The following information may have errors; It is not permissible to be read by anyone who has ever met a lawyer. Use is confined to Engineers with more than 370 course hours of electronic engineering for theoretical studies.
ph +1(785) 841 3089 Email inform@xtronics.com
Exim
From Transwiki
Contents |
[edit] Exim
[edit] Exim rbl config
Basic syntax :
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
dnslists = relays.ordb.org:\
sbl-xbl.spamhaus.org:\
l1.spews.dnsbl.sorbs.net:\
l1.spews.dnsbl.sorbs.net:\
dnsbl.sorbs.net=127.0.0.2,127.0.0.3,127.0.0.4,127.0.0.5,127.0.0.7,127.0.8,127.0.0.9,127.0.0.10,127.0.0.11,127.0.0.12
The first line sets the bounce message the sending server gets..
The next line tells it to look in the listed RBLs - the ":" separates the lists and the "\" is just a line continuation.
You can set which rbl codes are used to reject email by putting a "=" after the domain name and a comma separated list of IP to bounce on. In the example above we are allowing 127.0.0.6 code to pass through.
To test RBLs with a dig or nslookup you must reverse the dot separated quads:
If you are testing for a sending server with IP address 1.2.3.4 we need to enter
$ dig 4.3.2.1.joesrbl.net
Which would return no answer for clean addresses or 127.0.0.? for spam spewers.
Or better yet just send an email USING THE MAILSERVER YOU WISH TESTED, to:
nelson-sbl-test@crynwr.com
[edit] comparing rbls
- look for timeouts
$/var/log/exim4/grep "DNS list lookup defer" mainlog
- How many rejects Where rbl.org is the name of the rbl you are testing for.
$/var/log/exim4/grep -c rbl.org rejectlog
| SORBS listing and ips | ||
|---|---|---|
| all of the dnsbl.sorbs.net lists | 127.0.0.1 | Aggregate zone (contains all the following DNS zones) |
| http | 127.0.0.2 | List of Open HTTP Proxy Servers |
| socks | 127.0.0.3 | List of Open SOCKS Proxy Servers. |
| misc | 127.0.0.4 | List of open Proxy Servers not listed in the SOCKS or HTTP lists. |
| smtp | 127.0.0.5 | List of Open SMTP relay servers. |
| spam | 127.0.0.6 | List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list. |
| web | 127.0.0.7 | List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts) Note: This zone now includes non-webserver IP addresses that have abusable vulnerabilities. |
| block | 127.0.0.8 | List of hosts demanding that they never be tested by SORBS. |
| zombie | 127.0.0.9 | List of networks hijacked from their original owners, some of which have already used for spamming. |
| dul | 127.0.0.10 | Dynamic IP Address ranges (NOT a Dial Up list!) - includes all dynamic IP addresses (DSL) |
| badconf | 127.0.0.11 | List of domain names where the A or MX records point to bad address space. |
| nomail | 127.0.0.12 | List of domain names where the owners have indicated no email should ever originate from these domains. |
To check to see if an IP is listed http://openrbl.org/
[edit] Bogofilter stuff
Bogofilter is the spam filter of choice.
I have bogofilter working with exim-4.12 - the router needed domain = +localdomains so outgoing e-mail did not get scanned.
I've fixed it by generating a unique header to tag (x-flag (make up your own)) as it scanned here - and look for that instead of the x-bogosity header in the router. Then in local deliveries I remove the header again so it won't effect any filter stats.
Be sure to set the owner of the word list to something exims! (maill)
[edit] ROUTERS
# Bogofilter will add X-Bogosity header to all incoming mail. # This usually goes right after the dns_lookup router and # before any local deliver routers. Location is important! bogo_router: domains = +local_domains no_verify
condition = ${if !eq {$received_protocol}{bogodone} {1}{0}} driver = accept
transport = bogo_transport
#end of routerS
[edit] Transports
# Bogofilter will add X-Bogosity header to all incoming mail. # This can go anywhere in the transport section, usually at # the very end after address_reply bogo_transport: driver = pipe
command = /usr/sbin/exim -oMr bogodone -bS use_bsmtp = true headers_add = X-Bogofilterd: true transport_filter = /usr/bin/bogofilter -d /etc/bogofilter -l -p -e -u return_fail_output = true group = mail user = mail home_directory = "/tmp" current_directory = "/tmp" log_output = true return_path_add = false
local_delivery: driver = appendfile file = /var/mail/$local_part #lose the X-flag header headers_remove = X-flag delivery_date_add envelope_to_add return_path_add group = mail mode = 0660 # end of transport
[edit] Question
Is the X-bogosity header ignored while creating the data bases? or would I have to remove them?
That is if I run a test - will it replace the old bogosity header?
I can imagine that spammers will put a fake header in after people start using the filter. Any provision to change the header name as a command-line option?
