tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DirectAdmin-1.62.4/update/data/templates/exim3.conf
tuend-work 4478491d73 z
2025-11-13 07:41:56 +07:00

608 lines
21 KiB
Plaintext
Raw Permalink Blame History

# An Exim configuration for 3.33 that supports virtual email users
# with separate aliases and passwd files and mail spool locations
# for each domain.
# 21/Sep/2001 reed -- please let me know how this can be improved
######################################################################
# Runtime configuration file for Exim #
######################################################################
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available
# from the Exim ftp sites. The manual is also online via the Exim web sites.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
############ IMPORTANT ########## IMPORTANT ########### IMPORTANT ############
# #
# Whenever you change Exim's configuration file, you *must* remember to HUP #
# the Exim daemon, because it will not pick up the new configuration until #
# until you do this. It is usually a good idea to test a new configuration #
# for syntactic correctness (e.g. using "exim -C /config/file -bV") first. #
# #
############ IMPORTANT ########## IMPORTANT ########### IMPORTANT ############
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.
# primary_hostname =
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
# qualify_domain =
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
perl_startup = do '/etc/exim.pl'
message_filter = /etc/system_filter.exim
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
local_domains = lsearch;/etc/virtual/domains
# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.
# local_domains_include_host_literals
# The following line prevents Exim from recognizing addresses of the form
# "user@[111.111.111.111]" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.
forbid_domain_literals
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
host_auth_accept_relay = *
#auth_hosts = *
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
host_accept_relay = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
relay_domains = lsearch;/etc/virtual/domains : localhost
#
# See the section of the manual entitled "Control of relaying" for more
# information.
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
# host_lookup = *
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# By default, Exim does not make any checks, other than syntactic ones, on
# incoming addresses during the SMTP dialogue. This reduces delays in SMTP
# transactions, but it does mean that you might accept messages with unknown
# recipients, and/or bad senders.
# Uncomment this line if you want incoming recipient addresses to be verified
# during the SMTP dialogue. Unknown recipients are then rejected at this stage,
# and the generation of a failure message is the job of the sending host.
# receiver_verify
# Uncomment this line if you want incoming sender addresses (return-paths) to
# be verified during the SMTP dialogue. Verification can normally only check
# that the domain exists.
# sender_verify
# Exim contains support for the Realtime Blackhole List (RBL) that is being
# maintained as part of the DNS. See http://mail-abuse.org/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at blackholes.mail-abuse.org.
# Some others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and there are also a number of other lists
# of various kinds at orbs.org.
# rbl_domains = blackholes.mail-abuse.org
# rbl_domains = blackholes.mail-abuse.org:dialups.mail-abuse.org
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.
# percent_hack_domains = *
# When Exim can neither deliver a message nor return it to sender, it "freezes"
# the delivery error message (aka "bounce message"). There are also other
# circumstances in which messages get frozen. They will stay on the queue for
# ever unless one of the following options is set.
# This option unfreezes unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.
ignore_errmsg_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
rfc1413_query_timeout = 0s
trusted_users = mail:majordomo:apache
end
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a director or a router that
# successfully handles an address.
# Spam Assassin
spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
transport_filter = /usr/bin/spamc
bsmtp = all
home_directory = "/tmp"
current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in!
user = mail
group = mail
return_path_add = false
log_output = true
return_fail_output = true
prefix =
suffix =
#majordomo
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
user = ${local_part}
group = mail
mode = 0660
## for delivering virtual domains to their own mail spool
virtual_localdelivery:
driver = appendfile
create_directory = true
directory_mode = 700
file = /var/spool/virtual/${domain}/${local_part}
delivery_date_add
envelope_to_add
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
group = mail
mode = 660
## vacation transport
uservacation:
driver = autoreply
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once
file = /etc/virtual/${domain}/reply/${local_part}.msg
log = /etc/virtual/${domain}/reply/${local_part}.log
return_message = false
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
from = "${local_part}@${domain}"
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {I am on vacation}}"
userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once
file = /etc/virtual/${domain}/reply/${local_part}.msg
log = /etc/virtual/${domain}/reply/${local_part}.log
return_message = false
from = "${local_part}@${domain}"
to = "${sender_address}"
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {Autoreply Message}}"
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
group = nobody
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
end
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).
#Spam Assassin
#spamcheck_director:
# condition = "${if eq {$received_protocol}{spam-scanned} {0}{1}}"
# driver = smartuser
# transport = spamcheck
majordomo_aliases:
driver = aliasfile
optional = true
file = /etc/virtual/${domain}/majordomo/list.aliases
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
pipe_transport = majordomo_pipe
search_type = lsearch
no_rewrite
user = majordomo
group = daemon
majordomo_private:
driver = aliasfile
optional = true
condition = "${if eq {$received_protocol} {local} \
{true} {false} }"
file = /etc/virtual/${domain}/majordomo/private.aliases
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
pipe_transport = majordomo_pipe
search_type = lsearch
user = majordomo
group = daemon
domain_filter:
driver = forwardfile
file = /etc/virtual/${domain}/filter
no_check_local_user
no_verify
filter
file_transport = address_file
pipe_transport = virtual_address_pipe
uservacation:
driver = aliasfile
file = /etc/virtual/${domain}/vacation.conf
search_type = lsearch
transport = uservacation
optional = true
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors or lists
senders = "! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*"
# do not reply to errors and bounces or lists
condition = "${if or {{match {$h_precedence:} {(?i)junk|bulk|list}} \
{eq {$sender_address} {}}} {no} {yes}}"
# carry on checking regardless of the outcome of this director...
unseen
no_expn
no_verify
user = mail
userautoreply:
driver = aliasfile
file = /etc/virtual/${domain}/autoresponder.conf
search_type = lsearch
transport = userautoreply
optional = true
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors or lists
senders = "! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*"
# do not reply to errors and bounces or lists
condition = "${if or {{match {$h_precedence:} {(?i)junk|bulk|list}} \
{eq {$sender_address} {}}} {no} {yes}}"
#need no verify for the require_files so that it doesn't give up root or something
#no_expn
no_verify
unseen
user = mail
virtual_aliases_nostar:
driver = aliasfile
file = /etc/virtual/${domain}/aliases
search_type = lsearch
#include_domain = true
optional = true
group = mail
file_transport = address_file
pipe_transport = virtual_address_pipe
unseen
virtual_user:
driver = aliasfile
transport = virtual_localdelivery
file = /etc/virtual/${domain}/passwd
domains = lsearch;/etc/virtual/domainowners
optional = true
search_type = lsearch
group = mail
virtual_aliases:
driver = aliasfile
file = /etc/virtual/$domain/aliases
search_type = lsearch*
#include_domain = true
optional = true
group = mail
file_transport = address_file
pipe_transport = virtual_address_pipe
# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.
userforward:
driver = forwardfile
file = .forward
no_verify
no_expn
check_ancestor
filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
system_aliases:
driver = aliasfile
file = /etc/aliases
search_type = lsearch
# user = exim
file_transport = address_file
pipe_transport = address_pipe
# This director matches local user mailboxes.
localuser:
driver = localuser
transport = local_delivery
end
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.
lookuphost:
driver = lookuphost
transport = remote_smtp
ignore_target_hosts = 127.0.0.0/8
# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.
# domain_literal:
# driver = ipliteral
# transport = remote_smtp
end
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
end
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
end
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default configuration file.
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{smtpauth}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1
# End of Exim configuration file
Reference in New Issue View Git Blame Copy Permalink