iz: update exim configuration to bypass rbl check onn submission port

2025-08-22 22:34:05 -07:00 · 2014-06-29 11:54:40 +07:00 · 2014-06-29 11:54:40 +07:00 · 6adc9bed5e
commit 6adc9bed5e
parent 7cfa7abb88
1 changed files with 18 additions and 13 deletions
--- a/install/rhel/exim.conf
+++ b/install/rhel/exim.conf
@ -6,12 +6,13 @@ SPAM_SCORE = 50

 domainlist local_domains = dsearch;/etc/exim/domains/
 domainlist relay_to_domains = dsearch;/etc/exim/domains/
+hostlist   auth_relay_hosts = *
 hostlist   relay_from_hosts = 127.0.0.1
 hostlist   whitelist = net-iplsearch;/etc/exim/white-blocks.conf
 hostlist   spammers = net-iplsearch;/etc/exim/spam-blocks.conf
 no_local_from_check
 untrusted_set_sender = *
-acl_smtp_connect = acl_check_spammers
+#acl_smtp_connect = acl_check_spammers
 acl_smtp_mail = acl_check_mail
 acl_smtp_rcpt = acl_check_rcpt
 acl_smtp_data = acl_check_data
@ -26,8 +27,8 @@ av_scanner = clamd: /var/run/clamav/clamd.sock
 .endif

 tls_advertise_hosts = *
-tls_certificate = /etc/pki/tls/certs/exim.pem
-tls_privatekey = /etc/pki/tls/private/exim.pem
+tls_certificate = /usr/local/vesta/ssl/certificate.crt
+tls_privatekey = /usr/local/vesta/ssl/certificate.key

 daemon_smtp_ports = 25 : 465 : 587 : 2525
 tls_on_connect_ports = 465
@ -46,15 +47,6 @@ DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
 ##########################################################################
 begin acl
 ##########################################################################
-acl_check_spammers:
-  accept hosts = +whitelist
-  drop    message       = Your host in blacklist on this server.
-          log_message   = Host in blacklist
-          hosts         = +spammers
-  deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text
-          dnslists      = ${readfile {/etc/exim/dnsbl.conf}{:}}
-  accept
-
 acl_check_mail:
  deny
          condition     = ${if eq{$sender_helo_name}{}}
@ -86,6 +78,12 @@ acl_check_mail:
 acl_check_rcpt:
  accept  hosts         = :

+  accept  hosts = +auth_relay_hosts
+          condition = ${if eq {$interface_port}{587} {yes}{no}}
+          endpass
+          message = relay not permitted, authentication required
+          authenticated = *
+
  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
@ -94,6 +92,13 @@ acl_check_rcpt:
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text
+          dnslists      = ${readfile {/etc/exim/dnsbl.conf}{:}}
+
  require verify        = sender

  accept  hosts         = +relay_from_hosts
@ -306,7 +311,7 @@ local_spam_delivery:
  delivery_date_add
  envelope_to_add
  return_path_add
-  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.spam"
  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
  quota_warn_threshold = 75%