kricha/exim4.conf

## exim4.conf
# for example main site domain is domain.tld
primary_hostname = mail_subdomain.domain.tld

domainlist local_domains = domain.tld

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim4/${lc:${domain:$h_from:}}.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_SELECTOR = mail

hostlist   relay_from_hosts = localhost : 127.0.0.1 : server_ip
domainlist relay_to_domains = domain.tld:mail1.domain.ltd:mail2.domain.tld:mail3.domain.tld

#socket of ClamAV antivirus
#av_scanner = clamd:/var/run/clamav/clamd

daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465

#...?
tls_advertise_hosts = *

# ssl certs
tls_certificate = /etc/exim4/certs/hostanme.pem
tls_privatekey = /etc/exim4/certs/hostanme.pem

log_selector = \
        +all_parents \
        +lost_incoming_connection \
        +received_sender \
        +received_recipients \
        +smtp_confirmation \
        +smtp_syntax_error \
        +smtp_connection \
        +smtp_protocol_error \
        -queue_run
# for using eximstats
syslog_timestamp = yes

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data

# ...?
#trusted_users = uucp

qualify_domain = domain.tld
local_interfaces = 127.0.0.1 : server_ip
# disallow login@0.0.0.0
allow_domain_literals = false

# ...?
#delay_warning = 4h:8h:24h:48h

host_lookup = *

# Disable ident
rfc1413_hosts = *
rfc1413_query_timeout = 0s

sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts

ignore_bounce_errors_after = 2d
timeout_frozen_after = 4d

# not need for now
#message_size_limit = 20M
#smtp_accept_max = 100
#smtp_accept_max_per_connection = 50
#smtp_accept_queue_per_connection = 30

# ...?
#split_spool_directory = true
#smtp_banner = "$primary_hostname ESMTP Exim"

begin acl

acl_check_rcpt:
    deny message      = "Illegal characters are in an address."
         domains       = +local_domains
         local_parts   = ^[.] : ^.*[@%!/|]

    deny message      = "Illegal characters are in an address."
         domains       = !+local_domains
         local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

    require verify        = sender

    deny message       = "HELO/EHLO required by SMTP RFC"
         condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

    deny condition     = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
         hosts         = !127.0.0.1:!localhost:*
         message       = "There can not be only numbers in HELO!"

    deny message   = "The use of IP is forbidden in HELO!"
         hosts     = *:!+relay_from_hosts
         condition = ${if eq{$sender_helo_name}\
                          {$sender_host_address}{true}{false}}

    deny condition = ${if eq{$sender_helo_name}\
                          {$interface_address}{yes}{no}}
         hosts     = !127.0.0.1 : !localhost : *
         message   = "The use of my IP is forbidden!"

    deny condition     = ${if eq{$sender_address}{}{yes}{no}}
         hosts         = +relay_from_hosts
         message       = "Your message have not return address"

    deny message   = "Dynamic hosts is forbidden!"
         condition = ${if match{$sender_host_name}\
                         {dsl|dial|pool|peer|dhcp|cable} {yes}{no}}
    accept  hosts         = +relay_from_hosts
    deny    message       = "Homo hominus lupus est"

acl_check_data:

  # Проверяем письмо на вирусы
  deny malware = *
  message = "In e-mail found VIRUS - $malware_name"

  # Если есть необходимость - тут проверки на спам

  # Пропускаем остальное
  accept

begin routers

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  domains = domain.tld
  data = ${lookup{$local_part}lsearch{/etc/aliases}}

begin transports

remote_smtp:
  driver = smtp
  interface =  server_ip
  dkim_domain = DKIM_DOMAIN
  dkim_selector = DKIM_SELECTOR
  dkim_private_key = DKIM_PRIVATE_KEY

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators
	# for example main site domain is domain.tld
	primary_hostname = mail_subdomain.domain.tld

	domainlist local_domains = domain.tld

	DKIM_DOMAIN = ${lc:${domain:$h_from:}}
	DKIM_FILE = /etc/exim4/${lc:${domain:$h_from:}}.key
	DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
	DKIM_SELECTOR = mail

	hostlist relay_from_hosts = localhost : 127.0.0.1 : server_ip
	domainlist relay_to_domains = domain.tld:mail1.domain.ltd:mail2.domain.tld:mail3.domain.tld

	#socket of ClamAV antivirus
	#av_scanner = clamd:/var/run/clamav/clamd

	daemon_smtp_ports = 25 : 465
	tls_on_connect_ports = 465

	#...?
	tls_advertise_hosts = *

	# ssl certs
	tls_certificate = /etc/exim4/certs/hostanme.pem
	tls_privatekey = /etc/exim4/certs/hostanme.pem

	log_selector = \
	+all_parents \
	+lost_incoming_connection \
	+received_sender \
	+received_recipients \
	+smtp_confirmation \
	+smtp_syntax_error \
	+smtp_connection \
	+smtp_protocol_error \
	-queue_run
	# for using eximstats
	syslog_timestamp = yes

	acl_smtp_rcpt = acl_check_rcpt
	acl_smtp_mime = acl_check_mime
	acl_smtp_data = acl_check_data

	# ...?
	#trusted_users = uucp

	qualify_domain = domain.tld
	local_interfaces = 127.0.0.1 : server_ip
	# disallow login@0.0.0.0
	allow_domain_literals = false

	# ...?
	#delay_warning = 4h:8h:24h:48h

	host_lookup = *

	# Disable ident
	rfc1413_hosts = *
	rfc1413_query_timeout = 0s

	sender_unqualified_hosts = +relay_from_hosts
	recipient_unqualified_hosts = +relay_from_hosts

	ignore_bounce_errors_after = 2d
	timeout_frozen_after = 4d

	# not need for now
	#message_size_limit = 20M
	#smtp_accept_max = 100
	#smtp_accept_max_per_connection = 50
	#smtp_accept_queue_per_connection = 30

	# ...?
	#split_spool_directory = true
	#smtp_banner = "$primary_hostname ESMTP Exim"

	begin acl

	acl_check_rcpt:
	deny message = "Illegal characters are in an address."
	domains = +local_domains
	local_parts = ^[.] : ^.*[@%!/\|]

	deny message = "Illegal characters are in an address."
	domains = !+local_domains
	local_parts = ^[./\|] : ^.[@%!] : ^./\\.\\./

	require verify = sender

	deny message = "HELO/EHLO required by SMTP RFC"
	condition = ${if eq{$sender_helo_name}{}{yes}{no}}

	deny condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
	hosts = !127.0.0.1:!localhost:*
	message = "There can not be only numbers in HELO!"

	deny message = "The use of IP is forbidden in HELO!"
	hosts = *:!+relay_from_hosts
	condition = ${if eq{$sender_helo_name}\
	{$sender_host_address}{true}{false}}

	deny condition = ${if eq{$sender_helo_name}\
	{$interface_address}{yes}{no}}
	hosts = !127.0.0.1 : !localhost : *
	message = "The use of my IP is forbidden!"

	deny condition = ${if eq{$sender_address}{}{yes}{no}}
	hosts = +relay_from_hosts
	message = "Your message have not return address"

	deny message = "Dynamic hosts is forbidden!"
	condition = ${if match{$sender_host_name}\
	{dsl\|dial\|pool\|peer\|dhcp\|cable} {yes}{no}}
	accept hosts = +relay_from_hosts
	deny message = "Homo hominus lupus est"

	acl_check_data:

	# Проверяем письмо на вирусы
	deny malware = *
	message = "In e-mail found VIRUS - $malware_name"

	# Если есть необходимость - тут проверки на спам

	# Пропускаем остальное
	accept

	begin routers

	dnslookup:
	driver = dnslookup
	domains = ! +local_domains
	transport = remote_smtp
	ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
	no_more

	system_aliases:
	driver = redirect
	allow_fail
	allow_defer
	domains = domain.tld
	data = ${lookup{$local_part}lsearch{/etc/aliases}}

	begin transports

	remote_smtp:
	driver = smtp
	interface = server_ip
	dkim_domain = DKIM_DOMAIN
	dkim_selector = DKIM_SELECTOR
	dkim_private_key = DKIM_PRIVATE_KEY

	address_file:
	driver = appendfile
	delivery_date_add
	envelope_to_add
	return_path_add

	begin retry

	* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

	begin rewrite

	begin authenticators