diff --git a/install/debian/9/exim/exim4.conf.template b/install/debian/9/exim/exim4.conf.template index bfb98e0b..67647934 100644 --- a/install/debian/9/exim/exim4.conf.template +++ b/install/debian/9/exim/exim4.conf.template @@ -4,9 +4,9 @@ # # ###################################################################### -#SPAMASSASSIN = yes -#SPAM_SCORE = 50 -#CLAMD = yes +SPAMASSASSIN = yes +SPAM_SCORE = 50 +CLAMD = yes disable_ipv6=true add_environment=<; PATH=/bin:/usr/bin @@ -42,7 +42,7 @@ tls_on_connect_ports = 465 never_users = root host_lookup = * rfc1413_hosts = * -rfc1413_query_timeout = 5s +rfc1413_query_timeout = 0s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d @@ -56,8 +56,20 @@ DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### + +acl_not_smtp = acl_not_smtp + begin acl +acl_not_smtp: + deny message = Web site is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period + ratelimit = 40 / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period + + accept + acl_check_spammers: accept hosts = +whitelist @@ -74,6 +86,7 @@ acl_check_mail: drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s @@ -89,6 +102,12 @@ acl_check_mail: acl_check_rcpt: accept hosts = : + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period + ratelimit = 40 / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period + deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] @@ -136,9 +155,12 @@ acl_check_rcpt: acl_check_data: + + deny senders = /etc/exim4/deny_senders + .ifdef CLAMD deny message = Message contains a virus ($malware_name) and has been rejected - malware = * + malware = */defer_ok condition = ${if eq{$acl_m0}{yes}{yes}{no}} .endif @@ -164,7 +186,7 @@ acl_check_data: acl_check_mime: deny message = Blacklisted file extension detected - condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} accept @@ -209,6 +231,11 @@ dnslookup: transport = remote_smtp no_more +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + userforward: driver = redirect check_local_user @@ -250,11 +277,6 @@ localuser_fwd_only: transport = devnull condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} -localuser_spam: - driver = accept - transport = local_spam_delivery - condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} - localuser: driver = accept transport = local_delivery