Last active
October 6, 2016 19:17
-
-
Save kricha/4adac00915641fa7a03d67dcd1fe479b to your computer and use it in GitHub Desktop.
exim4 default configuration with TLS and DKIM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# for example main site domain is domain.tld | |
primary_hostname = mail_subdomain.domain.tld | |
domainlist local_domains = domain.tld | |
DKIM_DOMAIN = ${lc:${domain:$h_from:}} | |
DKIM_FILE = /etc/exim4/${lc:${domain:$h_from:}}.key | |
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} | |
DKIM_SELECTOR = mail | |
hostlist relay_from_hosts = localhost : 127.0.0.1 : server_ip | |
domainlist relay_to_domains = domain.tld:mail1.domain.ltd:mail2.domain.tld:mail3.domain.tld | |
#socket of ClamAV antivirus | |
#av_scanner = clamd:/var/run/clamav/clamd | |
daemon_smtp_ports = 25 : 465 | |
tls_on_connect_ports = 465 | |
#...? | |
tls_advertise_hosts = * | |
# ssl certs | |
tls_certificate = /etc/exim4/certs/hostanme.pem | |
tls_privatekey = /etc/exim4/certs/hostanme.pem | |
log_selector = \ | |
+all_parents \ | |
+lost_incoming_connection \ | |
+received_sender \ | |
+received_recipients \ | |
+smtp_confirmation \ | |
+smtp_syntax_error \ | |
+smtp_connection \ | |
+smtp_protocol_error \ | |
-queue_run | |
# for using eximstats | |
syslog_timestamp = yes | |
acl_smtp_rcpt = acl_check_rcpt | |
acl_smtp_mime = acl_check_mime | |
acl_smtp_data = acl_check_data | |
# ...? | |
#trusted_users = uucp | |
qualify_domain = domain.tld | |
local_interfaces = 127.0.0.1 : server_ip | |
# disallow login@0.0.0.0 | |
allow_domain_literals = false | |
# ...? | |
#delay_warning = 4h:8h:24h:48h | |
host_lookup = * | |
# Disable ident | |
rfc1413_hosts = * | |
rfc1413_query_timeout = 0s | |
sender_unqualified_hosts = +relay_from_hosts | |
recipient_unqualified_hosts = +relay_from_hosts | |
ignore_bounce_errors_after = 2d | |
timeout_frozen_after = 4d | |
# not need for now | |
#message_size_limit = 20M | |
#smtp_accept_max = 100 | |
#smtp_accept_max_per_connection = 50 | |
#smtp_accept_queue_per_connection = 30 | |
# ...? | |
#split_spool_directory = true | |
#smtp_banner = "$primary_hostname ESMTP Exim" | |
begin acl | |
acl_check_rcpt: | |
deny message = "Illegal characters are in an address." | |
domains = +local_domains | |
local_parts = ^[.] : ^.*[@%!/|] | |
deny message = "Illegal characters are in an address." | |
domains = !+local_domains | |
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ | |
require verify = sender | |
deny message = "HELO/EHLO required by SMTP RFC" | |
condition = ${if eq{$sender_helo_name}{}{yes}{no}} | |
deny condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}} | |
hosts = !127.0.0.1:!localhost:* | |
message = "There can not be only numbers in HELO!" | |
deny message = "The use of IP is forbidden in HELO!" | |
hosts = *:!+relay_from_hosts | |
condition = ${if eq{$sender_helo_name}\ | |
{$sender_host_address}{true}{false}} | |
deny condition = ${if eq{$sender_helo_name}\ | |
{$interface_address}{yes}{no}} | |
hosts = !127.0.0.1 : !localhost : * | |
message = "The use of my IP is forbidden!" | |
deny condition = ${if eq{$sender_address}{}{yes}{no}} | |
hosts = +relay_from_hosts | |
message = "Your message have not return address" | |
deny message = "Dynamic hosts is forbidden!" | |
condition = ${if match{$sender_host_name}\ | |
{dsl|dial|pool|peer|dhcp|cable} {yes}{no}} | |
accept hosts = +relay_from_hosts | |
deny message = "Homo hominus lupus est" | |
acl_check_data: | |
# Проверяем письмо на вирусы | |
deny malware = * | |
message = "In e-mail found VIRUS - $malware_name" | |
# Если есть необходимость - тут проверки на спам | |
# Пропускаем остальное | |
accept | |
begin routers | |
dnslookup: | |
driver = dnslookup | |
domains = ! +local_domains | |
transport = remote_smtp | |
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 | |
no_more | |
system_aliases: | |
driver = redirect | |
allow_fail | |
allow_defer | |
domains = domain.tld | |
data = ${lookup{$local_part}lsearch{/etc/aliases}} | |
begin transports | |
remote_smtp: | |
driver = smtp | |
interface = server_ip | |
dkim_domain = DKIM_DOMAIN | |
dkim_selector = DKIM_SELECTOR | |
dkim_private_key = DKIM_PRIVATE_KEY | |
address_file: | |
driver = appendfile | |
delivery_date_add | |
envelope_to_add | |
return_path_add | |
begin retry | |
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h | |
begin rewrite | |
begin authenticators |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment