> I recently migrated (last couple of days) from Exim 3 to Exim 4. Yesterday
> I got hit with 16000+ message of spam and relay issues. I have made the
> neccessary correction to he config and would like a second (3rd, 4th, etc)
> of this config.
>
> This server runs 5 domains where user1@domain1 = user1@domain2 and so forth
> for all five. Also is the internal lan. user name ARE ase sensitive.
> Thank you for any assistance in advance.
> ######################################################################
> # Runtime configuration file for Exim #
> ######################################################################
>
>
> primary_hostname = tanaya.net
> qualify_domain = tanaya.net
>
> spool_directory = /var/spool/mail
>
> domainlist local_domains = localhost : core.lan/24 : tanaya.net :
^^^
That's not a network, that's a domain, remove the /24
> aramaic.org : pelican-consulting.com : christianevangelisation.net :
> falconlawn.com
> domainlist relay_to_domains = localhost : core.lan/24 : tanaya.net :
^^^
Again here.
By the way, if you have these as local_domains, they don't need to be in
relay_to_domains.
> aramaic.org : pelican-consulting.com : christianevangelisation.net :
> falconlawn.com
>
> hostlist relay_from_hosts = 127.0.0.1 : 172.16.63.1/24 : 63.230.33.209 :
^^^^
That's not a network either. If you did want a network, change to:
172.16.63.0/24 otherwise, remove the /24
> 63.230.33.210 : 63.230.33.211 : 63.230.33.212 : 63.230.33.213
Do you really need to relay for this range? If so and they aren't local
and/or secured, you'll need to remove them and implement authentication.
> timeout_frozen_after = 7d
> ignore_bounce_errors_after = 1d
> queue_only = true
> deliver_queue_load_max = 7.0
> queue_only_load = 7.0
> queue_run_max = 1
> smtp_accept_max = 100
>
> acl_smtp_rcpt = acl_check_rcpt
> host_lookup = *
> rfc1413_hosts = *
> rfc1413_query_timeout = 30s
>
>
> begin acl
>
> acl_check_rcpt:
> accept hosts = :
>
> deny local_parts = ^.*[@%!/|] : ^\\.
>
> require verify = sender
>
> accept local_parts = postmaster
> domains = +local_domains
>
> deny message = Spammers NOT welcome!
> dnslists = bl.spamcop.net : relay.ordb.org/reject
^^^^^^^
Remove that.
> accept domains = +local_domains
> endpass
> verify = recipient
> message = unknown user
>
> accept domains = +relay_to_domains
> endpass
> verify = recipient
> message = unrouteable address
>
> accept hosts = +relay_from_hosts
> endpass
> message = relay not permitted
>
> accept authenticated = *
>
> deny message = relay not permitted
>
>
> begin routers
>
> dnslookup:
> driver = dnslookup
> caseful_local_part = TRUE
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
>
> system_aliases:
> driver = redirect
> caseful_local_part = TRUE
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> # user = exim
> file_transport = address_file
> pipe_transport = address_pipe
>
> userforward:
> driver = redirect
> caseful_local_part = TRUE
> check_local_user
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> allow_filter
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
>
> localuser:
> driver = accept
> domains = +local_domains
> caseful_local_part = TRUE
> check_local_user
> verify_sender
> verify_recipient
> transport = local_delivery
>
>
> begin transports
>
> remote_smtp:
> driver = smtp
>
> local_delivery:
> driver = appendfile
> file = /var/spool/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
> # group = mail
> # mode = 0660
>
> address_pipe:
> driver = pipe
> return_output
>
> address_file:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
>
> address_reply:
> driver = autoreply
>
>
> begin retry
>
> # Domain Error Retries
> # ------ ----- -------
>
> * * F,3d,1h
>
>
> begin rewrite
>
> *@tanaya $1@??? REhbcfrstwq
> *@localhost $1@??? REhbcfrstwq
> MikeWise@??? MikeWise@??? REhbcfrstwq
> Aramaic@??? Aramaic@??? REhbcfrstwq
> pelican@??? pelican@??? REhbcfrstwq
>
>
> begin authenticators
>
>
>
> # End of Exim configuration file