###################################################################### # Runtime configuration file for Exim # ###################################################################### # This is a configuration file for an efficient MX receiver. We store # all incoming mail in Maildirs, and it's all owned by a single user # (exim) so that our clients do not need entries in /etc/passwd. # The files we use are: # /usr/exim/vdomains.db # List of all domains which we receive mail for. These can # be individual (example.com) or wildcard (*.example.com) # /usr/exim/valiases.db # List of E-mail addresses and destinations we deliver to. # See the description below under the 'valiases' director. # /usr/exim/mquota.db # Quota for each maildir, if other than the default. Entries # are of the form: # /path/to/maildir/ 25000000 ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # Macro to define the default quota (in bytes) for accounts not listed in # the quota file. DEFQUOTA = 10000000 # For efficiency, local domains are held in a CDB file. We can have # many thousands of virtual domains hosted on this box. # partial matching is allowed (e.g. an entry in the CDB file of # *.your.domain will match anything.your.domain) # @ (the fully-qualified domain name of this host) is just # so we can accept postmaster@this.host local_domains = partial2-dbm;/usr/exim/vdomains.db : localhost : @ # As an incoming MX receiver. we do not allow relaying, either from # clients or as a backup MX to anywhere else. host_accept_relay = relay_domains = # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # Disallow recipients of the form user@[x.x.x.x] forbid_domain_literals # This line makes incoming recipient addresses be verified during the # SMTP dialogue. Unknown recipients are then rejected at this stage, # and the generation of the failure message is the job of the sending host. # (In particular, we don't have to bounce spam to unknown addresses) receiver_verify # Verify incoming sender addresses (return-paths) during the SMTP dialogue. # Verification can normally only check that the domain exists. sender_verify # You might want to reject mail from senders who are listed in realtime # blackhole lists. The advantage is some reduction in received spam; # the cost is that it applies to your entire userbase, and there will # be false positives (i.e. genuine mail which is bounced just because # the sending machine is RBL listed). See http://www.mail-abuse.org/ # rbl_domains = blackholes.mail-abuse.org:dialups.mail-abuse.org # When Exim can neither deliver a message nor return it to sender, it "freezes" # the delivery error message (aka "bounce message"). There are also other # circumstances in which messages get frozen. They will stay on the queue for # ever unless one of the following options is set. # This option unfreezes unfreezes bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ignore_errmsg_errors_after = 2d # This option cancels (removes) frozen messages that are older than a week. timeout_frozen_after = 7d # For a busy server, increase the maximum number of incoming SMTP sessions # from the default of 20 smtp_accept_max = 300 # By default, if more than 10 messages are receiving in one SMTP session, # they are queued rather than being delivered immediately. This is supposed # to help when our server comes back after a long period of downtime and # there is a lot of mail waiting for us on other systems. The limit is # a bit low for a big mail server. smtp_accept_queue_per_connection = 50 # It's safe to accept 8BITMIME, since all our received mail is delivered # locally rather than being relayed (so we shouldn't need to convert it # to 7BIT when talking to another host) accept_8bitmime # Security settings. The first two should not be required if we compiled # exim with the right EXIM_UID and EXIM_GID settings. # Setting 'security = unprivileged' forces Exim to change to the exim # user/group almost immediately after starting. See section 55.2 in # the documentation. # exim_user = exim # exim_group = exim never_users = root security = unprivileged # If you want mail logs to go to a central syslog server, set this and # put "mail.info @syslog.host" in /etc/syslog.conf # log_file_path = syslog end ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # This transport is used for delivering messages over SMTP connections. # In our case it is only used for returning bounces to sender, or # where the database specifies that the user wants their mail forwarded # elsewhere. remote_smtp: driver = smtp # Delivery to Maildir file as user 'exim' # Version 1: using exim's built-in Maildir support. This is fine but # does not handle quotas well when there are thousands of files in a # mailbox. maildir_internal: driver = appendfile maildir_format user = exim group = exim no_delivery_date_add envelope_to_add return_path_add # with Maildir, we do not add a "From " line, and do not need to # convert "From " to ">From " prefix = suffix = check_string = escape_string = # Record the size of each file in the filename as ,S=xxx # This means we only have to do a readdir(), we don't have to # stat() each file individually to find its size. maildir_tag = ,S=$message_size quota_size_regex = ,S=(\d+) # Quota handling quota = ${lookup{$address_file}dbm{/usr/exim/mquota.db}{$value}{DEFQUOTA}} quota_warn_threshold = 90% quota_warn_message = "\ To: $local_part@$domain\n\ Subject: Your mailbox\n\n\ This message is automatically created by mail delivery software.\n\n\ The size of your mailbox has exceeded a warning threshold that is\n\ set by the system administrator.\n" # Version 2: using the 'deliverquota' command provided as part of # courier, which returns 0 in the case of successful delivery or # 77 (EX_NOPERM) if it was over quota. # This is more efficient, as it implements Maildir++ which calculates # quotas using the 'maildirsize' file. See maildir/README.maildirquota.txt # in the courier distribution. # The '-c' option to deliverquota makes it create Maildirs automatically # for new accounts, and "-w 90" delivers a warning message when the mailbox # gets over 90% full. Create /usr/courier-imap/etc/quotawarnmsg with the # full message (headers, blank line, text) # Note: the S on the end of the quotas is required by Courier, for which # 10000000S means "10000000 bytes", but 1000C means "1000 messages" maildir_courier: driver = pipe command = /usr/courier-imap/libexec/deliverquota -c -w 90 "${address_file}" "${lookup{$address_file}dbm{/usr/exim/mquota.db}{$value}{DEFQUOTA}}S" return_fail_output user = exim group = exim no_delivery_date_add envelope_to_add return_path_add # with Maildir, we do not add a "From " line, and do not need to # convert "From " to ">From " prefix = suffix = check_string = escape_string = end ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Remember that local_domains includes all our virtual domains. # First, ONLY for mail addressed directly to this host, look up local_part # in /etc/aliases for somewhere to forward it (for postmaster, abuse etc) system_aliases: # This director used ONLY for mail addressed directly to this server domains = localhost : @ driver = aliasfile file = /etc/mail/aliases search_type = lsearch # For all other domains, we look up in valiases.db for entries # like this: # # user@example.com: /path/to/maildir/ # match exactly this address # *@example.com: /path/to/maildir/ # match @example.com # user@example.com: :fail: # bounce # user@example.com: :fail:This user has left # send a specific bounce msg # user@example.com: :blackhole: # discard silently # user@example.com: user2@elsewhere.com # forward externally # # The search type "dbm@*" means "look up the key in the dbm database; if no # entry is found then replace everything to the left of @ with * and look # it up again". Hence an exact match of user@domain will be used in # preference to a wildcard *@domain, if both exist. # SECURITY NOTE: users must NOT be allowed to edit their own entries in # this database, otherwise /they/could/overwrite/ files on your machine! # If you want user-controlled forwarding then set up a separate director # in front of this one. Set forbid_file, forbid_pipe, forbid_include and # forbid_special so that they can only forward to other E-mail addresses. valiases: driver = aliasfile search_type = dbm*@ file = /usr/exim/valiases.db include_domain qualify_preserve_domain # For alias entries /which/look/like/this/, we deliver directly to a # Maildir at this location. Hide this path in any bounce messages though. directory_transport = maildir_internal hide_child_in_errmsg # Any local address which is not matched above will be bounced. end ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # On an MX receiver most outgoing mail is bounces. We don't want to have # a large queue of mail waiting to be sent outwards, so if you have a # reliable smarthost cluster then you can punt all outgoing mail straight # to it by uncommenting the following router. # smarthost: # driver = domainlist # route_list = "* smtp.example.com byname" # transport = remote_smtp # This router routes to remote hosts over SMTP using a DNS lookup with # default options. lookuphost: driver = lookuphost transport = remote_smtp # Some silly domains point MX records at 127.0.0.1 which ends up # freezing the message. The following setting discards these MX records. ignore_target_hosts = 127.0.0.0/8 end ###################################################################### # RETRY CONFIGURATION # ###################################################################### # The first retry rule says that mail to an overquota mailbox should be # bounced immediately. # The second retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,8h end ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this configuration file. end ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this configuration file. # End of Exim configuration file