daily pastebin goal
34%
SHARE
TWEET

Untitled

a guest Mar 25th, 2019 90 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # SpamBlockerTechnology* powered exim.conf, Version 4.4.6
  2. # Dec 5, 2015
  3. # Exim configuration file for DirectAdmin
  4. # Requires exim.pl as distributed by DirectAdmin here:
  5. # http://files.directadmin.com/services/exim.pl version 21 or higher
  6. # ClamAV optional
  7. # SpamAssassin optional
  8. # Dovecot/IMAP Mandatory
  9. # *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
  10. # http://www.nobaloney.net
  11. #
  12. # WARNING! Do NOT use this exim.conf Exim configuration file unless you
  13. # make the required modifications to your Exim configuration
  14. # following the instructions in the README file included in this
  15. # distribution:
  16. # README-SpamBlockerVersion4exim.conf.txt
  17. #
  18. # The original exim.conf file distributed with Exim 4, includes the
  19. # following copyright notice:
  20. #
  21. # Copyright (C) 2002 University of Cambridge, Cambridge, UK
  22. #
  23. # Portions of the file are taken from the exim.conf file as
  24. # distributed with DirectAdmin (http://www.directadmin.com/)
  25. #
  26. # Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
  27. #
  28. # Portions of this file are written by NoBaloney Internet Services
  29. # and are copyright as follows:
  30. #
  31. # Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
  32. #
  33. # The entire Exim 4 distribution, including the exim.conf file, is
  34. # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
  35. # June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
  36. # you may download it, in it's entirety, from the website at:
  37. #
  38. # http://www.nobaloney.net/exim/gnu-gpl-v2.txt
  39. #
  40. # Thanks to all the members of the DirectAdmin community and of the exim
  41. # community who have given their # much needed and appreciated help.
  42. #
  43. # The most recent version of this file may always downloaded from the website
  44. # at: http://www.nobaloney.net/downloads/spamblocker
  45. #
  46. # MODIFICATION INSTRUCTIONS
  47. #
  48. # YOU MUST MAKE THE CHANGES TO THIS
  49. # SpamBlockerTechnology* powered exim.conf, Version 4.0
  50. # file as documented in the README file.
  51. #
  52. # The README file for this version is named:
  53. # README-SpamBlockerVersion4exim.conf.txt
  54.  
  55. # CONFIGURATION STARTS HERE
  56.  
  57. #EDIT#1:
  58. # primary_hostname =
  59. smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  60.  
  61. #EDIT#2-CLAMAV:
  62. # av_scanner = clamd:/var/run/clamav/clamd
  63. #.include_if_exists /etc/exim.clamav.load.conf
  64.  
  65. #Block Cracking variables
  66. .include_if_exists /etc/exim.blockcracking/variables.conf
  67.  
  68. #Easy Spam Figher variables
  69. .include_if_exists /etc/exim.easy_spam_fighter/variables.conf
  70.  
  71. #SRS
  72. .include_if_exists /etc/exim.srs.conf
  73.  
  74. #EDIT#3:
  75. # qualify_domain =
  76.  
  77. #EDIT#4:
  78. perl_startup = do '/etc/exim.pl'
  79.  
  80. #EDIT#5:
  81. system_filter = /etc/system_filter.exim
  82.  
  83. #EDIT#6:
  84. untrusted_set_sender = *
  85.  
  86. #EDIT#7:
  87. daemon_smtp_ports = 25 : 587 : 465 : 10025
  88. tls_on_connect_ports = 465
  89.  
  90. #EDIT#8:
  91. local_from_check = false
  92.  
  93. RBL_DNS_LIST=\
  94.        cbl.abuseat.org : \
  95.        bl.spamcop.net : \
  96.        b.barracudacentral.org : \
  97.        zen.spamhaus.org : \
  98.        hostkarma.junkemailfilter.com=127.0.0.2
  99.  
  100. .include /etc/exim.variables.conf
  101. .include /etc/exim.strings.conf
  102. .include_if_exists /etc/exim.strings.conf.custom
  103.  
  104. #EDIT#10:
  105. helo_allow_chars = _
  106.  
  107. #EDIT#11:
  108. log_selector = \
  109.   +delivery_size \
  110.   +sender_on_delivery \
  111.   +received_recipients \
  112.   +received_sender \
  113.   +smtp_confirmation \
  114.   +subject \
  115.   +smtp_incomplete_transaction \
  116.   -dnslist_defer \
  117.   -host_lookup_failed \
  118.   -queue_run \
  119.   -rejected_header \
  120.   -retry_defer \
  121.   -skip_delivery \
  122.   +arguments
  123.  
  124. #EDIT#12:
  125. syslog_duplication = false
  126.  
  127. #EDIT#13:
  128. acl_not_smtp = acl_script
  129. acl_smtp_auth = acl_check_auth
  130. acl_smtp_connect = acl_connect
  131. acl_smtp_helo = acl_check_helo
  132. #acl_smtp_mail = ${if ={$interface_port}{587} {accept}{acl_check_mail}}
  133. acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10025} {acl_smtp_mail_proxy}{acl_check_mail}}}}
  134. acl_smtp_rcpt = acl_check_recipient
  135. acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
  136. acl_smtp_data = acl_check_message
  137. acl_smtp_mime = acl_check_mime
  138.  
  139. #EDIT#14:
  140. addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
  141. addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
  142. domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
  143. domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
  144. domainlist local_domains = lsearch;/etc/virtual/domains
  145. domainlist relay_domains = lsearch;/etc/virtual/domains
  146. domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
  147. domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
  148. hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
  149. hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
  150. hostlist auth_relay_hosts = *
  151. hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
  152. hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
  153. hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
  154. hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
  155. BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
  156. BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames
  157. BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames
  158.  
  159. #EDIT#15:
  160. #domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains
  161.  
  162. #EDIT#16:
  163. hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts
  164.  
  165. #EDIT#17:
  166. never_users = root
  167.  
  168. #EDIT#18:
  169. host_lookup = *
  170.  
  171. #EDIT#19:
  172. rfc1413_hosts = *
  173. rfc1413_query_timeout = 0s
  174.  
  175. #EDIT#20:
  176. #exim.variables.conf
  177.  
  178. #EDIT#21:
  179. #exim.variables.conf
  180.  
  181. #EDIT#22:
  182. #exim.variables.conf
  183.  
  184. #EDIT#23:
  185. tls_certificate = /etc/exim.cert
  186. tls_privatekey = /etc/exim.key
  187. openssl_options = +no_sslv2 +no_sslv3
  188. tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  189. tls_advertise_hosts = *
  190. #auth_over_tls_hosts = *
  191.  
  192. .include_if_exists /etc/exim.variables.conf.post
  193.  
  194. ##################################################################################
  195. # Access Control Lists
  196. ##################################################################################
  197. begin acl
  198.  
  199.  
  200. ######################################
  201. # ACL CONNECT
  202. ######################################
  203. #EDIT#24:
  204. acl_connect:
  205.   warn set acl_m_spam_assassin_has_run = 0
  206.   warn set acl_m_is_whitelisted = 0
  207.   .include_if_exists /etc/exim.easy_spam_fighter/connect.conf
  208.   accept hosts = *
  209.  
  210.  
  211. ######################################
  212. # ACL CHECK MAIL
  213. ######################################
  214. acl_check_mail:
  215.   accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  216.  
  217. #EDIT#31:
  218.   accept  sender_domains = +whitelist_domains
  219.           logwrite = $sender_host_address whitelisted in local domains whitelist
  220.           set acl_m_is_whitelisted = 1
  221.   accept  hosts = +whitelist_hosts
  222.           logwrite = $sender_host_address whitelisted in local hosts whitelist
  223.           set acl_m_is_whitelisted = 1
  224.   accept  hosts = +whitelist_hosts_ip
  225.           logwrite = $sender_host_address whitelisted in local hosts IP whitelist
  226.           set acl_m_is_whitelisted = 1
  227.   # accept if envelope sender is in whitelist
  228.   accept  senders = +whitelist_senders
  229.           logwrite = $sender_host_address whitelisted in local sender whitelist
  230.           set acl_m_is_whitelisted = 1
  231.  
  232.   .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
  233.   accept
  234.  
  235.  
  236. ######################################
  237. # ACL CHECK AUTH
  238. ######################################
  239. #EDIT#24.5#
  240. acl_check_auth:
  241.   drop  set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
  242.         condition = ${if >{$acl_m_authcount}{2}}
  243.         delay = 10s
  244.         message = ONLY_ONE_AUTH_PER_CONN
  245.  
  246.   accept
  247.  
  248.  
  249. ######################################
  250. # ACL CHECK HELO
  251. ######################################
  252. #EDIT#25:
  253. acl_check_helo:
  254.   # accept mail originating on this server unconditionally
  255.   accept  hosts = @[] : @
  256.   # deny if the HELO pretends to be this host
  257.     deny message = HELO_HOST_IMPERSANATION
  258.       condition = ${if or { \
  259.                             {eq{$sender_helo_name}{$smtp_active_hostname}} \
  260.                             {eq{$sender_helo_name}{[$interface_address]}} \
  261.                           } {true}{false} }
  262.   # deny if the HELO is an IP address
  263.     deny message = HELO_IS_IP
  264.          condition   = ${if eq{$interface_port}{25}}
  265.          condition   = ${if isip{$sender_helo_name}}
  266.   # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
  267.     deny message = HELO_BLOCKED_FOR_ABUSE
  268.          condition   = ${if eq{$sender_helo_name}{ylmf-pc}}
  269.   # deny if the HELO pretends to be one of the domains hosted on the server
  270.     #deny message = HELO_IS_LOCAL_DOMAIN
  271.     #    condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
  272.     #    hosts = ! +relay_hosts
  273.   accept
  274.  
  275.  
  276. ######################################
  277. # ACL SCRIPT
  278. ######################################
  279. acl_script:
  280.   discard set acl_m_uid = ${perl{find_uid}}
  281.           set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  282.           condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  283.           condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
  284.           message = USER_TOO_MANY
  285.  
  286.   discard condition = ${if !eq{$originator_uid}{$exim_uid}}
  287.           condition = ${if exists{BLACKLIST_USERNAMES}}
  288.           condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
  289.           message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES
  290.  
  291.   discard condition = ${if !eq{$originator_uid}{$exim_uid}}
  292.           condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}}
  293.           condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}}
  294.           message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES
  295.  
  296.   .include_if_exists /etc/exim.blockcracking/script.conf
  297.  
  298.   accept
  299.  
  300.   .include_if_exists /etc/exim.blockcracking/script.recipients.conf
  301.  
  302.  
  303. ######################################
  304. # ACL CHECK RECIPIENT
  305. ######################################
  306. #EDIT#26:
  307. acl_check_recipient:
  308.   # block certain well-known exploits, Deny for local domains if
  309.   # local parts begin with a dot or contain @ % ! / |
  310.   deny  domains       = +local_domains
  311.         local_parts   = ^[.] : ^.*[@%!/|]
  312.  
  313.   # If you've hit the limit, you can't send anymore. Requires exim.pl 17+
  314.   drop  message = AUTH_TOO_MANY
  315.         condition = ${perl{auth_hit_limit_acl}}
  316.         authenticated = *
  317.  
  318.   drop  message = MULTIPLE_BOUNCE_RECIPIENTS
  319.         senders = : postmaster@*
  320.         condition = ${if >{$recipients_count}{0}{true}{false}}
  321.  
  322.   drop  message = TOO_MANY_FAILED_RECIPIENTS
  323.         log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
  324.         condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
  325.         !verify = recipient/callout=2m,defer_ok,use_sender
  326.  
  327.   drop  message = DOMAIN_SUSPENDED
  328.         domains = +local_domains
  329.         condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}
  330.  
  331.   drop  authenticated = *
  332.         condition = ${if exists{BLACKLIST_USERNAMES}}
  333.         set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
  334.         set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  335.         condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  336.         condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
  337.         message = USER_ON_BLACKLIST_SMTP
  338.         logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES
  339.  
  340.   drop  authenticated = *
  341.         condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
  342.         set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
  343.         set acl_m_username = ${perl{get_username}{$acl_m_uid}}
  344.         condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
  345.         condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
  346.         message = USER_ON_BLACKLIST_SMTP
  347.         logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES
  348.  
  349.   accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  350.  
  351.   #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking
  352.   .include_if_exists /etc/exim.blockcracking/auth.conf
  353.  
  354.   # restrict port 587 to authenticated users only
  355.   # see also daemon_smtp_ports above
  356.   accept  hosts = +auth_relay_hosts
  357.       condition = ${if eq {$interface_port}{587} {yes}{no}}
  358.       endpass
  359.       message = RELAY_NOT_PERMITTED_AUTH
  360.       authenticated = *
  361.   # Deny all Mailer-Daemon messages not for us:
  362.   deny message = We didn't send the message
  363.        senders = :
  364.        domains = !+relay_domains
  365.  
  366.   # Deny if the recipient doesn't exist:
  367.     deny message = NO_SUCH_RECIPIENT
  368.          domains = +local_domains
  369.      !verify = recipient
  370.   # Remaining Mailer-Daemon messages must be for us
  371.     accept senders = :
  372.        domains = +relay_domains
  373.  
  374. #EDIT#27:
  375.   # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
  376.     #deny message = R1: HELO_SHOULD_BE_FQDN
  377.     #     !authenticated = *
  378.     #     condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
  379.     #     condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  380.   ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  381.   #  deny message = R2: HELO_SHOULD_BE_FQDN
  382.   #       !authenticated = *
  383.   #       condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  384.   # 3rd deny makes sure the hostname has no double-dots (invalid)
  385.     deny message = R3: HELO_SHOULD_BE_FQDN
  386.          !authenticated = *
  387.          condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  388.   ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  389.   #  deny message = R4: HELO_SHOULD_BE_FQDN
  390.   #       !authenticated = *
  391.   #       condition  = ${if match{$sender_helo_name}{\N\.home$\N}}
  392.  
  393. #EDIT#28:
  394.   # warn domains = +skip_av_domains
  395.   # set acl_m0 = $tod_epoch
  396.  
  397. #EDIT#29:
  398.   deny  domains       = !+local_domains
  399.         local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  400.  
  401. #EDIT#30:
  402.   accept  hosts = :
  403.           logwrite = Whitelisted as having local origination
  404.  
  405. #EDIT#32:
  406.     deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
  407.     domains = +use_rbl_domains
  408.     domains = !+skip_rbl_domains
  409.     hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  410.     senders = +blacklist_senders
  411.  
  412. #EDIT#33:
  413.     deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
  414.        # only for domains that do want to be tested against RBLs
  415.        domains = +use_rbl_domains
  416.        domains = !+skip_rbl_domains
  417.        hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  418.        hosts = +bad_sender_hosts
  419.  
  420. #EDIT#34:
  421.     deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
  422.        hosts = +bad_sender_hosts_ip
  423.  
  424. #EDIT#35:
  425.   accept domains = +local_domains
  426.          sender_domains = !+blacklist_domains
  427.          hosts = !+bad_sender_hosts
  428.          hosts = !+bad_sender_hosts_ip
  429.          dnslists = list.dnswl.org&0.0.0.2
  430.          dnslists = list.dnswl.org!=127.0.0.255
  431.          logwrite = $sender_host_address whitelisted in list.dnswl.org
  432.  
  433. #EDIT#36:
  434.   # accept domains = +local_domains
  435.   #        dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  436.   #        logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com
  437.  
  438. #EDIT#37:
  439.   # accept  local_parts = whitelist
  440.   #         domains     = example.com
  441.  
  442. #EDIT#38:
  443.   require verify = sender
  444.  
  445. #EDIT#39:
  446.     deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
  447.        domains = +use_rbl_domains
  448.        domains = !+skip_rbl_domains
  449.        hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  450.        sender_domains = +blacklist_domains
  451.  
  452. #EDIT#40:
  453. #    deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
  454. #         senders = *@paypal.com
  455. #         condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}
  456.  
  457. #EDIT#41:
  458.   warn hosts = +skip_rbl_hosts
  459.        logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
  460.   warn hosts = +skip_rbl_hosts_ip
  461.        logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
  462.   warn domains = +skip_rbl_domains
  463.        logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
  464.  
  465.   deny message = RBL_BLOCKED_BY_LIST
  466.        hosts    = !+relay_hosts
  467.        domains = +use_rbl_domains
  468.        domains = !+skip_rbl_domains
  469.        hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
  470.        !authenticated = *
  471.        dnslists = RBL_DNS_LIST
  472.  
  473.   .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf
  474.  
  475. #COMMENT#43:
  476. # ACCEPT EMAIL BEGINNING HERE
  477.   # accept if address is in a local domain as long as recipient can be verified
  478.   accept  domains = +local_domains
  479.           endpass
  480.       message = UNKNOWN_USER
  481.           verify = recipient
  482. #COMMENT#44
  483.   # accept if address is in a domain for which we relay as long as recipient
  484.   # can be verified
  485.   accept  domains = +relay_domains
  486.           endpass
  487.           verify = recipient
  488. #EDIT#45:
  489.   accept  hosts = +relay_hosts
  490.           add_header = X-Relay-Host: $sender_host_address
  491.  
  492.   accept  hosts = +auth_relay_hosts
  493.           endpass
  494.           message = AUTH_REQUIRED
  495.           authenticated = *
  496.  
  497. # FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  498.   # default at end of acl causes a "deny", but line below will give
  499.   # an explicit error message:
  500.   deny    message = RELAY_NOT_PERMITTED
  501.  
  502.  
  503. ######################################
  504. # ACL CHECK DKIM
  505. ######################################
  506. acl_check_dkim:
  507.   accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  508.          
  509.   .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
  510.   accept
  511.  
  512.  
  513. ######################################
  514. # ACL CHECK MESSAGE
  515. ######################################
  516. # ACL that is used after the DATA command (ClamAV)
  517. acl_check_message:
  518.   accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
  519.  
  520.   .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf
  521.  
  522. #EDIT#46:
  523. #.include_if_exists /etc/exim.clamav.conf
  524.  
  525.   ## accept without checking if in skip_av_domains
  526.   # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}
  527.  
  528.   ## deny if email contains malformed MIME header
  529.   # deny message = CLAM_MALFORMED_MIME
  530.   # demime = *
  531.   # condition = ${if >{$demime_errorlevel}{2}{1}{0}}
  532.  
  533.   ## deny if email containing virus or other harmful content
  534.   # deny message = CLAM_HAS_VIRUS
  535.   # demime = *
  536.   # malware = *
  537.  
  538.   ## deny  if email contains an attachment of type we don't accept.
  539.   # deny message = CLAM_BAD_ATTACHMENT
  540.   # demime = bat:com:pif:prf:scr:vbs:html
  541.  
  542.   ## Accept but put warning into headers if message over 1000k
  543.   # warn message = CLAM_SKIPPED
  544.   # condition = ${if >={$message_size}{1000k} {1}{0}}
  545.  
  546.   # warn message = CLAM_CLEAN
  547.  
  548.   ## The end of the acl_check_message acl (ClamAV)
  549.   ## Do NOT comment out the line below or all messages will be denied.
  550.   accept
  551.  
  552.  
  553. ######################################
  554. # ACL that is used for each MIME attachment in the email.
  555. acl_check_mime:
  556.  
  557.   .include_if_exists /etc/exim.check_mime.conf.custom
  558.   .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf
  559.  
  560.   accept
  561.  
  562.  
  563. ##################################################################################
  564. # AUTHENTICATION CONFIGURATION
  565. ##################################################################################
  566. begin authenticators
  567.  
  568. plain:
  569.     driver = plaintext
  570.     public_name = PLAIN
  571.     server_prompts = :
  572.     server_condition = "${perl{smtpauth}{0}}"
  573.     server_set_id = $2
  574.  
  575. login:
  576.     driver = plaintext
  577.     public_name = LOGIN
  578.     server_prompts = "Username:: : Password::"
  579.     server_condition = "${perl{smtpauth}{0}}"
  580.     server_set_id = $1
  581.  
  582. #EDIT#47:
  583. # REWRITE CONFIGURATION
  584. # There is no rewriting specification in this exim.conf file. If your
  585. # configuration requires one, it would go here
  586.  
  587.  
  588.  
  589. ##################################################################################
  590. # ROUTERS CONFIGURATION
  591. ##################################################################################
  592. begin routers
  593. #EDIT#48:
  594.  
  595. lookuphost:
  596.   driver = dnslookup
  597.   domains = ! +local_domains
  598.   ignore_target_hosts = 127.0.0.0/8
  599.   condition = "${perl{check_limits}}"
  600.   transport = remote_smtp
  601.   no_more
  602.  
  603. # RELATED: http://help.directadmin.com/item.php?id=153
  604. # smart_route:
  605. #   driver = manualroute
  606. #   domains = ! +local_domains
  607. #   ignore_target_hosts = 127.0.0.0/8
  608. #   condition = "${perl{check_limits}}"
  609. #   route_list = !+local_domains HOSTNAME-or-IP#
  610. #   transport = remote_smtp
  611.  
  612. #COMMENT#49:
  613. #DIRECTORS CONFIGURATION
  614.  
  615. .include_if_exists /etc/exim.spamassassin.conf
  616.  
  617. #EDIT#50:
  618. # Spam Assassin
  619. #spamcheck_director removed. Use the exim.spamassassin.conf
  620.  
  621. majordomo_aliases:
  622.   driver = redirect
  623.   allow_defer
  624.   allow_fail
  625.   data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  626.   domains = lsearch;/etc/virtual/domainowners
  627.   file_transport = address_file
  628.   group = daemon
  629.   pipe_transport = majordomo_pipe
  630.   retry_use_local_part
  631.   no_rewrite
  632.   user = majordomo
  633.  
  634. majordomo_private:
  635.   driver = redirect
  636.   allow_defer
  637.   allow_fail
  638.   #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  639.   condition = "${if or { {eq {$received_protocol} {local}} \
  640.                          {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  641.   data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  642.   domains = lsearch;/etc/virtual/domainowners
  643.   file_transport = address_file
  644.   group = daemon
  645.   pipe_transport = majordomo_pipe
  646.   retry_use_local_part
  647.   user = majordomo
  648.  
  649. domain_filter:
  650.   driver = redirect
  651.   allow_filter
  652.   no_check_local_user
  653.   condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  654.   user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  655.   group = "mail"
  656.   file = /etc/virtual/${domain}/filter
  657.   directory_transport = address_file
  658.   pipe_transport = virtual_address_pipe
  659.   retry_use_local_part
  660.   no_verify
  661.  
  662. uservacation:
  663.   # uservacation reply to all except errors, bounces, lists
  664.   driver = accept
  665.   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  666.   condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  667.   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  668.   # do not reply to errors and bounces or lists
  669.   senders = " ! ^.*-request@.*:\
  670.               ! ^owner-.*@.*:\
  671.               ! ^postmaster@.*:\
  672.               ! ^listmaster@.*:\
  673.               ! ^mailer-daemon@.*\
  674.               ! ^root@.*"
  675.   transport = uservacation
  676.   unseen
  677.  
  678. userautoreply:
  679.   driver = accept
  680.   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  681.   condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  682.   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  683.   # do not reply to errors and bounces or lists
  684.   senders = " ! ^.*-request@.*:\
  685.               ! ^owner-.*@.*:\
  686.               ! ^postmaster@.*:\
  687.               ! ^listmaster@.*:\
  688.               ! ^mailer-daemon@.*\
  689.               ! ^root@.*"
  690.   transport = userautoreply
  691.   unseen
  692.  
  693. virtual_aliases_nostar:
  694.   driver = redirect
  695.   .include_if_exists /etc/exim.srs.forward.conf
  696.   allow_defer
  697.   allow_fail
  698.   data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  699.   file_transport = address_file
  700.   group = mail
  701.   pipe_transport = virtual_address_pipe
  702.   retry_use_local_part
  703.   unseen
  704.   #include_domain = true
  705.  
  706. virtual_user:
  707.   driver = accept
  708.   condition = ${perl{save_virtual_user}}
  709.   domains = lsearch;/etc/virtual/domainowners
  710.   group = mail
  711.   retry_use_local_part
  712.   transport = dovecot_lmtp_udp
  713.  
  714. # accept only if local_part is not in the aliases file
  715. # (this implements catch-all)
  716. virtual_aliases:
  717.   driver = redirect
  718.   .include_if_exists /etc/exim.srs.forward.conf
  719.   allow_defer
  720.   allow_fail
  721.   condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
  722.   data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  723.   file_transport = address_file
  724.   group = mail
  725.   pipe_transport = virtual_address_pipe
  726.   retry_use_local_part
  727.   #include_domain = true
  728.  
  729. #COMMENT#51:
  730. drop_solo_alias:
  731.   driver = redirect
  732.   allow_defer
  733.   allow_fail
  734.   data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  735.   file_transport = devnull
  736.   group = mail
  737.   pipe_transport = devnull
  738.   retry_use_local_part
  739.   #include_domain = true
  740.  
  741. srs_router:
  742.   driver = redirect
  743.   srs = reverseandforward
  744.   data = ${srs_recipient}
  745.  
  746. #COMMENT#52:
  747. userforward:
  748.   driver = redirect
  749.   allow_filter
  750.   check_ancestor
  751.   check_local_user
  752.   no_expn
  753.   file = $home/.forward
  754.   file_transport = address_file
  755.   pipe_transport = address_pipe
  756.   reply_transport = address_reply
  757.   no_verify
  758.  
  759. system_aliases:
  760.   driver = redirect
  761.   allow_defer
  762.   allow_fail
  763.   data = ${lookup{$local_part}lsearch{/etc/aliases}}
  764.   file_transport = address_file
  765.   pipe_transport = address_pipe
  766.   retry_use_local_part
  767.   # user = exim
  768.  
  769. localuser:
  770.   driver = accept
  771.   check_local_user
  772.   condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  773.   transport = local_delivery
  774.  
  775. #COMMENT#53:
  776. ##################################################################################
  777. # TRANSPORTS CONFIGURATION
  778. ##################################################################################
  779. begin transports
  780.  
  781. #COMMENT#54:
  782. spamcheck:
  783.   driver = pipe
  784.   batch_max = 100
  785.   command = /usr/sbin/exim -oMr spam-scanned -bS
  786.   current_directory = "/tmp"
  787.   group = mail
  788.   home_directory = "/tmp"
  789.   log_output
  790.   message_prefix =
  791.   message_suffix =
  792.   return_fail_output
  793.   no_return_path_add
  794.   transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  795.   use_bsmtp
  796.   user = mail
  797.  
  798. #COMMENT#55:
  799. majordomo_pipe:
  800.   driver = pipe
  801.   group = daemon
  802.   return_fail_output
  803.   user = majordomo
  804.  
  805. #COMMENT#56:
  806. local_delivery:
  807.   driver = appendfile
  808.   delivery_date_add
  809.   envelope_to_add
  810.   directory = /home/$local_part/Maildir/
  811.   directory_mode = 770
  812.   create_directory = true
  813.   maildir_format
  814.   group = mail
  815.   mode = 0660
  816.   return_path_add
  817.   user = ${local_part}
  818.  
  819. #COMMENT#57:
  820. virtual_localdelivery:
  821.   driver = appendfile
  822.   create_directory
  823.   delivery_date_add
  824.   directory_mode = 770
  825.   envelope_to_add
  826.   directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  827.   maildir_format
  828.   group = mail
  829.   mode = 660
  830.   return_path_add
  831.   user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  832.   quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
  833.  
  834. #EDIT#58:
  835. uservacation:
  836.   driver = autoreply
  837.   file = /etc/virtual/${domain}/reply/${local_part}.msg
  838.   from = "${local_part}@${domain}"
  839.   log = /etc/virtual/${domain}/reply/${local_part}.log
  840.   no_return_message
  841.   headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  842.   subject = ${if def:h_Subject: {\
  843.                 ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
  844.                     {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
  845.                     {Autoreply}\
  846.                 }: ${quote:${escape:${length_60:$h_Subject:}}}}\
  847.                 {I am on vacation}}
  848.   to = "${sender_address}"
  849.   user = mail
  850.   once = /etc/virtual/${domain}/reply/${local_part}.once
  851.   once_file_size = 100K
  852.   once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
  853.  
  854. #COMMENT#59:
  855. userautoreply:
  856.   driver = autoreply
  857.   bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  858.   file = /etc/virtual/${domain}/reply/${local_part}.msg
  859.   from = "${local_part}@${domain}"
  860.   log = /etc/virtual/${domain}/reply/${local_part}.log
  861.   no_return_message
  862.   headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  863.   subject = ${if def:h_Subject: {\
  864.                 ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
  865.                     {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
  866.                     {Autoreply}\
  867.                 }: ${quote:${escape:${length_60:$h_Subject:}}}}\
  868.                 {Autoreply Message}}
  869.   to = "${sender_address}"
  870.   user = mail
  871.   once = /etc/virtual/${domain}/reply/${local_part}.once
  872.   once_file_size = 100K
  873.   once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
  874.  
  875. #COMMENT#60:
  876. devnull:
  877.   driver = appendfile
  878.   file = /dev/null
  879.  
  880. #COMMENT#61:
  881. remote_smtp:
  882.   driver = smtp
  883.   headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
  884.   #interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
  885. #interface = 5.200.7.27
  886.  
  887. helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  888. .include_if_exists /etc/exim.dkim.conf
  889.  
  890. #EDIT#62:
  891. address_pipe:
  892.   driver = pipe
  893.   return_output
  894.  
  895. virtual_address_pipe:
  896.   driver = pipe
  897.   group = nobody
  898.   return_output
  899.   user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
  900. .include_if_exists /etc/exim.cagefs.pipe.conf
  901.  
  902. #COMMENT#63:
  903. address_file:
  904.   driver = appendfile
  905.   delivery_date_add
  906.   envelope_to_add
  907.   return_path_add
  908.  
  909. #COMMENT#64:
  910. address_reply:
  911.   driver = autoreply
  912.  
  913. dovecot_lmtp_udp:
  914.   driver = lmtp
  915.   socket = /var/run/dovecot/lmtp
  916.   #maximum number of deliveries per batch, default 1
  917.   batch_max = 200
  918.   delivery_date_add
  919.   envelope_to_add
  920.   return_path_add
  921.   user = mail
  922.  
  923. ##################################################################################
  924. # RETRY CONFIGURATION
  925. ##################################################################################
  926. #EDIT#65:
  927. # Domain               Error       Retries
  928. # ------               -----       -------
  929. begin retry
  930. *                      quota
  931. *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
  932. # End of Exim 4 configuration
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top