The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"failed to lock mailbox /some/file (fcntl) в логах exim`а"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение [ Отслеживать ]

"failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 18-Окт-06, 17:09 
Столкнулся с тьмой сабжа в логах exim`а, после его установки. Как я понял, когда чего-то там заблокировано, мыло откладывается... и потом приходит ко мне аж 9! часов спустя.

Нашел описание проблемы в эксимовском хандбуке:

By default, the appendfile transport uses non-blocking calls to fcntl() when locking an open mailbox file. If the call fails, the delivery process sleeps for lock_interval and tries again, up to lock_retries times. Non-blocking calls are used so that the file is not kept open during the wait for the lock; the reason for this is to make it as safe as possible for deliveries over NFS in the case when processes might be accessing an NFS mailbox without using a lock file. This should not be done, but misunderstandings and hence misconfigurations are not unknown.

On a busy system, however, the performance of a non-blocking lock approach is not as good as using a blocking lock with a timeout. In this case, the waiting is done inside the system call, and Exim's delivery process acquires the lock and can proceed as soon as the previous lock holder releases it.

If lock_fcntl_timeout is set to a non-zero time, blocking locks, with that timeout, are used. There may still be some retrying: the maximum number of retries is

  (lock_retries * lock_interval) / lock_fcntl_timeout


rounded up to the next whole number. In other words, the total time during which appendfile is trying to get a lock is roughly the same, unless lock_fcntl_timeout is set very large.

в силу своих познаний в английском языке, понял, что мне нужно либо отключить эту штуку вообще(ибо т.к. я почту по NFS не гоняю - мне эта фишка совсем по боку), либо использовать "blocking lock".

Правда больше не фига не понятно(ибо английский хромает). Подскажите, что и где нужно прописать, что бы решить проблему?
В exim.conf не нашел никаких упоминаний насчет этих lock`ов.

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 18-Окт-06, 20:26 
if lock_retries = 10 and lock_interval = 3s and
lock_fcntl_timeout = 20s there will be two attempts at the blocking
lock. (After the first, 20s < 30s, so it tries again; after the second
try, 40s > 30s, so it stops.)

т.е. две попытки, а потом письмо вообще выбросят?
А какой интернвал для lock_fcntl_timeout выставляют на практике?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 18-Окт-06, 20:49 
Хм, а куда это вообще прописывается то??

пытался вписать в exim.conf
lock_fcntl_timeout = 10

говорит: - "

Exim configuration error in line 849 of /etc/exim.conf: option "lock_fcntl_timeout" unknown

".

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 18-Окт-06, 22:19 
какая версия экзима, какой формат ящиков mbox/maildir?
как ставили, какая ОС?
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 18-Окт-06, 22:41 
>какая версия экзима, какой формат ящиков mbox/maildir?
>как ставили, какая ОС?

Exim 4.62 под FreeBSD 5.4, Exim поднимался вместе с ДиректАдмином.
Что вы имеете в виду под форматом ящиков?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

5. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 18-Окт-06, 22:47 
>>какая версия экзима, какой формат ящиков mbox/maildir?
>>как ставили, какая ОС?
>
>Exim 4.62 под FreeBSD 5.4, Exim поднимался вместе с ДиректАдмином.

директадмин это кто?

>Что вы имеете в виду под форматом ящиков?


в local_delivery (или какой у вас там транспорт) что написано
driver = appendfile
или
еще maildir_format

а вообще лучше все транспорты и роутеры сюда с правами на директории в которых должны быть ящики.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

6. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 18-Окт-06, 22:59 
Директ-админ, это панель управления сервером, вроде webmin`а только получше.

#                      ROUTERS CONFIGURATION                        

begin routers

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

#                      TRANSPORTS CONFIGURATION                      


# Spam Assassin
begin transports

spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix =
  message_suffix =
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail
  # must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  file = /var/mail/$local_part
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

## for delivering virtual domains to their own mail spool

virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 700
  envelope_to_add
  file = /var/spool/virtual/${domain}/${local_part}
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0
}}

## vacation transport
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
        ------                                                           ------\n\n\
        This message was automatically generated by email software\n\
        The delivery of your message has not been affected.\n\n\
        ------                                                           ------\n\n"
  to = "${sender_address}"
user = mail
        #once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
  to = "${sender_address}"
  user = mail
  #once = /etc/virtual/${domain}/reply/${local_part}.once

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp

address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

7. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 19-Окт-06, 00:27 
>Директ-админ, это панель управления сервером, вроде webmin`а только получше.
>
>#            


понятно, очередная поделка, автор которой не разобрался с предметной областью, к тому же еще и пингвинячья.

не исключено, что там еще наверчено не пойми что.

>  file = /var/mail/$local_part

>  file = /var/spool/virtual/${domain}/${local_part}

а права где на эти директории и выше?

тогда уж полный конф давай
кстати, ошибки именно в /var/log/exim/*log ?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

8. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 19-Окт-06, 11:21 
Проблему удалось порешить... оказывается нужно было так «lock_fcntl_timeout = 10s», а не «lock_fcntl_timeout = 10» указывать... почта ожила, сейчас вроде все нормально ходит. Спасибо за помощь.

P.S. Раз уж ветку про экзим начал, не подскажете, где вот это: - "This message has been rejected because it has a potentially executable attachment" отключить??, а то он мне сейчас всю корреспонденцию в окно разбросает.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

9. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 19-Окт-06, 11:35 
>Проблему удалось порешить... оказывается нужно было так «lock_fcntl_timeout = 10s», а не
>«lock_fcntl_timeout = 10» указывать... почта ожила, сейчас вроде все нормально ходит.
>Спасибо за помощь.
>
>P.S. Раз уж ветку про экзим начал, не подскажете, где вот это:
>- "This message has been rejected because it has a potentially
>executable attachment" отключить??, а то он мне сейчас всю корреспонденцию в
>окно разбросает.


смотреть acl_data или как там его обозвали

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

10. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 19-Окт-06, 12:30 
вот этот кусок конфига

######################################################################
#                               ACLs                                 #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# local source whitelist
# accept if the source is local SMTP (i.e. not over TCP/IP).
# Test for this by testing for an empty sending host field.
  accept  hosts = :

# sender domains whitelist
# accept if sender domain is in whitelist
  accept  sender_domains = +whitelist_domains

# sender hosts whitelist
# accept if sender host is in whitelist
  accept  hosts = +whitelist_hosts
  accept  hosts = +whitelist_hosts_ip

# envelope senders whitelist
# accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders

# accept mail to postmaster in any local domain, regardless of source
  accept  local_parts = postmaster
          domains     = +local_domains

# accept mail to abuse in any local domain, regardless of source
  accept  local_parts = abuse
          domains     = +local_domains

# accept mail to hostmaster in any local domain, regardless of source
  accept  local_parts = hostmaster
          domains     =+local_domains

# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out.  However, if you'll be telling your senders of blocked
# email to send an email to errors@yourdomain.com, then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.

# accept mail to errors@example.com, regardless of source
#   accept  local_parts = errors
#           domains     = example.com

# deny so-called "legal" spammers"
  deny message = Email blocked by LBL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       sender_domains = +blacklist_domains

# deny using hostname in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts

# deny using IP in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts_ip

# deny using email address in blacklist_senders
  deny message = Email blocked by BSAL - to unblock see http://www.example.com/
  domains = use_rbl_domains
  deny senders = +blacklist_senders

# By default we do NOT require sender verification.
# Sender verification denies unless sender address can be verified:
# If you want to require sender verification, i.e., that the sending
# address is routable and mail can be delivered to it, then
# uncomment the next line. If you do not want to require sender
# verification, leave the line commented out

#require verify = sender

# deny using .spamhaus
  deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = sbl.spamhaus.org

# deny using ordb
  deny message = Email blocked by ORDB - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = relays.ordb.org

# deny using sorbs smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users

# deny using spamcop
  deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = bl.spamcop.net

# deny using njabl
  deny message = Email blocked by NJABL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.njabl.org

# deny using cbl
  deny message = Email blocked by CBL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

# deny using all other sorbs ip-based blocklist besides smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.sorbs.net!=127.0.0.6

# deny using sorbs name based list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       domains =+use_rbl_domains
       # rhsbl list is name based
       dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
          message = "Unknown User"
          verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
  accept  domains = +relay_domains
          endpass
          verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
  deny    message = relay not permitted

# ACL that is used after the DATA command
check_message:
  accept


как я понял за проверку содержимого сообщения отвечается вот этот его кусок


# ACL that is used after the DATA command
check_message:
  accept
  
и вроде как accept, значит - "принимать сообщения безоговорочно", т.е. возвращать письма с исполняемыми аттачментами он не должен.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

11. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 19-Окт-06, 12:45 
>вот этот кусок конфига
>

мдя, опять все через жопу сделано.
грепай тогда конф по строке "This message has been rejected because it has a potentially executable attachment"

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

12. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 19-Окт-06, 13:25 
нашел в конфиге вот эту строку system_filter = /etc/system_filter.exim

вот его содержимое

e2-e3# more system_filter.exim
# Exim filter
## Version: 0.17
#       $Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $

## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
##
##     This program is free software; you can redistribute it and/or modify
##    it under the terms of the GNU General Public License as published by
##    the Free Software Foundation; either version 2 of the License, or
##    (at your option) any later version.
##
##    This program is distributed in the hope that it will be useful,
##    but WITHOUT ANY WARRANTY; without even the implied warranty of
##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
##    GNU General Public License for more details.
##
##    You should have received a copy of the GNU General Public License
##    along with this program; if not, write to the Free Software
##    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
## -A copy of the GNU General Public License is distributed with exim itself

## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
  finish
endif

## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# http://www.securityfocus.com/frames/?content=/templates/arti...
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
  fail text "This message has been rejected because it has\n\
             an overlength date field which can be used\n\
             to subvert Microsoft mail programs\n\
             The following URL has further information\n\
             http://www.securityfocus.com/frames/?content=/templates/arti...
  seen finish
endif

## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures.  Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
  fail text "This message has been rejected since it has\n\
             the signature of a known virus in the header."
  seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
  # looks like a real error message - just ignore it
  finish
endif

## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
#if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp
|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
#then
#  fail text "This message has been rejected because it has\n\
#            potentially executable content $1\n\
#            This form of attachment has been used by\n\
#             recent viruses or other malware.\n\
#            If you meant to send this file then please\n\
#            package it up as a zip file and resend it."
#  seen finish
#endif
# same again using unquoted filename [content_type_unquoted_fn_match]
#if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|j
se?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
#then
#  fail text "This message has been rejected because it has\n\
#            potentially executable content $1\n\
#            This form of attachment has been used by\n\
#             recent viruses or other malware.\n\
#            If you meant to send this file then please\n\
#            package it up as a zip file and resend it."
#  seen finish
#endif


## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails.   These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
#if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:fil
e)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse
?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
#then
#  fail text "This message has been rejected because it has\n\
#            a potentially executable attachment $1\n\
#            This form of attachment has been used by\n\
#             recent viruses or other malware.\n\
#            If you meant to send this file then please\n\
#            package it up as a zip file and resend it."
#  seen finish
#endif
# same again using unquoted filename [body_unquoted_fn_match]
#if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:fil
e)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|
lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
#then
#  fail text "This message has been rejected because it has\n\
#            a potentially executable attachment $1\n\
#            This form of attachment has been used by\n\
#             recent viruses or other malware.\n\
#            If you meant to send this file then please\n\
#            package it up as a zip file and resend it."
#  seen finish
#endif
## -----------------------------------------------------------------------


#### Version history
#
# 0.01 5 May 2000
#       Initial release
# 0.02 8 May 2000
#       Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#       Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#       Check global content-type header.  Efficiency mods to REs
# 0.05 9 May 2000
#       More minor efficiency mods, doc changes
# 0.06 20 June 2000
#       Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#       Latest MS Outhouse bug catching
# 0.08 19 July 2000
#       Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#       More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#       Removed exclusion for error messages - this is a little nasty
#       since it has other side effects, hence we do still exclude
#       on unix like error messages
# 0.11 20 March, 2001
#       Added CMD extension, tidied docs slightly, added RCS tag
#       ** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#       Added HTA extension
# 0.13 22 May, 2001
#       Reformatted regexps and code to build them so that they are
#       shorter than the limits on pre exim 3.20 filters.  This will
#       make them significantly less efficient, but I am getting so
#       many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#       Added .lnk extension - most requested item :-)
#       Reformatted everything so its now built from a set of short
#       library files, cutting down on manual duplication.
#       Changed \w in filename detection to . - dodges locale problems
#       Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#       Changed the . in filename detect to \S (stops it going mad)
# 0.16 19 September, 2001
#       Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#       Syntax fix
#
#### Install Notes
#
# Exim filters run the exim filter language - a very primitive
# scripting language - in place of a user .forward file, or on
# a per system basis (on all messages passing through).
# The filtering capability is documented in the main set of manuals
# a copy of which can be found on the exim web site
#       http://www.exim.org/
#
# To install, copy the filter file (with appropriate permissions)
# to /etc/exim/system_filter.exim and add to your exim config file
# [location is installation depedant - typicaly /etc/exim/config ]
# in the first section the line:-
#       message_filter = /etc/exim/system_filter.exim
#       message_body_visible = 5000
#
# You may also want to set the message_filter_user & message_filter_group
# options, but they default to the standard exim user and so can
# be left untouched.  The other message_filter_* options are only
# needed if you modify this to do other functions such as deliveries.
# The main exim documentation is quite thorough and so I see no need
# to expand it here...
#
# Any message that matches the filter will then be bounced.
# If you wish you can change the error message by editing it
# in the section above - however be careful you don't break it.
#
# After install exim should be restarted - a kill -HUP to the
# daemon will do this.
#
#### LIMITATIONS
#
# This filter tries to parse MIME with a regexp... that doesn't
# work too well.  It will also only see the amount of the body
# specified in message_body_visible
#
#### BASIS
#
# The regexp that is used to pickup MIME/uuencoded body parts with
# quoted filenames is replicated below (in perl format).
# You need to remember that exim converts newlines to spaces in
# the message_body variable.
#
#         (?:Content-                                   # start of content header
#         (?:Type: (?>\s*)                              # rest of c/t header
#           [\w-]+/[\w-]+                               # content-type (any)
#           |Disposition: (?>\s*)                       # content-disposition hdr
#           attachment)                                 # content-disposition
#         ;(?>\s*)                                      # ; space or newline
#         (?:file)?name=                                # filename=/name=
#         |begin (?>\s+) [0-7]{3,4} (?>\s+))            # begin octal-mode
#         (\"[^\"]+\.                                   # quoted filename.
#               (?:ad[ep]                               # list of extns
#               |ba[st]
#               |chm
#               |cmd
#               |com
#               |cpl
#               |crt
#               |eml
#               |exe
#               |hlp
#               |hta
#               |in[fs]
#               |isp
#               |jse?
#               |lnk
#               |md[be]
#               |ms[cipt]
#               |pcd
#               |pif
#               |reg
#               |scr
#               |sct
#               |shs
#               |url
#               |vb[se]
#               |ws[fhc])
#         \"                                            # end quote
#         )                                             # end of filename capture
#         [\s;]                                         # trailing ;/space/newline

#
#
### [End]

собственно контейнеры с упоминанием "This message has been rejected because..." закоментил, рестрартанул exim`а...  а сообщения все равно возвращаются с этими комментариями.

более того, вообще закоментил

system_filter = /etc/system_filter.exim - никакой реакции

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

13. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от eko email(ok) on 19-Окт-06, 13:27 
а вот сам конфиг целеком

######################################################################
#                 SpamBlocker.exim.conf.2.0-release                  #
#   Runtime configuration file for DirectAdmin/Exim 4.24 and above   #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# WARNING! Be sure to back up your previous exim.conf file before    #
# attempting to use this exim.conf file.                             #
#                                                                    #
# Do may not use this exim.conf Exim configuration file unless you   #
# make the required modifications to your Exim configuration         #
# following the instructions in the README file included in this     #
# distribution.                                                      #
#                                                                    #
# This is version "2.0 of the SpamBlocker exim.conf file as          #
# distributed by NoBaloney Internet Services for DirectAdmin based   #
# servers.                                                           #
#                                                                    #
# More information about NoBaloney.net may be found at:              #
#  http://www.nobaloney.net/      ... #
#                                                                    #
# More information about DirectAdmin may be found at:                #
#  http://www.directadmin.com/     &nb... #
#                                                                    #
# This Exim configuration file has been modified from the original   #
# as distributed with Exim 4.  The modifications have been made by:  #
#                                                                    #
# Jeff Lasman                                                        #
# NoBaloney Internet Services                                        #
# 1254 So. Waterman Ave., Suite 50                                   #
# San Bernardino, CA  92408                                          #
# spamblocker@nobaloney.net                                          #
# (909) 266-9209                                                     #
#                                                                    #
# The SpamBlocker exim.conf file has been modified from the original #
# exim.conf file as distributed with Exim 4, which includes the      #
# following copyright notice:                                        #
#                                                                    #
# Copyright (C) 2002 University of Cambridge, Cambridge, UK          #
#                                                                    #
# Portions of the file are taken from the exim.conf file as          #
# distributed with DirectAdmin (http://www.directadmin.com/),        #
#                                                                    #
# Copyright (C) 2003 JBMC Software, St Albert, AB, Canada            #
#                                                                    #
# Portions of this file are written by Jeff Lasman, of               #
# NoBaloney Internet Services and are copyright as follows:          #
#                                                                    #
# Copyright (C) 2004-2005 NoBaloney Internet Services,               #
# San Bernardino, Calif., USA                                        #
#                                                                    #
# Portions of the file are taken from the exim.conf file as          #
# distributed with DirectAdmin (http://www.directadmin.com/),        #
#                                                                    #
# Copyright (C) 2003 JBMC Software, St Albert, AB, Canada            #
#                                                                    #
# Portions of this file are written by Jeff Lasman, of               #
# NoBaloney Internet Services and are copyright as follows:          #
#                                                                    #
# Copyright (C) 2004-2005 NoBaloney Internet Services,               #
# San Bernardino, Calif., USA                                        #
#                                                                    #
# The entire Exim 4 distribution, including the exim.conf file, is   #
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,       #
# June 1991. If you do not have a copy of the GNU GENERAL            #
# PUBLIC LICENSE you may download it, in it's entirety, from         #
# the website at:                                                    #
#                                                                    #
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt  &nbs... #
#                                                                    #
######################################################################
#                                                                    #
# The most recent version of this SpamBlocker exim.conf file may     #
# always downloaded from the website at                              #
#                                                                    #
# http://www.nobaloney.net/exim/exim.conf.spamblocked &nb...
#                                                                    #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
#                                                                    #
# Whenever you change Exim's configuration file, you *must* remember #
# to HUP the Exim daemon, because it will not pick up the new        #
# configuration until you do. However, any other Exim processes that #
# are started, for example, a process started by an MUA in order to  #
# send a message, will see the new configuration as soon as it is in #
# place.                                                             #
#                                                                    #
# You do not need to HUP the daemon for changes in auxiliary files   #
# that are referenced from this file. They are read every time they  #
# are used.                                                          #
#                                                                    #
# It is usually a good idea to test a new configuration for          #
# syntactic correctness before installing it (for example, by        #
# running the command "exim -C /config/file.new -bV").               #
#                                                                    #
### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ###
#                                                                    #
# YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as    #
# documented in the README file.                                     #
#                                                                    #
# The README file for this version is named:                         #
# README.SpamBlocker.exim.conf.2.0                                   #
#                                                                    #
######################################################################

# Specify your host's canonical name here. This should normally be the
# fully qualified "official" name of your host. If this option is not
# set, the uname() function is called to obtain the name. In many cases
# this does the right thing and you need not set anything explicitly.

# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =

# the next line is required to start the smtp auth script included
# in DirectAdmin

perl_startup = do '/etc/exim.pl'

# the next line is required to start the system_filter included in
# DirectAdmin to refuse potentiallly harmful payloads in
# email messages

#system_filter = /etc/system_filter.exim

# next line to allow incoming email submission port 587
# see also check_recipient second ruleset

daemon_smtp_ports = 25 : 587

# SET SOME MEANINGFUL LIMITS
# OPTIONAL MODIFICATIONS:
#  These defaults work for us; you may wish to modify them
#  for your environment

message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true

# ALLOW UNDERSCORE IN EMAIL DOMAIN NAME
# domains shouldn't use the underscore character "_" but some
# may.  Because John Postel, one of the architects of the Internet,
# said "Be liberal in what you accept and conservative in what you
# transmit, we choose to allow underscore in email domain names so we
# can receive email form domains which use the underscore character
# in their domain name.
# OPTIONAL MODIFICATIONS:
#  These defaults work for us; you may wish to modify them
#  for your environment

helo_allow_chars = _

# CHANGE LOGGING BEHAVIOR
# We weren't happy with the default Exim logging behavior through
# syslog; it didn't give us enough information.  So we turned off
# syslog behavior and changed the logging behavior to give us what we
# felt was more helpful information.  You may choose to delete or modify
# this section.
# OPTIONAL MODIFICATIONS:
#  These defaults work for us; you may wish to modify them
#  for your environment

log_selector = \
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery

syslog_duplication = false

# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

# define local lists

addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts

# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.

# DO NOT ALLOW HOST LITERALS
# OPTIONAL MODIFICATIONS:
#  These defaults work for us; you may wish to uncomment the line
#  below and change the allow_domain_literals line below to true
#  to allow domain literals in your environment

# local_domains_include_host_literals

# The following line prevents Exim from recognizing addresses of the form
# "user@[111.111.111.111]" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.

allow_domain_literals = false

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

# DO HOST LOOKUP
# OPTIONAL MODIFICATIONS:
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *

# DISALLOW IDENT CALLBACKS
# OPTIONAL MODIFICATIONS:
# Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session.  By default
# we disable callbacks for incoming SMTP calls.  You may change
# rfc1413_query_timeout to 30s or some other positive number of seconds to
# enable callbacks for incoming SMTP calls.

rfc1413_hosts = *
rfc1413_query_timeout = 0s

# BOUNCE MESSAGES
# OPTIONAL MODIFICATIONS:
# When Exim can neither deliver a message nor return it to sender, it
# "freezes" the delivery error message (aka "bounce message"). There are also
# other circumstances in which messages get frozen. They will stay on the
# queue forever unless one or both of the following options is set.

# This option unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than five days.

timeout_frozen_after = 5d

# TRUSTED USERS
# OPTIONAL MODIFICATIONS:
# if you must add additional trusted users, do so here; continue the
# colon-delimited list

trusted_users = mail:majordomo:apache:diradmin

# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *
#auth_over_tls_hosts = *

######################################################################
#                               ACLs                                 #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# local source whitelist
# accept if the source is local SMTP (i.e. not over TCP/IP).
# Test for this by testing for an empty sending host field.
  accept  hosts = :

# sender domains whitelist
# accept if sender domain is in whitelist
  accept  sender_domains = +whitelist_domains

# sender hosts whitelist
# accept if sender host is in whitelist
  accept  hosts = +whitelist_hosts
  accept  hosts = +whitelist_hosts_ip

# envelope senders whitelist
# accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders

# accept mail to postmaster in any local domain, regardless of source
  accept  local_parts = postmaster
          domains     = +local_domains

# accept mail to abuse in any local domain, regardless of source
  accept  local_parts = abuse
          domains     = +local_domains

# accept mail to hostmaster in any local domain, regardless of source
  accept  local_parts = hostmaster
          domains     =+local_domains

# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out.  However, if you'll be telling your senders of blocked
# email to send an email to errors@yourdomain.com, then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.

# accept mail to errors@example.com, regardless of source
#   accept  local_parts = errors
#           domains     = example.com

# deny so-called "legal" spammers"
  deny message = Email blocked by LBL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       sender_domains = +blacklist_domains

# deny using hostname in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts

# deny using IP in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts_ip

# deny using email address in blacklist_senders
  deny message = Email blocked by BSAL - to unblock see http://www.example.com/
  domains = use_rbl_domains
  deny senders = +blacklist_senders

# By default we do NOT require sender verification.
# Sender verification denies unless sender address can be verified:
# If you want to require sender verification, i.e., that the sending
# address is routable and mail can be delivered to it, then
# uncomment the next line. If you do not want to require sender
# verification, leave the line commented out

#require verify = sender

# deny using .spamhaus
  deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = sbl.spamhaus.org

# deny using ordb
  deny message = Email blocked by ORDB - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = relays.ordb.org

# deny using sorbs smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users

# deny using spamcop
  deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = bl.spamcop.net

# deny using njabl
  deny message = Email blocked by NJABL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.njabl.org

# deny using cbl
  deny message = Email blocked by CBL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

# deny using all other sorbs ip-based blocklist besides smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.sorbs.net!=127.0.0.6

# deny using sorbs name based list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       domains =+use_rbl_domains
       # rhsbl list is name based
       dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
          message = "Unknown User"
          verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
  accept  domains = +relay_domains
          endpass
          verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
  deny    message = relay not permitted

# ACL that is used after the DATA command
check_message:
  accept

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = "${perl{smtpauth}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}}"
    server_set_id = $1


######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

begin routers

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.

# domain_literal:
#   driver = ipliteral
#   transport = remote_smtp

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}}
\
                } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majord
omo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/maj
ordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "mail"
  file = /etc/virtual/${domain}/filter
  file_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
   driver = accept
   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
   transport = uservacation
   unseen

userautoreply:
   driver = accept
   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
   transport = userautoreply
   unseen

virtual_aliases_nostar:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  unseen
  #include_domain = true

virtual_user:
  driver = accept
  condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd
}}}}}{no}{yes}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = virtual_localdelivery

virtual_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  #include_domain = true

# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

# This director matches local user mailboxes.

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix =
  message_suffix =
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail
  # must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  file = /var/mail/$local_part
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

## for delivering virtual domains to their own mail spool

virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 700
  envelope_to_add
  file = /var/spool/virtual/${domain}/${local_part}
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0
}}
  #lock_fcntl_timeout = 10
  lock_fcntl_timeout = 10s


## vacation transport
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
        ------                                                           ------\n\n\
        This message was automatically generated by email software\n\
        The delivery of your message has not been affected.\n\n\
        ------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
        #once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
  to = "${sender_address}"
  user = mail
  #once = /etc/virtual/${domain}/reply/${local_part}.once

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp

# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
  driver = autoreply

######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h


# End of Exim 4 configuration

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

14. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 19-Окт-06, 14:29 
Странно все это system filter закоменчен в тех местах.
вообщем фиг знает.

совет - снести все это криворукое поделие, поставить нормально из портов. иначе еще дахрена сюрпризов ждет вас.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

15. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от Aldaron on 20-Окт-06, 13:12 
>Странно все это system filter закоменчен в тех местах.
>вообщем фиг знает.
>
>совет - снести все это криворукое поделие, поставить нормально из портов. иначе
>еще дахрена сюрпризов ждет вас.


Нормально это как раз таки не из портов.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

16. "failed to lock mailbox /some/file (fcntl) в логах exim`а"  
Сообщение от dawnshade email on 20-Окт-06, 13:20 
>>Странно все это system filter закоменчен в тех местах.
>>вообщем фиг знает.
>>
>>совет - снести все это криворукое поделие, поставить нормально из портов. иначе
>>еще дахрена сюрпризов ждет вас.
>
>
>Нормально это как раз таки не из портов.


ах;;;;но аргументированый ответ, а главное как в тему.
или есть желание потом разгребать свалку говна в своей системе ставя все из исходников?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру