# SpamBlockerTechnology* powered exim.conf, Version 4.5.43 # May 4, 2022 # Exim configuration file for DirectAdmin # Requires exim.pl as distributed by DirectAdmin here: # http://files.directadmin.com/services/exim.pl version 21 or higher # ClamAV optional # SpamAssassin optional # Dovecot/IMAP Mandatory # *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services: # http://www.nobaloney.net # # WARNING! Do NOT use this exim.conf Exim configuration file unless you # make the required modifications to your Exim configuration # following the instructions in the README file included in this # distribution: # README-SpamBlockerVersion4exim.conf.txt # # The original exim.conf file distributed with Exim 4, includes the # following copyright notice: # # Copyright (C) 2002 University of Cambridge, Cambridge, UK # # Portions of the file are taken from the exim.conf file as # distributed with DirectAdmin (http://www.directadmin.com/) # # Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada # # Portions of this file are written by NoBaloney Internet Services # and are copyright as follows: # # Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA # # The entire Exim 4 distribution, including the exim.conf file, is # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE # you may download it, in it's entirety, from the website at: # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # Thanks to all the members of the DirectAdmin community and of the exim # community who have given their # much needed and appreciated help. # # The most recent version of this file may always downloaded from the website # at: http://www.nobaloney.net/downloads/spamblocker # # MODIFICATION INSTRUCTIONS # # YOU MUST MAKE THE CHANGES TO THIS # SpamBlockerTechnology* powered exim.conf, Version 4.0 # file as documented in the README file. # # The README file for this version is named: # README-SpamBlockerVersion4exim.conf.txt # CONFIGURATION STARTS HERE #EDIT#1: # primary_hostname = smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}} #EDIT#2-CLAMAV: # av_scanner = clamd:/var/run/clamav/clamd #.include_if_exists /etc/exim.clamav.load.conf #Block Cracking variables .include_if_exists /etc/exim.blockcracking/variables.conf #Easy Spam Figher variables .include_if_exists /etc/exim.easy_spam_fighter/variables.conf #SRS .include_if_exists /etc/exim.srs.conf #EDIT#3: # qualify_domain = #EDIT#4: perl_startup = do '/etc/exim.pl' #EDIT#5: system_filter = /etc/system_filter.exim #EDIT#6: untrusted_set_sender = * #EDIT#7: #daemon_smtp_ports=25 : 587 : 465 moved to exim.variables.conf #tls_on_connect_ports = 465 moved to exim.variables.conf #EDIT#8: local_from_check = false RBL_DNS_LIST=\ cbl.abuseat.org!& : \ b.barracudacentral.org : \ zen.spamhaus.org!& .include /etc/exim.variables.conf .include /etc/exim.strings.conf .include_if_exists /etc/exim.strings.conf.custom #EDIT#10: helo_allow_chars = _ #EDIT#11: log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery \ +arguments #EDIT#12: syslog_duplication = false #EDIT#13: acl_not_smtp = acl_script acl_smtp_auth = acl_check_auth acl_smtp_connect = acl_connect acl_smtp_helo = acl_check_helo acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10025} {acl_smtp_mail_proxy}{acl_check_mail}}}} acl_smtp_mailauth = smtp_mailauth acl_smtp_rcpt = acl_check_recipient acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}} acl_smtp_data = acl_check_message acl_smtp_mime = acl_check_mime #EDIT#14: addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}} hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}} hostlist auth_relay_hosts = * hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip hostlist proxy_hosts_ip = ${if exists{/etc/virtual/proxy_hosts_ip}{/etc/virtual/proxy_hosts_ip}} BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames #EDIT#15: #domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains #EDIT#16: #relay_hosts/pophosts moved to variables.conf #EDIT#17: never_users = root #EDIT#18: host_lookup = * #EDIT#19: rfc1413_hosts = * rfc1413_query_timeout = 0s #EDIT#20: #exim.variables.conf #EDIT#21: #exim.variables.conf #EDIT#22: #exim.variables.conf #EDIT#23: tls_advertise_hosts = * #auth_over_tls_hosts = * .include_if_exists /etc/exim.variables.conf.post ################################################################################## # Access Control Lists ################################################################################## begin acl ###################################### # ACL CONNECT ###################################### #EDIT#24: acl_connect: warn set acl_c_spam_assassin_has_run = 0 warn set acl_m_is_whitelisted = 0 warn set acl_c_accept_recipient_if_whitelisted = 1 .include_if_exists /etc/exim.easy_spam_fighter/connect.conf accept hosts = * ###################################### # ACL CHECK MAIL ###################################### acl_check_mail: accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}} #EDIT#31: accept sender_domains = +whitelist_domains logwrite = $sender_host_address whitelisted in local domains whitelist set acl_m_is_whitelisted = 1 accept hosts = +whitelist_hosts logwrite = $sender_host_address whitelisted in local hosts whitelist set acl_m_is_whitelisted = 1 accept hosts = +whitelist_hosts_ip logwrite = $sender_host_address whitelisted in local hosts IP whitelist set acl_m_is_whitelisted = 1 # accept if envelope sender is in whitelist accept senders = +whitelist_senders logwrite = $sender_host_address whitelisted in local sender whitelist set acl_m_is_whitelisted = 1 .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf accept ###################################### # ACL CHECK AUTH ###################################### smtp_mailauth: accept hosts = <; ; ::1 condition = ${if eq{$interface_port}{10025}} log_message = Will accept MAIL AUTH parameter for $authenticated_sender deny acl_smtp_mail_proxy: deny condition = ${if eq{$interface_port}{10025}} condition = ${if eq{$authenticated_sender}{}} message = All connections on port $interface_port need MAIL AUTH sender ###################################### # ACL CHECK AUTH ###################################### #EDIT#24.5# acl_check_auth: drop set acl_m_authcount = ${eval10:0$acl_m_authcount+1} condition = ${if >{$acl_m_authcount}{2}} delay = 10s message = ONLY_ONE_AUTH_PER_CONN accept ###################################### # ACL CHECK HELO ###################################### #EDIT#25: acl_check_helo: .include_if_exists /etc/exim.acl_check_helo.pre.conf accept hosts = +whitelist_hosts_ip # accept mail originating on this server unconditionally accept hosts = <;; @[]; ; ::1 ; @ # deny if the HELO pretends to be this host deny message = HELO_HOST_IMPERSANATION condition = ${if or { \ {eq{$sender_helo_name}{$smtp_active_hostname}} \ {eq{$sender_helo_name}{[$interface_address]}} \ } {true}{false} } # deny if the HELO is an IP address deny message = HELO_IS_IP condition = ${if eq{$interface_port}{25}} condition = ${if isip{$sender_helo_name}} # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks deny message = HELO_BLOCKED_FOR_ABUSE condition = ${if eq{$sender_helo_name}{ylmf-pc}} # deny if the HELO pretends to be one of the domains hosted on the server deny message = HELO_IS_LOCAL_DOMAIN condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}} hosts = ! +relay_hosts .include_if_exists /etc/exim.acl_check_helo.post.conf accept ###################################### # ACL SCRIPT ###################################### acl_script: .include_if_exists /etc/exim.acl_script.pre.conf discard set acl_m_uid = ${perl{find_uid}} set acl_m_username = ${perl{get_username}{$acl_m_uid}} condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}} message = USER_TOO_MANY discard condition = ${if !eq{$originator_uid}{$exim_uid}} condition = ${if exists{BLACKLIST_USERNAMES}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES discard condition = ${if !eq{$originator_uid}{$exim_uid}} condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}} message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES discard condition = ${if eq{$recipients_count}{1}} condition = ${if forany{<, $recipients}{eq{${acl{recipient_suspended}{$item}}}{caught}}} message = DOMAIN_SUSPENDED .include_if_exists /etc/exim.blockcracking/script.conf accept .include_if_exists /etc/exim.blockcracking/script.recipients.conf recipient_suspended: accept condition = ${if exists{/etc/virtual/${domain:$acl_arg1}}{no}{yes}} condition = ${if exists{/etc/virtual/${domain:$acl_arg1}_off}{yes}{no}} message = caught accept ###################################### # ACL CHECK RECIPIENT ###################################### #EDIT#26: acl_check_recipient: .include_if_exists /etc/exim.acl_check_recipient.pre.conf # block certain well-known exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains message = Invalid characters in local_part local_parts = ^[.] : ^.*[@%!|] # If you've hit the limit, you can't send anymore. Requires exim.pl 17+ drop message = AUTH_TOO_MANY condition = ${perl{auth_hit_limit_acl}} authenticated = * drop message = MULTIPLE_BOUNCE_RECIPIENTS senders = : postmaster@* condition = ${if >{$recipients_count}{0}{true}{false}} drop message = TOO_MANY_FAILED_RECIPIENTS log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} !verify = recipient/callout=2m,defer_ok,use_sender defer message = DOMAIN_SUSPENDED domains = +local_domains condition = ${if exists{/etc/virtual/${domain}}{no}{yes}} condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}} drop authenticated = * condition = ${if exists{BLACKLIST_USERNAMES}} set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}} set acl_m_username = ${perl{get_username}{$acl_m_uid}} condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}} message = USER_ON_BLACKLIST_SMTP logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES drop authenticated = * condition = ${if exists{BLACKLIST_SMTP_USERNAMES}} condition = ${lookup{$authenticated_id}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}} message = USER_ON_BLACKLIST_SMTP logwrite = E-Mail account $authenticated_id is blocked via BLACKLIST_SMTP_USERNAMES drop authenticated = * condition = ${if exists{BLACKLIST_SMTP_USERNAMES}} set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}} set acl_m_username = ${perl{get_username}{$acl_m_uid}} condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}} condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}} message = USER_ON_BLACKLIST_SMTP logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.mid.conf # Deny if the recipient doesn't exist: deny message = NO_SUCH_RECIPIENT domains = +local_domains !verify = recipient accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}} condition = ${if eq{$acl_c_accept_recipient_if_whitelisted}{1}} .include_if_exists /etc/exim.acl_check_recipient.mid.conf #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking .include_if_exists /etc/exim.blockcracking/auth.conf # restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = RELAY_NOT_PERMITTED_AUTH authenticated = * # Deny all Mailer-Daemon messages not for us: deny message = We didn't send the message senders = : domains = !+relay_domains !authenticated = * #EDIT#27: # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address deny message = R1: HELO_SHOULD_BE_FQDN !authenticated = * condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} ## 2nd deny makes sure the hostname doesn't end with a dot (invalid) # deny message = R2: HELO_SHOULD_BE_FQDN # !authenticated = * # condition = ${if match{$sender_helo_name}{\N\.$\N}} # 3rd deny makes sure the hostname has no double-dots (invalid) deny message = R3: HELO_SHOULD_BE_FQDN !authenticated = * condition = ${if match{$sender_helo_name}{\N\.\.\N}} ## 4th deny make sure the hostname doesn't end in .home (invalid domain) # deny message = R4: HELO_SHOULD_BE_FQDN # !authenticated = * # condition = ${if match{$sender_helo_name}{\N\.home$\N}} #EDIT#28: # warn domains = +skip_av_domains # set acl_m0 = $tod_epoch #EDIT#29: deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ #EDIT#30: accept hosts = : logwrite = Whitelisted as having local origination #EDIT#32: deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip senders = +blacklist_senders #EDIT#33: deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST # only for domains that do want to be tested against RBLs domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip hosts = +bad_sender_hosts #EDIT#34: deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP hosts = +bad_sender_hosts_ip # Remaining Mailer-Daemon messages must be for us accept senders = : domains = +relay_domains #EDIT#35: accept domains = +local_domains sender_domains = !+blacklist_domains hosts = !+bad_sender_hosts hosts = !+bad_sender_hosts_ip dnslists = list.dnswl.org& dnslists = list.dnswl.org!= logwrite = $sender_host_address whitelisted in list.dnswl.org #EDIT#36: # accept domains = +local_domains # dnslists = hostkarma.junkemailfilter.com= # logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com #EDIT#37: # accept local_parts = whitelist # domains = example.com #EDIT#38: require verify = sender #EDIT#39: deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip sender_domains = +blacklist_domains #EDIT#40: # deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal. # senders = *@paypal.com # condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}} #EDIT#41: warn hosts = +skip_rbl_hosts logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts warn hosts = +skip_rbl_hosts_ip logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip warn domains = +skip_rbl_domains logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains deny message = RBL_BLOCKED_BY_LIST hosts = !+relay_hosts domains = +use_rbl_domains domains = !+skip_rbl_domains hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip !authenticated = * dnslists = RBL_DNS_LIST .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf .include_if_exists /etc/exim.greylist.conf #COMMENT#43: # ACCEPT EMAIL BEGINNING HERE # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = UNKNOWN_USER verify = recipient #COMMENT#44 # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify = recipient #EDIT#45: accept hosts = +relay_hosts add_header = X-Relay-Host: $sender_host_address accept hosts = +auth_relay_hosts endpass message = AUTH_REQUIRED authenticated = * .include_if_exists /etc/exim.acl_check_recipient.post.conf # FINAL DENY EMAIL BEFORE DATA BEGINS HERE # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = RELAY_NOT_PERMITTED ###################################### # ACL CHECK DKIM ###################################### acl_check_dkim: accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}} .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf accept ###################################### # ACL CHECK MESSAGE ###################################### # ACL that is used after the DATA command (ClamAV) acl_check_message: warn set acl_c_spam_assassin_has_run = 0 .include_if_exists /etc/exim.acl_check_message.pre.conf #EDIT#46.1#T9653 warn condition = ${if !def:h_Message-ID: {yes}{no}} message = Adding Message-ID header because it is missing! add_header = Message-ID: accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}} .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf #EDIT#46: #.include_if_exists /etc/exim.clamav.conf .include_if_exists /etc/exim.acl_check_message.post.conf accept ###################################### # ACL that is used for each MIME attachment in the email. acl_check_mime: .include_if_exists /etc/exim.check_mime.conf.custom .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf accept ################################################################################## # AUTHENTICATION CONFIGURATION ################################################################################## begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}{0}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}{0}}" server_set_id = $1 #EDIT#47: # REWRITE CONFIGURATION # There is no rewriting specification in this exim.conf file. If your # configuration requires one, it would go here .include_if_exists /etc/exim.authenticators.post.conf ################################################################################## # ROUTERS CONFIGURATION ################################################################################## begin routers #EDIT#48: .include_if_exists /etc/exim.routers.pre.conf lookuphost_forward_router: driver = dnslookup domains = ! +local_domains ignore_target_hosts = condition = ${if !eq{$original_domain}{$domain}} condition = ${if !eq{$original_domain}{}} condition = "${perl{check_limits}}" transport = remote_smtp_forward_transport no_more lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = condition = "${perl{check_limits}}" transport = remote_smtp no_more # RELATED: http://help.directadmin.com/item.php?id=153 # smart_route: # driver = manualroute # domains = ! +local_domains # ignore_target_hosts = # condition = "${perl{check_limits}}" # route_list = !+local_domains HOSTNAME-or-IP# # transport = remote_smtp #COMMENT#49: #DIRECTORS CONFIGURATION .include_if_exists /etc/exim.spamassassin.conf #EDIT#50: # Spam Assassin #spamcheck_director removed. Use the exim.spamassassin.conf majordomo_aliases: driver = redirect allow_defer allow_fail domains = lsearch,ret=key;/etc/virtual/domainowners data = ${if exists{/etc/virtual/${domain_data}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/majordomo/list.aliases}}}} file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" domains = lsearch,ret=key;/etc/virtual/domainowners data = ${if exists{/etc/virtual/${domain_data}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/majordomo/private.aliases}}}} file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user domains = lsearch,ret=key;/etc/virtual/domainowners condition = "${if exists{/etc/virtual/${domain_data}/filter}{yes}{no}}" user = "${lookup{$domain_data}lsearch{/etc/virtual/domainowners}{$value}}" group = "mail" file = /etc/virtual/${domain_data}/filter directory_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: # uservacation reply to all except errors, bounces, lists driver = accept domains = lsearch,ret=key;/etc/virtual/domainowners local_parts = ${if match {$local_part}{\N^\.*[^./][^/]*$\N}{${lookup{$local_part}lsearch,ret=key{/etc/virtual/$domain_data/passwd}{$value}{${lookup{$local_part}lsearch,ret=key{/etc/virtual/$domain_data/aliases}{$value}}}}}fail} condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}} condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain_data}/vacation.conf}{yes}{no}} condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}} require_files = /etc/virtual/${domain_data}/reply/${local_part}.msg # do not reply to errors and bounces or lists senders = " ! ^.*-request@.*:\ ! ^owner-.*@.*:\ ! ^postmaster@.*:\ ! ^listmaster@.*:\ ! ^mailer-daemon@.*\ ! ^root@.*" transport = uservacation unseen #autoreply exists #both passwd and forwarders do not have local_part. userautoreply: driver = accept domains = lsearch,ret=key;/etc/virtual/domainowners local_parts = ${lookup{$local_part} lsearch,ret=key{/etc/virtual/${domain_data}/autoresponder.conf}{$value}} condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}} condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain_data}/autoresponder.conf}{yes}{no}} condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}} require_files = /etc/virtual/${domain_data}/reply/${local_part}.msg condition = ${if exists{/etc/virtual/${domain_data}/passwd}} condition = ${if exists{/etc/virtual/${domain_data}/aliases}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/passwd}{no}{yes}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/aliases}{no}{yes}} # do not reply to errors and bounces or lists senders = " ! ^.*-request@.*:\ ! ^owner-.*@.*:\ ! ^postmaster@.*:\ ! ^listmaster@.*:\ ! ^mailer-daemon@.*\ ! ^root@.*" transport = userautoreply #autoreply exists #either passwd or forwarders exist, failover from above. userautoreply_unseen: driver = accept domains = lsearch,ret=key;/etc/virtual/domainowners local_parts = ${lookup{$local_part} lsearch,ret=key{/etc/virtual/${domain_data}/autoresponder.conf}{$value}} condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}} condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain_data}/autoresponder.conf}{yes}{no}} condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}} require_files = /etc/virtual/${domain_data}/reply/${local_part}.msg # do not reply to errors and bounces or lists senders = " ! ^.*-request@.*:\ ! ^owner-.*@.*:\ ! ^postmaster@.*:\ ! ^listmaster@.*:\ ! ^mailer-daemon@.*\ ! ^root@.*" transport = userautoreply unseen #any callbacks doing sender verify checks to this server accept SRS0 encoded emails if they exist, else the verify will fail. #until we figure out how to extract the original forwarder name in exim, we'll accept and drop all SRS0 encoded emails. #the srs_recipient is the original remote sender, so we dont want to forwarder there, else it will generated untraced backscatter (no data=srs_recipient) #I had found srs_orig_recipient variable, but wasn't able to use it to check for local fordwarders. #so any email to SRS0=..@localdomain.com will be accepted and dropped into the :blackhole:, which should be sufficient to satisfy the sender verify, and prevent any spam since it's always dropped. #if the final recipient hits "reply", it should already go to the orignal remote sender, not to the SRS name. inbound_srs: driver = redirect senders = : domains = +local_domains # detect inbound bounces which are SRS'd, and decode them condition = ${if inbound_srs {$local_part} {SRS_SECRET}} data = $srs_recipient inbound_srs_failure: driver = redirect senders = : domains = +local_domains # detect inbound bounces which look SRS'd but are invalid condition = ${if inbound_srs {$local_part} {}} allow_fail data = :fail: Invalid SRS recipient address #forwarder exists #user exists virtual_user_unseen: driver = accept domains = lsearch,ret=key;/etc/virtual/domainowners condition = ${if exists{/etc/virtual/${domain_data}/passwd}{1}{0}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/aliases}{1}{0}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/aliases}{${if eq{$value}{$local_part}{0}{1}}}{0}} condition = ${perl{save_virtual_user}} group = mail .include_if_exists /etc/exim/local_part_suffix.conf retry_use_local_part transport = dovecot_lmtp_udp unseen #forwarder exists #user does not exist virtual_aliases_nouser_nostar: driver = redirect allow_defer allow_fail domains = lsearch,ret=key;/etc/virtual/domainowners condition = ${if exists{/etc/virtual/${domain_data}/passwd}{1}{0}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/aliases}{1}{0}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/passwd}{0}{1}} data = ${lookup{$local_part}lsearch{/etc/virtual/$domain_data/aliases}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part .include_if_exists /etc/exim/local_part_suffix.conf #forwarder does not exist #user exists virtual_user: driver = accept domains = lsearch,ret=key;/etc/virtual/domainowners condition = ${if exists{/etc/virtual/${domain_data}/passwd}{1}{0}} condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain_data}/aliases}{0}{1}} condition = ${perl{save_virtual_user}} group = mail retry_use_local_part transport = dovecot_lmtp_udp .include_if_exists /etc/exim/local_part_suffix.conf #wildcard forwarder #user should have already been caught above virtual_aliases: #only the wildcard will be used here driver = redirect allow_defer allow_fail domains = lsearch,ret=key;/etc/virtual/domainowners data = ${if exists{/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part .include_if_exists /etc/exim/local_part_suffix.conf #COMMENT#51: drop_solo_alias: driver = redirect allow_defer allow_fail domains = lsearch,ret=key;/etc/virtual/domainowners data = ${if exists{/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain_data/aliases}}}} file_transport = devnull group = mail pipe_transport = devnull retry_use_local_part #include_domain = true .include_if_exists /etc/exim/local_part_suffix.conf #COMMENT#52: userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply directory_transport = address_directory no_verify system_aliases: driver = redirect local_parts = ${if match {$local_part}{\N^\.*[^./][^/]*$\N}{${lookup{$local_part}lsearch,ret=key{/etc/aliases}{$value}}}fail} allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery #COMMENT#53: ################################################################################## # TRANSPORTS CONFIGURATION ################################################################################## begin transports .include_if_exists /etc/exim.transports.pre.conf #COMMENT#54: spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail #COMMENT#55: majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo #COMMENT#56: local_delivery: driver = appendfile delivery_date_add envelope_to_add directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/Maildir/" directory_mode = 770 create_directory = true maildir_format group = mail mode = 0660 return_path_add user = ${local_part} #COMMENT#57: virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 770 envelope_to_add directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/imap/${domain_data}/${local_part_data}/Maildir" maildir_format group = mail mode = 660 return_path_add user = "${lookup{$domain_data}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain_data}/quota}{$value}{0}}}{0}} .include_if_exists /etc/exim/virtual_localdelivery.conf.post #EDIT#58: uservacation: driver = autoreply file = /etc/virtual/${domain_data}/reply/${local_part_data}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain_data}/reply/${local_part_data}.log no_return_message headers = ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.headers}{${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.headers}}}} subject = ${if def:h_Subject: {\ ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.subject}\ {${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.subject}{}}}\ {Autoreply}\ }: ${quote:${escape:${length_240:$h_Subject:}}}}\ {I am on vacation}} to = "${reply_address}" user = mail once = /etc/virtual/${domain_data}/reply/${local_part_data}.once once_file_size = 100K once_repeat = ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.once_time}{${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.once_time}{}}}{2d}} #COMMENT#59: userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain_data}/autoresponder.conf}{$value}} file = /etc/virtual/${domain_data}/reply/${local_part_data}.msg from = "${local_part_data}@${domain_data}" log = /etc/virtual/${domain_data}/reply/${local_part_data}.log no_return_message headers = ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.headers}{${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.headers}}}} subject = ${if def:h_Subject: {\ ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.subject}\ {${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.subject}{}}}\ {Autoreply}\ }: ${quote:${escape:${length_240:$h_Subject:}}}}\ {Autoreply Message}} to = "${reply_address}" user = mail once = /etc/virtual/${domain_data}/reply/${local_part_data}.once once_file_size = 100K once_repeat = ${if exists{/etc/virtual/${domain_data}/reply/${local_part_data}.once_time}{${readfile{/etc/virtual/${domain_data}/reply/${local_part_data}.once_time}{}}}{2d}} #COMMENT#60: devnull: driver = appendfile file = /dev/null #COMMENT#61: remote_smtp: driver = smtp message_linelength_limit = 52428800 headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}" interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}} helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}} hosts_try_chunking = hosts_try_fastopen = .include_if_exists /etc/exim.dkim.conf remote_smtp_forward_transport: driver = smtp message_linelength_limit = 52428800 headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}" interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$original_domain}lsearch*{/etc/virtual/domainips}}}} helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}} hosts_try_chunking = hosts_try_fastopen = max_rcpt = 1 return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} .include_if_exists /etc/exim.dkim.conf #EDIT#62: address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain_data}lsearch* {/etc/virtual/domainowners}{$value}}" .include_if_exists /etc/exim.cagefs.pipe.conf #COMMENT#63: address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add #COMMENT#64: address_reply: driver = autoreply dovecot_lmtp_udp: driver = lmtp socket = /var/run/dovecot/lmtp #maximum number of deliveries per batch, default 1 batch_max = 200 delivery_date_add envelope_to_add return_path_add user = mail address_directory: driver = appendfile maildir_format maildir_use_size_file delivery_date_add envelope_to_add return_path_add ################################################################################## # RETRY CONFIGURATION ################################################################################## #EDIT#65: # Domain Error Retries # ------ ----- ------- begin retry .include_if_exists /etc/exim.retry.conf * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration