Untitled

primary_hostname = x0.hostname.com
hide mysql_servers = localhost/vexim/vexim/PASSWORD

auth_advertise_hosts = *

daemon_smtp_ports = 25 : 26

tls_advertise_hosts = *
tls_certificate = /etc/exim/ssl/exim.crt
tls_privatekey = /etc/exim/ssl/exim.key


domainlist local_domains = ${lookup mysql{SELECT `domain` \
                            FROM `domain` WHERE \
                            `domain`='${quote_mysql:$domain}' AND \
                            `active`='1'}} : lsearch;/etc/localdomains

domainlist relay_to_domains = ${lookup mysql{SELECT `domain` \
                            FROM `domain` WHERE \
                            `domain`='${quote_mysql:$domain}' AND \
                            `active`='1'}}

hostlist   relay_from_hosts = localhost:127.0.0.0/8:192.168.0.0/16  #add the hosts from which you allow relaying here

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

av_scanner = clamd:/var/run/clamav/clamd.sock

# spamd_address = 127.0.0.1 783


allow_domain_literals = false
exim_user = exim
exim_group = exim
never_users = root
rfc1413_query_timeout = 0s

sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts

ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d
helo_accept_junk_hosts = 192.168.0.0/16
auto_thaw = 1h
smtp_banner = "${primary_hostname} ESMTP Exim \
\#${compile_number} ${tod_full} \n\
  We do not authorize the use of this system to transport unsolicited, \n\
  and/or bulk e-mail."
smtp_accept_max = 50
smtp_accept_max_per_connection = 25
smtp_connect_backlog = 30
smtp_accept_max_per_host = 20
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 64M
helo_allow_chars = _
smtp_enforce_sync = true

log_selector = \
    +all_parents \
    +connection_reject \
    +incoming_interface \
    +lost_incoming_connection \
    +received_sender \
    +received_recipients \
    +smtp_confirmation \
    +smtp_syntax_error \
    +smtp_protocol_error \
    -queue_run

syslog_timestamp = no

begin acl

acl_check_rcpt:
  accept  hosts = :
  deny    message       = "incorrect symbol in address"
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = "incorrect symbol in address"
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains

  deny    message       = "HELO/EHLO required by SMTP RFC"
          condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

  accept  authenticated = *

  deny    message       = "Your IP in HELO - access denied!"
          hosts         =  * : !+relay_from_hosts : !81-196.lissyara.su
          condition     = ${if eq{$sender_helo_name}\
    {$sender_host_address}{true}{false}}

  deny    condition     = ${if eq{$sender_helo_name}\
    {$interface_address}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "My IP in your HELO! Access denied!"

  deny    condition     = ${if match{$sender_helo_name}\
    {\N^\d+$\N}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "Incorrect HELO string"

# filter spammers from dynamic ips
  deny    message       = "your hostname is bad (adsl, poll, ppp & etc)."
          condition     = ${if match{$sender_host_name} \
                               {adsl|dialup|pool|peer|dhcp} \
                               {yes}{no}}

  warn
        set acl_m0 = 30s
  warn
        hosts = +relay_from_hosts:4.3.2.1/32:192.168.0.0/16 #disable waits for 'friendly' hosts
        set acl_m0 = 0s
  warn
        logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
        delay = $acl_m0


  accept  domains       = +local_domains
          endpass
          message       = "No such user"
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          message       = "i don't know how to relay to this address"
          verify        = recipient

#  deny    message       = "you in blacklist - $dnslist_domain \n $dnslist_text"
#          dnslists      = opm.blitzed.org : \
#                          cbl.abuseat.org : \
#                          bl.csma.biz

  accept  hosts         = +relay_from_hosts

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.

acl_check_data:

  # check for viruses
  deny malware = *
  message = "Your message contains viruses: $malware_name"

  # if needed - add spam filtering here

  # permit everything else
  accept

begin routers

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

system_aliases:
    driver      = redirect
    allow_fail
    allow_defer
    data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
            `address`='${quote_mysql:$local_part@$domain}' OR \
                `address`='${quote_mysql:@$domain}'}}

dovecot_forward:
  driver = redirect
  condition = ${lookup mysql{SELECT `goto` FROM \
  `alias` WHERE \
  `address`='${quote_mysql:$local_part@$domain}' OR \
  `address`='${quote_mysql:@$domain}'}{yes}{no}}
  user = exim
  file = /home/vmail/${domain}/${local_part}/.forward
  router_home_directory = /home/vmail/${domain}/${local_part}
  pipe_transport = address_pipe

dovecot_user:
  driver = accept
  condition = ${lookup mysql{SELECT `goto` FROM \
  `alias` WHERE \
  `address`='${quote_mysql:$local_part@$domain}' OR \
  `address`='${quote_mysql:@$domain}'}{yes}{no}}
  transport = dovecot_delivery

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user

begin transports

#remote_smtp:
#  driver = smtp
#  interface = 64.120.134.136

remote_smtp:
  driver = smtp
  interface = 64.120.134.136
  dk_private_key = "/etc/exim/domain_keys/private/${dk_domain}"
  dk_canon = nofws
  dk_selector = default

dovecot_delivery:
  driver = pipe
  command = /usr/libexec/dovecot/deliver -d $local_part@$domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = exim

address_pipe:
  driver = pipe
  return_output

address_reply:
  driver = autoreply

local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0660

begin retry

*                    *       F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

auth_plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if and { \
		      {!eq{$auth2}{}} \
		      {!eq{$auth3}{}} \
		      { crypteq{$auth3}{\{crypt\}${lookup mysql{SELECT password FROM mailbox WHERE username='${quote_mysql:$auth2}' AND active=1;}{$value}fail}} } \
		      } {yes}{no}}

  server_prompts = :
  server_set_id = $auth2

auth_login:
  driver = plaintext
  public_name = LOGIN
  server_condition = ${if and { \
		      {!eq{$auth1}{}} \
		      {!eq{$auth2}{}} \
		      { crypteq{$auth2}{\{crypt\}${lookup mysql{SELECT password FROM mailbox WHERE username='${quote_mysql:$auth1}' AND active=1;}{$value}fail}} } \
		      } {yes}{no}}
  server_prompts = Username:: : Password::
  server_set_id = $auth1