| commit | author | age | ||
| 8fab6e | 1 | ###################################################################### |
| T | 2 | # MAIN CONFIGURATION SETTINGS # |
| 3 | ###################################################################### | |
| 4 | ||
| 5 | # MySQL defines | |
| 6 | MYSQL_SERVER=localhost | |
| 7 | MYSQL_USER=root | |
| 8 | MYSQL_PASSWORD=matze | |
| 9 | MYSQL_DB=mailserver | |
| 10 | MYSQL_EMAILTABLE=mail_email | |
| 11 | MYSQL_DOMAINTABLE=mail_domain | |
| 12 | MYSQL_WHITETABLE=mail_whitelist | |
| 13 | MYSQL_BLACKTABLE=mail_blacklist | |
| 14 | ||
| 15 | # Server ID for Multiserver Setups | |
| 16 | MAILSERVER_ID=1 | |
| 17 | MAILSERVER_HOSTNAME=mail. | |
| 18 | MAILSERVER_EXIM_BINARY=/usr/sbin/exim4 | |
| 19 | MAILSERVER_SPAMC_BINARY=/usr/bin/spamc | |
| 20 | ||
| 21 | # Mailman vars | |
| 22 | MAILMAN_HOME=/var/lib/mailman | |
| 23 | MAILMAN_WRAP=MAILMAN_HOME/mail/wrapper | |
| 24 | MAILMAN_UID=list | |
| 25 | MAILMAN_GID=list | |
| 26 | ||
| 27 | # MySQL queries | |
| 28 | # MYSQL_Q_LDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'local' | |
| 29 | # MYSQL_Q_RDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'relay' | |
| 30 | ||
| 31 | MYSQL_Q_VSCAN=SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND opt_virscan='yes' | |
| 32 | ||
| 33 | ||
| 34 | MM_HOME=${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${quote_mysql:domain}'}} | |
| 35 | MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck | |
| 36 | MM_WRAP=${lookup mysql{SELECT mm_wrap FROM mail_mailman_domain WHERE domain='${quote_mysql:domain}'}} | |
| 37 | ||
| 38 | # MySQL connection | |
| 39 | hide mysql_servers = "MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD" | |
| 40 | ||
| 41 | # starting 'normal' config | |
| 42 | ||
| 43 | primary_hostname = MAILSERVER_HOSTNAME | |
| 44 | ||
| 45 | domainlist local_domains = mysql;SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND (type = 'local' OR type = 'alias') | |
| 46 | domainlist relay_to_domains = mysql;SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'relay' | |
| 47 | hostlist relay_from_hosts = 127.0.0.1 | |
| 48 | domainlist mmdomains = ${lookup mysql {SELECT domain FROM mail_mailman_domain}} | |
| 49 | ||
| 50 | acl_smtp_rcpt = acl_check_rcpt | |
| 51 | ||
| 52 | qualify_domain = | |
| 53 | # qualify_recipient = | |
| 54 | ||
| 55 | # allow_domain_literals | |
| 56 | ||
| 57 | never_users = root | |
| 58 | trusted_users = mail | |
| 59 | ||
| 60 | host_lookup = * | |
| 61 | rfc1413_hosts = * | |
| 62 | rfc1413_query_timeout = 15s | |
| 63 | ||
| 64 | check_spool_space = 50M | |
| 65 | check_log_space = 20M | |
| 66 | return_size_limit = 20k | |
| 67 | message_size_limit = 20M | |
| 68 | ||
| 69 | # sender_unqualified_hosts = | |
| 70 | # recipient_unqualified_hosts = | |
| 71 | ||
| 72 | # percent_hack_domains = | |
| 73 | ||
| 74 | ignore_bounce_errors_after = 2d | |
| 75 | timeout_frozen_after = 7d | |
| 76 | ||
| 77 | deliver_queue_load_max = 8 | |
| 78 | queue_only_load = 10 | |
| 79 | remote_max_parallel = 15 | |
| 80 | ||
| 81 | #tls_certificate = | |
| 82 | #tls_privatekey = | |
| 83 | #tls_advertise_hosts = * | |
| 84 | ||
| 85 | # SSL/TLS cert and key | |
| 86 | tls_certificate = /etc/exim4/smtpd.cert | |
| 87 | tls_privatekey = /etc/exim4/smtpd.key | |
| 88 | ||
| 89 | # Advertise TLS to anyone | |
| 90 | tls_advertise_hosts = * | |
| 91 | ||
| 92 | # Require auth over SSL only. | |
| 93 | # auth_over_tls_hosts = * | |
| 94 | ||
| 95 | spamd_address = 127.0.0.1 783 | |
| 96 | ||
| 97 | ###################################################################### | |
| 98 | # ACL CONFIGURATION # | |
| 99 | # Specifies access control lists for incoming SMTP mail # | |
| 100 | ###################################################################### | |
| 101 | ||
| 102 | begin acl | |
| 103 | ||
| 104 | acl_check_rcpt: | |
| 105 | accept hosts = : | |
| 106 | deny domains = +local_domains | |
| 107 | local_parts = ^[.] : ^.*[@%!/|] | |
| 108 | deny domains = !+local_domains | |
| 109 | local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ | |
| 110 | accept local_parts = postmaster | |
| 111 | domains = +local_domains | |
| 112 | require verify = sender | |
| 113 | accept domains = +local_domains | |
| 114 | endpass | |
| 115 | verify = recipient | |
| 116 | accept domains = +relay_to_domains | |
| 117 | endpass | |
| 118 | verify = recipient | |
| 119 | accept hosts = +relay_from_hosts | |
| 120 | accept authenticated = * | |
| 121 | deny message = relay not permitted | |
| 122 | ||
| 123 | acl_check_data: | |
| 124 | warn message = X-Spam-Score: $spam_score ($spam_bar) | |
| 125 | spam = nobody:true | |
| 126 | warn message = X-Spam-Report: $spam_report | |
| 127 | spam = nobody:true | |
| 128 | warn message = Subject: *SPAM* $h_Subject | |
| 129 | spam = nobody | |
| 130 | ||
| 131 | # reject spam at high scores (> 12) | |
| 132 | deny message = This message scored $spam_score spam points. | |
| 133 | spam = nobody:true | |
| 134 | condition = ${if >{$spam_score_int}{120}{1}{0}} | |
| 135 | ||
| 136 | ||
| 137 | ||
| 138 | ###################################################################### | |
| 139 | # ROUTERS CONFIGURATION # | |
| 140 | # Specifies how addresses are handled # | |
| 141 | ###################################################################### | |
| 142 | # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # | |
| 143 | # An address is passed to each router in turn until it is accepted. # | |
| 144 | ###################################################################### | |
| 145 | ||
| 146 | begin routers | |
| 147 | ||
| 148 | fail_router: | |
| 149 | driver = redirect | |
| 0ff9ab | 150 | domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND active='0'}{$value}} |
| 8fab6e | 151 | data = ":fail:" |
| T | 152 | allow_fail |
| 153 | ||
| 154 | mailman_router: | |
| 155 | driver = accept | |
| 156 | domains = +mmdomains | |
| 157 | require_files = MM_LISTCHK | |
| 158 | local_part_suffix_optional | |
| 159 | local_part_suffix = -admin : \ | |
| 160 | -bounces : -bounces+* : \ | |
| 161 | -confirm : -confirm+* : \ | |
| 162 | -join : -leave : \ | |
| 163 | -owner : -request : \ | |
| 164 | -subscribe : -unsubscribe | |
| 165 | transport = mailman_transport | |
| 166 | ||
| 167 | dnslookup: | |
| 168 | driver = dnslookup | |
| 169 | domains = ! +local_domains | |
| 170 | transport = remote_smtp | |
| 171 | ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 | |
| 172 | no_more | |
| 173 | ||
| 174 | domain_aliases: | |
| 175 | driver=redirect | |
| 176 | domains=${lookup mysql{SELECT domain FROM mail_domain WHERE type = 'alias'}} | |
| 177 | data=$local_part@${lookup mysql{SELECT destination FROM mail_domain WHERE domain='${domain}'}} | |
| 178 | ||
| 179 | blacklist_router: | |
| 180 | driver = manualroute | |
| 181 | senders = ${lookup mysql {SELECT DISTINCT MYSQL_BLACKTABLE.address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_BLACKTABLE.address}{$value}} | |
| 182 | condition = "${if !def:h_X-Spam-Flag: {1}{0}}" | |
| 183 | headers_add = X-Spam-Flag: YES | |
| 184 | route_list = * localhost | |
| 185 | self = pass | |
| 186 | ||
| 187 | #system_aliases: | |
| 188 | # driver = redirect | |
| 189 | # allow_fail | |
| 190 | # allow_defer | |
| 191 | # data = ${lookup{$local_part}lsearch{/etc/aliases}} | |
| 192 | # user = exim | |
| 193 | # file_transport = address_file | |
| 194 | # pipe_transport = address_pipe | |
| 195 | ||
| 196 | #mysql_systemalias: | |
| 197 | # driver = redirect | |
| 198 | # allow_fail | |
| 199 | # allow_defer | |
| 200 | # data = ${lookup mysql{SELECT dest FROM mail_systemalias WHERE local_part='${quote_mysql:$local_part}'}} | |
| 201 | ||
| 202 | mysql_email_alias: | |
| 203 | driver = redirect | |
| 204 | allow_fail | |
| 205 | allow_defer | |
| 206 | data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'alias'}} | |
| 0ff9ab | 207 | |
| T | 208 | mysql_email_forward: |
| 209 | driver = redirect | |
| 210 | data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'forward'}} | |
| 8fab6e | 211 | |
| T | 212 | #spamcheck_router: |
| 213 | # driver = manualroute | |
| 214 | # domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamscan='yes'}{$value}} | |
| 215 | # senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}} | |
| 216 | # condition = ${if and { \ | |
| 217 | # {!eq {$received_protocol}{spam-scanned}} \ | |
| 218 | # {!eq {$received_protocol}{local}} \ | |
| 219 | # } {1}{0}} | |
| 220 | # headers_remove = X-Spam-Flag | |
| 221 | # route_list = "* localhost byname" | |
| 222 | # transport = spamcheck | |
| 223 | # verify = false | |
| 224 | ||
| 225 | #spampurge_router: | |
| 226 | # driver = manualroute | |
| 227 | # domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spampurge='yes'}{$value}} | |
| 228 | # condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}" | |
| 229 | # route_list = "* localhost byname" | |
| 230 | # transport = devnull_transport | |
| 231 | # verify = false | |
| 232 | ||
| 233 | autoresponder_router: | |
| 234 | driver = accept | |
| 235 | domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND autoresponder='yes'}{$value}} | |
| 236 | transport = autoresponder_transport | |
| 237 | unseen | |
| 238 | ||
| 239 | cc_router: | |
| 240 | driver = redirect | |
| 241 | data = ${lookup mysql {SELECT cc FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}} | |
| 242 | unseen | |
| 243 | ||
| 244 | forward_router: | |
| 245 | driver = redirect | |
| 246 | data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND forward != ''}{$value}} | |
| 247 | ||
| 248 | local_mailbox_router: | |
| 249 | driver = accept | |
| 250 | domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND maildir != ''}{$value}} | |
| 251 | transport = local_delivery | |
| 252 | ||
| 253 | mysql_default_router: | |
| 254 | driver=redirect | |
| 255 | data=${lookup mysql{ SELECT dest FROM mail_virtual_default WHERE domain='${domain}'}} | |
| 256 | allow_fail | |
| 257 | allow_defer | |
| 258 | ||
| 259 | #domain_catchall_director: | |
| 260 | # driver = redirect | |
| 261 | # domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}} | |
| 262 | # data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}} | |
| 263 | ||
| 264 | ###################################################################### | |
| 265 | # TRANSPORTS CONFIGURATION # | |
| 266 | ###################################################################### | |
| 267 | # ORDER DOES NOT MATTER # | |
| 268 | # Only one appropriate transport is called for each delivery. # | |
| 269 | ###################################################################### | |
| 270 | ||
| 271 | begin transports | |
| 272 | ||
| 273 | remote_smtp: | |
| 274 | driver = smtp | |
| 275 | ||
| 276 | devnull_delivery: | |
| 277 | driver = appendfile | |
| 278 | file = /dev/null | |
| 279 | group = mail | |
| 280 | ||
| 281 | address_pipe: | |
| 282 | driver = pipe | |
| 283 | return_output | |
| 284 | ||
| 285 | address_file: | |
| 286 | driver = appendfile | |
| 287 | delivery_date_add | |
| 288 | envelope_to_add | |
| 289 | return_path_add | |
| 290 | ||
| 291 | address_reply: | |
| 292 | driver = autoreply | |
| 293 | ||
| 294 | mailman_transport: | |
| 295 | driver = pipe | |
| 296 | command = /var/mailman/lists.mas-services.co.uk/mail/mailman \ | |
| 297 | '${if def:local_part_suffix \ | |
| 298 | {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ | |
| 299 | {post}}' \ | |
| 300 | $local_part | |
| 301 | current_directory = ${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${domain}'}} | |
| 302 | home_directory = ${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${domain}'}} | |
| 303 | user = ${lookup mysql{SELECT mm_user FROM mail_mailman_domain WHERE domain='${domain}'}} | |
| 304 | group = ${lookup mysql{SELECT mm_group FROM mail_mailman_domain WHERE domain='${domain}'}} | |
| 305 | ||
| 306 | spamcheck: | |
| 307 | driver = pipe | |
| 308 | command = MAILSERVER_EXIM_BINARY -oMr spam-scanned -bS | |
| 309 | use_bsmtp = true | |
| 310 | transport_filter = MAILSERVER_SPAMC_BINARY | |
| 311 | home_directory = "/tmp" | |
| 312 | current_directory = "/tmp" | |
| 313 | user = mail | |
| 314 | group = mail | |
| 315 | log_output = true | |
| 316 | return_fail_output = true | |
| 317 | return_path_add = false | |
| 318 | message_prefix = | |
| 319 | message_suffix = | |
| 320 | ||
| 321 | local_delivery: | |
| 322 | driver = appendfile | |
| 323 | directory = ${lookup mysql {SELECT concat(maildir,'/Maildir') FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}} | |
| 324 | maildir_format | |
| 325 | user = mail | |
| 326 | group = mail | |
| 327 | quota = ${lookup mysql{select quota from MYSQL_EMAILTABLE where email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{${value}M}} | |
| 328 | quota_is_inclusive = false | |
| 329 | #quota_size_regex = ,S=(\d+): | |
| 330 | quota_warn_threshold = 75% | |
| 331 | maildir_use_size_file = false | |
| 332 | quota_warn_message = "To: $local_part@$domain\n\ | |
| 333 | Subject: Mailbox quota warning\n\n\ | |
| 334 | This message was automatically generated by the mail delivery software.\n\n\ | |
| 335 | You are now using over 75% of your allocated mail storage quota.\n\n\ | |
| 336 | If your mailbox fills completely, further incoming messages will be automatically\n\ | |
| 337 | returned to their senders.\n\n\ | |
| 338 | Please take note of this and remove unwanted mail from your mailbox.\n" | |
| 339 | mode = 0660 | |
| 340 | directory_mode = 0770 | |
| 341 | ||
| 342 | #mysql_delivery: | |
| 343 | # driver = appendfile | |
| 344 | # maildir_format | |
| 345 | # directory = \ | |
| 346 | # ${lookup mysql{SELECT maildir FROM passwd \ | |
| 347 | # WHERE email='${local_part}@${domain}'}} | |
| 348 | # user = \ | |
| 349 | # ${lookup mysql{SELECT uid FROM passwd \ | |
| 350 | # WHERE email='${local_part}@${domain}'}} | |
| 351 | # group = \ | |
| 352 | # ${lookup mysql{SELECT gid FROM passwd \ | |
| 353 | # WHERE email='${local_part}@${domain}'}} | |
| 354 | ||
| 355 | ||
| 356 | autoresponder_transport: | |
| 357 | driver = autoreply | |
| 358 | to = ${sender_address} | |
| 359 | from = "vacation@${domain}" | |
| 360 | subject = "Autoresponder: ${local_part}@${domain}" | |
| 361 | text = ${lookup mysql {SELECT autoresponder_text FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}} | |
| 362 | ||
| 363 | devnull_transport: | |
| 364 | driver = appendfile | |
| 365 | file = /dev/null | |
| 366 | user = mail | |
| 367 | ||
| 368 | ###################################################################### | |
| 369 | # RETRY CONFIGURATION # | |
| 370 | ###################################################################### | |
| 371 | ||
| 372 | begin retry | |
| 373 | ||
| 374 | # This single retry rule applies to all domains and all errors. It specifies | |
| 375 | # retries every 15 minutes for 2 hours, then increasing retry intervals, | |
| 376 | # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 | |
| 377 | # hours, then retries every 6 hours until 4 days have passed since the first | |
| 378 | # failed delivery. | |
| 379 | ||
| 380 | # Domain Error Retries | |
| 381 | # ------ ----- ------- | |
| 382 | ||
| 383 | * * F,2h,15m; G,16h,1h,1.5; F,4d,6h | |
| 384 | ||
| 385 | ||
| 386 | ||
| 387 | ###################################################################### | |
| 388 | # REWRITE CONFIGURATION # | |
| 389 | ###################################################################### | |
| 390 | ||
| 391 | # There are no rewriting specifications in this default configuration file. | |
| 392 | begin rewrite | |
| 393 | ||
| 394 | ||
| 395 | ||
| 396 | ###################################################################### | |
| 397 | # AUTHENTICATION CONFIGURATION # | |
| 398 | ###################################################################### | |
| 399 | ||
| 400 | # There are no authenticator specifications in this default configuration file. | |
| 401 | ||
| 402 | begin authenticators | |
| 403 | ||
| 404 | fixed_plain: | |
| 405 | driver = plaintext | |
| 406 | public_name = PLAIN | |
| 0ff9ab | 407 | server_condition = ${lookup mysql{SELECT email FROM MYSQL_EMAILTABLE WHERE email='${quote_mysql:$2}' AND cryptpwd=encrypt('${quote_mysql:$3}' AND active = '1', cryptpwd)}{1}fail} |
| 8fab6e | 408 | server_set_id = $2 |
| T | 409 | |
| 410 | fixed_login: | |
| 411 | driver = plaintext | |
| 412 | public_name = LOGIN | |
| 413 | server_prompts = "Username:: : Password::" | |
| 0ff9ab | 414 | server_condition = ${lookup mysql{SELECT email FROM MYSQL_EMAILTABLE WHERE email='${quote_mysql:$1}' AND cryptpwd=encrypt('${quote_mysql:$2}' AND active = '1', cryptpwd)}{1}fail} |
| 8fab6e | 415 | server_set_id = $1 |
| T | 416 | |
| 417 | cram: | |
| 418 | driver = cram_md5 | |
| 419 | public_name = CRAM-MD5 | |
| 0ff9ab | 420 | server_secret = "${lookup mysql {SELECT clearpwd FROM mail_box WHERE email = '${sg {$1}{'}{}}' AND active = '1'} {$value} fail}" |
| 8fab6e | 421 | server_set_id = $1 |
| T | 422 | |
| 423 | ||
| 424 | ###################################################################### | |
| 425 | # CONFIGURATION FOR local_scan() # | |
| 426 | ###################################################################### | |
| 427 | ||
| 428 | # If you have built Exim to include a local_scan() function that contains | |
| 429 | # tables for private options, you can define those options here. Remember to | |
| 430 | # uncomment the "begin" line. It is commented by default because it provokes | |
| 431 | # an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS | |
| 432 | # set in the Local/Makefile. | |
| 433 | ||
| 434 | # begin local_scan | |
| 435 | ||
| 436 | ||
| 437 | # End of Exim configuration file | |
| 438 | ||
