If i run the below without the defer part in ACL_check_rcpt about
mailscanner, all works ok.
But if I enable that section, the incoming mail just gets dropped in the
incoming spool-dir, and never gets picket up by mailscanner.
Any clue as to why that is happening? (Exim 4.63, exim4-daemon-heavy in
Debian)
haven:/var/run/greylistd# cat /etc/exim4/exim4.conf.template | grep -v
^#
.include /etc/xams/exim-custom.conf
trusted_users = root : mail : xams
domainlist local_domains = @:+xams_domains:+custom_local_domains
domainlist relay_to_domains = +custom_relay_to_domains
hostlist relay_from_hosts = 127.0.0.1:+custom_relay_from_hosts
acl_smtp_rcpt = acl_check_rcpt
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
.ifdef TLS_ENCRYPTION
tls_advertise_hosts = *
tls_certificate = /usr/local/exim/exim.cert
tls_privatekey = /usr/local/exim/exim.pem
.endif
.ifdef EXISCAN_MODULE
# The following ACL entry is used if you want to do content scanning
with the
# exiscan-acl patch. When you uncomment this line, you must also
review the
# acl_check_content entry in the ACL section further below.
acl_smtp_data = acl_check_content
.endif
.ifdef MAILSCANNER_INCOMING
spool_directory = /var/spool/exim4-incoming
queue_only = true
.elifdef MAILSCANNER_OUTGOING
spool_directory = /var/spool/exim4-outgoing
pid_file_path = /var/run/exim4/exim-outgoing.pid
.else
spool_directory = /var/spool/exim4
.endif
.include /etc/xams/exim-global.conf
.include /etc/xams/exim-sql-macros.conf
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do
this by
# testing for an empty sending host field.
accept hosts = :
accept authenticated = *
#defer
# message = Please try later.
# !hosts = /etc/greylistd/whitelist-hosts
# !senders = :
## !acl = acl_clean_helo
# log_message = greylisted.
# set acl_m9 = ${mask:$sender_host_address/24}
$sender_address [EMAIL PROTECTED]
# set acl_m9 =
${readsocket{/var/run/greylistd/socket}{$acl_m9}{5s}{}{}}
# condition = ${if eq {$acl_m9}{grey}{true}{false}}
########################################################################
#####
# The following section of the ACL is concerned with local parts that
contain
# @ or % or ! or / or | or dots in unusual places.
#
# The characters other than dots are rarely found in genuine local
parts, but
# are often tried by people looking to circumvent relaying
restrictions.
# Therefore, although they are valid in local parts, these rules lock
them
# out, as a precaution.
#
# Empty components (two dots in a row) are not valid in RFC 2822, but
Exim
# allows them because they have been encountered. (Consider local
parts
# constructed as "firstinitial.secondinitial.familyname" when applied
to
# someone like me, who has no second initial.) However, a local part
starting
# with a dot or containing /../ can cause trouble if it is used as
part of a
# file name (e.g. for a mailing list). This is also true for local
parts that
# contain slashes. A pipe symbol can also be troublesome if the local
part is
# incorporated unthinkingly into a shell command line.
#
# Two different rules are used. The first one is stricter, and is
applied to
# messages that are addressed to one of the local domains handled by
this
# host. It blocks local parts that begin with a dot or contain @ % ! /
or |.
# If you have local accounts that include these characters, you will
have to
# modify this rule.
deny domains = +local_domains
local_parts = ^[.] : [EMAIL PROTECTED]/|]
# The second rule applies to all other domains, and is less strict.
This
# allows your own users to send outgoing messages to sites that use
slashes
# and vertical bars in their local parts. It blocks local parts that
begin
# with a dot, slash, or vertical bar, but allows these characters
within the
# local part. However, the sequence /../ is barred. The use of @ % and
! is
# blocked, as before. The motivation here is to prevent your users (or
# your users' viruses) from mounting certain kinds of attack on remote
sites.
deny domains = !+local_domains
local_parts = ^[./|] : [EMAIL PROTECTED] : ^.*/\\.\\./
########################################################################
#####
# Accept mail to postmaster in any local domain, regardless of the
source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
########################################################################
#####
# There are no checks on DNS "black" lists because the domains that
contain
# these lists are changing all the time. However, here are two
examples of
# how you could get Exim to perform a DNS black list lookup at this
point.
# The first one denies, while the second just warns.
#
# deny message = rejected because $sender_host_address is in
a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
#
# warn message = X-Warning: $sender_host_address is in a
black list at $dnslist_domain
# log_message = found in $dnslist_domain
# dnslists = black.list.example
########################################################################
#####
# Accept if the address is in a local domain, but only if the
recipient can
# be verified. Otherwise deny. The "endpass" line is the border
between
# passing on to the next ACL statement (if tests above it fail) or
denying
# access (if tests below it fail).
accept domains = +local_domains
endpass
verify = recipient
# Accept if the address is in a domain for which we are relaying, but
again,
# only if the recipient can be verified.
accept domains = +relay_to_domains
endpass
verify = recipient
# If control reaches this point, the domain is neither in
+local_domains
# nor in +relay_to_domains.
# Accept if the message comes from one of the hosts for which we are
an
# outgoing relay. Recipient verification is omitted here, because in
many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should
probably
# add recipient verification here.
accept hosts = +relay_from_hosts
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.
accept authenticated = *
# Reaching the end of the ACL causes a "deny", but we might as well
give
# an explicit message.
deny message = relay not permitted
.ifdef EXISCAN_MODULE
# This access control list is used for content scanning with the
exiscan-acl
# patch. You must also uncomment the entry for acl_smtp_data (scroll
up),
# otherwise the ACL will not be used.
acl_check_content:
accept hosts = +relay_from_hosts
accept authenticated = *
# Include the site content ACL definitions
.include /etc/xams/exim-content-acl.conf
# finally accept all the rest
accept
.endif
begin routers
.ifdef MAILSCANNER_INCOMING
defer_router:
driver = redirect
allow_defer
data = :defer: All deliveries are deferred
verify = false
.endif
.include /etc/xams/exim-routers.conf
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
begin transports
.include /etc/xams/exim-transports.conf
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if !eq {} \
{${if eq {} {${domain:$2}} \
{${lookup SQL_AUTH_UNIQUE_PLAIN{1}}} \
{${lookup SQL_AUTH_PLAIN{1}}} \
}} \
{yes}{no} \
}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if !eq {} \
{${if eq {} {${domain:$1}} \
{${lookup SQL_AUTH_UNIQUE_LOGIN{1}}} \
{${lookup SQL_AUTH_LOGIN{1}}} \
}} \
{yes}{no} \
}
server_set_id = $1
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
