Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- exim_path = /usr/sbin/exim4
- domainlist local_domains = sebbe.eu:[185.86.106.232]:[193.187.91.106]:[2001:470:dff1:1:10::1]:[2001:470:dff1:1:10::2]:dns1.sebbe.eu:dns2.sebbe.eu:mx.sebbe.eu
- hostlist relay_from_hosts = 192.168.0.0/16 : 127.0.0.1 : ::::1
- auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : ::::1
- system_filter = /etc/exim4/sentfolder.filter
- system_filter_file_transport = sentfolder
- chunking_advertise_hosts = :
- check_rfc2047_length = false
- headers_charset = UTF-8
- qualify_domain = sebbe.eu
- primary_hostname = sebbe.eu
- accept_8bitmime = true
- exim_user = asterisk
- exim_group = asterisk
- acl_smtp_mail = acl_check_mail
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
- acl_smtp_dkim = acl_check_dkim
- acl_smtp_mime = acl_check_mime
- # av_scanner = clamd:/var/run/clamav/clamd.ctl
- # spamd_address = 127.0.0.1 783
- allow_domain_literals
- host_lookup = *
- keep_environment = MAIN_KEEP_ENVIRONMENT
- rfc1413_query_timeout = 0s
- #prdr_enable = false
- local_from_check = false
- local_sender_retain = true
- untrusted_set_sender = *
- ignore_bounce_errors_after = 2d
- spool_directory = /var/spool/exim4
- smtp_active_hostname = ${lookup{$received_ip_address\_$received_port}lsearch{/etc/exim4/servers}{$value}}
- smtp_accept_max_nonmail_hosts = :
- smtp_banner = $smtp_active_hostname ESMTP Exim4
- add_environment = <; PATH=/bin:/usr/bin
- tls_require_ciphers = SECURE128:-VERS-SSL3.0
- tls_advertise_hosts = *
- tls_certificate = /etc/exim4/exim.crt
- tls_privatekey = /etc/exim4/exim.key
- tls_ocsp_file = /etc/exim4/exim.ocsp
- tls_on_connect_ports = 465 : 466
- log_selector = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
- begin acl
- acl_check_dkim:
- accept
- dkim_status = fail
- add_header = X-DKIM-Signature: fail (address=$sender_address domain=$dkim_cur_signer), signature is bad.
- accept
- dkim_status = invalid
- add_header = X-DKIM-Signature: invalid ($dkim_verify_status); $dkim_verify_reason
- accept
- dkim_status = pass
- add_header = X-DKIM-Signature: pass (address=$sender_address domain=$dkim_cur_signer), signature is good.
- accept
- add_header = X-DKIM-Signature: none
- acl_check_mail:
- accept
- hosts = 127.0.0.1
- condition = ${if eq{$received_port}{10026}}
- deny
- message = no HELO given before MAIL command
- condition = ${if def:sender_helo_name {no}{yes}}
- accept
- authenticated = *
- senders = ^(sebastian|postmaster|abuse)@sebbe\\.eu\$
- hosts = +relay_from_hosts
- set acl_m0 = authorizedrelay
- deny
- message = You can't spoof the domains this server is authorative for
- sender_domains = ^(?i).*sebbe\\.eu\$ : +local_domains
- deny
- message = Local users must authenticate
- hosts = +relay_from_hosts
- deny
- message = That would create a mail loop
- sender_domains = localhost : ^\\[127.*
- deny
- message = Banned operator tiscali.it (spam)
- sender_domains = tiscali.it
- warn
- dnslists = list.dnswl.org
- set acl_m1 = dnswl_whitelisted
- deny
- message = Banned TLD ( Please register your mailserver here to unban: https://www.dnswl.org/selfservice/?action=register )
- condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
- sender_domains = ^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christmas|click|club|college|computer|country|cricket|date|design|download|email|faith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|review|rocks|science|security|shop|site|solutions|space|storage|store|stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip)\$
- warn
- remove_header = x-spf-signature
- remove_header = x-dns-whitelist
- remove_header = x-dkim-signature
- warn
- condition = ${if eq {$acl_m1}{dnswl_whitelisted}{yes}{no}}
- add_header = X-DNS-Whitelist: pass
- warn
- condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
- add_header = X-DNS-Whitelist: fail
- deny
- message = Banned Spammer
- sender_domains = ^(?i).*newicomarket\\.com\$
- deny
- message = This email has been banned by system administrator
- senders = kunngen__@hotmail.com
- deny
- message = Sender verification failed
- !verify = sender
- deny
- message = Sender adress is spoofed according to SPF. $spf_smtp_comment
- log_message = SPF check failed: $spf_header_comment
- spf = fail : softfail
- defer
- message = Temporary SPF error. Try again later. $spf_smtp_comment
- spf = temperror
- warn
- add_header = X-SPF-Signature: $spf_result $spf_header_comment
- spf = pass : none : neutral : permerror
- warn
- log_message = Permanent SPF failure: $spf_header_comment
- spf = permerror
- accept
- acl_check_rcpt:
- accept
- hosts = 127.0.0.1
- condition = ${if eq{$received_port}{10026}}
- control = dkim_disable_verify
- deny
- local_parts = ^[./|] : ^.*[\\\\@%`#&?] : ^.*/\\.\\./
- message = restricted characters in address
- deny
- message = That would create a mail loop
- domains = localhost : ^\\[127.*
- accept
- condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
- control = submission/sender_retain
- control = dkim_disable_verify
- require
- message = relay not permitted
- domains = +local_domains
- deny
- message = Email to SMS facility is restricted to local users
- local_parts = ^\\d\\d+\$
- require
- verify = recipient
- accept
- acl_check_data:
- accept
- hosts = 127.0.0.1
- condition = ${if eq{$received_port}{10026}}
- remove_header = date
- remove_header = subject
- add_header = Date: $tod_full
- add_header = Subject: ${rfc2047:${length_100:${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{${sg{$h_subject:}{\\xE5}{\\xA5}}}{\\xC4}{\\x84}}}{\\xD6}{\\x96}}}{\\xC5}{\\x85}}}{\\xF6}{\\xB6}}}{\\xE4}{\\xA4}}}{\N[^a-zA-Z0-9\xA5\xA4\xB6\x85\x84\x96 !"\@#\$%&\/\{(\[)\]=\}?+\\\-_:.;,*><|^~]\N}{}}}{\N([\xA5\xA4\xB6\x85\x84\x96])\N}{\\xC3\$1}}}{ }{ }}}{ }{ }}}{ }{ }}}{^ }{}}}{ \$}{}}}}
- deny
- message = Message headers fail syntax check
- !verify = header_syntax
- deny
- message = No verifiable sender address in message headers
- !verify = header_sender
- deny
- message = Missing MIME From header
- condition = ${if def:h_from:{no}{yes}}
- deny
- message = You can't spoof the MIME From this server is authorative for
- condition = ${if match {$h_from:}{^(?i).*<.*@.*sebbe\\.eu>\$}{yes}{no}}
- condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
- deny
- message = Authorized relayed messages MUST have a local MIME From
- condition = ${if match {$h_from:}{^"?(Sebastian Nielsen|Microsoft Outlook)"? <(sebastian|abuse|postmaster)@sebbe\\.eu>\$}{no}{yes}}
- condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
- deny
- message = Banned TLD in MIME From ( Please register your domain here to unban: https://www.dnswl.org/selfservice/?action=register )
- condition = ${if match {$h_from:}{^(?i).*\\.(app|accountant|accountants|auto|berlin|bid|camera|car|cars|christmas|click|club|college|computer|country|cricket|date|design|download|email|faith|fun|gdn|global|guru|help|host|jetzt|kim|life|link|loan|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|review|rocks|science|security|shop|site|solutions|space|storage|store|stream|study|tech|technology|theatre|today|top|trade|university|uno|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip)>\$}{yes}{no}}
- condition = ${if eq {$acl_m1}{dnswl_whitelisted}{no}{yes}}
- deny
- message = Banned spam subject: (pills/pharmacy/ICO/cryptocoin/fuckbuddy/athlete spam)
- condition = ${if match {$h_subject:}{^(?i).*(medicine|pharmacy|citrate|way.better.coin|pandora.outlet|pfizer|fuckbuddy|instafuck|instacheat|f.cking|hookup|viagra|levitra|cialis|kamagra|med:|penisole|drug|impotence|windows 11|pills|vpxl|\\[phishing\\])}{yes}{no}}
- accept
- acl_check_mime:
- deny
- message = Banned content (.ru/.su spam found)
- mime_regex = (?i)https?:://[a-z0-9]+\\.su : (?i)https?:://rambler\\.ru
- accept
- begin routers
- pmx_smarthost:
- debug_print = "R: pmx_smarthost for $local_part@$domain"
- cannot_route_message = Unknown user
- condition = ${if !eq{$received_port}{10026}}
- driver = manualroute
- route_list = * 127.0.0.1
- transport = remote_pmx_smtp
- self = send
- no_verify
- no_more
- dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- # ignore private rfc1918 and APIPA addresses
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
- 255.255.255.255
- no_more
- sms_transmit:
- driver = accept
- domains = +local_domains
- local_parts = ^\\d\\d+\$
- transport = sms_transport
- no_more
- system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- local_user:
- debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = mail_spool
- cannot_route_message = Unknown user
- begin transports
- remote_pmx_smtp:
- debug_print = "T: remote_pmx_smtp for $local_part@$domain"
- driver = smtp
- port = 10025
- allow_localhost
- sms_transport:
- debug_print = "T: Sending SMS to $local_part"
- driver = pipe
- command = /usr/sbin/smsbot $local_part
- return_output = true
- user = asterisk
- mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/asterisk
- delivery_date_add
- envelope_to_add
- return_path_add
- user = asterisk
- group = mail
- mode = 0660
- mode_fail_narrower = false
- current_directory = /
- remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
- helo_data = ${lookup{$sending_ip_address}lsearch{/etc/exim4/helo}{$value}}
- dkim_sign_headers = from:date:to:cc
- dkim_domain = sebbe.eu
- dkim_selector = root
- dkim_private_key = /etc/exim4/dkim.key
- dkim_canon = relaxed
- sentfolder:
- debug_print = "T: Sentfolder for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
- user = asterisk
- group = mail
- mode = 0660
- mode_fail_narrower = false
- current_directory = /
- begin retry
- * * F,2h,30m; G,18h,1h,1.5; F,6d,18h
- begin rewrite
- begin authenticators
- plain_server:
- driver = plaintext
- public_name = PLAIN
- server_condition = ${if and {{eq{$auth2}{sebastian@sebbe.eu}}{eq{$auth3}{<<<<MITT EPOSTLÖSENORD BORTRADERAT HÄR>>>>}}}}
- server_set_id = server
- server_prompts = :
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement