[Comm] Exim + необычный грейлистинг: ошибка в конфиге

* [Comm] Exim + необычный грейлистинг:  ошибка в конфиге
@ 2008-06-19  4:33 Oleg Sukhanov
  2008-06-25 23:49 ` Michael Shigorin
  0 siblings, 1 reply; 3+ messages in thread
From: Oleg Sukhanov @ 2008-06-19  4:33 UTC (permalink / raw)
  To: ALT Linux Community general discussions

[-- Attachment #1: Type: text/plain, Size: 1143 bytes --]

Решил сделать грейлистинг в эксиме. Нашёл интересный вариант:
http://rjfrost.net/exim.html

Но эксим ругается и запускаться не хочет. На мой взгляд всё
нормально, как лечить тоже понять не могу.

Немного изменил конфиг, чтобы понять, где ошибка. Вот 2 варианта:

=====================================================
    condition = ${if
     or { {match {$sender_host_name} {[0-9]}  } {match
{$sender_host_name} {[a-z]}  } }{yes}{no} }

Starting exim service: 2008-06-19 10:30:33 Exim configuration
error in line 321 of /etc/exim/exim.conf:
  error in ACL: unknown ACL condition/modifier in "or { {match
{$sender_host_name} {[0-9]}  } {match {$sender_host_name} {[a-z]}
 } }{yes}{no} }"

======================================================
    condition = ${if \
     or { {match {$sender_host_name} {[0-9]}  } {match
{$sender_host_name} {[a-z]}  } }{yes}{no} }

Starting exim service: 2008-06-19 10:30:57 Exim configuration
error in line 1018 of /etc/exim/exim.conf:
  authenticator name missing

======================================================

Сам конфиг в аттаче, убрал почти все комментарии, оставил только
существенное.

[-- Attachment #2: exim.conf --]
[-- Type: text/plain, Size: 8481 bytes --]

hide mysql_servers = localhost::(/var/lib/mysql/mysql.sock)/exim/sqlmail/password

local_interfaces = 127.0.0.1 : 10.23.3.30

daemon_smtp_ports = 25 : 465 : 587

tls_on_connect_ports = 465

tls_advertise_hosts = *
tls_certificate = /var/lib/ssl/certs/exim.pem
tls_privatekey = /var/lib/ssl/private/exim.pem

domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \
    WHERE domain='${domain}' AND \
    (type='LOCAL' OR type='VIRTUAL')}}

domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
    WHERE domain='${domain}' AND type='RELAY'}}

hostlist   relay_from_hosts = 127.0.0.1

acl_smtp_rcpt = acl_check_rcpt

av_scanner = clamd:/var/lib/clamav/clamd.socket

never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 5s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

helo_allow_chars = _

accept_8bitmime = true

smtp_accept_max = 80

smtp_accept_max_per_host = 8

print_topbitchars = true

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################

begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:

  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  # testing for an empty sending host field.

  accept  hosts = :

    accept	domains		=	${lookup mysql{SELECT domain from whitelist \
    WHERE domain='${sender_address_domain}' AND status='1'}}

    warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}}
    warn    set acl_c1 = false
    warn    domains       = +relay_to_domains : +local_domains
            !senders      =
            !hosts        = +relay_from_hosts
#            !authenticated = *
            condition = ${if \
 or { {match {$sender_host_name} {[0-9]}  } {match {$sender_host_name} {[a-z]}  } }{yes}{no} }

#    or{ {match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\
#                    {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\
#
#    {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\
#
#    {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\
#
#    {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\
#
#    {match{$sender_host_name}{\N\.*(dhcp|dialup|ppp|[achrsvx]?dsl)\.*\N}}}{yes}{no}}

#    condition = ${if
#       or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\
#    	    {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\
#            {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\
#            {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\
#            {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\
#            {match{$sender_host_name}{\N^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]\N}}}{yes}{no}}

            set acl_c1    = true

      warn    condition     = ${if or{{= {$host_lookup_deferred}{1}} \
                                            {= {$host_lookup_failed}{1}}}}
            set acl_c1    = true

    defer   message       = Greylisting in effect, please try again later.
    	    log_message   = greylisted.
            condition     = ${if eq{$acl_c1}{true}}
            condition = ${if eq{$acl_m2}{0}{1}}
            condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}}
    defer   message       = Greylisting in effect, retry time not reached, please try again later.
            log_message   = greylisted.
            condition     = ${if eq{$acl_c1}{true}}
            condition = ${if eq{$acl_m2}{1}{1}}

  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains

  require verify        = sender

  accept  hosts         = +relay_from_hosts
          control       = submission

  accept  authenticated = *
          control       = submission

  accept  domains       = +local_domains
          endpass
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient

  deny    message       = relay not permitted

acl_check_mime:

  # Just decode MIME parts to disk.
  warn decode = default

  accept

acl_check_content:

  # Reject virus infested messages.
  deny  message = This message contains malware ($malware_name)
        malware = *

  # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
  # (user "mail"), no matter if over threshold or not.
  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = mail:true
  warn  message = X-Spam-Report: $spam_report
        spam = mail:true

  # Add X-Spam-Flag if spam is over system-wide threshold
  warn message = X-Spam-Flag: YES
       spam = mail

  # Reject spam messages with score over 10, using an extra condition.
  deny  message = This message scored $spam_score points. Congratulations!
        spam = mail:true
        condition = ${if >{$spam_score_int}{100}{1}{0}}

  # finally accept all the rest
  accept

begin routers

lan:
    driver = manualroute
    domains = ! localdomain.local
    route_list = localdomain.local
    transport = remote_smtp

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

system_aliases:
    driver = redirect
    allow_fail
    allow_defer
    data = ${lookup mysql{SELECT recipients FROM aliases \
           WHERE local_part='${local_part}' AND domain='${domain}'}}
    file_transport = address_file
    pipe_transport = address_pipe

userforward:
    driver = redirect
    allow_fail
    allow_defer
    data = ${lookup mysql{SELECT recipients FROM userforward \
           WHERE local_part='${local_part}' AND domain='${domain}'}}
    file_transport = address_file
    pipe_transport = address_pipe
    reply_transport = address_reply

virtual_localuser:
    driver = accept
    domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}}
    local_parts = ${lookup mysql{SELECT login from users \
            WHERE login='${local_part}' AND domain='${domain}' AND status='1' }}
    transport = local_delivery

localuser:
  driver = accept
  check_local_user
  local_part_suffix = +* : -*
  local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user

begin transports

remote_smtp:
  driver = smtp

local_delivery:
    driver = appendfile
    check_string = ""
    create_directory
    delivery_date_add
    directory = /var/mail/$domain/$local_part
    directory_mode = 770
    envelope_to_add
#    user = virtmail
    user = mail
    group = mail
    maildir_format
    maildir_tag = ,S=$message_size
    message_prefix = ""
    message_suffix = ""
    mode = 0660
    quota = ${lookup mysql{SELECT quota FROM users \
          WHERE login='${local_part}' AND domain='${domain}'}{${value}M}}
    quota_size_regex = S=(\d+)$
    quota_warn_threshold = 75%
    return_path_add

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

# greylisting shizzle

    GREYLIST_TEST = SELECT CASE \
    WHEN now() - block_expires > 0 THEN 2 \
    ELSE 1 \
    END \
    FROM greylist \
    WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
    AND from_sender = '${quote_mysql:$sender_address}'\
    AND rcpt_to = '${quote_mysql:$local_part@$domain}'

    GREYLIST_ADD = INSERT INTO greylist (relay_ip, from_sender, rcpt_to,
    \
    block_expires, record_expires, create_time) \
    VALUES ( '${quote_mysql:$sender_host_address}', \
    '${quote_mysql:$sender_address}', '${quote_mysql:$local_part@$domain}', \
    DATE_ADD(now(), INTERVAL 5 MINUTE), \
    DATE_ADD(now(), INTERVAL 7 DAY), \
    now() \
    )

# End of Exim configuration file

^ permalink raw reply	[flat|nested] 3+ messages in thread