$local_part}@${quote_mysql:$domain}') \
+ AND active = '1' AND server_id = 'MAILSERVER_ID'}{$value}}
+ log_message = Blacklisted. Sender: <$sender_address> Recipient: <$local_part@$domain>
+
accept domains = +local_domains
endpass
verify = recipient
+
accept domains = +relay_to_domains
endpass
verify = recipient
+
accept hosts = +relay_from_hosts
+
accept authenticated = *
+
deny message = relay not permitted
-acl_check_data:
- warn message = X-Spam-Score: $spam_score ($spam_bar)
- spam = nobody:true
- warn message = X-Spam-Report: $spam_report
- spam = nobody:true
- warn message = Subject: *SPAM* $h_Subject
- spam = nobody
- # reject spam at high scores (> 12)
- deny message = This message scored $spam_score spam points.
- spam = nobody:true
- condition = ${if >{$spam_score_int}{120}{1}{0}}
+acl_check_host:
+ accept
+ hosts = +relay_from_hosts
+ #deny
+ # log_message = match host_reject.list
+ # hosts = /etc/exim4/filters/host_reject.list
+
+ accept
+
+acl_check_helo:
+ accept hosts = +relay_from_hosts
+ # If the HELO pretend to be this host
+ deny condition = ${if or { \
+ {eq {${lc:$sender_helo_name}}{MAILSERVER_HOSTNAME}} \
+ {eq {${lc:$sender_helo_name}}{MAILSERVER_IP}} \
+ } {true}{false} }
+ # by default we accept
+ accept
+
+
+acl_check_data:
+
+ accept hosts = +relay_from_hosts
+
+ # if there is a windows executable as attachment then we reject
+ deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
+ demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url
+
+ # spamassassin
+ warn message = X-SA-Score: $spam_score
+ spam = nobody:true
+
+ warn message = X-SA-Report: $spam_report
+ spam = nobody:true
+
+ condition = ${if >{$spam_score_int}{0}{true}{false}}
+ warn message = X-SA-Status: Yes
+ spam = nobody:true
+ condition = ${if >{$spam_score_int}{50}{true}{false}}
+
+ deny message = This message scored $spam_score spam points.
+ spam = nobody:true
+ condition = ${if >{$spam_score_int}{70}{true}{false}}
+
+ # clamav
+ deny message = This message contains a virus or other harmful content ($malware_name)
+ demime = *
+ malware = *
+ log_message = Virus found in Message
+
+ # accept by default
+ accept
+
@@ -176,13 +245,16 @@
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
-blacklist_router:
- driver = manualroute
- senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address}{$value}}
- condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
- headers_add = X-Spam-Flag: YES
- route_list = * localhost
- self = pass
+# Blacklists werden jetzt in den ACL gepr�ft
+#blacklist_router:
+# driver = manualroute
+# senders = ${lookup mysql {SELECT DISTINCT address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE address AND recipient = '${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
+# # condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
+# # headers_add = X-Spam-Flag: YES
+# route_list = * localhost
+# # self = pass
+# transport = devnull_transport
+# verify = false
#system_aliases:
# driver = redirect
@@ -203,11 +275,11 @@
driver = redirect
allow_fail
allow_defer
- data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'alias'}}
+ data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}' AND type = 'alias'}}
mysql_email_forward:
driver = redirect
- data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'forward'}}
+ data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}' AND type = 'forward'}}
#spamcheck_router:
# driver = manualroute
@@ -222,15 +294,52 @@
# transport = spamcheck
# verify = false
+#spamdelete_router:
+# driver = manualroute
+# domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamdelete = '1'}{$value}}
+# # condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
+# condition = "${if match{$h_X-Spam-Flag}{YES} {1}{0}}"
+# route_list = "* localhost byname"
+# transport = devnull_transport
+# verify = false
+
+
+spamrewrite_router:
+ driver = manualroute
+ domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
+ senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
+ condition = ${if and { \
+ {>{$spam_score_int}{${lookup mysql {SELECT spam_rewrite_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}}\
+ {!eq {$received_protocol}{spam-rewrite}} \
+ {!eq {$received_protocol}{local}} \
+ }{true}{false}}
+ headers_remove = Subject
+ headers_add = Subject: ${lookup mysql {SELECT spam_rewrite_subject FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}} $header_subject
+ route_list = "* localhost byname"
+ transport = spamrewrite_transport
+ verify = false
+
+spamredirect_router:
+ driver = manualroute
+ domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
+ senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
+ condition = ${if >{$spam_score_int}{${lookup mysql {SELECT spam_redirect_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}{true}{false}}
+ route_list = "* localhost byname"
+ transport = spamredirect_transport
+ verify = false
+
spamdelete_router:
driver = manualroute
- domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamdelete = '1'}{$value}}
- # condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
- condition = "${if match{$h_X-Spam-Flag}{YES} {1}{0}}"
+ domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
+ senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
+ condition = ${if and { \
+ {>{$spam_score_int}{${lookup mysql {SELECT spam_delete_score_int FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}}}\
+ {!eq {$received_protocol}{spam-rewrite}} \
+ {!eq {$received_protocol}{local}} \
+ }{true}{false}}
route_list = "* localhost byname"
transport = devnull_transport
verify = false
-
autoresponder_router:
driver = accept
@@ -257,11 +366,6 @@
data=${lookup mysql{ SELECT destination FROM mail_domain_catchall WHERE domain='${domain}'}}
allow_fail
allow_defer
-
-#domain_catchall_director:
-# driver = redirect
-# domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
-# data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
######################################################################
# TRANSPORTS CONFIGURATION #
@@ -272,26 +376,16 @@
begin transports
+########################
+# Remote smtp transport
+########################
+
remote_smtp:
driver = smtp
-devnull_delivery:
- driver = appendfile
- file = /dev/null
- group = mail
-
-address_pipe:
- driver = pipe
- return_output
-
-address_file:
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-address_reply:
- driver = autoreply
+###################
+# Mailman transport
+###################
mailman_transport:
driver = pipe
@@ -305,11 +399,15 @@
user = ${lookup mysql{SELECT mm_user FROM mail_mailman_domain WHERE domain='${domain}'}}
group = ${lookup mysql{SELECT mm_group FROM mail_mailman_domain WHERE domain='${domain}'}}
-spamcheck:
+
+#################################################################################
+# This transport is only for rewriting the header of the message with ***SPAM***
+#################################################################################
+
+spamrewrite_transport:
driver = pipe
- command = MAILSERVER_EXIM_BINARY -oMr spam-scanned -bS
+ command = MAILSERVER_EXIM_BINARY -oMr spam-rewrite -bS
use_bsmtp = true
- transport_filter = MAILSERVER_SPAMC_BINARY
home_directory = "/tmp"
current_directory = "/tmp"
user = mail
@@ -320,6 +418,23 @@
message_prefix =
message_suffix =
+######################################################
+# This transport is only for redirecting SPAM messages
+######################################################
+
+spamredirect_transport:
+ driver = appendfile
+ directory = ${lookup mysql {SELECT concat(spam_redirect_maildir,'/Maildir') FROM mail_spamfilter WHERE email='${quote_mysql:$local_part}@${quote_mysql:$domain}'}{$value}}
+ maildir_format
+ user = mail
+ group = mail
+ mode = 0660
+ directory_mode = 0770
+
+##########################
+# Local delivery transport
+##########################
+
local_delivery:
driver = appendfile
directory = ${lookup mysql {SELECT concat(maildir,'/Maildir') FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
@@ -328,7 +443,8 @@
group = mail
quota = ${lookup mysql{select quota from MYSQL_EMAILTABLE where email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{${value}M}}
quota_is_inclusive = false
- #quota_size_regex = ,S=(\d+):
+ maildir_tag = ,S=$message_size
+ quota_size_regex = ,S=(\d+):
quota_warn_threshold = 75%
maildir_use_size_file = false
quota_warn_message = "To: $local_part@$domain\n\
@@ -340,20 +456,10 @@
Please take note of this and remove unwanted mail from your mailbox.\n"
mode = 0660
directory_mode = 0770
-
-#mysql_delivery:
-# driver = appendfile
-# maildir_format
-# directory = \
-# ${lookup mysql{SELECT maildir FROM passwd \
-# WHERE email='${local_part}@${domain}'}}
-# user = \
-# ${lookup mysql{SELECT uid FROM passwd \
-# WHERE email='${local_part}@${domain}'}}
-# group = \
-# ${lookup mysql{SELECT gid FROM passwd \
-# WHERE email='${local_part}@${domain}'}}
+##########################
+# autoresponder transport
+##########################
autoresponder_transport:
driver = autoreply
@@ -362,11 +468,16 @@
subject = "Autoresponder: ${local_part}@${domain}"
text = ${lookup mysql {SELECT autoresponder_text FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
+##########################
+# devnull transport
+##########################
+
devnull_transport:
driver = appendfile
file = /dev/null
user = mail
+
######################################################################
# RETRY CONFIGURATION #
######################################################################
--
Gitblit v1.9.1