Sender verify whiltelist... - RV Products Forums

.

Forums Homepage RVSkin.com RVSiteBuilder.com

Help Search Members Calendar

Welcome Guest ( Log In | Register )

RV Products Forums > Server-Wide Spam and Virus Protection > General

Reply to this topic

Start new topic

Sender verify whiltelist..., How to ?

4uh View Member Profile	Feb 1 2007, 06:48 PM Post #1
Advanced Member Group: Members Posts: 75 Joined: 22-November 06 Member No.: 2,294	Hi, I'd like to have a simple whitelist for verify callout. Currently I have this... QUOTE #!!# ACL that is used after the RCPT command check_recipient: # Exim 3 had no checking on -bs messages, so for compatibility # we accept if the source is local SMTP (i.e. not over TCP/IP). # We do this by testing for an empty sending host field. accept hosts = : # Accept bounces to lists even if callbacks or other checks would fail warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes condition = \ ${if and {{match{$local_part}{(.)-bounces\+.}} \ {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \ {yes}{no}} accept condition = \ ${if and {{match{$local_part}{(.)-bounces\+.}} \ {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \ {yes}{no}} # Accept bounces to lists even if callbacks or other checks would fail warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes condition = \ ${if and {{match{$local_part}{(.)-bounces\+.}} \ {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \ {yes}{no}} accept condition = \ ${if and {{match{$local_part}{(.)-bounces\+.}} \ {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \ {yes}{no}} #if it gets here it isn't mailman ## # Be polite and say HELO. Reject anything from hosts that havn't given # a valid HELO/EHLO to us. ## deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1 condition = ${if eq{$sender_helo_name}{}{yes}{no}} delay = 3s ## # Forged hostname -HELOs as one of my own IPs ## # Forged HELO (our ip/hostname) deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards. !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}} delay = 3s ## # Forged hostname - HELOs as my own hostname or domain ## deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards. # accept helo which is in local_domain if we relay or had smtp auth !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}} delay = 3s ## # Hacked HELO (DOMAIN.com) (constructed by viruses) ## deny message = Hacked HELO: you are not $sender_helo_name condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}} condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}} !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * delay = 3s #sender verifications are required for all messages that are not sent to lists require verify = sender/callout=300s ## # Reject email sent from server listed in DNS blacklists. ## deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * # RBL Bypass Local Domain List !domains = +rv_rbl_receiver_domain_whitelist # RBL Whitelist Incoming hosts !hosts = +rv_rbl_server_ip_whitelist # RBL Bypass Sender Domain List !senders = +rv_rbl_sender_address_whitelist # The following is a list of RBL to check for spam. dnslists = list.dsbl.org : \ sbl.spamhaus.org : \ relays.ordb.org delay = 3s ## # If the receiver domain is on this server, accept only the receiver email addresses that exist. # Default address for the receiver domain have to set to :fail: to work with this ACL. # If the default address set to :blackhole: or /dev/null, Exim will always think that email exist. # Domains being attacked by dictionary attack spam are suggested to set default address to :fail:. ## accept domains = +local_domains endpass message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid." log_message = unknown user verify = recipient accept domains = +relay_domains warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}} hosts = +relay_hosts accept hosts = +relay_hosts warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}} condition = ${perl{checkrelayhost}{$sender_host_address}} accept condition = ${perl{checkrelayhost}{$sender_host_address}} accept hosts = +auth_relay_hosts endpass message = $sender_fullhost is currently not permitted to \ relay through this server. Perhaps you \ have not logged into the pop/imap server in the \ last 30 minutes or do not have SMTP Authentication turned on in your email client. authenticated = * deny message = $sender_fullhost is currently not permitted to \ relay through this server. Perhaps you \ have not logged into the pop/imap server in the \ last 30 minutes or do not have SMTP Authentication turned on in your email client. #!!# ACL that is used after the DATA command check_message:require verify = header_sender ## # Reject messages with serious MIME container errors ## deny message = This message contains malformed MIME ($demime_reason). demime = * condition = ${if >{$demime_errorlevel}{2}{1}{0}} ## # Reject messages attach illegal extension files ## deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it. # You might need to remove some of these extensions if you want to allow your user get these files demime = bat:cmd:com:cpl:pif:reg:scr ## # Reject messages attach attach a file with a CLSID in the name # which causes Windows to hide the file extension. ## deny message = Hiding of file extensions(CLSID hidden) is not allowed. regex = ^(?i)Content-Disposition:.?)filename=\\s"+((\{[a-hA-H0-9-]{25,}\})\|((.?)\\s{10,}(.?)))"+\$ ## # Add a warning header if email contains illegal extension files but acccept the message ## warn message = X-Antivirus-Filetype: Infected - $found_extension # You might need to remove some of these extensions if you want to allow your user get these files demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde: sc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc ## # Add a warning header if email contains Virus but acccept the message ## warn message = X-Antivirus-Scanner: Infected - $malware_name demime = * malware = /defer_ok # Messages larger than 200k are accepted without spam scanning to reduce spamd load accept condition = ${if >{$message_size}{200k}{true}} ## # Reject spam messages with score over 15. # Keep in mind that $spam_score_int is the messages score multiplied by ten. ## deny message = Spam score too high ($spam_score) # Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist spam = mailnull:true/defer_ok condition = ${if >{$spam_score_int}{150}{1}{0}} ## # Add a warning header if email scored between 12 and 15. # Delete email in the System Filter File, if sender or receiver is not listed in the whitelists. ## warn message = X-Exiscan-SA-Spam: Yes # Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist spam = mailnull:true/defer_ok condition = ${if >{$spam_score_int}{120}{1}{0}} ## # Rewrite subject if email scored between 9 and 15. ## # Always put X-Spam-Score header in the message. # It looks like this: # X-Exiscan-SA-Score: 6.6 (++++++) # When a MUA cannot match numbers, it can match for an # equivalent number of '+' signs. warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\ # Put X-Spam-Report header in the message. # This is a multiline header that informs the user # which tests a message has "hit", and how much a # test has contributed to the score. \nX-Exiscan-SA-Report: $spam_report\ # For the subject tag, we prepare a new subject header in the # ACL, then swap it with the original Subject in the system filter. \nX-Exiscan-SA-New-Subject: SPAM* $h_subject: # Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist spam = mailnull:true/defer_ok condition = ${if >{$spam_score_int}{90}{1}{0}} accept I'd like to simply bypass the sender verify for some domains. At the top of my exim configuration I have added this... addresslist verify_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/verify_sender_address_whitelist But I dont know how to change the code above to use the whitelist. Can anyone help ?

pairote View Member Profile	Feb 1 2007, 09:33 PM Post #2
Administrator Group: Admin Posts: 4,252 Joined: 13-June 03 Member No.: 1	Replace require verify = sender/callout=300s with this one http://forums.rvskin.com/index.php?s=&...post&p=6880. and add your additional rule. Your rule should be !senders = +verify_sender_address_whitelist

jamesbond View Member Profile	Mar 11 2007, 05:28 AM Post #3
Newbie Group: Members Posts: 3 Joined: 10-March 07 Member No.: 3,096	QUOTE(pairote @ Feb 1 2007, 09:33 PM) Replace require verify = sender/callout=300s with this one http://forums.rvskin.com/index.php?s=&...post&p=6880. and add your additional rule. Your rule should be !senders = +verify_sender_address_whitelist Where exactly should we add this rule? Does it matter that we will then have two !sender lines? Or should we add it like this? CODE !senders = +verify_sender_address_whitelist:\ ^.-request@.:\ ^bounce-.@.:\ ^.-bounce@.:\ ^owner-.@.:\ ^.@DNSreport.com.:\ ^listmaster@.:\ ^root@.:\ ^anonymous@.:\ ^nobody@.

« Next Oldest · General · Next Newest »

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 3rd September 2010 - 12:02 AM

Powered By IP.Board 2.3.1 © 2010 IPS, Inc.