URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 79195
[ Назад ]

Исходное сообщение
"Помогите побороть червя на debian+exim4+drweb(maild)"

Отправлено sergio3101 , 12-Мрт-08 12:28 
Ситуация такая, есть в нашем домене адреса (lilia@domain.com, sasha@domain.com, alex@domain.com) при отправке писем на которые (не важно из локальной сети или из внешних почтовых систем) exim4 пытаеться отправить копии этих писем на такие адреса lila_flo@mail.ru, sasha22_80@mail.ru, alex23_50@mail.ru.

Почему я думаю что exim? т.к. не логи работы клиентов ни tcpdump не показали что в диалоге клиента с сервером идут попытки подставить копии получателя в письмо.

Mail.ru наш айпишник давно поставил в бдеклист, поэтому каждый раз при попытке отправить письмо на эти адреса отправитель получает от моего ексима мейделивери о том что mail.ru не может принять этих писем.

==========================================
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

lila_flo@mail.ru
(generated from lilia@domain.com)
SMTP error from remote mail server after RCPT TO:<lila_flo@mail.ru>:
host mxs.mail.ru [194.67.23.20]: 550 Access from ip address xxx.xxx.xxx.xxx blocked. Visit http://win.mail.ru/cgi-bin/support_bl?ip=xxx.xxx.xxx.xxx

------ This is a copy of the message, including all the headers. ------

Return-path: <sergey@domain.com>
Received: from [xxx.xxx.xxx.xxx] (port=10968 helo=sergioni)
by debian.domain.com with smtp (Exim 4.63)
(envelope-from <sergey@domain.com>)
id 1JZMf2-0008Q0-4s
for lilia@domain.com; Wed, 12 Mar 2008 10:50:08 +0200
X-AntiVirus: Checked by Dr.Web [version: 4.33, engine: 4.33.5.10110, virus records: 324067, updated: 11.03.2008]
Message-ID: <010401c8841d$b85bef90$0b01a8c0@domain.com>
From: "=?koi8-r?B?+8XT1M/QwczP1yDzxdLHxco=?=" <sergey@domain.com>
To: =?koi8-r?B?5szP0snO08vB0SDsLu0u?= <lilia@domain.com>
Subject: asd as
Date: Wed, 12 Mar 2008 10:47:31 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0101_01C8842E.78D90630"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

This is a multi-part message in MIME format.

------=_NextPart_000_0101_01C8842E.78D90630
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

adasd
------=_NextPart_000_0101_01C8842E.78D90630
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> adasd </FONT></DIV></BODY></HTML>

------=_NextPart_000_0101_01C8842E.78D90630--
==========================================

В логах ексима есть такие записи:

==========================================
2008-03-12 10:50:08 1JZMf2-0008Q0-4s <= sergey@domain.com H=(sergioni) [192.168.1.11]:10968 I=[xxx.xxx.xxx.xxx]:25 P=smtp S=1544 id=010401c8841d$b85bef90$0b01a8c0@domain.com T="asd as" from <sergey@domain.com> for lilia@domain.com
2008-03-12 10:50:08 cwd=/var/spool/exim4 3 args: /usr/sbin/exim4 -Mc 1JZMf2-0008Q0-4s
2008-03-12 10:50:08 1JZMf2-0008Q0-4s => lilia <lilia@domain.com> F=<sergey@domain.com> P=<sergey@domain.com> R=local_user T=maildir_home S=1664 QT=0s DT=0s
2008-03-12 10:50:08 1JZMf2-0008Q0-4s ** lila_flo@mail.ru <lilia@domain.com> F=<sergey@domain.com> P=<sergey@domain.com> R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<lila_flo@mail.ru>: host mxs.mail.ru [194.67.23.20]: 550 Access from ip address xxx.xxx.xxx.xxx blocked. Visit http://win.mail.ru/cgi-bin/support_bl?ip=xxx.xxx.xxx.xxx
2008-03-12 10:50:08 cwd=/var/spool/exim4 7 args: /usr/sbin/exim4 -t -oem -oi -f <> -E1JZMf2-0008Q0-4s
2008-03-12 10:50:08 1JZMf2-0008QO-KB <= <> R=1JZMf2-0008Q0-4s U=Debian-exim P=local S=2611 T="Mail delivery failed: returning message to sender" from <> for sergey@domain.com
2008-03-12 10:50:08 1JZMf2-0008Q0-4s Completed QT=0s
===============================================

в логах аутлука при отправке письма идет такой диалог:

===============================================
SMTP: 10:47:13 [rx] 221 debian.domain.com closing connection
SMTP: 10:47:36 [rx] 220 debian.domain.com ESMTP Exim 4.63 Wed, 12 Mar 2008 10:50:08 +0200
SMTP: 10:47:36 [tx] HELO sergioni
SMTP: 10:47:36 [rx] 250 debian.domain.com Hello sergioni [xxx.xxx.xxx.xxx]
SMTP: 10:47:36 [tx] MAIL FROM: <sergey@domain.com>
SMTP: 10:47:36 [rx] 250 OK
SMTP: 10:47:36 [tx] RCPT TO: <lilia@domain.com>
SMTP: 10:47:36 [rx] 250 Accepted
SMTP: 10:47:36 [tx] DATA
SMTP: 10:47:36 [rx] 354 Enter message, ending with "." on a line by itself
SMTP: 10:47:36 [tx]
.
SMTP: 10:47:36 [rx] 250 OK id=1JZMf2-0008Q0-4s
SMTP: 10:47:36 [tx] QUIT
SMTP: 10:47:36 [rx] 221 debian.domain.com closing connection
===============================================

т.е. нет никакого адреса lila_flo@mail.ru
и заметте id писем и в на клиенте и на сервере одинаковые


Содержание

Сообщения в этом обсуждении
"Помогите побороть червя на debian+exim4+drweb(maild)"
Отправлено stas , 12-Мрт-08 15:27 
>[оверквотинг удален]
>SMTP: 10:47:36 [tx]
>.
>SMTP: 10:47:36 [rx] 250 OK id=1JZMf2-0008Q0-4s
>SMTP: 10:47:36 [tx] QUIT
>SMTP: 10:47:36 [rx] 221 debian.domain.com closing connection
>===============================================
>
>т.е. нет никакого адреса lila_flo@mail.ru
>и заметте id писем и в на клиенте и на сервере одинаковые
>

А вы конфиг exim не пытались посмотреть на предмет настроенной пересылки для этих
адресов? Здравый смысл говорит, что это на сделать в первую очередь.


"Помогите побороть червя на debian+exim4+drweb(maild)"
Отправлено sergio3101 , 12-Мрт-08 16:04 
>А вы конфиг exim не пытались посмотреть на предмет настроенной пересылки для
>этих
>адресов? Здравый смысл говорит, что это на сделать в первую очередь.

вот конфиг, я там ничего такого ненашел. по этому решил что это вирус.

smtp_accept_max = 1000
smtp_accept_max_per_host = 1000
smtp_accept_max_per_connection = 1000
smtp_accept_queue = 100000
primary_hostname=debian.titanexport.com
auto_thaw=1h
hosts_connection_nolog = 192.168.1.11

exim_path = /usr/sbin/exim4

.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif

.ifndef DC_minimaldns

.endif

.ifndef DC_visiblename
DC_visiblename=titanexport.com
.endif

MAIN_LOCAL_DOMAINS=titanexport.com
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS = @:localhost:titanexport.com
.endif
domainlist local_domains = MAIN_LOCAL_DOMAINS

MAIN_RELAY_TO_DOMAINS = titanexport.com
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS =
.endif
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS

.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS = /etc/exim4/relay-domains : 127.0.0.1 : ::::1
.endif
hostlist relay_from_hosts = MAIN_RELAY_NETS

.ifdef DC_visiblename
qualify_domain = DC_visiblename
.endif

.ifndef DCreadhost
DCreadhost =
.endif

.ifndef DCsmarthost
DCsmarthost =
.endif

.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.else
local_interfaces = 192.168.1.1:194.165.62.9:192.169.0.100
.endif

.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=maildir_home
.endif

gecos_pattern = ^([^,:]*)
gecos_name = $1

.ifndef DCconfig_satellite
.ifndef DCconfig_internet
.ifndef DCconfig_local
.ifndef DCconfig_smarthost
DCconfig_internet = 1
.endif
.endif
.endif
.endif

.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif

.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif

.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif

.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL

.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT

.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA

MESSAGE_SIZE_LIMIT = 15M
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif

.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif

rfc1413_hosts = *
rfc1413_query_timeout = 0s

.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif

.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER

MAIN_TIMEOUT_FROZEN_AFTER = 2d
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER

.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL =
.endif
freeze_tell = MAIN_FREEZE_TELL

.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR

.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = drweb
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif

.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS

.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif

.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
                                    {/etc/ssl/certs/ca-certificates.crt}\
                                    {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES

.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
tls_verify_hosts = 192.168.0.0/20

.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

.endif

MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all

.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif

begin acl

acl_whitelist_local_deny:
  accept
    hosts = ${if exists{CONFDIR/local_host_whitelist}\
                 {CONFDIR/local_host_whitelist}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/local_sender_whitelist}\
                   {CONFDIR/local_sender_whitelist}\
                   {}}

  .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .endif

acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif

  accept

acl_check_rcpt:

  accept
    hosts = :

  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
  deny
    domains = +local_domains
    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
    message = restricted characters in address
  .endif

  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
  deny
    domains = !+local_domains
    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
    message = restricted characters in address
  .endif

  accept
    .ifndef CHECK_RCPT_POSTMASTER
    local_parts = postmaster
    .else
    local_parts = CHECK_RCPT_POSTMASTER
    .endif
    domains = +local_domains : +relay_to_domains

  .ifdef CHECK_RCPT_VERIFY_SENDER
  deny
    message = Sender verification failed
    !acl = acl_whitelist_local_deny
    !verify = sender
  .endif

  deny
    !acl = acl_whitelist_local_deny
    senders = ${if exists{CONFDIR/local_sender_callout}\
                         {CONFDIR/local_sender_callout}\
                   {}}
    !verify = sender/callout

  accept
    hosts = +relay_from_hosts
    control = submission/sender_retain

  accept
    authenticated = *
    control = submission/sender_retain

  require
    message = relay not permitted
    domains = +local_domains : +relay_to_domains

  require
    verify = recipient

  deny
    !acl = acl_whitelist_local_deny
    recipients = ${if exists{CONFDIR/local_rcpt_callout}\
                            {CONFDIR/local_rcpt_callout}\
                      {}}
    !verify = recipient/callout

  deny
    message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_whitelist_local_deny
    senders = ${if exists{CONFDIR/local_sender_blacklist}\
                   {CONFDIR/local_sender_blacklist}\
                   {}}

  deny
    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_whitelist_local_deny
    hosts = ${if exists{CONFDIR/local_host_blacklist}\
                 {CONFDIR/local_host_blacklist}\
                 {}}

  .ifdef CHECK_RCPT_REVERSE_DNS
  warn
    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
                      {yes}{no}}
  .endif

  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
              Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
    log_message = SPF check failed.
    condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
                     {no}{${if eq {$runrc}{1}{yes}{no}}}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}

  warn
    message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
                                 {${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}

  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}

  warn
    message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
                                {pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
                                {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}
  .endif

  .ifdef CHECK_RCPT_IP_DNSBLS
  warn
    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    dnslists = CHECK_RCPT_IP_DNSBLS
  .endif

  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
  warn
    message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                    {CONFDIR/local_domain_dnsbl_whitelist}\
                    {}}
    dnslists = CHECK_RCPT_DOMAIN_DNSBLS
  .endif

  .ifdef CHECK_RCPT_LOCAL_ACL_FILE
  .include CHECK_RCPT_LOCAL_ACL_FILE
  .endif

  accept
    domains = +relay_to_domains
    endpass
    verify = recipient

    deny

acl_check_data:

  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_whitelist_local_deny
    !verify = header_syntax
  .endif

  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_whitelist_local_deny
    !verify = header_sender
  .endif

  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif

  accept

begin routers
drweb_router:
driver = accept
condition = "${if eq {$received_protocol}{drweb-scanned}{0}{1}}"
retry_use_local_part
transport = drweb_transport

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
  debug_print = "R: domain_literal for $local_part@$domain"
  driver = ipliteral
  domains = ! +local_domains
  transport = remote_smtp
.endif

hubbed_hosts:
  debug_print = "R: hubbed_hosts for $domain"
  driver = manualroute
  domains = "${if exists{CONFDIR/hubbed_hosts}\
                   {partial-lsearch;CONFDIR/hubbed_hosts}\
              fail}"
  same_domain_copy_routing = yes
  route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
  transport = remote_smtp

archive_all:
  driver = accept
  transport = tr_archive_all
  condition = "${if > {${strlen:$header_Auto-Submitted:}}{1}}"
  unseen = yes

.ifdef DCconfig_internet

dnslookup_relay_to_domains:
  debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains : +relay_to_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  no_more

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
                        255.255.255.255
  no_more

.endif

.ifdef DCconfig_local
nonlocal:
  debug_print = "R: nonlocal for $local_part@$domain"
  driver = redirect
  domains = ! +local_domains
  allow_fail
  data = :fail: Mailing to remote domains not supported
  no_more

.endif

.ifdef DCconfig_smarthost DCconfig_satellite

smarthost:
  debug_print = "R: smarthost for $local_part@$domain"
  driver = manualroute
  domains = ! +local_domains
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = defer
  same_domain_copy_routing = yes
  no_more

.endif

real_local:
  debug_print = "R: real_local for $local_part@$domain"
  driver = accept
  domains = +local_domains
  local_part_prefix = real-
  check_local_user
  transport = LOCAL_DELIVERY

system_aliases:
  debug_print = "R: system_aliases for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  .ifdef SYSTEM_ALIASES_USER
  user = SYSTEM_ALIASES_USER
  .endif
  .ifdef SYSTEM_ALIASES_GROUP
  group = SYSTEM_ALIASES_GROUP
  .endif
  .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
  file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
  pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  .endif

.ifdef DCconfig_satellite
hub_user:
  debug_print = "R: hub_user for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = ${local_part}@DCreadhost
  check_local_user

hub_user_smarthost:
  debug_print = "R: hub_user_smarthost for $local_part@$domain"
  driver = manualroute
  domains = DCreadhost
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = defer
  same_domain_copy_routing = yes
  check_local_user
.endif

userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  check_local_user
  file = $home/.forward
  require_files = $local_part:$home/.forward
  no_verify
  no_expn
  check_ancestor
  allow_filter
  forbid_smtp_code = true
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.

procmail:
  debug_print = "R: procmail for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = procmail_pipe
  require_files = ${local_part}:\
                  ${if exists{/etc/procmailrc}\
                    {/etc/procmailrc}{${home}/.procmailrc}}:\
                  +/usr/bin/procmail
  no_verify
  no_expn

maildrop:
  debug_print = "R: maildrop for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = maildrop_pipe
  require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
  no_verify
  no_expn

local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  local_parts = ! root
  transport = LOCAL_DELIVERY
  cannot_route_message = Unknown user

mail4root:
  debug_print = "R: mail4root for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = /var/mail/mail
  file_transport = address_file
  local_parts = root
  user = mail
  group = mail

begin transports
drweb_transport:
driver = lmtp
socket = /var/drweb/ipc/.drweb_maild
batch_max = 300
timeout = 5m
user = drweb

address_file:
  debug_print = "T: address_file for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_pipe:
  debug_print = "T: address_pipe for $local_part@$domain"
  driver = pipe
  return_fail_output

address_reply:
  debug_print = "T: autoreply for $local_part@$domain"
  driver = autoreply

mail_spool:
  debug_print = "T: appendfile for $local_part@$domain"
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0660
  mode_fail_narrower = false

maildir_home:
  debug_print = "T: maildir_home for $local_part@$domain"
  driver = appendfile
  .ifdef MAILDIR_HOME_MAILDIR_LOCATION
  directory = MAILDIR_HOME_MAILDIR_LOCATION
  .else
  directory = $home/Maildir
  .endif
  .ifdef MAILDIR_HOME_CREATE_DIRECTORY
  create_directory
  .endif
  .ifdef MAILDIR_HOME_CREATE_FILE
  create_file = MAILDIR_HOME_CREATE_FILE
  .endif
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  .ifdef MAILDIR_HOME_DIRECTORY_MODE
  directory_mode = MAILDIR_HOME_DIRECTORY_MODE
  .else
  directory_mode = 0700
  .endif
  .ifdef MAILDIR_HOME_MODE
  mode = MAILDIR_HOME_MODE
  .else
  mode = 0600
  .endif
  mode_fail_narrower = false

maildrop_pipe:
  debug_print = "T: maildrop_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/maildrop"
  return_path_add
  delivery_date_add
  envelope_to_add

procmail_pipe:
  debug_print = "T: procmail_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/procmail"
  return_path_add
  delivery_date_add
  envelope_to_add

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = ${if exists{CONFDIR/passwd.client} \
        {\
        ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
        }\
        {} \
      }

address_directory:
  debug_print = "T: address_directory for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  check_string = ""
  escape_string = ""
  maildir_format

tr_archive_all:
  driver = appendfile
  maildir_format
  mode = 0660
  delivery_date_add = true
  envelope_to_add = true
  return_path_add = true
  directory = /var/arhiv/backupmail

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
*@titanexport.com "${lookup {${local_part}} lsearch {/etc/email-addresses} {$value} fail }" Ffrs

begin authenticators

cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}

PASSWDLINE=${sg{\
                ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
                }\
                {\\N[\\^]\\N}\
                {^^}\
            }

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if !eq{$tls_cipher}{}\
                    {^${extract{1}{:}{PASSWDLINE}}\
                     ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
                   }fail}"
.else
  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
                    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

login:
  driver = plaintext
  public_name = LOGIN

.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq{PASSWDLINE}{}}\
                         }\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
                 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
  client_send = "<; ${if !eq{PASSWDLINE}{}\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
                 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif


"Помогите побороть червя на debian+exim4+drweb(maild)"
Отправлено stas , 12-Мрт-08 16:27 
>[оверквотинг удален]
>.else
>  client_send = "<; ${if !eq{PASSWDLINE}{}\
>            
>          {}fail}\
>
>            
>     ; ${extract{1}{::}{PASSWDLINE}}\
>            
>     ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
>.endif

Я не знаю exim, но могу посоветовать проверить файл aliases или файлы .forward, procmailrc, .mailfilter.


"Помогите побороть червя на debian+exim4+drweb(maild)"
Отправлено sergio3101 , 12-Мрт-08 16:46 
>Я не знаю exim, но могу посоветовать проверить файл aliases или файлы
>.forward, procmailrc, .mailfilter.

Мега респект тебе STAS )))) действительно дело было в файлах форвардинга!!!