PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Frozen-Messages



Der Pate
18.05.07, 15:39
Hallo zusammen!

Folgende Frage: hab nen Mail-Server mit exim4 laufen, der wunderbar funktioniert. Eines stört mich allerdings: ich habe sehr viele Frozen-messages, die einen leeren Sender haben und keinen Empfänger, den der Server verwalten sollte.

Anscheinend habe ich irgendwelche falschen Einstellungen bei den ACLs, denn solche Nachrichten sollten ja erst gar nicht angenommen werden, oder?

So sieht die ACL-Section aus:


begin acl

acl_whitelist_local_deny:
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}

.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif

acl_check_mail:
.ifdef CHECK_MAIL_HELO_ISSUED
deny
message = no HELO given before MAIL command
condition = ${if def:sender_helo_name {no}{yes}}
.endif

accept

acl_check_rcpt:

accept
hosts = :

.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif



.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif

accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains

accept
domains = +local_domains
message = Incoming Mail for Local Mailbox
endpass
verify = recipient
message = Incoming Mail for Unknown local mailbox

.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_whitelist_local_deny
!verify = sender
.endif

deny
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout

accept
hosts = +relay_from_hosts
control = submission/sender_retain

accept
authenticated = *
control = submission/sender_retain

require
message = relay not permitted
domains = +local_domains : +relay_to_domains

require
verify = recipient

deny
!acl = acl_whitelist_local_deny
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout

deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}

deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_whitelist_local_deny
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}

.ifdef CHECK_RCPT_REVERSE_DNS
warn
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
condition = ${if and{{def:sender_host_address}{!def:sender_host_nam e}}\
{yes}{no}}
.endif

.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
log_message = SPF check failed.
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}

warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}

warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
{pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif

.ifdef CHECK_RCPT_IP_DNSBLS
warn
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif

.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
.endif

.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif

accept
domains = +relay_to_domains
endpass
verify = recipient

accept

acl_check_data:

.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_whitelist_local_deny
!verify = header_syntax
.endif

.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_whitelist_local_deny
!verify = header_sender
.endif

.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif

accept



Hab das so gelassen, sind die abschließenden accepts dafür verantwortlich?

Und noch eine Frage: mir wird aus der exim-Doku der Prozeß noch nicht so ganz klar: die Authentication brauch ich, damit meine Benutzer Mails verschicken können, aber das läuft ja über SMTP. Warum brauche ich diesen Abschnutt überhaupt, denn Mails müssen ja von überall her empfangen werden können, immerhin meldet sich ja z.B. Web.de nicht bei mir mit Kennwort an?

Danke im voraus

Der Pate
21.05.07, 07:26
Niemand ne Idee oder nen Tipp?