exim принимает почту для левых доменов
Posted: Wed May 20, 2015 9:03 pm
CentOS 6.6 + VestaCP (web install ~04-2015)
У разных юзероф в весте есть 5 доменов с почтой (по парочке ящиков заведено, типа: admin@ и info@)
На 2 ящика в разных доменах начал постоянно валится спам (по 10-20 писем в сутки) и у писем адресат "To" (ящик и домен) - левые, т.е. и близко таких нет в на сервере. Как так? :) Куда копать? :)
Начало конфига
Заголовок одного из спамовых писем с левым получателем.
PS: MYDOMEN.ru находится в 3 местах, но это не "To".
У разных юзероф в весте есть 5 доменов с почтой (по парочке ящиков заведено, типа: admin@ и info@)
На 2 ящика в разных доменах начал постоянно валится спам (по 10-20 писем в сутки) и у писем адресат "To" (ящик и домен) - левые, т.е. и близко таких нет в на сервере. Как так? :) Куда копать? :)
Начало конфига
/etc/exim/exim.confShow
######################################################################
# #
# Exim configuration file for Vesta Control Panel #
# #
######################################################################
#SPAMASSASSIN = yes
#SPAM_SCORE = 50
#CLAMD = yes
domainlist local_domains = dsearch;/etc/exim/domains/
domainlist relay_to_domains = dsearch;/etc/exim/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
no_local_from_check
untrusted_set_sender = *
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.sock
.endif
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
...
# #
# Exim configuration file for Vesta Control Panel #
# #
######################################################################
#SPAMASSASSIN = yes
#SPAM_SCORE = 50
#CLAMD = yes
domainlist local_domains = dsearch;/etc/exim/domains/
domainlist relay_to_domains = dsearch;/etc/exim/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
no_local_from_check
untrusted_set_sender = *
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.sock
.endif
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
...
заголовки письмаShow
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 22 Jan 2015 22:41:31 +0300
Received: from [119.29.7.190] (helo=mail.jrqjob12.xyz)
by srv.MYDOMEN.ru with esmtp (Exim 4.72)
(envelope-from <[email protected]>)
id 1YENdB-0007dL-1x
for [email protected]; Thu, 22 Jan 2015 22:41:31 +0300
Received: from veto2001 (unknown [113.99.178.0])
by mail.jrqjob12.xyz (Postfix) with SMTP id A2EA943F33;
Tue, 20 Jan 2015 15:50:56 +0800 (CST)
Message-ID: <E8ED5B0803D7F566BABFF64B3FDF9686@egza>
From: =?windows-1251?B?xODz8u7i4CDC5e3l8OA=?= <[email protected]>
To: =?windows-1251?B?wuXw5eLq6O0gxOXt6PE=?= <[email protected]>
Subject: =?windows-1251?B?z+7w/+Tu6iDu9O7w7Ovl7ej/INLl9e3o9+Xx?=
=?windows-1251?B?6u7j7iDx4ujk5fLl6/zx8uLgIO3gIO3u4vP+?=
=?windows-1251?B?IO/w7uTz6vbo/i4=?=
Date: Tue, 20 Jan 2015 10:50:45 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0521_01D0349E.F19D2830"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
X-redirected: yes
Envelope-to: [email protected]
Delivery-date: Thu, 22 Jan 2015 22:41:31 +0300
Received: from [119.29.7.190] (helo=mail.jrqjob12.xyz)
by srv.MYDOMEN.ru with esmtp (Exim 4.72)
(envelope-from <[email protected]>)
id 1YENdB-0007dL-1x
for [email protected]; Thu, 22 Jan 2015 22:41:31 +0300
Received: from veto2001 (unknown [113.99.178.0])
by mail.jrqjob12.xyz (Postfix) with SMTP id A2EA943F33;
Tue, 20 Jan 2015 15:50:56 +0800 (CST)
Message-ID: <E8ED5B0803D7F566BABFF64B3FDF9686@egza>
From: =?windows-1251?B?xODz8u7i4CDC5e3l8OA=?= <[email protected]>
To: =?windows-1251?B?wuXw5eLq6O0gxOXt6PE=?= <[email protected]>
Subject: =?windows-1251?B?z+7w/+Tu6iDu9O7w7Ovl7ej/INLl9e3o9+Xx?=
=?windows-1251?B?6u7j7iDx4ujk5fLl6/zx8uLgIO3gIO3u4vP+?=
=?windows-1251?B?IO/w7uTz6vbo/i4=?=
Date: Tue, 20 Jan 2015 10:50:45 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0521_01D0349E.F19D2830"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
X-redirected: yes