[Exim] bogged down server.. config problem?..

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Steve Lazaridis
Date:  
À: Exim users list
Sujet: [Exim] bogged down server.. config problem?..
hi, my server is bogged down with connection attempts from spammers..
ive set up blacklist support.. in an ACL but that hasn't really solved the
problem.

exim ends up using all resources.. and the system can't process the mail.
please take a look at the below exim.conf file and see if you have any
suggestions.. to what the problem could be.

thanks alot!
steve


#!!# cPanel Exim 5 Config




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
acl_smtp_connect = check_connect

#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.

domainlist local_domains = lsearch;/etc/localdomains

domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost
hostlist auth_relay_hosts = *


######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
We do not authorize the use of this system to transport unsolicited, \n\
and/or bulk e-mail."


#nobody as the sender seems to annoy people
no_local_from_check

rfc1413_query_timeout = 2s


smtp_connect_backlog = 50
smtp_accept_max = 100

# primary_hostname =
deliver_queue_load_max = 3
auto_thaw = 1h

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@???" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an
unqualified
# email address. Unqualified addresses are accepted only from local callers
by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not
want
# to do any local deliveries, uncomment the following line, but do not
supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
system_filter = /etc/antivirus.exim
message_body_visible = 5000






# If you want to accept mail addressed to your host's literal IP address,
for
# example, mail addressed to "user@???", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a
colon-
# separated list). An attempt to do so gets changed so that it runs under
the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified,
that
# is, they must contain both a local part and a domain. If you want to
accept
# unqualified addresses (just a local part) from certain hosts, you can
specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for
background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
#rbl_domains = blackholes.mail-abuse.org/reject : \
#        dialups.mail-abuse.org/reject : \
#        relays.mail-abuse.org/warn



# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers


#!!# ignore_errmsg_errors_after renamed ignore_bounce_errors_after
ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than a week.

timeout_frozen_after = 1d


tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl

#!!# ACL that is used after the RCPT command

check_connect:

# slaz
# deny dnslists = blacklist.tudelft.nl : proxies.relays.monkeys.com :
relays.ordb.org
#my_dnslists:
# deny dnslists = blackholes.mail-abuse.org


# removed thses cuz they were blocking valid stuff
#babaknews.persianblog.com : psf.persianblog.com : hallaj2.persianblog.com:\
#1334.persianblog.com: 18tir29khordad.persianblog.com:\
# jonbeshdaneshjo.persianblog.com:\
# behzadfarahmand.blogspot.com: nok.persianblog.com:
persiannote.blogspot.com:\
# diackomand.persianblog.com:
# irannow.blogspot.com: hamishak.blogspot.com : \
# hambastegi-baraie-iran.org: tadbir.topcities.com: iran-chabar.de:\


  deny    message       = rejected because $sender_host_address is \
                         in a black list at $dnslist_domain\n\
                         $dnslist_text
  dnslists  = blacklist.tudelft.nl : proxies.relays.monkeys.com :
relays.ordb.org : flowgoaway.com : *.cluecentral.net : \
     *.blackholes.us : *.nerd.dk : vbl.mookystick.com : bl.spamcop.net :
sbl.spamhaus.org
#    akunews.org : tribun.com : mobarezan.com: azadegy.de : jonbesh.org : \
#   saghf.com: hoder.com: sobhaneh.com: opener.9tg.net:\
#   hemid.com: kanoon-zendanian.org: dfofd.de: jonge-khabar.com:
nejat.info:\
#   trife.com: anonymisers.com: safeproxy.org: guardster.com: proxyweb.net:\
#   peek-a-booty.org: anonymizer.com: anonymize.net:\
#   surfola.com: webwarper.net: htthost.com: proxt22.com:\
#   megaproxy.com: sepadkhorasan.com


accept



check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :


# slaz
# rejects bogus email addresses.
deny local_parts = ^.*[@%!/|]


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}




require verify = sender

accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts = +auth_relay_hosts
  #Alex Line
  accept  authenticated = *
  #deny    message       = relay not permitted
  #End Alex Line
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.
          authenticated = *


  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.






#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept




begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
server_set_id = $1

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{checkuserpass}{$1}{$2}}"
server_set_id = $1





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite

nobody@lsearch;/etc/localdomains "${if !eq
{$header_From:}{}{$header_sender:$header_From:}fail}" Fs
cpanel@lsearch;/etc/localdomains "${if !eq
{$header_From:}{}{$header_sender:$header_From:}fail}" Fs





#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#


begin routers


#!!# If we are trying to deliver to a remote mailman domain that is on the
localhost
#!!# let it go though even if its not in /etc/localdomains since mailman
will eat
#!!# up 100% of the cpu if we don't

mailman_virtual_router:
    driver = accept
    require_files =
/usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/c
onfig.pck
    local_part_suffix_optional
#    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 10.0.0.0/8 :
192.168.0.0/16 : 172.16.0.0/12
    local_part_suffix = -bounces : -bounces+* : \
                        -confirm+* : -join : -leave : \
                        -owner : -request : -admin
    transport = mailman_virtual_transport


# SpamAssassin
spamcheck_router:
no_verify
check_local_user
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
driver = accept
transport = spamcheck



######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.




# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

lookuphost:
  driver = dnslookup
  condition = "${perl{checkspam}}"
  domains = ! +local_domains
  headers_add = "X-AntiAbuse: This header was added to track abuse, please
include it with any abuse report\n\
               X-AntiAbuse: Primary Hostname - $primary_hostname\n\
        X-AntiAbuse: Original Domain - $original_domain\n\
        X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid
$originator_gid] / [$caller_uid $caller_gid]\n\
        X-AntiAbuse: Sender Address Domain - $sender_address_domain\n"
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 10.0.0.0/8 : 192.168.0.0/16
: 172.16.0.0/12
  no_more


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.

literal:
  driver = ipliteral
  condition = "${perl{checkspam}}"
#  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 10.0.0.0/8 : 192.168.0.0/16
: 172.16.0.0/12
  domains = ! +local_domains
  headers_add = "X-AntiAbuse: This header was added to track abuse, please
include it with any abuse report\n\
               X-AntiAbuse: Primary Hostname - $primary_hostname\n\
        X-AntiAbuse: Original Domain - $original_domain\n\
        X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid
$originator_gid] / [$caller_uid $caller_gid]\n\
        X-AntiAbuse: Sender Address Domain - $sender_address_domain"
  transport = remote_smtp





#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.

fail_remote_domains:
driver = redirect
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 10.0.0.0/8 : 192.168.0.0/16
: 172.16.0.0/12
domains = ! +local_domains
allow_fail
data = :fail: unrouteable mail domain "$domain"





#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#




######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this
configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively,
you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
# driver = forwardfile
# file = /etc/spam.filter
# no_check_local_user
# no_verify
# filter
# allow_system_actions






mailman_router:
    driver = accept
    require_files =
/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck
    condition = ${if eq {${lc:$local_part}}{mailman}{1}{0}}
    local_part_suffix_optional
    local_part_suffix = -bounces : -bounces+* : \
                        -confirm+* : -join : -leave : \
                        -owner : -request : -admin
    transport = mailman_transport




virtual_sa_user:
driver = accept
headers_add="${perl{gensaheader_virtual}{$domain}}"
condition =
"${perl{checksa_deliver}{$domain}{$local_part}{$received_protocol}}"
domains = lsearch;/etc/userdomains
retry_use_local_part
transport = virtual_sa_userdelivery

sa_localuser:
driver = accept
check_local_user
headers_add="${perl{gensaheader}{$local_part}}"
condition = "${perl{checkusersa}{$local_part}{$received_protocol}}"
transport = local_sa_delivery




central_filter:
#!!# filter renamed allow_filter
driver = redirect
allow_filter
no_check_local_user
file = /etc/vfilters/${domain}
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
retry_use_local_part
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
no_verify

central_user_filter:
driver = redirect
allow_filter
check_local_user
condition = "${perl{hasfilterfile}{$local_part}}"
file = "${perl{getfilterfile}{$local_part}}"
file_transport = address_file
pipe_transport = virtual_address_pipe
reply_transport = address_reply
retry_use_local_part
no_verify

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/etc/vali
ases/$domain}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = lsearch;/etc/localdomains
unseen

virtual_user_spam:
driver = accept
condition = "${perl{check_deliver_spam}{$domain}{$local_part}}"
headers_remove="x-spam-exim"
domains = lsearch;/etc/userdomains
retry_use_local_part
transport = virtual_userdelivery_spam

virtual_user:
driver = accept
condition = "${perl{check_deliver}{$domain}{$local_part}}"
headers_remove="x-spam-exim"
domains = lsearch;/etc/userdomains
retry_use_local_part
transport = virtual_userdelivery


has_alias_but_no_mailbox_discarded_to_prevent_loop:
 driver = redirect
        condition = "${perl{checkvalias}{$domain}{$local_part}}"
  domains = lsearch;/etc/localdomains
 data="#Exim Filter\nseen finish"
   group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
 user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
 allow_filter


virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/valiases/$domain}{${lookup{$local_part@$domain}lsearch*{/etc/val
iases/$domain}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
domains = lsearch;/etc/localdomains
retry_use_local_part






# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim



userforward:
#!!# filter renamed allow_filter
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

localuser_spam:
driver = accept
headers_remove="x-spam-exim"
condition = "${perl{checkuserspambox}{$local_part}}"
check_local_user
transport = local_delivery_spam

localuser:
driver = accept
headers_remove="x-spam-exim"
check_local_user
transport = local_delivery



# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports





remote_smtp:
driver = smtp


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file =
"${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail/i
nbox"
group = mail
mode = 0660
return_path_add
user = $local_part

local_delivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
file =
"${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail/s
pam"
group = mail
mode = 0660
return_path_add
user = $local_part

local_sa_delivery:
driver = pipe
command = /usr/sbin/sendmail -bS
use_bsmtp = true
transport_filter = "/usr/bin/spamc"
user = $local_part
group = mail
log_output = true
current_directory = "/tmp"
home_directory = "/tmp"
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

# SpamAssassin
spamcheck:
    driver = pipe
    command = /usr/sbin/exim -oMr spam-scanned -bS
    use_bsmtp = true
    transport_filter = /usr/bin/spamc
    home_directory = "/tmp"
    current_directory = "/tmp"
    # must use a privileged user to set $received_protocol on the way back
in!
    user = mail
    group = mail
    log_output = true
    return_fail_output = true
    return_path_add = false
    message_prefix =
    message_suffix =





# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is
returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe
fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.

address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
return_output
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

virtual_sa_userdelivery:
driver = pipe
command = /usr/sbin/sendmail -bS
use_bsmtp = true
transport_filter = "/usr/bin/spamc"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = mail
log_output = true
current_directory = "/tmp"
home_directory = "/tmp"
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

virtual_userdelivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
file =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value
}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}/spam"
group = mail
mode = 0660
quota = "${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{
$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lse
arch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domai
n}/quota}{$value}}} {}}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
file =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value
}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}/inbox"
group = mail
mode = 0660
quota = "${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{
$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lse
arch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domai
n}/quota}{$value}}} {}}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"


address_reply:
driver = autoreply


mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}_${lc:$domain}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman


mailman_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman










######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------



begin retry




*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h





# End of Exim 4 configuration