Please check my Exim ACL 's (r they ok?)

SubZero

Well-Known Member
Apr 21, 2005
100
0
166
Balmumcu, Istanbul, TR
Can anybody check my Exim ACL 's and tell me if it is okay? I feel they are messed up just a little bit.. :(
Code:
check_recipient:
  accept  hosts           = :
 
  accept  condition       = ${if eq{$interface_port}{587}{yes}{no}}
          endpass
          message         = SMTP authentication required for access on port 587
          authenticated   = *

  deny    delay           = 5s
          message         = IP address ($sender_helo_name) is not an allowed HELO string
          condition       = ${if isip {$sender_helo_name}}
          log_message     = HELO string $sender_helo_name denied from $sender_host_address

  deny    !sender_domains = lsearch;/etc/localdomains
          !senders        = @@lsearch;/etc/localsenders
          !hosts          = +relay_hosts
          !hosts          = /etc/exim_rbl_whitelist
          !authenticated  = *
          delay           = 5s
          message         = rejected because $sender_host_address in a black list at \
                            $dnslist_domain\n$dnslist_text
          dnslists        = sbl-xbl.spamhaus.org : list.dsbl.org : dnsbl.ahbl.org : \
                            relays.ordb.org : bl.spamcop.net

  drop    hosts           = /etc/exim_deny
          !hosts          = /etc/exim_deny_whitelist
          delay           = 5s
          message         = Connection denied for 1 hour after dictionary attack
          log_message     = Connection denied from $sender_host_address after dictionary attack

  drop    !verify         = recipient
          !hosts          = /etc/exim_deny_whitelist
          delay           = 5s
          message         = Appears to be a dictionary attack
          log_message     = Dictionary attack (after $rcpt_fail_count failures)
          condition       = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
          condition       = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}

  # Accept bounces to lists even if callbacks or other checks would fail
  warn    message         = X-WhitelistedRCPT-nohdrfromcallback: Yes
          condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                            {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}{yes}{no}}

  accept  condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                            {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}{yes}{no}}

  warn    message         = X-WhitelistedRCPT-nohdrfromcallback: Yes
          condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                            {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}}{yes}{no}}

  accept  condition       = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                            {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}}{yes}{no}}

  #if it gets here it isn't mailman

  #sender verifications are required for all messages that are not sent to lists
  #recipient verifications are required for all messages that are not sent to the local machine
  #this was done at multiple users requests

  require verify          = sender
  accept  domains         = +local_domains
          endpass
          message         = Please check all recipients of this message to verify they are valid.
          verify          = recipient

  accept  domains         = +relay_domains

  warn    message         = ${perl{popbeforesmtpwarn}{$sender_host_name}}
          hosts           = +relay_hosts
  accept  hosts           = +relay_hosts
                                                                                
  warn    message         = ${perl{popbeforesmtpwarn}{$sender_host_address}}
          condition       = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition       = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts           = +auth_relay_hosts
          endpass
          message         = $sender_fullhost is currently not permitted to relay. Please enable SMTP Authentication in your email client.
          authenticated   = *

  deny    delay           = 10s
          message         = $sender_fullhost is currently not permitted to relay. Please enable SMTP Authentication in your email client.

#!!# ACL that is used after the DATA command
check_message:
  require verify = header_sender
  ######## EXISCAN ACL #########
  deny
          delay           = 10s
          message         = This message contains malware ($malware_name).
          malware         = *
  deny
          delay           = 1s
          message         = No $found_extension attachments are allowed here. Resend them in ZIP or RAR files.
          demime          = ade:adp:bas:bat:cmd:com:cpl:crt:hta:lnk:pif:prf:scr:url:vbs:vbe:wsh:wsc
  warn    message = X-Antivirus: Clear (${readsocket{/var/clamd}{VERSION}{2s}{}{Clam AntiVirus Scanner 0.87.1}})
  ######## EXISCAN ACL #########
  accept
PS: Using:
Code:
av_scanner                = clamd:/var/clamd
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
Using delays in ACL's is generally a very bad idea. It only takes a single simply attack to render your SMTP server unusable.
 

SubZero

Well-Known Member
Apr 21, 2005
100
0
166
Balmumcu, Istanbul, TR
Hmm sounds okay... delays removed... :(

what about the rest? :)