###################################################################### # MAIN CONFIGURATION SETTINGS FOR EXIM 4.50 3-8-2005 # # /usr/exim/bin/exim -bd -q30m # rm /usr/bin/sendmail # rm /usr/sbin/sendmail # ln -s /usr/exim/bin/exim-4.50-1 /usr/bin/sendmail # ln -s /usr/exim/bin/exim-4.50-1 /usr/sbin/sendmail ###################################################################### hide mysql_servers = localhost/dbname/username/password primary_hostname = mail.captainnet.net # Enter your IP address on the next line and uncomment it. # SERVER_IP = 0.0.0.0 domainlist local_domains = \ ${lookup mysql {SELECT domain FROM domains \ WHERE type="local" and domain="${domain}" }} domainlist relay_to_domains = \ ${lookup mysql {SELECT domain FROM domains \ WHERE type="relay" }} hostlist relay_from_hosts = localhost : 127.0.0.1 never_users = root # host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 30s auto_thaw = 1h ignore_bounce_errors_after = 2h timeout_frozen_after = 14h message_size_limit = 50M bounce_return_message = false # return_size_limit = 50K # smtp_accept_queue_per_connection = 100 smtp_accept_max = 40 smtp_accept_reserve = 10 smtp_reserve_hosts = 127.0.0.1 smtp_accept_queue = 35 smtp_accept_max_per_host = 5 smtp_accept_max_nonmail = 10 system_filter = /usr/exim/system_filter.exim smtp_banner = "$primary_hostname ESMTP Exim $version_number $tod_full" #tls_advertise_hosts = * #tls_certificate = /some/file/name #tls_privatekey = /some/file/name acl_smtp_rcpt = acl_check_rcpt acl_smtp_mime = acl_check_mime acl_smtp_data = acl_check_data spamd_address = 127.0.0.1 783 av_scanner = clamd:127.0.0.1 3310 helo_allow_chars = _ # MAILMAN_HOME=/usr/share/mailman # MAILMAN_WRAP=MAILMAN_HOME/mail/mailman # MAILMAN_USER=mailman # MAILMAN_GROUP=mailman ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl ###################################################################### acl_check_rcpt: accept hosts = : deny local_parts = ^.*[@%!/|] deny senders = \ ${lookup mysql{SELECT sender FROM deny_sender \ WHERE '$sender_address' rlike sender} \ {$sender_address}} message = Not accepted from $sender_address require verify = sender drop condition = ${if match{$sender_helo_name}{SERVER_IP}{yes}{no} } message = "Dropped spammer pretending to be us" drop condition = ${if match{$sender_helo_name}{^[0-9]\.[0-9]\.[0-9]\.[0-9]}{yes}{no} } message = "Dropped IP-only or IP-starting helo" drop hosts = net-lsearch;/usr/exim/reject-hosts.txt : \ net24-lsearch;/usr/exim/reject-hosts.txt message = Connection Denied for $sender_host_address drop message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count condition = ${if = {${eval:$rcpt_fail_count}}{1}{yes}{no}} delay = 3m drop message = Recipient unknown !verify = recipient delay = ${eval: ($rcpt_fail_count + 1) * 1}m accept local_parts = postmaster domains = +local_domains #-------------------------------------------------------------------------------- # Uncomment the following if you want to check against RBL #-------------------------------------------------------------------------------- deny message = $sender_host_address is listed at $dnslist_domain hosts = !+relay_from_hosts !authenticated = * dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net : dnsbl.ahbl.org # / korea.services.net : china.blackholes.us : russia.blackholes.us #-------------------------------------------------------------------------------- accept authenticated = * accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains endpass message = unrouteable address verify = recipient accept hosts = +relay_from_hosts deny message = authentication required - relay not permitted ###################################################################### acl_check_mime: deny message = File type unacceptable (filename: $mime_filename) condition = ${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{/usr/exim/rejected_file_type}{yes}{no}} accept ###################################################################### acl_check_data: # Any hosts and authenticated clients listed here will not be scanned by SpamAssassin & ClamAV accept hosts = 127.0.0.1:+relay_from_hosts accept authenticated = * # Reject virus infested messages. deny message = This message contains malware ($malware_name) malware = * # Reject messages containing "viagra" in all kinds of whitespace/case combinations deny message = This message matches a blacklisted regular expression ($regex_match_string) regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa] : Rolex : Pharmacy # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings # (user "nobody"), no matter if over threshold or not. warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true warn message = X-Spam-Report: $spam_report spam = nobody:true warn message = X-New-Subject: [***SPAM***] $h_subject: spam = nobody warn message = X-Virus-Scanned: Scanned with Clam AntiVirus spam = nobody:true warn message = X-Spam-Flag: YES spam = nobody ###################################################################### # Reject spam messages with score over 10, using an extra condition. # (Keep in mind that $spam_score_int is the messages score # multiplied by ten). ###################################################################### # deny message = This message scored $spam_score points. Congratulations! # spam = nobody:true # condition = ${if >{$spam_score_int}{100}{1}{0}} # finally accept all the rest accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more # mailman_router: # driver = accept # require_files = MAILMAN_HOME/lists/$local_part/config.pck # local_part_suffix_optional # local_part_suffix = -bounces : -bounces+* : \ # -confirm+* : -join : -leave : \ # -owner : -request : -admin # transport = mailman_transport mysql_sys_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='${local_part}' AND type="system"}} mysql_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='${local_part}@${domain}' AND type="site"}} #-------------------------------------------------------------------------------- vacation_director: driver = accept domains = ${lookup mysql {SELECT domain from passwd WHERE \ domain='${quote_mysql:$domain}' AND \ user='${quote_mysql:$local_part}' AND \ vacation_start <= curdate() AND \ vacation_end >= curdate()}\ {$value}} no_verify senders = !^.*-request@.* : !^owner-.*@.* : !^postmaster@.* : \ ! ^listmaster@.* : !^mailer-daemon@.* transport = vacation_autoreply unseen #-------------------------------------------------------------------------------- mysql_user: driver = accept condition = ${if eq{} {${lookup mysql {SELECT home FROM passwd \ WHERE id='${local_part}@${domain}'}}} {no}{yes}} retry_use_local_part transport=mysql_delivery mysql_catchall: driver = redirect allow_fail allow_defer data = ${lookup mysql {SELECT dest FROM aliases \ WHERE email='*@${domain}' AND \ type="site"}} ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports remote_smtp: driver = smtp mysql_delivery: driver = appendfile maildir_format directory = \ /var/mail/${lookup mysql{SELECT maildir \ FROM passwd WHERE id='${local_part}@${domain}'}} delivery_date_add #envelope_to_add = true #return_path_add = true maildir_tag = ,S=$message_size quota = \ "${lookup mysql{SELECT quota FROM passwd WHERE \ user = '$local_part' AND domain = '$domain'}{${value}M}}" quota_is_inclusive = false quota_size_regex = S=(\d+): quota_warn_threshold = 75% quota_warn_message = "\ To: $local_part@$domain\n\ Subject: Mailbox quota warning\n\n\ This message was automatically generated by the mail delivery software.\n\n\ You are now using over 75% of your allocated mail storage quota.\n\n\ If your mailbox fills completely, further incoming messages will be automatically\n\ returned to their senders.\n\n\ Please take note of this and remove unwanted mail from your mailbox.\n" user = 100 group = 100 # headers_add # message_prefix # mode # mailman_transport: # driver = pipe # command = MAILMAN_WRAP \ # '${if def:local_part_suffix \ # {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ # {post}}' \ # $local_part # current_directory = MAILMAN_HOME # home_directory = MAILMAN_HOME # user = MAILMAN_USER # group = MAILMAN_GROUP #-------------------------------------------------------------------------------- vacation_autoreply: driver = autoreply to = ${sender_address} from = "${local_part}@${domain}" log = /var/spool/exim/log/exim_vacation.log once =/var/spool/exim/db/vacation.db once_repeat = 1d subject = "AUTO REPLY FROM ${local_part}@${domain}" text = ${lookup mysql {SELECT vacation_message FROM passwd \ WHERE domain='${quote_mysql:$domain}' AND \ user='${quote_mysql:$local_part}'}{$value}} #-------------------------------------------------------------------------------- ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # Domain Error Retries # ------ ----- ------- * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,6h ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators cram_md5: driver = cram_md5 public_name = CRAM-MD5 server_secret = \ ${lookup mysql{SELECT clear FROM passwd \ WHERE id='$1'}{$value}fail} server_set_id = $1 plain_login: driver = plaintext public_name = PLAIN server_condition = \ ${lookup mysql{SELECT if(count(*), "1", "0") \ FROM passwd WHERE id = '${quote_mysql:$2}' and \ clear = '${quote_mysql:$3}'}} server_set_id = $2 fixed_login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = \ ${lookup mysql{SELECT if(count(*), "1", "0") \ FROM passwd WHERE id = '${quote_mysql:$1}' and \ clear = '${quote_mysql:$2}'}} server_set_id = $1 # End of Exim configuration file