100kb file # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this Portions of this file are # P ortions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file are # Portions of this file ar e # Portions of this file are # Portions of this file are written by Jeff Lasman, of # # NoBaloney Internet Services and are copyright as follows: # # # # Copyright (C) 2004-2005 NoBaloney Internet Services, # # San Bernardino, Calif., USA # # # # The entire Exim 4 distribution, including the exim.conf file, is # # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # # June 1991. If you do not have a copy of the GNU GENERAL # # PUBLIC LICENSE you may download it, in it's entirety, from # # the website at: # # # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # # ###################################################################### # # # The most recent version of this SpamBlocker exim.conf file may # # always downloaded from the website at # # # # http://www.nobaloney.net/exim/exim.conf.spamblocked # # # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # # # Whenever you change Exim's configuration file, you *must* remember # # to HUP the Exim daemon, because it will not pick up the new # # configuration until you do. However, any other Exim processes that # # are started, for example, a process started by an MUA in order to # # send a message, will see the new configuration as soon as it is in # # place. # # # # You do not need to HUP the daemon for changes in auxiliary files # # that are referenced from this file. They are read every time they # # are used. # # # # It is usually a good idea to test a new configuration for # # syntactic correctness before installing it (for example, by # # running the command "exim -C /config/file.new -bV"). # # # ### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ### # # # YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as # # documented in the README file. # # # # The README file for this version is named: # # README.SpamBlocker.exim.conf.2.0 # # # ###################################################################### # Specify your host's canonical name here. This should normally be the # fully qualified "official" name of your host. If this option is not # set, the uname() function is called to obtain the name. In many cases # this does the right thing and you need not set anything explicitly. # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # the next line is required to start the smtp auth script included # in DirectAdmin perl_startup = do '/etc/exim.pl' # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter = /etc/system_filter.exim # next line to allow incoming email submission port 587 # see also check_recipient second ruleset daemon_smtp_ports = 25 : 587 # SET SOME MEANINGFUL LIMITS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment message_size_limit = 20M smtp_receive_timeout = 5m smtp_accept_max = 100 message_body_visible = 3000 print_topbitchars = true # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery syslog_duplication = false # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message # define local lists addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains : localhost domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains hostlist auth_relay_hosts = * hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. You also need to comment "forbid_domain_literals" below. This is not # recommended for today's Internet. # DO NOT ALLOW HOST LITERALS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to uncomment the line # below and change the allow_domain_literals line below to true # to allow domain literals in your environment # local_domains_include_host_literals # The following line prevents Exim from recognizing addresses of the form # "user@[111.111.111.111]" that is, with a "domain literal" (an IP address) # instead of a named domain. The RFCs still require this form, but it makes # little sense to permit mail to be sent to specific hosts by their IP address # in the modern Internet, and this ancient format has been used by those # seeking to abuse hosts by using them for unwanted relaying. If you really # do want to support domain literals, remove the following line, and see # also the "domain_literal" router below. allow_domain_literals = false # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # DO HOST LOOKUP # OPTIONAL MODIFICATIONS: # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 0s # BOUNCE MESSAGES # OPTIONAL MODIFICATIONS: # When Exim can neither deliver a message nor return it to sender, it # "freezes" the delivery error message (aka "bounce message"). There are also # other circumstances in which messages get frozen. They will stay on the # queue forever unless one or both of the following options is set. # This option unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than five days. timeout_frozen_after = 5d # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key tls_advertise_hosts = * #auth_over_tls_hosts = * ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # to restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = * # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # sender domains whitelist # accept if sender domain is in whitelist accept sender_domains = +whitelist_domains # sender hosts whitelist # accept if sender host is in whitelist accept hosts = +whitelist_hosts accept hosts = +whitelist_hosts_ip # envelope senders whitelist # accept if envelope sender is in whitelist accept senders = +whitelist_senders # accept mail to postmaster in any local domain, regardless of source accept local_parts = postmaster domains = +local_domains # accept mail to abuse in any local domain, regardless of source accept local_parts = abuse domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source accept local_parts = hostmaster domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" deny message = Email blocked by LBL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # deny using hostname in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts # deny using IP in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts_ip # deny using email address in blacklist_senders deny message = Email blocked by BSAL - to unblock see http://www.example.com/ domains = use_rbl_domains deny senders = +blacklist_senders # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out #require verify = sender # deny using .spamhaus deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl.spamhaus.org # deny using ordb deny message = Email blocked by ORDB - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = relays.ordb.org # deny using sorbs smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = dnsbl.sorbs.net=127.0.0.5 # Next deny stuff from more "fuzzy" blacklists # but do bypass all checking for whitelisted host names # and for authenticated users # deny using spamcop deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = bl.spamcop.net # deny using njabl deny message = Email blocked by NJABL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.njabl.org # deny using cbl deny message = Email blocked by CBL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = cbl.abuseat.org # deny using all other sorbs ip-based blocklist besides smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.sorbs.net!=127.0.0.6 # deny using sorbs name based list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ domains =+use_rbl_domains # rhsbl list is name based dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "mail" file = /etc/virtual/${domain}/filter file_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} condition = ${perl{save_virtual_user}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery virtual_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} #file_transport = address_file file_transport = devnull group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add file = /var/mail/$local_part group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 700 envelope_to_add file = /var/spool/virtual/${domain}/${local_part} group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once devnull: driver = appendfile file = /dev/null # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration ###################################################################### # SpamBlocker.exim.conf.2.0-release # # Runtime configuration file for DirectAdmin/Exim 4.24 and above # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # WARNING! Be sure to back up your previous exim.conf file before # # attempting to use this exim.conf file. # # # # Do may not use this exim.conf Exim configuration file unless you # # make the required modifications to your Exim configuration # # following the instructions in the README file included in this # # distribution. # # # # This is version "2.0 of the SpamBlocker exim.conf file as # # distributed by NoBaloney Internet Services for DirectAdmin based # # servers. # # # # More information about NoBaloney.net may be found at: # # http://www.nobaloney.net/ # # # # More information about DirectAdmin may be found at: # # http://www.directadmin.com/ # # # # This Exim configuration file has been modified from the original # # as distributed with Exim 4. The modifications have been made by: # # # # Jeff Lasman # # NoBaloney Internet Services # # 1254 So. Waterman Ave., Suite 50 # # San Bernardino, CA 92408 # # spamblocker@nobaloney.net # # (909) 266-9209 # # # # The SpamBlocker exim.conf file has been modified from the original # # exim.conf file as distributed with Exim 4, which includes the # # following copyright notice: # # # # Copyright (C) 2002 University of Cambridge, Cambridge, UK # # # # Portions of the file are taken from the exim.conf file as # # distributed with DirectAdmin (http://www.directadmin.com/), # # # # Copyright (C) 2003 JBMC Software, St Albert, AB, Canada # # # # Portions of this file are written by Jeff Lasman, of # # NoBaloney Internet Services and are copyright as follows: # # # # Copyright (C) 2004-2005 NoBaloney Internet Services, # # San Bernardino, Calif., USA # # # # The entire Exim 4 distribution, including the exim.conf file, is # # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # # June 1991. If you do not have a copy of the GNU GENERAL # # PUBLIC LICENSE you may download it, in it's entirety, from # # the website at: # # # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # # ###################################################################### # # # The most recent version of this SpamBlocker exim.conf file may # # always downloaded from the website at # # # # http://www.nobaloney.net/exim/exim.conf.spamblocked # # # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # # # Whenever you change Exim's configuration file, you *must* remember # # to HUP the Exim daemon, because it will not pick up the new # # configuration until you do. However, any other Exim processes that # # are started, for example, a process started by an MUA in order to # # send a message, will see the new configuration as soon as it is in # # place. # # # # You do not need to HUP the daemon for changes in auxiliary files # # that are referenced from this file. They are read every time they # # are used. # # # # It is usually a good idea to test a new configuration for # # syntactic correctness before installing it (for example, by # # running the command "exim -C /config/file.new -bV"). # # # ### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ### # # # YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as # # documented in the README file. # # # # The README file for this version is named: # # README.SpamBlocker.exim.conf.2.0 # # # ###################################################################### # Specify your host's canonical name here. This should normally be the # fully qualified "official" name of your host. If this option is not # set, the uname() function is called to obtain the name. In many cases # this does the right thing and you need not set anything explicitly. # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # the next line is required to start the smtp auth script included # in DirectAdmin perl_startup = do '/etc/exim.pl' # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter = /etc/system_filter.exim # next line to allow incoming email submission port 587 # see also check_recipient second ruleset daemon_smtp_ports = 25 : 587 # SET SOME MEANINGFUL LIMITS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment message_size_limit = 20M smtp_receive_timeout = 5m smtp_accept_max = 100 message_body_visible = 3000 print_topbitchars = true # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery syslog_duplication = false # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message # define local lists addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains : localhost domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains hostlist auth_relay_hosts = * hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. You also need to comment "forbid_domain_literals" below. This is not # recommended for today's Internet. # DO NOT ALLOW HOST LITERALS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to uncomment the line # below and change the allow_domain_literals line below to true # to allow domain literals in your environment # local_domains_include_host_literals # The following line prevents Exim from recognizing addresses of the form # "user@[111.111.111.111]" that is, with a "domain literal" (an IP address) # instead of a named domain. The RFCs still require this form, but it makes # little sense to permit mail to be sent to specific hosts by their IP address # in the modern Internet, and this ancient format has been used by those # seeking to abuse hosts by using them for unwanted relaying. If you really # do want to support domain literals, remove the following line, and see # also the "domain_literal" router below. allow_domain_literals = false # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # DO HOST LOOKUP # OPTIONAL MODIFICATIONS: # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 0s # BOUNCE MESSAGES # OPTIONAL MODIFICATIONS: # When Exim can neither deliver a message nor return it to sender, it # "freezes" the delivery error message (aka "bounce message"). There are also # other circumstances in which messages get frozen. They will stay on the # queue forever unless one or both of the following options is set. # This option unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than five days. timeout_frozen_after = 5d # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key tls_advertise_hosts = * #auth_over_tls_hosts = * ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # to restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = * # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # sender domains whitelist # accept if sender domain is in whitelist accept sender_domains = +whitelist_domains # sender hosts whitelist # accept if sender host is in whitelist accept hosts = +whitelist_hosts accept hosts = +whitelist_hosts_ip # envelope senders whitelist # accept if envelope sender is in whitelist accept senders = +whitelist_senders # accept mail to postmaster in any local domain, regardless of source accept local_parts = postmaster domains = +local_domains # accept mail to abuse in any local domain, regardless of source accept local_parts = abuse domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source accept local_parts = hostmaster domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" deny message = Email blocked by LBL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # deny using hostname in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts # deny using IP in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts_ip # deny using email address in blacklist_senders deny message = Email blocked by BSAL - to unblock see http://www.example.com/ domains = use_rbl_domains deny senders = +blacklist_senders # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out #require verify = sender # deny using .spamhaus deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl.spamhaus.org # deny using ordb deny message = Email blocked by ORDB - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = relays.ordb.org # deny using sorbs smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = dnsbl.sorbs.net=127.0.0.5 # Next deny stuff from more "fuzzy" blacklists # but do bypass all checking for whitelisted host names # and for authenticated users # deny using spamcop deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = bl.spamcop.net # deny using njabl deny message = Email blocked by NJABL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.njabl.org # deny using cbl deny message = Email blocked by CBL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = cbl.abuseat.org # deny using all other sorbs ip-based blocklist besides smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.sorbs.net!=127.0.0.6 # deny using sorbs name based list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ domains =+use_rbl_domains # rhsbl list is name based dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "mail" file = /etc/virtual/${domain}/filter file_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} condition = ${perl{save_virtual_user}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery virtual_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} #file_transport = address_file file_transport = devnull group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add file = /var/mail/$local_part group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 700 envelope_to_add file = /var/spool/virtual/${domain}/${local_part} group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once devnull: driver = appendfile file = /dev/null # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration ###################################################################### # SpamBlocker.exim.conf.2.0-release # # Runtime configuration file for DirectAdmin/Exim 4.24 and above # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # WARNING! Be sure to back up your previous exim.conf file before # # attempting to use this exim.conf file. # # # # Do may not use this exim.conf Exim configuration file unless you # # make the required modifications to your Exim configuration # # following the instructions in the README file included in this # # distribution. # # # # This is version "2.0 of the SpamBlocker exim.conf file as # # distributed by NoBaloney Internet Services for DirectAdmin based # # servers. # # # # More information about NoBaloney.net may be found at: # # http://www.nobaloney.net/ # # # # More information about DirectAdmin may be found at: # # http://www.directadmin.com/ # # # # This Exim configuration file has been modified from the original # # as distributed with Exim 4. The modifications have been made by: # # # # Jeff Lasman # # NoBaloney Internet Services # # 1254 So. Waterman Ave., Suite 50 # # San Bernardino, CA 92408 # # spamblocker@nobaloney.net # # (909) 266-9209 # # # # The SpamBlocker exim.conf file has been modified from the original # # exim.conf file as distributed with Exim 4, which includes the # # following copyright notice: # # # # Copyright (C) 2002 University of Cambridge, Cambridge, UK # # # # Portions of the file are taken from the exim.conf file as # # distributed with DirectAdmin (http://www.directadmin.com/), # # # # Copyright (C) 2003 JBMC Software, St Albert, AB, Canada # # # # Portions of this file are written by Jeff Lasman, of # # NoBaloney Internet Services and are copyright as follows: # # # # Copyright (C) 2004-2005 NoBaloney Internet Services, # # San Bernardino, Calif., USA # # # # The entire Exim 4 distribution, including the exim.conf file, is # # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # # June 1991. If you do not have a copy of the GNU GENERAL # # PUBLIC LICENSE you may download it, in it's entirety, from # # the website at: # # # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # # ###################################################################### # # # The most recent version of this SpamBlocker exim.conf file may # # always downloaded from the website at # # # # http://www.nobaloney.net/exim/exim.conf.spamblocked # # # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # # # Whenever you change Exim's configuration file, you *must* remember # # to HUP the Exim daemon, because it will not pick up the new # # configuration until you do. However, any other Exim processes that # # are started, for example, a process started by an MUA in order to # # send a message, will see the new configuration as soon as it is in # # place. # # # # You do not need to HUP the daemon for changes in auxiliary files # # that are referenced from this file. They are read every time they # # are used. # # # # It is usually a good idea to test a new configuration for # # syntactic correctness before installing it (for example, by # # running the command "exim -C /config/file.new -bV"). # # # ### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ### # # # YOU MUST MAKE THE CHANGES TO THIS SpamBlocked exim.conf file as # # documented in the README file. # # # # The README file for this version is named: # # README.SpamBlocker.exim.conf.2.0 # # # ###################################################################### # Specify your host's canonical name here. This should normally be the # fully qualified "official" name of your host. If this option is not # set, the uname() function is called to obtain the name. In many cases # this does the right thing and you need not set anything explicitly. # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # the next line is required to start the smtp auth script included # in DirectAdmin perl_startup = do '/etc/exim.pl' # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter = /etc/system_filter.exim # next line to allow incoming email submission port 587 # see also check_recipient second ruleset daemon_smtp_ports = 25 : 587 # SET SOME MEANINGFUL LIMITS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment message_size_limit = 20M smtp_receive_timeout = 5m smtp_accept_max = 100 message_body_visible = 3000 print_topbitchars = true # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery syslog_duplication = false # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message # define local lists addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains : localhost domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains hostlist auth_relay_hosts = * hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. You also need to comment "forbid_domain_literals" below. This is not # recommended for today's Internet. # DO NOT ALLOW HOST LITERALS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to uncomment the line # below and change the allow_domain_literals line below to true # to allow domain literals in your environment # local_domains_include_host_literals # The following line prevents Exim from recognizing addresses of the form # "user@[111.111.111.111]" that is, with a "domain literal" (an IP address) # instead of a named domain. The RFCs still require this form, but it makes # little sense to permit mail to be sent to specific hosts by their IP address # in the modern Internet, and this ancient format has been used by those # seeking to abuse hosts by using them for unwanted relaying. If you really # do want to support domain literals, remove the following line, and see # also the "domain_literal" router below. allow_domain_literals = false # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # DO HOST LOOKUP # OPTIONAL MODIFICATIONS: # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 0s # BOUNCE MESSAGES # OPTIONAL MODIFICATIONS: # When Exim can neither deliver a message nor return it to sender, it # "freezes" the delivery error message (aka "bounce message"). There are also # other circumstances in which messages get frozen. They will stay on the # queue forever unless one or both of the following options is set. # This option unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than five days. timeout_frozen_after = 5d # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key tls_advertise_hosts = * #auth_over_tls_hosts = * ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # to restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = * # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # sender domains whitelist # accept if sender domain is in whitelist accept sender_domains = +whitelist_domains # sender hosts whitelist # accept if sender host is in whitelist accept hosts = +whitelist_hosts accept hosts = +whitelist_hosts_ip # envelope senders whitelist # accept if envelope sender is in whitelist accept senders = +whitelist_senders # accept mail to postmaster in any local domain, regardless of source accept local_parts = postmaster domains = +local_domains # accept mail to abuse in any local domain, regardless of source accept local_parts = abuse domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source accept local_parts = hostmaster domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" deny message = Email blocked by LBL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # deny using hostname in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts # deny using IP in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts_ip # deny using email address in blacklist_senders deny message = Email blocked by BSAL - to unblock see http://www.example.com/ domains = use_rbl_domains deny senders = +blacklist_senders # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out #require verify = sender # deny using .spamhaus deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl.spamhaus.org # deny using ordb deny message = Email blocked by ORDB - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = relays.ordb.org # deny using sorbs smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = dnsbl.sorbs.net=127.0.0.5 # Next deny stuff from more "fuzzy" blacklists # but do bypass all checking for whitelisted host names # and for authenticated users # deny using spamcop deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = bl.spamcop.net # deny using njabl deny message = Email blocked by NJABL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.njabl.org # deny using cbl deny message = Email blocked by CBL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = cbl.abuseat.org # deny using all other sorbs ip-based blocklist besides smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.sorbs.net!=127.0.0.6 # deny using sorbs name based list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ domains =+use_rbl_domains # rhsbl list is name based dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "mail" file = /etc/virtual/${domain}/filter file_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} condition = ${perl{save_virtual_user}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery virtual_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} #file_transport = address_file file_transport = devnull group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add file = /var/mail/$local_part group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 700 envelope_to_add file = /var/spool/virtual/${domain}/${local_part} group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once devnull: driver = appendfile file = /dev/null # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration