Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SPAMASSASSIN = yes
- SPAM_SCORE = 50
- CLAMD = yes
- add_environment = <; PATH=/bin:/usr/bin
- keep_environment =
- disable_ipv6=true
- domainlist local_domains = dsearch;/etc/exim/domains/
- domainlist relay_to_domains = dsearch;/etc/exim/domains/
- hostlist relay_from_hosts = 127.0.0.1
- hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
- hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
- no_local_from_check
- untrusted_set_sender = *
- acl_smtp_connect = acl_check_spammers
- acl_smtp_mail = acl_check_mail
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
- acl_smtp_mime = acl_check_mime
- .ifdef SPAMASSASSIN
- spamd_address = 127.0.0.1 783
- .endif
- .ifdef CLAMD
- av_scanner = clamd: /var/run/clamav/clamd.sock
- .endif
- tls_advertise_hosts = *
- tls_certificate = /usr/local/vesta/ssl/certificate.crt
- tls_privatekey = /usr/local/vesta/ssl/certificate.key
- daemon_smtp_ports = 25 : 465 : 587 : 2525
- tls_on_connect_ports = 465
- never_users = root
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
- ignore_bounce_errors_after = 2d
- timeout_frozen_after = 7d
- DKIM_DOMAIN = ${lc:${domain:$h_from:}}
- DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
- DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
- begin acl
- acl_check_spammers:
- accept hosts = +whitelist
- drop message = Your host in blacklist on this server.
- log_message = Host in blacklist
- hosts = +spammers
- accept
- acl_check_mail:
- deny condition = ${if eq{$sender_helo_name}{}}
- message = HELO required before MAIL
- drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
- condition = ${if match{$sender_helo_name}{N((d{1,3}[.-]d{1,3}[.-]d{1,3}[.-]d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))N}{yes}{no}}
- condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{$sender_helo_name}{no}{yes}}
- delay = 45s
- drop condition = ${if isip{$sender_helo_name}}
- message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
- drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
- message = $interface_address is _my_ address
- accept
- acl_check_rcpt:
- accept hosts = :
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\.\./
- require verify = sender
- accept hosts = +relay_from_hosts
- control = submission
- accept authenticated = *
- control = submission/domain=
- deny message = Rejected because $sender_host_address is in a black list at $dnslist_domainn$dnslist_text
- hosts = !+whitelist
- dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}}
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
- deny message = smtp auth requried
- sender_domains = +local_domains
- !authenticated = *
- require verify = recipient
- .ifdef CLAMD
- warn set acl_m0 = no
- warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
- set acl_m0 = yes
- .endif
- .ifdef SPAMASSASSIN
- warn set acl_m1 = no
- warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
- set acl_m1 = yes
- .endif
- accept
- acl_check_data:
- .ifdef CLAMD
- deny message = Message contains a virus ($malware_name) and has been rejected
- malware = *
- condition = ${if eq{$acl_m0}{yes}{yes}{no}}
- .endif
- .ifdef SPAMASSASSIN
- warn !authenticated = *
- hosts = !+relay_from_hosts
- condition = ${if < {$message_size}{100K}}
- condition = ${if eq{$acl_m1}{yes}{yes}{no}}
- spam = spamd:true/defer_ok
- add_header = X-Spam-Score: $spam_score_int
- add_header = X-Spam-Bar: $spam_bar
- add_header = X-Spam-Report: $spam_report
- set acl_m2 = $spam_score_int
- warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
- condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
- add_header = X-Spam-Status: Yes
- message = SpamAssassin detected spam (from $sender_address to $recipients).
- .endif
- accept
- acl_check_mime:
- deny message = Blacklisted file extension detected
- condition = ${if match {${lc:$mime_filename}}{N(.ade|.adp|.bat|.chm|.cmd|.com|.cpl|.exe|.hta|.ins|.isp|.jse|.lib|.lnk|.mde|.msc|.msp|.mst|.pif|.scr|.sct|.shb|.sys|.vb|.vbe|.vbs|.vxd|.wsc|.wsf|.wsh)$N}{1}{0}}
- accept
- begin authenticators
- dovecot_plain:
- driver = dovecot
- public_name = PLAIN
- server_socket = /var/run/dovecot/auth-client
- server_set_id = $auth1
- dovecot_login:
- driver = dovecot
- public_name = LOGIN
- server_socket = /var/run/dovecot/auth-client
- server_set_id = $auth1
- begin routers
- dnslookup:
- driver = dnslookup
- domains = *
- transport = remote_smtp
- no_more
- userforward:
- driver = redirect
- check_local_user
- file = $home/.forward
- allow_filter
- no_verify
- no_expn
- check_ancestor
- file_transport = address_file
- pipe_transport = address_pipe
- reply_transport = address_reply
- procmail:
- driver = accept
- check_local_user
- require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
- transport = procmail
- no_verify
- autoreplay:
- driver = accept
- require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg
- condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}{yes}{no}}
- retry_use_local_part
- transport = userautoreply
- unseen
- aliases:
- driver = redirect
- headers_add = X-redirected: yes
- data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
- require_files = /etc/exim/domains/$domain/aliases
- redirect_router = dnslookup
- pipe_transport = address_pipe
- unseen
- localuser_fwd_only:
- driver = accept
- transport = devnull
- condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}}
- localuser_spam:
- driver = accept
- transport = local_spam_delivery
- condition = ${if eq {${if match{$h_X-Spam-Status:}{N^YesN}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
- localuser:
- driver = accept
- transport = local_delivery
- condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
- catchall:
- driver = redirect
- headers_add = X-redirected: yes
- require_files = /etc/exim/domains/$domain/aliases
- data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
- file_transport = local_delivery
- redirect_router = dnslookup
- terminate_alias:
- driver = accept
- transport = devnull
- condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
- begin transports
- remote_smtp:
- driver = smtp
- #helo_data = $sender_address_domain
- dkim_domain = DKIM_DOMAIN
- dkim_selector = mail
- dkim_private_key = DKIM_PRIVATE_KEY
- dkim_canon = relaxed
- dkim_strict = 0
- procmail:
- driver = pipe
- command = "/usr/bin/procmail -d $local_part"
- return_path_add
- delivery_date_add
- envelope_to_add
- user = $local_part
- initgroups
- return_output
- local_delivery:
- driver = appendfile
- maildir_format
- maildir_use_size_file
- user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
- group = mail
- create_directory
- directory_mode = 770
- mode = 660
- use_lockfile = no
- delivery_date_add
- envelope_to_add
- return_path_add
- directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
- quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
- quota_warn_threshold = 75%
- local_spam_delivery:
- driver = appendfile
- maildir_format
- maildir_use_size_file
- user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
- group = mail
- create_directory
- directory_mode = 770
- mode = 660
- use_lockfile = no
- delivery_date_add
- envelope_to_add
- return_path_add
- directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
- quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
- quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
- quota_warn_threshold = 75%
- address_pipe:
- driver = pipe
- return_output
- address_file:
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
- address_reply:
- driver = autoreply
- userautoreply:
- driver = autoreply
- file = /etc/exim/domains/$domain/autoreply.${local_part}.msg
- from = "${local_part}@${domain}"
- headers = Content-Type: text/plain; charset=utf-8;nContent-Transfer-Encoding: 8bit
- subject = "${if def:h_Subject: {Autoreply: "${rfc2047:$h_Subject:}"} {Autoreply Message}}"
- to = "${sender_address}"
- devnull:
- driver = appendfile
- file = /dev/null
- begin retry
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
- begin rewrite
- begin routers
- check_outgoing_from_header:
- driver = redirect
- domains = ! +local_domains
- condition = ${if !match {$header_from:}{$sender_address}}
- allow_fail
- data = :fail: You can not send mail from here with From: $header_from as sender: $sender_address
- check_outgoing:
- driver = redirect
- domains = ! +local_domains
- senders = ! : ! *@lsearch;/etc/exim/allowed_domains : ! lsearch;/etc/exim/allowed_mails
- allow_fail
- data = :fail: You can not send mail from this mailbox from this server.
- exim -d+all -bt test@test.com
- 11:58:30 30782 Exim version 4.89 uid=0 gid=0 pid=30782 D=fffdffff
- Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
- Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open
- Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sq
- lite
- Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
- Routers: accept dnslookup ipliteral manualroute queryprogram redirect
- Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
- Fixed never_users: 0
- Configure owner: 0:0
- Size of off_t: 8
- Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-16)]
- Library version: Glibc: Compile: 2.17
- Runtime: 2.17
- Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
- Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
- : built on: reproducible build, date unspecified
- Library version: Cyrus SASL: Compile: 2.1.26
- Runtime: 2.1.26 [Cyrus SASL]
- Library version: GNU SASL: Compile: 1.8.0
- Runtime: 1.8.0
- Library version: PCRE: Compile: 8.32
- Runtime: 8.32 2012-11-30
- 11:58:30 30782 Loading lookup modules from /usr/lib64/exim/4.89-2.el7/lookups
- 11:58:30 30782 Loaded 0 lookup modules
- 11:58:30 30782 Total 18 lookups
- Library version: SQLite: Compile: 3.7.17
- Runtime: 3.7.17
- WHITELIST_D_MACROS unset
- TRUSTED_CONFIG_LIST: "/etc/exim/trusted-configs"
- 11:58:30 30782 changed uid/gid: forcing real = effective
- 11:58:30 30782 uid=0 gid=0 pid=30782
- 11:58:30 30782 auxiliary group list: <none>
- 11:58:30 30782 seeking password data for user "root": cache not available
- 11:58:30 30782 getpwnam() succeeded uid=0 gid=0
- 11:58:30 30783 changed uid/gid: calling tls_validate_require_cipher
- 11:58:30 30783 uid=93 gid=93 pid=30783
- 11:58:30 30783 auxiliary group list: <none>
- 11:58:30 30782 tls_validate_require_cipher child 30783 ended: status=0x0
- 11:58:30 30782 configuration file is /etc/exim/exim.conf
- 11:58:30 30782 log selectors = 00000ffc 06320202
- 11:58:30 30782 trusted user
- 11:58:30 30782 admin user
- 11:58:30 30782 DSN: check_outgoing_from_header propagating DSN
- 11:58:30 30782 DSN: check_outgoing propagating DSN
- 11:58:30 30782 DSN: dnslookup propagating DSN
- 11:58:30 30782 DSN: userforward propagating DSN
- 11:58:30 30782 DSN: procmail propagating DSN
- 11:58:30 30782 DSN: autoreplay propagating DSN
- 11:58:30 30782 DSN: aliases propagating DSN
- 11:58:30 30782 DSN: localuser_fwd_only propagating DSN
- 11:58:30 30782 DSN: localuser_spam propagating DSN
- 11:58:30 30782 DSN: localuser propagating DSN
- 11:58:30 30782 DSN: catchall propagating DSN
- 11:58:30 30782 DSN: terminate_alias propagating DSN
- 11:58:30 30782 originator: uid=0 gid=0 login=root name=root
- 11:58:30 30782 sender address = root@dev.test.com
- 11:58:30 30782 Address testing: uid=0 gid=93 euid=0 egid=93
- 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- 11:58:30 30782 Testing test@test.com
- 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- 11:58:30 30782 Considering test@test.com
- 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- 11:58:30 30782 routing test@test.com
- 11:58:30 30782 --------> check_outgoing_from_header router <--------
- 11:58:30 30782 local_part=dg domain=test.com
- 11:58:30 30782 checking domains
- 11:58:30 30782 search_open: dsearch "/etc/exim/domains/"
- 11:58:30 30782 search_find: file="/etc/exim/domains/"
- 11:58:30 30782 key="test.com" partial=-1 affix=NULL starflags=0
- 11:58:30 30782 LRU list:
- 11:58:30 30782 5/etc/exim/domains/
- 11:58:30 30782 End
- 11:58:30 30782 internal_search_find: file="/etc/exim/domains/"
- 11:58:30 30782 type=dsearch key="test.com"
- 11:58:30 30782 file lookup required for test.com
- 11:58:30 30782 in /etc/exim/domains/
- 11:58:30 30782 lookup failed
- 11:58:30 30782 test.com in "dsearch;/etc/exim/domains/"? no (end of list)
- 11:58:30 30782 test.com in "! +local_domains"? yes (end of list)
- 11:58:30 30782 checking "condition" "${if !match {$header_from:}{$sender_address}}"...
- 11:58:30 30782 /considering: ${if !match {$header_from:}{$sender_address}}
- 11:58:30 30782 /considering: $header_from:}{$sender_address}}
- 11:58:30 30782 |__expanding: $header_from:
- 11:58:30 30782 _____result:
- 11:58:30 30782 /considering: $sender_address}}
- 11:58:30 30782 |__expanding: $sender_address
- 11:58:30 30782 _____result: root@dev.test.com
- 11:58:30 30782 |__condition: !match {$header_from:}{$sender_address}
- 11:58:30 30782 |_____result: true
- 11:58:30 30782 |__expanding: ${if !match {$header_from:}{$sender_address}}
- 11:58:30 30782 _____result: true
- 11:58:30 30782 calling check_outgoing_from_header router
- 11:58:30 30782 rda_interpret (string): :fail: You can not send mail from here with From: $header_from as sender: $sender_address
- 11:58:30 30782 /considering: :fail: You can not send mail from here with From: $header_from as sender: $sender_address
- 11:58:30 30782 |__expanding: :fail: You can not send mail from here with From: $header_from as sender: $sender_address
- 11:58:30 30782 _____result: :fail: You can not send mail from here with From: as sender: root@dev.test.com
- 11:58:30 30782 expanded: :fail: You can not send mail from here with From: as sender: root@dev.test.com
- 11:58:30 30782 file is not a filter file
- 11:58:30 30782 parse_forward_list: :fail: You can not send mail from here with From: as sender: root@dev.test.com
- 11:58:30 30782 extract item: :fail: You can not send mail from here with From: as sender: root@dev.test.com
- 11:58:30 30782 check_outgoing_from_header router forced address failure
- test@test.com is undeliverable: You can not send mail from here with From: as sender: root@dev.test.com
- 11:58:30 30782 search_tidyup called
- 11:58:30 30782 >>>>>>>>>>>>>>>> Exim pid=30782 terminating with rc=2 >>>>>>>>>>>>>>>>
Add Comment
Please, Sign In to add comment