The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ACL RULE LIST (more needed!!)

Discussion in 'General Discussion' started by bsasninja, Apr 23, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Here is my ACL list for Exim, I would like to share it and also I would like those who have more ACL rules not listed here to post them in this thread.
    Even if someone knows or made an undocumented/working acl.
    I would like to know if anyone figured out how to prevent relay in ACL from addresses not listed at localdomains. For example someone relaying using our smtp server with a hotmail address (forged), and give him a 550 administrative prohibition or something like that.

    ACL rules are very handy, they saves us a lot of bandwidth before the mail enters the server.

    Here are the rules Im using (UPDATED April 25 2007)


    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :

    deny local_parts = ^.*[@%!/|] : ^\\.
    message = I`ve never seen @, %, !, / or | in an e-mail. Neither should you!

    deny message = Only one recipient accepted for NULL sender
    senders = :
    condition = ${if>{$rcpt_count}{1}{1}}

    deny message = HELO/EHLO with my ip address. You are not me.
    log_message = HELO/EHLO my.ip
    condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}

    deny message = Polite hosts say HELO first. Please see RFC 2821 section 4.1.1.1
    log_message = Bad HELO: Empty HELO
    condition = ${if eq{$sender_helo_name}{}}

    deny message = RFC 1918 IP address in HELO.
    log_message = RFC 1918 IP address
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^(\[)?(10\.[0-9]{1,3}|172\.(1[6-9]|2[0-9]|31)|192\.168)\.[0-9]{1,3}\.[0-9]{1
    ,3}(\])?$\N}{yes}{no}}

    deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC standa
    rds.
    log_message = Forged HELO as local domain
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}

    deny message = Hacked HELO: you are not $sender_helo_name
    log_message = Hacked HELO
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
    condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}

    deny message = $sender_helo_name is a silly HELO
    log_message = Silly HELO
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^(127\.0\.0\.1|localhost(\.localdomain)?)$\N}{yes}{no}}

    deny message = Underscores are not allowed in hostnames
    log_message = Underscore in hostname
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N.*_.*\N}{yes}{no}}

    deny message = Hacked HELO: you are not $sender_helo_name
    log_message = Hacked HELO: constructed by viruses (random)
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{smtp}{no}{yes}}
    condition = ${if match {$sender_helo_name}{\N^[a-z0-9]+\.[a-z]+$\N}}
    condition = ${if match {$sender_helo_name}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}

    deny message = Faked Yahoo.com address, so you must be spam.
    senders = *@yahoo.com:*@yahoo.es:*@yahoo.com.ar:*yahoo.com.br:*@yahoo.it:*@yahoo.co.uk:*@yahoo.ca:*@yahoo.fr
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    deny message = Faked Hotmail.com address, so you must be spam.
    senders = *@hotmail.com
    condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}

    deny message = Faked MSN.com address, so you must be spam.
    senders = *@msn.com
    condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}

    deny message = Faked AOL.com address, so you must be spam.
    senders = *@aol.com
    condition = ${if match {$sender_host_name}{\Naol.com$\N}{no}{yes}}

    deny message = Faked Gmail.com address, so you must be spam.
    senders = *@gmail.com
    condition = ${if match {$sender_host_name}{\N(google|gmail).com$\N}{no}{yes}}

    deny message = Faked Mail.ru address, so you must be spam.
    senders = *@mail.ru
    condition = ${if match {$sender_host_name}{\Nmail.ru$\N}{no}{yes}}

    deny message = Faked Fibertel.com.ar address, so you must be spam.
    senders = *@fibertel.com.ar
    condition = ${if match {$sender_host_name}{\Nfibertel.com.ar$\N}{no}{yes}}

    deny message = Faked Ciudad.com.ar address, so you must be spam.
    senders = *@ciudad.com.ar
    condition = ${if match {$sender_host_name}{\N(ciudad|prima).com.ar$\N}{no}{yes}}

    deny message = Faked Argentina.com address, so you must be spam.
    senders = *@argentina.com
    condition = ${if match {$sender_host_name}{\Nargentina.com$\N}{no}{yes}}

    deny message = Faked Excite.com address, so you must be spam.
    senders = *@excite.com
    condition = ${if match {$sender_host_name}{\Nexcite.com$\N}{no}{yes}}

    deny message = Faked Mixmail.com address, so you must be spam.
    senders = *@mixmail.com
    condition = ${if match {$sender_host_name}{\Nmixmail.com$\N}{no}{yes}}

    deny message = Faked Latinmail.com address, so you must be spam.
    senders = *@latinmail.com
    condition = ${if match {$sender_host_name}{\Nlatinmail.com$\N}{no}{yes}}

    deny message = Faked Arnet.com.ar address, so you must be spam.
    senders = *@arnet.com.ar
    condition = ${if match {$sender_host_name}{\Narnet.com.ar$\N}{no}{yes}}

    deny message = Faked Microsoft.com address, so you must be spam.
    senders = *@microsoft.com
    condition = ${if match {$sender_host_name}{\Nmicrosoft.com$\N}{no}{yes}}

    deny message = Faked Wanadoo.com address, so you must be spam.
    senders = *@wanadoo.com
    condition = ${if match {$sender_host_name}{\Nwanadoo.com$\N}{no}{yes}}

    deny message = Faked Mail.com address, so you must be spam.
    senders = *@mail.com
    condition = ${if match {$sender_host_name}{\N(mail|outblaze).com$\N}{no}{yes}}

    deny message = Faked Hotpop.com address, so you must be spam.
    senders = *@hotpop.com
    condition = ${if match {$sender_host_name}{\Nhotpop.com$\N}{no}{yes}}

    deny message = Faked Mac.com address, so you must be spam.
    senders = *@mac.com
    condition = ${if match {$sender_host_name}{\Nmac.com$\N}{no}{yes}}

    deny message = Faked Net.il address, so you must be spam.
    senders = *@net.il
    condition = ${if match {$sender_host_name}{\Nnet.il$\N}{no}{yes}}

    deny message = Faked Walla.com address, so you must be spam.
    senders = *@walla.com
    condition = ${if match {$sender_host_name}{\Nwalla.com$\N}{no}{yes}}

    deny message = Faked Topmail.com.ar address, so you must be spam.
    senders = *@topmail.com.ar
    condition = ${if match {$sender_host_name}{\Ntopmail.com.ar$\N}{no}{yes}}

    deny message = Faked Tutopia.com address, so you must be spam.
    senders = *@tutopia.com
    condition = ${if match {$sender_host_name}{\Ntutopia.com$\N}{no}{yes}}

    deny message = Faked Uyuyuy.com address, so you must be spam.
    senders = *@uyuyuy.com
    condition = ${if match {$sender_host_name}{\Nuyuyuy.com$\N}{no}{yes}}



    Enjoy!

    Ps: where appears {y es} in fact is {yes}. Until you apply any changes, check that there is not other space somewhere. The space between y and e is caused by the forum.
     
    #1 bsasninja, Apr 23, 2007
    Last edited: Apr 25, 2007
  2. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Doubt

    Im using this ACL to block faked emails comming from @yahoo.com, @yahoo.com.ar and @yahoo.com.br

    Is there a way at senders = to put all the address there and not repeating a separate rule for each one?

    deny message = Faked Yahoo, so you must be spam.
    log_message = Faked Yahoo
    senders = *@yahoo.com
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    deny message = Faked Yahoo.com.ar, so you must be spam.
    log_message = Faked Yahoo
    senders = *@yahoo.com
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    deny message = Faked Yahoo.com.br, so you must be spam.
    log_message = Faked Yahoo
    senders = *@yahoo.com
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    Thanks.
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    All those look to do the same thing to me? :confused: See if this will work (not tested):

    Code:
    deny condition = ${if match {$sender_host_name}{\Nyahoo\.com(\.br|\.ar)?$\N}/
                      {no}{yes}}
      senders = *@yahoo.com:*@yahoo.com.br:*@yahoo.com.ar
      message = Faked Yahoo sender information, you're spam
      log_message = Faked Yahoo sender information, you're spam
    
     
  4. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Yes is working using senders = *@yahoo.com:*@yahoo.es:*@yahoo.com.br and so on.

    Anyways all yahoo servers are xxxx.yahoo.com so there is no need of setting yahoo.com.br, yahoo.es or whatever at the condition rule.

    Is rejecting trash like hell !!

    Thanks!
     
  5. CoolMike

    CoolMike Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    307
    Likes Received:
    0
    Trophy Points:
    16
    Where do you add this rules in exim? Can I use the exim configuration editor in WHM?

    Michael
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    NICE!! Love to hear it when the spam gets trashed! :D


    Yes, always add configuration changes through the WHM editor so that upgrades don't overwrite your changes. :)
     
  7. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    more!

    Anyone is using other ACL not listed here? Would be great to do an updated acl ruleset.

    Im wondering these ones:

    1) Some ACL that rejects inexistent addresses or check quota at smtp-time. (with no addons or scripts as I saw somewhere, just ACL as the above)
    Ej: xjiofuxjv@hotmail.com sends mails to user@domaim.com at your server. Mailbox is full and the bounce goes back to xjiofuxjv@hotmail.com. As it doesnt exists it get stuck in you queue.

    2) How do I know if I have exiscan? My cpanel server at the service status says exim (exim-4.63-1_cpanel_maildir) as default by cpanel setup. And how do I activate it?

    3) ClamAv kicks viruses at smtp time?

    Thanks
     
  8. CoolMike

    CoolMike Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    307
    Likes Received:
    0
    Trophy Points:
    16
    And in which box should I add it?
     
  9. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    You have to put them in the second box right after begin acl.

    By the way I´m wondering of a good rule to block _@domain.com addresses.
    I´ve seen a lot of trash with emails begining with underscores.

    I tried to make the rule but I cant hit the right condition if anyone could help.

    deny message = Underscore in e-mail. Get out of here.
    senders = _@*
    condition = ?????

    Thanks
     
  10. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    started to answer, got a phone call and bsasninja answered while I on the phone :)
     
    #10 mctDarren, Apr 26, 2007
    Last edited: Apr 26, 2007
  11. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    :D I earn you some time in writting serversphere.

    By the way do you know how we could block _@ addresses ?

    Cant write the condition :confused:

    I dont know if this one is right

    deny message = Underscore in e-mail. Get out of here.
    senders = _@*
    condition = ${if match {$sender_host_address}{_}{no}{yes}}
     
    #11 bsasninja, Apr 26, 2007
    Last edited: Apr 26, 2007
  12. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    ACL Whitelist

    I´ve some customers that dont want ACL control in their domains?
    Is there a way to put the domains in a whitelist that jumps the acl control? For example in the following rule How can I apply it?

    deny message = Faked Yahoo.com.br, so you must be spam.
    log_message = Faked Yahoo
    senders = *@yahoo.com
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    Thanks
     
  13. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    anyone has a solution for this ? I use the following in the last box in whm exim configurator.

    However still the mails are stuck in the mailqueue which should have been bounced back.

    Anyone has any ideas on resolving this ?
     
  14. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    won't this block mails from genuine mail servers of yahoo, gmail etc ?
     
  15. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    nope, cause it checks the mx servers of them.

    Give it a try!
     
  16. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Thx. Just about the time of your response, i figured out how wrong i was in thinking it would reject genuine mails.
     
  17. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    any clue about the problem i posted about the dis quota users mail stuck in the mailqueue ? I checked the exim.conf for the setting, even though its there, exim will accept mails for users whose disk quota is full and then those mails will be stuck in the mail queue (since the sender from address is invalid/ spam)
     
  18. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Yes, these ACLs, block legit mail from Yahoo, gmail, MSN/hotmail, etc:

    Code:
    deny message = Faked DOMAIN.TLD address, so you must be spam.
    senders = *@DOMAIN.TLD
    condition = ${if match {$sender_host_name}{\NDOMAIN.TLD$\N}{no}{yes}}
     
  19. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    No it wont cause as the rule says, it verify that the domain.tld equals the hostname.

    Hotmail servers are all hotmail.com so all mails @hotmail.com, coming from hotmail.com servers will be accepted.

    It will refuse goofy users that setup a hotmail.com address in their outlook and send emails over the isp smtp for example. In that case hostname will be not the same as @hotmail.com so it will be refused.

    Bye.
     
  20. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Please support this claim. How does legit mail get blocked by this rule?
     
Loading...

Share This Page