Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@gate /etc/mail]# cat /usr/local/etc/exim/configure
- ######################################################################
- # MAIN CONFIGURATION SETTINGS #
- ######################################################################
- primary_hostname = cei.com.ua
- domainlist local_domains = cei.com.ua
- domainlist relay_to_domains =
- #hostlist relay_from_hosts = @
- hostlist relay_from_hosts = localhost : 127.0.0.1 : 192.168.0.0/16 : 195.177.73.200
- addresslist whiteuser = lsearch*@;/usr/local/etc/exim/whitelist
- hostlist auth_relay_hosts = *
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
- av_scanner = clamd:/var/run/clamav/clamd.sock
- spamd_address = 127.0.0.1 783
- daemon_smtp_ports = 25:465:587
- exim_user = mailnull
- exim_group = mail
- never_users = root
- smtp_accept_max = 500
- smtp_accept_max_per_connection = 30
- smtp_accept_max_per_host = 40
- smtp_enforce_sync = true
- message_size_limit = 100M
- #acl_smtp_helo = acl_check_helo
- qualify_domain = cei.com.ua
- qualify_recipient = cei.com.ua
- sender_unqualified_hosts = +relay_from_hosts
- recipient_unqualified_hosts = +relay_from_hosts
- helo_accept_junk_hosts = 192.168.0.0/16
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
- ignore_bounce_errors_after = 10m
- timeout_frozen_after = 7d
- log_selector = \
- +all_parents \
- +connection_reject \
- +incoming_interface \
- +lost_incoming_connection \
- +received_sender \
- +received_recipients \
- +smtp_confirmation \
- +smtp_syntax_error \
- +smtp_protocol_error \
- -queue_run
- syslog_timestamp = no
- ######################################################################
- # ACL CONFIGURATION #
- # Specifies access control lists for incoming SMTP mail #
- ######################################################################
- begin acl
- acl_check_rcpt:
- accept hosts = : +relay_from_hosts
- control = dkim_disable_verify
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- #############################################################################
- # Accept mail to postmaster in any local domain, regardless of the source,
- # and without verifying the sender.
- accept local_parts = postmaster
- domains = +local_domains
- # Deny unless the sender address can be verified.
- require verify = sender
- # accept hosts = +relay_from_hosts
- #
- # control = submission
- # control = dkim_disable_verify
- # Accept if the message arrived over an authenticated connection, from
- # any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted, and submission mode is set. And again, we do this
- # check before any black list tests.
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
- deny message = "HELO/EHLO require by SMTP RFC"
- condition = ${if eq{$sender_helo_name}{}{yes}{no}}
- deny message = "Your IP in HELO - access denied!"
- hosts = * : !+relay_from_hosts : !81-196.lissyara.su
- condition = ${if eq{$sender_helo_name}\
- {$sender_host_address}{true}{false}}
- deny condition = ${if eq{$sender_helo_name}\
- {$interface_address}{yes}{no}}
- hosts = !127.0.0.1 : !localhost : *
- message = "main IP in your HELO! Access denied!"
- deny message = "your hostname is bad (adsl, poll, ppp & etc)."
- condition = ${if match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}
- deny message = "host in blacklist - $dnslist_text"
- hosts = !10.1.0.0/16 : !127.0.0.1 : !+relay_from_hosts : $sender_host_address
- domains = !+local_domains:!+relay_from_domains
- dnslists = bl.spamcop.net : dnsbl.sorbs.net : sbl.spamhaus.org : pbl.spamhaus.org : xbl.spamhaus.org : dnsbl.ahbl.org : db.wpbl.info : virbl.dnsbl.bit.nl : ix.dnsbl.manitu.net : dnsbl.njabl.org : cbl.abuseat.org
- warn message = X-SA-Do-Not-Rej: Yes
- domains = +local_domains
- local_parts = postmaster:abuse
- warn message = X-SA-Do-Not-Run: Yes
- domains = +local_domains
- senders = +whiteuser
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
- require verify = recipient
- accept
- acl_check_data:
- warn message = X-Quarantine-Me-Malware: $malware_name
- log_message = malware: $malware_name
- demime = *
- malware = */defer_ok
- warn message = X-Quarantine-Me-Spam: SA score $spam_score\n\
- X-SA-Report: $spam_report
- log_message = Spam score $spam_score > 5
- spam = spamd/defer_ok
- condition = ${if >{$spam_score_int}{50}{1}{0}}
- # Accept the message.
- accept
- ######################################################################
- # ROUTERS CONFIGURATION #
- # Specifies how addresses are handled #
- ######################################################################
- # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
- # An address is passed to each router in turn until it is accepted. #
- ######################################################################
- begin routers
- check_malware:
- driver = redirect
- condition = ${if def:h_X-Quarantine-Me-Malware: {1}{0}}
- headers_add = X-Quarantined-Malware: $h_X-Quarantine-Me-Malware:
- headers_remove = X-Quarantine-Me-Malware
- data = /var/quarantine/malware/malware.$tod_logfile
- file_transport = address_file
- check_spam:
- driver = redirect
- condition = ${if def:h_X-Quarantine-Me-Spam: {1}{0}}
- headers_add = X-Quarantined-Spam: $h_X-Quarantine-Me-Spam:
- headers_remove = X-Quarantine-Me-Spam
- data = /var/quarantine/spam/spam.$tod_logfile
- file_transport = address_file
- no_more
- dnslookup:
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
- no_more
- system_aliases:
- driver = redirect
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- user = mailnull
- group = mail
- file_transport = address_file
- pipe_transport = address_pipe
- userforward:
- driver = redirect
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- file = $home/.forward
- # allow_filter
- no_verify
- no_expn
- check_ancestor
- file_transport = address_file
- pipe_transport = address_pipe
- reply_transport = address_reply
- condition = ${if exists{$home/.forward} {yes} {no} }
- # This router matches local user mailboxes. If the router fails, the error
- # message is "Unknown user".
- # If you want this router to treat local parts with suffixes introduced by "-"
- # or "+" characters as if the suffixes did not exist, uncomment the two local_
- # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
- # in the same way as xxxx@your.domain by this router.
- localuser:
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = local_delivery
- cannot_route_message = Unknown user
- ######################################################################
- # TRANSPORTS CONFIGURATION #
- ######################################################################
- # ORDER DOES NOT MATTER #
- # Only one appropriate transport is called for each delivery. #
- ######################################################################
- # A transport is used only when referenced from a router that successfully
- # handles an address.
- begin transports
- # This transport is used for delivering messages over SMTP connections.
- remote_smtp:
- driver = smtp
- headers_remove = "X-SA-Do-Not-Run : X-SA-Do-Not-Rej"
- local_delivery:
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- user = $local_part
- mode = 0660
- no_mode_fail_narrower
- address_pipe:
- driver = pipe
- return_output
- # This transport is used for handling deliveries directly to files that are
- # generated by aliasing or forwarding.
- address_file:
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
- # This transport is used for handling autoreplies generated by the filtering
- # option of the userforward router.
- address_reply:
- driver = autoreply
- ######################################################################
- # RETRY CONFIGURATION #
- ######################################################################
- begin retry
- # Address or Domain Error Retries
- # ----------------- ----- -------
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
- ######################################################################
- # REWRITE CONFIGURATION #
- ######################################################################
- # There are no rewriting specifications in this default configuration file.
- begin rewrite
- ######################################################################
- # AUTHENTICATION CONFIGURATION #
- ######################################################################
- begin authenticators
- plain:
- driver = plaintext
- public_name = PLAIN
- #server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
- server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
- #server_set_id = $auth2
- login:
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- #server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
- server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
- #server_set_id = $auth1
- #PLAIN:
- # driver = plaintext
- # server_set_id = $auth2
- # server_prompts = :
- # server_condition = Authentication is not yet configured
- # server_advertise_condition = ${if def:tls_cipher }
- # LOGIN authentication has traditional prompts and responses. There is no
- # authorization ID in this mechanism, so unlike PLAIN the username and
- # password are $auth1 and $auth2. Apart from that you can use the same
- # server_condition setting for both authenticators.
- #LOGIN:
- # driver = plaintext
- # server_set_id = $auth1
- # server_prompts = <| Username: | Password:
- # server_condition = Authentication is not yet configured
- # server_advertise_condition = ${if def:tls_cipher }
- ######################################################################
- # CONFIGURATION FOR local_scan() #
- ######################################################################
- # If you have built Exim to include a local_scan() function that contains
- # tables for private options, you can define those options here. Remember to
- # uncomment the "begin" line. It is commented by default because it provokes
- # an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
- # set in the Local/Makefile.
- # begin local_scan
- # End of Exim configuration file
Add Comment
Please, Sign In to add comment