Exim conf enhancements

2025-08-14 10:37:42 -07:00 · 2019-08-23 18:58:42 +02:00 · 2019-08-23 18:58:42 +02:00 · 0d621b0991
commit 0d621b0991
parent 75c921832b
1 changed files with 33 additions and 11 deletions
--- a/install/debian/10/exim/exim4.conf.template
+++ b/install/debian/10/exim/exim4.conf.template
@ -4,9 +4,9 @@
 #                                                                    #
 ######################################################################

-#SPAMASSASSIN = yes
-#SPAM_SCORE = 50
-#CLAMD =  yes
+SPAMASSASSIN = yes
+SPAM_SCORE = 50
+CLAMD =  yes

 disable_ipv6=true
 add_environment=<; PATH=/bin:/usr/bin
@ -42,7 +42,7 @@ tls_on_connect_ports = 465
 never_users = root
 host_lookup = *
 rfc1413_hosts = *
-rfc1413_query_timeout = 5s
+rfc1413_query_timeout = 0s
 ignore_bounce_errors_after = 2d
 timeout_frozen_after = 7d

@ -56,8 +56,20 @@ DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
 #                       ACL CONFIGURATION                            #
 #         Specifies access control lists for incoming SMTP mail      #
 ######################################################################
+
+acl_not_smtp = acl_not_smtp
+
 begin acl

+acl_not_smtp:
+  deny message = Web site is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period
+  ratelimit = 40 / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period
+
+  accept
+
 acl_check_spammers:
  accept  hosts         = +whitelist

@ -74,6 +86,7 @@ acl_check_mail:

  drop    message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}}
          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
          delay         = 45s

@ -89,6 +102,12 @@ acl_check_mail:
 acl_check_rcpt:
  accept  hosts         = :

+  deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period
+  ratelimit = 40 / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period
+
  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
@ -136,9 +155,12 @@ acl_check_rcpt:


 acl_check_data:
+
+  deny senders = /etc/exim4/deny_senders
+
 .ifdef CLAMD
  deny   message        = Message contains a virus ($malware_name) and has been rejected
-         malware        = *
+         malware        = */defer_ok
         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
 .endif

@ -164,7 +186,7 @@ acl_check_data:

 acl_check_mime:
  deny   message        = Blacklisted file extension detected
-         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}

  accept

@ -209,6 +231,11 @@ dnslookup:
  transport = remote_smtp
  no_more

+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
+
 userforward:
  driver = redirect
  check_local_user
@ -250,11 +277,6 @@ localuser_fwd_only:
  transport = devnull
  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}}

-localuser_spam:
-  driver = accept
-  transport = local_spam_delivery
-  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
-
 localuser:
  driver = accept
  transport = local_delivery