EximConfig v2.5
ACL(s) last updated: 05/12/2019
Config last updated: 28/01/2020
Fight back against spam with EximConfig and SA-Exim!
EximConfig is an extensive set of configuration and ACL files for the Exim 4.2x and
above MTA's, preferably used in conjunction with SpamAssassin and the SA-Exim patch.
WARNING: This project is no-longer actively developed or maintained.
***** USE AT YOUR OWN RISK *****
|
|
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
long with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Table of contents:
Features:
- Can handle both local mail on the host Exim server as well as act as a Internet SMTP relay gateway for less configurable/secure/spam-proof mail systems, such as Microsoft Exchange, Novell GroupWise, Lotus Notes, etc.
This enables you to keep the GroupWare functions of these corporate mail systems (Calendar, tasks, sharing, etc.) but enjoy the security, spam protection and many other benefits of the Exim mailer.
It can also of course act as a gateway for other internal Exim servers! :)
- Most rejection is performed at SMTP-time, off-loading the task of handling undeliverable messages to the remote sending mail server/software as well as helping to remove E-mail addresses from spam lists. This creates more work for spam mailers too, slowing down their sending software! :)
- Extensive ACL's (Access Control Lists) - Blocking can be performed on sending host, domain, IP address, HELO/EHLO, recipient, subject, message body, offensive language (Swear words), attachments, etc. Reject by-pass phrase allows legitimate senders to get through spam blocks, etc.
- Greylisting feature using MySQL database. This is an effective feature against spammers and viruses that can be applied to all messages or just those that originate from potential dynamic hosts (Where most spam/viruses generally originate from.)
- Detection and rejection of viruses using Exiscan patch and suitable 3rd party anti-virus software, such as ClamAV. Exiscan support can also detect bad MIME encoding and check for prohibited attachments within encoded multipart MIME messages.
NOTE: If you are unable to use the Exiscan support, EximConfig itself can still reject executable attachments used by viruses.
- Flood protection using MySQL database to prevent flooding by host and sender. Also detects sending of duplicate messages and repeat failed deliveries, helping prevent spam that is not picked up by other ACL's or SpamAssassin (MySQL server and Exim compiled with MySQL support required, such as GNU/Debian Linux's exim4-daemon-heavy.)
- Can match against escaped or Base64 encoded message body text using embedded Perl (Exim compiled with support for this required, such as GNU/Debian Linux's exim4-daemon-heavy.)
- Detailed and explanative rejection messages, which can be optionally customised.
- SMTP-time SpamAssassin thanks to http://sourceforge.net/projects/sa-exim - Simply set the threshold and messages reaching this score will be rejected at SMTP-time. A lower threshold can also be set in the normal SpamAssassin config files so that messages with lower scores simply get marked as possible spam. 'Teergrube' can also be performed on messages with high scores to penalise the spammer and their spam sending software by purposely holding the connection open for a given amount of time.
- Sender callback verification that can be optionally performed for all senders or just those who match specific domain names (Safer in corporate environments) such as major ISP's like HotMail, MSN, AOL, etc. who's addresses are often forged by spammers.
- Optional forced sender callback verification on hosts with no reverse DNS lookup (PTR) record and/or hostnames that indicate potential dynamic dial-up/dsl/cable connections (Helps blocks spammers using these hosts but still allows legitimate senders through.) Sender callback can also be optionally enabled for all senders (Not recommended in a corporate environment.)
- Support for SPF (Sender Policy Framework, see http://spf.pobox.com) to verify that sender is sending from a host that has been authorised by the owners of the domain (Prevents forgery of domains where SPF records have been published.)
- Detects and blocks remote hosts attempting to use a forged local host/domain name as their sender address or HELO/EHLO (A common trick used by spammers.)
- RBLs (Realtime BlackLists) can be utilised to force additional checking such as sender callback and greylisting on blacklisted hosts/domains
- Smart domains allows you to selectively route outgoing E-mail for specific domain names via your ISP's official mail servers, helping avoiding relay black lists (RBL) and spam restrictions that some ISP's and companies are now putting in place for mail sent directly from DSL, cable or broadband connections. Mail for domains not listed is sent directly.
Direct sending can also be forced for smart domains by adding direct- to the beginning of the recipient address(es) of an outbound message.
Smart sending can be forced too by adding smart- to the beginning of the recipient address (ISP mail servers must be setup to handle the domain though.)
- Support for TLS for encrypted E-mail transfers.
- Support for both client and server SMTP authentication. Client is used to authenticate with an upstream ISP mail server that you are using as a smarthost. Server is used to allow remote users to login to your server and send messages as though they were a local or relay user, avoiding ACL's normally applied to remote senders.
- 'mcp' (Multiple Copy) script to make distribution of ACL's, etc. to multiple Exim servers that use EximConfig easier.
- Detailed accumulative statistics using the 'eximconfigstats' script.
- Upgrade script to assist with upgrading from previous versions of EximConfig.
Requirements:
Download:
Latest ACL's:
- reject/subject - Subject reject ACL to block common spam subject lines.
- reject/body - Body text reject ACL to block known spam URL's in body text of forged messages.
- reject/sender_name - Full sender name reject ACL to block common spam sender names.
- reject/sender_address - Full sender address reject ACL to block known spam senders.
- reject/sender_domain - Sender domain reject ACL to block known spam domains.
- reject/host - Sending host reject ACL to block known spam host names.
- reject/attachment_filename - Filename reject ACL to block known malicious files utilised by some viruses (Mainly .ZIP's which some poeple may not wish to blanket-block.)
- domains/callback - Sender domains for which callback verification will always be performed.
- hosts/nogreylist - Sender hosts that greylisting will not be performed on.
Why is my address/site listed in the ACL's?
This is because unsolicited spam messages promoting your company/product/web site have been sent to one or more of our spam trap accounts which have never 'opted in' to any mailing lists or authorised the use of their E-mail addresses for marketing purposes.
The most likely reasons for your site being listed are:
- You used a bulk/marketing company to promote your company/product/web site who claimed that they would only target legitimate addresses/businesses who have opted in to receive marketing/advertising messages, when in fact this company lied and actually sent out unsolicited spam to users without their conscent.
- You purchased a bulk E-mail list of addresses which claimed to contain legitimate opted in addresses when it actually (Like most of these lists) contained addresses 'stolen' by crawling web sites/newsgroups and other means without first obtaining the recipient's permission.
- You sent promotional/marketing messages to users who had not opted in first to receive such messages (E.g: Our spam trap accounts.) NOTE: Sending an unsolicited message first and then offering an opt-out *IS* unsolicited spam (The user did not ask for it in the first place!)
If you feel that your address/site has been incorrectly listed, please contact us ASAP so that it can be removed.
When sending out marketing/promotional messages (Or even newsletters!), please ensure that the users you are sending to have opted in and have explicitly given their permission to be contacted first.
PLEASE NOTE: Addresses/sites used solely to promote pornographic, illegal or offensive material will not be removed from the ACL's.
Other useful scripts:
- Multi-Backup-Rsync - Script to incrementally backup multiple sources using rsync. Thanks to the use of hardlinks, a large history of archives can be kept with little additional disk space usage over the initial archive, and use of rsync ensures efficient bandwidth usage (Only changes are transfered from one archive to the next.)
- HostMon - Simple script that pings the specified hosts on a regular basis and notifies downtime and high utilisation/packet loss via E-mail.
Acknowledgements:
EximConfig v2.5 - J.P.Boggis 23/05/2003 (Last updated: 28/01/2020) - eximconfig@jcdigita.com