Untitled

exim_path = /usr/sbin/exim4

domainlist local_domains = sebbe.eu:[185.86.106.232]:[193.187.91.106]:[2001:470:dff1:1:10::1]:[2001:470:dff1:1:10::2]:dns1.sebbe.eu:dns2.sebbe.eu:mx.sebbe.eu
hostlist relay_from_hosts = 192.168.0.0/16 : 127.0.0.1 : ::::1
auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : ::::1

system_filter = /etc/exim4/sentfolder.filter
system_filter_file_transport = sentfolder
chunking_advertise_hosts = :
check_rfc2047_length = false
headers_charset = UTF-8

qualify_domain = sebbe.eu
primary_hostname = sebbe.eu
accept_8bitmime = true
exim_user = asterisk
exim_group = asterisk
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_dkim = acl_check_dkim
acl_smtp_mime = acl_check_mime
# av_scanner = clamd:/var/run/clamav/clamd.ctl
# spamd_address = 127.0.0.1 783
allow_domain_literals
host_lookup = *
keep_environment = MAIN_KEEP_ENVIRONMENT

rfc1413_query_timeout = 0s
#prdr_enable = false

local_from_check = false
local_sender_retain = true
untrusted_set_sender = *

ignore_bounce_errors_after = 2d
spool_directory = /var/spool/exim4

smtp_active_hostname = ${lookup{$received_ip_address\_$received_port}lsearch{/etc/exim4/servers}{$value}}

smtp_accept_max_nonmail_hosts = :
smtp_banner = $smtp_active_hostname ESMTP Exim4
add_environment = <; PATH=/bin:/usr/bin
tls_require_ciphers = SECURE128:-VERS-SSL3.0
tls_advertise_hosts = *
tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key
tls_ocsp_file = /etc/exim4/exim.ocsp
tls_on_connect_ports = 465 : 466

log_selector = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn

begin acl

acl_check_dkim:
      accept
           dkim_status = fail
           add_header = X-DKIM-Signature: fail (address=$sender_address domain=$dkim_cur_signer), signature is bad.
      accept
           dkim_status = invalid
           add_header = X-DKIM-Signature: invalid ($dkim_verify_status); $dkim_verify_reason
      accept
           dkim_status = pass
           add_header = X-DKIM-Signature: pass (address=$sender_address domain=$dkim_cur_signer), signature is good.
      accept
           add_header = X-DKIM-Signature: none

acl_check_mail:
  accept
    hosts = 127.0.0.1
    condition = ${if eq{$received_port}{10026}}
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  accept
    authenticated = *
    senders = ^(sebastian|postmaster|abuse)@sebbe\\.eu\$
    hosts = +relay_from_hosts
    set acl_m0 = authorizedrelay
  deny
    message = You can't spoof the domains this server is authorative for
    sender_domains = ^(?i).*sebbe\\.eu\$ : +local_domains
  deny
    message = Local users must authenticate
    hosts = +relay_from_hosts
  deny
    message = That would create a mail loop
    sender_domains = localhost : ^\\[127.*
  deny
    message = Banned operator tiscali.it (spam)
    sender_domains = tiscali.it
  warn
    dnslists = list.dnswl.org
    set acl_m1 = dnswl_whitelisted
  deny
    message = Banned TLD ( Please register your mailserver here to unban: https://www.dnswl.org/selfservice/?action=register )
    condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
    sender_domains = ^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christmas|click|club|college|computer|country|cricket|date|design|download|email|faith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|review|rocks|science|security|shop|site|solutions|space|storage|store|stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip)\$
  warn
    remove_header = x-spf-signature
    remove_header = x-dns-whitelist
    remove_header = x-dkim-signature
  warn
    condition = ${if eq {$acl_m1}{dnswl_whitelisted}{yes}{no}}
    add_header = X-DNS-Whitelist: pass
  warn
    condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
    add_header = X-DNS-Whitelist: fail
  deny
    message = Banned Spammer
    sender_domains = ^(?i).*newicomarket\\.com\$
  deny
    message = This email has been banned by system administrator
    senders = kunngen__@hotmail.com
  deny
    message = Sender verification failed
    !verify = sender
  deny
    message = Sender adress is spoofed according to SPF. $spf_smtp_comment
    log_message = SPF check failed: $spf_header_comment
    spf = fail : softfail
  defer
    message = Temporary SPF error. Try again later. $spf_smtp_comment
    spf = temperror
  warn
    add_header = X-SPF-Signature: $spf_result $spf_header_comment
    spf = pass : none : neutral : permerror
  warn
    log_message = Permanent SPF failure: $spf_header_comment
    spf = permerror
  accept

acl_check_rcpt:
  accept
    hosts = 127.0.0.1
    condition = ${if eq{$received_port}{10026}}
    control = dkim_disable_verify
  deny
    local_parts = ^[./|] : ^.*[\\\\@%`#&?] : ^.*/\\.\\./
    message = restricted characters in address
  deny
    message = That would create a mail loop
    domains = localhost : ^\\[127.*
  accept
    condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
    control = submission/sender_retain
    control = dkim_disable_verify
  require
    message = relay not permitted
    domains = +local_domains
  deny
    message = Email to SMS facility is restricted to local users
    local_parts = ^\\d\\d+\$
  require
    verify = recipient
  accept

acl_check_data:
  accept
    hosts = 127.0.0.1
    condition = ${if eq{$received_port}{10026}}
    remove_header = date
    remove_header = subject
    add_header = Date: $tod_full
    add_header = Subject: ${rfc2047:${length_100:${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{$h_subject:}{\\xE5}{\\xA5}}}{\\xC4}{\\x84}}}{\\xD6}{\\x96}}}{\\xC5}{\\x85}}}{\\xF6}{\\xB6}}}{\\xE4}{\\xA4}}}{\N[^a-zA-Z0-9\xA5\xA4\xB6\x85\x84\x96 !"\@#\$%&\/\{(\[)\]=\}?+\\\-_:.;,*><|^~]\N}{}}}{\N([\xA5\xA4\xB6\x85\x84\x96])\N}{\\xC3\$1}}}{    }{ }}}{   }{ }}}{  }{ }}}{^ }{}}}{ \$}{}}}}
  deny
    message = Message headers fail syntax check
    !verify = header_syntax
  deny
    message = No verifiable sender address in message headers
    !verify = header_sender
  deny
    message = Missing MIME From header
    condition = ${if def:h_from:{no}{yes}}
  deny
    message = You can't spoof the MIME From this server is authorative for
    condition = ${if match {$h_from:}{^(?i).*<.*@.*sebbe\\.eu>\$}{yes}{no}}
    condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
  deny
    message = Authorized relayed messages MUST have a local MIME From
    condition = ${if match {$h_from:}{^"?(Sebastian Nielsen|Microsoft Outlook)"? <(sebastian|abuse|postmaster)@sebbe\\.eu>\$}{no}{yes}}
    condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
  deny
    message = Banned TLD in MIME From ( Please register your domain here to unban: https://www.dnswl.org/selfservice/?action=register )
    condition = ${if match {$h_from:}{^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christmas|click|club|college|computer|country|cricket|date|design|download|email|faith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|review|rocks|science|security|shop|site|solutions|space|storage|store|stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip)>\$}{yes}{no}}
    condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
  deny
    message = Banned spam subject: (pills/pharmacy/ICO/cryptocoin/fuckbuddy/athlete spam)
    condition = ${if match {$h_subject:}{^(?i).*(medicine|pharmacy|citrate|way.better.coin|pandora.outlet|pfizer|fuckbuddy|instafuck|instacheat|f.cking|hookup|viagra|levitra|cialis|kamagra|med:|penisole|drug|impotence|windows 11|pills|vpxl|\\[phishing\\])}{yes}{no}}
  accept
acl_check_mime:
  deny
    message = Banned content (.ru/.su spam found)
    mime_regex = (?i)https?:://[a-z0-9]+\\.su : (?i)https?:://rambler\\.ru
  accept

begin routers

pmx_smarthost:
  debug_print = "R: pmx_smarthost for $local_part@$domain"
  cannot_route_message = Unknown user
  condition = ${if !eq{$received_port}{10026}}
  driver = manualroute
  route_list = * 127.0.0.1
  transport = remote_pmx_smtp
  self = send
  no_verify
  no_more
dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  # ignore private rfc1918 and APIPA addresses
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
                        255.255.255.255
  no_more

sms_transmit:
  driver = accept
  domains = +local_domains
  local_parts = ^\\d\\d+\$
  transport = sms_transport
  no_more

system_aliases:
  debug_print = "R: system_aliases for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}

local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = mail_spool
  cannot_route_message = Unknown user

begin transports
remote_pmx_smtp:
  debug_print = "T: remote_pmx_smtp for $local_part@$domain"
  driver = smtp
  port = 10025
  allow_localhost

sms_transport:
  debug_print = "T: Sending SMS to $local_part"
  driver = pipe
  command = /usr/sbin/smsbot $local_part
  return_output = true
  user = asterisk

mail_spool:
  debug_print = "T: appendfile for $local_part@$domain"
  driver = appendfile
  file = /var/mail/asterisk
  delivery_date_add
  envelope_to_add
  return_path_add
  user = asterisk
  group = mail
  mode = 0660
  mode_fail_narrower = false
  current_directory = /
remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
  helo_data = ${lookup{$sending_ip_address}lsearch{/etc/exim4/helo}{$value}}
  dkim_sign_headers = from:date:to:cc
  dkim_domain = sebbe.eu
  dkim_selector = root
  dkim_private_key = /etc/exim4/dkim.key
  dkim_canon = relaxed

sentfolder:
  debug_print = "T: Sentfolder for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  user = asterisk
  group = mail
  mode = 0660
  mode_fail_narrower = false
  current_directory = /

begin retry

*                      *           F,2h,30m; G,18h,1h,1.5; F,6d,18h

begin rewrite

begin authenticators
 plain_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if and {{eq{$auth2}{sebastian@sebbe.eu}}{eq{$auth3}{<<<<MITT EPOSTLÖSENORD BORTRADERAT HÄR>>>>}}}}
   server_set_id = server
   server_prompts = :