This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Oct 17th, 2011  |  syntax: None  |  size: 48.07 KB  |  views: 169  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!!# cPanel Exim 4 Config
  2.  
  3.  
  4. hostlist loopback = <; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8
  5.  
  6. hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts
  7.  
  8. hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts
  9.  
  10. hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks
  11.  
  12. hostlist backupmx_hosts = lsearch;/etc/backupmxhosts
  13.  
  14. hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts
  15.  
  16. domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}
  17.  
  18. smtp_receive_timeout = 165s
  19.  
  20. ignore_bounce_errors_after = 3d
  21.  
  22. timeout_frozen_after = 5d
  23.  
  24. auto_thaw = 7d
  25.  
  26. callout_domain_negative_expire = 1h
  27.  
  28. callout_negative_expire = 1h
  29.  
  30. daemon_smtp_ports = 25 : 465
  31.  
  32. tls_on_connect_ports = 465
  33.  
  34. system_filter_user = cpaneleximfilter
  35.  
  36. system_filter_group = cpaneleximfilter
  37.  
  38. tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  39.  
  40. acl_smtp_connect = acl_connect
  41.  
  42. acl_smtp_mail = acl_mail
  43.  
  44. acl_smtp_notquit = acl_notquit
  45.  
  46. spamd_address = 127.0.0.1 783
  47.  
  48.  
  49.  
  50. #!!# These options specify the Access Control Lists (ACLs) that
  51. #!!# are used for incoming SMTP messages - after the RCPT and DATA
  52. #!!# commands, respectively.
  53.  
  54. acl_smtp_rcpt = check_recipient
  55. acl_smtp_data = check_message
  56.  
  57. #!!# This setting defines a named domain list called
  58. #!!# local_domains, created from the old options that
  59. #!!# referred to local domains. It will be referenced
  60. #!!# later on by the syntax "+local_domains".
  61. #!!# Other domain and host lists may follow.
  62.  
  63. domainlist local_domains = lsearch;/etc/localdomains
  64.  
  65. domainlist relay_domains = lsearch;/etc/localdomains : \
  66.     lsearch;/etc/secondarymx
  67. hostlist relay_hosts = lsearch;/etc/relayhosts : \
  68.     localhost
  69. hostlist auth_relay_hosts = *
  70.  
  71. ######################################################################
  72. #                  Runtime configuration file for Exim               #
  73. ######################################################################
  74.  
  75.  
  76. # This is a default configuration file which will operate correctly in
  77. # uncomplicated installations. Please see the manual for a complete list
  78. # of all the runtime configuration options that can be included in a
  79. # configuration file. There are many more than are mentioned here. The
  80. # manual is in the file doc/spec.txt in the Exim distribution as a plain
  81. # ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
  82. # the Exim ftp sites. The manual is also online via the Exim web sites.
  83.  
  84.  
  85. # This file is divided into several parts, all but the last of which are
  86. # terminated by a line containing the word "end". The parts must appear
  87. # in the correct order, and all must be present (even if some of them are
  88. # in fact empty). Blank lines, and lines starting with # are ignored.
  89.  
  90.  
  91.  
  92. ######################################################################
  93. #                    MAIN CONFIGURATION SETTINGS                     #
  94. ######################################################################
  95.  
  96. perl_startup = do '/etc/exim.pl'
  97.  
  98. #dns_retry = 1
  99. #dns_retrans = 1s
  100.  
  101. # Specify your host's canonical name here. This should normally be the fully
  102. # qualified "official" name of your host. If this option is not set, the
  103. # uname() function is called to obtain the name.
  104.  
  105. smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
  106. \#${compile_number} ${tod_full} \n\
  107.   We do not authorize the use of this system to transport unsolicited, \n\
  108.   and/or bulk e-mail."
  109.  
  110.  
  111. #nobody as the sender seems to annoy people
  112. untrusted_set_sender = *
  113. local_from_check = false
  114.  
  115. rfc1413_query_timeout = 2s
  116.  
  117. split_spool_directory = yes
  118.  
  119. smtp_connect_backlog = 50
  120. smtp_accept_max = 100
  121.  
  122. # primary_hostname =
  123. deliver_queue_load_max = 3
  124.  
  125. # Specify the domain you want to be added to all unqualified addresses
  126. # here. An unqualified address is one that does not contain an "@" character
  127. # followed by a domain. For example, "caesar@rome.ex" is a fully qualified
  128. # address, but the string "caesar" (i.e. just a login name) is an unqualified
  129. # email address. Unqualified addresses are accepted only from local callers by
  130. # default. See the receiver_unqualified_{hosts,nets} options if you want
  131. # to permit unqualified addresses from remote sources. If this option is
  132. # not set, the primary_hostname value is used for qualification.
  133.  
  134. # qualify_domain =
  135.  
  136.  
  137. # If you want unqualified recipient addresses to be qualified with a different
  138. # domain to unqualified sender addresses, specify the recipient domain here.
  139. # If this option is not set, the qualify_domain value is used.
  140.  
  141. # qualify_recipient =
  142.  
  143.  
  144. # Specify your local domains as a colon-separated list here. If this option
  145. # is not set (i.e. not mentioned in the configuration file), the
  146. # qualify_recipient value is used as the only local domain. If you do not want
  147. # to do any local deliveries, uncomment the following line, but do not supply
  148. # any data for it. This sets local_domains to an empty string, which is not
  149. # the same as not mentioning it at all. An empty string specifies that there
  150. # are no local domains; not setting it at all causes the default value (the
  151. # setting of qualify_recipient) to be used.
  152.  
  153.  
  154.  
  155. #!!# message_filter renamed system_filter
  156. message_body_visible = 5000
  157.  
  158.  
  159.  
  160.  
  161.  
  162.  
  163. # If you want to accept mail addressed to your host's literal IP address, for
  164. # example, mail addressed to "user@[111.111.111.111]", then uncomment the
  165. # following line, or supply the literal domain(s) as part of "local_domains"
  166. # above.
  167.  
  168. # local_domains_include_host_literals
  169.  
  170.  
  171. # No local deliveries will ever be run under the uids of these users (a colon-
  172. # separated list). An attempt to do so gets changed so that it runs under the
  173. # uid of "nobody" instead. This is a paranoic safety catch. Note the default
  174. # setting means you cannot deliver mail addressed to root as if it were a
  175. # normal user. This isn't usually a problem, as most sites have an alias for
  176. # root that redirects such mail to a human administrator.
  177.  
  178. never_users = root
  179.  
  180.  
  181. # The use of your host as a mail relay by any host, including the local host
  182. # calling its own SMTP port, is locked out by default. If you want to permit
  183. # relaying from the local host, you should set
  184. #
  185. # host_accept_relay = localhost
  186. #
  187. # If you want to permit relaying through your host from certain hosts or IP
  188. # networks, you need to set the option appropriately, for example
  189. #
  190. #
  191. #
  192. # If you are an MX backup or gateway of some kind for some domains, you must
  193. # set relay_domains to match those domains. This will allow any host to
  194. # relay through your host to those domains.
  195. #
  196. # See the section of the manual entitled "Control of relaying" for more
  197. # information.
  198.  
  199. # The setting below causes Exim to do a reverse DNS lookup on all incoming
  200. # IP calls, in order to get the true host name. If you feel this is too
  201. # expensive, you can specify the networks for which a lookup is done, or
  202. # remove the setting entirely.
  203.  
  204. #host_lookup = 0.0.0.0/0
  205.  
  206.  
  207. # By default, Exim expects all envelope addresses to be fully qualified, that
  208. # is, they must contain both a local part and a domain. If you want to accept
  209. # unqualified addresses (just a local part) from certain hosts, you can specify
  210. # these hosts by setting one or both of
  211. #
  212. # receiver_unqualified_hosts =
  213. # sender_unqualified_hosts =
  214. #
  215. # to control sender and receiver addresses, respectively. When this is done,
  216. # unqualified addresses are qualified using the settings of qualify_domain
  217. # and/or qualify_recipient (see above).
  218.  
  219.  
  220. # Exim contains support for the Realtime Blocking List (RBL) that is being
  221. # maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
  222. # Uncommenting the first line below will make Exim reject mail from any
  223. # host whose IP address is blacklisted in the RBL at maps.vix.com. Some
  224. # others have followed the RBL lead and have produced other lists: DUL is
  225. # a list of dial-up addresses, and ORBS is a list of open relay systems. The
  226. # second line below checks all three lists.
  227.  
  228. # rbl_domains = rbl.maps.vix.com
  229. # rbl_domains = rbl.maps.vix.com
  230.  
  231.  
  232. # If you want Exim to support the "percent hack" for all your local domains,
  233. # uncomment the following line. This is the feature by which mail addressed
  234. # to x%y@z (where z is one of your local domains) is locally rerouted to
  235. # x@y and sent on. Otherwise x%y is treated as an ordinary local part.
  236.  
  237. # percent_hack_domains = *
  238.  
  239. #sender_host_accept = +include_unknown:*
  240. #sender_host_reject = +include_unknown:lsearch*;/etc/spammers
  241.  
  242.  
  243.  
  244. tls_certificate = /etc/exim.crt
  245. tls_privatekey = /etc/exim.key
  246. tls_advertise_hosts = *
  247.  
  248. helo_accept_junk_hosts = *
  249.  
  250. smtp_enforce_sync = false
  251.  
  252.  
  253. #!!#######################################################!!#
  254. #!!# This new section of the configuration contains ACLs #!!#
  255. #!!# (Access Control Lists) derived from the Exim 3      #!!#
  256. #!!# policy control options.                             #!!#
  257. #!!#######################################################!!#
  258.  
  259. #!!# These ACLs are crudely constructed from Exim 3 options.
  260. #!!# They are almost certainly not optimal. You should study
  261. #!!# them and rewrite as necessary.
  262.  
  263. begin acl
  264.  
  265.  
  266.  
  267. ########################################################################################
  268. # DO NOT ALTER THIS BLOCK
  269. ########################################################################################
  270. #
  271. # cPanel Default ACL Template Version: 8.2
  272. # Template: mailman2.dist
  273. #
  274. ########################################################################################
  275. # DO NOT ALTER THIS BLOCK
  276. ########################################################################################
  277.  
  278. acl_mail:
  279.  
  280.     # ignore authenticated hosts
  281.     accept authenticated = *
  282.  
  283.     # drop connections to localhost that fail auth (required for Horde)
  284.     drop
  285.         condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \
  286.                               {def:authentication_failed}} \
  287.                         {yes}{no}}
  288.         condition = $authentication_failed
  289.         message   = Authentication failed
  290.  
  291.     # ignore pop before smtp
  292.     accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
  293.     accept hosts = +relay_hosts
  294.  
  295. #BEGIN ACL_MAIL_BLOCK
  296.  
  297. deny
  298.     condition = ${if eq{$sender_helo_name}{}}
  299.     message   = HELO required before MAIL
  300.  
  301.  
  302.  
  303. drop  
  304.     condition = ${if match{$sender_helo_name}{^$primary_hostname\$}}
  305.     message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
  306.  
  307.  
  308. drop
  309.     condition = ${if eq{[$interface_address]}{$sender_helo_name}}
  310.     message   = "REJECTED - Interface: $interface_address is _my_ address"
  311.  
  312. drop
  313.     condition   = ${if isip{$sender_helo_name}}
  314.     message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)
  315.  
  316. drop
  317.     # Required because "[IPv6:<address>]" will have no .s
  318.     condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
  319.     condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  320.     message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
  321.  
  322. drop
  323.     condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  324.     message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
  325.    
  326. drop
  327.     condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  328.     message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
  329.  
  330. #END ACL_MAIL_BLOCK
  331.  
  332.  
  333.     accept
  334.  
  335.  
  336. acl_connect:
  337.  
  338. #BEGIN ACL_CONNECT_BLOCK
  339.  
  340.     accept
  341.         hosts = +trustedmailhosts
  342.  
  343.     accept
  344.         condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
  345.  
  346.  
  347. # ignore pop before smtp
  348.     accept
  349.         condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
  350.  
  351.     accept
  352.         hosts = +relay_hosts : +backupmx_hosts
  353.  
  354. #only rate limit port 25
  355.     accept
  356.         condition = ${if eq {$interface_port}{25}{no}{yes}}
  357.  
  358.     defer
  359.         message = The server has reached its limit for processing requests from your host.  Please try again later.
  360.         log_message = "Host is ratelimited ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
  361.         ratelimit = 1.2 / 1h / strict / per_conn / noupdate
  362.  
  363.  
  364.  
  365. drop
  366.     message = Your host is not allowed to connect to this server.
  367.     log_message = Host is banned
  368.     hosts = +spammeripblocks
  369.  
  370.  
  371. #END ACL_CONNECT_BLOCK
  372.  
  373. # do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
  374. #acl_smtp_notquit is required for this to work (exim 4.68)
  375.     accept
  376.  
  377. acl_notquit:
  378.  
  379. #BEGIN ACL_NOTQUIT_BLOCK
  380.  
  381. # ignore authenticated hosts
  382. accept authenticated = *
  383.  
  384. # ignore pop before smtp
  385. accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
  386. accept hosts = +relay_hosts
  387.  
  388. #only rate limit port 25
  389. accept condition = ${if eq {$interface_port}{25}{no}{yes}}
  390.  
  391. warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
  392.     log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"    
  393.     ratelimit = 1.2 / 1h / strict / per_conn
  394.  
  395.  
  396. #END ACL_NOTQUIT_BLOCK
  397.  
  398.  
  399. #!!# ACL that is used after the RCPT command
  400. check_recipient:
  401.   # Exim 3 had no checking on -bs messages, so for compatibility
  402.   # we accept if the source is local SMTP (i.e. not over TCP/IP).
  403.   # We do this by testing for an empty sending host field.
  404.  
  405. #BEGIN ACL_RATELIMIT_BLOCK
  406. # Log all senders' rates
  407.     warn ratelimit = 0 / 1h / strict
  408.     log_message = Sender rate $sender_rate / $sender_rate_period
  409.  
  410. #END ACL_RATELIMIT_BLOCK
  411.  
  412.   accept  hosts = :
  413.  
  414.   accept hosts = +skipsmtpcheck_hosts
  415.  
  416.  
  417.   # Accept bounces to lists even if callbacks or other checks would fail
  418.   warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
  419.            condition    = \
  420.            ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
  421.                      {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
  422.                 {yes}{no}}
  423.  
  424.   accept   condition    = \
  425.            ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
  426.                      {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
  427.                 {yes}{no}}
  428.  
  429.  
  430.   # Accept bounces to lists even if callbacks or other checks would fail
  431.   warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
  432.            condition    = \
  433.            ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
  434.                      {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
  435.                 {yes}{no}}
  436.  
  437.   accept   condition    = \
  438.            ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
  439.                      {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
  440.                 {yes}{no}}
  441.  
  442.   #if it gets here it isn't mailman
  443. # deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
  444.    deny  hosts = ! +senderverifybypass_hosts
  445.         ! verify = sender
  446.  
  447.   accept  hosts = *
  448.           authenticated = *
  449.  
  450.  
  451.   # if they used "pop before smtp" then we just accept
  452.   accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
  453.           add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
  454.  
  455.   accept  hosts = +relay_hosts
  456.           add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
  457.  
  458.    #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
  459.    # a clogged outbox in outlook
  460.  
  461.  
  462.  
  463.     #recipient verifications are required for all messages that are not sent to the local machine    #this was done at multiple users requests
  464.     require verify = recipient
  465.  
  466.  
  467. #BEGIN ACL_POST_RECP_VERIFY_BLOCK
  468.  
  469.  
  470.   warn
  471.     log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
  472.     condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
  473.     set acl_m7 = 1
  474.  
  475.   warn
  476.     condition = ${if eq {${acl_m7}}{1}{1}{0}}
  477.     ratelimit = 0 / 1h / strict / per_conn
  478.     log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"
  479.  
  480.   drop
  481.     condition = ${if eq {${acl_m7}}{1}{1}{0}}
  482.     message = "Number of failed recipients exceeded.  Come back in a few hours."
  483.  
  484.  
  485. #END ACL_POST_RECP_VERIFY_BLOCK
  486.  
  487. #BEGIN ACL_TRUSTEDLIST_BLOCK
  488.  accept
  489.     hosts = +trustedmailhosts
  490.  
  491.  accept
  492.      condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
  493.  
  494. #END ACL_TRUSTEDLIST_BLOCK
  495.  
  496.  
  497.  
  498.  
  499.  
  500.     # The only problem with this setup is that if the message is for multiple users on the same server
  501.     # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
  502.     # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.
  503.  
  504.  
  505.   warn  domains = ! ${primary_hostname} : +local_domains
  506.          condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
  507.          set acl_m0    = 1
  508.          set acl_m1    = ${lookup{$domain}lsearch*{/etc/userdomains}{$value}}
  509.  
  510.   warn  domains = ${primary_hostname}
  511.           condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
  512.           set acl_m0    = 1
  513.           set acl_m1    = $local_part
  514.  
  515. #BEGIN ACL_POST_SPAM_SCAN_CHECK_BLOCK
  516. # Research in Motion - Blackberry white list
  517.  warn
  518.      condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
  519.      set acl_m0 = 0
  520.  
  521. #END ACL_POST_SPAM_SCAN_CHECK_BLOCK
  522.  
  523.   accept  domains = +relay_domains
  524.  
  525.   deny    message = $sender_fullhost is currently not permitted to \
  526.                         relay through this server. Perhaps you \
  527.                         have not logged into the pop/imap server in the \
  528.                         last 30 minutes or do not have SMTP Authentication turned on in your email client.
  529.  
  530.  
  531. #!!# ACL that is used after the DATA command
  532. check_message:
  533. #  Enabling this will make the server non-rfc compliant
  534. #  require verify = header_sender
  535.  accept  hosts = 127.0.0.1 : +relay_hosts
  536.  
  537.   accept  hosts = *
  538.           authenticated = *
  539.  
  540.     accept
  541.         hosts = +trustedmailhosts
  542.  
  543.     accept
  544.         condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
  545.  
  546. #BEGIN ACL_PRE_SPAM_SCAN
  547. # Research in Motion - Blackberry white list
  548.  accept
  549.      condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
  550.  
  551. #END ACL_PRE_SPAM_SCAN
  552.  
  553.   warn
  554.     condition = ${if eq {${acl_m0}}{1}{1}{0}}
  555.     spam =  ${acl_m1}/defer_ok
  556.     log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
  557.     add_header = X-Spam-Subject:  $h_subject
  558.     add_header = X-Spam-Status: Yes, score=$spam_score
  559.     add_header = X-Spam-Score: $spam_score_int
  560.     add_header = X-Spam-Bar: $spam_bar
  561.     add_header = X-Spam-Report: $spam_report
  562.     add_header = X-Spam-Flag: YES
  563.     set acl_m2 = 1
  564.  
  565.   warn
  566.       condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}
  567.  
  568.   warn
  569.   condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  570.   add_header = X-Spam-Status: No, score=$spam_score
  571.   add_header = X-Spam-Score: $spam_score_int
  572.   add_header = X-Spam-Bar: $spam_bar
  573.   add_header = X-Ham-Report: $spam_report
  574.   add_header = X-Spam-Flag: NO
  575.   log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
  576.  
  577.  
  578.    
  579.  accept
  580.  
  581.  
  582.  
  583.  
  584.  
  585.  
  586. begin authenticators
  587.  
  588. dovecot_plain:
  589.     driver = dovecot
  590.     public_name = PLAIN
  591.     server_socket = /var/run/dovecot/auth-client
  592.     server_set_id = $auth1
  593.     server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
  594.  
  595. dovecot_login:
  596.   driver = dovecot
  597.   public_name = LOGIN
  598.   server_socket = /var/run/dovecot/auth-client
  599.   server_set_id = $auth1
  600.   server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
  601.  
  602.  
  603.  
  604.  
  605.  
  606. ######################################################################
  607. #                      REWRITE CONFIGURATION                         #
  608. ######################################################################
  609.  
  610. # There are no rewriting specifications in this default configuration file.
  611.  
  612. begin rewrite
  613.  
  614.  
  615.  
  616.  
  617.  
  618. #!!#######################################################!!#
  619. #!!# Here follow routers created from the old routers,   #!!#
  620. #!!# for handling non-local domains.                     #!!#
  621. #!!#######################################################!!#
  622.  
  623. begin routers
  624.  
  625.  
  626. #!!# If we are trying to deliver to a remote mailman domain that is on the localhost
  627. #!!# let it go though even if its not in /etc/localdomains since mailman will eat
  628. #!!# up 100% of the cpu if we don't
  629.  
  630. mailman_virtual_router:
  631.     driver = accept
  632.     require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
  633.     local_part_suffix_optional
  634.     local_part_suffix = -admin     : \
  635.                         -bounces   : -bounces+* : \
  636.                         -confirm   : -confirm+* : \
  637.                         -join      : -leave     : \
  638.                         -owner     : -request   : \
  639.                         -subscribe : -unsubscribe
  640.     transport = mailman_virtual_transport
  641.  
  642. mailman_virtual_router_nodns:
  643.     driver = accept
  644.     require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
  645.     condition    = \
  646.            ${if or {{match{$local_part}{.*_.*}} \
  647.                      {eq{$local_part}{mailman}}} \
  648.                 {1}{0}}
  649.     local_part_suffix_optional
  650.     local_part_suffix = -admin     : \
  651.                         -bounces   : -bounces+* : \
  652.                         -confirm   : -confirm+* : \
  653.                         -join      : -leave     : \
  654.                         -owner     : -request   : \
  655.                         -subscribe : -unsubscribe
  656.     domains = +local_domains
  657.     transport = mailman_virtual_transport_nodns
  658.  
  659.  
  660.  
  661.  
  662. ######################################################################
  663. #                      ROUTERS CONFIGURATION                         #
  664. #            Specifies how remote addresses are handled              #
  665. ######################################################################
  666. #                          ORDER DOES MATTER                         #
  667. #  A remote address is passed to each in turn until it is accepted.  #
  668. ######################################################################
  669.  
  670. # Remote addresses are those with a domain that does not match any item
  671. # in the "local_domains" setting above.
  672.  
  673. #
  674. # Demo Safety Router
  675. #
  676.  
  677. democheck:
  678.     driver = redirect
  679.     require_files = "+/etc/demouids"
  680.     condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
  681.     allow_fail
  682.     data = :fail: demo accounts are not permitted to relay email
  683.  
  684.  
  685.  
  686.  
  687. # This router routes to remote hosts over SMTP using a DNS lookup with
  688. # default options.
  689.  
  690. boxtrapper_autowhitelist:
  691.   driver = accept
  692.   condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}}
  693.   require_files = "+/usr/local/cpanel/bin/boxtrapper"
  694.   transport = boxtrapper_autowhitelist
  695.   unseen
  696.  
  697. #
  698. # Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
  699. #
  700.  
  701. checkspam2:
  702.     domains = ! +local_domains
  703.     condition = "${perl{checkspam2}}"
  704.     driver = redirect
  705.     ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  706.     allow_fail
  707.     data = "${perl{checkspam2_results}}"
  708.  
  709. #
  710. # Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
  711. #
  712. trackbandwidth:
  713.     domains = ! +local_domains
  714.     condition = "${perl{trackbandwidth}}"
  715.     driver = redirect
  716.     ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  717.     allow_fail
  718.     verify = false
  719.     data = "${perl{trackbandwidth_results}}"
  720.  
  721. #
  722. # Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
  723. #
  724.    
  725. dk_lookuphost:
  726.     driver = dnslookup
  727.     domains = ! +local_domains
  728.     #ignore verisign to prevent waste of bandwidth
  729.     ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  730.     require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
  731.     headers_add = "${perl{mailtrapheaders}}"
  732.     transport = dk_remote_smtp
  733.    
  734. #
  735. # Lookup host router for remote smtp and ignores verisign site finder 'service'
  736. #
  737.    
  738. lookuphost:
  739.     driver = dnslookup
  740.     domains = ! +local_domains
  741.     #ignore verisign to prevent waste of bandwidth
  742.     ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  743.     headers_add = "${perl{mailtrapheaders}}"
  744.     transport = remote_smtp
  745.  
  746. # This router routes to remote hosts over SMTP by explicit IP address,
  747. # given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
  748. # require this facility, which is why it is enabled by default in Exim.
  749. # If you want to lock it out, set forbid_domain_literals in the main
  750. # configuration section above.
  751.  
  752. #
  753. # Literal Transports .. ignores verisigns sitefinder service
  754. #
  755.  
  756. literal:
  757.     driver = ipliteral
  758.     domains = ! +local_domains
  759.     headers_add = "${perl{mailtrapheaders}}"
  760.     ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  761.     transport = remote_smtp
  762.  
  763.  
  764.  
  765.  
  766. #!!# This new router is put here to fail all domains that
  767. #!!# were not in local_domains in the Exim 3 configuration.
  768.  
  769. #
  770. # Trap Failures to Remote Domain
  771. #
  772.  
  773. fail_remote_domains:
  774.   driver = redirect
  775.   domains = ! +local_domains : ! localhost : ! localhost.localdomain
  776.   allow_fail
  777.   data = ":fail: The mail server could not deliver mail to $local_part@$domain.  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."
  778.  
  779.  
  780.  
  781.  
  782.  
  783. #!!#######################################################!!#
  784. #!!# Here follow routers created from the old directors, #!!#
  785. #!!# for handling local domains.                         #!!#
  786. #!!#######################################################!!#
  787.  
  788.  
  789.  
  790. ######################################################################
  791. #                      DIRECTORS CONFIGURATION                       #
  792. #             Specifies how local addresses are handled              #
  793. ######################################################################
  794. #                          ORDER DOES MATTER                         #
  795. #   A local address is passed to each in turn until it is accepted.  #
  796. ######################################################################
  797.  
  798. # Local addresses are those with a domain that matches some item in the
  799. # "local_domains" setting above, or those which are passed back from the
  800. # routers because of a "self=local" setting (not used in this configuration).
  801.  
  802.  
  803. # This director handles aliasing using a traditional /etc/aliases file.
  804. # If any of your aliases expand to pipes or files, you will need to set
  805. # up a user and a group for these deliveries to run under. You can do
  806. # this by uncommenting the "user" option below (changing the user name
  807. # as appropriate) and adding a "group" option if necessary. Alternatively, you
  808. # can specify "user" on the transports that are used. Note that those
  809. # listed below are the same as are used for .forward files; you might want
  810. # to set up different ones for pipe and file deliveries from aliases.
  811.  
  812. #spam_filter:
  813. #  driver = forwardfile
  814. #  file = /etc/spam.filter
  815. #  no_check_local_user
  816. #  no_verify
  817. #  filter
  818. #  allow_system_actions
  819.  
  820.  
  821.  
  822.  
  823.  
  824.  
  825.  
  826. virtual_user_maildir_overquota:
  827.   driver = redirect
  828.   domains = +user_domains
  829.   router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
  830.   require_files = $home/etc/$domain
  831.   condition = "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}"
  832.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  833.   data = :fail:Mailbox quota exceeded
  834.   allow_fail
  835.  
  836.        
