tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
585bff665cb4205878b8eb86029ff28468f2c5f9
DirectAdmin-1.62.4/directadmin-1.62.4/data/templates/exim4.conf
tuend-work 0b28a76e20 ud
2025-11-12 23:24:15 +07:00

925 lines
39 KiB
Plaintext
Raw Blame History

######################################################################
# Runtime configuration file for Exim #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# WARNING! Be sure to back up your previous exim.conf file before #
# attempting to use this exim.conf file. #
# #
# Do may not use this exim.conf Exim configuration file unless you #
# make the required modifications to your Exim configuration #
# following the instructions found below, in the section marked #
# "MODIFICATION INSTRUCTIONS". #
# #
# This is version "RSS-1.0da" of the exim.conf file as distributed #
# by nobaloney.net. #
# #
# The "RSS" stands for "Really Stop Spam", as the author believes #
# this distribution of the exim.conf file will Really Stop Spam. #
# Note that "Really Stop Spam" is both a trademark and a service #
# mark of nobaloney.net. #
# #
# The "da" stands for DirectAdmin as this distribution of the #
# exim.conf file is specific to the DirectAdmin control panel #
# installation. More information about DirectAdmin may be found at #
# http://www.directadmin.com. #
# #
# This Exim configuration file has been modified from the original #
# as distributed with Exim 4. The modifications have been made by: #
# #
# Jeff Lasman #
# nobaloney.net #
# P. O. Box 52672 #
# Riverside, CA 92517 #
# info@nobaloney.net #
# (909) 324-9706 #
# #
# Note that neither nobaloney.net nor Jeff Lasman have any #
# affiliation with DirectAdmin. #
# #
######################################################################
# #
# The most recent version of this distribution may always be #
# downloaded from the website at #
# #
# http://www.nobaloney.net/exim/exim.conf.spamblocked #
# #
######################################################################
# #
# Portions of this file are taken from the exim.conf file as #
# distributed with Exim 4, which includes the following copyright #
# notice: #
# #
# Copyright © 2002 University of Cambridge, Cambridge, UK #
# #
# Portions of this file are taken from the exim.conf file as #
# distributed with DirectAdmin (http://www.directadmin.com/), #
# #
# © 2003 JBMC Software, St Albert, AB, Canada #
# #
# Portions of this file are written by Jeff Lasman, of #
# nobaloney.net and are copyright as follows: #
# #
# Copyright © 2004 nobaloney.net, Riverside, Calif., USA #
# #
# The entire Exim 4 distribution, including this file, is #
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, #
# June 1991. If you do not have a copy of the GNU GENERAL #
# PUBLIC LICENSE you may download it, in it's entirety, from #
# the website at #
# #
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt #
# #
######################################################################
# #
# This file is divided into several parts, all but the first of #
# which are# headed by a line starting with the word "begin". Only #
# those parts that are required need to be present. Blank lines, and #
# lines starting with # are ignored. #
# #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# #
# Whenever you change Exim's configuration file, you *must* remember #
# to HUP the Exim daemon, because it will not pick up the new #
# configuration until you do. However, any other Exim processes that #
# are started, for example, a process started by an MUA in order to #
# send a message, will see the new configuration as soon as it is in #
# place. #
# #
# You do not need to HUP the daemon for changes in auxiliary files #
# that are referenced from this file. They are read every time they #
# are used. #
# #
# It is usually a good idea to test a new configuration for #
# syntactic correctness before installing it (for example, by #
# running the command "exim -C /config/file.new -bV"). #
# #
### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ###
# #
# YOU MUST MAKE THE FOLLOWING CHANGES TO DIRECTADMIN: #
# 1) Add a file /etc/virtual/blacklist_domains #
# This file should contain the domain names of so-called legal #
# spammers and other spam sources that do not always get caught #
# by blocklists, but that, nevertheless, you do not want to be #
# able to send spam to your domains on your server for which #
# you've enabled spamblocking. #
# #
# 2) Add a file /etc/virtual/whitelist_from #
# This file should contain the fully-qualified hostnames or IP#s #
# of servers that you DO want to be able to get email from even #
# if they're otherwise caught by blocklists. Your own domain #
# need not be listed here to enable you to get unblock requests, #
# whitelisting of email to your "errors" address will be handled #
# separately, below. #
# #
# 3) Add a file /etc/virtual/use_rbl_domains #
# This is a list of domains on your server that want spamblocking #
# to be used for them so they won't get spam. Spam will not be #
# blocked for any domains on your server unless they're listed #
# in this file. Note that the domain names in this file should #
# follow the same format as the domain names in the #
# /etc/virtual/domains file. You may just copy the domains file #
# to this file if you wish to use spamblocking for all your #
# domains but we recommend giving your domain users a choice. #
# #
# Note that the above files should have the same ownership and #
# permissions as /etc/virtual/domains. Normally this should be: #
# owner = mail, group = mail, chmod 644. #
# #
# YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO YOUR WEBISTE: #
# #
# Note that if anyone is blocked while trying to send you a #
# legitimate (non-spam) email, the "non-delivery" message they'll #
# get will include a reference to a webpage where they'll need to #
# vist to get their email addressed unblocked. You should create #
# such a webpage before you implement this file. The webpage may #
# include either a form for them to send you the information you #
# need to unblock them, or instructions for them to email you so you #
# can unblock them. #
# #
# You'll need the full name of their server to unblock them, by #
# putting the server name into the /etc/virtual/whitelist_from #
# file. There are two ways you can get this information: #
# #
# 1) You can create a form that will ask them for the address #
# they're trying to reach, the address they're sending the email #
# from, and the canonical name of their email server. Since they #
# may not know the name of their email server, this must be #
# optional, and if they leave it blank you'll have to find their #
# attempt to send email in your exim /var/log/exim/rejectlog file #
# and get the name of the server from there. #
# #
# 2) You can ask them to send you an email from the same address #
# that they were blocked from, but to (for example) #
# "errors@example.com" (but changing it to an address you want to #
# use, at one of your domains). When they send you the email you #
# should be able to find the name of their server in the headers #
# of the incoming email. #
# #
# Either way, you'll need to put the canonical name of their #
# nameserver into your /etc/virtual/whitelist_from file. #
# #
# You won't use the name they're sending email to for any purpose, #
# except possibly to verify the attempt in your #
# /var/log/exim/rejectlog file. It's really just a "red-herring" so #
# no one will just send you their email address and server name so #
# they can then spam your users. #
# #
# YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO THIS FILE: #
# #
# Wherever you find the domain name "example.com" you must make #
# changes to customize this file for your server. If you leave #
# the sample "example.com" domain in this file then you will most #
# likely get false positives hits as spam and you will not notify #
# the senders how to be unblocked. #
# #
# YOU MUST change "example.com" to the domain name you'll be using #
# for an explanation website for anyone who gets blocked who #
# shouldn't be blocked (see notes above). #
# #
# Additionally, wherever "example.com" is used in an error message #
# being sent because an email is blocked, you should make sure that #
# the domain name includes any optional page you want senders to be #
# sent to in order to get themselves unblocked. #
# #
######## OPTIONAL MODIFICATIONS ###### OPTIONAL MODIFICATIONS ########
# #
# Optional modifications are marked below as: #
# # OPTIONAL MODIFICATIONS #
# #
# Check below for any optional modifications you wish to make to #
# this exim.conf file before installing it. #
# #
# Any settings below should not be commented out, uncommented, or #
# changed, unless they're marked with the OPTIONAL MODIFICATIONS #
# line unless you're sure what you are doing or you may break your #
# exim server configuration. #
# Should you break your exim configuration you should reinstall your #
# exim.conf file from scratch, either from a backup of the file you #
# used previously, or from one newly downloaded from our site (see #
# above) or from DirectAdmin. #
# #
######################################################################
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.
# primary_hostname =
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
# qualify_domain =
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# the next line is required to start the smtp auth script included
# in DirectAdmin
perl_startup = do '/etc/exim.pl'
# the next line is required to start the system_filter included in
# DirectAdmin to refuse potentiallly harmful payloads in
# email messages
system_filter = /etc/system_filter.exim
# SET SOME MEANINGFUL LIMITS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment
message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
# ALLOW UNDERSCORE IN EMAIL DOMAIN NAME
# domains shouldn't use the underscore character "_" but some
# may. Because John Postel, one of the architects of the Internet,
# said "Be liberal in what you accept and conservative in what you
# transmit, we choose to allow underscore in email domain names so we
# can receive email form domains which use the underscore character
# in their domain name.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment
helo_allow_chars = _
# CHANGE LOGGING BEHAVIOR
# We weren't happy with the default Exim logging behavior through
# syslog; it didn't give us enough information. So we turned off
# syslog behavior and changed the logging behavior to give us what we
# felt was more helpful information. You may choose to delete or modify
# this section.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment
# define what to log:
# define the => log lines
# +delivery_size
# +sender_on_delivery
#
# define the <= log lines:
# +received_recipients
# +received_sender
# +smtp_confirmation
# +subject
#
# define other non '<= =>' log lines:
# +smtp_incomplete_transaction
###################################
# define what to not log:
# define other non "<= =>' log lines:
# -dnslist_defer
# -host_lookup_failed
# -queue_run
# -rejected_header
# -retry_defer
# -skip_delivery
###################################
log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery
syslog_duplication = false
# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
# define local lists
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_from = lsearch;/etc/virtual/whitelist_from
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist auth_relay_hosts = *
# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.
# DO NOT ALLOW HOST LITERALS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to uncomment the line
# below and change the allow_domain_literals line below to true
# to allow domain literals in your environment
# local_domains_include_host_literals
# The following line prevents Exim from recognizing addresses of the form
# "user@[111.111.111.111]" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.
allow_domain_literals = false
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# DO HOST LOOKUP
# OPTIONAL MODIFICATIONS:
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = *
# DISALLOW IDENT CALLBACKS
# OPTIONAL MODIFICATIONS:
# Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session. By default
# we disable callbacks for incoming SMTP calls. You may change
# rfc1413_query_timeout to 30s or some other positive number of seconds to
# enable callbacks for incoming SMTP calls.
rfc1413_hosts = *
rfc1413_query_timeout = 0s
# BOUNCE MESSAGES
# OPTIONAL MODIFICATIONS:
# When Exim can neither deliver a message nor return it to sender, it
# "freezes" the delivery error message (aka "bounce message"). There are also
# other circumstances in which messages get frozen. They will stay on the
# queue forever unless one or both of the following options is set.
# This option unfreezes unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.
ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than five days.
timeout_frozen_after = 5d
# TRUSTED USERS
# OPTIONAL MODIFICATIONS:
# if you must add additional trusted users, do so here; continue the
# colon-delimited list
trusted_users = mail:majordomo:apache
# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *
#auth_over_tls_hosts = *
######################################################################
# ACLs #
######################################################################
begin acl
# ACL that is used after the RCPT command
check_recipient:
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
# Deny for local domains if local parts begin with a dot or
# contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts but blocks outgoing
# local parts that begin with a dot, slash, or vertical bar
# but allows them within the local part. The sequence \..\
# is barred. The usage of @ % and ! is barred as before. The
# motiviation is to prevent your users (or their virii) from
# mounting certain kinds of attacks on reverse sites.
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# accept email from anyone in the whitelist_from list
accept domains = +whitelist_from
# accept mail to postmaster in any local domain, regardless of source
accept local_parts = postmaster
domains = +local_domains
# accept mail to abuse in any local domain, regardless of source
accept local_parts = abuse
domains = +local_domains
# accept mail to hostmaster in any local domain, regardless of source
accept local_parts = hostmaster
domains =+local_domains
# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out. However, if you'll be telling your senders of blocked
# email to send an email to errors@yourdomain.com, then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.
# accept mail to errors@example.com, regardless of source
# accept local_parts = errors
# domains = example.com
# deny so-called "legal" spammers"
# but do bypass all checking for whitelisted host names
deny message = You may think you're legal but you're still an unwanted spammer
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains
# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.
require verify = sender
# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5
# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.example.com/
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6
deny message = to unblock $sender_host_name see http://www.example.com/
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain
# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
verify = recipient
# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient
# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted
# ACL that is used after the DATA command
check_message:
accept
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default configuration file.
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{smtpauth}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
begin routers
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.
lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more
# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.
# domain_literal:
# driver = ipliteral
# transport = remote_smtp
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).
# Spam Assassin
#spamcheck_director:
# driver = accept
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify
majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo
majordomo_private:
driver = redirect
allow_defer
allow_fail
#condition = "${if eq {$received_protocol} {local} {true} {false} }"
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo
domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify
uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen
userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen
virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true
virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery
virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true
# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim
localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery
# This director matches local user mailboxes.
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a director or a router that
# successfully handles an address.
# Spam Assassin
begin transports
spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!
#majordomo
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/mail/$local_part
group = mail
mode = 0660
return_path_add
user = ${local_part}
## for delivering virtual domains to their own mail spool
virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
## vacation transport
uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {I am on vacation}}"
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once
userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration
Reference in New Issue View Git Blame Copy Permalink