The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please check my Exim ACL 's (r they ok?)

Discussion in 'General Discussion' started by SubZero, Nov 14, 2005.

  1. SubZero

    SubZero Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Balmumcu, Istanbul, TR
    Can anybody check my Exim ACL 's and tell me if it is okay? I feel they are messed up just a little bit.. :(
    Code:
    check_recipient:
      accept  hosts           = :
     
      accept  condition       = ${if eq{$interface_port}{587}{yes}{no}}
              endpass
              message         = SMTP authentication required for access on port 587
              authenticated   = *
    
      deny    delay           = 5s
              message         = IP address ($sender_helo_name) is not an allowed HELO string
              condition       = ${if isip {$sender_helo_name}}
              log_message     = HELO string $sender_helo_name denied from $sender_host_address
    
      deny    !sender_domains = lsearch;/etc/localdomains
              !senders        = @@lsearch;/etc/localsenders
              !hosts          = +relay_hosts
              !hosts          = /etc/exim_rbl_whitelist
              !authenticated  = *
              delay           = 5s
              message         = rejected because $sender_host_address in a black list at \
                                $dnslist_domain\n$dnslist_text
              dnslists        = sbl-xbl.spamhaus.org : list.dsbl.org : dnsbl.ahbl.org : \
                                relays.ordb.org : bl.spamcop.net
    
      drop    hosts           = /etc/exim_deny
              !hosts          = /etc/exim_deny_whitelist
              delay           = 5s
              message         = Connection denied for 1 hour after dictionary attack
              log_message     = Connection denied from $sender_host_address after dictionary attack
    
      drop    !verify         = recipient
              !hosts          = /etc/exim_deny_whitelist
              delay           = 5s
              message         = Appears to be a dictionary attack
              log_message     = Dictionary attack (after $rcpt_fail_count failures)
              condition       = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
              condition       = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
    
      # Accept bounces to lists even if callbacks or other checks would fail
      warn    message         = X-WhitelistedRCPT-nohdrfromcallback: Yes
              condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                                {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}{yes}{no}}
    
      accept  condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                                {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}{yes}{no}}
    
      warn    message         = X-WhitelistedRCPT-nohdrfromcallback: Yes
              condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                                {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}}{yes}{no}}
    
      accept  condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                                {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}}{yes}{no}}
    
      #if it gets here it isn't mailman
    
      #sender verifications are required for all messages that are not sent to lists
      #recipient verifications are required for all messages that are not sent to the local machine
      #this was done at multiple users requests
    
      require verify          = sender
      accept  domains         = +local_domains
              endpass
              message         = Please check all recipients of this message to verify they are valid.
              verify          = recipient
    
      accept  domains         = +relay_domains
    
      warn    message         = ${perl{popbeforesmtpwarn}{$sender_host_name}}
              hosts           = +relay_hosts
      accept  hosts           = +relay_hosts
                                                                                    
      warn    message         = ${perl{popbeforesmtpwarn}{$sender_host_address}}
              condition       = ${perl{checkrelayhost}{$sender_host_address}}
      accept  condition       = ${perl{checkrelayhost}{$sender_host_address}}
    
      accept  hosts           = +auth_relay_hosts
              endpass
              message         = $sender_fullhost is currently not permitted to relay. Please enable SMTP Authentication in your email client.
              authenticated   = *
    
      deny    delay           = 10s
              message         = $sender_fullhost is currently not permitted to relay. Please enable SMTP Authentication in your email client.
    
    #!!# ACL that is used after the DATA command
    check_message:
      require verify = header_sender
      ######## EXISCAN ACL #########
      deny
              delay           = 10s
              message         = This message contains malware ($malware_name).
              malware         = *
      deny
              delay           = 1s
              message         = No $found_extension attachments are allowed here. Resend them in ZIP or RAR files.
              demime          = ade:adp:bas:bat:cmd:com:cpl:crt:hta:lnk:pif:prf:scr:url:vbs:vbe:wsh:wsc
      warn    message = X-Antivirus: Clear (${readsocket{/var/clamd}{VERSION}{2s}{}{Clam AntiVirus Scanner 0.87.1}})
      ######## EXISCAN ACL #########
      accept
    PS: Using:
    Code:
    av_scanner                = clamd:/var/clamd
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Using delays in ACL's is generally a very bad idea. It only takes a single simply attack to render your SMTP server unusable.
     
  3. SubZero

    SubZero Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Balmumcu, Istanbul, TR
    Hmm sounds okay... delays removed... :(

    what about the rest? :)
     
  4. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    156
    What makes you feel they're messed up?
     
Loading...

Share This Page