Advertisement
Guest User

Untitled

a guest
Mar 25th, 2019
243
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.43 KB | None | 0 0
  1. # SpamBlockerTechnology* powered exim.conf, Version 4.4.6
  2. # Dec 5, 2015
  3. # Exim configuration file for DirectAdmin
  4. # Requires exim.pl as distributed by DirectAdmin here:
  5. # http://files.directadmin.com/services/exim.pl version 21 or higher
  6. # ClamAV optional
  7. # SpamAssassin optional
  8. # Dovecot/IMAP Mandatory
  9. # *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
  10. # http://www.nobaloney.net
  11. #
  12. # WARNING! Do NOT use this exim.conf Exim configuration file unless you
  13. # make the required modifications to your Exim configuration
  14. # following the instructions in the README file included in this
  15. # distribution:
  16. # README-SpamBlockerVersion4exim.conf.txt
  17. #
  18. # The original exim.conf file distributed with Exim 4, includes the
  19. # following copyright notice:
  20. #
  21. # Copyright (C) 2002 University of Cambridge, Cambridge, UK
  22. #
  23. # Portions of the file are taken from the exim.conf file as
  24. # distributed with DirectAdmin (http://www.directadmin.com/)
  25. #
  26. # Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
  27. #
  28. # Portions of this file are written by NoBaloney Internet Services
  29. # and are copyright as follows:
  30. #
  31. # Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
  32. #
  33. # The entire Exim 4 distribution, including the exim.conf file, is
  34. # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
  35. # June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
  36. # you may download it, in it's entirety, from the website at:
  37. #
  38. # http://www.nobaloney.net/exim/gnu-gpl-v2.txt
  39. #
  40. # Thanks to all the members of the DirectAdmin community and of the exim
  41. # community who have given their # much needed and appreciated help.
  42. #
  43. # The most recent version of this file may always downloaded from the website
  44. # at: http://www.nobaloney.net/downloads/spamblocker
  45. #
  46. # MODIFICATION INSTRUCTIONS
  47. #
  48. # YOU MUST MAKE THE CHANGES TO THIS
  49. # SpamBlockerTechnology* powered exim.conf, Version 4.0
  50. # file as documented in the README file.
  51. #
  52. # The README file for this version is named:
  53. # README-SpamBlockerVersion4exim.conf.txt
  54.  
  55. # CONFIGURATION STARTS HERE
  56.  
  57. #EDIT#1:
  58. # primary_hostname =
  59. smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  60.  
  61. #EDIT#2-CLAMAV:
  62. # av_scanner = clamd:/var/run/clamav/clamd
  63. #.include_if_exists /etc/exim.clamav.load.conf
  64.  
  65. #Block Cracking variables
  66. .include_if_exists /etc/exim.blockcracking/variables.conf
  67.  
  68. #Easy Spam Figher variables
  69. .include_if_exists /etc/exim.easy_spam_fighter/variables.conf
  70.  
  71. #SRS
  72. .include_if_exists /etc/exim.srs.conf
  73.  
  74. #EDIT#3:
  75. # qualify_domain =
  76.  
  77. #EDIT#4:
  78. perl_startup = do '/etc/exim.pl'
  79.  
  80. #EDIT#5:
  81. system_filter = /etc/system_filter.exim
  82.  
  83. #EDIT#6:
  84. untrusted_set_sender = *
  85.  
  86. #EDIT#7:
  87. daemon_smtp_ports = 25 : 587 : 465 : 10025
  88. tls_on_connect_ports = 465
  89.  
  90. #EDIT#8:
  91. local_from_check = false
  92.  
  93. RBL_DNS_LIST=\
  94. cbl.abuseat.org : \
  95. bl.spamcop.net : \
  96. b.barracudacentral.org : \
  97. zen.spamhaus.org : \
  98. hostkarma.junkemailfilter.com=127.0.0.2
  99.  
  100. .include /etc/exim.variables.conf
  101. .include /etc/exim.strings.conf
  102. .include_if_exists /etc/exim.strings.conf.custom
  103.  
  104. #EDIT#10:
  105. helo_allow_chars = _
  106.  
  107. #EDIT#11:
  108. log_selector = \
  109. +delivery_size \
  110. +sender_on_delivery \
  111. +received_recipients \
  112. +received_sender \
  113. +smtp_confirmation \
  114. +subject \
  115. +smtp_incomplete_transaction \
  116. -dnslist_defer \
  117. -host_lookup_failed \
  118. -queue_run \
  119. -rejected_header \
  120. -retry_defer \
  121. -skip_delivery \
  122. +arguments
  123.  
  124. #EDIT#12:
  125. syslog_duplication = false
  126.  
  127. #EDIT#13:
  128. acl_not_smtp = acl_script
  129. acl_smtp_auth = acl_check_auth
  130. acl_smtp_connect = acl_connect
  131. acl_smtp_helo = acl_check_helo
  132. #acl_smtp_mail = ${if ={$interface_port}{587} {accept}{acl_check_mail}}
  133. acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10025} {acl_smtp_mail_proxy}{acl_check_mail}}}}
  134. acl_smtp_rcpt = acl_check_recipient
  135. acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
  136. acl_smtp_data = acl_check_message
  137. acl_smtp_mime = acl_check_mime
  138.  
  139. #EDIT#14:
  140. addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
  141. addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
  142. domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
  143. domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
  144. domainlist local_domains = lsearch;/etc/virtual/domains
  145. domainlist relay_domains = lsearch;/etc/virtual/domains
  146. domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
  147. domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
  148. hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
  149. hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
  150. hostlist auth_relay_hosts = *
  151. hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
  152. hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
  153. hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
  154. hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
  155. BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
  156. BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames
  157. BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames
  158.  
  159. #EDIT#15:
  160. #domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains
  161.  
  162. #EDIT#16:
  163. hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts
  164.  
  165. #EDIT#17:
  166. never_users = root
  167.  
  168. #EDIT#18:
  169. host_lookup = *
  170.  
  171. #EDIT#19:
  172. rfc1413_hosts = *
  173. rfc1413_query_timeout = 0s
  174.  
  175. #EDIT#20:
  176. #exim.variables.conf
  177.  
  178. #EDIT#21:
  179. #exim.variables.conf
  180.  
  181. #EDIT#22:
  182. #exim.variables.conf
  183.  
  184. #EDIT#23:
  185. tls_certificate = /etc/exim.cert
  186. tls_privatekey = /etc/exim.key
  187. openssl_options = +no_sslv2 +no_sslv3
  188. tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  189. tls_advertise_hosts = *
  190. #auth_over_tls_hosts = *
  191.  
  192. .include_if_exists /etc/exim.variables.conf.post
  193.  
  194. ##################################################################################
  195. # Access Control Lists
  196. ##################################################################################
  197. begin acl
  198.  
  199.  
  200. ######################################
  201. # ACL CONNECT
  202. ######################################
  203. #EDIT#24:
  204. acl_connect:
  205. warn set acl_m_spam_assassin_has_run = 0
  206. warn set acl_m_is_whitelisted = 0
  207. .include_if_exists /etc/exim.easy_spam_fighter/connect.conf
  208. accept hosts = *
  209.  
  210.  
  211. ######################################
  212. # ACL CHECK MAIL
  213. ######################################
  214. acl_check_mail:
  215. accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  216.  
  217. #EDIT#31:
  218. accept sender_domains = +whitelist_domains
  219. logwrite = $sender_host_address whitelisted in local domains whitelist
  220. set acl_m_is_whitelisted = 1
  221. accept hosts = +whitelist_hosts
  222. logwrite = $sender_host_address whitelisted in local hosts whitelist
  223. set acl_m_is_whitelisted = 1
  224. accept hosts = +whitelist_hosts_ip
  225. logwrite = $sender_host_address whitelisted in local hosts IP whitelist
  226. set acl_m_is_whitelisted = 1
  227. # accept if envelope sender is in whitelist
  228. accept senders = +whitelist_senders
  229. logwrite = $sender_host_address whitelisted in local sender whitelist
  230. set acl_m_is_whitelisted = 1
  231.  
  232. .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
  233. accept
  234.  
  235.  
  236. ######################################
  237. # ACL CHECK AUTH
  238. ######################################
  239. #EDIT#24.5#
  240. acl_check_auth:
  241. drop set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
  242. condition = ${if >{$acl_m_authcount}{2}}
  243. delay = 10s
  244. message = ONLY_ONE_AUTH_PER_CONN
  245.  
  246. accept
  247.  
  248.  
  249. ######################################
  250. # ACL CHECK HELO
  251. ######################################
  252. #EDIT#25:
  253. acl_check_helo:
  254. # accept mail originating on this server unconditionally
  255. accept hosts = @[] : @
  256. # deny if the HELO pretends to be this host
  257. deny message = HELO_HOST_IMPERSANATION
  258. condition = ${if or { \
  259. {eq{$sender_helo_name}{$smtp_active_hostname}} \
  260. {eq{$sender_helo_name}{[$interface_address]}} \
  261. } {true}{false} }
  262. # deny if the HELO is an IP address
  263. deny message = HELO_IS_IP
  264. condition = ${if eq{$interface_port}{25}}
  265. condition = ${if isip{$sender_helo_name}}
  266. # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
  267. deny message = HELO_BLOCKED_FOR_ABUSE
  268. condition = ${if eq{$sender_helo_name}{ylmf-pc}}
  269. # deny if the HELO pretends to be one of the domains hosted on the server
  270. #deny message = HELO_IS_LOCAL_DOMAIN
  271. # condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
  272. # hosts = ! +relay_hosts
  273. accept
  274.  
  275.  
  276. ######################################
  277. # ACL SCRIPT
  278. ######################################
  279. acl_script:
  280. discard set acl_m_uid = ${perl{find_uid}}
  281. set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  282. condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  283. condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
  284. message = USER_TOO_MANY
  285.  
  286. discard condition = ${if !eq{$originator_uid}{$exim_uid}}
  287. condition = ${if exists{BLACKLIST_USERNAMES}}
  288. condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
  289. message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES
  290.  
  291. discard condition = ${if !eq{$originator_uid}{$exim_uid}}
  292. condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}}
  293. condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}}
  294. message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES
  295.  
  296. .include_if_exists /etc/exim.blockcracking/script.conf
  297.  
  298. accept
  299.  
  300. .include_if_exists /etc/exim.blockcracking/script.recipients.conf
  301.  
  302.  
  303. ######################################
  304. # ACL CHECK RECIPIENT
  305. ######################################
  306. #EDIT#26:
  307. acl_check_recipient:
  308. # block certain well-known exploits, Deny for local domains if
  309. # local parts begin with a dot or contain @ % ! / |
  310. deny domains = +local_domains
  311. local_parts = ^[.] : ^.*[@%!/|]
  312.  
  313. # If you've hit the limit, you can't send anymore. Requires exim.pl 17+
  314. drop message = AUTH_TOO_MANY
  315. condition = ${perl{auth_hit_limit_acl}}
  316. authenticated = *
  317.  
  318. drop message = MULTIPLE_BOUNCE_RECIPIENTS
  319. senders = : postmaster@*
  320. condition = ${if >{$recipients_count}{0}{true}{false}}
  321.  
  322. drop message = TOO_MANY_FAILED_RECIPIENTS
  323. log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
  324. condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
  325. !verify = recipient/callout=2m,defer_ok,use_sender
  326.  
  327. drop message = DOMAIN_SUSPENDED
  328. domains = +local_domains
  329. condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}
  330.  
  331. drop authenticated = *
  332. condition = ${if exists{BLACKLIST_USERNAMES}}
  333. set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
  334. set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  335. condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  336. condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
  337. message = USER_ON_BLACKLIST_SMTP
  338. logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES
  339.  
  340. drop authenticated = *
  341. condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
  342. set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
  343. set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  344. condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  345. condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
  346. message = USER_ON_BLACKLIST_SMTP
  347. logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES
  348.  
  349. accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  350.  
  351. #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking
  352. .include_if_exists /etc/exim.blockcracking/auth.conf
  353.  
  354. # restrict port 587 to authenticated users only
  355. # see also daemon_smtp_ports above
  356. accept hosts = +auth_relay_hosts
  357. condition = ${if eq {$interface_port}{587} {yes}{no}}
  358. endpass
  359. message = RELAY_NOT_PERMITTED_AUTH
  360. authenticated = *
  361. # Deny all Mailer-Daemon messages not for us:
  362. deny message = We didn't send the message
  363. senders = :
  364. domains = !+relay_domains
  365.  
  366. # Deny if the recipient doesn't exist:
  367. deny message = NO_SUCH_RECIPIENT
  368. domains = +local_domains
  369. !verify = recipient
  370. # Remaining Mailer-Daemon messages must be for us
  371. accept senders = :
  372. domains = +relay_domains
  373.  
  374. #EDIT#27:
  375. # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
  376. #deny message = R1: HELO_SHOULD_BE_FQDN
  377. # !authenticated = *
  378. # condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
  379. # condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  380. ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  381. # deny message = R2: HELO_SHOULD_BE_FQDN
  382. # !authenticated = *
  383. # condition = ${if match{$sender_helo_name}{\N\.$\N}}
  384. # 3rd deny makes sure the hostname has no double-dots (invalid)
  385. deny message = R3: HELO_SHOULD_BE_FQDN
  386. !authenticated = *
  387. condition = ${if match{$sender_helo_name}{\N\.\.\N}}
  388. ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  389. # deny message = R4: HELO_SHOULD_BE_FQDN
  390. # !authenticated = *
  391. # condition = ${if match{$sender_helo_name}{\N\.home$\N}}
  392.  
  393. #EDIT#28:
  394. # warn domains = +skip_av_domains
  395. # set acl_m0 = $tod_epoch
  396.  
  397. #EDIT#29:
  398. deny domains = !+local_domains
  399. local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  400.  
  401. #EDIT#30:
  402. accept hosts = :
  403. logwrite = Whitelisted as having local origination
  404.  
  405. #EDIT#32:
  406. deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
  407. domains = +use_rbl_domains
  408. domains = !+skip_rbl_domains
  409. hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  410. senders = +blacklist_senders
  411.  
  412. #EDIT#33:
  413. deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
  414. # only for domains that do want to be tested against RBLs
  415. domains = +use_rbl_domains
  416. domains = !+skip_rbl_domains
  417. hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  418. hosts = +bad_sender_hosts
  419.  
  420. #EDIT#34:
  421. deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
  422. hosts = +bad_sender_hosts_ip
  423.  
  424. #EDIT#35:
  425. accept domains = +local_domains
  426. sender_domains = !+blacklist_domains
  427. hosts = !+bad_sender_hosts
  428. hosts = !+bad_sender_hosts_ip
  429. dnslists = list.dnswl.org&0.0.0.2
  430. dnslists = list.dnswl.org!=127.0.0.255
  431. logwrite = $sender_host_address whitelisted in list.dnswl.org
  432.  
  433. #EDIT#36:
  434. # accept domains = +local_domains
  435. # dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  436. # logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com
  437.  
  438. #EDIT#37:
  439. # accept local_parts = whitelist
  440. # domains = example.com
  441.  
  442. #EDIT#38:
  443. require verify = sender
  444.  
  445. #EDIT#39:
  446. deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
  447. domains = +use_rbl_domains
  448. domains = !+skip_rbl_domains
  449. hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  450. sender_domains = +blacklist_domains
  451.  
  452. #EDIT#40:
  453. # deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
  454. # senders = *@paypal.com
  455. # condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}
  456.  
  457. #EDIT#41:
  458. warn hosts = +skip_rbl_hosts
  459. logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
  460. warn hosts = +skip_rbl_hosts_ip
  461. logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
  462. warn domains = +skip_rbl_domains
  463. logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
  464.  
  465. deny message = RBL_BLOCKED_BY_LIST
  466. hosts = !+relay_hosts
  467. domains = +use_rbl_domains
  468. domains = !+skip_rbl_domains
  469. hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  470. !authenticated = *
  471. dnslists = RBL_DNS_LIST
  472.  
  473. .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf
  474.  
  475. #COMMENT#43:
  476. # ACCEPT EMAIL BEGINNING HERE
  477. # accept if address is in a local domain as long as recipient can be verified
  478. accept domains = +local_domains
  479. endpass
  480. message = UNKNOWN_USER
  481. verify = recipient
  482. #COMMENT#44
  483. # accept if address is in a domain for which we relay as long as recipient
  484. # can be verified
  485. accept domains = +relay_domains
  486. endpass
  487. verify = recipient
  488. #EDIT#45:
  489. accept hosts = +relay_hosts
  490. add_header = X-Relay-Host: $sender_host_address
  491.  
  492. accept hosts = +auth_relay_hosts
  493. endpass
  494. message = AUTH_REQUIRED
  495. authenticated = *
  496.  
  497. # FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  498. # default at end of acl causes a "deny", but line below will give
  499. # an explicit error message:
  500. deny message = RELAY_NOT_PERMITTED
  501.  
  502.  
  503. ######################################
  504. # ACL CHECK DKIM
  505. ######################################
  506. acl_check_dkim:
  507. accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  508.  
  509. .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
  510. accept
  511.  
  512.  
  513. ######################################
  514. # ACL CHECK MESSAGE
  515. ######################################
  516. # ACL that is used after the DATA command (ClamAV)
  517. acl_check_message:
  518. accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  519.  
  520. .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf
  521.  
  522. #EDIT#46:
  523. #.include_if_exists /etc/exim.clamav.conf
  524.  
  525. ## accept without checking if in skip_av_domains
  526. # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}
  527.  
  528. ## deny if email contains malformed MIME header
  529. # deny message = CLAM_MALFORMED_MIME
  530. # demime = *
  531. # condition = ${if >{$demime_errorlevel}{2}{1}{0}}
  532.  
  533. ## deny if email containing virus or other harmful content
  534. # deny message = CLAM_HAS_VIRUS
  535. # demime = *
  536. # malware = *
  537.  
  538. ## deny if email contains an attachment of type we don't accept.
  539. # deny message = CLAM_BAD_ATTACHMENT
  540. # demime = bat:com:pif:prf:scr:vbs:html
  541.  
  542. ## Accept but put warning into headers if message over 1000k
  543. # warn message = CLAM_SKIPPED
  544. # condition = ${if >={$message_size}{1000k} {1}{0}}
  545.  
  546. # warn message = CLAM_CLEAN
  547.  
  548. ## The end of the acl_check_message acl (ClamAV)
  549. ## Do NOT comment out the line below or all messages will be denied.
  550. accept
  551.  
  552.  
  553. ######################################
  554. # ACL that is used for each MIME attachment in the email.
  555. acl_check_mime:
  556.  
  557. .include_if_exists /etc/exim.check_mime.conf.custom
  558. .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf
  559.  
  560. accept
  561.  
  562.  
  563. ##################################################################################
  564. # AUTHENTICATION CONFIGURATION
  565. ##################################################################################
  566. begin authenticators
  567.  
  568. plain:
  569. driver = plaintext
  570. public_name = PLAIN
  571. server_prompts = :
  572. server_condition = "${perl{smtpauth}{0}}"
  573. server_set_id = $2
  574.  
  575. login:
  576. driver = plaintext
  577. public_name = LOGIN
  578. server_prompts = "Username:: : Password::"
  579. server_condition = "${perl{smtpauth}{0}}"
  580. server_set_id = $1
  581.  
  582. #EDIT#47:
  583. # REWRITE CONFIGURATION
  584. # There is no rewriting specification in this exim.conf file. If your
  585. # configuration requires one, it would go here
  586.  
  587.  
  588.  
  589. ##################################################################################
  590. # ROUTERS CONFIGURATION
  591. ##################################################################################
  592. begin routers
  593. #EDIT#48:
  594.  
  595. lookuphost:
  596. driver = dnslookup
  597. domains = ! +local_domains
  598. ignore_target_hosts = 127.0.0.0/8
  599. condition = "${perl{check_limits}}"
  600. transport = remote_smtp
  601. no_more
  602.  
  603. # RELATED: http://help.directadmin.com/item.php?id=153
  604. # smart_route:
  605. # driver = manualroute
  606. # domains = ! +local_domains
  607. # ignore_target_hosts = 127.0.0.0/8
  608. # condition = "${perl{check_limits}}"
  609. # route_list = !+local_domains HOSTNAME-or-IP#
  610. # transport = remote_smtp
  611.  
  612. #COMMENT#49:
  613. #DIRECTORS CONFIGURATION
  614.  
  615. .include_if_exists /etc/exim.spamassassin.conf
  616.  
  617. #EDIT#50:
  618. # Spam Assassin
  619. #spamcheck_director removed. Use the exim.spamassassin.conf
  620.  
  621. majordomo_aliases:
  622. driver = redirect
  623. allow_defer
  624. allow_fail
  625. data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  626. domains = lsearch;/etc/virtual/domainowners
  627. file_transport = address_file
  628. group = daemon
  629. pipe_transport = majordomo_pipe
  630. retry_use_local_part
  631. no_rewrite
  632. user = majordomo
  633.  
  634. majordomo_private:
  635. driver = redirect
  636. allow_defer
  637. allow_fail
  638. #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  639. condition = "${if or { {eq {$received_protocol} {local}} \
  640. {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  641. data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  642. domains = lsearch;/etc/virtual/domainowners
  643. file_transport = address_file
  644. group = daemon
  645. pipe_transport = majordomo_pipe
  646. retry_use_local_part
  647. user = majordomo
  648.  
  649. domain_filter:
  650. driver = redirect
  651. allow_filter
  652. no_check_local_user
  653. condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  654. user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  655. group = "mail"
  656. file = /etc/virtual/${domain}/filter
  657. directory_transport = address_file
  658. pipe_transport = virtual_address_pipe
  659. retry_use_local_part
  660. no_verify
  661.  
  662. uservacation:
  663. # uservacation reply to all except errors, bounces, lists
  664. driver = accept
  665. condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  666. condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  667. require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  668. # do not reply to errors and bounces or lists
  669. senders = " ! ^.*-request@.*:\
  670. ! ^owner-.*@.*:\
  671. ! ^postmaster@.*:\
  672. ! ^listmaster@.*:\
  673. ! ^mailer-daemon@.*\
  674. ! ^root@.*"
  675. transport = uservacation
  676. unseen
  677.  
  678. userautoreply:
  679. driver = accept
  680. condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  681. condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  682. require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  683. # do not reply to errors and bounces or lists
  684. senders = " ! ^.*-request@.*:\
  685. ! ^owner-.*@.*:\
  686. ! ^postmaster@.*:\
  687. ! ^listmaster@.*:\
  688. ! ^mailer-daemon@.*\
  689. ! ^root@.*"
  690. transport = userautoreply
  691. unseen
  692.  
  693. virtual_aliases_nostar:
  694. driver = redirect
  695. .include_if_exists /etc/exim.srs.forward.conf
  696. allow_defer
  697. allow_fail
  698. data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  699. file_transport = address_file
  700. group = mail
  701. pipe_transport = virtual_address_pipe
  702. retry_use_local_part
  703. unseen
  704. #include_domain = true
  705.  
  706. virtual_user:
  707. driver = accept
  708. condition = ${perl{save_virtual_user}}
  709. domains = lsearch;/etc/virtual/domainowners
  710. group = mail
  711. retry_use_local_part
  712. transport = dovecot_lmtp_udp
  713.  
  714. # accept only if local_part is not in the aliases file
  715. # (this implements catch-all)
  716. virtual_aliases:
  717. driver = redirect
  718. .include_if_exists /etc/exim.srs.forward.conf
  719. allow_defer
  720. allow_fail
  721. condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
  722. data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  723. file_transport = address_file
  724. group = mail
  725. pipe_transport = virtual_address_pipe
  726. retry_use_local_part
  727. #include_domain = true
  728.  
  729. #COMMENT#51:
  730. drop_solo_alias:
  731. driver = redirect
  732. allow_defer
  733. allow_fail
  734. data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  735. file_transport = devnull
  736. group = mail
  737. pipe_transport = devnull
  738. retry_use_local_part
  739. #include_domain = true
  740.  
  741. srs_router:
  742. driver = redirect
  743. srs = reverseandforward
  744. data = ${srs_recipient}
  745.  
  746. #COMMENT#52:
  747. userforward:
  748. driver = redirect
  749. allow_filter
  750. check_ancestor
  751. check_local_user
  752. no_expn
  753. file = $home/.forward
  754. file_transport = address_file
  755. pipe_transport = address_pipe
  756. reply_transport = address_reply
  757. no_verify
  758.  
  759. system_aliases:
  760. driver = redirect
  761. allow_defer
  762. allow_fail
  763. data = ${lookup{$local_part}lsearch{/etc/aliases}}
  764. file_transport = address_file
  765. pipe_transport = address_pipe
  766. retry_use_local_part
  767. # user = exim
  768.  
  769. localuser:
  770. driver = accept
  771. check_local_user
  772. condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  773. transport = local_delivery
  774.  
  775. #COMMENT#53:
  776. ##################################################################################
  777. # TRANSPORTS CONFIGURATION
  778. ##################################################################################
  779. begin transports
  780.  
  781. #COMMENT#54:
  782. spamcheck:
  783. driver = pipe
  784. batch_max = 100
  785. command = /usr/sbin/exim -oMr spam-scanned -bS
  786. current_directory = "/tmp"
  787. group = mail
  788. home_directory = "/tmp"
  789. log_output
  790. message_prefix =
  791. message_suffix =
  792. return_fail_output
  793. no_return_path_add
  794. transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  795. use_bsmtp
  796. user = mail
  797.  
  798. #COMMENT#55:
  799. majordomo_pipe:
  800. driver = pipe
  801. group = daemon
  802. return_fail_output
  803. user = majordomo
  804.  
  805. #COMMENT#56:
  806. local_delivery:
  807. driver = appendfile
  808. delivery_date_add
  809. envelope_to_add
  810. directory = /home/$local_part/Maildir/
  811. directory_mode = 770
  812. create_directory = true
  813. maildir_format
  814. group = mail
  815. mode = 0660
  816. return_path_add
  817. user = ${local_part}
  818.  
  819. #COMMENT#57:
  820. virtual_localdelivery:
  821. driver = appendfile
  822. create_directory
  823. delivery_date_add
  824. directory_mode = 770
  825. envelope_to_add
  826. directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  827. maildir_format
  828. group = mail
  829. mode = 660
  830. return_path_add
  831. user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  832. quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
  833.  
  834. #EDIT#58:
  835. uservacation:
  836. driver = autoreply
  837. file = /etc/virtual/${domain}/reply/${local_part}.msg
  838. from = "${local_part}@${domain}"
  839. log = /etc/virtual/${domain}/reply/${local_part}.log
  840. no_return_message
  841. headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  842. subject = ${if def:h_Subject: {\
  843. ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
  844. {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
  845. {Autoreply}\
  846. }: ${quote:${escape:${length_60:$h_Subject:}}}}\
  847. {I am on vacation}}
  848. to = "${sender_address}"
  849. user = mail
  850. once = /etc/virtual/${domain}/reply/${local_part}.once
  851. once_file_size = 100K
  852. once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
  853.  
  854. #COMMENT#59:
  855. userautoreply:
  856. driver = autoreply
  857. bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  858. file = /etc/virtual/${domain}/reply/${local_part}.msg
  859. from = "${local_part}@${domain}"
  860. log = /etc/virtual/${domain}/reply/${local_part}.log
  861. no_return_message
  862. headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  863. subject = ${if def:h_Subject: {\
  864. ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
  865. {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
  866. {Autoreply}\
  867. }: ${quote:${escape:${length_60:$h_Subject:}}}}\
  868. {Autoreply Message}}
  869. to = "${sender_address}"
  870. user = mail
  871. once = /etc/virtual/${domain}/reply/${local_part}.once
  872. once_file_size = 100K
  873. once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
  874.  
  875. #COMMENT#60:
  876. devnull:
  877. driver = appendfile
  878. file = /dev/null
  879.  
  880. #COMMENT#61:
  881. remote_smtp:
  882. driver = smtp
  883. headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
  884. #interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
  885. #interface = 5.200.7.27
  886.  
  887. helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  888. .include_if_exists /etc/exim.dkim.conf
  889.  
  890. #EDIT#62:
  891. address_pipe:
  892. driver = pipe
  893. return_output
  894.  
  895. virtual_address_pipe:
  896. driver = pipe
  897. group = nobody
  898. return_output
  899. user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
  900. .include_if_exists /etc/exim.cagefs.pipe.conf
  901.  
  902. #COMMENT#63:
  903. address_file:
  904. driver = appendfile
  905. delivery_date_add
  906. envelope_to_add
  907. return_path_add
  908.  
  909. #COMMENT#64:
  910. address_reply:
  911. driver = autoreply
  912.  
  913. dovecot_lmtp_udp:
  914. driver = lmtp
  915. socket = /var/run/dovecot/lmtp
  916. #maximum number of deliveries per batch, default 1
  917. batch_max = 200
  918. delivery_date_add
  919. envelope_to_add
  920. return_path_add
  921. user = mail
  922.  
  923. ##################################################################################
  924. # RETRY CONFIGURATION
  925. ##################################################################################
  926. #EDIT#65:
  927. # Domain Error Retries
  928. # ------ ----- -------
  929. begin retry
  930. * quota
  931. * * F,2h,15m; G,16h,1h,1.5; F,4d,8h
  932. # End of Exim 4 configuration
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement