From: Oleg Sukhanov <bh@kaznaufk.amur.ru> To: ALT Linux Community general discussions <community@lists.altlinux.org> Subject: [Comm] Exim + необычный грейлистинг: ошибка в конфиге Date: Thu, 19 Jun 2008 14:33:00 +1000 Message-ID: <4859E17C.9070601@kaznaufk.amur.ru> (raw) [-- Attachment #1: Type: text/plain, Size: 1143 bytes --] Решил сделать грейлистинг в эксиме. Нашёл интересный вариант: http://rjfrost.net/exim.html Но эксим ругается и запускаться не хочет. На мой взгляд всё нормально, как лечить тоже понять не могу. Немного изменил конфиг, чтобы понять, где ошибка. Вот 2 варианта: ===================================================== condition = ${if or { {match {$sender_host_name} {[0-9]} } {match {$sender_host_name} {[a-z]} } }{yes}{no} } Starting exim service: 2008-06-19 10:30:33 Exim configuration error in line 321 of /etc/exim/exim.conf: error in ACL: unknown ACL condition/modifier in "or { {match {$sender_host_name} {[0-9]} } {match {$sender_host_name} {[a-z]} } }{yes}{no} }" ====================================================== condition = ${if \ or { {match {$sender_host_name} {[0-9]} } {match {$sender_host_name} {[a-z]} } }{yes}{no} } Starting exim service: 2008-06-19 10:30:57 Exim configuration error in line 1018 of /etc/exim/exim.conf: authenticator name missing ====================================================== Сам конфиг в аттаче, убрал почти все комментарии, оставил только существенное. [-- Attachment #2: exim.conf --] [-- Type: text/plain, Size: 8481 bytes --] hide mysql_servers = localhost::(/var/lib/mysql/mysql.sock)/exim/sqlmail/password local_interfaces = 127.0.0.1 : 10.23.3.30 daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 tls_advertise_hosts = * tls_certificate = /var/lib/ssl/certs/exim.pem tls_privatekey = /var/lib/ssl/private/exim.pem domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND \ (type='LOCAL' OR type='VIRTUAL')}} domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND type='RELAY'}} hostlist relay_from_hosts = 127.0.0.1 acl_smtp_rcpt = acl_check_rcpt av_scanner = clamd:/var/lib/clamav/clamd.socket never_users = root host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d helo_allow_chars = _ accept_8bitmime = true smtp_accept_max = 80 smtp_accept_max_per_host = 8 print_topbitchars = true ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. acl_check_rcpt: # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by # testing for an empty sending host field. accept hosts = : accept domains = ${lookup mysql{SELECT domain from whitelist \ WHERE domain='${sender_address_domain}' AND status='1'}} warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}} warn set acl_c1 = false warn domains = +relay_to_domains : +local_domains !senders = !hosts = +relay_from_hosts # !authenticated = * condition = ${if \ or { {match {$sender_host_name} {[0-9]} } {match {$sender_host_name} {[a-z]} } }{yes}{no} } # or{ {match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\ # # {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\ # # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\ # # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\ # # {match{$sender_host_name}{\N\.*(dhcp|dialup|ppp|[achrsvx]?dsl)\.*\N}}}{yes}{no}} # condition = ${if # or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\ # {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\ # {match{$sender_host_name}{\N^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]\N}}}{yes}{no}} set acl_c1 = true warn condition = ${if or{{= {$host_lookup_deferred}{1}} \ {= {$host_lookup_failed}{1}}}} set acl_c1 = true defer message = Greylisting in effect, please try again later. log_message = greylisted. condition = ${if eq{$acl_c1}{true}} condition = ${if eq{$acl_m2}{0}{1}} condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}} defer message = Greylisting in effect, retry time not reached, please try again later. log_message = greylisted. condition = ${if eq{$acl_c1}{true}} condition = ${if eq{$acl_m2}{1}{1}} deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains require verify = sender accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission accept domains = +local_domains endpass verify = recipient accept domains = +relay_to_domains endpass verify = recipient deny message = relay not permitted acl_check_mime: # Just decode MIME parts to disk. warn decode = default accept acl_check_content: # Reject virus infested messages. deny message = This message contains malware ($malware_name) malware = * # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings # (user "mail"), no matter if over threshold or not. warn message = X-Spam-Score: $spam_score ($spam_bar) spam = mail:true warn message = X-Spam-Report: $spam_report spam = mail:true # Add X-Spam-Flag if spam is over system-wide threshold warn message = X-Spam-Flag: YES spam = mail # Reject spam messages with score over 10, using an extra condition. deny message = This message scored $spam_score points. Congratulations! spam = mail:true condition = ${if >{$spam_score_int}{100}{1}{0}} # finally accept all the rest accept begin routers lan: driver = manualroute domains = ! localdomain.local route_list = localdomain.local transport = remote_smtp dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM aliases \ WHERE local_part='${local_part}' AND domain='${domain}'}} file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM userforward \ WHERE local_part='${local_part}' AND domain='${domain}'}} file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply virtual_localuser: driver = accept domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}} local_parts = ${lookup mysql{SELECT login from users \ WHERE login='${local_part}' AND domain='${domain}' AND status='1' }} transport = local_delivery localuser: driver = accept check_local_user local_part_suffix = +* : -* local_part_suffix_optional transport = local_delivery cannot_route_message = Unknown user begin transports remote_smtp: driver = smtp local_delivery: driver = appendfile check_string = "" create_directory delivery_date_add directory = /var/mail/$domain/$local_part directory_mode = 770 envelope_to_add # user = virtmail user = mail group = mail maildir_format maildir_tag = ,S=$message_size message_prefix = "" message_suffix = "" mode = 0660 quota = ${lookup mysql{SELECT quota FROM users \ WHERE login='${local_part}' AND domain='${domain}'}{${value}M}} quota_size_regex = S=(\d+)$ quota_warn_threshold = 75% return_path_add address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite begin authenticators # greylisting shizzle GREYLIST_TEST = SELECT CASE \ WHEN now() - block_expires > 0 THEN 2 \ ELSE 1 \ END \ FROM greylist \ WHERE relay_ip = '${quote_mysql:$sender_host_address}' \ AND from_sender = '${quote_mysql:$sender_address}'\ AND rcpt_to = '${quote_mysql:$local_part@$domain}' GREYLIST_ADD = INSERT INTO greylist (relay_ip, from_sender, rcpt_to, \ block_expires, record_expires, create_time) \ VALUES ( '${quote_mysql:$sender_host_address}', \ '${quote_mysql:$sender_address}', '${quote_mysql:$local_part@$domain}', \ DATE_ADD(now(), INTERVAL 5 MINUTE), \ DATE_ADD(now(), INTERVAL 7 DAY), \ now() \ ) # End of Exim configuration file
next reply other threads:[~2008-06-19 4:33 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2008-06-19 4:33 Oleg Sukhanov [this message] 2008-06-25 23:49 ` Michael Shigorin 2008-07-04 0:46 ` Oleg Sukhanov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=4859E17C.9070601@kaznaufk.amur.ru \ --to=bh@kaznaufk.amur.ru \ --cc=community@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git