Probleme mit Greylistd

J

jochen35

New Member
Hallo,

auf meinem Debian Wheezy mit Exim4 und Courier-IMAP habe ich Greylistd wie folgt installiert:

Code: 
root@host:~# apt-get install greylistd
root@host:~# greylistd-setup-exim4 add -netmask=24

Adding greylistd support to Exim 4 configuration files
/etc/exim4/exim4.conf.template          : OK
/etc/exim4/exim4.conf.template          : OK
...conf.d/acl/30_exim4-config_check_rcpt: OK
...conf.d/acl/40_exim4-config_check_data: OK
[ ok ] Reloading exim4 configuration files: exim4.
Die Installation verlief also ohne Probleme, aber nachdem Exim4 nun ein paar Mails versendet und empfangen hat, bekomme ich folgende Statistik:

Code: 
root@host:~# greylist stats
Statistics since Thu Oct  9 07:39:37 2014 (1 day and 12 hours ago)
------------------------------------------------------------------
0 items, matching 0 requests, are currently whitelisted
0 items, matching 0 requests, are currently blacklisted
0 items, matching 0 requests, are currently greylisted
Auch laut Exim4-Log werden die Mails nicht verzögert.

Code: 
root@host:~# tail -f /var/log/exim4/mainlog
2014-10-10 21:34:26 1XcfxK-0002kx-2g <= emailcheck-robot@ct.de H=(web.heise.de) [193.99.144.71] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 S=2114 id=E1XcfxG-0006Vh-0N.octo10@web.heise.de
2014-10-10 21:34:26 1XcfxK-0002kx-2g => root <root@mydomain.com> R=vdomain T=vmail
2014-10-10 21:34:26 1XcfxK-0002kx-2g Completed
2014-10-10 21:34:28 1XcfxM-0002ky-G8 <= emailcheck-robot@ct.de H=(web.heise.de) [193.99.144.71] P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 S=2114 id=E1XcfxI-0001Ns-9i.octo16@web.heise.de
2014-10-10 21:34:28 1XcfxM-0002ky-G8 => root <root@mydomain.com> R=vdomain T=vmail
2014-10-10 21:34:28 1XcfxM-0002ky-G8 Completed
Demnach scheint Greylistd nicht arbeitet. Zudem gibt es noch folgende Fehlermeldung, diese bekomme ich auch bei einer frischen Installation von Debian 7.6.0, Exim4 und Greylistd in einer lokalen VM.

Code: 
root@host:~# greylist list
error: Cannot read from '/var/lib/greylistd/triplets': No such file or directory
Was meint Ihr, wo liegt hier eventuell das Problem.

Gruß
Jochen
 
Last edited by a moderator:
jochen35 said:
Code: 
root@host:~# apt-get install greylistd
root@host:~# greylistd-setup-exim4 add -netmask=24

[B]Adding greylistd support to Exim 4 configuration files
/etc/exim4/exim4.conf.template          : OK
/etc/exim4/exim4.conf.template          : OK
...conf.d/acl/30_exim4-config_check_rcpt: OK
...conf.d/acl/40_exim4-config_check_data: OK[/B]
[ ok ] Reloading exim4 configuration files: exim4.
Click to expand...
Werden diese Konfigurationsdateien auch ganz sicher verwendet? Für mich sieht es so aus, als wüsste dein Mailserver gar nicht, dass er den greylistd verwenden soll.
 
PHP-Friends said:
Hm, wir verwenden nur postfix. Welche Dateien / Verzeichnisse hast du denn in /etc/exim4?
Click to expand...

Durch "greylistd-setup-exim4 add" wurden folgende Dateien geändert.

Code: 
/etc/exim4/exim4.conf.template
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
/etc/exim4/conf.d/acl/40_exim4-config_check_data


Hier der Inhalt von /etc/exim4:

Code: 
root@v1234567890:~# ls /etc/exim4 -R
/etc/exim4:
conf.d  dkim  exim4.conf  exim4.conf.template  passwd.client  update-exim4.conf.conf

/etc/exim4/conf.d:
acl  auth  main  retry  rewrite  router  transport

/etc/exim4/conf.d/acl:
00_exim4-config_header  20_exim4-config_local_deny_exceptions  30_exim4-config_check_mail  30_exim4-config_check_rcpt  40_exim4-config_check_data

/etc/exim4/conf.d/auth:
00_exim4-config_header  30_exim4-config_examples

/etc/exim4/conf.d/main:
01_exim4-config_listmacrosdefs  02_exim4-config_options  03_exim4-config_tlsoptions  90_exim4-config_log_selector

/etc/exim4/conf.d/retry:
00_exim4-config_header  30_exim4-config

/etc/exim4/conf.d/rewrite:
00_exim4-config_header  31_exim4-config_rewriting

/etc/exim4/conf.d/router:
00_exim4-config_header           200_exim4-config_primary         500_exim4-config_hubuser      800_exim4-config_maildrop    mmm_mail4root
100_exim4-config_domain_literal  300_exim4-config_real_local      600_exim4-config_userforward  850_exim4-config_lowuid
150_exim4-config_hubbed_hosts    400_exim4-config_system_aliases  700_exim4-config_procmail     900_exim4-config_local_user

/etc/exim4/conf.d/transport:
00_exim4-config_header            30_exim4-config_address_pipe   30_exim4-config_maildrop_pipe  30_exim4-config_remote_smtp
10_exim4-config_transport-macros  30_exim4-config_address_reply  30_exim4-config_mail_spool     30_exim4-config_remote_smtp_smarthost
30_exim4-config_address_file      30_exim4-config_maildir_home   30_exim4-config_procmail_pipe  35_exim4-config_address_directory

/etc/exim4/dkim:
private.key

Hier auch noch der Inhalt von /etc/exim4/exim4.conf

Code: 
#--AUTOMATICALLY GENERATED - DO NO EDIT!

#--MACROS

SMTP_PORT = 25
LOCAL_INTERFACES = <; 0.0.0.0.25 ; 0.0.0.0.465 ; [::0]:25 ; [::0]:465
CONFDIR = /etc/exim4

LOCAL_DOMAINS = mydomain1.de : myserver.myhoster.net : mydomain2.de : localhost
ETC_MAILNAME = myserver.myhoster.net
LOCAL_DELIVERY = mail_spool
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./

DKIM_ENABLE=1
DKIM_SELECTOR = mail
DKIM_PRIVATE_KEY = /etc/exim4/dkim/private.key
DKIM_CANON = relaxed
DKIM_STRICT = 1

TLS_ENABLE=1
TLS_ADVERTISE_HOSTS = *
TLS_CERTIFICATE = /etc/ssl/certs/myserver.myhoster.net.crt
TLS_PRIVATEKEY = /etc/ssl/private/myserver.myhoster.net.key
TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt} {/etc/ssl/certs/ca-certificates.crt} {/dev/null}}

COURIERSOCKET = /var/run/courier/authdaemon/socket

ACL_SMTP_MAIL = acl_check_mail
ACL_SMTP_RCPT = acl_check_rcpt
ACL_SMTP_DATA = acl_check_data

#--CONFIGURATION



daemon_smtp_ports = SMTP_PORT
local_interfaces = LOCAL_INTERFACES
domainlist local_domains = LOCAL_DOMAINS
qualify_domain = ETC_MAILNAME

gecos_pattern = ^([^,:]*)
gecos_name = $1

acl_smtp_mail = ACL_SMTP_MAIL
acl_smtp_rcpt = ACL_SMTP_RCPT
acl_smtp_data = ACL_SMTP_DATA

# spamd_address = 127.0.0.1 783

local_from_check = false
local_sender_retain = true
untrusted_set_sender = *

ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
freeze_tell = postmaster
spool_directory = /var/spool/exim4

trusted_users = uucp

.ifdef TLS_ENABLE
tls_on_connect_ports = 465
tls_advertise_hosts = TLS_ADVERTISE_HOSTS
tls_certificate = TLS_CERTIFICATE
tls_privatekey = TLS_PRIVATEKEY
tls_verify_certificates = TLS_VERIFY_CERTIFICATES
.endif


begin acl



acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif

  accept

acl_check_rcpt:
  accept
    hosts = :
    control = dkim_disable_verify

  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
  deny
    domains = +local_domains
    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
    message = restricted characters in address
  .endif

  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
  deny
    domains = !+local_domains
    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
    message = restricted characters in address
  .endif

  accept
    .ifndef CHECK_RCPT_POSTMASTER
    local_parts = postmaster
    .else
    local_parts = CHECK_RCPT_POSTMASTER
    .endif
    domains = +local_domains

  .ifdef CHECK_RCPT_VERIFY_SENDER
  deny
    message = Sender verification failed
    !verify = sender
  .endif

  accept
    authenticated = *
    control = submission/sender_retain
    control = dkim_disable_verify

  require
    message = relay not permitted
    domains = +local_domains

  require
    verify = recipient

  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from \
              ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
              Please see \
          http://www.openspf.org/Why?scope=${if def:sender_address_domain \
              {mfrom}{helo}};identity=${if def:sender_address_domain \
              {$sender_address}{$sender_helo_name}};ip=$sender_host_address
    log_message = SPF check failed.
    condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
                   \"$sender_host_address\" --identity \
                   ${if def:sender_address_domain \
                       {--scope mfrom  --identity \"$sender_address\"}\
                       {--scope helo --identity  \"$sender_helo_name\"}}}\
                   {no}{${if eq {$runrc}{1}{yes}{no}}}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}

  warn
    condition = ${if <={$runrc}{6}{yes}{no}}
    add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
                                {${if eq {$runrc}{2}{softfail}\
                                 {${if eq {$runrc}{3}{neutral}\
                  {${if eq {$runrc}{4}{permerror}\
                   {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
                } client-ip=$sender_host_address; \
                ${if def:sender_address_domain \
                   {envelope-from=${sender_address}; }{}}\
                helo=$sender_helo_name

  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}
  .endif


  .ifdef CHECK_RCPT_IP_DNSBLS
  warn
    dnslists = CHECK_RCPT_IP_DNSBLS
    add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
  .endif

  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
  warn
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                    {CONFDIR/local_domain_dnsbl_whitelist}\
                    {}}
    dnslists = CHECK_RCPT_DOMAIN_DNSBLS
    add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
  .endif

  accept


acl_check_data:

  deny
    message = Message headers fail syntax check
    !verify = header_syntax

  accept

begin routers



vforward:
  debug_print = "R: vforward for $local_part@$domain"
  driver = redirect
  allow_defer
  allow_fail
  domains = +local_domains
  file = /etc/exim.forward/$local_part@$domain
  file_transport = address_file
  pipe_transport = address_pipe


vdomain:
  debug_print = "R: vdomain for $local_part@$domain"
  driver = accept
  domains = dsearch;/etc/exim.domains
  local_parts = lsearch;/etc/exim.domains/$domain
  transport = vmail


dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  headers_remove = received
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more

nonlocal:
  debug_print = "R: nonlocal for $local_part@$domain"
  driver = redirect
  domains = ! +local_domains
  allow_fail
  data = :fail: Mailing to remote domains not supported
  no_more


COND_LOCAL_SUBMITTER = "\
               ${if match_ip{$sender_host_address}{:@[]}\
                    {1}{0}\
        }"

real_local:
  debug_print = "R: real_local for $local_part@$domain"
  driver = accept
  domains = +local_domains
  condition = COND_LOCAL_SUBMITTER
  local_part_prefix = real-
  check_local_user
  transport = LOCAL_DELIVERY


procmail:
  debug_print = "R: procmail for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = procmail_pipe
  # emulate OR with "if exists"-expansion
  require_files = ${local_part}:\
                  ${if exists{/etc/procmailrc}\
                    {/etc/procmailrc}{${home}/.procmailrc}}:\
                  +/usr/bin/procmail
  no_verify
  no_expn

maildrop:
  debug_print = "R: maildrop for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = maildrop_pipe
  require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
  no_verify
  no_expn


local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  local_parts = ! root
  transport = LOCAL_DELIVERY
  cannot_route_message = Unknown user


mail4root:
  debug_print = "R: mail4root for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = /var/mail/mail
  file_transport = address_file
  local_parts = root
  user = mail
  group = mail



begin transports




vmail:
  debug_print = "T: vmail for $local_part@$domain"
  driver = appendfile
  user = mail
  maildir_format = true
  directory = /var/vmail/$domain/$local_part
  create_directory
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0600

mail_spool:
  debug_print = "T: appendfile for $local_part@$domain"
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0660
  mode_fail_narrower = false

maildir_home:
  debug_print = "T: maildir_home for $local_part@$domain"
  driver = appendfile
  .ifdef MAILDIR_HOME_MAILDIR_LOCATION
  directory = MAILDIR_HOME_MAILDIR_LOCATION
  .else
  directory = $home/Maildir
  .endif
  .ifdef MAILDIR_HOME_CREATE_DIRECTORY
  create_directory
  .endif
  .ifdef MAILDIR_HOME_CREATE_FILE
  create_file = MAILDIR_HOME_CREATE_FILE
  .endif
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  .ifdef MAILDIR_HOME_DIRECTORY_MODE
  directory_mode = MAILDIR_HOME_DIRECTORY_MODE
  .else
  directory_mode = 0700
  .endif
  .ifdef MAILDIR_HOME_MODE
  mode = MAILDIR_HOME_MODE
  .else
  mode = 0600
  .endif
  mode_fail_narrower = false

maildrop_pipe:
  debug_print = "T: maildrop_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/maildrop"
  return_path_add
  delivery_date_add
  envelope_to_add

procmail_pipe:
  debug_print = "T: procmail_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/procmail"
  return_path_add
  delivery_date_add
  envelope_to_add

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
  .ifdef DKIM_ENABLE
    dkim_domain = $sender_address_domain
    .ifdef DKIM_SELECTOR
    dkim_selector = DKIM_SELECTOR
    .endif
    .ifdef DKIM_PRIVATE_KEY
    dkim_private_key = DKIM_PRIVATE_KEY
    .endif
    .ifdef DKIM_CANON
    dkim_canon = DKIM_CANON
    .endif
    .ifdef DKIM_STRICT
    dkim_strict = DKIM_STRICT
    .endif
    .ifdef DKIM_SIGN_HEADERS
    dkim_sign_headers = DKIM_SIGN_HEADERS
    .endif
  .endif

address_file:
  debug_print = "T: address_file for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_pipe:
  debug_print = "T: address_pipe for $local_part@$domain"
  driver = pipe
  return_fail_output

address_reply:
  debug_print = "T: autoreply for $local_part@$domain"
  driver = autoreply



begin retry
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

begin authenticators

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = Username:: : Password::
  server_condition = ${extract {address} {${readsocket{COURIERSOCKET} \
      {AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n} }} {yes} fail}
  server_set_id = $1

plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_condition = ${extract {address} {${readsocket{COURIERSOCKET} \
      {AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n} }} {yes} fail}
  server_set_id = $2
  server_advertise_condition = ${if eq{$tls_cipher}{} {no} {yes}}
 
Last edited by a moderator:
Wenn ich das richtig sehe, wurde die exim4.conf selbst nicht verändert (diese wird aber verwendet), sondern nur die exim4.conf.template. Schau mal in dieser Datei, was genau da im Hinblick auf greylistd gemacht wurde und übernehme es in die richtige Konfigurationsdatei.
 
You must log in or register to reply here.
Back
Top