Hello
I am inexperienced with exim & dovecot .
I installed exim and dovecot. In general, everything works well. Exim and dovecot use SSL self-signed certificates in /etc/exim.cert.
How to set EXIM to use domain certificates Let's Encrypt ?
np: Create ssl free Let's Encrypt in directadmin for mydomain.com , I would like to see SSL (lets encrypt) port 465 ( exim) and 143(dovecot).
I tried with the tutorials forum. however it didn't work ;-/
What should I change ?
My exim.conf
My exim.variables.conf
My directadmin.conf
My Fiends, help me please
I am inexperienced with exim & dovecot .
I installed exim and dovecot. In general, everything works well. Exim and dovecot use SSL self-signed certificates in /etc/exim.cert.
How to set EXIM to use domain certificates Let's Encrypt ?
np: Create ssl free Let's Encrypt in directadmin for mydomain.com , I would like to see SSL (lets encrypt) port 465 ( exim) and 143(dovecot).
I tried with the tutorials forum. however it didn't work ;-/
What should I change ?
My exim.conf
Code:
# SpamBlockerTechnology* powered exim.conf, Version 4.5.23
# August 15, 2018
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl version 21 or higher
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# http://www.nobaloney.net
#
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
#
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
#
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
#
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin (http://www.directadmin.com/)
#
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
#
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
#
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
#
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
#
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt
#
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
#
# The most recent version of this file may always downloaded from the website
# at: http://www.nobaloney.net/downloads/spamblocker
#
# MODIFICATION INSTRUCTIONS
#
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
#
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt
# CONFIGURATION STARTS HERE
#EDIT#1:
# primary_hostname =
smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
#.include_if_exists /etc/exim.clamav.load.conf
#Block Cracking variables
.include_if_exists /etc/exim.blockcracking/variables.conf
#Easy Spam Figher variables
.include_if_exists /etc/exim.easy_spam_fighter/variables.conf
#SRS
.include_if_exists /etc/exim.srs.conf
#EDIT#3:
# qualify_domain =
#EDIT#4:
perl_startup = do '/etc/exim.pl'
#EDIT#5:
system_filter = /etc/system_filter.exim
#EDIT#6:
untrusted_set_sender = *
#EDIT#7:
#daemon_smtp_ports=25 : 587 : 465 moved to exim.variables.conf
#tls_on_connect_ports = 465 moved to exim.variables.conf
#EDIT#8:
local_from_check = false
RBL_DNS_LIST=\
cbl.abuseat.org : \
bl.spamcop.net : \
b.barracudacentral.org : \
zen.spamhaus.org
.include /etc/exim.variables.conf
.include /etc/exim.strings.conf
.include_if_exists /etc/exim.strings.conf.custom
#EDIT#10:
helo_allow_chars = _
#EDIT#11:
log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery \
+arguments
#EDIT#12:
syslog_duplication = false
#EDIT#13:
acl_not_smtp = acl_script
acl_smtp_auth = acl_check_auth
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10025} {acl_smtp_mail_proxy}{acl_check_mail}}}}
acl_smtp_mailauth = smtp_mailauth
acl_smtp_rcpt = acl_check_recipient
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_smtp_data = acl_check_message
acl_smtp_mime = acl_check_mime
#EDIT#14:
addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
hostlist proxy_hosts_ip = ${if exists{/etc/virtual/proxy_hosts_ip}{/etc/virtual/proxy_hosts_ip}}
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames
BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames
#EDIT#15:
#domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains
#EDIT#16:
#relay_hosts/pophosts moved to variables.conf
#EDIT#17:
never_users = root
#EDIT#18:
host_lookup = *
#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s
#EDIT#20:
#exim.variables.conf
#EDIT#21:
#exim.variables.conf
#EDIT#22:
#exim.variables.conf
#EDIT#23:
tls_advertise_hosts = *
#auth_over_tls_hosts = *
.include_if_exists /etc/exim.variables.conf.post
##################################################################################
# Access Control Lists
##################################################################################
begin acl
######################################
# ACL CONNECT
######################################
#EDIT#24:
acl_connect:
warn set acl_c_spam_assassin_has_run = 0
warn set acl_m_is_whitelisted = 0
warn set acl_c_accept_recipient_if_whitelisted = 1
.include_if_exists /etc/exim.easy_spam_fighter/connect.conf
accept hosts = *
######################################
# ACL CHECK MAIL
######################################
acl_check_mail:
accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
#EDIT#31:
accept sender_domains = +whitelist_domains
logwrite = $sender_host_address whitelisted in local domains whitelist
set acl_m_is_whitelisted = 1
accept hosts = +whitelist_hosts
logwrite = $sender_host_address whitelisted in local hosts whitelist
set acl_m_is_whitelisted = 1
accept hosts = +whitelist_hosts_ip
logwrite = $sender_host_address whitelisted in local hosts IP whitelist
set acl_m_is_whitelisted = 1
# accept if envelope sender is in whitelist
accept senders = +whitelist_senders
logwrite = $sender_host_address whitelisted in local sender whitelist
set acl_m_is_whitelisted = 1
.include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
accept
######################################
# ACL CHECK AUTH
######################################
smtp_mailauth:
accept
hosts = <; 127.0.0.1 ; ::1
condition = ${if eq{$interface_port}{10025}}
log_message = Will accept MAIL AUTH parameter for $authenticated_sender
deny
acl_smtp_mail_proxy:
deny
condition = ${if eq{$interface_port}{10025}}
condition = ${if eq{$authenticated_sender}{}}
message = All connections on port $interface_port need MAIL AUTH sender
######################################
# ACL CHECK AUTH
######################################
#EDIT#24.5#
acl_check_auth:
drop set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
condition = ${if >{$acl_m_authcount}{2}}
delay = 10s
message = ONLY_ONE_AUTH_PER_CONN
accept
######################################
# ACL CHECK HELO
######################################
#EDIT#25:
acl_check_helo:
.include_if_exists /etc/exim.acl_check_helo.pre.conf
# accept mail originating on this server unconditionally
accept hosts = <;; @[]; 127.0.0.0/8 ; ::1 ; @
# deny if the HELO pretends to be this host
deny message = HELO_HOST_IMPERSANATION
condition = ${if or { \
{eq{$sender_helo_name}{$smtp_active_hostname}} \
{eq{$sender_helo_name}{[$interface_address]}} \
} {true}{false} }
# deny if the HELO is an IP address
deny message = HELO_IS_IP
condition = ${if eq{$interface_port}{25}}
condition = ${if isip{$sender_helo_name}}
# deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
deny message = HELO_BLOCKED_FOR_ABUSE
condition = ${if eq{$sender_helo_name}{ylmf-pc}}
# deny if the HELO pretends to be one of the domains hosted on the server
deny message = HELO_IS_LOCAL_DOMAIN
condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
hosts = ! +relay_hosts
.include_if_exists /etc/exim.acl_check_helo.post.conf
accept
######################################
# ACL SCRIPT
######################################
acl_script:
.include_if_exists /etc/exim.acl_script.pre.conf
discard set acl_m_uid = ${perl{find_uid}}
set acl_m_username = ${perl{get_username}{$acl_m_uid}}
condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
message = USER_TOO_MANY
discard condition = ${if !eq{$originator_uid}{$exim_uid}}
condition = ${if exists{BLACKLIST_USERNAMES}}
condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES
discard condition = ${if !eq{$originator_uid}{$exim_uid}}
condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}}
condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}}
message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES
.include_if_exists /etc/exim.blockcracking/script.conf
accept
.include_if_exists /etc/exim.blockcracking/script.recipients.conf
######################################
# ACL CHECK RECIPIENT
######################################
#EDIT#26:
acl_check_recipient:
.include_if_exists /etc/exim.acl_check_recipient.pre.conf
# block certain well-known exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
message = Invalid characters in local_part
local_parts = ^[.] : ^.*[@%!|]
# If you've hit the limit, you can't send anymore. Requires exim.pl 17+
drop message = AUTH_TOO_MANY
condition = ${perl{auth_hit_limit_acl}}
authenticated = *
drop message = MULTIPLE_BOUNCE_RECIPIENTS
senders = : postmaster@*
condition = ${if >{$recipients_count}{0}{true}{false}}
drop message = TOO_MANY_FAILED_RECIPIENTS
log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
!verify = recipient/callout=2m,defer_ok,use_sender
defer message = DOMAIN_SUSPENDED
domains = +local_domains
condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}
drop authenticated = *
condition = ${if exists{BLACKLIST_USERNAMES}}
set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
set acl_m_username = ${perl{get_username}{$acl_m_uid}}
condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
message = USER_ON_BLACKLIST_SMTP
logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES
drop authenticated = *
condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
condition = ${lookup{$authenticated_id}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
message = USER_ON_BLACKLIST_SMTP
logwrite = E-Mail account $authenticated_id is blocked via BLACKLIST_SMTP_USERNAMES
drop authenticated = *
condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
set acl_m_username = ${perl{get_username}{$acl_m_uid}}
condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
message = USER_ON_BLACKLIST_SMTP
logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES
.include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.mid.conf
# Deny if the recipient doesn't exist:
deny message = NO_SUCH_RECIPIENT
domains = +local_domains
!verify = recipient
accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
condition = ${if eq{$acl_c_accept_recipient_if_whitelisted}{1}}
.include_if_exists /etc/exim.acl_check_recipient.mid.conf
#Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking
.include_if_exists /etc/exim.blockcracking/auth.conf
# restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{587} {yes}{no}}
endpass
message = RELAY_NOT_PERMITTED_AUTH
authenticated = *
# Deny all Mailer-Daemon messages not for us:
deny message = We didn't send the message
senders = :
domains = !+relay_domains
!authenticated = *
# Remaining Mailer-Daemon messages must be for us
accept senders = :
domains = +relay_domains
#EDIT#27:
# 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
deny message = R1: HELO_SHOULD_BE_FQDN
!authenticated = *
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
# deny message = R2: HELO_SHOULD_BE_FQDN
# !authenticated = *
# condition = ${if match{$sender_helo_name}{\N\.$\N}}
# 3rd deny makes sure the hostname has no double-dots (invalid)
deny message = R3: HELO_SHOULD_BE_FQDN
!authenticated = *
condition = ${if match{$sender_helo_name}{\N\.\.\N}}
## 4th deny make sure the hostname doesn't end in .home (invalid domain)
# deny message = R4: HELO_SHOULD_BE_FQDN
# !authenticated = *
# condition = ${if match{$sender_helo_name}{\N\.home$\N}}
#EDIT#28:
# warn domains = +skip_av_domains
# set acl_m0 = $tod_epoch
#EDIT#29:
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
#EDIT#30:
accept hosts = :
logwrite = Whitelisted as having local origination
#EDIT#32:
deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
domains = +use_rbl_domains
domains = !+skip_rbl_domains
hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
senders = +blacklist_senders
#EDIT#33:
deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
domains = !+skip_rbl_domains
hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
hosts = +bad_sender_hosts
#EDIT#34:
deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
hosts = +bad_sender_hosts_ip
#EDIT#35:
accept domains = +local_domains
sender_domains = !+blacklist_domains
hosts = !+bad_sender_hosts
hosts = !+bad_sender_hosts_ip
dnslists = list.dnswl.org&0.0.0.2
dnslists = list.dnswl.org!=127.0.0.255
logwrite = $sender_host_address whitelisted in list.dnswl.org
#EDIT#36:
# accept domains = +local_domains
# dnslists = hostkarma.junkemailfilter.com=127.0.0.1
# logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com
#EDIT#37:
# accept local_parts = whitelist
# domains = example.com
#EDIT#38:
require verify = sender
#EDIT#39:
deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
domains = +use_rbl_domains
domains = !+skip_rbl_domains
hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
sender_domains = +blacklist_domains
#EDIT#40:
# deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
# senders = *@paypal.com
# condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}
#EDIT#41:
warn hosts = +skip_rbl_hosts
logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
warn hosts = +skip_rbl_hosts_ip
logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
warn domains = +skip_rbl_domains
logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
deny message = RBL_BLOCKED_BY_LIST
hosts = !+relay_hosts
domains = +use_rbl_domains
domains = !+skip_rbl_domains
hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
!authenticated = *
dnslists = RBL_DNS_LIST
.include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf
.include_if_exists /etc/exim.greylist.conf
#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
message = UNKNOWN_USER
verify = recipient
#COMMENT#44
# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify = recipient
#EDIT#45:
accept hosts = +relay_hosts
add_header = X-Relay-Host: $sender_host_address
accept hosts = +auth_relay_hosts
endpass
message = AUTH_REQUIRED
authenticated = *
.include_if_exists /etc/exim.acl_check_recipient.post.conf
# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = RELAY_NOT_PERMITTED
######################################
# ACL CHECK DKIM
######################################
acl_check_dkim:
accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
.include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
accept
######################################
# ACL CHECK MESSAGE
######################################
# ACL that is used after the DATA command (ClamAV)
acl_check_message:
warn
set acl_c_spam_assassin_has_run = 0
.include_if_exists /etc/exim.acl_check_message.pre.conf
#EDIT#46.1#T9653
warn condition = ${if !def:h_Message-ID: {yes}{no}}
message = Adding Message-ID header because it is missing!
add_header = Message-ID: <GENERATED-WASMISSING-$message_exim_id@$primary_hostname>
accept condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
.include_if_exists /etc/exim.easy_spam_fighter/check_message.conf
#EDIT#46:
#.include_if_exists /etc/exim.clamav.conf
.include_if_exists /etc/exim.acl_check_message.post.conf
accept
######################################
# ACL that is used for each MIME attachment in the email.
acl_check_mime:
.include_if_exists /etc/exim.check_mime.conf.custom
.include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf
accept
##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{smtpauth}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}{0}}"
server_set_id = $1
#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here
.include_if_exists /etc/exim.authenticators.post.conf
##################################################################################
# ROUTERS CONFIGURATION
##################################################################################
begin routers
#EDIT#48:
.include_if_exists /etc/exim.routers.pre.conf
lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more
# RELATED: http://help.directadmin.com/item.php?id=153
# smart_route:
# driver = manualroute
# domains = ! +local_domains
# ignore_target_hosts = 127.0.0.0/8
# condition = "${perl{check_limits}}"
# route_list = !+local_domains HOSTNAME-or-IP#
# transport = remote_smtp
#COMMENT#49:
#DIRECTORS CONFIGURATION
.include_if_exists /etc/exim.spamassassin.conf
#EDIT#50:
# Spam Assassin
#spamcheck_director removed. Use the exim.spamassassin.conf
majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo
majordomo_private:
driver = redirect
allow_defer
allow_fail
#condition = "${if eq {$received_protocol} {local} {true} {false} }"
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo
domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
group = "mail"
file = /etc/virtual/${domain}/filter
directory_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify
uservacation:
# uservacation reply to all except errors, bounces, lists
driver = accept
condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = uservacation
unseen
#autoreply exists
#both passwd and forwarders do not have local_part.
userautoreply:
driver = accept
condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
condition = ${if exists{/etc/virtual/${domain}/passwd}}
condition = ${if exists{/etc/virtual/${domain}/aliases}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}{no}{yes}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{no}{yes}}
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = userautoreply
#autoreply exists
#either passwd or forwarders exist, failover from above.
userautoreply_unseen:
driver = accept
condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = userautoreply
unseen
#any callbacks doing sender verify checks to this server accept SRS0 encoded emails if they exist, else the verify will fail.
#until we figure out how to extract the original forwarder name in exim, we'll accept and drop all SRS0 encoded emails.
#the srs_recipient is the original remote sender, so we dont want to forwarder there, else it will generated untraced backscatter (no data=srs_recipient)
#I had found srs_orig_recipient variable, but wasn't able to use it to check for local fordwarders.
#so any email to [email protected] will be accepted and dropped into the :blackhole:, which should be sufficient to satisfy the sender verify, and prevent any spam since it's always dropped.
#if the final recipient hits "reply", it should already go to the orignal remote sender, not to the SRS name.
srs_router:
driver = redirect
condition = ${if exists{/etc/exim.srs.forward.conf}}
srs = reverse
data = :blackhole:
domains = +local_domains
#forwarder exists
#user exists
virtual_user_unseen:
driver = accept
condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{${if eq{$value}{$local_part}{0}{1}}}{0}}
condition = ${perl{save_virtual_user}}
domains = lsearch;/etc/virtual/domainowners
group = mail
.include_if_exists /etc/exim/local_part_suffix.conf
retry_use_local_part
transport = dovecot_lmtp_udp
unseen
#forwarder exists
#user does not exist
virtual_aliases_nouser_nostar:
driver = redirect
.include_if_exists /etc/exim.srs.forward.conf
allow_defer
allow_fail
condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}{0}{1}}
data = ${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
.include_if_exists /etc/exim/local_part_suffix.conf
#forwarder does not exist
#user exists
virtual_user:
driver = accept
condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{0}{1}}
condition = ${perl{save_virtual_user}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = dovecot_lmtp_udp
.include_if_exists /etc/exim/local_part_suffix.conf
#wildcard forwarder
#user should have already been caught above
virtual_aliases:
#only the wildcard will be used here
driver = redirect
.include_if_exists /etc/exim.srs.forward.conf
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
.include_if_exists /etc/exim/local_part_suffix.conf
#COMMENT#51:
drop_solo_alias:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
file_transport = devnull
group = mail
pipe_transport = devnull
retry_use_local_part
#include_domain = true
.include_if_exists /etc/exim/local_part_suffix.conf
#COMMENT#52:
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
no_verify
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim
localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery
#COMMENT#53:
##################################################################################
# TRANSPORTS CONFIGURATION
##################################################################################
begin transports
.include_if_exists /etc/exim.transports.pre.conf
#COMMENT#54:
spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
#COMMENT#55:
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo
#COMMENT#56:
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/Maildir/"
directory_mode = 770
create_directory = true
maildir_format
group = mail
mode = 0660
return_path_add
user = ${local_part}
#COMMENT#57:
virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/imap/${domain}/${local_part}/Maildir"
maildir_format
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
.include_if_exists /etc/exim/virtual_localdelivery.conf.post
#EDIT#58:
uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
subject = ${if def:h_Subject: {\
${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
{${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
{Autoreply}\
}: ${quote:${escape:${length_60:$h_Subject:}}}}\
{I am on vacation}}
to = "${reply_address}"
user = mail
once = /etc/virtual/${domain}/reply/${local_part}.once
once_file_size = 100K
once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
#COMMENT#59:
userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
subject = ${if def:h_Subject: {\
${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
{${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
{Autoreply}\
}: ${quote:${escape:${length_60:$h_Subject:}}}}\
{Autoreply Message}}
to = "${reply_address}"
user = mail
once = /etc/virtual/${domain}/reply/${local_part}.once
once_file_size = 100K
once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}
#COMMENT#60:
devnull:
driver = appendfile
file = /dev/null
#COMMENT#61:
remote_smtp:
driver = smtp
headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
hosts_try_chunking =
hosts_try_fastopen =
.include_if_exists /etc/exim.dkim.conf
#EDIT#62:
address_pipe:
driver = pipe
return_output
virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
.include_if_exists /etc/exim.cagefs.pipe.conf
#COMMENT#63:
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
#COMMENT#64:
address_reply:
driver = autoreply
dovecot_lmtp_udp:
driver = lmtp
socket = /var/run/dovecot/lmtp
#maximum number of deliveries per batch, default 1
batch_max = 200
delivery_date_add
envelope_to_add
return_path_add
user = mail
address_directory:
driver = appendfile
maildir_format
maildir_use_size_file
delivery_date_add
envelope_to_add
return_path_add
##################################################################################
# RETRY CONFIGURATION
##################################################################################
#EDIT#65:
# Domain Error Retries
# ------ ----- -------
begin retry
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration
My exim.variables.conf
Code:
#Do not edit this file directly
#edit /etc/exim.variables.conf.custom
daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=true
message_size_limit=50M
smtp_receive_timeout=5m
smtp_accept_max=100
message_body_visible=3000
print_topbitchars=true
smtp_accept_max_nonmail=10
smtp_accept_max_per_host=10
recipients_max=150
smtp_accept_queue_per_connection=10
smtp_accept_max_per_connection=100
deliver_queue_load_max=10.0
queue_only_load=100.0
queue_run_max=5
ignore_bounce_errors_after=2d
timeout_frozen_after=3d
trusted_users=mail:majordomo:apache:diradmin
split_spool_directory=yes
keep_environment=PWD:HOME
tls_certificate=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.cert.combined}{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.cert.combined}{/etc/exim.cert}}}{/etc/exim.cert}}}{/etc/exim.cert}}
tls_privatekey=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.key}{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.key}{/etc/exim.key}}}{/etc/exim.key}}}{/etc/exim.key}}
openssl_options=+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
tls_require_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
hostlist relay_hosts=
chunking_advertise_hosts=+proxy_hosts_ip
My directadmin.conf
Code:
language=pl
add_userdb_quota=1
addip=/usr/local/directadmin/scripts/addip
admin_helper=admin.site-helper.com
admindir=./data/admin
apache_public_html=0
apache_ver=2.0
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachekey=/etc/httpd/conf/ssl.key/server.key
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
brute_force_log_scanner=1
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
check_subdomain_owner=1
cloud_cache=0
default_private_html_link=1
demodocsroot=./data/skins/enhanced
dkim=2
dns_ttl=1
docsroot=./data/skins/enhanced
dovecot=1
emailspoolvirtual=/var/spool/virtual
emailvirtual=/etc/virtual
ethernet_dev=eth0
frontpage_on=0
ftpconfig=/etc/proftpd.conf
ftppasswd=/etc/proftpd.passwd
ftpvhosts=/etc/proftpd.vhosts.conf
letsencrypt=1
license=/usr/local/directadmin/conf/license.key
litespeed=0
log_rotate_size=5
logdir=/var/log/directadmin
logger=/usr/local/directadmin/logger
loghostname=0
login_history=10
mail_sni=1
max_username_length=10
maxfilesize=10485760
mysql_detect_correct_methods=1
mysqlconf=/usr/local/directadmin/conf/mysql.conf
namedconfig=/etc/named.conf
nameddir=/var/named
nginx=0
nginx_proxy=0
ns1=ns1.nazwa.pl
ns2=ns2.nazwa.pl
numservers=10
openlitespeed=0
owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
php_fpm_max_children_default=10
pointers_own_virtualhost=1
port=2222
pureftp=1
quota_partition=/
removeip=/usr/local/directadmin/scripts/removeip
reseller_helper=reseller.site-helper.com
secure_access_group=access
servername=server043195.nazwa.pl
serverpath=/usr/local/directadmin
session_minutes=60
skinsdir=./data/skins
sshdconfig=/etc/ssh/sshd_config
ssl=0
system_user_to_virtual_passwd=1
taskqueue=/usr/local/directadmin/data/task.queue
templates=/usr/local/directadmin/data/templates
ticketsdir=/usr/local/directadmin/data/tickets
timeout=60
tmpdir=../../../home/tmp
unified_ftp_password_file=1
user_helper=www.site-helper.com
userdata=./data/users
webmail_link=roundcube
zip=1
letsencrypt=1
http2=1
enable_ssl_sni=1
bruteforce=1
brute_force_scan_apache_logs=2
brute_force_time_limit=1200
clear_brute_log_time=48
hide_brute_force_notifications=1
ip_brutecount=30
unblock_brute_ip_time=2880
user_brutecount=30
My Fiends, help me please