Re: [exim-dev] potential exploitation vector

Góra strony
Delete this message
Reply to this message
Autor: Yuri Arabadji
Data:  
Dla: exim-dev
CC: Phil Pennock
Temat: Re: [exim-dev] potential exploitation vector
Hello, Phil.

Thanks for your time spent on replying to my message. Let me take another
portion of it ;)

The specific exim's build I'm using is deployed on many hosting servers across
the internet and it would be quite bad if this turns out to be an actual bug:
http://diff.cpanel.net/exim/4.69-23.1/src/exim-4.69-23.1_cpanel_maildir.src.rpm

EXIM_USER is mailnull. exim -bP exim_user outputs mailnull.

uid=47(mailnull) gid=47(mailnull) groups=47(mailnull)

Please see the attached traces and especially the line
"Let's see what UIDs we've got" in exim.daemon.log.

This is an almost unmodified CPanel exim installation. I'm attaching everything
relevant. It would be wonderful if you could explain what's going on there and
whether that is the expected behavior.

Thank you.

On Wednesday 03 November 2010, Phil Pennock wrote:
> On 2010-11-03 at 10:42 +0200, Yuri Arabadji wrote:
> > How is it possible that exim invokes something with superuser privileges
> > and that something is fed with user data?
>
> It means you've built Exim with EXIM_USER=0, something which is strongly
> discouraged in the documentation of past releases and which will not be
> permitted in the next release -- the build tools and a run-time check
> will abort if EXIM_USER is root.
>
> > I'm talking about things like encoding translations that happen when
> > accessing variables in system filter - iconv family of functions, for
> > example. And hey, why are we invoking system filter with euid 0 at all?!
> > Is there any strong reason of doing that or am I getting the code
> > incorrectly?
>
> System filter should be being accessed as the exim user. This is either
> a hard-coded uid specified by name or number, or a hard-coded usercode,
> looked up at run-time. The value coded in was specified in
> Local/Makefile when Exim was built and you can use:
> exim -bP exim_user
> to find out the value.
>



--
Best regards,
Yuri Arabadji -- System Engineer
--- a/src/rfc2047.c    2007-01-08 12:50:18.000000000 +0200
+++ b/src/rfc2047.c    2010-11-03 23:38:18.000000000 +0200
@@ -233,15 +233,20 @@
   *q1 = 0;
   if (target != NULL && strcmpic(target, mimeword+2) != 0)
     {
+
     icd = iconv_open(CS target, CS(mimeword+2));


     if (icd == (iconv_t)(-1))
       {
+    *error = string_sprintf("Let's see what UIDs we've got: uid: %d, gid: %d, euid: %d, egid: %d.", getuid(), getgid(), geteuid(), getegid());
+#if 0
       *error = string_sprintf("iconv_open(\"%s\", \"%s\") failed: %s%s",
         target, mimeword+2, strerror(errno),
         (errno == EINVAL)? " (maybe unsupported conversion)" : "");
+#endif
       }
     }
+
   *q1 = '?';
   #endif


# Exim filter
## Version: 0.17
#    $Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $


## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@???>
##
##     This program is free software; you can redistribute it and/or modify
##    it under the terms of the GNU General Public License as published by
##    the Free Software Foundation; either version 2 of the License, or
##    (at your option) any later version.
##
##    This program is distributed in the hope that it will be useful,
##    but WITHOUT ANY WARRANTY; without even the implied warranty of
##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
##    GNU General Public License for more details.
##
##    You should have received a copy of the GNU General Public License
##    along with this program; if not, write to the Free Software
##    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
## -A copy of the GNU General Public License is distributed with exim itself


## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
finish
endif

## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
  fail text "This message has been rejected because it has\n\
         an overlength date field which can be used\n\
         to subvert Microsoft mail programs\n\
             The following URL has further information\n\
         http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
  seen finish
endif


## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures.  Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
  fail text "This message has been rejected since it has\n\
         the signature of a known virus in the header."
  seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
  # looks like a real error message - just ignore it
  finish
endif



## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
  fail text "This message has been rejected because it has\n\
         potentially executable content $1\n\
         This form of attachment has been used by\n\
             recent viruses or other malware.\n\
         If you meant to send this file then please\n\
         package it up as a zip file and resend it."
  seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
  fail text "This message has been rejected because it has\n\
         potentially executable content $1\n\
         This form of attachment has been used by\n\
             recent viruses or other malware.\n\
         If you meant to send this file then please\n\
         package it up as a zip file and resend it."
  seen finish
endif



## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails.   These were used as the basis for 
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
then
  fail text "This message has been rejected because it has\n\
         a potentially executable attachment $1\n\
         This form of attachment has been used by\n\
             recent viruses or other malware.\n\
         If you meant to send this file then please\n\
         package it up as a zip file and resend it."
  seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
then
  fail text "This message has been rejected because it has\n\
         a potentially executable attachment $1\n\
         This form of attachment has been used by\n\
             recent viruses or other malware.\n\
         If you meant to send this file then please\n\
         package it up as a zip file and resend it."
  seen finish
endif
## -----------------------------------------------------------------------




#### Version history
#
# 0.01 5 May 2000
#    Initial release
# 0.02 8 May 2000
#    Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#    Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#    Check global content-type header.  Efficiency mods to REs
# 0.05 9 May 2000
#    More minor efficiency mods, doc changes
# 0.06 20 June 2000
#    Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#    Latest MS Outhouse bug catching
# 0.08 19 July 2000
#    Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#    More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#    Removed exclusion for error messages - this is a little nasty
#    since it has other side effects, hence we do still exclude
#    on unix like error messages
# 0.11 20 March, 2001
#    Added CMD extension, tidied docs slightly, added RCS tag
#    ** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#    Added HTA extension
# 0.13 22 May, 2001
#    Reformatted regexps and code to build them so that they are
#    shorter than the limits on pre exim 3.20 filters.  This will
#    make them significantly less efficient, but I am getting so
#    many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#    Added .lnk extension - most requested item :-)
#    Reformatted everything so its now built from a set of short
#    library files, cutting down on manual duplication.
#    Changed \w in filename detection to . - dodges locale problems
#    Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#    Changed the . in filename detect to \S (stops it going mad)
# 0.16 19 September, 2001
#    Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#    Syntax fix
#
#### Install Notes
#
# Exim filters run the exim filter language - a very primitive
# scripting language - in place of a user .forward file, or on
# a per system basis (on all messages passing through).
# The filtering capability is documented in the main set of manuals
# a copy of which can be found on the exim web site
#    http://www.exim.org/
#
# To install, copy the filter file (with appropriate permissions)
# to /etc/exim/system_filter.exim and add to your exim config file
# [location is installation depedant - typicaly /etc/exim/config ]
# in the first section the line:-
#    message_filter = /etc/exim/system_filter.exim
#    message_body_visible = 5000
#
# You may also want to set the message_filter_user & message_filter_group
# options, but they default to the standard exim user and so can
# be left untouched.  The other message_filter_* options are only
# needed if you modify this to do other functions such as deliveries.
# The main exim documentation is quite thorough and so I see no need
# to expand it here...
#
# Any message that matches the filter will then be bounced.
# If you wish you can change the error message by editing it
# in the section above - however be careful you don't break it.
#
# After install exim should be restarted - a kill -HUP to the
# daemon will do this.
#
#### LIMITATIONS
#
# This filter tries to parse MIME with a regexp... that doesn't
# work too well.  It will also only see the amount of the body
# specified in message_body_visible
#
#### BASIS
#
# The regexp that is used to pickup MIME/uuencoded body parts with
# quoted filenames is replicated below (in perl format).  
# You need to remember that exim converts newlines to spaces in
# the message_body variable.
#
#      (?:Content-                    # start of content header
#      (?:Type: (?>\s*)                # rest of c/t header
#        [\w-]+/[\w-]+                # content-type (any)
#        |Disposition: (?>\s*)            # content-disposition hdr
#        attachment)                    # content-disposition
#      ;(?>\s*)                    # ; space or newline
#      (?:file)?name=                # filename=/name= 
#      |begin (?>\s+) [0-7]{3,4} (?>\s+))         # begin octal-mode
#      (\"[^\"]+\.                    # quoted filename.
#        (?:ad[ep]                # list of extns
#        |ba[st]
#        |chm
#        |cmd
#        |com
#        |cpl
#        |crt
#        |eml
#        |exe
#        |hlp
#        |hta
#        |in[fs]
#        |isp
#        |jse?
#        |lnk
#        |md[be]
#        |ms[cipt]
#        |pcd
#        |pif
#        |reg
#        |scr
#        |sct
#        |shs
#        |url
#        |vb[se]
#        |ws[fhc])
#      \"                        # end quote
#      )                        # end of filename capture
#      [\s;]                        # trailing ;/space/newline


#
#
### [End]

if ($h_X-Spam-Score: matches \N^\d+$\N and $h_X-Spam-Score: is above 200)
then
    fail text "The mail server detected your message as spam and has prevented delivery (200)."
endif


if "${if def:header_X-Spam-Subject: {there}}" is there
then
    headers remove Subject
    headers add "Subject: $h_X-Spam-Subject:"
    headers remove X-Spam-Subject
endif

#!!# cPanel Exim 4 Config

log_selector = +all

hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts

hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts

hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks

hostlist backupmx_hosts = lsearch;/etc/backupmxhosts

hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts

domainlist user_domains = lsearch;/etc/userdomains

smtp_receive_timeout = 165s

ignore_bounce_errors_after = 3d

timeout_frozen_after = 5d

auto_thaw = 7d

callout_domain_negative_expire = 1h

callout_negative_expire = 1h

daemon_smtp_ports = 25 : 465

tls_on_connect_ports = 465

tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

acl_smtp_connect = acl_connect

acl_smtp_mail = acl_mail

acl_smtp_notquit = acl_notquit

spamd_address = 127.0.0.1 783

system_filter=/etc/cpanel_exim_system_filter




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.

domainlist local_domains = lsearch;/etc/localdomains

domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost
hostlist auth_relay_hosts = *


######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
We do not authorize the use of this system to transport unsolicited, \n\
and/or bulk e-mail."


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false

rfc1413_query_timeout = 2s

split_spool_directory = yes

smtp_connect_backlog = 50
smtp_accept_max = 100

# primary_hostname =
deliver_queue_load_max = 3

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@???" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000






# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@???", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers



tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl



########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 7.2
# Template: mailman2.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################

acl_mail:

# ignore authenticated hosts
    accept authenticated = *


# ignore pop before smtp 
    accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
    accept hosts = +relay_hosts


deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL




drop  
    condition = ${if match{$sender_helo_name}{$primary_hostname}}
    message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"



drop 
    condition = ${if eq{[$interface_address]}{$sender_helo_name}}
    message   = "REJECTED - Interface: $interface_address is _my_ address"


drop
    condition   = ${if isip{$sender_helo_name}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)


drop
    # Required because "[IPv6:<address>]" will have no .s
    condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
    condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)


drop
    condition   = ${if match{$sender_helo_name}{\N\.$\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)


drop
    condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)



    accept



acl_connect:

    accept
        hosts = +trustedmailhosts


    accept
        condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}



# ignore pop before smtp 
    accept
        condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}


    accept
        hosts = +relay_hosts : +backupmx_hosts


#only rate limit port 25
    accept 
        condition = ${if eq {$interface_port}{25}{no}{yes}}


    defer 
        message = The server has reached its limit for processing requests from your host.  Please try again later.
        log_message = "Host is ratelimited ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
        ratelimit = 1.2 / 1h / strict / per_conn / noupdate




drop
    message = Your host is not allowed to connect to this server.
    log_message = Host is banned
    hosts = +spammeripblocks




# do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
    accept


acl_notquit:

# ignore authenticated hosts
accept authenticated = *

# ignore pop before smtp
accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts

#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}

warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
    log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)"    
    ratelimit = 1.2 / 1h / strict / per_conn





#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
# Log all senders' rates
    warn ratelimit = 0 / 1h / strict
    log_message = Sender rate $sender_rate / $sender_rate_period



accept hosts = :

accept hosts = +skipsmtpcheck_hosts


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}


  #if it gets here it isn't mailman
# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
   deny  hosts = ! +senderverifybypass_hosts
        ! verify = sender


  accept  hosts = *
          authenticated = *



  #if they poped before smtp we just accept
  accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
          add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}


  accept  hosts = +relay_hosts
          add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}


#recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
# a clogged outbox in outlook


 accept
    hosts = +trustedmailhosts


 accept
     condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}






  warn
    log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
    condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
    set acl_m7 = 1


  warn
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"


  drop 
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    message = "Number of failed recipients exceeded.  Come back in a few hours."




#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests
require verify = recipient




# The only problem with this setup is that if the message is for multiple users on the same server
# and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
# This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.
  warn  domains = ! ${primary_hostname} : +local_domains
         condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
         set acl_m0    = 1
         set acl_m1    = ${lookup{$domain}lsearch*{/etc/userdomains}{$value}}


  warn  domains = ${primary_hostname}
          condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
          set acl_m0    = 1
          set acl_m1    = $local_part
# Research in Motion - Blackberry white list
 warn
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
     set acl_m0 = 0



accept domains = +relay_domains

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.



#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept hosts = 127.0.0.1 : +relay_hosts

  accept  hosts = *
          authenticated = *


    accept
        hosts = +trustedmailhosts


    accept
        condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}



  warn
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
    add_header = X-Spam-Subject: ***SPAM*** $h_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: $spam_report
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1


  warn
      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}


warn
condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
add_header = X-Spam-Status: No, score=$spam_score
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Flag: NO
log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"

warn
    condition = ${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because mail server detected a message with a spam score greater or equal to 20.0"


deny
    condition = ${if eq {${acl_m0}}{1}{${if >{$spam_score_int}{200}{1}{0}}}{0}}
    log_message = "The mail server detected your message as spam and has prevented delivery (200)."
    message = "The mail server detected your message as spam and has prevented delivery."





accept






begin authenticators

dovecot_plain:
    driver = dovecot
    public_name = PLAIN
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth1
    server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}


dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite





#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#


begin routers


#!!# If we are trying to deliver to a remote mailman domain that is on the localhost
#!!# let it go though even if its not in /etc/localdomains since mailman will eat
#!!# up 100% of the cpu if we don't

mailman_virtual_router:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
    local_part_suffix_optional
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner       : -request   : \
            -subscribe : -unsubscribe
    transport = mailman_virtual_transport


mailman_virtual_router_nodns:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    local_part_suffix_optional
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner       : -request   : \
            -subscribe : -unsubscribe
    domains = +local_domains
    transport = mailman_virtual_transport_nodns





######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

#
# Demo Safety Router
#

democheck:
    driver = redirect
    require_files = "+/etc/demouids"
    condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
    allow_fail
    data = :fail: demo accounts are not permitted to relay email





# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

boxtrapper_autowhitelist:
driver = accept
condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}}
require_files = "+/usr/local/cpanel/bin/boxtrapper"
transport = boxtrapper_autowhitelist
unseen

#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
#

checkspam2:
    domains = ! +local_domains
    condition = "${perl{checkspam2}}"
    driver = redirect
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    allow_fail
    data = "${perl{checkspam2_results}}"


#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
#
trackbandwidth:
    domains = ! +local_domains
    condition = "${perl{trackbandwidth}}"
    driver = redirect
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    allow_fail
    verify = false
    data = "${perl{trackbandwidth_results}}"


#
# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
#

dk_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}" 
    headers_add = "${perl{mailtrapheaders}}"
    transport = dk_remote_smtp


#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#

lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.

#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = ipliteral
    domains = ! +local_domains
    headers_add = "${perl{mailtrapheaders}}"
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    transport = remote_smtp





#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.

#
# Trap Failures to Remote Domain
#

fail_remote_domains:
driver = redirect
domains = ! +local_domains : ! localhost : ! localhost.localdomain
allow_fail
data = ":fail: The mail server could not deliver mail to $local_part@$domain. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."





#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#




######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
# driver = forwardfile
# file = /etc/spam.filter
# no_check_local_user
# no_verify
# filter
# allow_system_actions







virtual_user_maildir_overquota:
driver = redirect
domains = +user_domains
router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}
require_files = $home/etc/$domain
condition = "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
data = :fail:Mailbox quota exceeded
allow_fail











#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
    file_transport = address_file
    directory_transport = address_directory
    domains = +user_domains
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    allow_fail
    no_verify


#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
# 
mainacct_central_user_filter:
    driver = redirect  
    allow_filter  
    allow_fail
    check_local_user
    domains = ! +user_domains
    condition = ${if eq {${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists {/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{1}{0}}}}
    file = "/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
    directory_transport = address_directory
    file_transport = address_file  
    pipe_transport = address_pipe
    reply_transport = address_reply
    retry_use_local_part  
    no_verify


#
# User Level Filtering for the main account
#
central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    check_local_user
    domains = ! +user_domains
    file = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
    require_files = "+${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}/etc/filter"
    router_home_directory = ${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    retry_use_local_part
    no_verify


#
# User Level Filtering for virtual users
#
virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    no_check_local_user
    domains = +user_domains
    require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
    file = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/filter"
    router_home_directory = ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    no_verify


virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
data = ${lookup{$local_part@$domain}lsearch{/etc/valiases/$domain}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen

#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = accept
    domains = +user_domains
    require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
    condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}}}
    headers_remove="x-spam-exim"
    transport = virtual_userdelivery_spam



virtual_boxtrapper_user:
driver = accept
domains = +user_domains
require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}}}}
retry_use_local_part
transport = virtual_boxtrapper_userdelivery

virtual_user:
driver = accept
headers_remove="x-spam-exim"
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}
transport = virtual_userdelivery


has_alias_but_no_mailbox_discarded_to_prevent_loop:
        driver = redirect
        require_files = "+/etc/valiases/$domain"
        domains = +user_domains
        condition = "${perl{checkvalias}{$domain}{$local_part}}"
        data="#Exim Filter\nseen finish"
        group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
        user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
        allow_filter
        disable_logging = true


valias_domain_file:
  driver = redirect
  allow_defer
  allow_fail
  require_files = +/etc/vdomainaliases/$domain
  condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no} }
  data = $local_part@${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
virtual_aliases:
    driver = redirect
    allow_defer
    allow_fail
    require_files = "+/etc/valiases/$domain"
    data = ${lookup{*}lsearch{/etc/valiases/$domain}}
    file_transport = address_file
    group = mail
    pipe_transport = virtual_address_pipe







# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim


local_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/localaliases}}
file_transport = address_file
pipe_transport = address_pipe
check_local_user



userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
domains = ! +user_domains
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify

#
# Optimzied spambox router
#

localuser_spam:
    driver = accept
    headers_remove="x-spam-exim"
    domains = ! +user_domains
    require_files = "+$home/.spamassassinboxenable"
    condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
    check_local_user
    transport = local_delivery_spam


boxtrapper_localuser:
driver = accept
require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
check_local_user
domains = ! +user_domains
transport = local_boxtrapper_delivery


localuser:
    driver = accept
    headers_remove="x-spam-exim"
    check_local_user
    domains = ! +user_domains
    transport = local_delivery




# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports





remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}


dk_remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
dk_canon = nofws
dk_selector = default


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.


local_delivery:
    driver = appendfile
    delivery_date_add
    envelope_to_add
    directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail"
    maildir_use_size_file
    maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
    maildir_format
    maildir_tag = ,S=$message_size
    quota_size_regex = ,S=(\d+)
    mode = 0660
    return_path_add
    group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
    user = $local_part
    shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part}{1}{0}}
    shadow_transport = rim_bis_notifier_local_user


rim_bis_notifier_local_user:
    driver = pipe
    headers_only
    command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}" ${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}
    group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
    user = $local_part
    log_output = true
    current_directory = "/tmp"
    return_fail_output = true
    return_path_add = false


local_delivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{$local_part}{$value}}}}/mail/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
mode = 0660
return_path_add
user = $local_part









# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.

address_directory:
    driver        = appendfile
    maildir_tag = ,S=$message_size
    quota_size_regex = ,S=(\d+)
    maildir_format
    maildir_use_size_file
    maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
    mode = 0660
    delivery_date_add
    envelope_to_add
    return_path_add
address_pipe:
  driver = pipe
  return_output


virtual_address_pipe:
driver = pipe
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
return_output
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.





virtual_userdelivery_spam:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}/.spam"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}

boxtrapper_autowhitelist:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${authenticated_id}"
user = ${perl{getemailuser}{$authenticated_id}}
group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false

local_boxtrapper_delivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}" $home
user = $local_part
group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false

virtual_boxtrapper_userdelivery:
driver = pipe
command = /usr/local/cpanel/bin/boxtrapper "${local_part}@${domain}" $home
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false


virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
maildir_use_size_file
maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
maildir_format
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
mode = 0660
quota = "${if exists{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
quota_is_inclusive = false
quota_directory = "${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/mail/${domain}/${local_part}"
return_path_add
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
shadow_condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/.cpanel/rim/bis/$local_part@$domain}{1}{0}}
shadow_transport = rim_bis_notifier_virtual_user

rim_bis_notifier_virtual_user:
driver = pipe
headers_only
command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}@${domain}" ${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
group = ${extract{3}{:}{${lookup passwd{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}{$value}}}}
log_output = true
current_directory = "/tmp"
return_fail_output = true
return_path_add = false


address_reply:
driver = autoreply


mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}_${lc:$domain}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman



mailman_virtual_transport_nodns:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman










######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------



begin retry

*            quota




*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h





# End of Exim 4 configuration