API tools faq
paste
Guest User

Untitled

a guest
Dec 21st, 2017
403
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.66 KB | None | 0 0
raw download clone embed print report
  1. SPAMASSASSIN = yes
  2. SPAM_SCORE = 50
  3. CLAMD = yes
  4. add_environment = <; PATH=/bin:/usr/bin
  5. keep_environment =
  6. disable_ipv6=true
  7. domainlist local_domains = dsearch;/etc/exim/domains/
  8. domainlist relay_to_domains = dsearch;/etc/exim/domains/
  9. hostlist relay_from_hosts = 127.0.0.1
  10. hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
  11. hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
  12. no_local_from_check
  13. untrusted_set_sender = *
  14. acl_smtp_connect = acl_check_spammers
  15. acl_smtp_mail = acl_check_mail
  16. acl_smtp_rcpt = acl_check_rcpt
  17. acl_smtp_data = acl_check_data
  18. acl_smtp_mime = acl_check_mime
  19. .ifdef SPAMASSASSIN
  20. spamd_address = 127.0.0.1 783
  21. .endif
  22. .ifdef CLAMD
  23. av_scanner = clamd: /var/run/clamav/clamd.sock
  24. .endif
  25. tls_advertise_hosts = *
  26. tls_certificate = /usr/local/vesta/ssl/certificate.crt
  27. tls_privatekey = /usr/local/vesta/ssl/certificate.key
  28. daemon_smtp_ports = 25 : 465 : 587 : 2525
  29. tls_on_connect_ports = 465
  30. never_users = root
  31. host_lookup = *
  32. rfc1413_hosts = *
  33. rfc1413_query_timeout = 5s
  34. ignore_bounce_errors_after = 2d
  35. timeout_frozen_after = 7d
  36. DKIM_DOMAIN = ${lc:${domain:$h_from:}}
  37. DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
  38. DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
  39. begin acl
  40. acl_check_spammers:
  41. accept hosts = +whitelist
  42. drop message = Your host in blacklist on this server.
  43. log_message = Host in blacklist
  44. hosts = +spammers
  45. accept
  46. acl_check_mail:
  47. deny condition = ${if eq{$sender_helo_name}{}}
  48. message = HELO required before MAIL
  49. drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
  50. condition = ${if match{$sender_helo_name}{N((d{1,3}[.-]d{1,3}[.-]d{1,3}[.-]d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))N}{yes}{no}}
  51. condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{$sender_helo_name}{no}{yes}}
  52. delay = 45s
  53. drop condition = ${if isip{$sender_helo_name}}
  54. message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
  55. drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
  56. message = $interface_address is _my_ address
  57. accept
  58. acl_check_rcpt:
  59. accept hosts = :
  60. deny message = Restricted characters in address
  61. domains = +local_domains
  62. local_parts = ^[.] : ^.*[@%!/|]
  63. deny message = Restricted characters in address
  64. domains = !+local_domains
  65. local_parts = ^[./|] : ^.*[@%!] : ^.*/\.\./
  66. require verify = sender
  67. accept hosts = +relay_from_hosts
  68. control = submission
  69. accept authenticated = *
  70. control = submission/domain=
  71. deny message = Rejected because $sender_host_address is in a black list at $dnslist_domainn$dnslist_text
  72. hosts = !+whitelist
  73. dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}}
  74. require message = relay not permitted
  75. domains = +local_domains : +relay_to_domains
  76. deny message = smtp auth requried
  77. sender_domains = +local_domains
  78. !authenticated = *
  79. require verify = recipient
  80. .ifdef CLAMD
  81. warn set acl_m0 = no
  82. warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
  83. set acl_m0 = yes
  84. .endif
  85. .ifdef SPAMASSASSIN
  86. warn set acl_m1 = no
  87. warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
  88. set acl_m1 = yes
  89. .endif
  90. accept
  91. acl_check_data:
  92. .ifdef CLAMD
  93. deny message = Message contains a virus ($malware_name) and has been rejected
  94. malware = *
  95. condition = ${if eq{$acl_m0}{yes}{yes}{no}}
  96. .endif
  97. .ifdef SPAMASSASSIN
  98. warn !authenticated = *
  99. hosts = !+relay_from_hosts
  100. condition = ${if < {$message_size}{100K}}
  101. condition = ${if eq{$acl_m1}{yes}{yes}{no}}
  102. spam = spamd:true/defer_ok
  103. add_header = X-Spam-Score: $spam_score_int
  104. add_header = X-Spam-Bar: $spam_bar
  105. add_header = X-Spam-Report: $spam_report
  106. set acl_m2 = $spam_score_int
  107. warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
  108. condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
  109. add_header = X-Spam-Status: Yes
  110. message = SpamAssassin detected spam (from $sender_address to $recipients).
  111. .endif
  112. accept
  113. acl_check_mime:
  114. deny message = Blacklisted file extension detected
  115. condition = ${if match {${lc:$mime_filename}}{N(.ade|.adp|.bat|.chm|.cmd|.com|.cpl|.exe|.hta|.ins|.isp|.jse|.lib|.lnk|.mde|.msc|.msp|.mst|.pif|.scr|.sct|.shb|.sys|.vb|.vbe|.vbs|.vxd|.wsc|.wsf|.wsh)$N}{1}{0}}
  116. accept
  117. begin authenticators
  118. dovecot_plain:
  119. driver = dovecot
  120. public_name = PLAIN
  121. server_socket = /var/run/dovecot/auth-client
  122. server_set_id = $auth1
  123. dovecot_login:
  124. driver = dovecot
  125. public_name = LOGIN
  126. server_socket = /var/run/dovecot/auth-client
  127. server_set_id = $auth1
  128. begin routers
  129. dnslookup:
  130. driver = dnslookup
  131. domains = *
  132. transport = remote_smtp
  133. no_more
  134. userforward:
  135. driver = redirect
  136. check_local_user
  137. file = $home/.forward
  138. allow_filter
  139. no_verify
  140. no_expn
  141. check_ancestor
  142. file_transport = address_file
  143. pipe_transport = address_pipe
  144. reply_transport = address_reply
  145. procmail:
  146. driver = accept
  147. check_local_user
  148. require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
  149. transport = procmail
  150. no_verify
  151. autoreplay:
  152. driver = accept
  153. require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg
  154. condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}{yes}{no}}
  155. retry_use_local_part
  156. transport = userautoreply
  157. unseen
  158. aliases:
  159. driver = redirect
  160. headers_add = X-redirected: yes
  161. data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
  162. require_files = /etc/exim/domains/$domain/aliases
  163. redirect_router = dnslookup
  164. pipe_transport = address_pipe
  165. unseen
  166. localuser_fwd_only:
  167. driver = accept
  168. transport = devnull
  169. condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}}
  170. localuser_spam:
  171. driver = accept
  172. transport = local_spam_delivery
  173. condition = ${if eq {${if match{$h_X-Spam-Status:}{N^YesN}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
  174. localuser:
  175. driver = accept
  176. transport = local_delivery
  177. condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
  178. catchall:
  179. driver = redirect
  180. headers_add = X-redirected: yes
  181. require_files = /etc/exim/domains/$domain/aliases
  182. data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
  183. file_transport = local_delivery
  184. redirect_router = dnslookup
  185. terminate_alias:
  186. driver = accept
  187. transport = devnull
  188. condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
  189. begin transports
  190. remote_smtp:
  191. driver = smtp
  192. #helo_data = $sender_address_domain
  193. dkim_domain = DKIM_DOMAIN
  194. dkim_selector = mail
  195. dkim_private_key = DKIM_PRIVATE_KEY
  196. dkim_canon = relaxed
  197. dkim_strict = 0
  198. procmail:
  199. driver = pipe
  200. command = "/usr/bin/procmail -d $local_part"
  201. return_path_add
  202. delivery_date_add
  203. envelope_to_add
  204. user = $local_part
  205. initgroups
  206. return_output
  207. local_delivery:
  208. driver = appendfile
  209. maildir_format
  210. maildir_use_size_file
  211. user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
  212. group = mail
  213. create_directory
  214. directory_mode = 770
  215. mode = 660
  216. use_lockfile = no
  217. delivery_date_add
  218. envelope_to_add
  219. return_path_add
  220. directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
  221. quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
  222. quota_warn_threshold = 75%
  223. local_spam_delivery:
  224. driver = appendfile
  225. maildir_format
  226. maildir_use_size_file
  227. user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
  228. group = mail
  229. create_directory
  230. directory_mode = 770
  231. mode = 660
  232. use_lockfile = no
  233. delivery_date_add
  234. envelope_to_add
  235. return_path_add
  236. directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
  237. quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
  238. quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
  239. quota_warn_threshold = 75%
  240. address_pipe:
  241. driver = pipe
  242. return_output
  243. address_file:
  244. driver = appendfile
  245. delivery_date_add
  246. envelope_to_add
  247. return_path_add
  248. address_reply:
  249. driver = autoreply
  250. userautoreply:
  251. driver = autoreply
  252. file = /etc/exim/domains/$domain/autoreply.${local_part}.msg
  253. from = "${local_part}@${domain}"
  254. headers = Content-Type: text/plain; charset=utf-8;nContent-Transfer-Encoding: 8bit
  255. subject = "${if def:h_Subject: {Autoreply: "${rfc2047:$h_Subject:}"} {Autoreply Message}}"
  256. to = "${sender_address}"
  257. devnull:
  258. driver = appendfile
  259. file = /dev/null
  260. begin retry
  261. * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
  262. begin rewrite
  263.  
  264. begin routers
  265.  
  266. check_outgoing_from_header:
  267. driver = redirect
  268. domains = ! +local_domains
  269. condition = ${if !match {$header_from:}{$sender_address}}
  270. allow_fail
  271. data = :fail: You can not send mail from here with From: $header_from as sender: $sender_address
  272.  
  273. check_outgoing:
  274. driver = redirect
  275. domains = ! +local_domains
  276. senders = ! : ! *@lsearch;/etc/exim/allowed_domains : ! lsearch;/etc/exim/allowed_mails
  277. allow_fail
  278. data = :fail: You can not send mail from this mailbox from this server.
  279.  
  280. exim -d+all -bt test@test.com
  281. 11:58:30 30782 Exim version 4.89 uid=0 gid=0 pid=30782 D=fffdffff
  282. Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
  283. Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open
  284. Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sq
  285. lite
  286. Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
  287. Routers: accept dnslookup ipliteral manualroute queryprogram redirect
  288. Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
  289. Fixed never_users: 0
  290. Configure owner: 0:0
  291. Size of off_t: 8
  292. Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-16)]
  293. Library version: Glibc: Compile: 2.17
  294. Runtime: 2.17
  295. Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
  296. Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
  297. : built on: reproducible build, date unspecified
  298. Library version: Cyrus SASL: Compile: 2.1.26
  299. Runtime: 2.1.26 [Cyrus SASL]
  300. Library version: GNU SASL: Compile: 1.8.0
  301. Runtime: 1.8.0
  302. Library version: PCRE: Compile: 8.32
  303. Runtime: 8.32 2012-11-30
  304. 11:58:30 30782 Loading lookup modules from /usr/lib64/exim/4.89-2.el7/lookups
  305. 11:58:30 30782 Loaded 0 lookup modules
  306. 11:58:30 30782 Total 18 lookups
  307. Library version: SQLite: Compile: 3.7.17
  308. Runtime: 3.7.17
  309. WHITELIST_D_MACROS unset
  310. TRUSTED_CONFIG_LIST: "/etc/exim/trusted-configs"
  311. 11:58:30 30782 changed uid/gid: forcing real = effective
  312. 11:58:30 30782 uid=0 gid=0 pid=30782
  313. 11:58:30 30782 auxiliary group list: <none>
  314. 11:58:30 30782 seeking password data for user "root": cache not available
  315. 11:58:30 30782 getpwnam() succeeded uid=0 gid=0
  316. 11:58:30 30783 changed uid/gid: calling tls_validate_require_cipher
  317. 11:58:30 30783 uid=93 gid=93 pid=30783
  318. 11:58:30 30783 auxiliary group list: <none>
  319. 11:58:30 30782 tls_validate_require_cipher child 30783 ended: status=0x0
  320. 11:58:30 30782 configuration file is /etc/exim/exim.conf
  321. 11:58:30 30782 log selectors = 00000ffc 06320202
  322. 11:58:30 30782 trusted user
  323. 11:58:30 30782 admin user
  324. 11:58:30 30782 DSN: check_outgoing_from_header propagating DSN
  325. 11:58:30 30782 DSN: check_outgoing propagating DSN
  326. 11:58:30 30782 DSN: dnslookup propagating DSN
  327. 11:58:30 30782 DSN: userforward propagating DSN
  328. 11:58:30 30782 DSN: procmail propagating DSN
  329. 11:58:30 30782 DSN: autoreplay propagating DSN
  330. 11:58:30 30782 DSN: aliases propagating DSN
  331. 11:58:30 30782 DSN: localuser_fwd_only propagating DSN
  332. 11:58:30 30782 DSN: localuser_spam propagating DSN
  333. 11:58:30 30782 DSN: localuser propagating DSN
  334. 11:58:30 30782 DSN: catchall propagating DSN
  335. 11:58:30 30782 DSN: terminate_alias propagating DSN
  336. 11:58:30 30782 originator: uid=0 gid=0 login=root name=root
  337. 11:58:30 30782 sender address = root@dev.test.com
  338. 11:58:30 30782 Address testing: uid=0 gid=93 euid=0 egid=93
  339. 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  340. 11:58:30 30782 Testing test@test.com
  341. 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  342. 11:58:30 30782 Considering test@test.com
  343. 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  344. 11:58:30 30782 routing test@test.com
  345. 11:58:30 30782 --------> check_outgoing_from_header router <--------
  346. 11:58:30 30782 local_part=dg domain=test.com
  347. 11:58:30 30782 checking domains
  348. 11:58:30 30782 search_open: dsearch "/etc/exim/domains/"
  349. 11:58:30 30782 search_find: file="/etc/exim/domains/"
  350. 11:58:30 30782 key="test.com" partial=-1 affix=NULL starflags=0
  351. 11:58:30 30782 LRU list:
  352. 11:58:30 30782 5/etc/exim/domains/
  353. 11:58:30 30782 End
  354. 11:58:30 30782 internal_search_find: file="/etc/exim/domains/"
  355. 11:58:30 30782 type=dsearch key="test.com"
  356. 11:58:30 30782 file lookup required for test.com
  357. 11:58:30 30782 in /etc/exim/domains/
  358. 11:58:30 30782 lookup failed
  359. 11:58:30 30782 test.com in "dsearch;/etc/exim/domains/"? no (end of list)
  360. 11:58:30 30782 test.com in "! +local_domains"? yes (end of list)
  361. 11:58:30 30782 checking "condition" "${if !match {$header_from:}{$sender_address}}"...
  362. 11:58:30 30782 /considering: ${if !match {$header_from:}{$sender_address}}
  363. 11:58:30 30782 /considering: $header_from:}{$sender_address}}
  364. 11:58:30 30782 |__expanding: $header_from:
  365. 11:58:30 30782 _____result:
  366. 11:58:30 30782 /considering: $sender_address}}
  367. 11:58:30 30782 |__expanding: $sender_address
  368. 11:58:30 30782 _____result: root@dev.test.com
  369. 11:58:30 30782 |__condition: !match {$header_from:}{$sender_address}
  370. 11:58:30 30782 |_____result: true
  371. 11:58:30 30782 |__expanding: ${if !match {$header_from:}{$sender_address}}
  372. 11:58:30 30782 _____result: true
  373. 11:58:30 30782 calling check_outgoing_from_header router
  374. 11:58:30 30782 rda_interpret (string): :fail: You can not send mail from here with From: $header_from as sender: $sender_address
  375. 11:58:30 30782 /considering: :fail: You can not send mail from here with From: $header_from as sender: $sender_address
  376. 11:58:30 30782 |__expanding: :fail: You can not send mail from here with From: $header_from as sender: $sender_address
  377. 11:58:30 30782 _____result: :fail: You can not send mail from here with From: as sender: root@dev.test.com
  378. 11:58:30 30782 expanded: :fail: You can not send mail from here with From: as sender: root@dev.test.com
  379. 11:58:30 30782 file is not a filter file
  380. 11:58:30 30782 parse_forward_list: :fail: You can not send mail from here with From: as sender: root@dev.test.com
  381. 11:58:30 30782 extract item: :fail: You can not send mail from here with From: as sender: root@dev.test.com
  382. 11:58:30 30782 check_outgoing_from_header router forced address failure
  383. test@test.com is undeliverable: You can not send mail from here with From: as sender: root@dev.test.com
  384. 11:58:30 30782 search_tidyup called
  385. 11:58:30 30782 >>>>>>>>>>>>>>>> Exim pid=30782 terminating with rc=2 >>>>>>>>>>>>>>>>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!