--- 4.2.3/exim.conf-SpamBlockerTechnology-v4.2.3.txt 2014-10-20 14:05:49.000000000 -0600 +++ 4.3.0/exim.conf-SpamBlockerTechnology-v4.3.0.txt 2014-10-20 14:05:32.000000000 -0600 @@ -1,5 +1,5 @@ -# SpamBlockerTechnology* powered exim.conf, Version 4.2.3-alpha1 -# September 1, 2014 17:54 (-0700) +# SpamBlockerTechnology* powered exim.conf, Version 4.3.0-alpha2 +# September 9, 2014 03:03 (-0700) # Exim configuration file for DirectAdmin # Requires exim.pl as distributed by DirectAdmin here: # http://files.directadmin.com/services/exim.pl version 19 or higher @@ -70,6 +70,9 @@ #Block Cracking variables .include_if_exists /etc/exim.blockcracking/variables.conf +#Easy Spam Figher variables +.include_if_exists /etc/exim.easy_spam_fighter/variables.conf + #EDIT#3: # qualify_domain = @@ -85,22 +88,14 @@ #EDIT#7: daemon_smtp_ports = 25 : 587 : 465 tls_on_connect_ports = 465 -disable_ipv6=false #EDIT#8: local_from_check = false -#EDIT#9: -message_size_limit = 20M -smtp_receive_timeout = 5m -smtp_accept_max = 100 -message_body_visible = 3000 -print_topbitchars = true -smtp_accept_max_nonmail = 10 -smtp_accept_max_per_host = 10 -recipients_max = 150 -smtp_accept_queue_per_connection = 10 -smtp_accept_max_per_connection = 100 +.include /etc/exim.variables.conf +.include_if_exists /etc/exim.variables.conf.custom +.include /etc/exim.strings.conf +.include_if_exists /etc/exim.strings.conf.custom #EDIT#10: helo_allow_chars = _ @@ -130,7 +125,9 @@ acl_smtp_auth = acl_check_auth acl_smtp_connect = acl_connect acl_smtp_helo = acl_check_helo +acl_smtp_mail = ${if ={$interface_port}{587} {accept}{acl_check_mail}} acl_smtp_rcpt = acl_check_recipient +acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}} acl_smtp_data = acl_check_message #EDIT#14: @@ -166,16 +163,13 @@ rfc1413_query_timeout = 0s #EDIT#20: -deliver_queue_load_max = 5.0 -queue_only_load = 7.5 -queue_run_max = 5 +#exim.variables.conf #EDIT#21: -ignore_bounce_errors_after = 2d -timeout_frozen_after = 3d +#exim.variables.conf #EDIT#22: -trusted_users = mail:majordomo:apache:diradmin +#exim.variables.conf #EDIT#23: tls_certificate = /etc/exim.cert @@ -192,14 +186,20 @@ #EDIT#24: acl_connect: + warn set acl_m_spam_assassin_has_run = 0 + .include_if_exists /etc/exim.easy_spam_fighter/connect.conf accept hosts = * +acl_check_mail: + .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf + accept + #EDIT#24.5# acl_check_auth: drop set acl_m_authcount = ${eval10:0$acl_m_authcount+1} condition = ${if >{$acl_m_authcount}{2}} delay = 10s - message = Only one authentication attempt is allowed per connection + message = ONLY_ONE_AUTH_PER_CONN accept @@ -208,20 +208,20 @@ # accept mail originating on this server unconditionally accept hosts = @[] : @ # deny if the HELO pretends to be this host - deny message = Bad HELO - Host impersonating hostname [$sender_helo_name] + deny message = HELO_HOST_IMPERSANATION condition = ${if or { \ {match{$sender_helo_name}{$smtp_active_hostname}} \ {eq{$sender_helo_name}{[$interface_address]}} \ } {true}{false} } # deny if the HELO is an IP address - deny message = HELO is an IP address (See RFC2821 4.1.3) + deny message = HELO_IS_IP condition = ${if eq{$interface_port}{25}} condition = ${if isip{$sender_helo_name}} # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks - deny message = Bad HELO - Blocked due to abuse + deny message = HELO_BLOCKED_FOR_ABUSE condition = ${if eq{$sender_helo_name}{ylmf-pc}} # deny if the HELO pretends to be one of the domains hosted on the server - deny message = Bad HELO - Host impersonating domain name [$sender_helo_name] + deny message = HELO_IS_LOCAL_DOMAIN condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}} hosts = ! +relay_hosts accept @@ -231,12 +231,12 @@ set acl_m_username = ${perl{get_username}{$acl_m_uid}} condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}} - message = User account ($acl_m_username) has sent too many emails. Script delivery blocked. + message = USER_TOO_MANY discard condition = ${if !eq{$originator_uid}{$exim_uid}} condition = ${if exists{BLACKLIST_USERNAMES}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} - message = User account ($acl_m_username) is not allowed to send emails. Script delivery blocked via BLACKLIST_USERNAMES. + message = USER_ON_BLACKLIST_SCRIPT .include_if_exists /etc/exim.blockcracking/script.conf @@ -252,20 +252,20 @@ local_parts = ^[.] : ^.*[@%!/|] # If you've hit the limit, you can't send anymore. Requires exim.pl 17+ - drop message = User account ${authenticated_id} has sent too many emails + drop message = AUTH_TOO_MANY condition = ${perl{auth_hit_limit_acl}} authenticated = * - drop message = Legitimate bounces are never sent to more than one recipient. + drop message = MULTIPLE_BOUNCE_RECIPIENTS senders = : postmaster@* condition = ${if >{$recipients_count}{0}{true}{false}} - drop message = REJECTED - Too many failed recipients - count = $rcpt_fail_count + drop message = TOO_MANY_FAILED_RECIPIENTS log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} !verify = recipient/callout=2m,defer_ok,use_sender - drop message = The domain ${domain} is currently suspended. Try later. + drop message = DOMAIN_SUSPENDED domains = +local_domains condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}} @@ -275,7 +275,7 @@ set acl_m_username = ${perl{get_username}{$acl_m_uid}} condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} - message = User account ($acl_m_username) is not allowed to send emails. E-Mail delivery blocked. + message = USER_ON_BLACKLIST_SMTP logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking @@ -286,7 +286,7 @@ accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass - message = relay not permitted, authentication required + message = RELAY_NOT_PERMITTED_AUTH authenticated = * # Deny all Mailer-Daemon messages not for us: deny message = We didn't send the message @@ -294,29 +294,31 @@ domains = !+relay_domains # Deny if the recipient doesn't exist: - deny message = No such recipient here + deny message = NO_SUCH_RECIPIENT domains = +local_domains !verify = recipient # Remaining Mailer-Daemon messages must be for us accept senders = : domains = +relay_domains + .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf + #EDIT#27: # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address - deny message = R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + deny message = R1: HELO_SHOULD_BE_FQDN !authenticated = * condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} ## 2nd deny makes sure the hostname doesn't end with a dot (invalid) - # deny message = R2: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + # deny message = R2: HELO_SHOULD_BE_FQDN # !authenticated = * # condition = ${if match{$sender_helo_name}{\N\.$\N}} # 3rd deny makes sure the hostname has no double-dots (invalid) - deny message = R3: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + deny message = R3: HELO_SHOULD_BE_FQDN !authenticated = * condition = ${if match{$sender_helo_name}{\N\.\.\N}} ## 4th deny make sure the hostname doesn't end in .home (invalid domain) - # deny message = R4: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1) + # deny message = R4: HELO_SHOULD_BE_FQDN # !authenticated = * # condition = ${if match{$sender_helo_name}{\N\.home$\N}} @@ -344,20 +346,20 @@ logwrite = $sender_host_address whitelisted in local sender whitelist #EDIT#32: - deny message = 554 denied. 5.7.1 Email Blocked due to SPAM + deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER domains = +use_rbl_domains domains = !+skip_rbl_domains senders = +blacklist_senders #EDIT#33: - deny message = 554 denied. 5.7.1 Host Blocked due to SPAM + deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST # only for domains that do want to be tested against RBLs domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = +bad_sender_hosts #EDIT#34: - deny message = 554 denied. 5.7.1 IP Blocked due to SPAM + deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP hosts = +bad_sender_hosts_ip #EDIT#35: @@ -378,7 +380,7 @@ require verify = sender #EDIT#39: - deny message = 554 denied. 5.7.1 Domain Blocked due to SPAM + deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN domains = +use_rbl_domains domains = !+skip_rbl_domains sender_domains = +blacklist_domains @@ -389,7 +391,7 @@ # condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}} #EDIT#41: - deny message = Email blocked by $dnslist_domain + deny message = RBL_BLOCKED_BY_LIST hosts = !+relay_hosts domains = +use_rbl_domains domains = !+skip_rbl_domains @@ -407,7 +409,7 @@ # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass - message = "Unknown User" + message = UNKNOWN_USER verify = recipient #COMMENT#44 # accept if address is in a domain for which we relay as long as recipient @@ -421,17 +423,24 @@ accept hosts = +auth_relay_hosts endpass - message = authentication required + message = AUTH_REQUIRED authenticated = * # FINAL DENY EMAIL BEFORE DATA BEGINS HERE # default at end of acl causes a "deny", but line below will give # an explicit error message: - deny message = relay not permitted + deny message = RELAY_NOT_PERMITTED + + +acl_check_dkim: + .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf + accept # ACL that is used after the DATA command (ClamAV) acl_check_message: + .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf + #EDIT#46: #.include_if_exists /etc/exim.clamav.conf @@ -439,24 +448,24 @@ # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}} ## deny if email contains malformed MIME header - # deny message = This message contains malformed MIME (malformed_MIME:$demime_reason) + # deny message = CLAM_MALFORMED_MIME # demime = * # condition = ${if >{$demime_errorlevel}{2}{1}{0}} ## deny if email containing virus or other harmful content - # deny message = This message contains a virus or other harmful content (virus_in_message:$malware_name) + # deny message = CLAM_HAS_VIRUS # demime = * # malware = * ## deny if email contains an attachment of type we don't accept. - # deny message = This message contains an attachment of a type which we do not accept (attachment_not_allow:.$found_extension) + # deny message = CLAM_BAD_ATTACHMENT # demime = bat:com:pif:prf:scr:vbs:html ## Accept but put warning into headers if message over 1000k - # warn message = X-Antivirus-Scanner: Skipped scanning; size over 1000K. You should use an Antivirus Scanner + # warn message = CLAM_SKIPPED # condition = ${if >={$message_size}{1000k} {1}{0}} - # warn message = X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner + # warn message = CLAM_CLEAN ## The end of the acl_check_message acl (ClamAV) ## Do NOT comment out the line below or all messages will be denied. @@ -794,5 +803,6 @@ # Domain Error Retries # ------ ----- ------- begin retry +* quota * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration