| View previous topic :: View next topic |
| Author |
Message |
Strowi
l33t
Joined: 19 Aug 2003
Posts: 656
Location: Bonn
|
 Posted: Tue Mar 27, 2007 5:22 pm Post subject: howto make exim not scan local mails? |
 |
|
hi,
i am about to jump out of the window, but i thought i'd try here first...
I set up exim + spam/clamav + cyrus according to the howto in the documentation section.
It even works.... but sending is slow as hell..
I have exim running on a gateway router, and exim scans ALL mails for spam/viruses (from inside and outside the LAN).
How can i make exim scan only external mails and skip the check for mails from "192.168.2.0/24" ?
here ist the acl-part of my setup:
| Code: |
primary_hostname = dyndns-acc.org
domainlist local_domains = @ : dyndns-acc.org : localdomain : localhost
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 192.168.2.0/24
hostlist auth_relay_hosts = *
hostlist auth_over_tls_hosts = *
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_content
av_scanner = clamd:/tmp/clamd
spamd_address = 127.0.0.1 783
qualify_domain = dyndns-acc.org
never_users = root
rfc1413_hosts = ! 192.168.2.0/24
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
smtp_accept_queue_per_connection = 1000
smtp_accept_max_per_connection = 10000
extract_addresses_remove_arguments = false
tls_certificate = /etc/ssl/exim/server.pem
tls_privatekey = /etc/ssl/exim/server.pem
tls_advertise_hosts=*
received_header_text = Received: \
${if def:sender_fullhost {from ${sender_fullhost}\
${if def:sender_ident {(${sender_ident})}}}\
{${if def:sender_ident {from ${sender_ident} }}}}\
by ${primary_hostname}\
${if def:received_protocol {with ${received_protocol}}}\
${if def:tls_cipher {(tls_cipher ${tls_cipher})}}\
${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}}\
id ${message_id}
begin acl
acl_check_rcpt:
accept hosts = :
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = Rejected mail: Forged HELO
condition = ${if eq{$sender_helo_name}{MYIP}{yes}{no}}
deny message = Rejected mail: Forged HELO
condition = ${if eq{$sender_helo_name}{my-domain.com}{yes}{no}}
deny message = Rejected mail: No HELO/EHLO received
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
deny message = Rejected mail: Forged HELO
condition = ${if isip{$sender_helo_name}{yes}{no}}
condition = ${if eq{$sender_helo_name}{$sender_host_address}{no}{yes}}
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
require verify = sender/defer_ok
deny message = Your host is listed in Blacklist
log_message = found in Blacklist
dnslists = nomail.rhsbl.sorbs.net:sbl-xbl.spamhaus.org:list.dsbl.org:relays.ordb.org:ix.dnsbl.manitu.net
accept domains = +local_domains
endpass
verify = recipient
deny message = Rejected recipient: relay not permitted
acl_check_content:
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains an unwanted file extension ($found_extension).
demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url
deny message = Hiding of file extensions is not allowed!
log_message = Dangerous extension (CLSID hidden)
regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
deny message = This message contains malware ($malware_name)
demime = *
malware = */defer_ok
deny message = This message matches a blacklisted regular expression ($regex_match_string)
regex = [Vv] *[IiìíîïÌÍÎÏ1\¡] *[Aaàáâã\@ÀÁÂÃÄŪ] *[Gg] *[Rr] *[Aaàáâã\@ÀÁÂÃÄŪ]
warn message = X-My-HELO: invalid
log_message = HELO argument does not match calling host
!verify = helo
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
warn message = X-Spam-Flag: YES
spam = nobody
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{50}{1}{0}}
warn message = Subject: ***SPAM*** $h_subject
spam = nobody
condition = ${if >{$spam_score_int}{30}{1}{0}}
accept
begin routers
send_to_relay:
driver = manualroute
domains = ! +local_domains
transport = remote_smtp
route_list = * smtp.netcologne.de
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
allow_filter
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
begin transports
remote_smtp:
driver = smtp
remote_tlssmtp:
driver = smtp
hosts_require_tls=*
hosts_require_auth=*
local_delivery:
driver = lmtp
socket = "/var/imap/socket/lmtp"
user = cyrus
batch_max = 20
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_directory:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
maildir_format
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
fixed_plain:
driver = plaintext
public_name = PLAIN
client_send = ^myuser^mypassword
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = UserName:: : Password::
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
|
thx for any help!
_________________
--
Linux & such ...
http://blog.hasnoname.de |
|
| Back to top |
|
 |
xces
Guru
Joined: 11 Oct 2002
Posts: 515
|
| Posted: Tue Mar 27, 2007 7:05 pm Post subject: Re: howto make exim not scan local mails? |
|
|
| Strowi wrote: | I have exim running on a gateway router, and exim scans ALL mails for spam/viruses (from inside and outside the LAN).
How can i make exim scan only external mails and skip the check for mails from "192.168.2.0/24" ? |
Put "accept hosts = +relay_from_hosts" in the line directly after "acl_check_content:" |
|
| Back to top |
|
|
Strowi
l33t
Joined: 19 Aug 2003
Posts: 656
Location: Bonn
|
| Posted: Wed Mar 28, 2007 9:03 am Post subject: |
|
|
thx, works fine now...
I guess i have read some more about the acl's, i thought this would let the mail already pass...
| Code: |
acl_check_rcpt:
accept hosts = :
accept hosts = +relay_from_hosts
|
_________________
--
Linux & such ...
http://blog.hasnoname.de |
|
| Back to top |
|
|
xces
Guru
Joined: 11 Oct 2002
Posts: 515
|
| Posted: Wed Mar 28, 2007 9:46 am Post subject: |
|
|
| Strowi wrote: | | I guess i have read some more about the acl's, i thought this would let the mail already pass... |
It does, but only in the RCPT stage of the SMTP dialog.  |
|
| Back to top |
|
|
|
Networking & Security
