API tools faq
paste
Guest User

exim.conf

a guest
Dec 6th, 2016
329
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.80 KB | None | 0 0
raw download clone embed print report
  1. ######################################################################
  2. # #
  3. # Exim configuration file for Vesta Control Panel #
  4. # #
  5. ######################################################################
  6.  
  7. #SPAMASSASSIN = yes
  8. #SPAM_SCORE = 50
  9. #CLAMD = yes
  10.  
  11. add_environment = <; PATH=/bin:/usr/bin
  12. keep_environment =
  13. disable_ipv6=true
  14. domainlist local_domains = dsearch;/etc/exim/domains/
  15. domainlist relay_to_domains = dsearch;/etc/exim/domains/
  16. hostlist relay_from_hosts = 127.0.0.1
  17. hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
  18. hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
  19. no_local_from_check
  20. untrusted_set_sender = *
  21. acl_smtp_connect = acl_check_spammers
  22. acl_smtp_mail = acl_check_mail
  23. acl_smtp_rcpt = acl_check_rcpt
  24. acl_smtp_data = acl_check_data
  25. acl_smtp_mime = acl_check_mime
  26.  
  27. .ifdef SPAMASSASSIN
  28. spamd_address = 127.0.0.1 783
  29. .endif
  30.  
  31. .ifdef CLAMD
  32. av_scanner = clamd: /var/run/clamav/clamd.sock
  33. .endif
  34.  
  35. tls_advertise_hosts = *
  36. tls_certificate = /usr/local/vesta/ssl/certificate.crt
  37. tls_privatekey = /usr/local/vesta/ssl/certificate.key
  38.  
  39. daemon_smtp_ports = 25 : 465 : 587 : 2525
  40. tls_on_connect_ports = 465
  41. never_users = root
  42. host_lookup = *
  43. rfc1413_hosts = *
  44. rfc1413_query_timeout = 5s
  45. ignore_bounce_errors_after = 2d
  46. timeout_frozen_after = 7d
  47.  
  48. DKIM_DOMAIN = ${lc:${domain:$h_from:}}
  49. DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
  50. DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
  51.  
  52.  
  53.  
  54. ######################################################################
  55. # ACL CONFIGURATION #
  56. # Specifies access control lists for incoming SMTP mail #
  57. ######################################################################
  58. begin acl
  59.  
  60. acl_check_spammers:
  61. accept hosts = +whitelist
  62.  
  63. drop message = Your host in blacklist on this server.
  64. log_message = Host in blacklist
  65. hosts = +spammers
  66.  
  67. accept
  68.  
  69.  
  70. acl_check_mail:
  71. deny condition = ${if eq{$sender_helo_name}{}}
  72. message = HELO required before MAIL
  73.  
  74. drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
  75. condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
  76. condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
  77. delay = 45s
  78.  
  79. drop condition = ${if isip{$sender_helo_name}}
  80. message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
  81.  
  82. drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
  83. message = $interface_address is _my_ address
  84.  
  85. accept
  86.  
  87.  
  88. acl_check_rcpt:
  89. accept hosts = :
  90.  
  91. deny message = Restricted characters in address
  92. domains = +local_domains
  93. local_parts = ^[.] : ^.*[@%!/|]
  94.  
  95. deny message = Restricted characters in address
  96. domains = !+local_domains
  97. local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  98.  
  99. require verify = sender
  100.  
  101. accept hosts = +relay_from_hosts
  102. control = submission
  103.  
  104. accept authenticated = *
  105. control = submission/domain=
  106.  
  107. deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  108. hosts = !+whitelist
  109. dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}}
  110.  
  111. require message = relay not permitted
  112. domains = +local_domains : +relay_to_domains
  113.  
  114. deny message = smtp auth requried
  115. sender_domains = +local_domains
  116. !authenticated = *
  117.  
  118. require verify = recipient
  119.  
  120. .ifdef CLAMD
  121. warn set acl_m0 = no
  122.  
  123. warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
  124. set acl_m0 = yes
  125. .endif
  126.  
  127. .ifdef SPAMASSASSIN
  128. warn set acl_m1 = no
  129.  
  130. warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
  131. set acl_m1 = yes
  132. .endif
  133.  
  134. accept
  135.  
  136.  
  137. acl_check_data:
  138. .ifdef CLAMD
  139. deny message = Message contains a virus ($malware_name) and has been rejected
  140. malware = *
  141. condition = ${if eq{$acl_m0}{yes}{yes}{no}}
  142. .endif
  143.  
  144. .ifdef SPAMASSASSIN
  145. warn !authenticated = *
  146. hosts = !+relay_from_hosts
  147. condition = ${if < {$message_size}{100K}}
  148. condition = ${if eq{$acl_m1}{yes}{yes}{no}}
  149. spam = spamd:true/defer_ok
  150. add_header = X-Spam-Score: $spam_score_int
  151. add_header = X-Spam-Bar: $spam_bar
  152. add_header = X-Spam-Report: $spam_report
  153. set acl_m2 = $spam_score_int
  154.  
  155. warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
  156. condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
  157. add_header = X-Spam-Status: Yes
  158. message = SpamAssassin detected spam (from $sender_address to $recipients).
  159. .endif
  160.  
  161. accept
  162.  
  163.  
  164. acl_check_mime:
  165. deny message = Blacklisted file extension detected
  166. condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
  167.  
  168. accept
  169.  
  170.  
  171.  
  172. ######################################################################
  173. # AUTHENTICATION CONFIGURATION #
  174. ######################################################################
  175. begin authenticators
  176.  
  177. dovecot_plain:
  178. driver = dovecot
  179. public_name = PLAIN
  180. server_socket = /var/run/dovecot/auth-client
  181. server_set_id = $auth1
  182.  
  183. dovecot_login:
  184. driver = dovecot
  185. public_name = LOGIN
  186. server_socket = /var/run/dovecot/auth-client
  187. server_set_id = $auth1
  188.  
  189.  
  190.  
  191. ######################################################################
  192. # ROUTERS CONFIGURATION #
  193. # Specifies how addresses are handled #
  194. ######################################################################
  195. begin routers
  196.  
  197. #smarthost:
  198. # driver = manualroute
  199. # domains = ! +local_domains
  200. # transport = remote_smtp
  201. # route_list = * smartrelay.vestacp.com
  202. # no_more
  203. # no_verify
  204.  
  205. dnslookup:
  206. driver = dnslookup
  207. domains = !+local_domains
  208. transport = remote_smtp
  209. no_more
  210.  
  211. userforward:
  212. driver = redirect
  213. check_local_user
  214. file = $home/.forward
  215. allow_filter
  216. no_verify
  217. no_expn
  218. check_ancestor
  219. file_transport = address_file
  220. pipe_transport = address_pipe
  221. reply_transport = address_reply
  222.  
  223. procmail:
  224. driver = accept
  225. check_local_user
  226. require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
  227. transport = procmail
  228. no_verify
  229.  
  230. autoreplay:
  231. driver = accept
  232. require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg
  233. condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}{yes}{no}}
  234. retry_use_local_part
  235. transport = userautoreply
  236. unseen
  237.  
  238. aliases:
  239. driver = redirect
  240. headers_add = X-redirected: yes
  241. data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
  242. require_files = /etc/exim/domains/$domain/aliases
  243. redirect_router = dnslookup
  244. pipe_transport = address_pipe
  245. unseen
  246.  
  247. localuser_fwd_only:
  248. driver = accept
  249. transport = devnull
  250. condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}}
  251.  
  252. localuser_spam:
  253. driver = accept
  254. transport = local_spam_delivery
  255. condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
  256.  
  257. localuser:
  258. driver = accept
  259. transport = local_delivery
  260. condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
  261.  
  262. catchall:
  263. driver = redirect
  264. headers_add = X-redirected: yes
  265. require_files = /etc/exim/domains/$domain/aliases
  266. data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
  267. file_transport = local_delivery
  268. redirect_router = dnslookup
  269.  
  270. terminate_alias:
  271. driver = accept
  272. transport = devnull
  273. condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
  274.  
  275.  
  276.  
  277. ######################################################################
  278. # TRANSPORTS CONFIGURATION #
  279. ######################################################################
  280. begin transports
  281.  
  282. remote_smtp:
  283. driver = smtp
  284. #helo_data = $sender_address_domain
  285. dkim_domain = DKIM_DOMAIN
  286. dkim_selector = mail
  287. dkim_private_key = DKIM_PRIVATE_KEY
  288. dkim_canon = relaxed
  289. dkim_strict = 0
  290.  
  291. procmail:
  292. driver = pipe
  293. command = "/usr/bin/procmail -d $local_part"
  294. return_path_add
  295. delivery_date_add
  296. envelope_to_add
  297. user = $local_part
  298. initgroups
  299. return_output
  300.  
  301. local_delivery:
  302. driver = appendfile
  303. maildir_format
  304. maildir_use_size_file
  305. user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
  306. group = mail
  307. create_directory
  308. directory_mode = 770
  309. mode = 660
  310. use_lockfile = no
  311. delivery_date_add
  312. envelope_to_add
  313. return_path_add
  314. directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
  315. quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
  316. quota_warn_threshold = 75%
  317.  
  318. local_spam_delivery:
  319. driver = appendfile
  320. maildir_format
  321. maildir_use_size_file
  322. user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
  323. group = mail
  324. create_directory
  325. directory_mode = 770
  326. mode = 660
  327. use_lockfile = no
  328. delivery_date_add
  329. envelope_to_add
  330. return_path_add
  331. directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
  332. quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
  333. quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
  334. quota_warn_threshold = 75%
  335.  
  336. address_pipe:
  337. driver = pipe
  338. return_output
  339.  
  340. address_file:
  341. driver = appendfile
  342. delivery_date_add
  343. envelope_to_add
  344. return_path_add
  345.  
  346. address_reply:
  347. driver = autoreply
  348.  
  349. userautoreply:
  350. driver = autoreply
  351. file = /etc/exim/domains/$domain/autoreply.${local_part}.msg
  352. from = "${local_part}@${domain}"
  353. headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
  354. subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
  355. to = "${sender_address}"
  356.  
  357. devnull:
  358. driver = appendfile
  359. file = /dev/null
  360.  
  361.  
  362. ######################################################################
  363. # RETRY CONFIGURATION #
  364. ######################################################################
  365. begin retry
  366.  
  367. # Address or Domain Error Retries
  368. # ----------------- ----- -------
  369. * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
  370.  
  371.  
  372.  
  373. ######################################################################
  374. # REWRITE CONFIGURATION #
  375. ######################################################################
  376. begin rewrite
  377.  
  378.  
  379.  
  380. ######################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!