--- exim.conf.4.2.3.nobaloney 2014-07-09 14:37:29.000000000 -0600 +++ exim.conf-SpamBlockerTechnology-v4.2.3.txt 2014-09-12 23:16:15.000000000 -0600 @@ -1,16 +1,18 @@ -# SpamBlockerTechnology* powered exim.conf, Version 4.2.3 -# release date 07/09/2014 -# dovecot delivery & sieve : no -# +# SpamBlockerTechnology* powered exim.conf, Version 4.2.3-alpha1 +# September 1, 2014 17:54 (-0700) # Exim configuration file for DirectAdmin -# Requires exim.pl version 17 or later as distributed by DirectAdmin here: -# http://files.directadmin.com/services/exim.pl.17 +# Requires exim.pl as distributed by DirectAdmin here: +# http://files.directadmin.com/services/exim.pl version 19 or higher +# New version 4.2.1 removes obsolete dnsbl.njabl.org blocklist +# and two ahbl blocklists; see: # http://forum.directadmin.com/showthread.php?t=48774 +# Edit#42 : entire section now commented out as there is no other +# name-base;d blocklist in use # Includes SpamBlockerTechnology blocklists and optimizations: # http://www.nobaloney.net/downloads/spamblocker/ # ClamAV optional # SpamAssassin optional # Dovecot/IMAP Mandatory -# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services +# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services: # http://www.nobaloney.net # # WARNING! Do NOT use this exim.conf Exim configuration file unless you @@ -32,7 +34,7 @@ # Portions of this file are written by NoBaloney Internet Services # and are copyright as follows: # -# Copyright (C) 2004-2014 NoBaloney Internet Services Div. Qnito Incorporated, Las Vegas, NV, USA +# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA # # The entire Exim 4 distribution, including the exim.conf file, is # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, @@ -62,9 +64,11 @@ # primary_hostname = #EDIT#2-CLAMAV: -# av_scanner = clamd:127.0.0.1 3310 -# av_scanner = clamd:/tmp/clamd.socket # av_scanner = clamd:/var/run/clamav/clamd +#.include_if_exists /etc/exim.clamav.load.conf + +#Block Cracking variables +.include_if_exists /etc/exim.blockcracking/variables.conf #EDIT#3: # qualify_domain = @@ -79,7 +83,9 @@ untrusted_set_sender = * #EDIT#7: -daemon_smtp_ports = 25 : 587 +daemon_smtp_ports = 25 : 587 : 465 +tls_on_connect_ports = 465 +disable_ipv6=false #EDIT#8: local_from_check = false @@ -94,7 +100,7 @@ smtp_accept_max_per_host = 10 recipients_max = 150 smtp_accept_queue_per_connection = 10 -smtp_connect_backlog = 50 +smtp_accept_max_per_connection = 100 #EDIT#10: helo_allow_chars = _ @@ -120,6 +126,8 @@ syslog_duplication = false #EDIT#13: +acl_not_smtp = acl_script +acl_smtp_auth = acl_check_auth acl_smtp_connect = acl_connect acl_smtp_helo = acl_check_helo acl_smtp_rcpt = acl_check_recipient @@ -139,13 +147,13 @@ hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip +BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames #EDIT#15: -domainlist skip_av_domains = lsearch;/etc/virtual/skip_av_domains +#domainlist skip_av_domains = lsearch;/etc/virtual/skip_av_domains #EDIT#16: hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts -# hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 #EDIT#17: never_users = root @@ -185,61 +193,93 @@ acl_connect: accept hosts = * +#EDIT#24.5# +acl_check_auth: + drop set acl_m_authcount = ${eval10:0$acl_m_authcount+1} + condition = ${if >{$acl_m_authcount}{2}} + delay = 10s + message = Only one authentication attempt is allowed per connection + + accept + #EDIT#25: acl_check_helo: # accept mail originating on this server unconditionally accept hosts = @[] : @ - - # deny if hostname is ylmf-pc, which accounts for a HUGE percentage of BF attacks - deny message = Bad HELO - Blocked due to abuse - condition = ${if eq{$sender_helo_name}{ylmf-pc}} - # deny if the HELO pretends to be this host - deny message = Bad HELO - Host impersonating hostname [$sender_helo_name] + deny message = Bad HELO - Host impersonating hostname [$sender_helo_name] condition = ${if or { \ {match{$sender_helo_name}{$smtp_active_hostname}} \ {eq{$sender_helo_name}{[$interface_address]}} \ } {true}{false} } - condition = ${if eq {$interface_port}{25} {yes}{no}} # only for non-authenticated - # deny if the HELO is an IP address deny message = HELO is an IP address (See RFC2821 4.1.3) + condition = ${if eq{$interface_port}{25}} condition = ${if isip{$sender_helo_name}} - condition = ${if eq {$interface_port}{25} {yes}{no}} # only for non-authenticated - + # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks + deny message = Bad HELO - Blocked due to abuse + condition = ${if eq{$sender_helo_name}{ylmf-pc}} # deny if the HELO pretends to be one of the domains hosted on the server deny message = Bad HELO - Host impersonating domain name [$sender_helo_name] condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}} - condition = ${if eq {$interface_port}{25} {yes}{no}} # only for non-authenticated hosts = ! +relay_hosts + accept + +acl_script: + discard set acl_m_uid = ${perl{find_uid}} + set acl_m_username = ${perl{get_username}{$acl_m_uid}} + condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} + condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}} + message = User account ($acl_m_username) has sent too many emails. Script delivery blocked. + + discard condition = ${if !eq{$originator_uid}{$exim_uid}} + condition = ${if exists{BLACKLIST_USERNAMES}} + condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} + message = User account ($acl_m_username) is not allowed to send emails. Script delivery blocked via BLACKLIST_USERNAMES. + + .include_if_exists /etc/exim.blockcracking/script.conf accept + .include_if_exists /etc/exim.blockcracking/script.recipients.conf + #EDIT#26: acl_check_recipient: # block certain well-known exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | - - drop message = sender trying to exploit our server - domains = +local_domains + deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # If you've hit the limit, you can't send anymore. Requires exim.pl 17+ - deny message = User account ${authenticated_id} has sent too many emails + drop message = User account ${authenticated_id} has sent too many emails condition = ${perl{auth_hit_limit_acl}} authenticated = * - deny message = Legitimate bounces are never sent to more than one recipient. - # uses rcpt_count vs recipients_count to count all recipients even - # even if not accepted - senders = : postmaster@* - condition = ${if >{$rcpt_count}{1} {1}} + drop message = Legitimate bounces are never sent to more than one recipient. + senders = : postmaster@* + condition = ${if >{$recipients_count}{0}{true}{false}} drop message = REJECTED - Too many failed recipients - count = $rcpt_fail_count log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} !verify = recipient/callout=2m,defer_ok,use_sender + drop message = The domain ${domain} is currently suspended. Try later. + domains = +local_domains + condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}} + + drop authenticated = * + condition = ${if exists{BLACKLIST_USERNAMES}} + set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}} + set acl_m_username = ${perl{get_username}{$acl_m_uid}} + condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} + condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} + message = User account ($acl_m_username) is not allowed to send emails. E-Mail delivery blocked. + logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES + + #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking + .include_if_exists /etc/exim.blockcracking/auth.conf + # restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts @@ -261,19 +301,27 @@ domains = +relay_domains #EDIT#27: - # Checks if it's a hostname or IPV4 address with dots or IPV6 address + # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address deny message = R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) !authenticated = * condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} - # Make sure the hostname has no double-dots (invalid) - deny message = R2: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + ## 2nd deny makes sure the hostname doesn't end with a dot (invalid) + # deny message = R2: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + # !authenticated = * + # condition = ${if match{$sender_helo_name}{\N\.$\N}} + # 3rd deny makes sure the hostname has no double-dots (invalid) + deny message = R3: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) !authenticated = * condition = ${if match{$sender_helo_name}{\N\.\.\N}} + ## 4th deny make sure the hostname doesn't end in .home (invalid domain) + # deny message = R4: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + # !authenticated = * + # condition = ${if match{$sender_helo_name}{\N\.home$\N}} #EDIT#28: -# warn domains = +skip_av_domains -# set acl_m0 = $tod_epoch + # warn domains = +skip_av_domains + # set acl_m0 = $tod_epoch #EDIT#29: deny domains = !+local_domains @@ -295,20 +343,20 @@ logwrite = $sender_host_address whitelisted in local sender whitelist #EDIT#32: - deny message = Email blocked by local blacklist + deny message = 554 denied. 5.7.1 Email Blocked due to SPAM domains = +use_rbl_domains domains = !+skip_rbl_domains senders = +blacklist_senders #EDIT#33: - deny message = Email blocked by local blacklist + deny message = 554 denied. 5.7.1 Host Blocked due to SPAM # only for domains that do want to be tested against RBLs domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = +bad_sender_hosts #EDIT#34: - deny message = Email blocked by local blacklist + deny message = 554 denied. 5.7.1 IP Blocked due to SPAM hosts = +bad_sender_hosts_ip #EDIT#35: @@ -322,21 +370,22 @@ # logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com #EDIT#37: - accept local_parts = whitelist - domains = example.com + # accept local_parts = whitelist + # domains = example.com #EDIT#38: - # require verify = sender + require verify = sender #EDIT#39: - deny message = Email blocked by local blacklist + deny message = 554 denied. 5.7.1 Domain Blocked due to SPAM domains = +use_rbl_domains domains = !+skip_rbl_domains sender_domains = +blacklist_domains #EDIT#40: -# This section removed because PayPal senders can not be -# reliably identified. Instead use Spamassassin to score DKIM/SPf. +# deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal. +# senders = *@paypal.com +# condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}} #EDIT#41: deny message = Email blocked by $dnslist_domain @@ -347,19 +396,10 @@ dnslists = \ cbl.abuseat.org : \ bl.spamcop.net : \ - # b.barracudacentral.org : \ - # zen.spamhaus.org : \ - # hostkarma.junkemailfilter.com=127.0.0.2 : \ - combined.rbl.msrbl.net - -#EDIT#42 : -# deny message = Email blocked by $dnslist_domain -# hosts = !+relay_hosts -# domains = +use_rbl_domains -# domains = !+skip_rbl_domains -# !authenticated = * -# dnslists = \ -# rhsbl.ahbl.org/$sender_address_domain + combined.rbl.msrbl.net : \ + b.barracudacentral.org : \ + zen.spamhaus.org : \ + hostkarma.junkemailfilter.com=127.0.0.2 #COMMENT#43: # ACCEPT EMAIL BEGINNING HERE @@ -374,13 +414,15 @@ accept domains = +relay_domains endpass verify = recipient - #EDIT#45: accept hosts = +relay_hosts + add_header = X-Relay-Host: $sender_host_address + accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * + # FINAL DENY EMAIL BEFORE DATA BEGINS HERE # default at end of acl causes a "deny", but line below will give # an explicit error message: @@ -389,7 +431,9 @@ # ACL that is used after the DATA command (ClamAV) acl_check_message: -#EDIT#46 : +#EDIT#46: +#.include_if_exists /etc/exim.clamav.conf + ## accept without checking if in skip_av_domains # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}} @@ -425,14 +469,14 @@ driver = plaintext public_name = PLAIN server_prompts = : - server_condition = "${perl{smtpauth}}" + server_condition = "${perl{smtpauth}{0}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" - server_condition = "${perl{smtpauth}}" + server_condition = "${perl{smtpauth}{0}}" server_set_id = $1 #EDIT#47: @@ -451,7 +495,8 @@ transport = remote_smtp no_more -# smarthost: +# RELATED: http://help.directadmin.com/item.php?id=153 +# smart_route: # driver = manualroute # domains = ! +local_domains # ignore_target_hosts = 127.0.0.0/8 @@ -462,20 +507,11 @@ #COMMENT#49: #DIRECTORS CONFIGURATION -#EDIT#50 : -# spamcheck_director: -# driver = accept -# condition = "${if and { \ -# {!def:authenticated_id} \ -# {!def:h_X-Spam-Flag:} \ -# {!eq {$received_protocol}{spam-scanned}} \ -# {!eq {$received_protocol}{local}} \ -# {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ -# {<{$message_size}{100k}} \ -# } {1}{0}}" -# retry_use_local_part -# transport = spamcheck -# no_verify +.include_if_exists /etc/exim.spamassassin.conf + +#EDIT#50: +# Spam Assassin +#spamcheck_director removed. Use the exim.spamassassin.conf majordomo_aliases: driver = redirect @@ -698,7 +734,7 @@ once_file_size = 100K once_repeat = 2d - #COMMENT#59: +#COMMENT#59: userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} @@ -721,6 +757,7 @@ #COMMENT#61: remote_smtp: driver = smtp +.include_if_exists /etc/exim.dkim.conf #EDIT#62: address_pipe: @@ -744,6 +781,13 @@ address_reply: driver = autoreply +dovecot_lmtp_udp: + driver = lmtp + socket = /var/run/dovecot/lmtp + #maximum number of deliveries per batch, default 1 + batch_max = 200 + return_path_add + #EDIT#65: # RETRY CONFIGURATION # Domain Error Retries