  837.  
  838.  
  839.  
  840.        
  841.  
  842.  
  843.  
  844.  
  845.  
  846. #
  847. # Account level filtering for everything but the main account
  848. #
  849.  
  850. central_filter:
  851.     driver = redirect
  852.     allow_filter
  853.     no_check_local_user
  854.     file = /etc/vfilters/${domain}
  855.     file_transport = address_file
  856.     directory_transport = address_directory
  857.     domains = +user_domains
  858.     pipe_transport = virtual_address_pipe
  859.     reply_transport = address_reply
  860.     router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
  861.     user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  862.     allow_fail
  863.     no_verify
  864.  
  865. #
  866. # Account level filtering for the main account
  867. #
  868. # checks /etc/vfilters/maindomain if its a localuser (ie main acct)
  869. #
  870. mainacct_central_user_filter:
  871.     driver = redirect  
  872.     allow_filter  
  873.     allow_fail
  874.     check_local_user
  875.     domains = ! +user_domains
  876.     condition = ${if eq {${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists {/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{1}{0}}}}
  877.     file = "/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
  878.     directory_transport = address_directory
  879.     file_transport = address_file  
  880.     pipe_transport = address_pipe
  881.     reply_transport = address_reply
  882.     retry_use_local_part  
  883.     no_verify
  884.  
  885. #
  886. # User Level Filtering for the main account
  887. #
  888. central_user_filter:
  889.     driver = redirect
  890.     allow_filter
  891.     allow_fail
  892.     check_local_user
  893.     domains = ! +user_domains
  894.     file = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
  895.     require_files = "+${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
  896.     router_home_directory = ${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}
  897.     directory_transport = address_directory
  898.     file_transport = address_file
  899.     pipe_transport = virtual_address_pipe
  900.     reply_transport = address_reply
  901.     retry_use_local_part
  902.     no_verify
  903.  
  904. #
  905. # User Level Filtering for virtual users
  906. #
  907. virtual_user_filter:
  908.     driver = redirect
  909.     allow_filter
  910.     allow_fail
  911.     no_check_local_user
  912.     domains = +user_domains
  913.     require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
  914.     file = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
  915.     router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
  916.     directory_transport = address_directory
  917.     file_transport = address_file
  918.     pipe_transport = virtual_address_pipe
  919.     reply_transport = address_reply
  920.     user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  921.     no_verify
  922.  
  923. virtual_aliases_nostar:
  924.   driver = redirect
  925.   allow_defer
  926.   allow_fail
  927.   require_files = "+/etc/valiases/$domain"
  928.   data = ${lookup{$local_part@$domain}lsearch{/etc/valiases/$domain}}
  929.   file_transport = address_file
  930.   group = mail
  931.   pipe_transport = virtual_address_pipe
  932.   retry_use_local_part
  933.   unseen
  934.  
  935. #
  936. # Virtual User Spam Boxes
  937. #
  938.  
  939. virtual_user_spam:
  940.     driver = accept
  941.     domains = +user_domains
  942.     require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
  943.     condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}}}
  944.     headers_remove="x-spam-exim"
  945.     transport = virtual_userdelivery_spam
  946.    
  947.  
  948. virtual_boxtrapper_user:
  949.   driver = accept
  950.   domains = +user_domains
  951.   require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
  952.   condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}}}}
  953.   retry_use_local_part
  954.   transport = virtual_boxtrapper_userdelivery
  955.  
  956. virtual_user:
  957.   driver = accept
  958.   headers_remove="x-spam-exim"
  959.   domains = +user_domains
  960.   require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
  961.   condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}
  962.   transport = virtual_userdelivery
  963.  
  964.  
  965. has_alias_but_no_mailbox_discarded_to_prevent_loop:
  966.         driver = redirect
  967.         require_files = "+/etc/valiases/$domain"
  968.         domains = +user_domains
  969.         condition = "${perl{checkvalias}{$domain}{$local_part}}"
  970.         data="#Exim Filter\nseen finish"
  971.         group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  972.         user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  973.         allow_filter
  974.         disable_logging = true
  975.  
  976. valias_domain_file:
  977.   driver = redirect
  978.   allow_defer
  979.   allow_fail
  980.   require_files = +/etc/vdomainaliases/$domain
  981.   condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no} }
  982.   data = $local_part@${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
  983. virtual_aliases:
  984.     driver = redirect
  985.     allow_defer
  986.     allow_fail
  987.     require_files = "+/etc/valiases/$domain"
  988.     data = ${lookup{*}lsearch{/etc/valiases/$domain}}
  989.     file_transport = address_file
  990.     group = mail
  991.     pipe_transport = virtual_address_pipe
  992.  
  993.  
  994.  
  995.  
  996.  
  997.  
  998. # This director handles forwarding using traditional .forward files.
  999. # If you want it also to allow mail filtering when a forward file
  1000. # starts with the string "# Exim filter", uncomment the "filter" option.
  1001. # The check_ancestor option means that if the forward file generates an
  1002. # address that is an ancestor of the current one, the current one gets
  1003. # passed on instead. This covers the case where A is aliased to B and B
  1004. # has a .forward file pointing to A. The three transports specified at the
  1005. # end are those that are used when forwarding generates a direct delivery
  1006. # to a file, or to a pipe, or sets up an auto-reply, respectively.
  1007.  
  1008. system_aliases:
  1009.   driver = redirect
  1010.   allow_defer
  1011.   allow_fail
  1012.   data = ${lookup{$local_part}lsearch{/etc/aliases}}
  1013.   file_transport = address_file
  1014.   pipe_transport = address_pipe
  1015.   retry_use_local_part
  1016. # user = exim
  1017.  
  1018.                                                                                                                                                                                                                                                        
  1019. local_aliases:
  1020.   driver = redirect
  1021.   allow_defer
  1022.   allow_fail
  1023.   data = ${lookup{$local_part}lsearch{/etc/localaliases}}
  1024.   file_transport = address_file
  1025.   pipe_transport = address_pipe
  1026.   check_local_user
  1027.                                                                                                                                                                                                                                                        
  1028.  
  1029.  
  1030. userforward:
  1031.   driver = redirect
  1032.   allow_filter
  1033.   check_ancestor
  1034.   check_local_user
  1035.   domains = ! +user_domains
  1036.   no_expn
  1037.   file = $home/.forward
  1038.   file_transport = address_file
  1039.   pipe_transport = address_pipe
  1040.   reply_transport = address_reply
  1041.   directory_transport = address_directory
  1042.   no_verify
  1043.  
  1044. #
  1045. # Optimzied spambox router
  1046. #
  1047.  
  1048. localuser_spam:
  1049.     driver = accept
  1050.     headers_remove="x-spam-exim"
  1051.     domains = ! +user_domains
  1052.     require_files = "+$home/.spamassassinboxenable"
  1053.     condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
  1054.     check_local_user
  1055.     transport = local_delivery_spam
  1056.  
  1057. boxtrapper_localuser:
  1058.   driver = accept
  1059.   require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
  1060.   check_local_user
  1061.   domains = ! +user_domains
  1062.   transport = local_boxtrapper_delivery
  1063.  
  1064.  
  1065. localuser:
  1066.     driver = accept
  1067.     headers_remove="x-spam-exim"
  1068.     check_local_user
  1069.     domains = ! +user_domains
  1070.     transport = local_delivery
  1071.  
  1072.  
  1073.  
  1074. # This director matches local user mailboxes.
  1075.  
  1076.  
  1077.  
  1078.  
  1079.  
  1080.  
  1081.  
  1082. ######################################################################
  1083. #                      TRANSPORTS CONFIGURATION                      #
  1084. ######################################################################
  1085. #                       ORDER DOES NOT MATTER                        #
  1086. #     Only one appropriate transport is called for each delivery.    #
  1087. ######################################################################
  1088.  
  1089. # A transport is used only when referenced from a director or a router that
  1090. # successfully handles an address.
  1091.  
  1092.  
  1093. # This transport is used for delivering messages over SMTP connections.
  1094.  
  1095. begin transports
  1096.  
  1097.  
  1098.  
  1099.  
  1100.  
  1101. remote_smtp:
  1102.   driver = smtp
  1103.   interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  1104.   helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
  1105.  
  1106.  
  1107. dk_remote_smtp:
  1108.   driver = smtp
  1109.   interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  1110.   helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
  1111.   dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
  1112.   dk_canon = nofws
  1113.   dk_selector = default
  1114.  
  1115.  
  1116. # This transport is used for local delivery to user mailboxes. By default
  1117. # it will be run under the uid and gid of the local user, and requires
  1118. # the sticky bit to be set on the /var/mail directory. Some systems use
  1119. # the alternative approach of running mail deliveries under a particular
  1120. # group instead of using the sticky bit. The commented options below show
  1121. # how this can be done.
  1122.  
  1123.  
  1124. local_delivery:
  1125.     driver = appendfile
  1126.     delivery_date_add
  1127.     envelope_to_add
  1128.     directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail"
  1129.     maildir_use_size_file
  1130.     maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  1131.     maildir_format
  1132.     maildir_tag = ,S=$message_size
  1133.     quota_size_regex = ,S=(\d+)
  1134.     mode = 0660
  1135.     return_path_add
  1136.     group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
  1137.     user = $local_part
  1138.     shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part}{1}{0}}
  1139.     shadow_transport = rim_bis_notifier_local_user
  1140.  
  1141. rim_bis_notifier_local_user:
  1142.     driver = pipe
  1143.     headers_only
  1144.     command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}"
  1145.     group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
  1146.     user = $local_part
  1147.     log_output = true
  1148.     current_directory = "/tmp"
  1149.     return_fail_output = true
  1150.     return_path_add = false
  1151.  
  1152. local_delivery_spam:
  1153.   driver = appendfile
  1154.   delivery_date_add
  1155.   envelope_to_add
  1156.   directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail/.spam"
  1157.   maildir_use_size_file
  1158.   maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  1159.   maildir_format
  1160.   maildir_tag = ,S=$message_size
  1161.   quota_size_regex = ,S=(\d+)
  1162.   group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
  1163.   mode = 0660
  1164.   return_path_add
  1165.   user = $local_part
  1166.  
  1167.  
  1168.        
  1169.  
  1170.  
  1171.  
  1172.  
  1173.  
  1174.  
  1175. # This transport is used for handling pipe deliveries generated by alias
  1176. # or .forward files. If the pipe generates any standard output, it is returned
  1177. # to the sender of the message as a delivery error. Set return_fail_output
  1178. # instead of return_output if you want this to happen only when the pipe fails
  1179. # to complete normally. You can set different transports for aliases and
  1180. # forwards if you want to - see the references to address_pipe below.
  1181.  
  1182. address_directory:
  1183.     driver        = appendfile
  1184.     maildir_tag = ,S=$message_size
  1185.     quota_size_regex = ,S=(\d+)
  1186.     maildir_format
  1187.     maildir_use_size_file
  1188.     maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  1189.     mode = 0660
  1190.     delivery_date_add
  1191.     envelope_to_add
  1192.     return_path_add
  1193. address_pipe:
  1194.   driver = pipe
  1195.   return_output
  1196.  
  1197. virtual_address_pipe:
  1198.   driver = pipe
  1199.   group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1200.   return_output
  1201.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1202.  
  1203. # This transport is used for handling deliveries directly to files that are
  1204. # generated by aliassing or forwarding.
  1205.  
  1206. address_file:
  1207.   driver = appendfile
  1208.   delivery_date_add
  1209.   envelope_to_add
  1210.   return_path_add
  1211.  
  1212.  
  1213. # This transport is used for handling autoreplies generated by the filtering
  1214. # option of the forwardfile director.
  1215.  
  1216.  
  1217.        
  1218.  
  1219.  
  1220. virtual_userdelivery_spam:
  1221.   driver = appendfile
  1222.   delivery_date_add
  1223.   envelope_to_add
  1224.   directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}/.spam"
  1225.   maildir_use_size_file
  1226.   maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  1227.   maildir_format
  1228.   maildir_tag = ,S=$message_size
  1229.   quota_size_regex = ,S=(\d+)
  1230.   mode = 0660
  1231.   quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
  1232.   quota_is_inclusive = false
  1233.   quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
  1234.   return_path_add
  1235.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1236.   group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
  1237.  
  1238. boxtrapper_autowhitelist:
  1239.   driver = pipe
  1240.   headers_only
  1241.   command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${authenticated_id}"
  1242.   user = ${perl{getemailuser}{$authenticated_id}}
  1243.   group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}}}{$value}}}}
  1244.   log_output = true
  1245.   current_directory = "/tmp"
  1246.   return_fail_output = true
  1247.   return_path_add = false
  1248.  
  1249. local_boxtrapper_delivery:
  1250.   driver = pipe
  1251.   command = /usr/local/cpanel/bin/boxtrapper "${local_part}" $home
  1252.   user = $local_part
  1253.   group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
  1254.   log_output = true
  1255.   current_directory = "/tmp"
  1256.   return_fail_output = true
  1257.   return_path_add = false
  1258.  
  1259. virtual_boxtrapper_userdelivery:
  1260.   driver = pipe
  1261.   command = /usr/local/cpanel/bin/boxtrapper "${local_part}@${domain}" $home
  1262.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1263.   group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
  1264.   log_output = true
  1265.   current_directory = "/tmp"
  1266.   return_fail_output = true
  1267.   return_path_add = false
  1268.  
  1269.  
  1270. virtual_userdelivery:
  1271.   driver = appendfile
  1272.   delivery_date_add
  1273.   envelope_to_add
  1274.   directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
  1275.   maildir_use_size_file
  1276.   maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  1277.   maildir_format
  1278.   maildir_tag = ,S=$message_size
  1279.   quota_size_regex = ,S=(\d+)
  1280.   mode = 0660
  1281.   quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
  1282.   quota_is_inclusive = false
  1283.   quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
  1284.   return_path_add
  1285.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1286.   group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
  1287.   shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part@$domain}{1}{0}}
  1288.   shadow_transport = rim_bis_notifier_virtual_user
  1289.  
  1290. rim_bis_notifier_virtual_user:
  1291.   driver = pipe
  1292.   headers_only
  1293.   command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}@${domain}"
  1294.   user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  1295.   group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
  1296.   log_output = true
  1297.   current_directory = "/tmp"
  1298.   return_fail_output = true
  1299.   return_path_add = false
  1300.  
  1301.  
  1302. address_reply:
  1303.   driver = autoreply
  1304.  
  1305.  
  1306. mailman_virtual_transport:
  1307.     driver = pipe
  1308.     command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
  1309.               '${if def:local_part_suffix \
  1310.                     {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
  1311.                     {post}}' \
  1312.               ${lc:$local_part}_${lc:$domain}
  1313.     current_directory = /usr/local/cpanel/3rdparty/mailman
  1314.     home_directory = /usr/local/cpanel/3rdparty/mailman
  1315.     user = mailman
  1316.     group = mailman
  1317.  
  1318.  
  1319. mailman_virtual_transport_nodns:
  1320.     driver = pipe
  1321.     command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
  1322.               '${if def:local_part_suffix \
  1323.                     {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
  1324.                     {post}}' \
  1325.               ${lc:$local_part}
  1326.     current_directory = /usr/local/cpanel/3rdparty/mailman
  1327.     home_directory = /usr/local/cpanel/3rdparty/mailman
  1328.     user = mailman
  1329.     group = mailman
  1330.  
  1331.  
  1332.  
  1333.  
  1334.  
  1335.  
  1336.  
  1337.  
  1338.  
  1339. ######################################################################
  1340. #                      RETRY CONFIGURATION                           #
  1341. ######################################################################
  1342.  
  1343. # This single retry rule applies to all domains and all errors. It specifies
  1344. # retries every 15 minutes for 2 hours, then increasing retry intervals,
  1345. # starting at 1 hour and increasing each time by a factor of 1.5, up to 16
  1346. # hours, then retries every 8 hours until 4 days have passed since the first
  1347. # failed delivery.
  1348.  
  1349. # Domain               Error       Retries
  1350. # ------               -----       -------
  1351.  
  1352.  
  1353. begin retry
  1354.  
  1355. *                       quota
  1356.  
  1357.  
  1358.  
  1359. *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
  1360.  
  1361.  
  1362.  
  1363.  
  1364. # End of Exim 4 configuration
  1365.  
clone this paste RAW Paste Data