Help
I'd like to have a simple whitelist for verify callout.
Currently I have this...
QUOTE
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
#if it gets here it isn't mailman
##
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
##
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s
##
# Forged hostname -HELOs as one of my own IPs
##
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s
##
# Forged hostname - HELOs as my own hostname or domain
##
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.
# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s
##
# Hacked HELO (DOMAIN.com) (constructed by viruses)
##
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s
#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout=300s
##
# Reject email sent from server listed in DNS blacklists.
##
deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
# RBL Bypass Local Domain List
!domains = +rv_rbl_receiver_domain_whitelist
# RBL Whitelist Incoming hosts
!hosts = +rv_rbl_server_ip_whitelist
# RBL Bypass Sender Domain List
!senders = +rv_rbl_sender_address_whitelist
# The following is a list of RBL to check for spam.
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
relays.ordb.org
delay = 3s
##
# If the receiver domain is on this server, accept only the receiver email addresses that exist.
# Default address for the receiver domain have to set to :fail: to work with this ACL.
# If the default address set to :blackhole: or /dev/null, Exim will always think that email exist.
# Domains being attacked by dictionary attack spam are suggested to set default address to :fail:.
##
accept domains = +local_domains
endpass
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid." log_message = unknown user
verify = recipient
accept domains = +relay_domains
warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts
warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:require verify = header_sender
##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
##
# Reject messages attach illegal extension files
##
deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
# You might need to remove some of these extensions if you want to allow your user get these files
demime = bat:cmd:com:cpl:pif:reg:scr
##
# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.
##
deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:
.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
##
# Add a warning header if email contains illegal extension files but acccept the message
##
warn message = X-Antivirus-Filetype: Infected - $found_extension
# You might need to remove some of these extensions if you want to allow your user get these files
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:
sc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
##
# Add a warning header if email contains Virus but acccept the message
##
warn message = X-Antivirus-Scanner: Infected - $malware_name
demime = *
malware = */defer_ok
# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}
##
# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.
##
deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}
##
# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.
##
warn message = X-Exiscan-SA-Spam: Yes
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}
##
# Rewrite subject if email scored between 9 and 15.
##
# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.
warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\
# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.
\nX-Exiscan-SA-Report: $spam_report\
# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.
\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}
accept
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
#if it gets here it isn't mailman
##
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
##
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s
##
# Forged hostname -HELOs as one of my own IPs
##
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s
##
# Forged hostname - HELOs as my own hostname or domain
##
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.
# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s
##
# Hacked HELO (DOMAIN.com) (constructed by viruses)
##
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s
#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout=300s
##
# Reject email sent from server listed in DNS blacklists.
##
deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
# RBL Bypass Local Domain List
!domains = +rv_rbl_receiver_domain_whitelist
# RBL Whitelist Incoming hosts
!hosts = +rv_rbl_server_ip_whitelist
# RBL Bypass Sender Domain List
!senders = +rv_rbl_sender_address_whitelist
# The following is a list of RBL to check for spam.
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
relays.ordb.org
delay = 3s
##
# If the receiver domain is on this server, accept only the receiver email addresses that exist.
# Default address for the receiver domain have to set to :fail: to work with this ACL.
# If the default address set to :blackhole: or /dev/null, Exim will always think that email exist.
# Domains being attacked by dictionary attack spam are suggested to set default address to :fail:.
##
accept domains = +local_domains
endpass
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid." log_message = unknown user
verify = recipient
accept domains = +relay_domains
warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts
warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:require verify = header_sender
##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
##
# Reject messages attach illegal extension files
##
deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
# You might need to remove some of these extensions if you want to allow your user get these files
demime = bat:cmd:com:cpl:pif:reg:scr
##
# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.
##
deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:
.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$##
# Add a warning header if email contains illegal extension files but acccept the message
##
warn message = X-Antivirus-Filetype: Infected - $found_extension
# You might need to remove some of these extensions if you want to allow your user get these files
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:
sc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
##
# Add a warning header if email contains Virus but acccept the message
##
warn message = X-Antivirus-Scanner: Infected - $malware_name
demime = *
malware = */defer_ok
# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}
##
# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.
##
deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}
##
# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.
##
warn message = X-Exiscan-SA-Spam: Yes
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}
##
# Rewrite subject if email scored between 9 and 15.
##
# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.
warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\
# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.
\nX-Exiscan-SA-Report: $spam_report\
# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.
\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:
# Bypass Sender that usually send a lot of emails to reduce spamd load
!senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}
accept
I'd like to simply bypass the sender verify for some domains.
At the top of my exim configuration I have added this...
addresslist verify_sender_address_whitelist= lsearch*@;/usr/local/cpanel/base/eximacl/verify_sender_address_whitelist
But I dont know how to change the code above to use the whitelist. Can anyone help ?
