-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathexample-exim4.conf
150 lines (111 loc) · 4.57 KB
/
example-exim4.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Specify local domains, this is usually hostname -f and hostname - ie bad
# mail names the local machine might create. They get rewritten to a cloud
# name below
domainlist local_domains =
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
# Create this file HERE
# It has single lines in the format:
# domain.com: host=smtp.office365.com::587 helo=cms [email protected] oauth=/home/XX/mail/.cms/exim/unix
# oauth= may also be replaced with password= to do basic authentication. The
# file is searched based on the Envelope From when invoking sendmail
SMARTFN = /etc/exim4/exim-smart-hosts
# We don't have IPv6, do not even try.
disable_ipv6=true
# It is also a good idea to edit /etc/default/exim4 and switch to 'queueonly' mode (Debian)
local_interfaces = <; [127.0.0.1]:25
acl_smtp_rcpt = acl_check_rcpt
tls_advertise_hosts =
# Trusted users are allowed to override the sender envelope
trusted_users = # Add your user name HERE
never_users = root
host_lookup = *
prdr_enable = true
log_selector = +smtp_protocol_error +smtp_syntax_error \
+tls_certificate_verified
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
keep_environment =
add_environment = <; PATH=/bin:/usr/bin
begin acl
acl_check_rcpt:
# Standard input
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
begin routers
# The router is sensitive to the sender address and will use the correct outgoing server.
# Use something like:
# exim -f '[email protected]' -bt [email protected]
# To quick test
smarthost:
debug_print = "R: smarthost to $local_part@$domain for $sender_address"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
address_data = ${lookup{$sender_address_domain}lsearch{SMARTFN}}
route_data = ${extract{host}{$address_data}}
# There are several cases in exim, particularly internally generated bounces,
# that have an empty envelope from. In this case route based on the
# destination address the cloud relay will insert the account user as the
# envelope from.
empty_envelope:
debug_print = "R: empty_envelope to $local_part@$domain for '$sender_address'"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
condition = ${if eq{$sender_address_domain}{}{true}{}}
address_data = ${lookup{$domain}lsearch{SMARTFN}}
route_data = ${extract{host}{$address_data}}
no_more
begin transports
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
helo_data = ${extract{helo}{$address_data}{$value}{example.com}}
hosts_require_auth = ${extract{user}{$address_data}{*}{}}
hosts_require_tls = *
tls_tempfail_tryclear = false
tls_verify_certificates = system
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
# Replace user and domain HERE
root@+local_domains [email protected] Eh
user@+local_domains [email protected] Eh
begin authenticators
xoauth2_smart:
driver = plaintext
client_condition = ${if and {{!eq{$tls_out_cipher}{}} {eq{${extract{oauth}{$address_data}{}fail}}{}}} }
public_name = XOAUTH2
client_ignore_invalid_base64 = true
client_send = : ${readsocket{${extract{oauth}{$address_data}{$value}fail}}{SMTP ${extract{user}{$address_data}{$value}fail}}}
# Plain has fewer round trips, so prefer to use it
plain_smart:
driver = plaintext
client_condition = ${if and {{!eq{$tls_out_cipher}{}} {eq{${extract{password}{$address_data}{}fail}}{}}} }
public_name = PLAIN
client_send = ^${extract{user}{$address_data}{$value}fail}^${extract{password}{$address_data}}
login_smart:
driver = plaintext
client_condition = ${if and {{!eq{$tls_out_cipher}{}} {eq{${extract{password}{$address_data}{}fail}}{}}} }
public_name = LOGIN
client_send = : ${extract{user}{$address_data}{$value}fail} : ${extract{password}{$address_data}}