# SpamBlockerTechnology* powered exim.conf, Version 4.2
# 21-May-2013 11:20 (-0700)
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl Dated 28-Mar-2008 or later
# New version 4.2 removes obsolete dnsbl.njabl.org blocklist
# Includes SpamBlockerTechnology blocklists and optimizations:
# http://www.nobaloney.net/downloads/spamblocker/
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# http://www.nobaloney.net
#
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
#
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
#
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
#
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin (http://www.directadmin.com/)
#
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
#
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
#
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
#
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
#
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt
#
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
#
# The most recent version of this file may always downloaded from the website
# at: http://www.nobaloney.net/downloads/spamblocker
#
# MODIFICATION INSTRUCTIONS
#
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
#
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt
# CONFIGURATION STARTS HERE
#EDIT#1:
# primary_hostname =
#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
#.include_if_exists /etc/exim.clamav.load.conf
#EDIT#3:
# qualify_domain =
#EDIT#4:
perl_startup = do '/etc/exim.pl'
#EDIT#5:
system_filter = /etc/system_filter.exim
#EDIT#6:
untrusted_set_sender = *
#EDIT#7:
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465
#EDIT#8:
local_from_check = false
#EDIT#9:
message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true
smtp_accept_max_nonmail = 19
smtp_accept_max_per_host = 10
recipients_max = 150
smtp_accept_queue_per_connection = 10
smtp_accept_max_per_connection = 100
#EDIT#10:
helo_allow_chars = _
#EDIT#11:
log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery \
+arguments
#EDIT#12:
syslog_duplication = false
#EDIT#13:
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = acl_check_recipient
acl_smtp_data = acl_check_message
#EDIT#14:
addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = lsearch;/etc/virtual/skip_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
#EDIT#15:
#domainlist skip_av_domains = lsearch;/etc/virtual/skip_av_domains
#EDIT#16:
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts
#EDIT#17:
never_users = root
#EDIT#18:
host_lookup = *
#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s
#EDIT#20:
deliver_queue_load_max = 5.0
queue_only_load = 7.5
queue_run_max = 5
#EDIT#21:
ignore_bounce_errors_after = 2d
timeout_frozen_after = 3d
#EDIT#22:
trusted_users = mail:majordomo:apache:diradmin
#EDIT#23:
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *
# Access Control Lists
######################
begin acl
#EDIT#24:
acl_connect:
accept hosts = *
#EDIT#25:
acl_check_helo:
# accept mail originating on this server unconditionally
accept hosts = @[] : @
# deny if the HELO pretends to be this host
deny message = Bad HELO - Host impersonating hostname [$sender_helo_name]
condition = ${if or { \
{match{$sender_helo_name}{$smtp_active_hostname}} \
{eq{$sender_helo_name}{[$interface_address]}} \
} {true}{false} }
# deny if the HELO is an IP address
deny message = HELO is an IP address (See RFC2821 4.1.3)
condition = ${if isip{$sender_helo_name}}
# deny if the HELO pretends to be one of the domains hosted on the server
deny message = Bad HELO - Host impersonating domain name [$sender_helo_name]
condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
hosts = ! +relay_hosts
accept
#EDIT#26:
acl_check_recipient:
# block certain well-known exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{587} {yes}{no}}
endpass
message = relay not permitted, authentication required
authenticated = *
# Deny all Mailer-Daemon messages not for us:
deny message = We didn't send the message
senders = :
domains = !+relay_domains
# Deny if the recipient doesn't exist:
deny message = No such recipient here
domains = +local_domains
!verify = recipient
# Remaining Mailer-Daemon messages must be for us
accept senders = :
domains = +relay_domains
#EDIT#27:
# 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
deny message = R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
!authenticated = *
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
# deny message = R2: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
# !authenticated = *
# condition = ${if match{$sender_helo_name}{\N\.$\N}}
# 3rd deny makes sure the hostname has no double-dots (invalid)
deny message = R3: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
!authenticated = *
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
## 4th deny make sure the hostname doesn't end in .home (invalid domain)
# deny message = R4: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
# !authenticated = *
# condition = ${if match{$sender_helo_name}{\N\.home$\N}}
#EDIT#28:
# warn domains = +skip_av_domains
# set acl_m0 = $tod_epoch
#EDIT#29:
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
#EDIT#30:
accept hosts = :
logwrite = Whitelisted as having local origination
#EDIT#31:
accept sender_domains = +whitelist_domains
logwrite = $sender_host_address whitelisted in local domains whitelist
accept hosts = +whitelist_hosts
logwrite = $sender_host_address whitelisted in local hosts whitelist
accept hosts = +whitelist_hosts_ip
logwrite = $sender_host_address whitelisted in local hosts IP# whitelist
# accept if envelope sender is in whitelist
accept senders = +whitelist_senders
logwrite = $sender_host_address whitelisted in local sender whitelist
#EDIT#32:
deny message = Email blocked by local blacklist
domains = +use_rbl_domains
domains = !+skip_rbl_domains
senders = +blacklist_senders
#EDIT#33:
deny message = Email blocked by local blacklist
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
domains = !+skip_rbl_domains
hosts = +bad_sender_hosts
#EDIT#34:
deny message = Email blocked by local blacklist
hosts = +bad_sender_hosts_ip
#EDIT#35:
accept domains = +local_domains
dnslists = list.dnswl.org
logwrite = $sender_host_address whitelisted in list.dnswl.org
#EDIT#36:
# accept domains = +local_domains
# dnslists = hostkarma.junkemailfilter.com=127.0.0.1
# logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com
#EDIT#37:
# accept local_parts = whitelist
# domains = example.com
#EDIT#38:
require verify = sender
#EDIT#39:
deny message = Email blockedby local blacklist
domains = +use_rbl_domains
domains = !+skip_rbl_domains
sender_domains = +blacklist_domains
#EDIT#40:
deny message = Forged Paypal Mail, not sent from PayPal.
senders = *@paypal.com
condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}
#EDIT#41:
deny message = Email blocked by $dnslist_domain
hosts = !+relay_hosts
domains = +use_rbl_domains
domains = !+skip_rbl_domains
!authenticated = *
dnslists = \
cbl.abuseat.org : \
bl.spamcop.net : \
dnsbl.ahbl.org : \
combined.rbl.msrbl.net : \
b.barracudacentral.org : \
zen.spamhaus.org : \
hostkarma.junkemailfilter.com=127.0.0.2
#EDIT#42:
deny message = Email blocked by $dnslist_domain
hosts = !+relay_hosts
domains = +use_rbl_domains
domains = !+skip_rbl_domains
!authenticated = *
dnslists = \
rhsbl.ahbl.org/$sender_address_domain
#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
message = "Unknown User"
verify = recipient
#COMMENT#44
# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify = recipient
#EDIT#45:
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted
# ACL that is used after the DATA command (ClamAV)
acl_check_message:
#EDIT#46:
#.include_if_exists /etc/exim.clamav.conf
## accept without checking if in skip_av_domains
# accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}
## deny if email contains malformed MIME header
# deny message = This message contains malformed MIME (malformed_MIME:$demime_reason)
# demime = *
# condition = ${if >{$demime_errorlevel}{2}{1}{0}}
## deny if email containing virus or other harmful content
# deny message = This message contains a virus or other harmful content (virus_in_message:$malware_name)
# demime = *
# malware = *
## deny if email contains an attachment of type we don't accept.
# deny message = This message contains an attachment of a type which we do not accept (attachment_not_allow:.$found_extension)
# demime = bat:com:pif:prf:scr:vbs:html
## Accept but put warning into headers if message over 1000k
# warn message = X-Antivirus-Scanner: Skipped scanning; size over 1000K. You should use an Antivirus Scanner
# condition = ${if >={$message_size}{1000k} {1}{0}}
# warn message = X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
## The end of the acl_check_message acl (ClamAV)
## Do NOT comment out the line below or all messages will be denied.
accept
# AUTHENTICATION CONFIGURATION
##############################
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{smtpauth}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1
#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here
begin routers
#EDIT#48:
lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more
# RELATED: http://help.directadmin.com/item.php?id=153
# smart_route:
# driver = manualroute
# domains = ! +local_domains
# ignore_target_hosts = 127.0.0.0/8
# condition = "${perl{check_limits}}"
# route_list = !+local_domains HOSTNAME-or-IP#
# transport = remote_smtp
#COMMENT#49:
#DIRECTORS CONFIGURATION
#EDIT#50:
#.include_if_exists /etc/exim.spamassassin.conf
# spamcheck_director:
# driver = accept
# condition = "${if and { \
# {!def:authenticated_id} \
# {!def:h_X-Spam-Flag:} \
# {!eq {$received_protocol}{spam-scanned}} \
# {!eq {$received_protocol}{local}} \
# {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
# {<{$message_size}{100k}} \
# } {1}{0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify
majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo
majordomo_private:
driver = redirect
allow_defer
allow_fail
#condition = "${if eq {$received_protocol} {local} {true} {false} }"
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo
domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
group = "mail"
file = /etc/virtual/${domain}/filter
directory_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify
uservacation:
# uservacation reply to all except errors, bounces, lists
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = uservacation
unseen
userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = userautoreply
unseen
virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true
virtual_user:
driver = accept
condition = ${perl{save_virtual_user}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery
# accept only if local_part is not in the aliases file
# (this implements catch-all)
virtual_aliases:
driver = redirect
allow_defer
allow_fail
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true
#COMMENT#51:
drop_solo_alias:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
file_transport = devnull
group = mail
pipe_transport = devnull
retry_use_local_part
#include_domain = true
#COMMENT#52:
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim
localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery
#COMMENT#53:
# TRANSPORTS CONFIGURATION
begin transports
#COMMENT#54:
spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
#COMMENT#55:
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo
#COMMENT#56:
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = /home/$local_part/Maildir/
directory_mode = 770
create_directory = true
maildir_format
group = mail
mode = 0660
return_path_add
user = ${local_part}
#COMMENT#57:
virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
maildir_format
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
#EDIT#58:
uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
user = mail
once = /etc/virtual/${domain}/reply/${local_part}.once
once_file_size = 100K
once_repeat = 2d
#COMMENT#59:
userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${sender_address}"
user = mail
once = /etc/virtual/${domain}/reply/${local_part}.once
once_file_size = 100K
once_repeat = 2d
#COMMENT#60:
devnull:
driver = appendfile
file = /dev/null
#COMMENT#61:
remote_smtp:
driver = smtp
#EDIT#62:
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
#COMMENT#63:
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
#COMMENT#64:
address_reply:
driver = autoreply
#EDIT#65:
# RETRY CONFIGURATION
# Domain Error Retries
# ------ ----- -------
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration