Есть у меня ВПН сеть 10.8.0.0/24. Есть сервачек на екзиме. Вот такое чудо пишет в лог.2009-09-30 08:42:12 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.82] input="QUIT\r\n"
2009-09-30 08:57:04 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.46] input="QUIT\r\n"
2009-09-30 09:03:43 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.26] input="QUIT\r\n"
2009-09-30 09:04:16 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.90] input="QUIT\r\n"
2009-09-30 09:05:19 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.30] input="QUIT\r\n"
2009-09-30 09:13:17 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.94] input="QUIT\r\n"
2009-09-30 09:23:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.34] input="QUIT\r\n"
2009-09-30 09:45:00 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.34] input="QUIT\r\n"
2009-09-30 11:13:03 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.66] input="QUIT\r\n"
2009-09-30 11:55:15 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[10.8.0.46] input="QUIT\r\n"При чем часть хостов нормально отправляет а часть нет! Отправка почты идет 1с-кой. Погуглил нашел
warn hosts = 10.8.0.0/24
control = no_enforce_syncвставил его в
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################begin acl
acl_check_rcpt:
accept hosts = :warn hosts = 10.8.0.0/24
control = no_enforce_syncdeny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
и так далее
#########################################################
ребутнул экзим и всеравно отлуп (((Помогите, а?
Что за MUA на проблемных клиентах?Судя по "input sent without waiting for greeting" дело происходит явно до стадии rcpt. Думаю правило надо вставлять в acl_smtp_connect
>Что за MUA на проблемных клиентах?1c
>Судя по "input sent without waiting for greeting" дело происходит явно до
>стадии rcpt. Думаю правило надо вставлять в acl_smtp_connectЭЭЭЭммм даю весь конф тыкните пальцем куда.... плизззз.....
######################################################################
# Runtime configuration file for Exim #
######################################################################
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available
# from the Exim ftp sites. The manual is also online at the Exim web sites.
# This file is divided into several parts, all but the first of which are
# headed by a line starting with the word "begin". Only those parts that
# are required need to be present. Blank lines, and lines starting with #
# are ignored.
########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ###########
# #
# Whenever you change Exim's configuration file, you *must* remember to #
# HUP the Exim daemon, because it will not pick up the new configuration #
# until you do. However, any other Exim processes that are started, for #
# example, a process started by an MUA in order to send a message, will #
# see the new configuration as soon as it is in place. #
# #
# You do not need to HUP the daemon for changes in auxiliary files that #
# are referenced from this file. They are read every time they are used. #
# #
# It is usually a good idea to test a new configuration for syntactic #
# correctness before installing it (for example, by running the command #
# "exim -C /config/file.new -bV"). #
# #
########### IMPORTANT ########## IMPORTANT ########### IMPORTANT #################################################################################
# MAIN CONFIGURATION SETTINGS #
####################################################################### Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.primary_hostname = host.com
# The next three settings create two lists of domains and one list of hosts.
# These lists are referred to later in this configuration using the syntax
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:# YOU HAVE TO EDIT THIS BLOCK TO SUIT YOUR NEED!!
domainlist local_domains = @ : localhost : host.com
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 192.168.10.0/24 : 10.8.0.0/24# Most straightforward access control requirements can be obtained by
# appropriate settings of the above options. In more complicated situations, you
# may need to modify the Access Control List (ACL) which appears later in this
# file.# The first setting specifies your local domains, for example:
#
# domainlist local_domains = my.first.domain : my.second.domain
#
# You can use "@" to mean "the name of the local host", as in the default
# setting above. This is the name that is specified by primary_hostname,
# as specified above (or defaulted). If you do not want to do any local
# deliveries, remove the "@" from the setting above. If you want to accept mail
# addressed to your host's literal IP address, for example, mail addressed to
# "user@[192.168.23.44]", you can add "@[]" as an item in the local domains
# list. You also need to uncomment "allow_domain_literals" below. This is not
# recommended for today's Internet.# The second setting specifies domains for which your host is an incoming relay.
# If you are not doing any relaying, you should leave the list empty. However,
# if your host is an MX backup or gateway of some kind for some domains, you
# must set relay_to_domains to match those domains. For example:
#
# domainlist relay_to_domains = *.myco.com : my.friend.org
#
# This will allow any host to relay through your host to those domains.
# See the section of the manual entitled "Control of relaying" for more
# information.# The third setting specifies hosts that can use your host as an outgoing relay
# to any other host on the Internet. Such a setting commonly refers to a
# complete local network as well as the localhost. For example:
#
# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
#
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you
# have to include 127.0.0.1 if you want to allow processes on your host to send
# SMTP mail by using the loopback address. A number of MUAs use this method of
# sending mail.
# All three of these lists may contain many different kinds of item, including
# wildcarded names, regular expressions, and file lookups. See the reference
# manual for details. The lists above are used in the access control list for
# incoming messages. The name of this ACL is defined here:acl_smtp_rcpt = acl_check_rcpt
# You should not change that setting until you understand how ACLs work.
# The following ACL entry is used if you want to do content scanning with the
# exiscan-acl patch. When you uncomment this line, you must also review the
# acl_check_content entry in the ACL section further below.#acl_smtp_data = acl_check_content
# This configuration variable defines the virus scanner that is used with
# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
# for a list of supported scanners.# av_scanner = sophie:/var/run/sophie
# av_scanner = cmdline:/usr/bin/antivir -v -z -allfiles -noboot -s -tmp %s:ALERT:\[(.+)\]
#av_scanner = clamd:/tmp/clamd# The following setting is only needed if you use the 'spam' ACL condition
# of the exiscan-acl patch. It specifies on which host and port the SpamAssassin
# "spamd" daemon is listening. If you do not use this condition, or you use
# the default of "127.0.0.1 783", you can omit this option.#spamd_address = 0.0.0.0 783
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.example" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the recipient_unqualified_hosts option if you want to permit
# unqualified addresses from remote sources. If this option is not set, the
# primary_hostname value is used for qualification.qualify_domain = host.com
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.qualify_recipient = host.com
# The following line must be uncommented if you want Exim to recognize
# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
# (an IP address) instead of a named domain. The RFCs still require this form,
# but it makes little sense to permit mail to be sent to specific hosts by
# their IP address in the modern Internet. This ancient format has been used
# by those seeking to abuse hosts by using them for unwanted relaying. If you
# really do want to support domain literals, uncomment the following line, and
# see also the "domain_literal" router below.# allow_domain_literals
# No deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so causes a panic error to be logged, and
# the delivery to be deferred. This is a paranoic safety catch. Note that the
# default setting means you cannot deliver mail addressed to root as if it
# were a normal user. This isn't usually a problem, as most sites have an alias
# for root that redirects such mail to a human administrator.never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.host_lookup = *
# The settings below, which are actually the same as the defaults in the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session.rfc1413_hosts = *
rfc1413_query_timeout = 30s
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
#
# to control sender and recipient addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# If you want Exim to support the "percent hack" for certain domains,
# uncomment the following line and provide a list of domains. The "percent
# hack" is the feature by which mail addressed to x%y@z (where z is one of
# the domains listed) is locally rerouted to x@y and sent on. If z is not one
# of the "percent hack" domains, x%y is treated as an ordinary local part. This
# hack is rarely needed nowadays; you should not enable it unless you are sure
# that you really need it.
#
# percent_hack_domains =
#
# As well as setting this option you will also need to remove the test
# for local parts containing % in the ACL definition below.
# When Exim can neither deliver a message nor return it to sender, it "freezes"
# the delivery error message (aka "bounce message"). There are also other
# circumstances in which messages get frozen. They will stay on the queue for
# ever unless one of the following options is set.# This option unfreezes frozen bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
smtp_accept_queue_per_connection = 1000
smtp_accept_max_per_connection = 10000
extract_addresses_remove_arguments = false#tls_certificate = /etc/exim/rsa.cert
#tls_privatekey = /etc/exim/rsa.key
#tls_dhparam = /etc/exim/dh.key
#tls_advertise_hosts=*# Add verbose received-header:
received_header_text = Received: \
${if def:sender_fullhost {from ${sender_fullhost}\
${if def:sender_ident {(${sender_ident})}}}\
{${if def:sender_ident {from ${sender_ident} }}}}\
by ${primary_hostname}\
${if def:received_protocol {with ${received_protocol}}}\
${if def:tls_cipher {(tls_cipher ${tls_cipher})}}\
${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}}\
(Exim ${version_number} #${compile_number} (Gentoo Linux 1.4))\
id ${message_id}
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################begin acl
acl_check_rcpt:
accept hosts = :warn hosts = 10.8.0.0/24
control = no_enforce_syncdeny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
#equire verify = sender
accept hosts = +relay_from_hosts
control = submission
deny message = "HELO/EHLO SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
control = submission
# deny message = "Host`s blacklists - $dnslist_domain"
# dnslists = relays.ordb.org : \
# opm.blitzed.org : \
# proxies.blackholes.easynet.nl : \
# cbl.abuseat.org : \
# bl.spamcop.net : \
# bl.csma.biz : \
# dynablock.njabl.org : \
# relays.ordb.org
#
# require verify = csa
########################### Accept ##################################################accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
deny message = relay not permitted
acl_check_data:
#deny malware = *
# message = This message contains a virus ($malware_name).
#warn spam = nobody
# message = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report# Accept the message.
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################begin routers
domain_literal:
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
#system_aliases:
# driver = redirect
# allow_fail
# allow_defer
# data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = root
# file_transport = address_file
# pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
#local_part_suffix = +* : -*
#local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################begin transports
remote_smtp:
driver = smtplocal_delivery:
driver = appendfile
delivery_date_add
directory = ${home}/.maildir
maildir_format
quota=50M
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
create_directory
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_outputaddress_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add#address_reply:
#driver = autoreply
#local_delivery:
# driver = lmtp
# command = "/usr/lib/cyrus-imapd/deliver -l"
# batch_max = 20
# user = cyrus
######################################################################
# RETRY CONFIGURATION #
######################################################################begin retry
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.# Address or Domain Error Retries
# ----------------- ----- -------* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
####################################################################### There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
####################################################################### There are no authenticator specifications in this default configuration file.
begin authenticators
######################################################################
# CONFIGURATION FOR local_scan() #
####################################################################### If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.# begin local_scan
# End of Exim configuration file
Нафига выкладывать километровый конфиг с коментами?!!!В документации ж есть описание
control = enforce_sync, control = no_enforce_sync
The effect of these two controls lasts for the remainder of the SMTP connection. They can appear in any ACL except the one for the non-SMTP messages. The most straightforward place to put them is in the ACL defined by acl_smtp_connect, which is run at the start of an incoming SMTP connection, before the first synchronization check. The expected use is to turn off the synchronization checks for badly-behaved hosts that you nevertheless need to work with.Примерно так
acl_smtp_connect = acl_check_smtp_connect
...
...
...begin acl
acl_check_smtp_connect:
warn
hosts = 10.8.0.0/24
control = no_enforce_sync
message = Protocol synchronization error
Огромное спасибо! Попробую отпишусь!