cannot start exim with this error:
2011-09-07 18:07:14 Exim configuration error in line 821 of
/etc/mail.d/exim.d/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"
here is my configuration
########################################################################
# macro.conf {
########################################################################
hide mysql_servers = localhost/EmailSystem/exim/Mypasswrd
GREYLIST_TIMEOUT = ${eval:60*10}
GREYLIST_SPAM_THRESHOLD = ${eval:10*1}
SPAM_FILESIZE_LIMIT = 1M
VIRUS_FILESIZE_LIMIT = 32M
MYSQL_LOG=INSERT INTO `spamlog` ( `ID`, `MessageID`, `SenderIP`,
`SenderPort`, `SenderHostname`, `SenderHelo`, `SenderAddress`,
`RecipientAddress`, `Username`, `Domain`, `LoadAverage`, `SpamScore`,
`MessageSize`, `BodySize`, `MessageLines`, `BodyLines`,
`ReceivedHeaders`, `ReceivedProtocol`, `Cipher`, `Authenticated`,
`SenderVerify`, `Age`, `TimeStamp`) \
VALUES( '${quote_mysql:$message_exim_id}', \
'${quote_mysql:$header_Message-ID:}', \
'${quote_mysql:$sender_host_address}', \
'${quote_mysql:$sender_host_port}', \
'${quote_mysql:$sender_host_name}', \
'${quote_mysql:$sender_helo_name}', \
'${quote_mysql:$sender_address}', \
CONCAT('${quote_mysql:$original_local_part}','@','${quote_mysql:$original_domain}'),
\
'${quote_mysql:$local_part}', '${quote_mysql:$domain}', \
'${quote_mysql:$load_average}/1000', \
'${quote_mysql:$header_X-Spam-Score:}', \
'${quote_mysql:$message_size}', \
'${quote_mysql:$message_body_size}', \
'${quote_mysql:$message_linecount}', \
'${quote_mysql:$body_linecount}', \
'${quote_mysql:$received_count}', \
'${quote_mysql:$received_protocol}', \
'${quote_mysql:$tls_cipher}', \
'${quote_mysql:$authenticated_id}', \
'${quote_mysql:$header_X-Sender-Verify:}', \
'${quote_mysql:$message_age}', \
NOW() )
########################################################################
# MAIN CONFIGURATION SETTINGS {
########################################################################
daemon_smtp_ports = smtp : smtps : submission
smtp_enforce_sync = false
primary_hostname = smtp.aldimna.com
domainlist local_domains = ${lookup mysql {\
SELECT domain FROM user WHERE domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM alias WHERE domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM catchall WHERE domain='${quote_mysql:$domain}'\
}}
domainlist relay_to_domains = $smtp_active_hostname
hostlist relay_from_hosts = 127.0.0.1 : 10.0.1.0/24 : 10.0.0.0/24 :
10.0.0.0/26 : 10.0.1.0/26
untrusted_set_sender = *
local_sender_retain = true
local_from_check = false
smtp_banner = \t$smtp_active_hostname ESMTP\n\tExim $version_number\n\t$tod_full
tls_advertise_hosts = *
tls_on_connect_ports = 465
tls_certificate = /etc/ssl/certs/SMTP-Certificate.crt
tls_privatekey = /etc/ssl/private/SMTP-Certificate.key
log_selector = +tls_cipher +tls_peerdn +all_parents +deliver_time
+delivery_size +queue_time +queue_time_overall +received_recipients
+received_sender +smtp_confirmation +lost_incoming_connection
+smtp_incomplete_transaction +smtp_protocol_error +smtp_syntax_error
acl_smtp_connect = acl_check_connect
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
#av_scanner = $acl_m0
av_scanner = clamd:/var/run/clamav/clamd.sock
spamd_address = /var/run/spamassassin/spamd.sock
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
split_spool_directory = true
########################################################################
# 10-acl.conf {
########################################################################
begin acl
acl_check_connect:
accept
acl_check_helo:
accept
acl_check_rcpt:
accept hosts = :
defer message = Your Message is currently still greylisted!
Please try again later.
log_message = message from ${sender_address} over
[${sender_host_address}] is still GreyListed
!authenticated = *
condition = ${if >={GREYLIST_TIMEOUT}{${lookup mysql{\
SELECT (UNIX_TIMESTAMP()-MAX(first_seen)) AS QueueTime \
FROM greylist \
WHERE SenderIP = '${quote_mysql:$sender_host_address}' \
AND SenderAddress = '${quote_mysql:$sender_address}' \
}{$value}{${eval:GREYLIST_TIMEOUT+1}}}}{true}{false}}
warn authenticated = *
message = X-Authenticated-User: $authenticated_id\n\
X-Authenticator: $sender_host_authenticated
deny message = Sender claims to have a local address, but is
neither authenticated nor relayed (try using SMTP-AUTH!)
log_message = Forged Sender address (claims to be local user
[${sender_address}], but isn't authenticated)
!hosts = +relay_from_hosts
!authenticated = *
condition = ${if match_domain{$sender_address_domain}{+local_domains}}
warn message = You cannot be localhost.localdomain in the internet
log_message = HELO is faked as localhost.localdomain
condition = ${if match{$sender_helo_name}{\Nlocalhost\.localdomain\N}}
warn message = X-Invalid-HELO: HELO is IP only (See RFC2821 4.1.3)
log_message = HELO ($sender_helo_name) is IP only (See RFC2821 4.1.3)
condition = ${if isip{$sender_helo_name}}
warn message = X-Invalid-HELO: HELO is no FQDN (contains no
dot) (See RFC2821 4.1.1.1)
log_message = HELO ($sender_helo_name) is no FQDN (contains no
dot) (See RFC2821 4.1.1.1)
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
warn message = X-Invalid-HELO: HELO is no FQDN (ends in dot)
(See RFC2821 4.1.1.1)
log_message = HELO ($sender_helo_name) is no FQDN (ends in dot)
(See RFC2821 4.1.1.1)
condition = ${if match{$sender_helo_name}{\N\.$\N}}
warn message = X-Invalid-HELO: HELO is no FQDN (contains double
dot) (See RFC2821 4.1.1.1)
log_message = HELO ($sender_helo_name) is no FQDN (contains double
dot) (See RFC2821 4.1.1.1)
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
warn message = X-Invalid-HELO: Host impersonating [$primary_hostname]
log_message = HELO ($sender_helo_name) impersonating [$primary_hostname]
condition = ${if match{$sender_helo_name}{$primary_hostname}{yes}{no}}
warn message = X-Invalid-HELO: $interface_address is _my_ address
log_message = HELO ($sender_helo_name) uses _my_ address
($interface_address)
condition = ${if or{{\
eq{[$interface_address]}{$sender_helo_name}\
}{\
eq{$interface_address}{$sender_helo_name}\
}}}
warn message = X-Invalid-HELO: no HELO
log_message = no HELO ($sender_helo_name)
condition = ${if !def:sender_helo_name}
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
warn message = X-Sender-Verify: FAILED ($sender_verify_failure)
log_message = Sender ($sender_address) could not be verified using
callout: $acl_verify_message ($sender_verify_failure)
!verify = sender/callout=10s,random
warn message = X-Sender-Verify: SUCCEEDED (sender exists & accepts mail)
verify = sender/callout=10s,random
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission/sender_retain/domain=
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
deny message = $found_extension files are not accepted here
demime = com:exe:vbs:bat:pif:reg:scr
deny message = Serious MIME defect detected ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus ($malware_name) and
is rejected.
log_message = rejected VIRUS ($malware_name) from $sender_address
to $recipients (ClamAV)
set acl_m0 = clamd:/var/run/clamav/clamd.sock
condition = ${if < {$message_size}{VIRUS_FILESIZE_LIMIT}}
demime = *
malware = *
deny demime = zip:rar:arj:tar:tgz:gz:bz2
condition = ${run{/etc/exim/scan_archive.sh $message_exim_id
${lc:$found_extension}}{no}{yes}}
message = This message contains an unwanted binary Attachment
in ${uc:$found_extension} file using a double extension
log_message = ${uc:$found_extension} archive contains potential
dangerous double extension.
delay = 15s
warn message = X-Spam-Score: $spam_score\n\
X-Spam-Score-Int: $spam_score_int\n\
X-Spam-Bar: $spam_bar\n\
X-Spam-Report: $spam_report
!authenticated = *
condition = ${if < {$message_size}{SPAM_FILESIZE_LIMIT}}
spam = spamassassin:true
defer message = Temporary error while spam-scanning. Please try again later.
log_message = message temporarily rejected, because of spam-scan
error (maybe timeout)
!authenticated = *
condition = ${if < {$message_size}{SPAM_FILESIZE_LIMIT}}
condition = ${if !def:spam_score}
deny message = This message is classified as UBE (SPAM) and
therefore rejected. You scored $spam_score points. Congratulations!
!authenticated = *
condition = ${if >={$spam_score_int}{${lookup mysql{\
SELECT ((max(spam_threshold)*2+10)*10) AS spam_reject_threshold \
FROM user \
WHERE SMTP_allowed='YES' \
}{$value}{15}}}{true}{false}}
defer message = Your Message will be greylisted! Please try again
in GREYLIST_TIMEOUT seconds.
log_message = message from ${sender_address} over
[${sender_host_address}] will be GreyListed as it scores $spam_score
spam points
!authenticated = *
condition = ${if
>={$spam_score_int}{GREYLIST_SPAM_THRESHOLD}{true}{false}}
condition = ${lookup mysql{ \
SELECT MAX(first_seen) \
FROM greylist \
WHERE SenderIP = '${quote_mysql:$sender_host_address}' \
AND SenderAddress = '${quote_mysql:$sender_address}' \
}{false}{true}}
condition = ${lookup mysql{ \
INSERT INTO greylist ( SenderIP, SenderAddress, first_seen ) \
VALUES ( '${quote_mysql:$sender_host_address}',
'${quote_mysql:$sender_address}', UNIX_TIMESTAMP() ) \
}{$value}fail}
warn message = X-GreyList: Message successfully passed
GreyListing after $acl_m0 seconds.
log_message = message from ${sender_address} over
[${sender_host_address}] with HELO ($sender_helo_name) successfully
passed GreyListing after $acl_m0 seconds and scores $spam_score spam
points
!authenticated = *
condition = ${lookup mysql{ \
SELECT MAX(first_seen) \
FROM greylist \
WHERE SenderIP = '${quote_mysql:$sender_host_address}' \
AND SenderAddress = '${quote_mysql:$sender_address}' \
}{true}{false}}
set acl_m0 = ${eval:$tod_epoch-${lookup mysql{ \
SELECT MAX(first_seen) \
FROM greylist \
WHERE SenderIP = '${quote_mysql:$sender_host_address}' \
AND SenderAddress = '${quote_mysql:$sender_address}' \
}{$value}}}
warn message = X-Exim-Version: $version_number (build at $compile_date)\n\
X-Date: $tod_log\n\
X-Connected-IP: $sender_host_address:$sender_host_port
warn message = X-Message-Linecount: $message_linecount\n\
X-Body-Linecount: $body_linecount\n\
X-Message-Size: $message_size\n\
X-Body-Size: $message_body_size
warn log_message = DEBUG load_avgx1000: $load_average spam_score:
$spam_score message_size: $message_size
accept
########################################################################
# 20-routers.conf {
########################################################################
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
mysql_all_domain_alias:
driver = redirect
domains = +local_domains
local_parts = alle
data = ${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS sendto \
FROM user \
WHERE domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}}
condition = ${if or {{\
def:authenticated_id\
}{\
eq {$sender_host_address}{127.0.0.1}\
}}\
}
file_transport = address_file
pipe_transport = address_pipe
mysql_alias:
driver = redirect
# restriction to local domains only may be a double check, as data
takes care of it already ;-)
domains = +local_domains
file_transport = address_file
pipe_transport = address_pipe
data = ${if or {{\
def:authenticated_id\
}{\
eq {$sender_host_address}{127.0.0.1}\
}}{\
${lookup mysql{ \
SELECT sendto \
FROM alias \
WHERE ( username='${quote_mysql:$local_part}' \
AND (domain='${quote_mysql:$domain}' OR domain='') )}}\
} {\
${lookup mysql{ \
SELECT sendto \
FROM alias \
WHERE ( ( username='${quote_mysql:$local_part}' AND
(domain='${quote_mysql:$domain}' OR domain='') ) \
AND internal='NO' )}}\
}}
local_part_suffix = +*
local_part_suffix_optional
mysql_user_condition:
driver = accept
domains = +local_domains
caseful_local_part = true
condition = ${if and {{\
# existing user
eq {${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS email \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{true}{false}}}{true}\
}{\
# different conditions
or {{\
# suffix contains #before# and date (yyyymmdd) is not yet
#before#yyyymmdd
and {{\
eq {${sg{$local_part_suffix}{^#([^#]+)#[0-9]\{8\}\$}{\$1}}}{before}\
}{\
lt {$tod_logfile}{${sg{$local_part_suffix}{^#[^#]+#([0-9]\{8\})\$}{\$1}}}\
}\
}\
}{\
# suffix contains #fromdomain# and the domain-name of sender
and {{\
eq {${sg{$local_part_suffix}{^#([^#]+)#.*\$}{\$1}}}{fromdomain}\
}{\
eq {$sender_address_domain}{${sg{$local_part_suffix}{^#[^#]+#(.*)\$}{\$1}}}\
}\
}\
}{\
# suffix contains #b64from# and the base64 encoded address of
sender DOES NOT WORK YET!
and {{\
eq {${sg{$local_part_suffix}{^#([^#]+)#.*\$}{\$1}}}{b64from}\
}{\
eq {${str2b64:$sender_address}}{${sg{$local_part_suffix}{^#[^#]+#(.*)\$}{\$1}}}\
}\
}\
}\
}\
}\
}\
}
local_part_suffix = #*
transport = local_mysql_delivery
mysql_user:
driver = accept
# restriction to local domains only may be a double check, as the
condition takes care of it already ;-)
domains = +local_domains
condition = ${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS email \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{true}{false}}
local_part_suffix = +*
local_part_suffix_optional
transport = local_mysql_delivery
no_more
mysql_catchall:
driver = redirect
# restriction to local domains only may be a double check, as data
takes care of it already ;-)
domains = +local_domains
file_transport = address_file
pipe_transport = address_pipe
data = ${lookup mysql{ \
SELECT sendto \
FROM catchall \
WHERE domain='${quote_mysql:$domain}' \
}}
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
file_transport = address_file
pipe_transport = address_pipe
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
########################################################################
# 30-transports.conf {
########################################################################
begin transports
remote_smtp:
driver = smtp
spamcheck:
driver = pipe
command = /usr/exim/bin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/bin/vendor_perl/spamc
home_directory = "/tmp"
current_directory = "/tmp"
user = mail
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
local_delivery:
driver = appendfile
directory = /var/mail/${local_part}/
maildir_format
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
local_mysql_delivery:
driver = appendfile
directory = /var/mail/${domain}/${local_part}/
maildir_format
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
headers_remove = Subject : X-Spam-Flag : X-Spam-Score-Int :
X-Spam-Score : X-Spam-Bar : X-Spam-Report
headers_add = "X-Spam-Threshold: ${lookup mysql{ \
SELECT spam_threshold \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{$value}{ERROR}}\n\
X-Spam-Score: $header_X-Spam-Score:\n\
X-Spam-Score-Int: $header_X-Spam-Score-Int:\n\
X-Spam-Bar: $header_X-Spam-Bar:\n\
X-Spam-Report: $header_X-Spam-Report:\n\
X-Spam-Flag: ${if def:header_X-Spam-Score-Int:{\
${if >={${eval:${sg{$header_X-Spam-Score-Int:}{^.*\n}{}}}}\
{${lookup mysql{ \
SELECT spam_threshold*10 \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{$value}{ERROR}}}{YES}{NO}}\
}{\
UNKNOWN\
}}\n\
Subject: ${if def:header_X-Spam-Score-Int:{\
${if >={${eval:${sg{$header_X-Spam-Score-Int:}{^.*\n}{}}}}\
{${lookup mysql{ \
SELECT spam_threshold*10 \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{$value}{ERROR}}}{${lookup mysql{ \
SELECT spam_tag \
FROM user \
WHERE username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{$value}{ERROR}}$h_subject:}{$h_subject:}}\
}{$h_subject:}}\n\
X-Delivered-To: $original_local_part@$original_domain
($local_part@$domain)\n\
X-Message-Age: $message_age"
address_pipe:
driver = pipe
return_fail_output
return_path_add
environment = EXTENSION=${substr_1:$local_part_suffix}
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_directory:
driver = appendfile
maildir_format
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
########################################################################
# 40-retry.conf {
########################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
########################################################################
# 50-rewrite.conf {
########################################################################
begin rewrite
########################################################################
# 60-authenticators.conf {
########################################################################
begin authenticators
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
server_condition = ${if crypteq {$2}{\{sha1\}${lookup mysql{ \
SELECT password \
FROM user \
WHERE CONCAT(username,'@',domain)='${quote_mysql:$1}' \
AND SMTPAUTH_allowed='YES' \
}}}{yes}{no}}
server_set_id = $1
--
Sincerely,
