Re: [exim] Serious Problems .. over 100,000 messages in the …

Top Page
Delete this message
Reply to this message
Author: Andrew Rosolino
Date:  
To: exim-users
Subject: Re: [exim] Serious Problems .. over 100,000 messages in the queue

Thank you for your help so far =) I appreciate it so much!


#!!# cPanel Exim 4 Config


spamd_address = 127.0.0.1 783

system_filter=/etc/cpanel_exim_system_filter




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.

domainlist local_domains = lsearch;/etc/localdomains

domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost
hostlist auth_relay_hosts = *


######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "--"


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false

rfc1413_query_timeout = 2s

split_spool_directory = yes

smtp_connect_backlog = 50
smtp_accept_max = 500

# primary_hostname =
queue_run_max = 15
deliver_queue_load_max = 20
auto_thaw = 1d
ignore_bounce_errors_after = 2d
timeout_frozen_after = 2d
delay_warning = 100d

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@???" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an
unqualified
# email address. Unqualified addresses are accepted only from local callers
by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not
want
# to do any local deliveries, uncomment the following line, but do not
supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000






# If you want to accept mail addressed to your host's literal IP address,
for
# example, mail addressed to "user@???", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a
colon-
# separated list). An attempt to do so gets changed so that it runs under
the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified,
that
# is, they must contain both a local part and a domain. If you want to
accept
# unqualified addresses (just a local part) from certain hosts, you can
specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for
background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers



tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl





#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
                {yes}{no}}


#if it gets here it isn't mailman

  accept  hosts = *
          authenticated = *



  #if they poped before smtp we just accept
  accept  condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
        add_header = ${perl{popbeforesmtpwarn}{$sender_host_address}}
  accept  hosts = +relay_hosts
      add_header = ${perl{popbeforesmtpwarn}{$sender_host_address}}


#recipient verifications are now done after smtp auth and pop before smtp
so the users get back bounces instead of
# a clogged outbox in outlook

#recipient verifications are required for all messages that are not sent
to the local machine
#this was done at multiple users requests
require verify = recipient

 deny message = JunkMail rejected - $sender_fullhost is in an RBL, see
$dnslist_text
     dnslists = zen.spamhaus.org : bl.spamcop.net





require verify = sender


# The only problem with this setup is that if the message is for multiple
users on the same server
# and they are on different unix accounts, the settings for the first
recipient which has spamassassin enabled will be used.
# This shouldn't be a problem 99.9% of the time, however its a very small
price to pay for a massive speed increase.


  warn  domains = ! ${primary_hostname} : +local_domains
    condition = ${if eq
{${acl_m0}}{1}{0}{${perl{acl_checksa_deliver}{$domain}{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}}}}}
    set acl_m0    = 1
    set acl_m1    = ${lookup{$domain}lsearch*{/etc/userdomains}{$value}}


  warn  domains = ${primary_hostname}
    condition = ${if eq
{${acl_m0}}{1}{0}{${perl{acl_checkusersa}{$local_part}{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}}}}}
    set acl_m0    = 1
    set acl_m1    = $local_part



accept domains = +relay_domains

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.



#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept hosts = 127.0.0.1 : +relay_hosts

  accept  hosts = *
          authenticated = *


  warn
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    log_message = "SpamAssassin as ${acl_m1} detected message as spam"
    add_header = X-Spam-Subject: ***SPAM*** $h_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: $spam_report
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1


  warn
  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  add_header = X-Spam-Status: No, score=$spam_score
  add_header = X-Spam-Score: $spam_score_int
  add_header = X-Spam-Bar: $spam_bar
  add_header = X-Spam-Flag: NO
    log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam"


deny
    condition = ${if eq {${acl_m0}}{1}{${if

>{$spam_score_int}{200}{1}{0}}}{0}}

    log_message = "The mail server detected your message as spam and has
prevented delivery (200)."
    message = "The mail server detected your message as spam and has
prevented delivery."





accept






begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
server_set_id = $2

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{checkuserpass}{$1}{$2}}"
server_set_id = $1





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite





#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#


begin routers


#!!# If we are trying to deliver to a remote mailman domain that is on the
localhost
#!!# let it go though even if its not in /etc/localdomains since mailman
will eat
#!!# up 100% of the cpu if we don't

mailman_virtual_router:
    driver = accept
    require_files =
/usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
    local_part_suffix_optional
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner       : -request   : \
            -subscribe : -unsubscribe
    transport = mailman_virtual_transport


mailman_virtual_router_nodns:
    driver = accept
    require_files =
/usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    local_part_suffix_optional
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner       : -request   : \
            -subscribe : -unsubscribe
    domains = +local_domains
    transport = mailman_virtual_transport_nodns





######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

#
# Demo Safety Router
#

democheck:
    driver = redirect
    condition = "${perl{democheck}}"
    allow_fail
    require_files = "+/etc/demousers"
    data = :fail: demo accounts are not permitted to relay email





# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

boxtrapper_autowhitelist:
driver = accept
condition = "${perl{checkbx_autowhitelist}{$authenticated_id}}"
require_files = "+/usr/local/cpanel/bin/boxtrapper"
transport = boxtrapper_autowhitelist
unseen

#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a
userful error
#

checkspam2:
    condition = "${perl{checkspam2}}"
    driver = redirect
    domains = ! +local_domains
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    allow_fail
    data = "${perl{checkspam2_results}}"


#
# Lookup host router for remote smtp and ignores verisign site finder
'service'
#

lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.

#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = ipliteral
    domains = ! +local_domains
    headers_add = "${perl{mailtrapheaders}}"
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    transport = remote_smtp





#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.

#
# Trap Failures to Remote Domain
#

fail_remote_domains:
driver = redirect
domains = ! +local_domains : ! localhost : ! localhost.localdomain
allow_fail
data = ":fail: The mail server could not deliver mail to
$local_part@$domain. The account or domain may not exist, they may be
blacklisted, or missing the proper dns entries."





#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#




######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this
configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively,
you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
# driver = forwardfile
# file = /etc/spam.filter
# no_check_local_user
# no_verify
# filter
# allow_system_actions

















#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
    file_transport = address_file
    directory_transport = address_directory
    domains = lsearch;/etc/userdomains
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    router_home_directory =
${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    allow_fail
    no_verify


#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
# 
mainacct_central_user_filter:
    driver = redirect  
    allow_filter  
    allow_fail
    check_local_user
    domains = ! lsearch;/etc/userdomains
    condition = "${perl{hasfilterfile}{$local_part}}"
    file = "${perl{getfilterfile}{$local_part}}"
    file_transport = address_file  
    pipe_transport = address_pipe
    reply_transport = address_reply
    retry_use_local_part  
    no_verify


#
# User Level Filtering for the main account
#
central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    check_local_user
    domains = ! lsearch;/etc/userdomains
    file =
"${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/etc/filter"
    require_files =
"+${extract{5}{::}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/etc/filter"
    router_home_directory =
${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    retry_use_local_part
    no_verify


#
# User Level Filtering for virtual users
#
virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    no_check_local_user
    domains = lsearch;/etc/userdomains
    file =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/$local_part/filter"
    require_files =
"+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/$local_part/filter"
    router_home_directory =
${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    no_verify


virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/etc/valiases/$domain}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = lsearch;/etc/localdomains
unseen

#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = accept
    require_files =
"+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassinboxenable"
    condition = "${perl{check_deliver_spam}{$domain}{$local_part}}"
    headers_remove="x-spam-exim"
    domains = lsearch;/etc/userdomains
    retry_use_local_part
    transport = virtual_userdelivery_spam



virtual_boxtrapper_user:
driver = accept
condition = "${perl{checkbx_deliver}{$domain}{$local_part}}"
require_files = "+/usr/local/cpanel/bin/boxtrapper"
domains = lsearch;/etc/userdomains
retry_use_local_part
transport = virtual_boxtrapper_userdelivery
virtual_user:
driver = accept
condition = "${perl{check_deliver}{$domain}{$local_part}}"
headers_remove="x-spam-exim"
domains = lsearch;/etc/userdomains
retry_use_local_part
transport = virtual_userdelivery


has_alias_but_no_mailbox_discarded_to_prevent_loop:
    driver = redirect
        condition = "${perl{checkvalias}{$domain}{$local_part}}"
     domains = lsearch;/etc/localdomains
    data="#Exim Filter\nseen finish"
      group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    allow_filter
    disable_logging = true


valias_domain_file:
driver = redirect
allow_defer
allow_fail
condition = ${lookup {$domain} lsearch
{/etc/vdomainaliases/$domain}{yes}{no} }
require_files = +/etc/vdomainaliases/$domain
data = $local_part@${lookup {$domain} lsearch
{/etc/vdomainaliases/$domain} }
virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/valiases/$domain}{${lookup{*}lsearch{/etc/valiases/$domain}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
domains = lsearch;/etc/localdomains
retry_use_local_part






# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim


local_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/localaliases}}
file_transport = address_file
pipe_transport = address_pipe
check_local_user



userforward:
#!!# filter renamed allow_filter
driver = redirect
allow_filter
check_ancestor
check_local_user
domains = ! lsearch;/etc/userdomains
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

#
# Optimzied spambox router
#

localuser_spam:
    driver = accept
    headers_remove="x-spam-exim"
    require_files = "+$home/.spamassassinboxenable"
    condition = "${perl{checkuserspambox}{$local_part}}"
    check_local_user
    domains = ! lsearch;/etc/userdomains
    transport = local_delivery_spam


boxtrapper_localuser:
driver = accept
require_files =
"+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
condition = "${perl{checkuserbx}{$local_part}}"
check_local_user
domains = ! lsearch;/etc/userdomains
transport = local_boxtrapper_delivery


localuser:
driver = accept
headers_remove="x-spam-exim"
check_local_user
domains = ! lsearch;/etc/userdomains
transport = local_delivery



# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports





remote_smtp:
driver = smtp


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory =
"${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail"
maildir_use_size_file
maildir_format
group = mail
mode = 0660
return_path_add
user = $local_part

local_delivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory =
"${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail/.spam"
maildir_use_size_file
maildir_format
group = mail
mode = 0660
return_path_add
user = $local_part









# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is
returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe
fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.

address_directory:
    driver        = appendfile
    maildir_format
address_pipe:
  driver = pipe
  return_output


virtual_address_pipe:
driver = pipe
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
return_output
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.





virtual_userdelivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}/.spam"
maildir_use_size_file
maildir_format
group = mail
mode = 0660
quota = "${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}{$value}}}
{}}"
quota_is_inclusive = false
quota_directory =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

boxtrapper_autowhitelist:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/boxtrapper --autowhitelist
"${authenticated_id}"
user = ${perl{getemailuser}{$authenticated_id}}
group = mail
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false

local_boxtrapper_delivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}"
user = $local_part
group = mail
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false

virtual_boxtrapper_userdelivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}@${domain}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = mail
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false
virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}"
maildir_use_size_file
maildir_format
group = mail
mode = 0660
quota = "${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}
{${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}{$value}}}
{}}"
quota_is_inclusive = false
quota_directory =
"${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"


address_reply:
driver = autoreply


mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}_${lc:$domain}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman



mailman_virtual_transport_nodns:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman










######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------



begin retry




*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h





# End of Exim 4 configuration



Mike Cardwell-7 wrote:
>
> Andrew Rosolino wrote:
>
>> For some reason our queue has over 100,000 e-mail messages in at and they
>> are
>> as old as 48 days!!!
>> I have these variables set:
>> deliver_queue_load_max = 10
>> auto_thaw = 1d
>> ignore_bounce_errors_after = 2d
>> timeout_frozen_after = 2d
>>
>> There is also a bigger problem.. most of those e-mails are all SPAM being
>> sent from our server =(.. we are being badly abused!!!
>>
>> I have it set to delete SPAM messages and not deliver them but its not
>> even
>> deleting it.. I am using SpamAssasin by the way.. here is some headers
>>
>> Return-path: <nehpkbarnettsot@???>
>> Received: from host83-206-dynamic.6-87-r.retail.telecomitalia.it
>> ([87.6.206.83] helo=pcpiero)
>>     by alpha2.shiftcode.com with esmtp (Exim 4.66)
>>     (envelope-from <nehpkbarnettsot@???>)
>>     id 1I15hM-0000EF-IO
>>     for admin@???; Wed, 20 Jun 2007 15:18:37 -0400
>> Received: from 67.28.113.14 (HELO mxvm3.mail.yahoo.com)
>>      by cashmakerclicks.com with esmtp (;+P/J4/36A=: (:H1)
>>      id R6,A-/-K(8G:0-L5
>>      for admin@???; Wed, 20 Jun 2007 19:18:36 -0100
>> Date:    Wed, 20 Jun 2007 19:18:36 -0100
>> From:    "Timmy Key" <nehpkbarnettsot@???>
>> X-Mailer: The Bat! (v3.71.14) Educational
>> X-Priority: 3 (Normal)
>> Message-ID: <943854241.15530397833888@???>
>> To: admin@???
>> Subject: Summer is almost here, be ready
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>>   boundary="----------DAD329AD3293293"
>> X-Spam: Not detected
>> X-Spam-Subject: ***SPAM*** Summer is almost here, be ready
>> X-Spam-Status: Yes, score=26.4
>> X-Spam-Score: 264
>> X-Spam-Bar: ++++++++++++++++++++++++++
>> X-Spam-Report: Spam detection software, running on the system
>> "alpha2.shiftcode.com", has
>>     identified this incoming email as possible spam.  The original message
>>     has been attached to this so you can view it (if it isn't spam) or label
>>     similar future email.  If you have any questions, see
>>     the administrator of that system for details.
>>     Content preview:  Profit by your chance! – 4n4trim – The
>> up-to-the-moment
>> and
>>     most exciting product for weighty people is now available – As told on
>> Oprah
>>     Can you retain all the times when you plead to yourself to do any thing
>> for
>>     being saved from this horrible number of lbs? Happily, now no major
>> sacrifice
>>     is demanded. With 4n4trim, the ground-breaking, you can get healthier
>> mode
>>     of life and a really slender figure. Notice what people say to us! [...] 
>>     Content analysis details:   (26.4 points, 10.0 required)
>>     pts rule name              description
>>     ---- ----------------------
>> --------------------------------------------------
>>     3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
>>     [score: 1.0000]
>>     4.3 RCVD_FORGED_WROTE2     RCVD_FORGED_WROTE2
>>     2.8 RCVD_BAD_ID            RCVD_BAD_ID
>>     2.5 RCVD_FORGED_WROTE      Forged 'Received' header found ('wrote:'
>> spam)
>>     0.0 HS_INDEX_PARAM         URI: Link contains a common tracker pattern.
>>     0.0 HTML_MESSAGE           BODY: HTML included in message
>>     1.4 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76
>> chars
>>     1.9 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL
>> blocklist
>>     [URIs: promfore.com]
>>     1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
>> blocklist
>>     [URIs: promfore.com]
>>     1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
>> blocklist
>>     [URIs: promfore.com]
>>     1.5 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL
>> blocklist
>>     [URIs: promfore.com]
>>     0.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL
>> blocklist
>>     [URIs: promfore.com]
>>     1.1 URIBL_RHS_DOB          Contains an URI of a new domain (Day Old
>> Bread)
>>     [URIs: promfore.com]
>>     0.9 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
>>     [87.6.206.83 listed in zen.spamhaus.org]
>>     0.9 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP
>> address
>>     [87.6.206.83 listed in dnsbl.sorbs.net]
>>     1.5 URIBL_SBL              Contains an URL listed in the SBL blocklist
>>     [URIs: promfore.com]
>>     0.1 RDNS_DYNAMIC           Delivered to trusted network by host with
>>     dynamic-looking rDNS
>>     0.5 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
>> X-Spam-Flag: YES

>>
>> alpha2.shiftcode.com is our server.. how can we stop this from happening
>> =(
>
> Interestingly enough, this message was caught by clamav because of the
> SaneSecurity signature:
>
> Email.Hdr.Sanesecurity.07041201
>
> root@clayman:~# grep Email.Hdr.Sanesecurity.07041201
> /var/lib/clamav/scam.ndb
> Email.Hdr.Sanesecurity.07041201:4:*:582d4d61696c65723a205468652042617421*582d5370616d3a204e6f74206465746563746564*416e617472696d
>
> root@clayman:~# perl -e 'foreach( @ARGV ){s/([a-fA-F0-9]{2})/chr(hex
> $1)/eg;print "$_\n";}' 582d4d61696c65723a205468652042617421
> 582d5370616d3a204e6f74206465746563746564 416e617472696d
> X-Mailer: The Bat!
> X-Spam: Not detected
> 4n4trim
>
> I've obfuscated the word "4n4trim" at several places in this email with
> '4' instead of 'A' to prevent it triggering the sanesecurity sig again.
>
> I wonder how many other people never saw your message. That's the first
> "false positive" I've seen from their sigs. Anyway, back to the matter
> at hand. That particular email is on your queue because you relay for
> admin@???:
>
> root@clayman:~# telnet alpha2.shiftcode.com 25
> Trying 74.53.5.197...
> Connected to alpha2.shiftcode.com.
> Escape character is '^]'.
> 220 --
> EHLO mailout.grepular.com
> 250-alpha2.shiftcode.com Hello mailout.grepular.com [91.186.24.33]
> 250-SIZE 52428800
> 250-PIPELINING
> 250-AUTH PLAIN LOGIN
> 250-STARTTLS
> 250 HELP
> MAIL FROM:<>
> 250 OK
> RCPT TO:<admin@???>
> 250 Accepted
> RCPT TO:<random@???>
> 550-The mail server could not deliver mail to random@???. The
> account
> 550-or domain may not exist, they may be blacklisted, or missing the
> proper dns
> 550 entries.
>
> As for why you relay mail for that address, I couldn't tell you without
> seeing your config... Please show us it.
>
> Mike
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
View this message in context: http://www.nabble.com/Serious-Problems-..-over-100%2C000-messages-in-the-queue-tf4222242.html#a12022539
Sent from the Exim Users mailing list archive at Nabble.com.