| Current File : /home/inlingua/public_html/decay_sym/root/var/softaculous/apps/exim/3/exim.conf |
hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; localhost ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8
hostlist blocked_incoming_email_country_ips = ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} }
hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks
hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts
hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts
domainlist local_domains = lsearch;/etc/localdomains
domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}
domainlist blocked_domains = wildlsearch;/etc/blocked_incoming_email_domains
domainlist manualmx_domains = ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} }
localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N
smtp_accept_queue_per_connection = 30
remote_max_parallel = 10
smtp_receive_timeout = 165s
ignore_bounce_errors_after = 1d
rfc1413_query_timeout = 0s
timeout_frozen_after = 5d
auto_thaw = 7d
callout_domain_negative_expire = 1h
callout_negative_expire = 1h
acl_not_smtp = acl_not_smtp
acl_smtp_connect = acl_smtp_connect
acl_smtp_data = acl_smtp_data
acl_smtp_helo = acl_smtp_helo
acl_smtp_mail = acl_smtp_mail
acl_smtp_quit = acl_smtp_quit
acl_smtp_notquit = acl_smtp_notquit
acl_smtp_rcpt = acl_smtp_rcpt
USER_ON_BLACKLIST=User account is not allowed to send/recieve emails. User is suspended.
message_body_newlines = true
check_rfc2047_length = false
keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR
add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin
chunking_advertise_hosts = 198.51.100.1
deliver_queue_load_max = 12
queue_only_load = 24
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
tls_require_ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
timezone = UTC
spamd_address = 127.0.0.1 783 retry=30s tmo=3m
tls_certificate = /etc/exim/webuzo.crt
tls_privatekey = /etc/exim/webuzo.key
system_filter = /etc/exim/exim_system_filter
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.
#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.
######################################################################
# Runtime configuration file for Exim #
######################################################################
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
perl_startup = do '/etc/exim/exim.pl'
#dns_retry = 1
#dns_retrans = 1s
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.
smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
We do not authorize the use of this system to transport unsolicited, \n\
and/or bulk e-mail."
#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false
split_spool_directory = yes
smtp_connect_backlog = 50
smtp_accept_max = 100
# primary_hostname =
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
# qualify_domain =
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
message_body_visible = 5000
# Specify a set of options to control the behavior of OpenSSL. The default is to
# disable SSLv2 and SSLv3 due to weaknesses in these protocols.
# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.
# local_domains_include_host_literals
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
#host_lookup = 0.0.0.0/0
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.
# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.
# percent_hack_domains = *
#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers
tls_advertise_hosts = *
helo_accept_junk_hosts = *
smtp_enforce_sync = false
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
acl_not_smtp:
accept
acl_not_smtp_mime:
accept
acl_not_smtp_start:
accept
acl_smtp_auth:
accept
acl_smtp_connect:
drop
message = Your country is not allowed to connect to this server.
log_message = Country is banned
hosts = +blocked_incoming_email_country_ips
drop
message = Your host is not allowed to connect to this server.
log_message = Host is banned
hosts = +spammeripblocks
accept
acl_smtp_data:
accept
authenticated = *
hosts = *
warn condition = ${if !def:h_Message-ID: {1}}
set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
warn
# Remove spam headers from outside sources
condition = ${perl{spamd_is_available}}
!hosts = +skipsmtpcheck_hosts
remove_header = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report
warn
condition = ${perl{spamd_is_available}}
condition = ${if eq {${acl_m0}}{1}{1}{0}}
spam = ${acl_m1}/defer_ok
!hosts = : +trustedmailhosts
log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
add_header = X-Spam-Subject: ***SPAM*** $rh_subject
add_header = X-Spam-Status: Yes, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: ${sg{$spam_report}{\N\n \n\N}{\n}}
add_header = X-Spam-Flag: YES
add_header = X-Spam-Flag: NO
set acl_m2 = 1
warn
condition = ${perl{spamd_is_available}}
condition = ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}
warn
condition = ${perl{spamd_is_available}}
condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
add_header = X-Spam-Status: No, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Ham-Report: ${sg{$spam_report}{\N\n \n\N}{\n}}
add_header = X-Spam-Flag: NO
log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
accept
acl_smtp_etrn:
accept
acl_smtp_helo:
accept
acl_smtp_mail:
accept
authenticated = *
deny condition = ${if eq{$sender_helo_name}{} {1}}
message = Nice boys say HELO first
warn condition = ${if eq{$sender_host_name}{} {1}}
set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
drop
condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}}
message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
drop
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = "REJECTED - Interface: $interface_address is _my_ address"
# END INSERT requirehelonoforge
# BEGIN INSERT requirehelosyntax
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
# Required because "[IPv6:<address>]" will have no .s
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.$\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
accept
acl_smtp_mailauth:
accept
acl_smtp_mime:
# File extension filtering.
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
accept
acl_smtp_notquit:
accept authenticated = *
accept hosts = : +loopback
warn
#only rate limit port 25
condition = ${if eq {$received_port}{25}{yes}{no}}
condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
ratelimit = 1.2 / 1h / strict / per_conn
accept
acl_smtp_predata:
accept
acl_smtp_quit:
warn
log_message = "Detected session with all messages failed"
condition = ${if >= {${eval:$rcpt_count}}{1}{${if == {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
set acl_m6 = 1
warn
condition = ${if eq {${acl_m6}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn / slow_fail_block_$sender_host_address
log_message = "Increment slow_fail_block Ratelimit - $sender_fullhost because of all messages failed"
warn
ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address
condition = ${if >= {${eval:$rcpt_count}}{1}{${if < {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}
set acl_m5 = 1
log_message = "Detected session with ok message that previous had all failed"
warn
condition = ${if eq {${acl_m5}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn / slow_fail_accept_$sender_host_address
log_message = "Decrement slow_fail_lock Ratelimit - $sender_fullhost because one message was successful"
accept
acl_smtp_rcpt:
accept hosts = :localhost : +loopback
control = dkim_disable_verify
deny
message = YOUR DOMAIN IS BLOCKED.
log_message = Sender domain is banned
sender_domains = !+local_domains : +blocked_domains
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains. The only way to check local parts for the remote
# relay domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
require verify = recipient
# implemented for "suspend incoming email" feature
deny
domains = !$primary_hostname : +local_domains
condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}}}}}{$value}}/etc/.${sg{$local_part}{\N[/+].*\N}{}}@${domain}.suspended_incoming}}
message = 525 5.7.13 Disabled recipient address
log_message = Mail to ${local_part}@${domain} has been suspended
# implemented for "suspend outgoing email" feature for domains and individual
#deny
# domains = ! +local_domains
# condition = ${perl{check_outgoing_mail_suspended}}
# message = ${perl{get_outgoing_mail_suspended_message}}
# log_message = ${perl{get_outgoing_mail_suspended_message}}
# implemented for "suspend incoming/outgoing email" feature for user
deny
condition = ${lookup{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}lsearch{/etc/user_suspended_list}{1}{0}}
message = USER_ON_BLACKLIST
log_message = USER_ON_BLACKLIST
accept
authenticated = *
condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}}}{$sender_address_local_part}}
endpass
verify = recipient
accept
authenticated = *
endpass
verify = recipient
drop
condition = ${if eq{$received_port}{587}{1}{0}}
message = SMTP AUTH is required for message submission on port 587
require
verify = recipient
accept
condition = ${extract{suspended}{$address_data}}
warn
log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
set acl_m7 = 1
warn
condition = ${if eq {${acl_m7}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"
drop
condition = ${if eq {${acl_m7}}{1}{1}{0}}
message = "Number of failed recipients exceeded. Come back in a few hours."
warn
domains = +local_domains
condition = ${if <= {$message_size}{1000K}}
condition = ${if !eq{${acl_m0}}{1}}
condition = ${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${if eq{$domain}{$primary_hostname}{${sg{$local_part}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}}}}}/.spamassassindisable}{0}{1}}}}
set acl_m0 = 1
#
set acl_m1 = ${if eq{$domain}{$primary_hostname}{${sg{$local_part_data}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}
accept
acl_smtp_starttls:
accept
acl_smtp_vrfy:
accept
acl_smtp_dkim:
accept
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
#!!#######################################################!!#
#!!# Here follow routers created from the old routers, #!!#
#!!# for handling non-local domains. #!!#
#!!#######################################################!!#
begin routers
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# Check Demo user
democheck:
driver = redirect
require_files = "+/etc/demouids"
condition = ${if >= {$originator_uid}{100}{1}{0}}
condition = "${extract{size}{${stat:/etc/demouids}}}"
condition = "${if eq \
{${lookup \
{$originator_uid} \
lsearch{/etc/demouids} \
{$value} \
}} \
{} \
{false} \
{true} \
}"
allow_fail
data = :fail: demo accounts are not permitted to relay email
# check email count per hour domain or user || Check other stuff also (TODO E.G. SUSPEND DOMAIN, USER AND PERTICULAR EMAIL ACCOUNT)
check_mail_validity:
domains = ! +local_domains
condition = ${if eq {$authenticated_id}{root}{0}{1}}
ignore_target_hosts = +loopback
driver = redirect
allow_fail
#allow_filter
allow_defer
#reply_transport = address_reply
no_verify
user = "exim"
expn = false
condition = "${perl{check_mail_validity}}"
data = "${perl{check_mail_validity_results}}"
#
# Increments max emails per hour if needed (to do)
#
increment_email_per_hour_count:
domains = ! +local_domains
ignore_target_hosts = +loopback
condition = ${if eq {$authenticated_id}{root}{0}{1}}
driver = redirect
allow_fail
no_verify
one_time
expn = false
condition = "${perl{increment_email_per_hour_count_if}}"
data = ":unknown:"
manualmx:
driver = manualroute
domains = +manualmx_domains
transport = remote_smtp
route_data = ${lookup \
{$domain} \
lsearch{/etc/manualmx} \
}
autoreply_dkim_lookuphost:
driver = dnslookup
domains = ! +local_domains
condition = "${perl{sender_domain_can_dkim_sign}}"
condition = "${if \
or { \
{match{$h_precedence:}{auto}} \
{match{$h_x-precedence:}{auto}} \
} \
{1}{0} \
}"
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback
headers_add = "${perl{mailtrapheaders}}"
transport = dkim_remote_smtp
dkim_lookuphost:
driver = dnslookup
domains = ! +local_domains
condition = "${perl{sender_domain_can_dkim_sign}}"
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback
headers_add = "${perl{mailtrapheaders}}"
transport = dkim_remote_smtp
lookuphost:
driver = dnslookup
domains = ! +local_domains
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback
headers_add = "${perl{mailtrapheaders}}"
transport = remote_smtp
literal:
driver = ipliteral
domains = ! +local_domains
ignore_target_hosts = +loopback : 64.94.110.0/24
headers_add = "${perl{mailtrapheaders}}"
transport = remote_smtp
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# filter on user level
user_filter:
driver = redirect
allow_filter
allow_fail
forbid_filter_run
forbid_filter_perl
forbid_filter_lookup
forbid_filter_readfile
forbid_filter_readsocket
no_check_local_user
domains = lsearch;/etc/userdomains
require_files = "${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/filter"
condition = "${extract \
{size} \
{${stat:${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/filter}} \
}"
file = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/filter
file_transport = address_file
directory_transport = address_directory
reply_transport = address_reply
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
user = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
group = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
no_verify
# A filter on Domain level
domain_filter:
driver = redirect
allow_filter
allow_fail
forbid_filter_run
forbid_filter_perl
forbid_filter_lookup
forbid_filter_readfile
forbid_filter_readsocket
no_check_local_user
domains = lsearch;/etc/userdomains
require_files = "${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/filter"
condition = "${extract \
{size} \
{${stat:${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/filter}} \
}"
file = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/filter
file_transport = address_file
directory_transport = address_directory
reply_transport = address_reply
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
user = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
group = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
no_verify
# A filter on Email level
email_filter:
driver = redirect
allow_filter
allow_fail
forbid_filter_run
forbid_filter_perl
forbid_filter_lookup
forbid_filter_readfile
forbid_filter_readsocket
no_check_local_user
domains = lsearch;/etc/userdomains
require_files = "${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/${local_part}/filter"
condition = "${extract \
{size} \
{${stat:${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/${local_part}/filter}} \
}"
file = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/${local_part}/filter
file_transport = address_file
directory_transport = address_directory
reply_transport = address_reply
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
user = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
group = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
local_part_suffix = +*
local_part_suffix_optional
retry_use_local_part
no_verify
#autoreply exists
#both passwd and forwarders do not have local_part.
userautoreply:
driver = accept
domains = lsearch;/etc/userdomains
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
user = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
#local_parts = ${lookup{$local_part} dsearch,ret=full{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/autorespond/}}
condition = ${if exists{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/autorespond/${local_part}/${local_part}@${perl{untaint}{$domain}}.msg}{yes}{no}}
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
require_files = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/autorespond/${local_part}/${local_part}@${perl{untaint}{$domain}}.msg
condition = ${if exists{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/passwd}}
condition = ${lookup{$local_part}lsearch{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/passwd}{yes}{no}}
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = userautoreply
unseen
virtual_aliases:
driver = redirect
allow_defer
allow_fail
domains = lsearch;/etc/userdomains
user = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
group = "${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}"
address_data = \
"router=$router_name \
redirect=${quote:${lookup \
{$local_part} \
lsearch{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/aliases} \
}}"
data = ${extract{redirect}{$address_data}}
file_transport = address_file
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain_data} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
local_part_suffix = +*
local_part_suffix_optional
retry_use_local_part
unseen
virtual_user_overquota:
driver = redirect
domains = ${lookup{$domain}lsearch{/etc/userdomains}{${perl{untaint}{$domain}}}}
require_files = "+$home/etc/$domain"
user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
group = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
# NB: On busy servers Dovecot may take several seconds to respond to
# this request. So we set the timeout generously:
condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain_data}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"
data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
verify_only
allow_fail
#
# Virtual User Spam Boxes
#
virtual_user_spam:
driver = redirect
local_parts = +path_safe_localparts
domains = \
: ${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{${perl{untaint}{$domain}}} \
}
condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
require_files = \
"+${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}/.spamassassinenable: \
+${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain_data} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}/mail/$domain/$local_part"
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
headers_remove="x-uidl"
data = "${quote_local_part:$local_part}+spam@${domain}"
redirect_router = virtual_user
virtual_user:
driver = accept
domains = \
: ${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{${perl{untaint}{$domain}}} \
}
local_parts = +path_safe_localparts
require_files = "+${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}/mail/$domain/$local_part"
router_home_directory = ${extract \
{5} \
{::} \
{${lookup passwd \
{${lookup \
{$domain_data} \
lsearch{/etc/userdomains} \
{$value} \
}} \
{$value} \
}} \
}
headers_remove="x-uidl"
local_part_suffix = +*
local_part_suffix_optional
user = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
group = "${lookup{$domain}lsearch{/etc/userdomains}{$value}}"
transport = dovecot_virtual_delivery
set = r_bcc_addr=${if forany \
{${addresses:$h_to:}:${addresses:$h_cc:}} \
{or { \
{eqi \
{${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
{$local_part@$domain} \
} \
{eqi \
{${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
{$original_local_part@$original_domain} \
} \
}} \
{} \
{$local_part@$domain} \
}
set = r_webuzo_u=${lookup \
{$domain} \
lsearch{/etc/userdomains} \
{$value} \
}
# TODO
valias_domain_file:
driver = redirect
allow_defer
allow_fail
domains = lsearch;/etc/userdomains
user = "${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}"
group = "${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}"
condition = ${lookup {$domain_data} lsearch {${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain_data/domaliases}{yes}{no} }
address_data = router=$router_name redirect=${quote:${quote_local_part:$local_part}@${lookup{$domain_data}lsearch{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain_data/domaliases}}}
data = ${extract{redirect}{$address_data}}
local_aliases:
driver = redirect
require_files = /etc/localaliases
allow_defer
allow_fail
domains = $primary_hostname : localhost
address_data = \
"router=$router_name \
redirect=${quote: \
${lookup \
{$local_part} \
lsearch{/etc/localaliases} \
}}"
data = ${extract{redirect}{$address_data}}
file_transport = address_file
pipe_transport = address_pipe
check_local_user
userforward:
driver = redirect
allow_filter
allow_fail
forbid_filter_run
forbid_filter_perl
forbid_filter_lookup
forbid_filter_readfile
forbid_filter_readsocket
check_ancestor
check_local_user
domains = $primary_hostname
no_expn
require_files = "+$home/.forward"
condition = "${extract{size}{${stat:$home/.forward}}}"
file = $home/.forward
file_transport = address_file
reply_transport = address_reply
directory_transport = address_directory
user = $local_part_data
group = $local_part_data
no_verify
localuser_root:
driver = redirect
allow_fail
domains = $primary_hostname : localhost
check_local_user
condition = ${if eq {$local_part_data}{root}}
data = :fail: root cannot accept local mail deliveries
localuser_overquota:
driver = redirect
domains = $primary_hostname
check_local_user
# NB: On busy servers Dovecot may take several seconds to respond to
# this request. So we set the timeout generously:
condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"
data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
verify_only
allow_fail
#
# Optimized spambox router
#
localuser_spam:
driver = redirect
domains = $primary_hostname
require_files = "+$home/.spamassassinenable"
condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
# sets home,user,group
check_local_user
headers_remove="x-uidl"
data = "${quote_local_part:$local_part_data}+spam"
redirect_router = localuser
localuser:
driver = accept
# sets home,user,group
check_local_user
domains = $primary_hostname
headers_remove="x-uidl"
local_part_suffix = +*
local_part_suffix_optional
user = $local_part_data
group = $local_part_data
transport = dovecot_delivery
set = r_bcc_addr=${if forany \
{${addresses:$h_to:}:${addresses:$h_cc:}} \
{or { \
{ eqi \
{${extract \
{1} \
{+} \
{${local_part:$item}} \
}@${domain:$item}} \
{$local_part@$domain} \
} \
{ eqi \
{${extract \
{1} \
{+} \
{${local_part:$item}} \
}@${domain:$item}} \
{$original_local_part@$original_domain} \
} \
}} \
{} \
{$local_part@$domain} \
}
set = r_webuzo_u=${local_part}
#To catch all the failed mail
catchall:
driver = redirect
domains = lsearch;/etc/userdomains
address_data = \
"router=$router_name \
redirect=${quote:${lookup \
{*} \
lsearch{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/aliases} \
}}"
data = ${extract{redirect}{$address_data}}
allow_fail
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# This transport is used for delivering messages over SMTP connections.
begin transports
remote_smtp:
driver = smtp
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = default
dkim_private_key = /var/webuzo-data/mail/dkim/private/${perl{untaint}{${dkim_domain}}}
dkim_canon = relaxed
remote_smtp_old:
driver = smtp
#interface = <; ${if > {${extract{size}{${stat:/etc/mailips}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{/etc/mailips}{$value}{${lookup{${if match_domain{$original_domain}{+relay_domains}{${lc:$original_domain}}{}}}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
#helo_data = ${if > {${extract{size}{${stat:/etc/mailhelo}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{/etc/mailhelo}{$value}{${lookup{${if match_domain{$original_domain}{+relay_domains}{${lc:$original_domain}}{}}}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
#hosts_try_chunking = 198.51.100.1
helo_data = ${lookup dnsdb{ptr=$sending_ip_address}{$value}{$primary_hostname}}
dkim_domain = ${lc:${domain:$h_from:}}
dkim_remote_smtp:
driver = smtp
interface = <; ${if > {${extract{size}{${stat:/etc/mailips}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{/etc/mailips}{$value}{${lookup{${if match_domain{$original_domain}{+relay_domains}{${lc:$original_domain}}{}}}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
#helo_data = ${if > {${extract{size}{${stat:/etc/mailhelo}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{/etc/mailhelo}{$value}{${lookup{${if match_domain{$original_domain}{+relay_domains}{${lc:$original_domain}}{}}}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = x
dkim_private_key = "/var/webuzo-data/mail/dkim/private/${perl{untaint}{${dkim_domain}}}"
dkim_canon = relaxed
helo_data = ${lookup dnsdb{ptr=$sending_ip_address}{$value}{$primary_hostname}}
#hosts_try_chunking = 198.51.100.1
address_directory:
driver = pipe
command = /usr/libexec/dovecot/dovecot-lda -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
message_prefix =
message_suffix =
log_output
delivery_date_add
envelope_to_add
return_path_add
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
return_output
address_file:
driver = pipe
command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
message_prefix =
message_suffix =
log_output
delivery_date_add
envelope_to_add
return_path_add
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
dovecot_delivery:
driver = lmtp
socket = /var/run/dovecot/lmtp
batch_max = 200
batch_id = "$r_webuzo_u ${if def:r_bcc_addr {$r_bcc_addr}}"
rcpt_include_affixes
delivery_date_add
envelope_to_add
return_path_add
vmail_delivery:
driver = lmtp
user = "${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}"
group = "${lookup{$domain_data}lsearch{/etc/userdomains}{$value}}"
socket = /var/run/dovecot/lmtp
batch_max = 200
batch_id = "$r_webuzo_u ${if def:r_bcc_addr {$r_bcc_addr}}"
rcpt_include_affixes
delivery_date_add
envelope_to_add
return_path_add
dovecot_virtual_delivery:
driver = appendfile
delivery_date_add
#directory_mode = 770
envelope_to_add
#router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
directory = $home/mail/${lookup{$domain}dsearch{$home/mail/}}/${lookup{$local_part}dsearch{$home/mail/${lookup{$domain}dsearch{$home/mail/}}/}}
#file = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/mail/$domain/$local_part
maildir_format
create_directory = true
group = ${lookup{$domain}lsearch{/etc/userdomains}{$value}}
mode = 0660
return_path_add
user = ${lookup{$domain}lsearch{/etc/userdomains}{$value}}
quota = ${if exists{$home/etc/${perl{untaint}{$domain}}/quota}{${lookup{${lc:$local_part}}lsearch{$home/etc/${perl{untaint}{$domain}}/quota}{$value}{0}}}{0}}
address_reply:
driver = autoreply
#COMMENT#59:
userautoreply:
driver = autoreply
file = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/autorespond/${local_part}/${local_part}@${perl{untaint}{$domain}}.msg
from = "${local_part}@${domain}"
no_return_message
subject = ${if def:h_Subject: {\
${if exists{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/autorespond/${local_part}/${local_part}@${domain}.subj}\
{${readfile{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/${perl{untaint}{$domain}}/autorespond/${local_part}/${local_part}@${domain}.subj}{}}}\
{Autoreply}\
}: ${quote:${escape:${length_60:$h_Subject:}}}}\
{Autoreply Message}}
to = "${reply_address}"
######################################################################
# RETRY CONFIGURATION #
######################################################################
# Domain Error Retries
# ------ ----- -------
begin retry
* * F,4h,5m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration