# SpamBlockerTechnology* powered exim.conf, Version 4.2
# 21-May-2013  11:20 (-0700)
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl Dated 28-Mar-2008 or later
# New version 4.2 removes obsolete dnsbl.njabl.org blocklist
# Includes SpamBlockerTechnology blocklists and optimizations:
# http://www.nobaloney.net/downloads/spamblocker/
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# http://www.nobaloney.net
# 
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
# 
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
# 
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
# 
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin (http://www.directadmin.com/)
# 
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
# 
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
# 
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
# 
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
# 
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt
# 
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
# 
# The most recent version of this file may always downloaded from the website
# at: http://www.nobaloney.net/downloads/spamblocker
# 
# MODIFICATION INSTRUCTIONS
# 
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
# 
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt

# CONFIGURATION STARTS HERE

#EDIT#1:
# primary_hostname =

#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
#.include_if_exists /etc/exim.clamav.load.conf

#EDIT#3:
# qualify_domain =

#EDIT#4:
perl_startup = do '/etc/exim.pl'

#EDIT#5:
system_filter = /etc/system_filter.exim

#EDIT#6:
untrusted_set_sender = *

#EDIT#7:
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465

#EDIT#8:
local_from_check = false

#EDIT#9:
message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true
smtp_accept_max_nonmail = 19
smtp_accept_max_per_host = 10
recipients_max = 150
smtp_accept_queue_per_connection = 10
smtp_accept_max_per_connection = 100

#EDIT#10:
helo_allow_chars = _

#EDIT#11:
log_selector = \
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery \
  +arguments

#EDIT#12:
syslog_duplication = false

#EDIT#13:
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = acl_check_recipient
acl_smtp_data = acl_check_message

#EDIT#14:
addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = lsearch;/etc/virtual/skip_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip

#EDIT#15:
#domainlist skip_av_domains = lsearch;/etc/virtual/skip_av_domains

#EDIT#16:
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts

#EDIT#17:
never_users = root

#EDIT#18:
host_lookup = *

#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s

#EDIT#20:
deliver_queue_load_max = 5.0
queue_only_load = 7.5
queue_run_max = 5

#EDIT#21:
ignore_bounce_errors_after = 2d
timeout_frozen_after = 3d

#EDIT#22:
trusted_users = mail:majordomo:apache:diradmin

#EDIT#23:
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *


# Access Control Lists
######################
begin acl

#EDIT#24:
acl_connect:
  accept hosts = *

#EDIT#25:
acl_check_helo:
  # accept mail originating on this server unconditionally
  accept  hosts = @[] : @
  # deny if the HELO pretends to be this host
    deny message = Bad HELO - Host impersonating hostname [$sender_helo_name] 
      condition = ${if or { \
                            {match{$sender_helo_name}{$smtp_active_hostname}} \
                            {eq{$sender_helo_name}{[$interface_address]}} \
                          } {true}{false} }
  # deny if the HELO is an IP address
    deny message = HELO is an IP address (See RFC2821 4.1.3)
         condition   = ${if isip{$sender_helo_name}}
  # deny if the HELO pretends to be one of the domains hosted on the server
    deny message = Bad HELO - Host impersonating domain name [$sender_helo_name]
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts
  accept

#EDIT#26:
acl_check_recipient:
  # block certain well-known exploits, Deny for local domains if
  # local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]
  # restrict port 587 to authenticated users only
  # see also daemon_smtp_ports above
  accept  hosts = +auth_relay_hosts
	  condition = ${if eq {$interface_port}{587} {yes}{no}}
	  endpass
	  message = relay not permitted, authentication required
	  authenticated = *
  # Deny all Mailer-Daemon messages not for us:
  deny message = We didn't send the message
       senders = :
       domains = !+relay_domains

  # Deny if the recipient doesn't exist:
    deny message = No such recipient here
         domains = +local_domains
	 !verify = recipient
  # Remaining Mailer-Daemon messages must be for us
    accept senders = :
	   domains = +relay_domains

#EDIT#27:
  # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
    deny message = R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
         condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  #  deny message = R2: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
  #       !authenticated = *
  #       condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  # 3rd deny makes sure the hostname has no double-dots (invalid)
    deny message = R3: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  #  deny message = R4: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
  #       !authenticated = *
  #       condition  = ${if match{$sender_helo_name}{\N\.home$\N}}

#EDIT#28:
  # warn domains = +skip_av_domains
  # set acl_m0 = $tod_epoch

#EDIT#29:
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

#EDIT#30:
  accept  hosts = :
          logwrite = Whitelisted as having local origination

#EDIT#31:
  accept  sender_domains = +whitelist_domains
         logwrite = $sender_host_address whitelisted in local domains whitelist
  accept  hosts = +whitelist_hosts
         logwrite = $sender_host_address whitelisted in local hosts whitelist
  accept  hosts = +whitelist_hosts_ip
         logwrite = $sender_host_address whitelisted in local hosts IP# whitelist
  # accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders
          logwrite = $sender_host_address whitelisted in local sender whitelist

#EDIT#32:
    deny message = Email blocked by local blacklist
    domains = +use_rbl_domains
    domains = !+skip_rbl_domains
    senders = +blacklist_senders

#EDIT#33:
    deny message = Email blocked by local blacklist
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = +bad_sender_hosts

#EDIT#34:
    deny message = Email blocked by local blacklist
       hosts = +bad_sender_hosts_ip

#EDIT#35:
  accept domains = +local_domains
         dnslists = list.dnswl.org
         logwrite = $sender_host_address whitelisted in list.dnswl.org

#EDIT#36:
  # accept domains = +local_domains
  #        dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  #        logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com

#EDIT#37:
  # accept  local_parts = whitelist
  #         domains     = example.com

#EDIT#38:
  require verify = sender

#EDIT#39:
    deny message = Email blockedby local blacklist
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       sender_domains = +blacklist_domains

#EDIT#40:
    deny message = Forged Paypal Mail, not sent from PayPal.
         senders = *@paypal.com
         condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}

#EDIT#41:
  deny message = Email blocked by $dnslist_domain
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       !authenticated = *
       dnslists = \
       cbl.abuseat.org : \
       bl.spamcop.net : \
       dnsbl.ahbl.org : \
       combined.rbl.msrbl.net : \
       b.barracudacentral.org : \
       zen.spamhaus.org : \
       hostkarma.junkemailfilter.com=127.0.0.2

#EDIT#42:
  deny message = Email blocked by $dnslist_domain
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       !authenticated = *
       dnslists = \
       rhsbl.ahbl.org/$sender_address_domain

#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
  # accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
	  message = "Unknown User"
          verify = recipient
#COMMENT#44
  # accept if address is in a domain for which we relay as long as recipient
  # can be verified
  accept  domains = +relay_domains
          endpass
          verify = recipient

#EDIT#45:
  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  # default at end of acl causes a "deny", but line below will give
  # an explicit error message:
  deny    message = relay not permitted

# ACL that is used after the DATA command (ClamAV)
acl_check_message:

#EDIT#46:
#.include_if_exists /etc/exim.clamav.conf

  ## accept without checking if in skip_av_domains
  # accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}

  ## deny if email contains malformed MIME header
  # deny message = This message contains malformed MIME (malformed_MIME:$demime_reason)
  # demime = *
  # condition = ${if >{$demime_errorlevel}{2}{1}{0}}

  ## deny if email containing virus or other harmful content
  # deny message = This message contains a virus or other harmful content (virus_in_message:$malware_name)
  # demime = *
  # malware = *
 
  ## deny  if email contains an attachment of type we don't accept.
  # deny message = This message contains an attachment of a type which we do not accept (attachment_not_allow:.$found_extension)
  # demime = bat:com:pif:prf:scr:vbs:html
 
  ## Accept but put warning into headers if message over 1000k
  # warn message = X-Antivirus-Scanner: Skipped scanning; size over 1000K. You should use an Antivirus Scanner
  # condition = ${if >={$message_size}{1000k} {1}{0}}
 
  # warn message = X-Antivirus-Scanner: Seems clean.  You should still use an Antivirus Scanner

  ## The end of the acl_check_message acl (ClamAV)
  ## Do NOT comment out the line below or all messages will be denied.
  accept

# AUTHENTICATION CONFIGURATION
##############################
begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{smtpauth}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}}"
    server_set_id = $1

#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here

begin routers
#EDIT#48:

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# RELATED: http://help.directadmin.com/item.php?id=153
# smart_route:
#   driver = manualroute
#   domains = ! +local_domains
#   ignore_target_hosts = 127.0.0.0/8
#   condition = "${perl{check_limits}}"
#   route_list = !+local_domains HOSTNAME-or-IP#
#   transport = remote_smtp

#COMMENT#49:
#DIRECTORS CONFIGURATION

#EDIT#50:
#.include_if_exists /etc/exim.spamassassin.conf
# spamcheck_director:
#   driver = accept
#   condition = "${if and { \
#    {!def:authenticated_id} \
#    {!def:h_X-Spam-Flag:} \
#    {!eq {$received_protocol}{spam-scanned}} \
#    {!eq {$received_protocol}{local}} \
#    {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
#    {<{$message_size}{100k}} \
#    } {1}{0}}"
#  retry_use_local_part
#  transport = spamcheck
#  no_verify

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
  # uservacation reply to all except errors, bounces, lists
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = uservacation
  unseen

userautoreply:
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = userautoreply
  unseen

virtual_aliases_nostar:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  unseen
  #include_domain = true

virtual_user:
  driver = accept
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = virtual_localdelivery

# accept only if local_part is not in the aliases file
# (this implements catch-all)
virtual_aliases:
  driver = redirect
  allow_defer
  allow_fail
  condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  #include_domain = true

#COMMENT#51:
drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true

#COMMENT#52:
userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

#COMMENT#53:
# TRANSPORTS CONFIGURATION
begin transports

#COMMENT#54:
spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix = 
  message_suffix = 
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail

#COMMENT#55:
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

#COMMENT#56:
local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = /home/$local_part/Maildir/
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

#COMMENT#57:
virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

#EDIT#58:
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
	------                                                           ------\n\n\
	This message was automatically generated by email software\n\
	The delivery of your message has not been affected.\n\n\
	------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = 2d

#COMMENT#59:
userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = 2d

#COMMENT#60:
devnull:
  driver = appendfile
  file = /dev/null

#COMMENT#61:
remote_smtp:
  driver = smtp

#EDIT#62:
address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

#COMMENT#63:
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

#COMMENT#64:
address_reply:
  driver = autoreply

#EDIT#65:
# RETRY CONFIGURATION
# Domain               Error       Retries
# ------               -----       -------
begin retry
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration