_
_____ _(_)_ __ ___
/ _ \ \/ / | '_ ` _ \
| __/> <| | | | | | |
\___/_/\_\_|_| |_| |_|
links:
exim.org - go here and work out how to do
things properly (or read on :-)
policyd.org - very
handy for greylisting, dial up, descision making. Designed for postfix
but works with exim too.
my crap:
hint
*(policyd is a much
better idea than reading further)*
alternative
to "dial up user
list":
this
is a series of regexes
designed to determine if email is from a residential ip address - based
on the "Selective SMTP Rejection (S25R)" anti-spam system (a bunch of
regexes for postfix) - basically, I have translated into exim so you
don't have to...
stick this in your acl section
deny
message = message rejected due to originating from IP residential range
log_message = residential ip address
condition = ${if
or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\
{match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\
{match{$sender_host_name}{\N^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]\N}}}{yes}{no}}
coupled
with reverse dns
verification this should do almost as good a job as any DUL list
without the expense of the extra rbl lookups. enjoy.
exim conditional greylisting with
greylistd:
here's
an excerpt from an exim
config I've put together. it's a rudimentary anti spam measure in exim.
as you know you can use exim to reject mail on (forward confirmed)
reverse dns verification, however this can be a bit harsh in some
environments for some people's taste. the following acl uses greylistd
*only* on email thats been identified to be from an ip thats failed
fcrdns verification *or* appears to be from a subscriber line. this way
any 'real' mta will get the chance to retry the mail that's been
deferred regardless of it's bad set up....
warn set acl_c1 = false
warn set acl_c0 = false
warn domains =
+relay_to_domains : +local_domains
!senders =
!hosts = +relay_from_hosts
!authenticated = *
condition =
${readsocket{/var/run/greylistd/socket}{--grey $sender_host_address
$sender_address $local_part@$domain}{5s}{}{false}}
set acl_c0 = true
warn domains =
+relay_to_domains : +local_domains
!senders =
!hosts = +relay_from_hosts
!authenticated = *
condition = ${if
or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\
{match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\
{match{$sender_host_name}{\N\.*(dhcp|dialup|ppp|[achrsvx]?dsl)\.*\N}}}{yes}{no}}
set acl_c1 = true
warn condition = ${if or{{=
{$host_lookup_deferred}{1}} \
{= {$host_lookup_failed}{1}}}}
set acl_c1 = true
defer message =
Greylisting in effect, please try again later.
log_message = greylisted.
condition = ${if
and{{eq{$acl_c0}{true}}{eq{$acl_c1}{true}}}}
accept domains =
+local_domains
verify = recipient
accept domains =
+relay_to_domains
accept hosts =
+relay_from_hosts
#
Reaching the end of the ACL causes a "deny", but we might as well give
#
an explicit message.
deny
message = relay not permitted
in msql, create database e.g.
mailcontrol (or just add a table to an existing db), create table
called exim_greylist:
CREATE TABLE
exim_greylist (
id integer NOT NULL auto_increment,
relay_ip varchar(64),
from_sender varchar(255),
rcpt_to varchar(255),
block_expires datetime NOT NULL,
record_expires datetime NOT NULL,
origin_type enum('MANUAL','AUTO') NOT NULL default 'AUTO',
create_time datetime NOT NULL,
PRIMARY KEY (id)
);
hence the table will look
something like this:
mysql> select * from
exim_greylist limit 10;
+----+----------+-------------+--------------------+---------------------+---------------------+-------------+---------------------+
|
id | relay_ip | from_sender |
rcpt_to
| block_expires |
record_expires | origin_type |
create_time |
+----+----------+-------------+--------------------+---------------------+---------------------+-------------+---------------------+
|
1 | 3.5.4.2 | 0@0.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:24 | 2008-03-10 18:17:24 |
AUTO | 2008-03-03 18:17:24 |
|
2 | 3.5.4.2 | 1@1.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:24 | 2008-03-10 18:17:24 |
AUTO | 2008-03-03 18:17:24 |
|
3 | 3.5.4.2 | 2@2.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:25 | 2008-03-10 18:17:25 |
AUTO | 2008-03-03 18:17:25 |
|
4 | 3.5.4.2 | 3@3.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:25 | 2008-03-10 18:17:25 |
AUTO | 2008-03-03 18:17:25 |
|
5 | 3.5.4.2 | 4@4.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:25 | 2008-03-10 18:17:25 |
AUTO | 2008-03-03 18:17:25 |
|
6 | 3.5.4.2 | 5@5.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:25 | 2008-03-10 18:17:25 |
AUTO | 2008-03-03 18:17:25 |
|
7 | 3.5.4.2 | 6@6.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:26 | 2008-03-10 18:17:26 |
AUTO | 2008-03-03 18:17:26 |
|
8 | 3.5.4.2 | 7@7.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:26 | 2008-03-10 18:17:26 |
AUTO | 2008-03-03 18:17:26 |
|
9 | 3.5.4.2 | 8@8.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:26 | 2008-03-10 18:17:26 |
AUTO | 2008-03-03 18:17:26 |
|
10 | 3.5.4.2 | 9@9.com |
dhdjhd@rjfrost.net | 2008-03-03 18:22:26 | 2008-03-10 18:17:26 |
AUTO | 2008-03-03 18:17:26 |
+----+----------+-------------+--------------------+---------------------+---------------------+-------------+---------------------+
in the main config (probably just
bunged onto the end):
# greylisting
shizzle
GREYLIST_TEST = SELECT CASE \
WHEN now() - block_expires > 0 THEN 2 \
ELSE 1 \
END \
FROM exim_greylist \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_sender = '${quote_mysql:$sender_address}'\
AND rcpt_to = '${quote_mysql:$local_part@$domain}'
GREYLIST_ADD = INSERT INTO exim_greylist (relay_ip, from_sender,
rcpt_to, \
block_expires, record_expires, create_time) \
VALUES ( '${quote_mysql:$sender_host_address}', \
'${quote_mysql:$sender_address}', '${quote_mysql:$local_part@$domain}',
\
DATE_ADD(now(), INTERVAL 5 MINUTE), \
DATE_ADD(now(), INTERVAL 7 DAY), \
now() \
)
and remember to tell exim about
your sql database if you are not using one already....
hide mysql_servers =
"localhost/mailcontrol/root/password"
then in the rcpt config:
warn set
acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}}
warn set acl_c1 = false
warn domains =
+relay_to_domains : +local_domains
!senders =
!hosts = +relay_from_hosts
!authenticated = *
condition = ${if
or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\
{match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\
{match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\
{match{$sender_host_name}{\N\.*(dhcp|dialup|ppp|[achrsvx]?dsl)\.*\N}}}{yes}{no}}
set acl_c1 = true
warn condition = ${if or{{=
{$host_lookup_deferred}{1}} \
{= {$host_lookup_failed}{1}}}}
set acl_c1 = true
defer message =
Greylisting in effect, please try again later.
log_message = greylisted.
condition = ${if eq{$acl_c1}{true}}
condition = ${if eq{$acl_m2}{0}{1}}
condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}}
defer message =
Greylisting in effect, retry time not reached, please try again later.
log_message = greylisted.
condition = ${if eq{$acl_c1}{true}}
condition = ${if eq{$acl_m2}{1}{1}}
accept domains =
+local_domains
verify = recipient
accept domains =
+relay_to_domains
accept hosts =
+relay_from_hosts
#
Reaching the end of the ACL causes a "deny", but we might as well give
#
an explicit message.
deny
message = relay not permitted
jobs a good un...
just make sure you add a script
to prune the DB for triplets over 7 days old (or however long you set
it to) else you'll end up with one massive table....
something like the following will
do:
#!/bin/sh
mysql -u root
-ppassword mailcontrol << EOF
delete from
exim_greylist where DATE_SUB(NOW(), INTERVAL 7 DAY) >= create_time;
EOF
* (i am not responsible for you
breaking your mail server with any of this stuff)