File: //etc/exim/exim.conf
primary_hostname = smtp.rusmarine.ru
CONFIG_PREFIX=/usr/local/etc/exim
BASEIP = 10.0.0.6
## DKIM:
DKIM_DOMAIN = rusmarine.ru
DKIM_PRIVATE_KEY = /etc/ssl/rusmarine.ru.dkim.private.key
#tls_certificate = /etc/ssl/certs/smtp.rusmarine.ru.crt
#tls_certificate = /etc/ssl/certs/exim.combined.crt
tls_certificate = /etc/pki/tls/certs/rusmarine_ru_2020_05_16_bundle.crt
#tls_privatekey = /etc/ssl/private/smtp.rusmarine.ru.key
tls_privatekey = /etc/pki/tls/private/rusmarine_ru_2020_05_16.key
tls_advertise_hosts = !post2.rusmarine.ru : !post.rusmarine.ru : !novo.rusmarine.ru : !smtp1.rusmarine.ru : !relay.rusmarine.ru : !smtp.rusmarine.ru : !web-solvo1.rusmarine.ru : !connect.rusmarine.ru : *
#tls_advertise_hosts = !*.rusmarine.ru : *
#tls_verify_certificates = /usr/local/share/certs/ca.cer
tls_dhparam = none
tls_on_connect_ports = 465
dsn_advertise_hosts = *
hide mysql_servers = post.rusmarine.ru/mail_db/mail_admin/Layskqbid
host_lookup = *
domainlist local_domains = post.rusmarine.ru : rusmarine.ru : rusmarin.ru : trantech.ru : nvrsk.rusmarine.ru : icscustom.ru : russia.allportcargoservices.com : rusmarine.com : forwarding.ru : smtp.rusmarine.ru : ruscont.ru
# domainlist local_domains = @:mysql;SELECT domain from domains where domain='$domain'
#hostlist relay_from_hosts = localhost : 192.168.0.0/16 : 10.0.0.0/16
hostlist relay_from_hosts = localhost : 10.0.0.6 : 127.0.0.1 : 10.3.3.9 :10.3.3.30 : 192.168.0.77 : 10.0.0.50 : 192.168.5.76 : 10.0.0.54 : 192.168.103.78 : 10.0.0.34 : 192.168.1.3 : 192.168.1.9 : 10.1.0.1 : 10.3.3.5 : 10.3.3.11 : 10.2.0.11 : 192.168.1.21 : 10.3.3.3: 10.3.3.4 : 10.3.3.21 : 10.3.3.22 : 10.3.3.23 : 10.3.3.24 : 10.3.3.25 : 10.3.3.26 : 10.2.0.22 : 10.3.3.10 : 192.168.1.14 : 10.3.3.10
message_id_header_domain = $sender_address_domain
keep_environment =
#clamav
#av_scanner = clamd:/var/run/clamav/clamd.sock
#log_selector = +delivery_size +deliver_time +received_recipients +received_sender +sender_on_delivery +subject
log_selector = +all
log_file_path = /var/log/exim/%slog-%D
daemon_smtp_ports = 25:587:465
acl_smtp_rcpt = acl_check_rcpt
#acl_smtp_data = acl_check_data
acl_smtp_dkim = acl_check_dkim
# acl_smtp_mail = acl_check_mail
exim_user = exim
exim_group = mail
never_users = root
addresslist noautoreply_senders = /usr/local/etc/exim/autorep.noanswer
rfc1413_hosts = *
rfc1413_query_timeout = 0s
dns_again_means_nonexist = !+local_domains
ignore_bounce_errors_after = 45m
#timeout_frozen_after = 7d
timeout_frozen_after = 7h
message_size_limit = 20M
#smtp_active_hostname = ${lookup mysql{select host from domains where ip = '$interface_address'}{$value}{$primary_hostname} }
#smtp_banner = ${lookup mysql{select host from domains where ip = '$interface_address'}{$value}{$primary_hostname} } ESMTP Sendmail 8.14.3/8.14.3; $tod_full
smtp_banner = "smtp.rusmarine.ru, ESMTP ready"
spool_directory = /var/spool/exim
split_spool_directory = true
remote_max_parallel = 20
queue_run_max = 20
helo_allow_chars = :_
smtp_accept_max = 50
smtp_connect_backlog = 90
smtp_accept_max_per_host = 30
smtp_accept_queue = 67
smtp_accept_queue_per_connection = 30
recipients_max = 100
recipients_max_reject = true
accept_8bitmime
#received_header_text = Received: \
# ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
# {${if def:sender_ident {from $sender_ident }}\
# ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
# by ${lookup mysql{select host from domains where ip = '$interface_address'}{$value}{$primary_hostname} } \
# ${if def:received_protocol {with $received_protocol}} \
# ${if def:tls_cipher {($tls_cipher)\n\t}}\
# (8.13.1/8.13.1)\n\t\
# id $message_id\
# ${if def:received_for {\n\tfor $received_for}}
begin acl
acl_check_rcpt:
warn control = dkim_disable_verify
deny message = this domain is deliberately rejected
domains = srv18.rusmarine.ru : rusmarin.ru : mx1.rusmarine.ru
deny message = Restricted account
senders = account1.old@nvrsk.rusmarine.ru
deny message = This mail account is not active
local_parts = okolonjuk
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# accept local_parts = postmaster
# domains = +local_domains
# require verify = sender
# accept domains = +local_domains
# endpass
# verify = recipient
# Deny Dictionary attack
drop message = Rejected. Too many unknown recipients.
# deny message = Rejected. Too many unknown recipients.
condition = ${if >{$rcpt_fail_count}{1} {1}}
log_message = Too many rcpt_fail_count. $rcpt_fail_count failed recipient attempts
# Deny IP in HELO
# deny message = We don't allow domain literals, many spam...
# hosts = !+relay_from_hosts:*
# condition = ${if isip{$sender_helo_name}{yes}{no}}
# log_message = remote host used ip in HELO
# delay = 30s
# Deny HELO as our name
# deny condition = ${if match_domain{$sender_helo_name} \
# {$primary_hostname:+local_domains} \
# {true}{false}}
# message = Message was delivered by ratware - own
# log_message = remote host used our name in HELO/EHLO.
# delay = 30s
require verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny domains = !+local_domains
message = Relaying denied
# deny message = Relay not permitted
accept
acl_check_data:
deny message = This message contains malware ($malware_name)
# demime = *
malware = */defer_ok
accept
acl_check_dkim:
warn dkim_status = fail
logwrite = DKIM test failed: $dkim_verify_reason
add_header = X-DKIM-FAIL: DKIM test failed: (address=$sender_address domain=$dkim_cur_signer), signature is bad.
warn dkim_status = invalid
add_header = :at_start:Authentication-Results: $dkim_cur_signer ($dkim_verify_status); $dkim_verify_reason
logwrite = DKIM test passed (address=$sender_address domain=$dkim_cur_signer), but signature is invalid.
accept dkim_status = pass
add_header = :at_start:Authentication-Results: dkim=$dkim_verify_status, header.i=@$dkim_cur_signer
logwrite = DKIM test passed (address=$sender_address domain=$dkim_cur_signer), good signature.
accept
begin routers
#copy_message:
#driver = redirect
##domains = ! +local_domains
#unseen
#data = audit@rusmarine.ru
############remove and uncomment the next lines after finding the culprit!!!
#smarthost:
#driver = manualroute
#domains = ! +local_domains
#transport = remote_smtp
#route_data = "smtp1.rusmarine.ru"
################
dnslookup:
driver = dnslookup
domains = ! +local_domains
#commented mar 13 2013 dsn_process
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
send_to_mail_rusmarine_ru:
driver = manualroute
condition = ${lookup mysql {select home from users where username = '${quote_mysql:$local_part}' and domain = '${domain}' and host = '10.10.10.10'}{yes}{no} }
route_list = +local_domains 10.10.10.10
transport = remote_smtp
# cannot_route_message = problem with forwarding to 10.10.10.10
no_more
send_to_post2_rusmarine_ru:
driver = manualroute
#condition = ${if eq{lookup mysql {select host from accounts where user = '${quote_mysql:$local_part}' } }{192\.168\.3\.7}}
#condition = ${if match {lookup mysql {select host from accounts where user = '${quote_mysql:$local_part}'} }{'192.168.3.7'}}
condition = ${lookup mysql {select home from users where username = '${quote_mysql:$local_part}' and domain = '${domain}' and host = '192.168.1.9'}{yes}{no} }
route_list = +local_domains post2.rusmarine.ru
# commented mar 13 2013 dsn_process
transport = remote_smtp
# cannot_route_message = problem with forwarding to 192.168.1.9
no_more
send_to_novo_rusmarine_ru:
driver = manualroute
condition = ${lookup mysql {select home from users where username = '${quote_mysql:$local_part}' and domain = '${domain}' and host = '10.0.0.34'}{yes}{no} }
route_list = +local_domains novo.rusmarine.ru
# commented mar 13 2013 dsn_process
transport = remote_smtp
#cannot_route_message = problem with forwarding to novo.rusmarine.ru
no_more
send_to_connect_rusmarine_ru:
driver = manualroute
condition = ${lookup mysql {select home from users where username = '${quote_mysql:$local_part}' and domain = '${domain}' and host = '10.3.3.10'}{yes}{no} }
route_list = +local_domains connect.rusmarine.ru
# commented mar 13 2013 dsn_process
transport = remote_smtp
# cannot_route_message = problem with forwarding to 192.168.1.9
no_more
userautoreply:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT recipient FROM autoreply WHERE recipient='${local_part}@${domain}' AND active = '1'}}}{no}{yes}}
transport = userautoreply
unseen
#copy_message_local:
#driver = redirect
#domains = +local_domains
#unseen
#data = audit@rusmarine.ru
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{select alias from aliases where \
mail = '${quote_mysql:$local_part@${domain}}'}{$value}fail}
# data = ${lookup mysql{select alias from aliases where \
# mail = '${quote_mysql:$local_part}' \
# AND active ='Y'}{$value}fail}
user = exim
group = mail
file_transport = address_file
pipe_transport = address_pipe
skip_syntax_errors
syntax_errors_to = wadim@rusmarine.ru
# errors_to = wadim@rusmarine.ru
forwarders:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{select forwarder from forwarders where \
mail = '${quote_mysql:$local_part@${domain}}' \
AND active='1'}{$value}fail}
# data = ${lookup mysql{select alias from aliases where \
# mail = '${quote_mysql:$local_part}' \
# AND active ='Y'}{$value}fail}
user = exim
group = mail
file_transport = address_file
pipe_transport = address_pipe
skip_syntax_errors
syntax_errors_to = wadim@rusmarine.ru
# errors_to = wadim@rusmarine.ru
#userforward:
# driver = redirect
# file = ${lookup mysql{select home from users where \
# username = '${quote_mysql:$local_part}' \
# AND domain = '${quote_mysql:$domain}'}{$value}fail}/.forward
#file = ${lookup mysql{select home from users where \
# username = '${quote_mysql:$local_part}'}{$value}fail}/.forward
# user = mailnull
# group = mail
# no_verify
# no_expn
# check_ancestor
# allow_filter
# file_transport = address_file
# pipe_transport = address_pipe
# reply_transport = address_reply
# condition = ${if exists{${lookup mysql{select home from users where \
# username = '${quote_mysql:$local_part}' AND \
# domain = '${quote_mysql:$domain}'}{$value}fail}/.forward} {yes} {no} }
##condition = ${if exists{${lookup mysql{select home from users where \
## username = '${quote_mysql:$local_part}'}\
## {$value}fail}/.forward} {yes} {no} }
#autoreply_router:
# driver = accept
# senders = "! ^.*-request@.*:\
# ! ^owner-.*@.*:\
# ! ^postmaster@.*:\
# ! ^listmaster@.*:\
# ! ^mailer-daemon@.*"
# condition = ${if exists{AUTOREPLYPATH/$local_part@$domain}{yes}{no}}
# unseen
# no_expn
# no_verify
# transport = autoreply_transport
localuser:
driver = accept
# condition = ${lookup mysql {select uid from accounts where user = '${quote_mysql:$local_part@$domain}' OR login = '${quote_mysql:$local_part@rusmarine.ru}'}{yes}{no}}
condition = ${lookup mysql {select home from users where username = '${quote_mysql:$local_part}' AND \
domain = '${quote_mysql:$domain}' AND (host = '10.0.0.6')}{yes}{no}}
# transport = local_delivery
# commented mar 13 2013 dsn_process
transport = dovecot_delivery
# cannot_route_message = Unknown user
# cannot_route_message = The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.
cannot_route_message = The email account that you tried to reach does not exist.
# All others send to mail.rusmarine.ru
# send_to_mail_rusmarine_ru_:
# driver = manualroute
# route_list = +local_domains 192.168.3.7
# transport = remote_smtp
begin transports
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
#removed by me
# connect_timeout = 3m
# interface = ${lookup mysql{select ip from domains where domain = '$sender_address_domain'} {$value} {BASEIP} }
# helo_data = ${lookup mysql{select host from domains where domain = '$sender_address_domain'} {$value} {$primary_hostname} }
dovecot_delivery:
driver = pipe
# command = /usr/local/libexec/dovecot/dovecot-lda -d $local_part -f $sender_address
command = /usr/libexec/dovecot/dovecot-lda -d $local_part
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = exim
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
local_delivery:
driver = appendfile
directory = ${lookup mysql{select maildir from accounts where login = '${quote_mysql:$local_part@$domain}'}{$value}fail}
create_directory
directory_mode = 0770
maildir_format
maildir_use_size_file
delivery_date_add
envelope_to_add
return_path_add
user = dovecot
group = mail
mode = 0660
no_mode_fail_narrower
headers_remove = ${if match_domain{$sender_address_domain}{+local_domains}{received}{}} : RelayHost
# quota = ${lookup mysql{select mailquota from accounts where login = '${quote_mysql:$local_part@$domain}'}{${value}fail}M}
quota = ${lookup mysql{select mailquota from accounts where login = '${local_part}@${domain}' OR login = '${local_part}@rusmarine.ru'}{$value}fail}
quota_warn_message = "\
To: $local_part@$domain\n\
Subject: Your maildir is going full\n\
This message is automaticaly gnerated by your mail server.\n\
This means, that your mailbox is 75% full. If you would \n\
override this limit new mail would not be delivered to you!\n"
quota_warn_threshold = 75%
quota_is_inclusive = no
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
autoreply_transport:
driver = autoreply
file = AUTOREPLYPATH/$local_part@$domain
log = AUTOREPLYPATH/log/$local_part@$domain
file_expand
from = $local_part@$domain
to = $sender_address
user = exim
subject = Re: $h_subject:
userautoreply:
driver = autoreply
# headers = "Content-Type: text/plain; charset=windows-1251"
to = "${sender_address}"
from = "${local_part}@${domain}"
subject = "${lookup mysql{SELECT subject FROM autoreply where recipient='${local_part}@${domain}' }}"
# text = "${lookup mysql{SELECT message FROM autoreply where recipient='${local_part}@${domain}' }}"
text = "${lookup mysql{SET NAMES utf8}{}}${lookup mysql{SELECT message FROM autoreply where recipient='${local_part}@${domain}' }}"
headers = "Content-Type: text/plain; charset=utf-8"
user = exim
once = /var/log/exim/vacation/$local_part-vacation.db
once_repeat = 7d
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticator
#rem by me
#auth_cram_md5:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${lookup mysql {select password from users where username='$auth1'}{$value}fail}
# server_secret = ${lookup mysql{SELECT password FROM users \
# WHERE username = '${quote_mysql:${local_part:$1}}' \
# AND active = 'Y'}{$value}fail}
# server_set_id = $auth1
auth_cram_md5:
driver = dovecot
public_name = CRAM-MD5
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
#login:
# driver = plaintext
# public_name = LOGIN
# server_prompts = Username:: : Password::
# server_condition = ${lookup mysql {select login from accounts where login='$1' and password='$2'}{yes}{no}}
# server_set_id = $1