Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- primary_hostname = x0.hostname.com
- hide mysql_servers = localhost/vexim/vexim/PASSWORD
- auth_advertise_hosts = *
- daemon_smtp_ports = 25 : 26
- tls_advertise_hosts = *
- tls_certificate = /etc/exim/ssl/exim.crt
- tls_privatekey = /etc/exim/ssl/exim.key
- domainlist local_domains = ${lookup mysql{SELECT `domain` \
- FROM `domain` WHERE \
- `domain`='${quote_mysql:$domain}' AND \
- `active`='1'}} : lsearch;/etc/localdomains
- domainlist relay_to_domains = ${lookup mysql{SELECT `domain` \
- FROM `domain` WHERE \
- `domain`='${quote_mysql:$domain}' AND \
- `active`='1'}}
- hostlist relay_from_hosts = localhost:127.0.0.0/8:192.168.0.0/16 #add the hosts from which you allow relaying here
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
- av_scanner = clamd:/var/run/clamav/clamd.sock
- # spamd_address = 127.0.0.1 783
- allow_domain_literals = false
- exim_user = exim
- exim_group = exim
- never_users = root
- rfc1413_query_timeout = 0s
- sender_unqualified_hosts = +relay_from_hosts
- recipient_unqualified_hosts = +relay_from_hosts
- ignore_bounce_errors_after = 45m
- timeout_frozen_after = 15d
- helo_accept_junk_hosts = 192.168.0.0/16
- auto_thaw = 1h
- smtp_banner = "${primary_hostname} ESMTP Exim \
- \#${compile_number} ${tod_full} \n\
- We do not authorize the use of this system to transport unsolicited, \n\
- and/or bulk e-mail."
- smtp_accept_max = 50
- smtp_accept_max_per_connection = 25
- smtp_connect_backlog = 30
- smtp_accept_max_per_host = 20
- split_spool_directory = true
- remote_max_parallel = 15
- return_size_limit = 70k
- message_size_limit = 64M
- helo_allow_chars = _
- smtp_enforce_sync = true
- log_selector = \
- +all_parents \
- +connection_reject \
- +incoming_interface \
- +lost_incoming_connection \
- +received_sender \
- +received_recipients \
- +smtp_confirmation \
- +smtp_syntax_error \
- +smtp_protocol_error \
- -queue_run
- syslog_timestamp = no
- begin acl
- acl_check_rcpt:
- accept hosts = :
- deny message = "incorrect symbol in address"
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- deny message = "incorrect symbol in address"
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- accept local_parts = postmaster
- domains = +local_domains
- deny message = "HELO/EHLO required by SMTP RFC"
- condition = ${if eq{$sender_helo_name}{}{yes}{no}}
- accept authenticated = *
- deny message = "Your IP in HELO - access denied!"
- hosts = * : !+relay_from_hosts : !81-196.lissyara.su
- condition = ${if eq{$sender_helo_name}\
- {$sender_host_address}{true}{false}}
- deny condition = ${if eq{$sender_helo_name}\
- {$interface_address}{yes}{no}}
- hosts = !127.0.0.1 : !localhost : *
- message = "My IP in your HELO! Access denied!"
- deny condition = ${if match{$sender_helo_name}\
- {\N^\d+$\N}{yes}{no}}
- hosts = !127.0.0.1 : !localhost : *
- message = "Incorrect HELO string"
- # filter spammers from dynamic ips
- deny message = "your hostname is bad (adsl, poll, ppp & etc)."
- condition = ${if match{$sender_host_name} \
- {adsl|dialup|pool|peer|dhcp} \
- {yes}{no}}
- warn
- set acl_m0 = 30s
- warn
- hosts = +relay_from_hosts:4.3.2.1/32:192.168.0.0/16 #disable waits for 'friendly' hosts
- set acl_m0 = 0s
- warn
- logwrite = Delay $acl_m0 for $sender_host_name \
- [$sender_host_address] with HELO=$sender_helo_name. Mail \
- from $sender_address to $local_part@$domain.
- delay = $acl_m0
- accept domains = +local_domains
- endpass
- message = "No such user"
- verify = recipient
- accept domains = +relay_to_domains
- endpass
- message = "i don't know how to relay to this address"
- verify = recipient
- # deny message = "you in blacklist - $dnslist_domain \n $dnslist_text"
- # dnslists = opm.blitzed.org : \
- # cbl.abuseat.org : \
- # bl.csma.biz
- accept hosts = +relay_from_hosts
- deny message = $sender_fullhost is currently not permitted to \
- relay through this server. Perhaps you \
- have not logged into the pop/imap server in the \
- last 30 minutes or do not have SMTP Authentication turned on in your email client.
- acl_check_data:
- # check for viruses
- deny malware = *
- message = "Your message contains viruses: $malware_name"
- # if needed - add spam filtering here
- # permit everything else
- accept
- begin routers
- dnslookup:
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
- no_more
- system_aliases:
- driver = redirect
- allow_fail
- allow_defer
- data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
- `address`='${quote_mysql:$local_part@$domain}' OR \
- `address`='${quote_mysql:@$domain}'}}
- dovecot_forward:
- driver = redirect
- condition = ${lookup mysql{SELECT `goto` FROM \
- `alias` WHERE \
- `address`='${quote_mysql:$local_part@$domain}' OR \
- `address`='${quote_mysql:@$domain}'}{yes}{no}}
- user = exim
- file = /home/vmail/${domain}/${local_part}/.forward
- router_home_directory = /home/vmail/${domain}/${local_part}
- pipe_transport = address_pipe
- dovecot_user:
- driver = accept
- condition = ${lookup mysql{SELECT `goto` FROM \
- `alias` WHERE \
- `address`='${quote_mysql:$local_part@$domain}' OR \
- `address`='${quote_mysql:@$domain}'}{yes}{no}}
- transport = dovecot_delivery
- localuser:
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = local_delivery
- cannot_route_message = Unknown user
- begin transports
- #remote_smtp:
- # driver = smtp
- # interface = 64.120.134.136
- remote_smtp:
- driver = smtp
- interface = 64.120.134.136
- dk_private_key = "/etc/exim/domain_keys/private/${dk_domain}"
- dk_canon = nofws
- dk_selector = default
- dovecot_delivery:
- driver = pipe
- command = /usr/libexec/dovecot/deliver -d $local_part@$domain
- message_prefix =
- message_suffix =
- delivery_date_add
- envelope_to_add
- return_path_add
- log_output
- user = exim
- address_pipe:
- driver = pipe
- return_output
- address_reply:
- driver = autoreply
- local_delivery:
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- begin retry
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
- begin rewrite
- begin authenticators
- auth_plain:
- driver = plaintext
- public_name = PLAIN
- server_condition = ${if and { \
- {!eq{$auth2}{}} \
- {!eq{$auth3}{}} \
- { crypteq{$auth3}{\{crypt\}${lookup mysql{SELECT password FROM mailbox WHERE username='${quote_mysql:$auth2}' AND active=1;}{$value}fail}} } \
- } {yes}{no}}
- server_prompts = :
- server_set_id = $auth2
- auth_login:
- driver = plaintext
- public_name = LOGIN
- server_condition = ${if and { \
- {!eq{$auth1}{}} \
- {!eq{$auth2}{}} \
- { crypteq{$auth2}{\{crypt\}${lookup mysql{SELECT password FROM mailbox WHERE username='${quote_mysql:$auth1}' AND active=1;}{$value}fail}} } \
- } {yes}{no}}
- server_prompts = Username:: : Password::
- server_set_id = $auth1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement