Advertisement
Guest User

My Exim config

a guest
May 8th, 2013
217
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.57 KB | None | 0 0
  1. # File Managed by Puppet
  2. hide mysql_servers = 127.0.0.1/baruwa/baruwa/blahblahblah
  3. #primary_hostname =
  4. domainlist local_domains = @ : localhost : localhost.localdomain
  5. domainlist relay_sql_domains = mysql;select address from user_addresses where address_type=1 and enabled=1 and address='${quote_mysql:$domain}';
  6. hostlist relay_from_hosts = localhost : localhost.localdomain
  7. acl_smtp_rcpt = acl_check_rcpt
  8. acl_smtp_data = acl_check_data
  9. acl_smtp_mime = acl_check_mime
  10. acl_smtp_connect = acl_check_connect
  11. acl_smtp_helo = acl_check_helo
  12. #queue_only = true
  13. #queue_only_override = false
  14. smtp_banner = smtp.mydomain.com $tod_full
  15. disable_ipv6 = true
  16. smtp_accept_max_per_connection = 60
  17. smtp_accept_max = 0
  18. smtp_load_reserve = 15
  19. pipelining_advertise_hosts = 127.0.0.1
  20. smtp_accept_max_nonmail = 30
  21. smtp_max_unknown_commands = 1
  22. spool_directory = /var/spool/exim.in
  23. process_log_path = /var/spool/exim/exim-process.info
  24. #log_file_path=:syslog
  25. #syslog_duplication=false
  26. #syslog_timestamp=false
  27. #log_selector = -rejected_header
  28. received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if !eq {$received_protocol}{split} { ret-id none;}{}}${if def:received_for {\n\tfor $received_for}}
  29. av_scanner = clamd:/var/run/clamav/clamd.sock
  30. tls_advertise_hosts = *
  31. tls_certificate = /etc/pki/tls/certs/exim.pem
  32. tls_privatekey = /etc/pki/tls/private/exim.pem
  33. daemon_smtp_ports = 25
  34. never_users = root
  35. rfc1413_hosts = *
  36. rfc1413_query_timeout = 0s
  37. ignore_bounce_errors_after = 1d
  38. timeout_frozen_after = 3d
  39. auth_advertise_hosts =
  40. begin acl
  41. acl_check_rcpt:
  42. accept hosts = :
  43. drop message = Dictionary attack detected
  44. hosts = :
  45. condition = ${if >{$rcpt_fail_count}{3} {yes}{no}}
  46. delay = 2m
  47. drop message = Legitimate bounces are never sent to more than one recipient.
  48. senders = : postmaster@*
  49. condition = ${if >{$recipients_count}{1}{true}{false}}
  50. drop message = Message was delivered by ratware
  51. log_message = remote host used IP address in HELO/EHLO greeting
  52. condition = ${if isip {$sender_helo_name}{true}{false}}
  53. drop message = Restricted characters in address
  54. domains = +local_domains
  55. local_parts = ^[.] : ^.*[@%!/|]
  56. drop message = Restricted characters in address
  57. domains = !+local_domains
  58. local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  59. accept local_parts = postmaster
  60. domains = +local_domains
  61. accept hosts = +relay_from_hosts
  62. control = submission
  63. accept authenticated = *
  64. control = submission
  65. require message = relay not permitted
  66. domains = +local_domains : +relay_sql_domains
  67. require verify = recipient
  68. drop message = REJECTED because $sender_host_address is in a black list spamhaus.org
  69. dnslists = zen.spamhaus.org
  70. drop message = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  71. dnslists = bl.spamcop.net
  72. # drop message = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  73. # dnslists = b.barracudacentral.org
  74. drop message = REJECTED - We don't accept messages from hosts without reverse DNS
  75. log_message = No reverse DNS
  76. #domains = ! lsearch;/etc/exim/checks_exempt_hosts
  77. !sender_domains = /etc/exim/skiprdns
  78. !verify = reverse_host_lookup
  79. !verify = sender/callout=2m,defer_ok
  80. !condition = ${if eq{$sender_verify_failure}{}}
  81. drop message = REFUSED - no HELO/EHLO greeting
  82. log_message = remote host did not present greeting
  83. condition = ${if def:sender_helo_name {false}{true}}
  84. accept
  85. acl_check_data:
  86. drop malware = *
  87. message = This message contains a virus ($malware_name).
  88. accept
  89. acl_check_mime:
  90. drop message = Blacklisted file extension detected
  91. condition = ${if match \
  92. {${lc:$mime_filename}} \
  93. {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
  94. {1}{0}}
  95. accept
  96. acl_check_connect:
  97. drop ratelimit = 250 / 15m / strict
  98. message = You can only send $sender_rate per $sender_rate_period
  99. log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
  100. accept
  101. acl_check_helo:
  102. accept
  103. begin routers
  104. system_aliases:
  105. driver = redirect
  106. allow_fail
  107. allow_defer
  108. domains = @
  109. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  110. file_transport = address_file
  111. pipe_transport = address_pipe
  112. split:
  113. driver = accept
  114. domains = +relay_sql_domains
  115. condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_count}{1}}}{yes}{no}}
  116. transport = send_to_self
  117. no_verify
  118. defer_router:
  119. driver = redirect
  120. allow_defer
  121. data = :defer: queuing for scanning
  122. no_verify
  123. deliver_clean:
  124. driver = manualroute
  125. domains = +relay_sql_domains
  126. transport = remote_smtp
  127. route_data = ${lookup mysql {select group_concat(concat(mail_hosts.address,\
  128. '::',mail_hosts.port) SEPARATOR ':') a from mail_hosts, \
  129. user_addresses where useraddress_id=user_addresses.id and \
  130. user_addresses.address = '${quote_mysql:$domain}' and \
  131. mail_hosts.enabled = 1 and user_addresses.enabled = 1}}
  132. dnslookup:
  133. driver = dnslookup
  134. domains = ! +local_domains
  135. transport = remote_smtp
  136. ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  137. no_more
  138. localuser:
  139. driver = accept
  140. check_local_user
  141. transport = local_delivery
  142. cannot_route_message = Unknown user
  143. begin transports
  144. send_to_self:
  145. driver = pipe
  146. batch_max = 1
  147. use_bsmtp
  148. command = /usr/sbin/exim -oMr split -bS
  149. user = exim
  150. remote_smtp:
  151. driver = smtp
  152. local_delivery:
  153. driver = appendfile
  154. file = /var/mail/$local_part
  155. delivery_date_add
  156. envelope_to_add
  157. return_path_add
  158. group = mail
  159. mode = 0660
  160. address_pipe:
  161. driver = pipe
  162. return_output
  163. address_file:
  164. driver = appendfile
  165. delivery_date_add
  166. envelope_to_add
  167. return_path_add
  168. begin retry
  169. * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
  170. begin rewrite
  171. begin authenticators
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement