[U]Below is my current exim config:[/U]
#!!# cPanel Exim 4 Config
envelope_to_remove = true
hosts_treat_as_local = lsearch;/etc/trustedmailho
message_id_header_domain = Mail.${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$smtp_active_hostname}}
smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$smtp_active_hostname}}
smtp_banner = $smtp_active_hostname \n ${tod_full} ESMTP Novell Groupwise Use of this Secured Network for Sending unsolicited and/or bulk e-mail is Prohibited on this system violators will be prosecuted 15 U.S.C. 7701.
hostlist loopback = <; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8
hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts
hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts
hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks
hostlist backupmx_hosts = lsearch;/etc/backupmxhosts
hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts
hostlist relay_hosts = net-iplsearch;/etc/relayhosts
domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}
smtp_accept_queue_per_connection = 30
remote_max_parallel = 10
smtp_receive_timeout = 165s
ignore_bounce_errors_after = 1d
rfc1413_query_timeout = 0s
timeout_frozen_after = 5d
auto_thaw = 7d
callout_domain_negative_expire = 1h
callout_negative_expire = 1h
acl_not_smtp = acl_not_smtp
acl_smtp_connect = acl_smtp_connect
acl_smtp_data = acl_smtp_data
acl_smtp_mail = acl_smtp_mail
acl_smtp_quit = acl_smtp_quit
acl_smtp_notquit = acl_smtp_notquit
acl_smtp_rcpt = acl_smtp_rcpt
message_body_newlines = true
perl_at_start = true
deliver_queue_load_max = 3
queue_only_load = 6
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
system_filter_user = cpaneleximfilter
system_filter_group = cpaneleximfilter
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
av_scanner = clamd:/var/clamd
spamd_address = 127.0.0.1 783
# +incoming_port, +smtp_connection are needed for cPanel email tracking.
# -retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled.
log_selector = +incoming_port +smtp_connection -retry_defer +subject +arguments +received_recipients
system_filter = /etc/cpanel_exim_system_filter
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.
#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.
domainlist local_domains = lsearch;/etc/localdomains
domainlist relay_domains = lsearch;/etc/localdomains : \
lsearch;/etc/secondarymx
hostlist auth_relay_hosts = *
######################################################################
# Runtime configuration file for Exim #
######################################################################
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
perl_startup = do '/etc/exim.pl'
#dns_retry = 1
#dns_retrans = 1s
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.
#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false
split_spool_directory = yes
smtp_connect_backlog = 50
smtp_accept_max = 100
# primary_hostname =
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "[email protected]" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
# qualify_domain =
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
#!!# message_filter renamed system_filter
message_body_visible = 5000
# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "[email protected][111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.
# local_domains_include_host_literals
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
#host_lookup = 0.0.0.0/0
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See [url]http://maps.vix.com/rbl/[/url] for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.
# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%[email protected] (where z is one of your local domains) is locally rerouted to
# [email protected] and sent on. Otherwise x%y is treated as an ordinary local part.
# percent_hack_domains = *
#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers
tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *
helo_accept_junk_hosts = *
smtp_enforce_sync = false
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 10.20
# Template: universal.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
acl_not_smtp:
#BEGIN ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK
# BEGIN INSERT end_default_outgoing_notsmtp_checkall
accept
# END INSERT end_default_outgoing_notsmtp_checkall
#END ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK
#BEGIN ACL_NOT_SMTP_BLOCK
#END ACL_NOT_SMTP_BLOCK
acl_not_smtp_mime:
#BEGIN ACL_NOT_SMTP_MIME_BLOCK
#END ACL_NOT_SMTP_MIME_BLOCK
acl_not_smtp_start:
#BEGIN ACL_NOT_SMTP_START_BLOCK
#END ACL_NOT_SMTP_START_BLOCK
acl_smtp_auth:
#BEGIN ACL_SMTP_AUTH_BLOCK
#END ACL_SMTP_AUTH_BLOCK
acl_smtp_connect:
#BEGIN ACL_CONNECT_BLOCK
# BEGIN INSERT ratelimit
accept
hosts = +trustedmailhosts
accept
condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
# ignore pop before smtp
accept
hosts = +relay_hosts : +loopback
accept
hosts = +relay_hosts : +backupmx_hosts
#only rate limit port 25
accept
condition = ${if eq {$interface_port}{25}{no}{yes}}
defer
message = The server has reached its limit for processing requests from your host. Please try again later.
log_message = "Host is ratelimited ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
ratelimit = 1.2 / 1h / strict / per_conn / noupdate
# END INSERT ratelimit
# BEGIN INSERT slow_fail_block
warn
# host had a success in the last hour
ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_accept_$sender_host_address
set acl_m4 = 1
defer
condition = ${if eq {${acl_m4}}{1}{0}{1}}
log_message = "Host is ratelimited due to multiple failure only connections ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
ratelimit = 5 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address
# END INSERT slow_fail_block
# BEGIN INSERT spammerlist
drop
message = Your host is not allowed to connect to this server.
log_message = Host is banned
hosts = +spammeripblocks
# END INSERT spammerlist
#END ACL_CONNECT_BLOCK
#BEGIN ACL_CONNECT_POST_BLOCK
# BEGIN INSERT default_connect_post
# do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
accept
# END INSERT default_connect_post
#END ACL_CONNECT_POST_BLOCK
acl_smtp_data:
# exiscan only
#BEGIN ACL_EXISCANALL_BLOCK
# BEGIN INSERT default_exiscan
deny message = This message contains a virus or other harmful content ($malware_name)
malware = */defer_ok
demime = *
warn log_message = Message has been scanned: no virus or other harmful content was found
# END INSERT default_exiscan
#END ACL_EXISCANALL_BLOCK
# exiscan only
#BEGIN ACL_OUTGOING_SMTP_CHECKALL_BLOCK
#END ACL_OUTGOING_SMTP_CHECKALL_BLOCK
#BEGIN ACL_CHECK_MESSAGE_PRE_BLOCK
# BEGIN INSERT default_check_message_pre
#
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
#
accept hosts = +loopback : +relay_hosts
accept hosts = *
authenticated = *
accept hosts = +trustedmailhosts
accept
condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
# END INSERT default_check_message_pre
#END ACL_CHECK_MESSAGE_PRE_BLOCK
#BEGIN ACL_PRE_SPAM_SCAN
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
accept
condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
# END INSERT mailproviders
#END ACL_PRE_SPAM_SCAN
#BEGIN ACL_SPAM_SCAN_BLOCK
# BEGIN INSERT default_spam_scan
warn
condition = ${if eq {${acl_m0}}{1}{1}{0}}
spam = ${acl_m1}/defer_ok
log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
add_header = X-Spam-Subject: ***SPAM*** $h_subject
add_header = X-Spam-Status: Yes, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Flag: YES
set acl_m2 = 1
warn
condition = ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}
warn
condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
add_header = X-Spam-Status: No, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Ham-Report: $spam_report
add_header = X-Spam-Flag: NO
log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
# END INSERT default_spam_scan
#END ACL_SPAM_SCAN_BLOCK
# exiscan only
# exiscan only
#BEGIN ACL_RATELIMIT_SPAM_BLOCK
# BEGIN INSERT ratelimit_spam_score_over_int
warn
condition = ${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{155}{1}{0}}}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because mail server detected a message with a spam score integer greater or equal to 155"
# END INSERT ratelimit_spam_score_over_int
#END ACL_RATELIMIT_SPAM_BLOCK
#BEGIN ACL_SPAM_BLOCK
#END ACL_SPAM_BLOCK
#BEGIN ACL_CHECK_MESSAGE_POST_BLOCK
# BEGIN INSERT default_check_message_post
accept
# END INSERT default_check_message_post
#END ACL_CHECK_MESSAGE_POST_BLOCK
acl_smtp_etrn:
#BEGIN ACL_SMTP_ETRN_BLOCK
#END ACL_SMTP_ETRN_BLOCK
acl_smtp_helo:
#BEGIN ACL_SMTP_HELO_BLOCK
#END ACL_SMTP_HELO_BLOCK
acl_smtp_mail:
#BEGIN ACL_MAIL_PRE_BLOCK
# BEGIN INSERT default_mail_pre
warn
condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{1}}}{0}}
set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}
# ignore authenticated hosts
accept
authenticated = *
# ignore pop before smtp
accept
hosts = +loopback : +relay_hosts
# END INSERT default_mail_pre
#END ACL_MAIL_PRE_BLOCK
#BEGIN ACL_MAIL_BLOCK
# BEGIN INSERT requirehelo
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
# END INSERT requirehelo
# BEGIN INSERT requirehelonoforge
drop
condition = ${if match{$sender_helo_name}{^$primary_hostname\$}}
message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
drop
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = "REJECTED - Interface: $interface_address is _my_ address"
# END INSERT requirehelonoforge
# BEGIN INSERT requirehelosyntax
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
# Required because "[IPv6:<address>]" will have no .s
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.$\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
# END INSERT requirehelosyntax
#END ACL_MAIL_BLOCK
#BEGIN ACL_MAIL_POST_BLOCK
# BEGIN INSERT default_mail_post
accept
# END INSERT default_mail_post
#END ACL_MAIL_POST_BLOCK
acl_smtp_mailauth:
#BEGIN ACL_SMTP_MAILAUTH_BLOCK
#END ACL_SMTP_MAILAUTH_BLOCK
acl_smtp_mime:
#BEGIN ACL_SMTP_MIME_BLOCK
#END ACL_SMTP_MIME_BLOCK
acl_smtp_notquit:
#BEGIN ACL_NOTQUIT_BLOCK
# BEGIN INSERT ratelimit
# ignore authenticated hosts
accept authenticated = *
# ignore pop before smtp
accept hosts = +relay_hosts : +loopback
#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}
warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
ratelimit = 1.2 / 1h / strict / per_conn
# END INSERT ratelimit
#END ACL_NOTQUIT_BLOCK
acl_smtp_predata:
#BEGIN ACL_SMTP_PREDATA_BLOCK
#END ACL_SMTP_PREDATA_BLOCK
acl_smtp_quit:
#BEGIN ACL_SMTP_QUIT_BLOCK
# BEGIN INSERT slow_fail_block
warn
log_message = "Detected session with all messages failed"
condition = ${if >= {${eval:$rcpt_count}}{1}{${if == {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
set acl_m6 = 1
warn
condition = ${if eq {${acl_m6}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn / slow_fail_block_$sender_host_address
log_message = "Increment slow_fail_block Ratelimit - $sender_fullhost because of all messages failed"
warn
ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address
condition = ${if >= {${eval:$rcpt_count}}{1}{${if < {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
set acl_m5 = 1
log_message = "Detected session with ok message that previous had all failed"
warn
condition = ${if eq {${acl_m5}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn / slow_fail_accept_$sender_host_address
log_message = "Decrement slow_fail_lock Ratelimit - $sender_fullhost because one message was successful"
# END INSERT slow_fail_block
#END ACL_SMTP_QUIT_BLOCK
acl_smtp_rcpt:
#BEGIN ACL_RATELIMIT_BLOCK
#END ACL_RATELIMIT_BLOCK
#BEGIN ACL_PRE_RECIPIENT_BLOCK
#END ACL_PRE_RECIPIENT_BLOCK
#BEGIN ACL_RECIPIENT_BLOCK
# BEGIN INSERT default_recipient
accept hosts = :
accept hosts = +skipsmtpcheck_hosts
# END INSERT default_recipient
#END ACL_RECIPIENT_BLOCK
#mailman only
#mailman only
#BEGIN ACL_IDENTIFY_SENDER_BLOCK
# BEGIN INSERT default_identify_sender
# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
deny hosts = ! +senderverifybypass_hosts
! verify = sender
accept hosts = *
authenticated = *
# if they used "pop before smtp" and its not bound for a localdomain we remember the relayhosts_domain
warn hosts = +relay_hosts
domains = ! +local_domains
set acl_c_relayhosts_text_entry = ${perl{get_relayhosts_text_entry}{1}}
add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
# if they used "pop before smtp" then we just accept
accept hosts = +relay_hosts
# we need to check alwaysrelay since we don't require antirelayd to be enabled
warn
condition = ${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}
set acl_c_relayhosts_domain = ${perl{get_relayhosts_domain}{1}}
set acl_c_alwaysrelay = 1
accept
condition = $acl_c_alwaysrelay
#recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
# a clogged outbox in outlook
# drop connections to localhost that are from demo accounts (required for manual connnections)
drop
condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \
{def:acl_c_authenticated_local_user}} \
{${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{yes}{no}}}{no}}
message = Demo accounts may not send mail
# drop connections to localhost that fail auth (required for Horde)
drop
condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \
{def:authentication_failed}} \
{$authentication_failed}{no}}
message = Authentication failed
# we learned this in the acl_smtp_mail block
accept
condition = ${if def:acl_c_authenticated_local_user {yes}{no}}
# END INSERT default_identify_sender
# BEGIN INSERT default_message_submission
# Reject unauthenticated relay on port 587
drop
condition = ${if eq{$interface_port}{587}{1}{0}}
message = SMTP AUTH is required for message submission on port 587
# END INSERT default_message_submission
#END ACL_IDENTIFY_SENDER_BLOCK
#BEGIN ACL_RECP_VERIFY_BLOCK
# BEGIN INSERT default_recp_verify
#recipient verifications are required for all messages that are not sent to the local machine #this was done at multiple users requests
require verify = recipient
# END INSERT default_recp_verify
#END ACL_RECP_VERIFY_BLOCK
#BEGIN ACL_POST_RECP_VERIFY_BLOCK
# BEGIN INSERT dictionary_attack
warn
log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
set acl_m7 = 1
warn
condition = ${if eq {${acl_m7}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"
drop
condition = ${if eq {${acl_m7}}{1}{1}{0}}
message = "Number of failed recipients exceeded. Come back in a few hours."
# END INSERT dictionary_attack
#END ACL_POST_RECP_VERIFY_BLOCK
#BEGIN ACL_TRUSTEDLIST_BLOCK
# BEGIN INSERT trustedmailhosts
accept
hosts = +trustedmailhosts
accept
condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
# END INSERT trustedmailhosts
#END ACL_TRUSTEDLIST_BLOCK
#BEGIN ACL_RBL_BLOCK
# BEGIN INSERT Barracuda_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = b.barracudacentral.org
hosts = +backupmx_hosts
warn
dnslists = b.barracudacentral.org
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT Barracuda_rbl
# BEGIN INSERT CBL_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = cbl.abuseat.org
hosts = +backupmx_hosts
warn
dnslists = cbl.abuseat.org
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT CBL_rbl
# BEGIN INSERT Level1uceprotect_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = dnsbl-1.uceprotect.net
hosts = +backupmx_hosts
warn
dnslists = dnsbl-1.uceprotect.net
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT Level1uceprotect_rbl
# BEGIN INSERT SpamandOpenRelay_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = dnsbl.sorbs.net
hosts = +backupmx_hosts
warn
dnslists = dnsbl.sorbs.net
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT SpamandOpenRelay_rbl
# BEGIN INSERT UnsubscribeList_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = ubl.unsubscore.com
hosts = +backupmx_hosts
warn
dnslists = ubl.unsubscore.com
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT UnsubscribeList_rbl
# BEGIN INSERT noptrspamrats_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = noptr.spamrats.com
hosts = +backupmx_hosts
warn
dnslists = noptr.spamrats.com
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT noptrspamrats_rbl
# BEGIN INSERT spamcop_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = bl.spamcop.net
hosts = +backupmx_hosts
warn
dnslists = bl.spamcop.net
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT spamcop_rbl
# BEGIN INSERT spamhaus_rbl
deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
dnslists = zen.spamhaus.org
hosts = +backupmx_hosts
warn
dnslists = zen.spamhaus.org
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}
# END INSERT spamhaus_rbl
#END ACL_RBL_BLOCK
#BEGIN ACL_MAILAUTH_BLOCK
#END ACL_MAILAUTH_BLOCK
#BEGIN ACL_RCPT_HARD_LIMIT_BLOCK
#END ACL_RCPT_HARD_LIMIT_BLOCK
#BEGIN ACL_RCPT_SOFT_LIMIT_BLOCK
#END ACL_RCPT_SOFT_LIMIT_BLOCK
#BEGIN ACL_SPAM_SCAN_CHECK_BLOCK
# BEGIN INSERT default_spam_scan_check
# The only problem with this setup is that if the message is for multiple users on the same server
# and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
# This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.
warn domains = ! ${primary_hostname} : +local_domains
condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 = ${lookup{$domain}lsearch*{/etc/userdomains}{$value}}
warn domains = ${primary_hostname}
condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 = $local_part
# END INSERT default_spam_scan_check
#END ACL_SPAM_SCAN_CHECK_BLOCK
#BEGIN ACL_POST_SPAM_SCAN_CHECK_BLOCK
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
warn
condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
set acl_m0 = 0
# END INSERT mailproviders
#END ACL_POST_SPAM_SCAN_CHECK_BLOCK
#BEGIN ACL_RECIPIENT_POST_BLOCK
# BEGIN INSERT default_recipient_post
accept domains = +relay_domains
deny message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}}
# END INSERT default_recipient_post
#END ACL_RECIPIENT_POST_BLOCK
acl_smtp_starttls:
#BEGIN ACL_SMTP_STARTTLS_BLOCK
#END ACL_SMTP_STARTTLS_BLOCK
acl_smtp_vrfy:
#BEGIN ACL_SMTP_SMTP_VRFY_BLOCK
#END ACL_SMTP_SMTP_VRFY_BLOCK
acl_smtp_dkim:
#BEGIN ACL_SMTP_DKIM_BLOCK
#END ACL_SMTP_DKIM_BLOCK
begin authenticators
courier_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if and{{!match {$auth2}{\N[/]\N}}{eq{${if match {$auth2}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth2}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth2}lsearch{/etc/demousers}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH ${strlen:exim\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}\nexim\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}}}}}{}}}{true}{false}}
server_set_id = $auth2
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}
courier_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if and{{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH ${strlen:exim\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth1\n$auth2\n}\nexim\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth1\n$auth2\n}}}}}{}}}{true}{false}}
server_set_id = $auth1
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
#!!#######################################################!!#
#!!# Here follow routers created from the old routers, #!!#
#!!# for handling non-local domains. #!!#
#!!#######################################################!!#
begin routers
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# Place holder
democheck:
driver = redirect
require_files = "+/etc/demouids"
condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
allow_fail
data = :fail: demo accounts are not permitted to relay email
archive_incoming_email_domain_method:
driver = accept
domains = +user_domains
router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch {/etc/userdomains}{$value}}}{$value}}}}
require_files = "$home/etc/$domain/archive/incoming"
condition = ${perl{should_archive_incoming_domain_message}}
headers_add = "${perl{archive_headers}{incoming_domain}}"
unseen
no_verify
transport = archiver_incoming_domain_method
archive_incoming_email_local_user_method:
driver = accept
domains = $primary_hostname
check_local_user
condition = ${perl{should_archive_incoming_localuser_message}}
unseen
no_verify
headers_add = "${perl{archive_headers}{incoming_localuser}}"
transport = archiver_incoming_local_user_method
archive_outgoing_email:
driver = accept
condition = ${perl{should_archive_outgoing_message}}
unseen
no_verify
headers_add = "${perl{archive_headers}{outgoing}}"
transport = archiver_outgoing
#
# Handles identification of messages, nobody and webspam and mail trap checks
# in check_mail_permissions and notifies if we are defering a message
#
check_mail_permissions:
domains = ! +local_domains
condition = "${perl{check_mail_permissions}}"
driver = redirect
ignore_target_hosts = +loopback : 64.94.110.0/24
allow_filter
reply_transport = address_reply
user = mailnull
expn = false
data = "${perl{check_mail_permissions_results}}"
#
# If check_mail_permissions needs to defer or fail a message it is done here
#
enforce_mail_permissions:
domains = ! +local_domains
condition = "${perl{enforce_mail_permissions}}"
driver = redirect
ignore_target_hosts = +loopback : 64.94.110.0/24
allow_fail
allow_defer
expn = false
data = "${perl{enforce_mail_permissions_results}}"
#
# Increments max emails per hour if needed
#
increment_max_emails_per_hour_if_needed:
domains = ! +local_domains
condition = "${perl{increment_max_emails_per_hour_if_needed}}"
driver = redirect
ignore_target_hosts = +loopback : 64.94.110.0/24
allow_fail
no_verify
one_time
expn = false
data = ":unknown:"
dkim_lookuphost:
driver = dnslookup
domains = ! +local_domains
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback : 64.94.110.0/24
require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
headers_add = "${perl{mailtrapheaders}}"
transport = dkim_remote_smtp
#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Boxtrapper: so we can determine
# what is a boxtrapper generated message in the log. Note: there is nothing to
# prevent X-Boxtrapper from being added to non-boxtrapper messages so this is for
# logging reasons only
#
lookuphost:
driver = dnslookup
domains = ! +local_domains
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback : 64.94.110.0/24
headers_add = "${perl{mailtrapheaders}}"
transport = remote_smtp
# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.
#
# Literal Transports .. ignores verisigns sitefinder service
#
literal:
driver = ipliteral
domains = ! +local_domains
headers_add = "${perl{mailtrapheaders}}"
ignore_target_hosts = +loopback : 64.94.110.0/24
transport = remote_smtp
#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.
#
# Trap Failures to Remote Domain
#
fail_remote_domains:
driver = redirect
domains = ! +local_domains : ! localhost : ! localhost.localdomain
allow_fail
data = ":fail: The mail server could not deliver mail to [email protected]$domain. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."
#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains. #!!#
#!!#######################################################!!#
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).
# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.
#spam_filter:
# driver = forwardfile
# file = /etc/spam.filter
# no_check_local_user
# no_verify
# filter
# allow_system_actions
#
# Optimized spamassassin router (not used if acl spam management is enabled)
#
virtual_user_maildir_overquota:
driver = redirect
domains = +user_domains
router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
require_files = $home/etc/$domain
condition = "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
data = :fail:Mailbox quota exceeded
allow_fail
#
# Optimized spamassasin router (not used if acl spam management is enabled)
#
#
# Account level filtering for everything but the main account
#
central_filter:
driver = redirect
allow_filter
no_check_local_user
file = /etc/vfilters/${domain}
file_transport = address_file
directory_transport = address_directory
domains = +user_domains
pipe_transport = virtual_address_pipe
reply_transport = address_reply
router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
allow_fail
no_verify
#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
#
mainacct_central_user_filter:
driver = redirect
allow_filter
allow_fail
check_local_user
domains = ! +user_domains
condition = ${if eq {${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists {/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{1}{0}}}}
file = "/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
retry_use_local_part
no_verify
#
# User Level Filtering for the main account
#
central_user_filter:
driver = redirect
allow_filter
allow_fail
check_local_user
domains = ! +user_domains
file = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
require_files = "+${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
router_home_directory = ${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}
directory_transport = address_directory
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
retry_use_local_part
no_verify
#
# User Level Filtering for virtual users
#
virtual_user_filter:
driver = redirect
allow_filter
allow_fail
no_check_local_user
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
file = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
directory_transport = address_directory
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
retry_use_local_part
no_verify
virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
data = ${lookup{[email protected]$domain}lsearch{/etc/valiases/$domain}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#
# Virtual User Spam Boxes
#
virtual_user_spam:
driver = accept
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}}}
headers_remove="x-spam-exim"
transport = virtual_userdelivery_spam
virtual_user:
driver = accept
headers_remove="x-spam-exim"
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}
transport = virtual_userdelivery
has_alias_but_no_mailbox_discarded_to_prevent_loop:
driver = redirect
require_files = "+/etc/valiases/$domain"
domains = +user_domains
condition = "${perl{checkvalias}{$domain}{$local_part}}"
data="#Exim Filter\nseen finish"
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
allow_filter
disable_logging = true
valias_domain_file:
driver = redirect
allow_defer
allow_fail
require_files = +/etc/vdomainaliases/$domain
condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no} }
data = [email protected]${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
virtual_aliases:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
data = ${lookup{*}lsearch{/etc/valiases/$domain}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim
local_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/localaliases}}
file_transport = address_file
pipe_transport = address_pipe
check_local_user
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
domains = ! +user_domains
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify
#
# Optimzied spambox router
#
localuser_spam:
driver = accept
headers_remove="x-spam-exim"
domains = ! +user_domains
require_files = "+$home/.spamassassinboxenable"
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
check_local_user
transport = local_delivery_spam
localuser:
driver = accept
headers_remove="x-spam-exim"
check_local_user
domains = ! +user_domains
transport = local_delivery
# This director matches local user mailboxes.
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a director or a router that
# successfully handles an address.
# This transport is used for delivering messages over SMTP connections.
begin transports
# Place holder
remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
dkim_remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
dkim_canon = relaxed
# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
return_path_add
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
user = $local_part
shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part}{1}{0}}
shadow_transport = rim_bis_notifier_local_user
rim_bis_notifier_local_user:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}"
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
user = $local_part
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
local_delivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
mode = 0660
return_path_add
user = $local_part
# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.
address_directory:
driver = appendfile
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
maildir_format
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
mode = 0660
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
return_output
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
virtual_userdelivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/[email protected]$domain}{1}{0}}
shadow_transport = rim_bis_notifier_virtual_user
rim_bis_notifier_virtual_user:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}@${domain}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
address_reply:
driver = autoreply
archiver_incoming_local_user_method:
driver = appendfile
delivery_date_add
envelope_to_add
user = $local_part
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
directory = "${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/mail/archive/${perl{get_incoming_domain}}/.incoming.${perl{YYYYMMDDGMT}}"
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
maildir_use_size_file
quota_size_regex = ,S=(\d+)
mode = 0660
return_path_add
archiver_incoming_domain_method:
driver = appendfile
delivery_date_add
envelope_to_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
directory = "$home/mail/archive/$domain/.incoming.${perl{YYYYMMDDGMT}}"
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
maildir_use_size_file
quota_size_regex = ,S=(\d+)
mode = 0660
return_path_add
archiver_outgoing:
driver = appendfile
delivery_date_add
envelope_to_add
user = ${perl{get_outgoing_sender_sysuser}}
group = ${extract{3}{:}{${lookup passwd{${perl{get_outgoing_sender_sysuser}}}{$value}}}}
directory = "${extract{5}{::}{${lookup passwd{${perl{get_outgoing_sender_sysuser}}}{$value}}}}/mail/archive/${perl{get_outgoing_sender_domain}}/.${perl{get_outgoing_archive_directory}}.${perl{YYYYMMDDGMT}}"
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
maildir_use_size_file
quota_size_regex = ,S=(\d+)
mode = 0660
return_path_add
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
begin retry
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration
