hide mysql_servers = localhost::(/var/lib/mysql/mysql.sock)/exim/sqlmail/password local_interfaces = 127.0.0.1 : 10.23.3.30 daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 tls_advertise_hosts = * tls_certificate = /var/lib/ssl/certs/exim.pem tls_privatekey = /var/lib/ssl/private/exim.pem domainlist local_domains = ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND \ (type='LOCAL' OR type='VIRTUAL')}} domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \ WHERE domain='${domain}' AND type='RELAY'}} hostlist relay_from_hosts = 127.0.0.1 acl_smtp_rcpt = acl_check_rcpt av_scanner = clamd:/var/lib/clamav/clamd.socket never_users = root host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d helo_allow_chars = _ accept_8bitmime = true smtp_accept_max = 80 smtp_accept_max_per_host = 8 print_topbitchars = true ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. acl_check_rcpt: # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by # testing for an empty sending host field. accept hosts = : accept domains = ${lookup mysql{SELECT domain from whitelist \ WHERE domain='${sender_address_domain}' AND status='1'}} warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}} warn set acl_c1 = false warn domains = +relay_to_domains : +local_domains !senders = !hosts = +relay_from_hosts # !authenticated = * condition = ${if \ or { {match {$sender_host_name} {[0-9]} } {match {$sender_host_name} {[a-z]} } }{yes}{no} } # or{ {match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\ # # {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\ # # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\ # # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\ # # {match{$sender_host_name}{\N\.*(dhcp|dialup|ppp|[achrsvx]?dsl)\.*\N}}}{yes}{no}} # condition = ${if # or{{match{$sender_host_name}{\N^[^.]*[0-9][^0-9.]+[0-9]$\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]{5}$\N}}\ # {match{$sender_host_name}{\N^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]-[0-9]\N}}\ # {match{$sender_host_name}{\N^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\.\N}}\ # {match{$sender_host_name}{\N^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]\N}}}{yes}{no}} set acl_c1 = true warn condition = ${if or{{= {$host_lookup_deferred}{1}} \ {= {$host_lookup_failed}{1}}}} set acl_c1 = true defer message = Greylisting in effect, please try again later. log_message = greylisted. condition = ${if eq{$acl_c1}{true}} condition = ${if eq{$acl_m2}{0}{1}} condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}} defer message = Greylisting in effect, retry time not reached, please try again later. log_message = greylisted. condition = ${if eq{$acl_c1}{true}} condition = ${if eq{$acl_m2}{1}{1}} deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains require verify = sender accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission accept domains = +local_domains endpass verify = recipient accept domains = +relay_to_domains endpass verify = recipient deny message = relay not permitted acl_check_mime: # Just decode MIME parts to disk. warn decode = default accept acl_check_content: # Reject virus infested messages. deny message = This message contains malware ($malware_name) malware = * # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings # (user "mail"), no matter if over threshold or not. warn message = X-Spam-Score: $spam_score ($spam_bar) spam = mail:true warn message = X-Spam-Report: $spam_report spam = mail:true # Add X-Spam-Flag if spam is over system-wide threshold warn message = X-Spam-Flag: YES spam = mail # Reject spam messages with score over 10, using an extra condition. deny message = This message scored $spam_score points. Congratulations! spam = mail:true condition = ${if >{$spam_score_int}{100}{1}{0}} # finally accept all the rest accept begin routers lan: driver = manualroute domains = ! localdomain.local route_list = localdomain.local transport = remote_smtp dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM aliases \ WHERE local_part='${local_part}' AND domain='${domain}'}} file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM userforward \ WHERE local_part='${local_part}' AND domain='${domain}'}} file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply virtual_localuser: driver = accept domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}} local_parts = ${lookup mysql{SELECT login from users \ WHERE login='${local_part}' AND domain='${domain}' AND status='1' }} transport = local_delivery localuser: driver = accept check_local_user local_part_suffix = +* : -* local_part_suffix_optional transport = local_delivery cannot_route_message = Unknown user begin transports remote_smtp: driver = smtp local_delivery: driver = appendfile check_string = "" create_directory delivery_date_add directory = /var/mail/$domain/$local_part directory_mode = 770 envelope_to_add # user = virtmail user = mail group = mail maildir_format maildir_tag = ,S=$message_size message_prefix = "" message_suffix = "" mode = 0660 quota = ${lookup mysql{SELECT quota FROM users \ WHERE login='${local_part}' AND domain='${domain}'}{${value}M}} quota_size_regex = S=(\d+)$ quota_warn_threshold = 75% return_path_add address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite begin authenticators # greylisting shizzle GREYLIST_TEST = SELECT CASE \ WHEN now() - block_expires > 0 THEN 2 \ ELSE 1 \ END \ FROM greylist \ WHERE relay_ip = '${quote_mysql:$sender_host_address}' \ AND from_sender = '${quote_mysql:$sender_address}'\ AND rcpt_to = '${quote_mysql:$local_part@$domain}' GREYLIST_ADD = INSERT INTO greylist (relay_ip, from_sender, rcpt_to, \ block_expires, record_expires, create_time) \ VALUES ( '${quote_mysql:$sender_host_address}', \ '${quote_mysql:$sender_address}', '${quote_mysql:$local_part@$domain}', \ DATE_ADD(now(), INTERVAL 5 MINUTE), \ DATE_ADD(now(), INTERVAL 7 DAY), \ now() \ ) # End of Exim configuration file