.include /etc/exim/macros.conf hide pgsql_servers = PGSQL_SERVERS #primary_hostname = domainlist local_domains = @ : localhost : localhost.localdomain domainlist relay_sql_domains = RELAY_SQL_DOMAINS domainlist relay_sql_smtp_domains = SMTP_SQL_DOMAINS domainlist relay_sql_lmtp_domains = LMTP_SQL_DOMAINS domainlist ldap_domains = LDAP_DOMAINS domainlist smtp_callback_domains = SMTP_CALLBACK_DOMAINS domainlist whitelisted_domains = WHITELISTED_DOMAINS domainlist blacklisted_domains = BLACKLISTED_DOMAINS addresslist whitelisted_addresses = WHITELISTED_ADDRESS addresslist blacklisted_addresses = BLACKLISTED_ADDRESS hostlist whitelisted_hosts = WHITELISTED_HOSTS hostlist blacklisted_hosts = BLACKLISTED_HOSTS hostlist relay_sql_hosts = RELAY_SQL_HOSTS hostlist relay_from_hosts = localhost : localhost.localdomain acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mime = acl_check_mime acl_smtp_connect = acl_check_connect acl_smtp_helo = acl_check_helo acl_smtp_dkim = acl_check_dkim #queue_only = true #queue_only_override = false smtp_banner = Baruwa 2.0 $tod_full smtp_active_hostname = ${if !eq{$sender_host_address}{$received_ip_address}{${lookup dnsdb{ptr=$received_ip_address}}}{$primary_hostname}} smtp_accept_max_per_connection = 60 smtp_accept_max = 0 smtp_load_reserve = 15 smtp_receive_timeout = 3m smtp_accept_max_nonmail = 10 smtp_max_unknown_commands = 1 message_size_limit = 20M spool_directory = /var/spool/exim.in pipelining_advertise_hosts = 127.0.0.1 process_log_path = /var/spool/exim/exim-process.info #log_file_path=:syslog #syslog_duplication=false #syslog_timestamp=false #log_selector = -rejected_header received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Baruwa 2.0)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if !eq {$received_protocol}{split} { ret-id none;}{}}${if def:received_for {\n\tfor $received_for}} av_scanner = clamd:/var/run/clamav/clamd.sock tls_advertise_hosts = * tls_certificate = /etc/pki/baruwa/baruwa.pem tls_privatekey = /etc/pki/baruwa/baruwa.key tls_on_connect_ports = 465 tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH daemon_smtp_ports = 25 : 465 : 587 never_users = root rfc1413_hosts = * rfc1413_query_timeout = 0s ignore_bounce_errors_after = 1d timeout_frozen_after = 3d auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}} perl_startup = do '/etc/exim/baruwa/exim-bcrypt.pl' perl_at_start = true begin acl acl_check_rcpt: accept hosts = : control = submission drop message = REJECTED - Sender $sender_address is banned hosts = +blacklisted_hosts drop message = REJECTED - Domain $sender_address_domain is banned domains = +blacklisted_domains drop message = Dictionary attack detected condition = ${if >{$rcpt_fail_count}{3} {yes}{no}} delay = 10m drop message = Legitimate bounces are never sent to more than one recipient. senders = : postmaster@* condition = ${if >{$recipients_count}{1}{true}{false}} drop message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] drop message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster domains = +local_domains : +relay_sql_domains accept hosts = +relay_from_hosts : +relay_sql_hosts control = submission/sender_retain accept authenticated = * control = submission/sender_retain require message = relay not permitted domains = +local_domains : +relay_sql_domains accept message = Authorized sender: $sender_address senders = +whitelisted_addresses accept message = Authorized sender: $sender_address_domain domains = +whitelisted_domains drop message = REJECTED - because $sender_host_address is in a black list spamhaus.org dnslists = zen.spamhaus.org ratelimit = 0 / 2h / strict / per_conn drop message = REJECTED - because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text dnslists = bl.spamcop.net : cbl.abuseat.org ratelimit = 0 / 2h / strict / per_conn drop message = REJECTED - $dnslist_text dnslists = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain drop message = REJECTED - We don't accept messages from hosts without reverse DNS log_message = No reverse DNS !verify = reverse_host_lookup !verify = sender/no_details/callout=2m,defer_ok !condition = ${if eq{$sender_verify_failure}{}} drop message = REJECTED - Recipient Verification Failed - User Not Found domains = +smtp_callback_domains #!verify = recipient/success_on_redirect/callout=2m,defer_ok,use_sender !verify = recipient/success_on_redirect/callout=2m,defer_ok drop message = REJECTED - User Not Found domains = +ldap_domains condition = ${lookup ldap{${expand:LDAP_LOOKUP}}{0}{1}} deny message = SPF_MSG spf = fail # deny message = $sender_host_address doesn't look trustworthy to me # spf_guess = fail accept acl_check_data: drop malware = * message = This message contains a virus ($malware_name). accept acl_check_mime: drop message = Blacklisted file extension detected condition = ${if match \ {${lc:$mime_filename}} \ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ {1}{0}} accept acl_check_connect: accept hosts = : drop message = REJECTED - because $sender_host_address is a banned sender hosts = +blacklisted_hosts accept message = Authorized sender: $sender_host_address hosts = +whitelisted_hosts defer ratelimit = 250 / 15m / strict message = You can only send $sender_rate_limit msgs per $sender_rate_period log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit) accept acl_check_helo: drop message = REJECTED - no HELO/EHLO greeting log_message = remote host did not present greeting condition = ${if def:sender_helo_name {false}{true}} drop message = REJECTED - HELO is an IP address (See RFC2821 4.1.3) condition = ${if isip{$sender_helo_name}} accept acl_check_dkim: accept authenticated = * accept hosts = : accept hosts = +whitelisted_hosts deny message = REJECTED - DKIM failure: $dkim_verify_reason #dkim_status = none:invalid:fail dkim_status = none:invalid condition = ${if eq {$dkim_key_testing}{1} {no}{yes}} warn add_header = X-DKIM: Status on $received_ip_address using Baruwa 2.0: dkim=$dkim_verify_status; \ signing_identity="$dkim_cur_signer" accept begin routers split: driver = accept domains = +relay_sql_domains condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_count}{1}}}{yes}{no}} transport = send_to_self no_verify no_address_test message_checks: driver = redirect allow_defer data = :defer: queued for message checks no_verify no_address_test deliver_clean_smtp: driver = manualroute domains = +relay_sql_smtp_domains transport = remote_smtp route_data = ${lookup pgsql {ROUTE_QUERY}} no_more deliver_clean_lmtp: driver = manualroute domains = +relay_sql_lmtp_domains transport = remote_lmtp route_data = ${lookup pgsql {ROUTE_QUERY}} no_more dnslookup: driver = dnslookup domains = ! +local_domains : ! +relay_sql_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer domains = @ data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe localuser: driver = accept check_local_user transport = local_delivery cannot_route_message = Unknown user begin transports send_to_self: driver = pipe batch_max = 1 use_bsmtp command = /usr/sbin/exim -oMr split -bS user = exim remote_smtp: driver = smtp delay_after_cutoff = false remote_lmtp: driver = smtp protocol = lmtp delay_after_cutoff = false port = 25 local_delivery: driver = appendfile file = /var/mail/$local_part delivery_date_add envelope_to_add return_path_add group = mail mode = 0660 address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add begin retry * * F,2h,15m; G,16h,1h,1.5; F,14d,6h begin rewrite begin authenticators PLAIN: driver = plaintext server_prompts = : server_condition = ${if and{ {!eq {$auth2}{}} {!eq {$auth3}{}}\ {bool{${perl{check_password}\ {${lookup pgsql {ORG_CHECK_PLAIN}{$value}}}\ {$auth3}}}\ }\ }\ {yes}{no}} server_set_id = $2 server_advertise_condition = ${if def:tls_cipher } LOGIN: driver = plaintext server_prompts = "Username:: : Password::" server_condition = ${if and{ {!eq {$auth1}{}} {!eq {$auth2}{}}\ {bool{${perl{check_password}\ {${lookup pgsql {ORG_CHECK_LOGIN}{$value}}}\ {$auth2}}}}\ }\ {yes}{no}} server_set_id = $1 server_advertise_condition = ${if def:tls_cipher }