Untitled

[root@gate /etc/mail]# cat /usr/local/etc/exim/configure
######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


primary_hostname = cei.com.ua

domainlist local_domains = cei.com.ua
domainlist relay_to_domains =

#hostlist   relay_from_hosts = @

hostlist    relay_from_hosts = localhost : 127.0.0.1 : 192.168.0.0/16 : 195.177.73.200

addresslist whiteuser = lsearch*@;/usr/local/etc/exim/whitelist

hostlist auth_relay_hosts = *

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

av_scanner = clamd:/var/run/clamav/clamd.sock

spamd_address = 127.0.0.1 783


daemon_smtp_ports = 25:465:587

exim_user = mailnull
exim_group = mail
never_users = root
smtp_accept_max = 500
smtp_accept_max_per_connection = 30
smtp_accept_max_per_host = 40
smtp_enforce_sync = true

message_size_limit = 100M


#acl_smtp_helo = acl_check_helo

qualify_domain = cei.com.ua
qualify_recipient = cei.com.ua
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
helo_accept_junk_hosts = 192.168.0.0/16


host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 5s

ignore_bounce_errors_after = 10m

timeout_frozen_after = 7d

log_selector = \
    +all_parents \
    +connection_reject \
    +incoming_interface \
    +lost_incoming_connection \
    +received_sender \
    +received_recipients \
    +smtp_confirmation \
    +smtp_syntax_error \
    +smtp_protocol_error \
    -queue_run

syslog_timestamp = no


######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################

begin acl


acl_check_rcpt:

  accept  hosts = : +relay_from_hosts

 control = dkim_disable_verify


  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  #############################################################################

  # Accept mail to postmaster in any local domain, regardless of the source,
  # and without verifying the sender.

  accept  local_parts   = postmaster
          domains       = +local_domains

  # Deny unless the sender address can be verified.

  require verify        = sender


#  accept  hosts         = +relay_from_hosts
#
#          control       = submission
#          control       = dkim_disable_verify

  # Accept if the message arrived over an authenticated connection, from
  # any host. Again, these messages are usually from MUAs, so recipient
  # verification is omitted, and submission mode is set. And again, we do this
  # check before any black list tests.

  accept  authenticated = *
	    control       = submission
          control       = dkim_disable_verify


 deny    message       = "HELO/EHLO require by SMTP RFC"
       condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

deny    message       = "Your IP in HELO - access denied!"
          hosts         =  * : !+relay_from_hosts : !81-196.lissyara.su
        condition     = ${if eq{$sender_helo_name}\
        {$sender_host_address}{true}{false}}

deny    condition     = ${if eq{$sender_helo_name}\
    {$interface_address}{yes}{no}}
     hosts         = !127.0.0.1 : !localhost : *
    message       = "main IP in your HELO! Access denied!"

deny    message       = "your hostname is bad (adsl, poll, ppp & etc)."
          condition     = ${if match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}

deny    message       = "host in blacklist - $dnslist_text"
    hosts         = !10.1.0.0/16 : !127.0.0.1 : !+relay_from_hosts : $sender_host_address
    domains       = !+local_domains:!+relay_from_domains
    dnslists  = bl.spamcop.net : dnsbl.sorbs.net : sbl.spamhaus.org : pbl.spamhaus.org : xbl.spamhaus.org : dnsbl.ahbl.org : db.wpbl.info : virbl.dnsbl.bit.nl : ix.dnsbl.manitu.net : dnsbl.njabl.org : cbl.abuseat.org

warn message = X-SA-Do-Not-Rej: Yes
                domains = +local_domains
                local_parts = postmaster:abuse

warn message = X-SA-Do-Not-Run: Yes
                domains = +local_domains
                senders = +whiteuser

  require message = relay not permitted
          domains = +local_domains : +relay_to_domains

  require verify = recipient

  accept


acl_check_data:


warn  message         = X-Quarantine-Me-Malware: $malware_name
        log_message     = malware: $malware_name
        demime          = *
        malware         = */defer_ok

    warn    message       = X-Quarantine-Me-Spam: SA score $spam_score\n\
    X-SA-Report: $spam_report
    log_message   = Spam score $spam_score > 5
    spam          = spamd/defer_ok
    condition     = ${if >{$spam_score_int}{50}{1}{0}}


  # Accept the message.

  accept


######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################

begin routers

check_malware:
    driver                = redirect
    condition             = ${if def:h_X-Quarantine-Me-Malware: {1}{0}}
    headers_add           = X-Quarantined-Malware: $h_X-Quarantine-Me-Malware:
    headers_remove        = X-Quarantine-Me-Malware
    data                  = /var/quarantine/malware/malware.$tod_logfile
    file_transport        = address_file

check_spam:
    driver                = redirect
    condition             = ${if def:h_X-Quarantine-Me-Spam: {1}{0}}
    headers_add           = X-Quarantined-Spam: $h_X-Quarantine-Me-Spam:
    headers_remove        = X-Quarantine-Me-Spam
    data                  = /var/quarantine/spam/spam.$tod_logfile
    file_transport        = address_file
    no_more

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more


system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  user = mailnull
  group = mail
  file_transport = address_file
  pipe_transport = address_pipe


userforward:
  driver = redirect
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  file = $home/.forward
# allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  condition = ${if exists{$home/.forward} {yes} {no} }


# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".

# If you want this router to treat local parts with suffixes introduced by "-"
# or "+" characters as if the suffixes did not exist, uncomment the two local_
# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
# in the same way as xxxx@your.domain by this router.

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user


######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp
  headers_remove = "X-SA-Do-Not-Run : X-SA-Do-Not-Rej"

local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  user = $local_part
  mode = 0660
  no_mode_fail_narrower


address_pipe:
  driver = pipe
  return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.

address_reply:
  driver = autoreply


######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

begin retry


# Address or Domain    Error       Retries
# -----------------    -----       -------

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite


######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


begin authenticators

plain:
driver = plaintext
public_name = PLAIN
#server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
#server_set_id = $auth2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
#server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
#server_set_id = $auth1


#PLAIN:
#  driver                     = plaintext
#  server_set_id              = $auth2
#  server_prompts             = :
#  server_condition           = Authentication is not yet configured
#  server_advertise_condition = ${if def:tls_cipher }

# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.

#LOGIN:
#  driver                     = plaintext
#  server_set_id              = $auth1
#  server_prompts             = <| Username: | Password:
#  server_condition           = Authentication is not yet configured
#  server_advertise_condition = ${if def:tls_cipher }


######################################################################
#                   CONFIGURATION FOR local_scan()                   #
######################################################################

# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.

# begin local_scan


# End of Exim configuration file