crashdump/exim-listener.conf

## exim-listener.conf
.include /usr/local/etc/exim/macros.conf
hide pgsql_servers = PGSQL_SERVERS
#primary_hostname =
domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_sql_domains = RELAY_SQL_DOMAINS
domainlist relay_sql_smtp_domains = SMTP_SQL_DOMAINS
domainlist relay_sql_lmtp_domains = LMTP_SQL_DOMAINS
domainlist ldap_domains = LDAP_DOMAINS
domainlist smtp_callback_domains = SMTP_CALLBACK_DOMAINS
domainlist whitelisted_domains = WHITELISTED_DOMAINS
domainlist blacklisted_domains = BLACKLISTED_DOMAINS
addresslist whitelisted_addresses = WHITELISTED_ADDRESS
addresslist blacklisted_addresses = BLACKLISTED_ADDRESS
hostlist whitelisted_hosts = WHITELISTED_HOSTS
hostlist blacklisted_hosts = BLACKLISTED_HOSTS
hostlist relay_sql_hosts = RELAY_SQL_HOSTS
hostlist   relay_from_hosts = localhost : localhost.localdomain
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
acl_smtp_connect = acl_check_connect
acl_smtp_helo	= acl_check_helo
acl_smtp_dkim = acl_check_dkim
#queue_only = true
#queue_only_override = false
smtp_banner = Baruwa 2.0 $tod_full
smtp_active_hostname = ${if !eq{$sender_host_address}{$received_ip_address}{${lookup dnsdb{ptr=$received_ip_address}}}{$primary_hostname}}
smtp_accept_max_per_connection = 60
smtp_accept_max = 0
smtp_load_reserve = 15
smtp_receive_timeout = 3m
smtp_accept_max_nonmail = 10
smtp_max_unknown_commands = 1
message_size_limit = 20M
spool_directory = /var/spool/exim.in
pipelining_advertise_hosts = 127.0.0.1
process_log_path = /var/spool/exim/exim-process.info
#log_file_path=:syslog
#syslog_duplication=false
#syslog_timestamp=false
#log_selector = -rejected_header
received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Baruwa 2.0)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if !eq {$received_protocol}{split} { ret-id none;}{}}${if def:received_for {\n\tfor $received_for}}
av_scanner = clamd:/var/run/clamav/clamd.sock
tls_advertise_hosts = *
tls_certificate = /usr/local/etc/baruwa/certs/baruwa.pem
tls_privatekey = /usr/local/etc/baruwa/certs/baruwa.key
tls_on_connect_ports = 465
tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
daemon_smtp_ports = 25 : 465 : 587
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 1d
timeout_frozen_after = 3d
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
perl_startup = do '/usr/local/etc/exim/baruwa/exim-bcrypt.pl'
perl_at_start = true
begin acl
acl_check_rcpt:
  accept  hosts         = :
          control       = submission
  drop message          = REJECTED - Sender $sender_address is banned
          hosts         = +blacklisted_hosts
  drop message          = REJECTED - Domain $sender_address_domain is banned
          domains       = +blacklisted_domains
  drop message          = Dictionary attack detected
          condition     = ${if >{$rcpt_fail_count}{3} {yes}{no}}
          delay         = 10m
  drop  message         = Legitimate bounces are never sent to more than one recipient.
          senders       = : postmaster@*
          condition     = ${if >{$recipients_count}{1}{true}{false}}
  drop    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
  drop    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  accept  local_parts   = postmaster
          domains       = +local_domains : +relay_sql_domains
  accept  hosts         = +relay_from_hosts : +relay_sql_hosts
          control       = submission/sender_retain
  accept  authenticated = *
          control       = submission/sender_retain
  require message       = relay not permitted
          domains       = +local_domains : +relay_sql_domains
  accept  message       = Authorized sender: $sender_address
          senders       = +whitelisted_addresses
  accept  message       = Authorized sender: $sender_address_domain
          domains       = +whitelisted_domains
  drop    message       = REJECTED - because $sender_host_address is in a black list spamhaus.org
          dnslists      = zen.spamhaus.org
          ratelimit     = 0 / 2h / strict / per_conn
  drop    message       = REJECTED - because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
          dnslists      = bl.spamcop.net : cbl.abuseat.org
          ratelimit     = 0 / 2h / strict / per_conn
  drop    message       = REJECTED - $dnslist_text
          dnslists      = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain
  drop    message       = REJECTED - We don't accept messages from hosts without reverse DNS
          log_message   = No reverse DNS
          !verify       = reverse_host_lookup
          !verify       = sender/no_details/callout=2m,defer_ok
          !condition    = ${if eq{$sender_verify_failure}{}}
  drop    message       = REJECTED - Recipient Verification Failed - User Not Found
          domains       = +smtp_callback_domains
          #!verify       = recipient/success_on_redirect/callout=2m,defer_ok,use_sender
          !verify       = recipient/success_on_redirect/callout=2m,defer_ok
  drop    message       = REJECTED - User Not Found
          domains       = +ldap_domains
          condition     = ${lookup ldap{${expand:LDAP_LOOKUP}}{0}{1}}
  deny    message       = SPF_MSG
          spf           = fail
#  deny    message       = $sender_host_address doesn't look trustworthy to me
#          spf_guess     = fail
  accept
acl_check_data:
  drop    malware       = *
          message       = This message contains a virus ($malware_name).
  accept
acl_check_mime:
  drop    message       = Blacklisted file extension detected
          condition     = ${if match \
                          {${lc:$mime_filename}} \
                          {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
                          {1}{0}}
  accept
acl_check_connect:
  accept  hosts         = :
  drop    message       = REJECTED - because $sender_host_address is a banned sender
          hosts         = +blacklisted_hosts
  accept  message       = Authorized sender: $sender_host_address
          hosts         = +whitelisted_hosts
  defer   ratelimit     = 250 / 15m / strict
          message       = You can only send $sender_rate_limit msgs per $sender_rate_period
          log_message   = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
  accept
acl_check_helo:
  drop  message         = REJECTED - no HELO/EHLO greeting
          log_message   = remote host did not present greeting
          condition     = ${if def:sender_helo_name {false}{true}}
  drop  message         = REJECTED - HELO is an IP address (See RFC2821 4.1.3)
          condition     = ${if isip{$sender_helo_name}}
  accept
acl_check_dkim:
  accept authenticated  = *
  accept hosts          = :
  accept hosts          = +whitelisted_hosts
  deny message          = REJECTED - DKIM failure: $dkim_verify_reason
       #dkim_status      = none:invalid:fail
       dkim_status      = none:invalid
       condition        = ${if eq {$dkim_key_testing}{1} {no}{yes}}
  warn add_header       = X-DKIM: Status on $received_ip_address using Baruwa 2.0: dkim=$dkim_verify_status; \
                          signing_identity="$dkim_cur_signer"
  accept
begin routers
split:
   driver = accept
   domains = +relay_sql_domains
   condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_count}{1}}}{yes}{no}}
   transport = send_to_self
   no_verify
   no_address_test
message_checks:
   driver = redirect
   allow_defer
   data = :defer: queued for message checks
   no_verify
   no_address_test
deliver_clean_smtp:
   driver = manualroute
   domains = +relay_sql_smtp_domains
   transport = remote_smtp
   route_data = ${lookup pgsql {ROUTE_QUERY}}
   no_more
deliver_clean_lmtp:
   driver = manualroute
   domains = +relay_sql_lmtp_domains
   transport = remote_lmtp
   route_data = ${lookup pgsql {ROUTE_QUERY}}
   no_more
dnslookup:
   driver = dnslookup
   domains = ! +local_domains : ! +relay_sql_domains
   transport = remote_smtp
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
   no_more
system_aliases:
   driver = redirect
   allow_fail
   allow_defer
   domains = @
   data = ${lookup{$local_part}lsearch{/etc/aliases}}
   file_transport = address_file
   pipe_transport = address_pipe
localuser:
   driver = accept
   check_local_user
   transport = local_delivery
   cannot_route_message = Unknown user
begin transports
send_to_self:
   driver = pipe
   batch_max = 1
   use_bsmtp
   command = /usr/sbin/exim -oMr split -bS
   user = mailnull
remote_smtp:
   driver = smtp
   delay_after_cutoff = false
remote_lmtp:
   driver = smtp
   protocol = lmtp
   delay_after_cutoff = false
   port = 25
local_delivery:
   driver = appendfile
   file = /var/mail/$local_part
   delivery_date_add
   envelope_to_add
   return_path_add
   group = mail
   mode = 0660
address_pipe:
   driver = pipe
   return_output
address_file:
   driver = appendfile
   delivery_date_add
   envelope_to_add
   return_path_add
begin retry
*                      *           F,2h,15m; G,16h,1h,1.5; F,14d,6h
begin rewrite
begin authenticators
PLAIN:
   driver = plaintext
   server_prompts = :
   server_condition = ${if and{ {!eq {$auth2}{}} {!eq {$auth3}{}}\
                                {bool{${perl{check_password}\
                                {${lookup pgsql {ORG_CHECK_PLAIN}{$value}}}\
                                {$auth3}}}\
                                }\
                              }\
                       {yes}{no}}
   server_set_id = $2
   server_advertise_condition = ${if def:tls_cipher }

LOGIN:
   driver = plaintext
   server_prompts = "Username:: : Password::"
   server_condition = ${if and{ {!eq {$auth1}{}} {!eq {$auth2}{}}\
	                            {bool{${perl{check_password}\
	                            {${lookup pgsql {ORG_CHECK_LOGIN}{$value}}}\
	                            {$auth2}}}}\
	                          }\
	                  {yes}{no}}
   server_set_id = $1
   server_advertise_condition = ${if def:tls_cipher }

## exim-queuerunner.conf
.include /usr/local/etc/exim/macros.conf
hide pgsql_servers = PGSQL_SERVERS
#primary_hostname =
domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_sql_rand_smtp = SMTP_RAND_DOMAINS
domainlist relay_sql_nonrand_smtp = SMTP_NONRAND_DOMAINS
domainlist relay_sql_rand_lmtp = LMTP_RAND_DOMAINS
domainlist relay_sql_nonrand_lmtp = LMTP_NONRAND_DOMAINS
domainlist relay_sql_domains = RELAY_SQL_DOMAINS
hostlist   relay_from_hosts =
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
acl_smtp_connect = acl_check_connect
acl_smtp_helo	= acl_check_helo
smtp_banner = Baruwa 2.0 $tod_full
#disable_ipv6 = true
smtp_load_reserve = 10
tls_advertise_hosts = *
tls_certificate = /usr/local/etc/baruwa/certs/baruwa.pem
tls_privatekey = /usr/local/etc/baruwa/certs/baruwa.key
tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
spool_directory = /var/spool/exim.out
daemon_smtp_ports = 25
#log_file_path=:syslog
#syslog_duplication=false
#syslog_timestamp=false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 3d
timeout_frozen_after = 7d
auth_advertise_hosts =
dbl_delivery_query = DELIVERY_QUERY
begin acl
acl_check_rcpt:
  accept
acl_check_data:
  accept
acl_check_mime:
  accept
acl_check_connect:
  accept
acl_check_helo:
  accept
begin routers
deliver_clean_randomize:
   driver = manualroute
   domains = +relay_sql_rand_smtp
   transport = remote_smtp
   hosts_randomize = true
   route_data = ${lookup pgsql {ROUTE_QUERY}}
deliver_clean_norandomized:
   driver = manualroute
   domains = +relay_sql_nonrand_smtp
   transport = remote_smtp
   hosts_randomize = false
   route_data = ${lookup pgsql {ROUTE_QUERY}}
deliver_clean_randomize_lmtp:
   driver = manualroute
   domains = +relay_sql_rand_lmtp
   transport = remote_lmtp
   hosts_randomize = true
   route_data = ${lookup pgsql {ROUTE_QUERY}}
deliver_clean_norandomized_lmtp:
   driver = manualroute
   domains = +relay_sql_nonrand_lmtp
   transport = remote_lmtp
   hosts_randomize = false
   route_data = ${lookup pgsql {ROUTE_QUERY}}
dnslookup:
   driver = dnslookup
   domains = ! +local_domains : ! +relay_sql_domains
   transport = remote_smtp
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
   no_more
system_aliases:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup{$local_part}lsearch{/etc/aliases}}
   file_transport = address_file
   pipe_transport = address_pipe
localuser:
   driver = accept
   check_local_user
   transport = local_delivery
   cannot_route_message = Unknown user
begin transports
remote_smtp:
   driver = smtp
   dbl_host_defer_query = DEFER_QUERY
   delay_after_cutoff = false
   dkim_domain = ${if exists{/usr/local/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}\
                 {${lc:$sender_address_domain}}{}}
   dkim_selector = baruwa
   dkim_private_key = ${if exists{/usr/local/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}\
                       {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}{0}}
   tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
remote_lmtp:
   driver = smtp
   protocol = lmtp
   port = 25
   dbl_host_defer_query = DEFER_QUERY
   delay_after_cutoff = false
   dkim_domain = ${if exists{/usr/local/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}\
                 {${lc:$sender_address_domain}}{}}
   dkim_selector = baruwa
   dkim_private_key = ${if exists{/usr/local/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}\
                       {/etc/MailScanner/baruwa/dkim/${lc:$sender_address_domain}.pem}{0}}
   tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
local_delivery:
   driver = appendfile
   file = /var/mail/$local_part
   delivery_date_add
   envelope_to_add
   return_path_add
   group = mail
   mode = 0660
address_pipe:
   driver = pipe
   return_output
address_file:
   driver = appendfile
   delivery_date_add
   envelope_to_add
   return_path_add
begin retry
*                      *           F,2h,15m; G,16h,1h,1.5; F,14d,6h
begin rewrite
begin authenticators
	.include /usr/local/etc/exim/macros.conf
	hide pgsql_servers = PGSQL_SERVERS
	#primary_hostname =
	domainlist local_domains = @ : localhost : localhost.localdomain
	domainlist relay_sql_domains = RELAY_SQL_DOMAINS
	domainlist relay_sql_smtp_domains = SMTP_SQL_DOMAINS
	domainlist relay_sql_lmtp_domains = LMTP_SQL_DOMAINS
	domainlist ldap_domains = LDAP_DOMAINS
	domainlist smtp_callback_domains = SMTP_CALLBACK_DOMAINS
	domainlist whitelisted_domains = WHITELISTED_DOMAINS
	domainlist blacklisted_domains = BLACKLISTED_DOMAINS
	addresslist whitelisted_addresses = WHITELISTED_ADDRESS
	addresslist blacklisted_addresses = BLACKLISTED_ADDRESS
	hostlist whitelisted_hosts = WHITELISTED_HOSTS
	hostlist blacklisted_hosts = BLACKLISTED_HOSTS
	hostlist relay_sql_hosts = RELAY_SQL_HOSTS
	hostlist relay_from_hosts = localhost : localhost.localdomain
	acl_smtp_rcpt = acl_check_rcpt
	acl_smtp_data = acl_check_data
	acl_smtp_mime = acl_check_mime
	acl_smtp_connect = acl_check_connect
	acl_smtp_helo = acl_check_helo
	acl_smtp_dkim = acl_check_dkim
	#queue_only = true
	#queue_only_override = false
	smtp_banner = Baruwa 2.0 $tod_full
	smtp_active_hostname = ${if !eq{$sender_host_address}{$received_ip_address}{${lookup dnsdb{ptr=$received_ip_address}}}{$primary_hostname}}
	smtp_accept_max_per_connection = 60
	smtp_accept_max = 0
	smtp_load_reserve = 15
	smtp_receive_timeout = 3m
	smtp_accept_max_nonmail = 10
	smtp_max_unknown_commands = 1
	message_size_limit = 20M
	spool_directory = /var/spool/exim.in
	pipelining_advertise_hosts = 127.0.0.1
	process_log_path = /var/spool/exim/exim-process.info
	#log_file_path=:syslog
	#syslog_duplication=false
	#syslog_timestamp=false
	#log_selector = -rejected_header
	received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Baruwa 2.0)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if !eq {$received_protocol}{split} { ret-id none;}{}}${if def:received_for {\n\tfor $received_for}}
	av_scanner = clamd:/var/run/clamav/clamd.sock
	tls_advertise_hosts = *
	tls_certificate = /usr/local/etc/baruwa/certs/baruwa.pem
	tls_privatekey = /usr/local/etc/baruwa/certs/baruwa.key
	tls_on_connect_ports = 465
	tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
	daemon_smtp_ports = 25 : 465 : 587
	exim_user = mailnull
	exim_group = mail
	never_users = root
	rfc1413_hosts = *
	rfc1413_query_timeout = 0s
	ignore_bounce_errors_after = 1d
	timeout_frozen_after = 3d
	auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
	perl_startup = do '/usr/local/etc/exim/baruwa/exim-bcrypt.pl'
	perl_at_start = true
	begin acl
	acl_check_rcpt:
	accept hosts = :
	control = submission
	drop message = REJECTED - Sender $sender_address is banned
	hosts = +blacklisted_hosts
	drop message = REJECTED - Domain $sender_address_domain is banned
	domains = +blacklisted_domains
	drop message = Dictionary attack detected
	condition = ${if >{$rcpt_fail_count}{3} {yes}{no}}
	delay = 10m
	drop message = Legitimate bounces are never sent to more than one recipient.
	senders = : postmaster@*
	condition = ${if >{$recipients_count}{1}{true}{false}}
	drop message = Restricted characters in address
	domains = +local_domains
	local_parts = ^[.] : ^.*[@%!/\|]
	drop message = Restricted characters in address
	domains = !+local_domains
	local_parts = ^[./\|] : ^.[@%!] : ^./\\.\\./
	accept local_parts = postmaster
	domains = +local_domains : +relay_sql_domains
	accept hosts = +relay_from_hosts : +relay_sql_hosts
	control = submission/sender_retain
	accept authenticated = *
	control = submission/sender_retain
	require message = relay not permitted
	domains = +local_domains : +relay_sql_domains
	accept message = Authorized sender: $sender_address
	senders = +whitelisted_addresses
	accept message = Authorized sender: $sender_address_domain
	domains = +whitelisted_domains
	drop message = REJECTED - because $sender_host_address is in a black list spamhaus.org
	dnslists = zen.spamhaus.org
	ratelimit = 0 / 2h / strict / per_conn
	drop message = REJECTED - because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
	dnslists = bl.spamcop.net : cbl.abuseat.org
	ratelimit = 0 / 2h / strict / per_conn
	drop message = REJECTED - $dnslist_text
	dnslists = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain
	drop message = REJECTED - We don't accept messages from hosts without reverse DNS
	log_message = No reverse DNS
	!verify = reverse_host_lookup
	!verify = sender/no_details/callout=2m,defer_ok
	!condition = ${if eq{$sender_verify_failure}{}}
	drop message = REJECTED - Recipient Verification Failed - User Not Found
	domains = +smtp_callback_domains
	#!verify = recipient/success_on_redirect/callout=2m,defer_ok,use_sender
	!verify = recipient/success_on_redirect/callout=2m,defer_ok
	drop message = REJECTED - User Not Found
	domains = +ldap_domains
	condition = ${lookup ldap{${expand:LDAP_LOOKUP}}{0}{1}}
	deny message = SPF_MSG
	spf = fail
	# deny message = $sender_host_address doesn't look trustworthy to me
	# spf_guess = fail
	accept
	acl_check_data:
	drop malware = *
	message = This message contains a virus ($malware_name).
	accept
	acl_check_mime:
	drop message = Blacklisted file extension detected
	condition = ${if match \
	{${lc:$mime_filename}} \
	{\N(\.exe\|\.pif\|\.bat\|\.scr\|\.lnk\|\.com)$\N} \
	{1}{0}}
	accept
	acl_check_connect:
	accept hosts = :
	drop message = REJECTED - because $sender_host_address is a banned sender
	hosts = +blacklisted_hosts
	accept message = Authorized sender: $sender_host_address
	hosts = +whitelisted_hosts
	defer ratelimit = 250 / 15m / strict
	message = You can only send $sender_rate_limit msgs per $sender_rate_period
	log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
	accept
	acl_check_helo:
	drop message = REJECTED - no HELO/EHLO greeting
	log_message = remote host did not present greeting
	condition = ${if def:sender_helo_name {false}{true}}
	drop message = REJECTED - HELO is an IP address (See RFC2821 4.1.3)
	condition = ${if isip{$sender_helo_name}}
	accept
	acl_check_dkim:
	accept authenticated = *
	accept hosts = :
	accept hosts = +whitelisted_hosts
	deny message = REJECTED - DKIM failure: $dkim_verify_reason
	#dkim_status = none:invalid:fail
	dkim_status = none:invalid
	condition = ${if eq {$dkim_key_testing}{1} {no}{yes}}
	warn add_header = X-DKIM: Status on $received_ip_address using Baruwa 2.0: dkim=$dkim_verify_status; \
	signing_identity="$dkim_cur_signer"
	accept
	begin routers
	split:
	driver = accept
	domains = +relay_sql_domains
	condition = ${if and {{!eq {$received_protocol}{split}}{gt {$recipients_count}{1}}}{yes}{no}}
	transport = send_to_self
	no_verify
	no_address_test
	message_checks:
	driver = redirect
	allow_defer
	data = :defer: queued for message checks
	no_verify
	no_address_test
	deliver_clean_smtp:
	driver = manualroute
	domains = +relay_sql_smtp_domains
	transport = remote_smtp
	route_data = ${lookup pgsql {ROUTE_QUERY}}
	no_more
	deliver_clean_lmtp:
	driver = manualroute
	domains = +relay_sql_lmtp_domains
	transport = remote_lmtp
	route_data = ${lookup pgsql {ROUTE_QUERY}}
	no_more
	dnslookup:
	driver = dnslookup
	domains = ! +local_domains : ! +relay_sql_domains
	transport = remote_smtp
	ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
	no_more
	system_aliases:
	driver = redirect
	allow_fail
	allow_defer
	domains = @
	data = ${lookup{$local_part}lsearch{/etc/aliases}}
	file_transport = address_file
	pipe_transport = address_pipe
	localuser:
	driver = accept
	check_local_user
	transport = local_delivery
	cannot_route_message = Unknown user
	begin transports
	send_to_self:
	driver = pipe
	batch_max = 1
	use_bsmtp
	command = /usr/sbin/exim -oMr split -bS
	user = mailnull
	remote_smtp:
	driver = smtp
	delay_after_cutoff = false
	remote_lmtp:
	driver = smtp
	protocol = lmtp
	delay_after_cutoff = false
	port = 25
	local_delivery:
	driver = appendfile
	file = /var/mail/$local_part
	delivery_date_add
	envelope_to_add
	return_path_add
	group = mail
	mode = 0660
	address_pipe:
	driver = pipe
	return_output
	address_file:
	driver = appendfile
	delivery_date_add
	envelope_to_add
	return_path_add
	begin retry
	* * F,2h,15m; G,16h,1h,1.5; F,14d,6h
	begin rewrite
	begin authenticators
	PLAIN:
	driver = plaintext
	server_prompts = :
	server_condition = ${if and{ {!eq {$auth2}{}} {!eq {$auth3}{}}\
	{bool{${perl{check_password}\
	{${lookup pgsql {ORG_CHECK_PLAIN}{$value}}}\
	{$auth3}}}\
	}\
	}\
	{yes}{no}}
	server_set_id = $2
	server_advertise_condition = ${if def:tls_cipher }

	LOGIN:
	driver = plaintext
	server_prompts = "Username:: : Password::"
	server_condition = ${if and{ {!eq {$auth1}{}} {!eq {$auth2}{}}\
	{bool{${perl{check_password}\
	{${lookup pgsql {ORG_CHECK_LOGIN}{$value}}}\
	{$auth2}}}}\
	}\
	{yes}{no}}
	server_set_id = $1
	server_advertise_condition = ${if def:tls_cipher }