# /usr/exim/bin/exim -bd -q30m ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### hide mysql_servers = localhost/dbname/username/password primary_hostname = mail.captainnet.net domainlist local_domains = \ ${lookup mysql {SELECT domain FROM domains \ WHERE type="local" and domain="${domain}" }} domainlist relay_to_domains = \ ${lookup mysql {SELECT domain FROM domains \ WHERE type="relay" }} hostlist relay_from_hosts = localhost : 127.0.0.1 never_users = root # host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 30s auto_thaw = 1h ignore_bounce_errors_after = 2h timeout_frozen_after = 14h message_size_limit = 20M bounce_return_message = false # return_size_limit = 50K # smtp_accept_queue_per_connection = 100 smtp_accept_max = 40 smtp_accept_reserve = 10 smtp_reserve_hosts = 127.0.0.1 smtp_accept_queue = 35 smtp_accept_max_per_host = 5 smtp_accept_max_nonmail = 10 system_filter = /usr/exim/system_filter.exim smtp_banner = "$primary_hostname ESMTP Exim $version_number $tod_full" acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data spamd_address = 127.0.0.1 783 av_scanner = clamd:127.0.0.1 3310 helo_allow_chars = _ # MAILMAN_HOME=/usr/share/mailman # MAILMAN_WRAP=MAILMAN_HOME/mail/mailman # MAILMAN_USER=mailman # MAILMAN_GROUP=mailman ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl acl_check_rcpt: accept hosts = : deny local_parts = ^.*[@%!/|] deny senders = \ ${lookup mysql{SELECT sender FROM deny_sender \ WHERE '$sender_address' rlike sender} \ {$sender_address}} message = Not accepted from $sender_address drop hosts = net-lsearch;/usr/exim/reject-hosts.txt : \ net24-lsearch;/usr/exim/reject-hosts.txt message = Connection Denied for $sender_host_address drop message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count condition = ${if = {${eval:$rcpt_fail_count}}{1}{yes}{no}} delay = 3m drop message = Recipient unknown !verify = recipient delay = ${eval: ($rcpt_fail_count + 1) * 1}m accept local_parts = postmaster domains = +local_domains accept authenticated = * accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains endpass message = unrouteable address verify = recipient accept hosts = +relay_from_hosts deny message = authentication required - relay not permitted acl_check_data: # Any hosts and authenticated clients listed here will not be scanned by SpamAssassin accept hosts = 127.0.0.1:+relay_from_hosts accept authenticated = * # First unpack MIME containers and reject serious errors. # deny message = This message contains a MIME error ($demime_reason) # demime = * # condition = ${if >{$demime_errorlevel}{2}{1}{0}} # Reject typically wormish file extensions. There is almost no # sense in sending such files by email. deny message = This message contains an unwanted file extension ($found_extension) demime = scr:com:vbs:bat:lnk:pif:exe # # If the message contains SCR or PIF we want to Log this # warn log_message = DISCARD: ATTACHMENT ($found_extension) # demime = scr:com:vbs:bat:lnk:pif:exe # control = fakereject # discard demime = scr:com:vbs:bat:lnk:pif:exe ## Reject virus infested messages. deny message = This message contains malware ($malware_name) demime = * malware = * # Reject messages containing "viagra" in all kinds of whitespace/case combinations # WARNING: this is an example ! deny message = This message matches a blacklisted regular expression ($regex_match_string) regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa] : Prescription : Pharmacy # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings # (user "nobody"), no matter if over threshold or not. warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true warn message = X-Spam-Report: $spam_report spam = nobody:true warn message = X-New-Subject: [***SPAM***] $h_subject: spam = nobody warn message = X-Virus-Scanned: Scanned with Clam AntiVirus spam = nobody:true # Add X-Spam-Flag if spam is over system-wide threshold warn message = X-Spam-Flag: YES spam = nobody #################################################################### # Reject spam messages with score over 10, using an extra condition. # (Keep in mind that $spam_score_int is the messages score # multiplied by ten). #################################################################### # deny message = This message scored $spam_score points. Congratulations! # spam = nobody:true # condition = ${if >{$spam_score_int}{100}{1}{0}} # finally accept all the rest accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24 no_more # mailman_router: # driver = accept # require_files = MAILMAN_HOME/lists/$local_part/config.pck # local_part_suffix_optional # local_part_suffix = -bounces : -bounces+* : \ # -confirm+* : -join : -leave : \ # -owner : -request : -admin # transport = mailman_transport mysql_sys_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='${local_part}' AND type="system"}} mysql_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='${local_part}@${domain}' AND type="site"}} mysql_user: driver = accept condition = ${if eq{} {${lookup mysql {SELECT home FROM passwd \ WHERE id='${local_part}@${domain}'}}} {no}{yes}} retry_use_local_part transport=mysql_delivery mysql_catchall: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='*@${domain}' AND \ type="site"}} ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports remote_smtp: driver = smtp mysql_delivery: driver = appendfile maildir_format directory = \ /var/mail/${lookup mysql{SELECT maildir \ FROM passwd WHERE id='${local_part}@${domain}'}} delivery_date_add #envelope_to_add = true #return_path_add = true maildir_tag = ,S=$message_size quota = \ "${lookup mysql{SELECT quota FROM passwd WHERE \ user = '$local_part' AND domain = '$domain'}{${value}M}}" quota_is_inclusive = false quota_size_regex = S=(\d+): quota_warn_threshold = 75% quota_warn_message = "\ To: $local_part@$domain\n\ Subject: Mailbox quota warning\n\n\ This message was automatically generated by the mail delivery software.\n\n\ You are now using over 75% of your allocated mail storage quota.\n\n\ If your mailbox fills completely, further incoming messages will be automatically\n\ returned to their senders.\n\n\ Please take note of this and remove unwanted mail from your mailbox.\n" user = 100 group = 100 # headers_add # message_prefix # mode # mailman_transport: # driver = pipe # command = MAILMAN_WRAP \ # '${if def:local_part_suffix \ # {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ # {post}}' \ # $local_part # current_directory = MAILMAN_HOME # home_directory = MAILMAN_HOME # user = MAILMAN_USER # group = MAILMAN_GROUP ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # Domain Error Retries # ------ ----- ------- * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators cram_md5: driver = cram_md5 public_name = CRAM-MD5 server_secret = \ ${lookup mysql{SELECT clear FROM passwd \ WHERE id='$1'}{$value}fail} server_set_id = $1 plain_login: driver = plaintext public_name = PLAIN server_condition = \ ${lookup mysql{SELECT if(count(*), "1", "0") \ FROM passwd WHERE id = '${quote_mysql:$2}' and \ clear = '${quote_mysql:$3}'}} server_set_id = $2 fixed_login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = \ ${lookup mysql{SELECT if(count(*), "1", "0") \ FROM passwd WHERE id = '${quote_mysql:$1}' and \ clear = '${quote_mysql:$2}'}} server_set_id = $1 # End of Exim configuration file