while to arrive. Have you checked "Received" headers to determine which
>
> ----------------------- ns2 config file -----------------
>
>
> primary_hostname = ns2
> local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
> 0.0.0.0.587 domainlist local_domains = @
> domainlist relay_to_domains =
> hostlist relay_from_hosts = 127.0.0.1 : 204.209.81.0/24 : 192.168.0.0/16
> : 208.118.93.0/24: 208.118.94.0/24 acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
> av_scanner = clamd:127.0.0.1 3310
> spamd_address = 127.0.0.1 783
> tls_advertise_hosts = *
> tls_certificate = /usr/exim/ca.crt
> tls_privatekey = /usr/exim/ca.key
> daemon_smtp_ports = 25 : 465 : 587
> tls_on_connect_ports = 465
> never_users = root
> host_lookup = *
> rfc1413_hosts = *
> rfc1413_query_timeout = 5s
> ignore_bounce_errors_after = 2d
> timeout_frozen_after = 7d
> auto_thaw = 1m
> begin acl
> acl_check_rcpt:
> # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
> by # testing for an empty sending host field.
> accept hosts = :
> control = dkim_disable_verify
>
> #########################################################################
> #### # The following section of the ACL is concerned with local parts
> that contain # @ or % or ! or / or | or dots in unusual places.
> #
> # The characters other than dots are rarely found in genuine local
> parts, but # are often tried by people looking to circumvent relaying
> restrictions. # Therefore, although they are valid in local parts,
> these rules lock them # out, as a precaution.
> #
> # Empty components (two dots in a row) are not valid in RFC 2822, but
> Exim # allows them because they have been encountered. (Consider local
> parts # constructed as "firstinitial.secondinitial.familyname" when
> applied to # someone like me, who has no second initial.) However, a
> local part starting # with a dot or containing /../ can cause trouble
> if it is used as part of a # file name (e.g. for a mailing list). This
> is also true for local parts that # contain slashes. A pipe symbol can
> also be troublesome if the local part is # incorporated unthinkingly
> into a shell command line.
> #
> # Two different rules are used. The first one is stricter, and is
> applied to # messages that are addressed to one of the local domains
> handled by this # host. The line "domains = +local_domains" restricts
> it to domains that are # defined by the "domainlist local_domains"
> setting above. The rule blocks # local parts that begin with a dot or
> contain @ % ! / or |. If you have # local accounts that include these
> characters, you will have to modify this # rule.
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[@%!/|]
> # The second rule applies to all other domains, and is less strict. The
> line # "domains = !+local_domains" restricts it to domains that are NOT
> defined by # the "domainlist local_domains" setting above. The
> exclamation mark is a # negating operator. This rule allows your own
> users to send outgoing # messages to sites that use slashes and
> vertical bars in their local parts. # It blocks local parts that begin
> with a dot, slash, or vertical bar, but # allows these characters
> within the local part. However, the sequence /../ # is barred. The use
> of @ % and ! is blocked, as before. The motivation here # is to prevent
> your users (or your users' viruses) from mounting certain # kinds of
> attack on remote sites.
> deny message = Restricted characters in address
> domains = !+local_domains
> local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>
> #########################################################################
> #### # Accept mail to postmaster in any local domain, regardless of the
> source, # and without verifying the sender.
> accept local_parts = postmaster
> domains = +local_domains
> # Deny unless the sender address can be verified.
> require verify = sender
> # Accept if the message comes from one of the hosts for which we are an
> # outgoing relay. It is assumed that such hosts are most likely to be
> MUAs, # so we set control=submission to make Exim treat the message as a
> # submission. It will fix up various errors in the message, for
> example, the # lack of a Date: header line. If you are actually
> relaying out out from # MTAs, you may want to disable this. If you are
> handling both relaying from # MTAs and submissions from MUAs you should
> probably split them into two # lists, and handle them differently.
> # Recipient verification is omitted here, because in many cases the
> clients # are dumb MUAs that don't cope well with SMTP error responses.
> If you are # actually relaying out from MTAs, you should probably add
> recipient # verification here.
> # Note that, by putting this test before any DNS black list checks, you
> will # always accept from these hosts, even if they end up on a black
> list. The # assumption is that they are your friends, and if they get
> onto a black # list, it is a mistake.
> accept hosts = +relay_from_hosts
> control = submission
> control = dkim_disable_verify
> # Accept if the message arrived over an authenticated connection, from
> # any host. Again, these messages are usually from MUAs, so recipient
> # verification is omitted, and submission mode is set. And again, we do
> this # check before any black list tests.
> accept authenticated = *
> control = submission
> control = dkim_disable_verify
> # Insist that any other recipient address that we accept is either in
> one of # our local domains, or is in a domain for which we explicitly
> allow # relaying. Any other domain is rejected as being unacceptable
> for relaying. require message = relay not permitted
> domains = +local_domains : +relay_to_domains
> # We also require all accepted addresses to be verifiable. This check
> will # do local part verification for local domains, but only check the
> domain # for remote domains. The only way to check local parts for the
> remote # relay domains is to use a callout (add /callout), but please
> read the # documentation about callouts before doing this.
> require verify = recipient
>
> #########################################################################
> #### # There are no default checks on DNS black lists because the
> domains that # contain these lists are changing all the time. However,
> here are two # examples of how you can get Exim to perform a DNS black
> list lookup at this # point. The first one denies, whereas the second
> just warns.
> #
> deny message = rejected because $sender_host_address is in a
> black list at $dnslist_domain\n$dnslist_text
> dnslists = sbl-xbl.spamhaus.org : \
> dnsbl.njabl.org : \
> combined.njabl.org : \
> dev.null.dk : \
> relays.visi.com : \
> bl.spamcop.net : \
> hostkarma.junkemailfilter.com=127.0.0.2
> #
> warn dnslists = sbl-xbl.spamhaus.org: \
> dnsbl.njabl.org : \
> combined.njabl.org : \
> dev.null.dk : \
> relays.visi.com : \
> bl.spamcop.net : \
> hostkarma.junkemailfilter.com=127.0.0.2
> add_header = X-Warning: $sender_host_address is in a black
> list at $dnslist_domain log_message = found in
> $dnslist_domain
>
> #########################################################################
> ####
> #########################################################################
> #### # This check is commented out because it is recognized that not
> every # sysadmin will want to do it. If you enable it, the check
> performs # Client SMTP Authorization (csa) checks on the sending host.
> These checks # do DNS lookups for SRV records. The CSA proposal is
> currently (May 2005) # an Internet draft. You can, of course, add
> additional conditions to this # ACL statement to restrict the CSA
> checks to certain hosts only. #
> # require verify = csa
>
> #########################################################################
> #### # At this point, the address has passed all the checks that have
> been # configured, so we accept it unconditionally.
> accept
> acl_check_data:
>
> accept authenticated = *
> # Deny if the message contains a virus. Before enabling this check, you
> # must install a virus scanner and set the av_scanner option above.
> #
> deny malware = *
> message = This message contains a virus ($malware_name).
> # Add headers to a message if it is judged to be spam. Before enabling
> this, # you must install SpamAssassin. You may also need to set the
> spamd_address # option above.
> #
> warn spam = nobody
> add_header = X-Spam_score: $spam_score\n\
> X-Spam_score_int: $spam_score_int\n\
> X-Spam_bar: $spam_bar\n\
> X-Spam_report: $spam_report
> # Accept the message.
> accept
> begin routers
> check_dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> verify_only
> pass_router = amavis
> no_more
> check_system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> verify_only
> pass_router = amavis
> check_localuser:
> driver = accept
> check_local_user
> verify_only
> pass_router = amavis
> failed_address_router:
> driver = accept
> verify_only
> fail_verify
> amavis:
> driver = manualroute
> # Do NOT run if received via 10025/tcp or if already spam-scanned
> # or if bounce message ($sender_address="")
> condition = "${if or {{eq {$interface_port}{10025}} \
> {eq {$received_protocol}{spam-scanned}} \
> {eq {$sender_address}{}} \
> }{0}{1}}"
> transport = amavis
> route_list = "* localhost byname"
> self = send
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
> system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
> userforward:
> driver = redirect
> check_local_user
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> localuser:
> driver = accept
> check_local_user
> transport = local_delivery
> cannot_route_message = Unknown user
> # Do NOT run if received via 10025/tcp or if already spam-scanned
> # or if bounce message ($sender_address="")
> begin transports
> remote_smtp:
> driver = smtp
> hosts_avoid_tls=*
> amavis:
> driver = smtp
> port = 10024
> allow_localhost
> local_delivery:
> driver = appendfile
> file = /var/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
> group = mail
> mode = 0600
> address_pipe:
> driver = pipe
> return_output
> address_file:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
> address_reply:
> driver = autoreply
> begin retry
> * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
> begin rewrite
> begin authenticators
> PLAIN:
> driver = plaintext
> public_name = PLAIN
> server_set_id = $auth2
> server_prompts = :
> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
> server_advertise_condition = ${if def:tls_cipher }
> LOGIN:
> driver = plaintext
> public_name = LOGIN
> server_set_id = $auth1
> server_prompts = <| Username: | Password:
> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_advertise_condition = ${if def:tls_cipher }
>
>
> ---- end of conf file ----------------------------
>
>
> I wish to add that if an e-mail is done via port 465 then do not subject
> it to anti-viral tests.
>
> -------------- ns1 configuration -----------------------
>
>
> primary_hostname = ns1
> local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 : 0.0.0.0.465 :
> 0.0.0.0.587 domainlist local_domains =
> @:secure.nl2k.ab.ca:mail.nl2k.ab.ca:mail.nk.ca:nk.ca:nl2k.ca:nl2k.ab.ca:d
> octor.nl2k.ab.ca:lsearch;/usr/exim/vdom3 domainlist relay_to_domains =
> hostlist relay_from_hosts = 204.209.81.0/24 : 127.0.0.1 :
> 208.118.93.0/24: 208.118.94.0/24 trusted_users = exim : majordomo
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
> av_scanner = clamd:127.0.0.1 3310
> spamd_address = 127.0.0.1 783
> tls_advertise_hosts = *
> tls_certificate = /usr/exim/ca.crt
> tls_privatekey = /usr/exim/ca.key
> daemon_smtp_ports = 25 : 465 : 587
> tls_on_connect_ports = 465
> never_users = root
> host_lookup = *
> rfc1413_hosts = *
> rfc1413_query_timeout = 5s
> ignore_bounce_errors_after = 2h
> timeout_frozen_after = 6h
> auto_thaw = 1m
> begin acl
> acl_check_rcpt:
> # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
> by # testing for an empty sending host field.
> accept hosts = :
> control = dkim_enable_verify
>
> #########################################################################
> #### # The following section of the ACL is concerned with local parts
> that contain # @ or % or ! or / or | or dots in unusual places.
> #
> # The characters other than dots are rarely found in genuine local
> parts, but # are often tried by people looking to circumvent relaying
> restrictions. # Therefore, although they are valid in local parts,
> these rules lock them # out, as a precaution.
> #
> # Empty components (two dots in a row) are not valid in RFC 2822, but
> Exim # allows them because they have been encountered. (Consider local
> parts # constructed as "firstinitial.secondinitial.familyname" when
> applied to # someone like me, who has no second initial.) However, a
> local part starting # with a dot or containing /../ can cause trouble
> if it is used as part of a # file name (e.g. for a mailing list). This
> is also true for local parts that # contain slashes. A pipe symbol can
> also be troublesome if the local part is # incorporated unthinkingly
> into a shell command line.
> #
> # Two different rules are used. The first one is stricter, and is
> applied to # messages that are addressed to one of the local domains
> handled by this # host. The line "domains = +local_domains" restricts
> it to domains that are # defined by the "domainlist local_domains"
> setting above. The rule blocks # local parts that begin with a dot or
> contain @ % ! / or |. If you have # local accounts that include these
> characters, you will have to modify this # rule.
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[@%!/|]
> # The second rule applies to all other domains, and is less strict. The
> line # "domains = !+local_domains" restricts it to domains that are NOT
> defined by # the "domainlist local_domains" setting above. The
> exclamation mark is a # negating operator. This rule allows your own
> users to send outgoing # messages to sites that use slashes and
> vertical bars in their local parts. # It blocks local parts that begin
> with a dot, slash, or vertical bar, but # allows these characters
> within the local part. However, the sequence /../ # is barred. The use
> of @ % and ! is blocked, as before. The motivation here # is to prevent
> your users (or your users' viruses) from mounting certain # kinds of
> attack on remote sites.
> deny message = Restricted characters in address
> domains = !+local_domains
> local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>
> #########################################################################
> #### # Accept mail to postmaster in any local domain, regardless of the
> source, # and without verifying the sender.
> accept local_parts = postmaster
> domains = +local_domains:lsearch;/usr/exim/vdom3
> # Deny unless the sender address can be verified.
> ##require verify = sender
> accept domains = +local_domains:lsearch;/usr/exim/vdom3
> endpass
>
>
> /*
>
> The above is commented out as virtual e-mail addresses are not
> being recognised properly. I am using a dbm file.
> How Do I get exim to realises that we have local and virtual that needs
> supporting ?
>
>
> */
> ## Sender Verify on 'Recipient'
> drop message = REJECTED - Sender Verify Failed - error code
> \"$sender_verify_failure\"\n\n\ The return address you are using for this
> email message <$sender_address>\ does not seem to be a working account.
> log_message = REJECTED - Sender Verify Failed - error code
> \"$sender_verify_failure\" !hosts = +no_verify
> !verify = sender/callout=2m,defer_ok
> condition = ${if eq{recipient}{$sender_verify_failure}}
> deny message = REJECTED - Recipient Verify Failed - User Not Found
> domains = +all_mail_handled_locally
> !verify = recipient/callout=2m,defer_ok,use_sender
> warn domains = +local_domains:lsearch;/usr/exim/vdom3
> !verify = recipient
> set acl_c0 = ${eval: $acl_c0+1}
> delay = ${eval: ($acl_c0 - 1) * 60}s
> # Accept if the message comes from one of the hosts for which we are an
> # outgoing relay. It is assumed that such hosts are most likely to be
> MUAs, # so we set control=submission to make Exim treat the message as a
> # submission. It will fix up various errors in the message, for
> example, the # lack of a Date: header line. If you are actually
> relaying out out from # MTAs, you may want to disable this. If you are
> handling both relaying from # MTAs and submissions from MUAs you should
> probably split them into two # lists, and handle them differently.
> # Recipient verification is omitted here, because in many cases the
> clients # are dumb MUAs that don't cope well with SMTP error responses.
> If you are # actually relaying out from MTAs, you should probably add
> recipient # verification here.
> # Note that, by putting this test before any DNS black list checks, you
> will # always accept from these hosts, even if they end up on a black
> list. The # assumption is that they are your friends, and if they get
> onto a black # list, it is a mistake.
> accept hosts = +relay_from_hosts
> control = submission
> control = dkim_disable_verify
> # Accept if the message arrived over an authenticated connection, from
> # any host. Again, these messages are usually from MUAs, so recipient
> # verification is omitted, and submission mode is set. And again, we do
> this # check before any black list tests.
> accept authenticated = *
> control = submission
> control = dkim_disable_verify
> # Insist that any other recipient address that we accept is either in
> one of # our local domains, or is in a domain for which we explicitly
> allow # relaying. Any other domain is rejected as being unacceptable
> for relaying. require message = relay not permitted
> domains = +local_domains : +relay_to_domains
> # We also require all accepted addresses to be verifiable. This check
> will # do local part verification for local domains, but only check the
> domain # for remote domains. The only way to check local parts for the
> remote # relay domains is to use a callout (add /callout), but please
> read the # documentation about callouts before doing this.
> require verify = recipient
>
> #########################################################################
> #### # There are no default checks on DNS black lists because the
> domains that # contain these lists are changing all the time. However,
> here are two # examples of how you can get Exim to perform a DNS black
> list lookup at this # point. The first one denies, whereas the second
> just warns.
> #
> deny message = rejected because $sender_host_address is in a
> black list at $dnslist_domain\n$dnslist_text
> dnslists = sbl-xbl.spamhaus.org : \
> dnsbl.njabl.org : \
> combined.njabl.org : \
> dev.null.dk : \
> relays.visi.com : \
> bl.spamcop.net : \
> hostkarma.junkemailfilter.com=127.0.0.2
> #
> warn dnslists = sbl-xbl.spamhaus.org: \
> dnsbl.njabl.org : \
> combined.njabl.org : \
> dev.null.dk : \
> relays.visi.com : \
> bl.spamcop.net : \
> hostkarma.junkemailfilter.com=127.0.0.2
> add_header = X-Warning: $sender_host_address is in a black
> list at $dnslist_domain log_message = found in
> $dnslist_domain
>
> #########################################################################
> ####
> #########################################################################
> #### # This check is commented out because it is recognized that not
> every # sysadmin will want to do it. If you enable it, the check
> performs # Client SMTP Authorization (csa) checks on the sending host.
> These checks # do DNS lookups for SRV records. The CSA proposal is
> currently (May 2005) # an Internet draft. You can, of course, add
> additional conditions to this # ACL statement to restrict the CSA
> checks to certain hosts only. #
> # require verify = csa
>
> #########################################################################
> #### # At this point, the address has passed all the checks that have
> been # configured, so we accept it unconditionally.
> accept
> acl_check_data:
> # Deny if the message contains a virus. Before enabling this check, you
> # must install a virus scanner and set the av_scanner option above.
> #
> deny malware = *
> message = This message contains a virus ($malware_name).
> # Add headers to a message if it is judged to be spam. Before enabling
> this, # you must install SpamAssassin. You may also need to set the
> spamd_address # option above.
> #
> warn spam = nobody
> add_header = X-Spam_score: $spam_score\n\
> X-Spam_score_int: $spam_score_int\n\
> X-Spam_bar: $spam_bar\n\
> X-Spam_report: $spam_report
> # Accept the message.
> accept
> begin routers
> check_dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> verify_only
> pass_router = amavis
> no_more
> check_system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> verify_only
> pass_router = amavis
> check_localuser:
> driver = accept
> check_local_user
> verify_only
> pass_router = amavis
> failed_address_router:
> driver = accept
> verify_only
> fail_verify
> domains_virtual:
> domains = +local_domains
> driver = redirect
> data=${lookup{$local_part@$domain}dbm{/usr/exim/virtemail}}
>
> domains_virtual_others:
> domains = +local_domains
> driver = redirect
> data=${lookup{@$domain}dbm{/usr/exim/virtemail}}
> amavis:
> driver = manualroute
> # Do NOT run if received via 10025/tcp or if already spam-scanned
> # or if bounce message ($sender_address="")
> condition = "${if or {{eq {$interface_port}{10025}} \
> {eq {$received_protocol}{spam-scanned}} \
> {eq {$sender_address}{}} \
> }{0}{1}}"
> transport = amavis
> route_list = "* localhost byname"
> self = send
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
> system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
> userforward:
> driver = redirect
> check_local_user
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> localuser:
> driver = accept
> check_local_user
> transport = local_delivery
> cannot_route_message = Unknown user
> procmail:
> driver = accept
> check_local_user
> require_files = $home/.procmailrc
> transport = procmail_pipe
> # Do NOT run if received via 10025/tcp or if already spam-scanned
> # or if bounce message ($sender_address="")
> lists:
> driver = redirect
> file = /usr/home/majordomo/lists/$local_part
> forbid_pipe
> forbid_file
> errors_to = $local_part-request@???
> user = majordomo
> no_more
> begin transports
> remote_smtp:
> driver = smtp
> procmail_pipe:
> driver = pipe
> command = /usr/bin/procmail -d $local_part
> return_path_add
> delivery_date_add
> envelope_to_add
> check_string = "From "
> escape_string = ">From "
> umask = 077
> user = $local_part
> group = mail
>
> amavis:
> driver = smtp
> port = 10024
> allow_localhost
> local_delivery:
> driver = appendfile
> file = /var/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
> group = mail
> mode = 0600
> address_pipe:
> driver = pipe
> return_output
> address_file:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
> address_reply:
> driver = autoreply
> begin retry
> * * F,1h,15m; G,10h,1h,1.5; F,7d,1h
> begin rewrite
> begin authenticators
> PLAIN:
> driver = plaintext
> public_name = PLAIN
> server_set_id = $auth2
> server_prompts = :
> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
> server_advertise_condition = ${if def:tls_cipher }
> LOGIN:
> driver = plaintext
> public_name = LOGIN
> server_set_id = $auth1
> server_prompts = <| Username: | Password:
> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_advertise_condition = ${if def:tls_cipher }
>
>
> -------------------------- end of ns1 ---------------
>
> Also noticed mail taking about 1 minute to about several hours of days to
> come in. How do I rectify this?
>
>
> --
> Member - Liberal International This is doctor@??? Ici
> doctor@??? God, Queen and country! Never Satan President Republic!
> Beware AntiChrist rising! http://twitter.com/rootnl2k
> http://www.facebook.com/dyadallee
> Now is the time time to declare your allegiance!
