Exim на FreeBSD

Попросил меня товарищ настроить ему почту на домашнем роутере с FreeBSD и я решил поставиь EXIM.

Exim — это агент пересылки сообщений, используемый на операционных системах семейства Unix.

На FreeBSD exim устанавливается предельно просто, начнем:

# cd /usr/ports/mail/exim
# make config && make install clean

Выбрал такие дополнительные пункты, помимо того что уже по умолчанию:
|x| CONTENT_SCAN
|x| MYSQL
|x| SASLAUTHD
|x| OPENLDAP
|x| AUTH_SASL

После установки exim, ставим антивирус clamav:

# cd /usr/ports/security/clamav
# make install clean

Далее правим /etc/mail/mailer.conf и доводим до вида:

sendmail         /usr/local/sbin/exim
send-mail       /usr/local/sbin/exim
mailq          /usr/local/sbin/exim -bp
newaliases     /usr/local/sbin/exim -bi
hoststat        /usr/local/sbin/exim
purgestat      /usr/local/sbin/exim

Подготовительные работы закончены, приступаем к самому интересному — конфигурирование файла конфигурации exima:

# cat /usr/local/etc/exim/configure | grep -v '#'
primary_hostname = mail.domain.pp.ua
domainlist local_domains = @
domainlist relay_to_domains =
hostlist   relay_from_hosts = localhost:127.0.0.0/8:10.10.1.0/24
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd
qualify_domain = mail.domain.pp.ua
qualify_recipient = mail.domain.pp.ua
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d
helo_accept_junk_hosts = 10.10.1.0/24
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP EXIM $version_number"
smtp_accept_max = 50
smtp_accept_max_per_connection = 25
smtp_connect_backlog = 30
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector = \
    +all_parents \
    +connection_reject \
    +incoming_interface \
    +lost_incoming_connection \
    +received_sender \
    +received_recipients \
    +smtp_confirmation \
    +smtp_syntax_error \
    +smtp_protocol_error \
    -queue_run
syslog_timestamp = no
begin acl
acl_check_rcpt:
accept  hosts = :
deny    message       = "incorrect symbol in address"
        domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]
deny    message       = "incorrect symbol in address"
        domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept  local_parts   = postmaster
        domains       = +local_domains
deny    message       = "HELO/EHLO require by SMTP RFC"
        condition     = ${if eq{$sender_helo_name}{}{yes}{no}}
accept  authenticated = *		
deny    message       = "Your IP in HELO - access denied!"
        hosts         =  * : !+relay_from_hosts : !81-196.adsl.com
        condition     = ${if eq{$sender_helo_name}\
						{$sender_host_address}{true}{false}}
deny    condition     = ${if eq{$sender_helo_name}\
						{$interface_address}{yes}{no}}
        hosts         = !127.0.0.1 : !localhost : *
        message       = "main IP in your HELO! Access denied!"
deny    condition     = ${if match{$sender_helo_name}\
						{\N^\d+$\N}{yes}{no}}
        hosts         = !127.0.0.1 : !localhost : *
        message       = "can not be only number in HELO!"
deny    message       = "your hostname is bad (adsl, poll, ppp & etc)."
        condition     = ${if match{$sender_host_name} \
                        {adsl|dialup|pool|peer|dhcp} \
                        {yes}{no}}		  
warn
        set acl_m0 = 30s
  warn
        hosts = +relay_from_hosts:80.15.42.0/24:81.23.17.0/24:10.10.1.0/24
        set acl_m0 = 0s
  warn
        logwrite = Delay $acl_m0 for $sender_host_name \
		[$sender_host_address] with HELO=$sender_helo_name. Mail \
		from $sender_address to $local_part@$domain.
        delay = $acl_m0
accept  domains       = +local_domains
        endpass
        message       = "In my mailserver not stored this user"
        verify        = recipient	
accept  domains       = +relay_to_domains
        endpass
        message       = "main server not know how relay to this address"
        verify        = recipient
deny    message       = "you in blacklist - $dnslist_domain --> $dnslist_text"
        dnslists      = opm.blitzed.org : \
                        cbl.abuseat.org
 
accept  hosts         = +relay_from_hosts
deny    message       = "relay not permitted"						  
 
acl_check_data:
deny malware = *
message = "In e-mail found VIRUS - $malware_name"
accept
 
begin routers
 
dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more
 
system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  user = mailnull
  group = mail
  file_transport = address_file
  pipe_transport = address_pipe 
 
userforward:
  driver = redirect
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  file = $home/.forward
# allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  condition = ${if exists{$home/.forward} {yes} {no} }
 
localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user
 
begin transports
 
remote_smtp:
  driver = smtp
 
local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  user = $local_part
  mode = 0660
  no_mode_fail_narrower
 
address_pipe:
  driver = pipe
  return_output
 
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
 
address_reply:
  driver = autoreply
 
begin retry 
*                    *       F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
 
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
  server_set_id = $2
 
login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
  server_set_id = $1
 
#cram_md5:
#  driver = cram_md5
#  public_name = CRAM-MD5
#  server_secret = "тут кондишен :)"
#  server_set_id = $1

После того как закончили с кофигом, переходим к консоли, грохаем sendmail и переезжаем на exim:

# echo 'exim_enable="YES"' >> /etc/rc.conf
# killall -9 sendmail
# killall -9 sendmail
No matching processes were found
# echo 'saslauthd_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/saslauthd start
# /usr/local/etc/rc.d/exim start
WARNING: sendmail_submit_enable should be set to NO Starting exim.
# echo 'sendmail_enable="NONE"' >>  /etc/rc.conf
# /usr/local/etc/rc.d/exim restart
Stopping exim.
Starting exim.
# ps -axj | grep exim
817  ??  Is     0:07.18 /usr/local/sbin/exim -bd -q30m (exim-4.68-0)
832  p1  S+     0:00.01 grep exim
# sockstat | grep exim
mailnull exim-4.68- 817   4  tcp4   *:25                  *:*
# sockstat | grep sasl
root     saslauthd  829 2  dgram  -> /var/run/logpriv
root     saslauthd  829 4  stream /var/run/saslauthd/mux
..............

Самое время запустить антивирус:

# echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
# echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/clamav-clamd start
Starting clamav_clamd.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
LibClamAV Warning: **************************************************
# /usr/local/etc/rc.d/clamav-freshclam  start
Starting clamav_freshclam.

Со стандартным конфигом exima покончено. Почта заработала и товарищ остался доволен как слон 😉

Напоминаю всем копирующим мой контент о существовании закона "Об авторском праве".
В связи с этим, прошу во избежании конфликтов при копировании данного материала, ставить на него ссылку:

http://noted.org.ua/?p=822


Также, вы можете отблагодарить меня переслав любую сумму на любой кошелек WebMoney, для поддержания данного ресурса. Или просто админу на пиво ;)

Кошельки для получения благодарности:
R386985788805
U234140473141
Z147712360455

На данной странице нет комментариев, возможно они закрыты. Если Вы хотите оставить свой комментарий, перейдите на специально созданный раздел

Add your comment now

You must be logged in to post a comment.