[edit] Answer
It's not a problem. In lexer.l is code to detect any "X-Bogosity" header lines and remove them. Any attempts by a spammer to supply their own X-Bogosity lines to deceive bogofilter will fail. Note: you must be using the passthrough option ('-p') to have bogofilter rewrite the message. (The rewritten message has old X-Bogosity lines removed and the new one inserted at the end of the message header). bogofilter also has a provision in the config file to change the x-bogosity name (but it is hard to think of a better name<g>)
[edit] bogofilter Testing hints
- provides number of messages scanned
bogoutil -w dbdirectory .MSG_COUNT
- lists probability of word you enter you enter from keyboard
bogoutil -w dbdirectory testword
Anyone getting started should archive a few 100 spams and emails as a first step. It also will flag most viruses if you put them in with the spam.
Keep all your spams and real emails archived by quarters - as your email and spams change you may want to create a new data base with more recent messages.
[edit] Cyrus and Exim
I had some problems with configuring exim 4 and cyrus but now it works.... maybe this helps others as well
[edit] /etc/services
# Local services
lmtp 24/tcp # LMTP Mail Delivery over TCP lmtp 24/udp # LMTP Mail Delivery over TCP pop3 110/tcp pop-3 # POP version 3 pop3 110/udp pop-3 imap 143/tcp imap2 # Interim Mail Access Proto v2 imap 143/udp imap2 imaps 993/tcp # IMAP over SSL imaps 993/udp # IMAP over SSL pop3s 995/tcp # POP-3 over SSL pop3s 995/udp # POP-3 over SSL sieve 2000/tcp # Sieve Mail Filter Daemon sieve 2000/udp # Sieve Mail Filter Daemon
[edit] /etc/imapd.conf
configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no sieveuserhomedir: no sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
[edit] /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE # idled cmd="idled"
} # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery lmtp cmd="lmtpd -a" listen="lmtp" prefork=0 # lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=1 # this is only necessary if using notifications # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 } EVENTS # this is required checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression delprune cmd="ctl_deliver -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 }
[edit] /etc/exim/exim.conf
# .... ########## ROUTERS smart_route: driver = manualroute domains = !+local_domains transport = remote_smtp route_list = * "smarthost.com" byname localuser:
driver = accept transport = local_delivery_lmtp
########## TRANSPORTS local_delivery_lmtp: driver = smtp protocol = lmtp hosts_override hosts = localhost allow_localhost return_path_add # ....
[edit] steps
- installing cyrus-imapd
- passwd cyrus
- saslpasswd cyrus
- rc_saslauthd start
- rc_cyrus-imapd start
- su - cyrus
- cyradm --user cyrus 127.0.0.1
- cm user.test
- cm user.test.list.test
- sam user.test.list anyone p # for test+list.test@.....
- rc_exim start
Have fun !
[edit] Hylafax - Exim - and html -- Exim configuration for Faxmail
These configurations enable exim and hylafax (www.hylafax.org) work together, i mean sending fax by email (user@123456.fax). Obs: There is a problem faxmail does not support email in html format. If someone solved this problem, pls tell me.
[edit] exim.conf
# TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. ######################################################################
# A transport is used only when referenced from a director or a router that
# successfully handles an address.
#These configure for sending of fax for email
fax:
driver = pipe
user = cpd
command ="/usr/bin/faxmail -d ${local_part}@${extract{1}{.}{$domain}}"
home_directory = /usr/bin
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Estas configuracoes sao para habilitar o envia de fax por email
fax:
driver = domainlist
transport = fax
route_list ="*.fax"
# End of Exim configuration file
[edit] Hylafax HTML setup
[edit] How to send HTML files?
I want to fax HTML documents so they look like html pages not >source. >
First of all, fetch html2ps by Jan Karrman from : http://www.tdb.uu.se/~jan/html2ps.html It is a perl script and does an excellent job on any text/html stuff; it will also tackle embedded images if you have ImageMagick and PerlMagick installed.
Second, insert the following into the typerules file, just above the bottom line :
# HTML support 0 string <!DOCTYPE HTML ps /usr/local/bin/html2ps %i >%o 0 string <!doctype html ps /usr/local/bin/html2ps %i >%o 0 string <HEAD ps /usr/local/bin/html2ps %i >%o 0 string <head ps /usr/local/bin/html2ps %i >%o 0 string <TITLE ps /usr/local/bin/html2ps %i >%o 0 string <title ps /usr/local/bin/html2ps %i >%o 0 string <HTML ps /usr/local/bin/html2ps %i >%o 0 string <html ps /usr/local/bin/html2ps %i >%o
Remember all this is at the client end (if your client is a different machine to your fax server).
[edit] Exim Testing Hints
exim -bh <ip address>
HELO BAR.COM
MAIL FROM:<foo@bar.com>
RCPT TO:<wayne@bar.com>
DATA
Date: Fri, Jul 16 2010, 13:41:30 -0400
From: "Commissioner Gordon" <foo@bar.com>
Subject: DAILY REPORT OF DISK UTILIZATION
To: "Bruce Wayne" <wayne@bar.com>
