###################################################################### # Runtime configuration file for Exim # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # WARNING! Be sure to back up your previous exim.conf file before # # attempting to use this exim.conf file. # # # # Do may not use this exim.conf Exim configuration file unless you # # make the required modifications to your Exim configuration # # following the instructions found below, in the section marked # # "MODIFICATION INSTRUCTIONS". # # # # This is version "RSS-1.0da" of the exim.conf file as distributed # # by nobaloney.net. # # # # The "RSS" stands for "Really Stop Spam", as the author believes # # this distribution of the exim.conf file will Really Stop Spam. # # Note that "Really Stop Spam" is both a trademark and a service # # mark of nobaloney.net. # # # # The "da" stands for DirectAdmin as this distribution of the # # exim.conf file is specific to the DirectAdmin control panel # # installation. More information about DirectAdmin may be found at # # http://www.directadmin.com. # # # # This Exim configuration file has been modified from the original # # as distributed with Exim 4. The modifications have been made by: # # # # Jeff Lasman # # nobaloney.net # # P. O. Box 52672 # # Riverside, CA 92517 # # info@nobaloney.net # # (909) 324-9706 # # # # Note that neither nobaloney.net nor Jeff Lasman have any # # affiliation with DirectAdmin. # # # ###################################################################### # # # The most recent version of this distribution may always be # # downloaded from the website at # # # # http://www.nobaloney.net/exim/exim.conf.spamblocked # # # ###################################################################### # # # Portions of this file are taken from the exim.conf file as # # distributed with Exim 4, which includes the following copyright # # notice: # # # # Copyright © 2002 University of Cambridge, Cambridge, UK # # # # Portions of this file are taken from the exim.conf file as # # distributed with DirectAdmin (http://www.directadmin.com/), # # # # © 2003 JBMC Software, St Albert, AB, Canada # # # # Portions of this file are written by Jeff Lasman, of # # nobaloney.net and are copyright as follows: # # # # Copyright © 2004 nobaloney.net, Riverside, Calif., USA # # # # The entire Exim 4 distribution, including this file, is # # distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, # # June 1991. If you do not have a copy of the GNU GENERAL # # PUBLIC LICENSE you may download it, in it's entirety, from # # the website at # # # # http://www.nobaloney.net/exim/gnu-gpl-v2.txt # # # ###################################################################### # # # This file is divided into several parts, all but the first of # # which are# headed by a line starting with the word "begin". Only # # those parts that are required need to be present. Blank lines, and # # lines starting with # are ignored. # # # ######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ######## # # # Whenever you change Exim's configuration file, you *must* remember # # to HUP the Exim daemon, because it will not pick up the new # # configuration until you do. However, any other Exim processes that # # are started, for example, a process started by an MUA in order to # # send a message, will see the new configuration as soon as it is in # # place. # # # # You do not need to HUP the daemon for changes in auxiliary files # # that are referenced from this file. They are read every time they # # are used. # # # # It is usually a good idea to test a new configuration for # # syntactic correctness before installing it (for example, by # # running the command "exim -C /config/file.new -bV"). # # # ### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ### # # # YOU MUST MAKE THE FOLLOWING CHANGES TO DIRECTADMIN: # # 1) Add a file /etc/virtual/blacklist_domains # # This file should contain the domain names of so-called legal # # spammers and other spam sources that do not always get caught # # by blocklists, but that, nevertheless, you do not want to be # # able to send spam to your domains on your server for which # # you've enabled spamblocking. # # # # 2) Add a file /etc/virtual/whitelist_from # # This file should contain the fully-qualified hostnames or IP#s # # of servers that you DO want to be able to get email from even # # if they're otherwise caught by blocklists. Your own domain # # need not be listed here to enable you to get unblock requests, # # whitelisting of email to your "errors" address will be handled # # separately, below. # # # # 3) Add a file /etc/virtual/use_rbl_domains # # This is a list of domains on your server that want spamblocking # # to be used for them so they won't get spam. Spam will not be # # blocked for any domains on your server unless they're listed # # in this file. Note that the domain names in this file should # # follow the same format as the domain names in the # # /etc/virtual/domains file. You may just copy the domains file # # to this file if you wish to use spamblocking for all your # # domains but we recommend giving your domain users a choice. # # # # Note that the above files should have the same ownership and # # permissions as /etc/virtual/domains. Normally this should be: # # owner = mail, group = mail, chmod 644. # # # # YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO YOUR WEBISTE: # # # # Note that if anyone is blocked while trying to send you a # # legitimate (non-spam) email, the "non-delivery" message they'll # # get will include a reference to a webpage where they'll need to # # vist to get their email addressed unblocked. You should create # # such a webpage before you implement this file. The webpage may # # include either a form for them to send you the information you # # need to unblock them, or instructions for them to email you so you # # can unblock them. # # # # You'll need the full name of their server to unblock them, by # # putting the server name into the /etc/virtual/whitelist_from # # file. There are two ways you can get this information: # # # # 1) You can create a form that will ask them for the address # # they're trying to reach, the address they're sending the email # # from, and the canonical name of their email server. Since they # # may not know the name of their email server, this must be # # optional, and if they leave it blank you'll have to find their # # attempt to send email in your exim /var/log/exim/rejectlog file # # and get the name of the server from there. # # # # 2) You can ask them to send you an email from the same address # # that they were blocked from, but to (for example) # # "errors@example.com" (but changing it to an address you want to # # use, at one of your domains). When they send you the email you # # should be able to find the name of their server in the headers # # of the incoming email. # # # # Either way, you'll need to put the canonical name of their # # nameserver into your /etc/virtual/whitelist_from file. # # # # You won't use the name they're sending email to for any purpose, # # except possibly to verify the attempt in your # # /var/log/exim/rejectlog file. It's really just a "red-herring" so # # no one will just send you their email address and server name so # # they can then spam your users. # # # # YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO THIS FILE: # # # # Wherever you find the domain name "example.com" you must make # # changes to customize this file for your server. If you leave # # the sample "example.com" domain in this file then you will most # # likely get false positives hits as spam and you will not notify # # the senders how to be unblocked. # # # # YOU MUST change "example.com" to the domain name you'll be using # # for an explanation website for anyone who gets blocked who # # shouldn't be blocked (see notes above). # # # # Additionally, wherever "example.com" is used in an error message # # being sent because an email is blocked, you should make sure that # # the domain name includes any optional page you want senders to be # # sent to in order to get themselves unblocked. # # # ######## OPTIONAL MODIFICATIONS ###### OPTIONAL MODIFICATIONS ######## # # # Optional modifications are marked below as: # # # OPTIONAL MODIFICATIONS # # # # Check below for any optional modifications you wish to make to # # this exim.conf file before installing it. # # # # Any settings below should not be commented out, uncommented, or # # changed, unless they're marked with the OPTIONAL MODIFICATIONS # # line unless you're sure what you are doing or you may break your # # exim server configuration. # # Should you break your exim configuration you should reinstall your # # exim.conf file from scratch, either from a backup of the file you # # used previously, or from one newly downloaded from our site (see # # above) or from DirectAdmin. # # # ###################################################################### # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. In many cases this does # the right thing and you need not set anything explicitly. # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # the next line is required to start the smtp auth script included # in DirectAdmin perl_startup = do '/etc/exim.pl' # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter = /etc/system_filter.exim # SET SOME MEANINGFUL LIMITS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment message_size_limit = 20M smtp_receive_timeout = 5m smtp_accept_max = 100 message_body_visible = 3000 print_topbitchars = true # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment # define what to log: # define the => log lines # +delivery_size # +sender_on_delivery # # define the <= log lines: # +received_recipients # +received_sender # +smtp_confirmation # +subject # # define other non '<= =>' log lines: # +smtp_incomplete_transaction ################################### # define what to not log: # define other non "<= =>' log lines: # -dnslist_defer # -host_lookup_failed # -queue_run # -rejected_header # -retry_defer # -skip_delivery ################################### log_selector = \ +delivery_size \ +sender_on_delivery \ +received_recipients \ +received_sender \ +smtp_confirmation \ +subject \ +smtp_incomplete_transaction \ -dnslist_defer \ -host_lookup_failed \ -queue_run \ -rejected_header \ -retry_defer \ -skip_delivery syslog_duplication = false # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message # define local lists domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains domainlist whitelist_from = lsearch;/etc/virtual/whitelist_from domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains : localhost domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 hostlist auth_relay_hosts = * # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. You also need to comment "forbid_domain_literals" below. This is not # recommended for today's Internet. # DO NOT ALLOW HOST LITERALS # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to uncomment the line # below and change the allow_domain_literals line below to true # to allow domain literals in your environment # local_domains_include_host_literals # The following line prevents Exim from recognizing addresses of the form # "user@[111.111.111.111]" that is, with a "domain literal" (an IP address) # instead of a named domain. The RFCs still require this form, but it makes # little sense to permit mail to be sent to specific hosts by their IP address # in the modern Internet, and this ancient format has been used by those # seeking to abuse hosts by using them for unwanted relaying. If you really # do want to support domain literals, remove the following line, and see # also the "domain_literal" router below. allow_domain_literals = false # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # DO HOST LOOKUP # OPTIONAL MODIFICATIONS: # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 0s # BOUNCE MESSAGES # OPTIONAL MODIFICATIONS: # When Exim can neither deliver a message nor return it to sender, it # "freezes" the delivery error message (aka "bounce message"). There are also # other circumstances in which messages get frozen. They will stay on the # queue forever unless one or both of the following options is set. # This option unfreezes unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_bounce_errors_after = 2d # This option cancels (removes) frozen messages that are older than five days. timeout_frozen_after = 5d # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key tls_advertise_hosts = * #auth_over_tls_hosts = * ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # we accept if the source is local SMTP (i.e. not over TCP/IP). # We do this by testing for an empty sending host field. accept hosts = : # Deny for local domains if local parts begin with a dot or # contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # allow local users to send outgoing messages using slashes # and vertical bars in their local parts but blocks outgoing # local parts that begin with a dot, slash, or vertical bar # but allows them within the local part. The sequence \..\ # is barred. The usage of @ % and ! is barred as before. The # motiviation is to prevent your users (or their virii) from # mounting certain kinds of attacks on reverse sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # accept email from anyone in the whitelist_from list accept domains = +whitelist_from # accept mail to postmaster in any local domain, regardless of source accept local_parts = postmaster domains = +local_domains # accept mail to abuse in any local domain, regardless of source accept local_parts = abuse domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source accept local_parts = hostmaster domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" # but do bypass all checking for whitelisted host names deny message = You may think you're legal but you're still an unwanted spammer # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # Deny unless sender address can be verified: # This statement requires the sender address to be verified before any # subsequent ACL statement can be used. If verification fails, the incoming # recipient address is refused. Verification consists of trying to route the # address, to see if a bounce message could be delivered to it. In the case of # remote addresses, basic verification checks only the domain. #require verify = sender # Deny stuff from insecure hosts & spammers. No exceptions for known users. # but do bypass all checking for whitelisted host names deny message = to unblock $sender_host_name see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains # only smtp.dnsbl.sorbs.net = 127.0.0.5 dnslists = sbl.spamhaus.org : \ relays.ordb.org : \ dnsbl.sorbs.net=127.0.0.5 # Next deny stuff from more "fuzzy" blacklists # but do bypass all checking for whitelisted host names deny message = to unblock $sender_host_name see http://www.example.com/ hosts = !+relay_hosts domains =+use_rbl_domains !authenticated = * # dnslists not including spam.dnsbl.sorbs.net dnslists = bl.spamcop.net : \ dnsbl.njabl.org : \ cbl.abuseat.org : \ dnsbl.sorbs.net!=127.0.0.6 deny message = to unblock $sender_host_name see http://www.example.com/ domains =+use_rbl_domains # rhsbl list is name based dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "mail" file = /etc/virtual/${domain}/filter file_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery virtual_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add file = /var/mail/$local_part group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 700 envelope_to_add file = /var/spool/virtual/${domain}/${local_part} group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration