ok heres the exim.conf
---start------
#!!# cPanel Exim 4 Config
received_header_text = Received: ${if def:sender_rcvhost {from ${if
def:authenticated_id {127.0.0.1} {$sender_rcvhost }}\n\t}} by
$sender_address_domain ${if def:received_protocol {with $received_protocol}}
${if def:tls_cipher {($tls_cipher)\n\t}} (Exim $version_number)\n\t id
$message_id ${if def:received_for {\n\tfor $received_for}}
hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts
hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts
hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks
hostlist backupmx_hosts = lsearch;/etc/backupmxhosts
hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts
domainlist user_domains = ${if exists{/etc/userdomains}
{lsearch;/etc/userdomains} fail}
smtp_receive_timeout = 165s
ignore_bounce_errors_after = 3d
timeout_frozen_after = 5d
auto_thaw = 7d
callout_domain_negative_expire = 1h
callout_negative_expire = 1h
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
system_filter_user = cpaneleximfilter
system_filter_group = cpaneleximfilter
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
acl_smtp_connect = acl_connect
acl_smtp_mail = acl_mail
acl_smtp_notquit = acl_notquit
spamd_address = 127.0.0.1 783
system_filter=/etc/cpanel_exim_system_filter
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.
domainlist local_domains = lsearch;/etc/localdomains
domainlist relay_domains = lsearch;/etc/localdomains : \
lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
localhost
hostlist auth_relay_hosts = *
######################################################################
# Runtime configuration file for Exim #
######################################################################
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
perl_startup = do '/etc/exim.pl'
#dns_retry = 1
#dns_retrans = 1s
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.
smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
We do not authorize the use of this system to transport unsolicited, \n\
and/or bulk e-mail."
#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false
rfc1413_query_timeout = 2s
split_spool_directory = yes
smtp_connect_backlog = 50
smtp_accept_max = 100
# primary_hostname =
deliver_queue_load_max = 3
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "[email protected]" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
# qualify_domain =
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
#!!# message_filter renamed system_filter
message_body_visible = 5000
# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.
# local_domains_include_host_literals
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
#host_lookup = 0.0.0.0/0
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.
# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.
# percent_hack_domains = *
#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers
tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *
helo_accept_junk_hosts = *
smtp_enforce_sync = false
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 8.1
# Template: mailman2.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
acl_mail:
# ignore authenticated hosts
accept authenticated = *
# ignore pop before smtp
accept condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts
#BEGIN ACL_MAIL_BLOCK
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop
condition = ${if match{$sender_helo_name}{^$primary_hostname\$}}
message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
drop
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = "REJECTED - Interface: $interface_address is _my_ address"
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
# Required because "[IPv6:<address>]" will have no .s
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.$\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
#END ACL_MAIL_BLOCK
accept
acl_connect:
#BEGIN ACL_CONNECT_BLOCK
accept
hosts = +trustedmailhosts
accept
condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
# ignore pop before smtp
accept
condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept
hosts = +relay_hosts : +backupmx_hosts
#only rate limit port 25
accept
condition = ${if eq {$interface_port}{25}{no}{yes}}
defer
message = The server has reached its limit for processing requests from
your host. Please try again later.
log_message = "Host is ratelimited ($sender_rate/$sender_rate_period
max:$sender_rate_limit)"
ratelimit = 1.2 / 1h / strict / per_conn / noupdate
#END ACL_CONNECT_BLOCK
# do not change the comment in the line below, it is required for
/usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
accept
acl_notquit:
#BEGIN ACL_NOTQUIT_BLOCK
# ignore authenticated hosts
accept authenticated = *
# ignore pop before smtp
accept condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts
#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}
warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
log_message = "Connection Ratelimit - $sender_fullhost because of notquit:
$smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
ratelimit = 1.2 / 1h / strict / per_conn
#END ACL_NOTQUIT_BLOCK
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
#BEGIN ACL_RATELIMIT_BLOCK
# Log all senders' rates
warn ratelimit = 0 / 1h / strict
log_message = Sender rate $sender_rate / $sender_rate_period
#END ACL_RATELIMIT_BLOCK
accept hosts = :
accept hosts = +skipsmtpcheck_hosts
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
#if it gets here it isn't mailman
# deny must be on the same line as hosts so it will get removed by
buildeximconf if turned off
deny hosts = ! +senderverifybypass_hosts
! verify = sender
accept hosts = *
authenticated = *
# if they used "pop before smtp" then we just accept
accept condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
accept hosts = +relay_hosts
add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
#recipient verifications are now done after smtp auth and pop before smtp so
the users get back bounces instead of
# a clogged outbox in outlook
#recipient verifications are required for all messages that are not sent to
the local machine #this was done at multiple users requests
require verify = recipient
#BEGIN ACL_POST_RECP_VERIFY_BLOCK
warn
log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad
recipients though before engaging)"
condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
set acl_m7 = 1
warn
condition = ${if eq {${acl_m7}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of
Dictionary Attack"
drop
condition = ${if eq {${acl_m7}}{1}{1}{0}}
message = "Number of failed recipients exceeded. Come back in a few hours."
#END ACL_POST_RECP_VERIFY_BLOCK
# The only problem with this setup is that if the message is for multiple
users on the same server
# and they are on different unix accounts, the settings for the first
recipient which has spamassassin enabled will be used.
# This shouldn't be a problem 99.9% of the time, however its a very small
price to pay for a massive speed increase.
warn domains = ! ${primary_hostname} : +local_domains
condition = ${if <= {$message_size}{200K}{${if eq
{${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 = ${lookup{$domain}lsearch*{/etc/userdomains}{$value}}
warn domains = ${primary_hostname}
condition = ${if <= {$message_size}{200K}{${if eq
{${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup
passwd{$local_part}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 = $local_part
#BEGIN ACL_POST_SPAM_SCAN_CHECK_BLOCK
# Research in Motion - Blackberry white list
warn
condition = ${if exists {/etc/mailproviders/rim/ips}{${if
match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
set acl_m0 = 0
#END ACL_POST_SPAM_SCAN_CHECK_BLOCK
accept domains = +relay_domains
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication
turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept hosts = 127.0.0.1 : +relay_hosts
accept hosts = *
authenticated = *
accept
hosts = +trustedmailhosts
accept
condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
#BEGIN ACL_PRE_SPAM_SCAN
# Research in Motion - Blackberry white list
accept
condition = ${if exists {/etc/mailproviders/rim/ips}{${if
match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
#END ACL_PRE_SPAM_SCAN
warn
condition = ${if eq {${acl_m0}}{1}{1}{0}}
spam = ${acl_m1}/defer_ok
log_message = "SpamAssassin as ${acl_m1} detected message as spam
($spam_score)"
add_header = X-Spam-Subject: ***SPAM*** $h_subject
add_header = X-Spam-Status: Yes, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Flag: YES
set acl_m2 = 1
warn
condition = ${if eq {$spam_score_int}{}{0}{${if <=
{${spam_score_int}}{8000}{${if >=
{${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}
warn
condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
add_header = X-Spam-Status: No, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Ham-Report: $spam_report
add_header = X-Spam-Flag: NO
log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam
($spam_score)"
accept
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match
{$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match
{$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
#!!#######################################################!!#
#!!# Here follow routers created from the old routers, #!!#
#!!# for handling non-local domains. #!!#
#!!#######################################################!!#
begin routers
#!!# If we are trying to deliver to a remote mailman domain that is on the
localhost
#!!# let it go though even if its not in /etc/localdomains since mailman will
eat
#!!# up 100% of the cpu if we don't
mailman_virtual_router:
driver = accept
require_files =
/usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_virtual_transport
mailman_virtual_router_nodns:
driver = accept
require_files =
/usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
condition = \
${if or {{match{$local_part}{.*_.*}} \
{eq{$local_part}{mailman}}} \
{1}{0}}
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
domains = +local_domains
transport = mailman_virtual_transport_nodns
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
#
# Demo Safety Router
#
democheck:
driver = redirect
require_files = "+/etc/demouids"
condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids}
{$value}}}{}{false}{true}}"
allow_fail
data = :fail: demo accounts are not permitted to relay email
# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.
boxtrapper_autowhitelist:
driver = accept
condition = ${if eq {$authenticated_id}{}{0}{${if eq
{$sender_address}{$local_part@$domain}{0}{${if
match{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if
match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}}
require_files = "+/usr/local/cpanel/bin/boxtrapper"
transport = boxtrapper_autowhitelist
unseen
#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a
userful error
#
checkspam2:
domains = ! +local_domains
condition = "${perl{checkspam2}}"
driver = redirect
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
allow_fail
data = "${perl{checkspam2_results}}"
#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a
userful error
#
trackbandwidth:
domains = ! +local_domains
condition = "${perl{trackbandwidth}}"
driver = redirect
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
allow_fail
verify = false
data = "${perl{trackbandwidth_results}}"
#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
and uses domain keys
#
dk_lookuphost:
driver = dnslookup
domains = ! +local_domains
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
headers_add = "${perl{mailtrapheaders}}"
transport = dk_remote_smtp
#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#
lookuphost:
driver = dnslookup
domains = ! +local_domains
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
headers_add = "${perl{mailtrapheaders}}"
transport = remote_smtp
# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.
#
# Literal Transports .. ignores verisigns sitefinder service
#
literal:
driver = ipliteral
domains = ! +local_domains
headers_add = "${perl{mailtrapheaders}}"
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
transport = remote_smtp
#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.
#
# Trap Failures to Remote Domain
#
fail_remote_domains:
driver = redirect
domains = ! +local_domains : ! localhost : ! localhost.localdomain
allow_fail
data = ":fail: The mail server could not deliver mail to $local_part@$domain.
The account or domain may not exist, they may be blacklisted, or missing the
proper dns entries."
#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains. #!!#
#!!#######################################################!!#
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).
# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.
#spam_filter:
# driver = forwardfile
# file = /etc/spam.filter
# no_check_local_user
# no_verify
# filter
# allow_system_actions
virtual_user_maildir_overquota:
driver = redirect
domains = +user_domains
router_home_directory = ${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
require_files = $home/etc/$domain
condition = "${if exists {$home/etc/$domain/quota}{${if >
{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq
{${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if >
{${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part
$domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
data = :fail:Mailbox quota exceeded
allow_fail
#
# Account level filtering for everything but the main account
#
central_filter:
driver = redirect
allow_filter
no_check_local_user
file = /etc/vfilters/${domain}
file_transport = address_file
directory_transport = address_directory
domains = +user_domains
pipe_transport = virtual_address_pipe
reply_transport = address_reply
router_home_directory = ${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
allow_fail
no_verify
#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
#
mainacct_central_user_filter:
driver = redirect
allow_filter
allow_fail
check_local_user
domains = ! +user_domains
condition = ${if eq
{${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists
{/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{1}{0}}}}
file =
"/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
retry_use_local_part
no_verify
#
# User Level Filtering for the main account
#
central_user_filter:
driver = redirect
allow_filter
allow_fail
check_local_user
domains = ! +user_domains
file = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
require_files = "+${extract{5}{::}{${lookup
passwd{$local_part}{$value}}}}/etc/filter"
router_home_directory = ${extract{5}{:}{${lookup
passwd{$local_part}{$value}}}}
directory_transport = address_directory
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
retry_use_local_part
no_verify
#
# User Level Filtering for virtual users
#
virtual_user_filter:
driver = redirect
allow_filter
allow_fail
no_check_local_user
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
file = "${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
router_home_directory = ${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
directory_transport = address_directory
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
no_verify
virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
data = ${lookup{$local_part@$domain}lsearch{/etc/valiases/$domain}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#
# Virtual User Spam Boxes
#
virtual_user_spam:
driver = accept
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch
{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if
match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}}}
headers_remove="x-spam-exim"
transport = virtual_userdelivery_spam
virtual_boxtrapper_user:
driver = accept
domains = +user_domains
require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract{5}{::}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}
{false}{${if exists {${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable}
{true} {false}}}}
retry_use_local_part
transport = virtual_boxtrapper_userdelivery
virtual_user:
driver = accept
headers_remove="x-spam-exim"
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}
{false}{true}}
transport = virtual_userdelivery
has_alias_but_no_mailbox_discarded_to_prevent_loop:
driver = redirect
require_files = "+/etc/valiases/$domain"
domains = +user_domains
condition = "${perl{checkvalias}{$domain}{$local_part}}"
data="#Exim Filter\nseen finish"
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
allow_filter
disable_logging = true
valias_domain_file:
driver = redirect
allow_defer
allow_fail
require_files = +/etc/vdomainaliases/$domain
condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no}
}
data = $local_part@${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
virtual_aliases:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
data = ${lookup{*}lsearch{/etc/valiases/$domain}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim
local_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/localaliases}}
file_transport = address_file
pipe_transport = address_pipe
check_local_user
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
domains = ! +user_domains
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify
#
# Optimzied spambox router
#
localuser_spam:
driver = accept
headers_remove="x-spam-exim"
domains = ! +user_domains
require_files = "+$home/.spamassassinboxenable"
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
check_local_user
transport = local_delivery_spam
boxtrapper_localuser:
driver = accept
require_files =
"+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
check_local_user
domains = ! +user_domains
transport = local_boxtrapper_delivery
localuser:
driver = accept
headers_remove="x-spam-exim"
check_local_user
domains = ! +user_domains
transport = local_delivery
# This director matches local user mailboxes.
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a director or a router that
# successfully handles an address.
# This transport is used for delivering messages over SMTP connections.
begin transports
remote_smtp:
driver = smtp
interface = ${if exists
{/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists
{/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = mail
dkim_private_key = /usr/local/cpanel/etc/exim/dkim.key
dk_remote_smtp:
driver = smtp
interface = ${if exists
{/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists
{/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
dk_canon = nofws
dk_selector = default
# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
return_path_add
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
user = $local_part
shadow_condition = ${if exists {${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part}{1}{0}}
shadow_transport = rim_bis_notifier_local_user
rim_bis_notifier_local_user:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}"
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
user = $local_part
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
local_delivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup
passwd{$local_part}{$value}}}}/mail/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
mode = 0660
return_path_add
user = $local_part
# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.
address_directory:
driver = appendfile
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
maildir_format
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
mode = 0660
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
return_output
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
virtual_userdelivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}}
{}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch*
{/etc/userdomains}{$value}}}{$value}}}}
boxtrapper_autowhitelist:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/boxtrapper --autowhitelist
"${authenticated_id}"
user = ${perl{getemailuser}{$authenticated_id}}
group = ${extract{3}{:}{${lookup
passwd{${perl{getemailuser}{$authenticated_id}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
local_boxtrapper_delivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}" $home
user = $local_part
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
virtual_boxtrapper_userdelivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}@${domain}" $home
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch*
{/etc/userdomains}{$value}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}}
{}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch*
{/etc/userdomains}{$value}}}{$value}}}}
shadow_condition = ${if exists {${extract{5}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part@$domain}{1}{0}}
shadow_transport = rim_bis_notifier_virtual_user
rim_bis_notifier_virtual_user:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}@${domain}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch*
{/etc/userdomains}{$value}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
address_reply:
driver = autoreply
mailman_virtual_transport:
driver = pipe
command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${lc:$local_part}_${lc:$domain}
current_directory = /usr/local/cpanel/3rdparty/mailman
home_directory = /usr/local/cpanel/3rdparty/mailman
user = mailman
group = mailman
mailman_virtual_transport_nodns:
driver = pipe
command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${lc:$local_part}
current_directory = /usr/local/cpanel/3rdparty/mailman
home_directory = /usr/local/cpanel/3rdparty/mailman
user = mailman
group = mailman
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
begin retry
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration
This message is for the addressee's use only and may contain confidential,
proprietary or legally privileged information. Unauthorized forwarding,
copying, printing, distribution, or any other unauthorized use of the
information in this message is prohibited. If you believe you are not the
intended recipient of the message, please notify the sender and delete the
message. No confidentiality or privilege is waived or lost by any
mistransmission.
_____
From: Phil Pennock [mailto:[email protected]]
To: [email protected]
Sent: Tue, 30 Aug 2011 09:36:52 +0000
Subject: Re: [exim] problem confirmed with exim and mailing off wrong IPs when
mail is queued
On 2011-08-29 at 22:06 +0000, Matt Justin wrote:
> what so u need to see my exim.conf?
Yes. That's pretty essential to debugging problems, since it's the
exim.conf which dictates how Exim is supposed to deal with any
particular problem.
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
