Nov 1, 2016
5
0
1
Bangladesh
cPanel Access Level
Root Administrator
Hi,
Recently i installed cPanel with centos 7. when i send email using roundcube showing Your message sent but recipient didnt get the mail.
But i can recive mail from recipient. Do i need open port on firewall? i have installed csf.

How can i fix outgoing mail server. exim is installed by default.

Screenshot_2016-11-02-08-13-44-980_com.android.chrome.png
 
Last edited by a moderator:

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
You are the root Administrator of your server, Login your server with SSH and check exim logs file.

Check mail logs with this command.

Code:
cat /var/log/exim_mainlog | grep Mail-message-ID
 
  • Like
Reactions: Mostafuzur Rahman
Nov 1, 2016
5
0
1
Bangladesh
cPanel Access Level
Root Administrator
You are the root Administrator of your server, Login your server with SSH and check exim logs file.

Check mail logs with this command.

Code:
cat /var/log/exim_mainlog | grep Mail-message-ID
2016-11-01 04:34:22 non-existent configuration file(s): /etc/exim.conf
Code:
2016-11-01 04:34:23 cwd=/ 4 args: /usr/sbin/exim -bV -C /etc/exim.conf.buildtest.work.dUPt8rf0ny1tWhN5
2016-11-01 04:34:24 cwd=/ 6 args: /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:34:24 exim 4.87 daemon started: pid=39418, -q1h, listening for SMTP on port 587 (IPv6 and IPv4) port 25 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:34:24 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:34:24 Start queue run: pid=39419
2016-11-01 04:34:24 End queue run: pid=39419
2016-11-01 04:34:25 cwd=/ 6 args: /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:34:25 exim 4.87 daemon started: pid=39448, -q1h, listening for SMTP on port 587 (IPv6 and IPv4) port 25 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:34:25 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:34:25 Start queue run: pid=39449
2016-11-01 04:34:25 End queue run: pid=39449
2016-11-01 04:37:10 cwd=/home/cPanelInstall/selfgz10244 4 args: /usr/sbin/exim -bV -C /etc/exim.conf.buildtest.work.bnLInTPOFNd5GJgn
2016-11-01 04:37:10 cwd=/ 6 args: /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:37:10 exim 4.87 daemon started: pid=41547, -q1h, listening for SMTP on port 587 (IPv6 and IPv4) port 25 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:37:10 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:37:10 Start queue run: pid=41548
2016-11-01 04:37:10 End queue run: pid=41548
2016-11-01 04:40:49 cwd=/ 5 args: /usr/sbin/exim -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:40:49 exim 4.87 daemon started: pid=42487, -q1h, listening for SMTP on port 587 (IPv6 and IPv4) port 25 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:40:49 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:40:49 Start queue run: pid=42488
2016-11-01 04:40:49 End queue run: pid=42488
2016-11-01 04:44:22 cwd=/ 4 args: /usr/sbin/exim -bV -C /etc/exim.conf.buildtest.work.NSRF_Yhl7KmIi24n
2016-11-01 04:44:23 cwd=/ 5 args: /usr/sbin/exim -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:44:23 exim 4.87 daemon started: pid=44295, -q1h, listening for SMTP on port 587 (IPv6 and IPv4) port 25 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:44:23 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:44:23 Start queue run: pid=44296
2016-11-01 04:44:23 End queue run: pid=44296
2016-11-01 04:44:52 cwd=/ 4 args: /usr/sbin/exim -bV -C /etc/exim.conf.buildtest.work.jL3qFCIqWam7Fwvd
2016-11-01 04:44:52 cwd=/ 6 args: /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:44:52 exim 4.87 daemon started: pid=45531, -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:44:52 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:44:52 Start queue run: pid=45532
2016-11-01 04:44:52 End queue run: pid=45532
2016-11-01 04:44:53 cwd=/ 6 args: /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
2016-11-01 04:44:53 exim 4.87 daemon started: pid=45560, -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 4$
2016-11-01 04:44:53 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2016-11-01 04:44:53 Start queue run: pid=45561
 
Last edited by a moderator:
Nov 1, 2016
5
0
1
Bangladesh
cPanel Access Level
Root Administrator
My exim.conf file

Code:
#!!# cPanel Exim 4 Config



hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8

hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts

hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts

hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks

hostlist backupmx_hosts = lsearch;/etc/backupmxhosts

hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts

hostlist recent_authed_mail_ips = net-iplsearch;/etc/recent_authed_mail_ips

hostlist neighbor_netblocks = net-iplsearch;/etc/neighbor_netblocks

hostlist greylist_trusted_netblocks = net-iplsearch;/etc/greylist_trusted_netblocks

hostlist greylist_common_mail_providers = net-iplsearch;/etc/greylist_common_mail_providers

hostlist cpanel_mail_netblocks = net-iplsearch;/etc/cpanel_mail_netblocks

hostlist recent_recipient_mail_server_ips = net-iplsearch;/etc/recent_recipient_mail_server_ips

domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}

domainlist local_domains = lsearch;/etc/localdomains

domainlist secondarymx_domains = lsearch;/etc/secondarymx

domainlist relay_domains = +local_domains : +secondarymx_domains

smtp_accept_queue_per_connection = 30

remote_max_parallel = 10

smtp_receive_timeout = 165s

ignore_bounce_errors_after = 1d

rfc1413_query_timeout = 0s

timeout_frozen_after = 5d

auto_thaw = 7d

callout_domain_negative_expire = 1h

callout_negative_expire = 1h

acl_not_smtp = acl_not_smtp

acl_smtp_connect = acl_smtp_connect

acl_smtp_data = acl_smtp_data

acl_smtp_helo = acl_smtp_helo

acl_smtp_mail = acl_smtp_mail

acl_smtp_quit = acl_smtp_quit   

acl_smtp_notquit = acl_smtp_notquit

acl_smtp_rcpt = acl_smtp_rcpt

message_body_newlines = true

check_rfc2047_length = false

keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR

add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin

deliver_queue_load_max = 6

queue_only_load = 12

daemon_smtp_ports = 465 : 587 : 25

tls_on_connect_ports = 465

system_filter_user = cpaneleximfilter

system_filter_group = cpaneleximfilter

tls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

av_scanner = clamd:/var/clamd

spamd_address = 127.0.0.1 783 retry=30s tmo=3m

tls_certificate = ${if exists {/etc/mail_sni_map} {${extract{crtfile}{${lookup {$tls_sni} lsearch {/etc/mail_sni_map} {$value}}}{$value}{/etc/exim.crt}}} {/etc/exim.crt}}

tls_privatekey = ${if exists {/etc/mail_sni_map} {${extract{keyfile}{${lookup {$tls_sni} lsearch {/etc/mail_sni_map} {$value}}}{$value}{/etc/exim.key}}} {/etc/exim.key}}

tls_verify_certificates = ${if exists {/etc/mail_sni_map} {${extract{cabundle}{${lookup {$tls_sni} lsearch {/etc/mail_sni_map} {$value}}}{$value}{}}} {}}

# +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking.
# -retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled.
log_selector = +incoming_port +smtp_connection +all_parents -retry_defer +subject +arguments +received_recipients


system_filter = /etc/cpanel_exim_system_filter




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.


#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.



######################################################################
#                  Runtime configuration file for Exim               #
######################################################################


# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################

perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
  We do not authorize the use of this system to transport unsolicited, \n\
  and/or bulk e-mail."


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false



split_spool_directory = yes

smtp_connect_backlog = 50
smtp_accept_max = 100

# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "[email protected]" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000


# Specify a set of options to control the behavior of OpenSSL. The default is to
# disable SSLv2 and SSLv3 due to weaknesses in these protocols.
openssl_options = +no_sslv2 +no_sslv3


# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "[email protected][111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%[email protected] (where z is one of your local domains) is locally rerouted to
# [email protected] and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers





tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl



########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 10.72
# Template: universal.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################

acl_not_smtp:

#BEGIN ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK
# BEGIN INSERT resolve_vhost_owner
warn
        condition   = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
        set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}

# END INSERT resolve_vhost_owner
# BEGIN INSERT end_default_outgoing_notsmtp_checkall
    accept

# END INSERT end_default_outgoing_notsmtp_checkall

#END ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK

#BEGIN ACL_NOT_SMTP_BLOCK

#END ACL_NOT_SMTP_BLOCK

acl_not_smtp_mime:

#BEGIN ACL_NOT_SMTP_MIME_BLOCK

#END ACL_NOT_SMTP_MIME_BLOCK

acl_not_smtp_start:

#BEGIN ACL_NOT_SMTP_START_BLOCK

#END ACL_NOT_SMTP_START_BLOCK

acl_smtp_auth:

#BEGIN ACL_SMTP_AUTH_BLOCK

#END ACL_SMTP_AUTH_BLOCK

acl_smtp_connect:

#BEGIN ACL_CONNECT_BLOCK
# BEGIN INSERT delay_unknown_hosts


warn
    !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 20s


# END INSERT delay_unknown_hosts
# BEGIN INSERT ratelimit

    accept
        hosts = +trustedmailhosts

    accept
        condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}

    accept
        hosts = : +recent_authed_mail_ips : +loopback : +backupmx_hosts

    defer
        #only rate limit port 25
        condition = ${if eq {$received_port}{25}{yes}{no}}
        message = The server has reached its limit for processing requests from your host.  Please try again later.
        log_message = "Host is ratelimited ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
        ratelimit = 1.2 / 1h / strict / per_conn / noupdate


# END INSERT ratelimit
# BEGIN INSERT slow_fail_block
   warn
        #only rate limit port 25
        condition = ${if eq {$received_port}{25}{yes}{no}}
        # host had a success in the last hour
        ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_accept_$sender_host_address
        set acl_m4 = 1

   defer
        #only rate limit port 25
        condition = ${if eq {$received_port}{25}{yes}{no}}
        condition = ${if eq {${acl_m4}}{1}{0}{1}}
        log_message = "Host is ratelimited due to multiple failure only connections ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
        ratelimit = 5 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address


# END INSERT slow_fail_block
# BEGIN INSERT spammerlist


drop
    message = Your host is not allowed to connect to this server.
    log_message = Host is banned
    hosts = +spammeripblocks


# END INSERT spammerlist

#END ACL_CONNECT_BLOCK

#BEGIN ACL_CONNECT_POST_BLOCK
# BEGIN INSERT default_connect_post

# do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
    accept


# END INSERT default_connect_post

#END ACL_CONNECT_POST_BLOCK

acl_smtp_data:

# exiscan only

# exiscan only

#BEGIN ACL_OUTGOING_SMTP_CHECKALL_BLOCK

#END ACL_OUTGOING_SMTP_CHECKALL_BLOCK

#BEGIN ACL_CHECK_MESSAGE_PRE_BLOCK
# BEGIN INSERT default_check_message_pre
#
#  Enabling this will make the server non-rfc compliant
#  require verify = header_sender
#

    accept  hosts = : +loopback : +recent_authed_mail_ips

    accept  hosts = *
            authenticated = *

    accept  hosts = +trustedmailhosts

    accept
            condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}



# END INSERT default_check_message_pre

#END ACL_CHECK_MESSAGE_PRE_BLOCK

#BEGIN ACL_PRE_SPAM_SCAN
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
accept
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}

# END INSERT mailproviders

#END ACL_PRE_SPAM_SCAN

#BEGIN ACL_SPAM_SCAN_BLOCK
# BEGIN INSERT default_spam_scan

  warn   
     # Remove spam headers from outside sources
     remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report


  warn
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    # Always make sure cPanel support mail can get through
    !hosts = : +trustedmailhosts : +cpanel_mail_netblocks
    log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
    add_header = X-Spam-Subject:  $rh_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: $spam_report
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1

  warn
      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}

  warn
  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  add_header = X-Spam-Status: No, score=$spam_score
  add_header = X-Spam-Score: $spam_score_int
  add_header = X-Spam-Bar: $spam_bar
  add_header = X-Ham-Report: $spam_report
  add_header = X-Spam-Flag: NO
  log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"



# END INSERT default_spam_scan

#END ACL_SPAM_SCAN_BLOCK

# exiscan only

#BEGIN ACL_EXISCAN_BLOCK
# BEGIN INSERT default_exiscan

    deny message = This message contains a virus or other harmful content ($malware_name)
         malware = */defer_ok
         demime = *

    warn log_message = Message has been scanned: no virus or other harmful content was found


# END INSERT default_exiscan

#END ACL_EXISCAN_BLOCK
# exiscan only

#BEGIN ACL_RATELIMIT_SPAM_BLOCK

#END ACL_RATELIMIT_SPAM_BLOCK

#BEGIN ACL_SPAM_BLOCK

#END ACL_SPAM_BLOCK

#BEGIN ACL_CHECK_MESSAGE_POST_BLOCK
# BEGIN INSERT default_check_message_post

accept

# END INSERT default_check_message_post

#END ACL_CHECK_MESSAGE_POST_BLOCK

acl_smtp_etrn:

#BEGIN ACL_SMTP_ETRN_BLOCK

#END ACL_SMTP_ETRN_BLOCK

acl_smtp_helo:

#BEGIN ACL_SMTP_HELO_BLOCK

#END ACL_SMTP_HELO_BLOCK

#BEGIN ACL_SMTP_HELO_POST_BLOCK
# BEGIN INSERT default_smtp_helo

    accept


# END INSERT default_smtp_helo

#END ACL_SMTP_HELO_POST_BLOCK

acl_smtp_mail:

#BEGIN ACL_MAIL_PRE_BLOCK
# BEGIN INSERT default_mail_pre

    # ignore authenticated hosts
    accept
        authenticated = *

    warn
        condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}
        set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

    accept
        hosts = : +loopback : +recent_authed_mail_ips



# END INSERT default_mail_pre

#END ACL_MAIL_PRE_BLOCK

#BEGIN ACL_MAIL_BLOCK
# BEGIN INSERT requirehelo

deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL


# END INSERT requirehelo
# BEGIN INSERT requirehelonoforge


drop 
    # if ($sender_helo_name eq $primary_hostname) {
    #      if (defined $interface_address) {
    #           return is_loopback($interface_address) ? 0 : 1;  #ok from localhost
    #      } else {
    #            return 0; #exim -bs
    #      }
    # } else {
    #      return 0;
    # }
    condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}}
    message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"


drop
    condition = ${if eq{[$interface_address]}{$sender_helo_name}}
    message   = "REJECTED - Interface: $interface_address is _my_ address"

# END INSERT requirehelonoforge
# BEGIN INSERT requirehelosyntax

drop
    condition   = ${if isip{$sender_helo_name}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)

drop
    # Required because "[IPv6:<address>]" will have no .s
    condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
    condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

drop
    condition   = ${if match{$sender_helo_name}{\N\.$\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
   
drop
    condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

# END INSERT requirehelosyntax

#END ACL_MAIL_BLOCK

#BEGIN ACL_MAIL_POST_BLOCK
# BEGIN INSERT default_mail_post

    accept


# END INSERT default_mail_post

#END ACL_MAIL_POST_BLOCK

acl_smtp_mailauth:

#BEGIN ACL_SMTP_MAILAUTH_BLOCK

#END ACL_SMTP_MAILAUTH_BLOCK

acl_smtp_mime:

#BEGIN ACL_SMTP_MIME_BLOCK

#END ACL_SMTP_MIME_BLOCK

acl_smtp_notquit:

#BEGIN ACL_NOTQUIT_BLOCK
# BEGIN INSERT ratelimit

# ignore authenticated hosts
accept authenticated = *

accept hosts = : +recent_authed_mail_ips : +loopback

warn
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
    log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
    ratelimit = 1.2 / 1h / strict / per_conn


# END INSERT ratelimit

#END ACL_NOTQUIT_BLOCK

acl_smtp_predata:

#BEGIN ACL_SMTP_PREDATA_BLOCK

#END ACL_SMTP_PREDATA_BLOCK

acl_smtp_quit:

#BEGIN ACL_SMTP_QUIT_BLOCK
# BEGIN INSERT slow_fail_block

  warn
    log_message = "Detected session with all messages failed"
    condition = ${if >= {${eval:$rcpt_count}}{1}{${if == {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
    set acl_m6 = 1

  warn
    condition = ${if eq {${acl_m6}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn / slow_fail_block_$sender_host_address
    log_message = "Increment slow_fail_block Ratelimit - $sender_fullhost because of all messages failed"

  warn
    ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address
    condition = ${if >= {${eval:$rcpt_count}}{1}{${if < {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
    set acl_m5 = 1
    log_message = "Detected session with ok message that previous had all failed"

  warn
    condition = ${if eq {${acl_m5}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn / slow_fail_accept_$sender_host_address
    log_message = "Decrement slow_fail_lock Ratelimit - $sender_fullhost because one message was successful"



# END INSERT slow_fail_block

#END ACL_SMTP_QUIT_BLOCK

acl_smtp_rcpt:

#BEGIN ACL_RATELIMIT_BLOCK

#END ACL_RATELIMIT_BLOCK

#BEGIN ACL_PRE_RECIPIENT_BLOCK
# BEGIN INSERT delay_unknown_hosts


warn
    !authenticated = *
    !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 20s

# END INSERT delay_unknown_hosts
# BEGIN INSERT dkim_disable

warn
   control = dkim_disable_verify


# END INSERT dkim_disable

#END ACL_PRE_RECIPIENT_BLOCK

#BEGIN ACL_RECIPIENT_BLOCK
# BEGIN INSERT default_recipient
  accept  hosts = :

  accept hosts = +skipsmtpcheck_hosts



# END INSERT default_recipient

#END ACL_RECIPIENT_BLOCK
#mailman only

#BEGIN ACL_RECIPIENT_MAILMAN_BLOCK
# BEGIN INSERT default_recipient_mailman
 
# Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  #if it gets here it isn't mailman


# END INSERT default_recipient_mailman

#END ACL_RECIPIENT_MAILMAN_BLOCK
#mailman only

#BEGIN ACL_IDENTIFY_SENDER_BLOCK
# BEGIN INSERT default_identify_sender
# Accept authenticated connections when the connection comes from the main
# account ([email protected], where foo.com's user is foo).  Otherwise, we end up
# unintentionally rejecting mail if the user is set to :fail:.
  accept  hosts = *
          authenticated = *
          condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}{$value}}}{$sender_address_local_part}{1}{0}}

# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
   deny  hosts = ! +senderverifybypass_hosts
        ! verify = sender

  accept  hosts = *
          authenticated = *

  # if they used "pop before smtp" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain
  warn  hosts = +recent_authed_mail_ips
        domains = ! +local_domains
        set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
        add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}}

  # if they used "pop before smtp" then we just accept
  accept
    condition = ${if exists{/etc/popbeforesmtp}{1}{0}}
    hosts = +recent_authed_mail_ips

  # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled
  warn
    condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{/etc/popbeforesmtp}}}{${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}}{0}}
    set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
    set acl_c_alwaysrelay = 1

  accept
    condition = $acl_c_alwaysrelay

  #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
  # a clogged outbox in outlook

   # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user)
   # We need to do it here before we can test the two drops
   warn
       condition = ${if def:acl_c_authenticated_local_user {0}{${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}}}
       set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

  # drop connections to localhost that are from demo accounts (required for manual connections)
  drop
       condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \
                             {def:acl_c_authenticated_local_user}} \
                      {${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{yes}{no}}}{no}}
       message   = Demo accounts may not send mail

  # drop connections to localhost that fail auth (required for Horde)
  drop
       condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \
                             {def:authentication_failed}} \
                      {$authentication_failed}{no}}
       message   = Authentication failed

  # we learned this in the acl_smtp_mail block
  accept
    condition = ${if def:acl_c_authenticated_local_user {yes}{no}}



# END INSERT default_identify_sender
# BEGIN INSERT default_message_submission

# Reject unauthenticated relay on port 587
drop
    condition = ${if eq{$received_port}{587}{1}{0}}
    message = SMTP AUTH is required for message submission on port 587

# END INSERT default_message_submission

#END ACL_IDENTIFY_SENDER_BLOCK



#BEGIN ACL_RECP_VERIFY_BLOCK
# BEGIN INSERT default_recp_verify
   #recipient verifications are required for all messages that are not sent to the local machine    #this was done at multiple users requests
    require verify = recipient



# END INSERT default_recp_verify

#END ACL_RECP_VERIFY_BLOCK

#BEGIN ACL_POST_RECP_VERIFY_BLOCK
# BEGIN INSERT dictionary_attack


  warn
    log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
    condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
    set acl_m7 = 1

  warn
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"

  drop
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    message = "Number of failed recipients exceeded.  Come back in a few hours."


# END INSERT dictionary_attack

#END ACL_POST_RECP_VERIFY_BLOCK

#BEGIN ACL_TRUSTEDLIST_BLOCK
# BEGIN INSERT trustedmailhosts
accept
    hosts = +trustedmailhosts
accept
     condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}

# END INSERT trustedmailhosts

#END ACL_TRUSTEDLIST_BLOCK

#BEGIN ACL_RBL_BLOCK

#END ACL_RBL_BLOCK

#BEGIN ACL_MAILAUTH_BLOCK

#END ACL_MAILAUTH_BLOCK

#BEGIN ACL_GREYLISTING_BLOCK

#END ACL_GREYLISTING_BLOCK

#BEGIN ACL_RCPT_HARD_LIMIT_BLOCK

#END ACL_RCPT_HARD_LIMIT_BLOCK

#BEGIN ACL_RCPT_SOFT_LIMIT_BLOCK

#END ACL_RCPT_SOFT_LIMIT_BLOCK

#BEGIN ACL_SPAM_SCAN_CHECK_BLOCK
# BEGIN INSERT default_spam_scan_check

    # The only problem with this setup is that if the message is for multiple users on the same server
    # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
    # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.


  warn  domains = ! ${primary_hostname} : +local_domains
         condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
         set acl_m0    = 1
         set acl_m1    = ${lookup{$domain}lsearch{/etc/userdomains}{$value}}

  warn  domains = ${primary_hostname}
          condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
          set acl_m0    = 1
          set acl_m1    = $local_part



# END INSERT default_spam_scan_check

#END ACL_SPAM_SCAN_CHECK_BLOCK

#BEGIN ACL_POST_SPAM_SCAN_CHECK_BLOCK
# BEGIN INSERT delay_unknown_hosts


warn
    #acl_m2 is spam = YES
    condition = ${if eq {${acl_m2}}{1}{1}{0}}
    !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    delay = 40s

# END INSERT delay_unknown_hosts
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
warn
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
     set acl_m0 = 0

# END INSERT mailproviders

#END ACL_POST_SPAM_SCAN_CHECK_BLOCK

#BEGIN ACL_RECIPIENT_POST_BLOCK
# BEGIN INSERT default_recipient_post



  accept  domains = +relay_domains

  deny    message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}}



# END INSERT default_recipient_post

#END ACL_RECIPIENT_POST_BLOCK

acl_smtp_starttls:

#BEGIN ACL_SMTP_STARTTLS_BLOCK

#END ACL_SMTP_STARTTLS_BLOCK

acl_smtp_vrfy:

#BEGIN ACL_SMTP_SMTP_VRFY_BLOCK

#END ACL_SMTP_SMTP_VRFY_BLOCK

acl_smtp_dkim:

#BEGIN ACL_SMTP_DKIM_BLOCK

#END ACL_SMTP_DKIM_BLOCK





begin authenticators


dovecot_plain:
    driver = dovecot
    public_name = PLAIN
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth1
    server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}



dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
  server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}






######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite




#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#

begin routers




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.




deliver_local_outside_jail:
    driver = manualroute
    condition = ${if exists {/jail_owner}{1}{0}}
    # users outside the jail will not be in /etc/passwd => We need to check if $local_part is in /jail_owner
    # we can't just check to see if they exist
    # because we still want to be able to mail root
    domains = +local_domains
    transport = remote_smtp
    route_list = "* 127.0.0.1"
    # self = send allows us to send outside the jail
    # we make sure /home/virtfs does not exist before we get here
    # to be safe
    self = send




# The main routers handle traffic to the lists themselves and the suffixed ones
# handle mail to administrative aliases.  We have to use a two step process
# because otherwise mail to a list such as [email protected] will not be
# handled properly.

mailman_virtual_router:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/mail/mailman : /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
    transport = mailman_virtual_transport



mailman_virtual_router_suffixed:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/mail/mailman : /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner     : -request   : \
            -subscribe : -unsubscribe
    transport = mailman_virtual_transport



mailman_virtual_router_nodns:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/mail/mailman : /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    domains = +local_domains
    transport = mailman_virtual_transport_nodns



mailman_virtual_router_nodns_suffixed:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/mail/mailman : /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner     : -request   : \
            -subscribe : -unsubscribe
    domains = +local_domains
    transport = mailman_virtual_transport_nodns

democheck:
    driver = redirect
    require_files = "+/etc/demouids"
    condition = "${extract{size}{${stat:/etc/demouids}}}"
    condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
    allow_fail
    data = :fail: demo accounts are not permitted to relay email



# cPanel Mail Archiving is disabled





#
# Handles identification of messages, nobody and webspam and mail trap checks
# in check_mail_permissions and notifies if we are defering a message
#

check_mail_permissions:
    domains = ! +local_domains
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    ignore_target_hosts = +loopback : 64.94.110.0/24
    driver = redirect
    allow_filter
    reply_transport = address_reply
    user = mailnull
    expn = false
    condition = "${perl{check_mail_permissions}}"
    data = "${perl{check_mail_permissions_results}}"


#
#  discover_sender_information is not included
#  because from_rewrites are not enabled
#


#
# If check_mail_permissions needs to defer or fail a message it is done here
#
enforce_mail_permissions:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    allow_defer
    expn = false
    condition = "${perl{enforce_mail_permissions}}"
    data = "${perl{enforce_mail_permissions_results}}"

#
# Increments max emails per hour if needed
#
increment_max_emails_per_hour_if_needed:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    no_verify
    one_time
    expn = false
    condition = "${perl{increment_max_emails_per_hour_if_needed}}"
    data = ":unknown:"





#
#  reject_forwarded_mail_marked_as_spam is not included
#  because no_forward_outbound_spam and no_forward_outbound_spam_over_int
#  are both disabled
#




#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#
autoreply_dkim_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    condition = "${if or {{match{$h_Precedence:}{auto}}{match{$h_X-Precedence:}{auto}}}{1}{0}}"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    require_files = "+/var/cpanel/domain_keys/private/${lc::$sender_address_domain}"
    headers_add = "${perl{mailtrapheaders}}"
    transport = dkim_remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
#


dkim_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    require_files = "+/var/cpanel/domain_keys/private/${lc::$sender_address_domain}"
    headers_add = "${perl{mailtrapheaders}}"
    transport = dkim_remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#


autoreply_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    condition = "${if or {{match{$h_Precedence:}{auto}}{match{$h_X-Precedence:}{auto}}}{1}{0}}"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#


lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.


#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = ipliteral
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp






#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.


#
# Trap Failures to Remote Domain
#

fail_remote_domains:
  driver = redirect
  domains = ! +local_domains : ! localhost : ! localhost.localdomain
  allow_fail
  data = ":fail: The mail server could not deliver mail to [email protected]$domain.  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."






#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
#  driver = forwardfile
#  file = /etc/spam.filter
#  no_check_local_user
#  no_verify
#  filter
#  allow_system_actions












#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = !$primary_hostname
    require_files = "+/etc/vfilters/${domain}"
    condition = "${extract{size}{${stat:/etc/vfilters/${domain}}}}"
    file = /etc/vfilters/${domain}
    file_transport = address_file
    directory_transport = address_directory
    pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
    reply_transport = address_reply
    router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
    user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
    no_verify



#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
#
mainacct_central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname
    condition = ${if eq {${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists {/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{${extract{size}{${stat:/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}}}}{0}}}}
    file = "/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{$local_part}{$value}}}}}{\N(jail|no)shell\N}{jailed_address_pipe}{address_pipe}}}}
    reply_transport = address_reply
    user = $local_part
    group = $local_part
    retry_use_local_part
    no_verify

#
# User Level Filtering for the main account
#


central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname
    require_files = "+${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
    condition = "${extract{size}{${stat:${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter}}}"
    file = "${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
    router_home_directory = ${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
    reply_transport = address_reply
    user = $local_part
    group = $local_part
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

#
# User Level Filtering for virtual users
#


virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = !$primary_hostname
    require_files = "+/etc/valiases/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
    router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
    condition = "${extract{size}{$home/etc/$domain/$local_part/filter}}}"
    file = "$home/etc/$domain/$local_part/filter"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
    reply_transport = address_reply
    user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify






virtual_aliases_nostar:
  driver = redirect
  allow_defer
  allow_fail
  domains = !$primary_hostname
  require_files = "+/etc/valiases/$domain"
  address_data = ${lookup{[email protected]$domain}lsearch{/etc/valiases/$domain}}
  data = $address_data
  file_transport = address_file
  pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
  retry_use_local_part
  unseen



virtual_user_overquota:
  driver = redirect
  domains = !$primary_hostname
  require_files = "+/etc/valiases/$domain:+$home/etc/$domain"
  user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
  router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
  condition = "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain}\nsize=$message_size\n\n}{3s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}}{false}}}{false}}"
  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  no_verify
  allow_fail







#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = redirect
    domains = !$primary_hostname
    require_files = "+/etc/valiases/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/mail/$domain/$local_part"
    condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
    headers_remove="x-uidl"
    data = "[email protected]$domain"
    redirect_router = virtual_user


virtual_user:
  driver = accept
  domains = !$primary_hostname
  require_files = "+/etc/valiases/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/mail/$domain/$local_part"
  router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
  headers_remove="x-uidl"
  local_part_suffix = +*
  local_part_suffix_optional
  user = mailnull
  group = mail
  transport = ${if or {{def:header_Precedence:}{def:header_List-Id:}{forany {${addresses:$h_to:}:${addresses:$h_cc:}}{or {{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{[email protected]$domain}}{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{[email protected]$original_domain}}}}}}{dovecot_virtual_delivery}{dovecot_virtual_delivery_no_batch}}
  #
  # If the delivery address, original address (forwarded),
  # or address with subaddress is shown on the To: or Cc:
  # lines or the message has the List-Id: or Precedence:
  # header we allow the message to be batched to
  # dovecot LMTP via transport dovecot_virtual_delivery
  #
  # If it does match match the above we do not allow the message
  # to be batched in order to ensure that the Envelope-To: header
  # does not contain a user that was Bcc:ed so savvy recipients
  # cannot see that another email was Bcc:ed in the header
  # via transport dovecot_virtual_delivery_no_batch
  #
  # Note: match_address would be nice here but the second string
  # is not expanded for security reasons
  #





has_alias_but_no_mailbox_discarded_to_prevent_loop:
        driver = redirect
        domains = !$primary_hostname
        require_files = "+/etc/valiases/$domain"
        condition = "${perl{checkvalias}{$domain}{$local_part}}"
        data="#Exim Filter\nseen finish"
        user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
        allow_filter
        local_part_suffix = +*
        local_part_suffix_optional
        disable_logging = true







valias_domain_file:
  driver = redirect
  allow_defer
  allow_fail
  require_files = +/etc/vdomainaliases/$domain
  condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no} }
  address_data = [email protected]${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
  data = $address_data

virtual_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = !$primary_hostname
    require_files = "+/etc/valiases/$domain"
    address_data = ${lookup{*}lsearch{/etc/valiases/$domain}}
    data = $address_data
    file_transport = address_file
    pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}







# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  domains = $primary_hostname
  address_data = ${lookup{$local_part}lsearch{/etc/aliases}}
  data = $address_data
  file_transport = address_file
  pipe_transport = address_pipe
# user = exim


local_aliases:
  driver = redirect
  allow_defer
  allow_fail
  domains = $primary_hostname
  address_data = ${lookup{$local_part}lsearch{/etc/localaliases}}
  data = $address_data
  file_transport = address_file
  pipe_transport = address_pipe
  check_local_user





userforward:
  driver = redirect
  allow_filter
  allow_fail
  forbid_filter_run
  forbid_filter_perl
  forbid_filter_lookup
  forbid_filter_readfile
  forbid_filter_readsocket
  check_ancestor
  check_local_user
  domains = $primary_hostname
  no_expn
  require_files = "+$home/.forward"
  condition = "${extract{size}{${stat:$home/.forward}}}"
  file = $home/.forward
  file_transport = address_file
  pipe_transport = ${if forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{$local_part}{$value}}}}}{\N(jail|no)shell\N}{jailed_address_pipe}{address_pipe}}}}
  reply_transport = address_reply
  directory_transport = address_directory
  user = $local_part
  group = $local_part
  no_verify




# srs is disabled






localuser_root:
    driver = redirect
    allow_fail
    domains = $primary_hostname
    check_local_user
    condition = ${if eq {$local_part}{root}}
    data = :fail: root cannot accept local mail deliveries



localuser_overquota:
  driver = redirect
  domains = $primary_hostname
  check_local_user
  condition =  "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{3s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"
  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  no_verify
  allow_fail


#
# Optimized spambox router
#

localuser_spam:
    driver = redirect
    domains = $primary_hostname
    require_files = "+$home/.spamassassinboxenable"
    condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
# sets home,user,group
    check_local_user
    headers_remove="x-uidl"
    data = "$local_part+spam"
    redirect_router = localuser



localuser:
    driver = accept
# sets home,user,group
    check_local_user
    domains = $primary_hostname
    headers_remove="x-uidl"
    local_part_suffix = +*
    local_part_suffix_optional
    user = mailnull
    group = mail
    transport = ${if or {{def:header_Precedence:}{def:header_List-Id:}{forany {${addresses:$h_to:}:${addresses:$h_cc:}}{or {{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{[email protected]$domain}}{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{[email protected]$original_domain}}}}}}{dovecot_delivery}{dovecot_delivery_no_batch}}
    #
    # If the delivery address, original address (forwarded),
    # or address with subaddress is shown on the To: or Cc:
    # lines or the message has the List-Id: or Precedence:
    # header we allow the message to be batched to
    # dovecot LMTP via transport dovecot_virtual_delivery
    #
    # If it does match match the above we do not allow the message
    # to be batched in order to ensure that the Envelope-To: header
    # does not contain a user that was Bcc:ed so savvy recipients
    # cannot see that another email was Bcc:ed in the header
    # via transport dovecot_virtual_delivery_no_batch
    #
    # Note: match_address would be nice here but the second string
    # is not expanded for security reasons
    #

# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports






mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}_${lc:$domain}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman




mailman_virtual_transport_nodns:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman


remote_smtp:
  driver = smtp
  interface = <; ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}



dkim_remote_smtp:
  driver = smtp
  interface = <; ${if exists {/etc/mailips}{${lookup{${lc:$sender_address_domain}}lsearch{/etc/mailips}{$value}{${lookup{${lc:$sender_address_domain}}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{${lc:$sender_address_domain}}lsearch{/etc/mailhelo}{$value}{${lookup{${lc:$sender_address_domain}}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
  dkim_domain = ${lc:$sender_address_domain}
  dkim_selector = default
  dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
  dkim_canon = relaxed



# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.






# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.


address_directory:
  driver = pipe
  command = /usr/libexec/dovecot/dovecot-lda -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
# JTK can't these files take comments? If so they would make reading these files a lot easier, I think.
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  return_output
  user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"

jailed_address_pipe:
  driver = pipe
  force_command
  command = /usr/local/cpanel/bin/jailexec $address_pipe
  return_output

jailed_virtual_address_pipe:
  driver = pipe
  force_command
  command = /usr/local/cpanel/bin/jailexec $address_pipe
  user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
  return_output

cagefs_address_pipe:
  driver = pipe
  force_command
  command = /bin/cagefs_enter $address_pipe
  return_output

cagefs_virtual_address_pipe:
  driver = pipe
  force_command
  command = /bin/cagefs_enter $address_pipe
  user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
  return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.


address_file:
  driver = pipe
  command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78


# For email with a bcc:
dovecot_delivery_no_batch:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  batch_max = 1
  rcpt_include_affixes
  delivery_date_add
  envelope_to_add
  return_path_add

# For email with a bcc:
dovecot_virtual_delivery_no_batch:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  batch_max = 1
  rcpt_include_affixes
  delivery_date_add
  envelope_to_add
  return_path_add


dovecot_delivery:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  batch_max = 200
  rcpt_include_affixes
  delivery_date_add
  envelope_to_add
  return_path_add

dovecot_virtual_delivery:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  batch_max = 200
  rcpt_include_affixes
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply



# cPanel Mail Archiving is disabled









######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry




*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h




# End of Exim 4 configuration
 
Nov 1, 2016
5
0
1
Bangladesh
cPanel Access Level
Root Administrator
When i try to redeliver from Mail Queue Manager

Code:
LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1c1s7M-0001b3-ME
delivering 1c1s7M-0001b3-ME
Connecting to gmail-smtp-in.l.google.com [74.125.201.27]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
H=gmail-smtp-in.l.google.com [74.125.201.27] Connection timed out
Connecting to alt1.gmail-smtp-in.l.google.com [173.194.175.27]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [173.194.175.27] Connection timed out
Connecting to alt2.gmail-smtp-in.l.google.com [74.125.141.27]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
H=alt2.gmail-smtp-in.l.google.com [74.125.141.27] Connection timed out
Connecting to alt3.gmail-smtp-in.l.google.com [64.233.186.27]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
H=alt3.gmail-smtp-in.l.google.com [64.233.186.27] Connection timed out
Connecting to alt4.gmail-smtp-in.l.google.com [209.85.202.27]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
H=alt4.gmail-smtp-in.l.google.com [209.85.202.27] Connection timed out
LOG: MAIN
== [email protected] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
 
Last edited by a moderator:

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
Hi Mostafuzur,

Might be port 25 is blocked at your DC .Please contact them to check this. And some time mail relay servers need to be setup on cPanel server when port 25 is blocked at DC end. So please contact to your DC and check this.