Today HestiaCP updated itself to 1.9.0.1 and introduced support for Ubuntu 24.04.
So I did the release upgrade from 22.04 to 24.04. When asked about configuration files I said to keep the original files.
I can send mails, but I am not able to receive any mails since the upgrade. Even local mails (meaning no external provider) are not working anymore.
So for example I have a GMX (very popular mail service) address [email protected]
I can send from my server running HestiaCP to GMX, but not vice-versa.
I’d understand if for whatever reason GMX would be blocking my mails. But not this way around. oO
SenderScore tells my my IP is not blocked.
From the exim4 logs I can see tainted arg messages.
2025-02-04 12:03:12 1tfGhz-000000005ej-3z1M <= [email protected] H=mout.gmx.net [212.227.17.21] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.digioso.org S=5796 DKIM=gmx.de [email protected]
2025-02-04 12:03:12 1tfGhz-000000005ej-3z1M ** [email protected] R=localuser T=dovecot_virtual_delivery: Tainted arg 3 for dovecot_virtual_delivery transport command: ‘[email protected]’
2025-02-04 12:03:12 1tfGi0-000000005ep-1qVf <= <> R=1tfGhz-000000005ej-3z1M U=Debian-exim P=local S=5232
2025-02-04 12:03:12 1tfGhz-000000005ej-3z1M Completed
2025-02-04 12:03:13 1tfGi0-000000005ep-1qVf => [email protected] R=dnslookup T=remote_smtp H=mx01.emig.gmx.net [212.227.17.5] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=yes C=“250 Requested mail action okay, completed: id=1MA58E-1tZBta2rgw-009lRY”
2025-02-04 12:03:13 1tfGi0-000000005ep-1qVf Completed
My update-exim4.conf.conf:
dc_eximconfig_configtype='internet'
dc_other_hostnames='digioso'
dc_local_interfaces='127.0.0.1 ; ::1 ; 130.61.111.98 ;'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
Mail Header:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
Reporting-MTA: dns; digioso.net
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
test mail.eml
Betreff:
test mail
Von:
Digioso <[email protected]>
Datum:
04.02.2025, 12:03
An:
Digioso <[email protected]>
Return-path:
<[email protected]>
Received:
from mout.gmx.net ([212.227.17.21]) by digioso.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97) (envelope-from <[email protected]>) id 1tfGhz-000000005ej-3z1M for [email protected]; Tue, 04 Feb 2025 12:03:12 +0100
DKIM-Signature:
v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1738666991; x=1739271791; [email protected]; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:From:To:Subject: Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=qC1I07fhAWXRVm0KpaDzHcyZkiPy48jGbWzZ3nXAKxOY9g1/5czSgxIGeSDb1h0U ZYuPjhCb2K5Vz0PH6OVfMCQRz3tpBn3oJ7UEf1GfcO8Je1B4HUgNAIG1wzozRJ/M+ GFUj8FQ7qqtNOM2nx4gaYVOSzJ8wCrfDjKbeCNHkDnXyIxO//tcp2L4FhGzXPYYhp 50fPgOybprZ0TehxPLHY+0Cgd1lj5xUKdpWpGvL9dvgv2HVv0rEPMOkskD1XiJsCJ BqUKKDHyYf58w/s7b9GMgJmX7n0rhsWqNMRUpS1tj2gkq9sI5X97RuR0heIwSOx/9 +VJpk14Ggbnbgl4zhA==
X-UI-Sender-Class:
724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received:
from [192.168.1.48] ([134.255.192.129]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N2Dx8-1tIUNt1dYU-00u0AD for <[email protected]>; Tue, 04 Feb 2025 12:03:11 +0100
Nachricht-ID:
<[email protected]>
MIME-Version:
1.0
User-Agent:
Betterbird (Windows)
Content-Language:
en-US
Content-Type:
text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding:
7bit
X-Antivirus:
Avast (VPS 250203-4, 3.2.2025), Outbound message
X-Antivirus-Status:
Clean
X-Provags-ID:
V03:K1:VqfccrkmN5AlQB86gexPmlJG9OXIbQh1qZxD4s0+LX5wWyaVCqu /rK1tgXOO4hmauaeop/fpox4dbEtZ4LvTLQaokdOXj0+Vj+8MJdlaBPK5ORfoGfQjZqGHAS MJ9pZa1JkmbFuKCSgQE7Aao1kuP0Gxam1Uu1kC6KsoFmDsyGTGVz13W1UvZTQG0zsrxoRJf AzxZALx+Ae8iE50hHmR9A==
X-Spam-Flag:
NO
UI-OutboundReport:
notjunk:1;M01:P0:fVupR4RD9Lk=;H6hBXgpuu2PbFOCZadhMh9h4CkT FRbK6iIIqZT+luz3Y+HT1nhpCnTI1MwxWfeF89BVccQFY1JoLR66xH9b063ngJ5FpL9KUQE95 40Lwz2xqNqrTKoryStyHTwlcfcBXASpRj5ErsqWTZ4BAhBPE9g2LBOnGnW89YWh0xxG7ydi/j kGgpU9ShHr0cpBjOenW1jsbaWd1wFyQPugNZAu3Jl5MXlsfUcBVm+TQoGspawd9Z4Aop2Fo9t sWuYIPGv40kswFif74X95wQcVUY9DNn2t5J6Y/uyt2cRhY2JTIOQYtkNbO7M4ePcerA68pNIi q2/3KPGNxfYuwlJWPGWhkjvyCT53tHqAdn6XSVU+qvaNHgjLe4PlNbPnyYJS4SPl0US1O9KDD LpQ3ErPENRzyq+29uzJ4/BBY589fZuHuHyqrgoequzeGzRAHjOSnhYWF9WfBfIYsd/PL2OyVC d7/DCzkBVSdAdmTZRrP16SSMehsbbl92275Anf5uZ0uFIzDb545yvP/tnb8qhB0lmuXwGU56u 8+x5cVSpl5KK/I6qU6QQ3F8SEMKaqZ5PA1fjuG2jh/pmlniKxPajR+EuFkBAPgL8NVZfZuVLy WOjQSR/9JEL7cHAjMu7AJoudZAWp0WrjXM9zuOdkwHLQC3l0SJHWIBpBmP2IMK7YxPsEe/mG4 U9pPJX06UYDJ/lIg61K6PwNlNAN+UiY6MwnYpgKAddRcCi6sFhTekX0utvZKhPSZiV+XsY+nq w+Rjd6H4Bbb07bE7kLrPsccL5qFxcsgei+KaohcLPQFGkqDvhlSvvVab4XbUfQcp6nOjOxA6I ll90EzCe0UPRIVHz5nu5HLdQBf33Yk/6v5Guf+XvINfEuCw/4d1tFLOW2oMpSx4ztjLFkFQc/ NJjIFgyJP1eBb9bIBPgLX-Spam-Score: -22
X-Spam-Bar:
--
X-Spam-Report:
Spam detection software, running on the system "digioso.net", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.3 EMPTY_MESSAGE Message appears to have no textual parts -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.227.17.21 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from
And this is my /etc/exim4/exim4.conf.template file:
######################################################################
# #
# Exim configuration file for Hestia Control Panel #
# #
######################################################################
SPAMASSASSIN = yes
SPAM_SCORE = 50
SPAM_REJECT_SCORE = 100
CLAMD = yes
IGNORE_SMTP_LINE_LENGTH_LIMIT=1
smtp_banner = $smtp_active_hostname
smtp_active_hostname = ${lookup dnsdb{>: defer_never,ptr=$interface_address}{${listextract{1}{$value}}}{$primary_hostname}}
add_environment = <; PATH=/bin:/usr/bin
keep_environment =
disable_ipv6 = true
smtp_accept_max = 100
smtp_accept_max_per_host = 20
smtputf8_advertise_hosts =
domainlist local_domains = dsearch;/etc/exim4/domains/
domainlist relay_to_domains = dsearch;/etc/exim4/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
no_local_from_check
untrusted_set_sender = *
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.ctl
.endif
log_selector = +tls_sni
tls_advertise_hosts = *
# We test that $tls_in_sni is a valid domain, by an arbitrary email address [email protected] .
# Then, we extract the domain with a function that would fail if the email address is invalid.
# If the certificate exists, we will use it, otherwise the default certificate in /etc/ssl will be used.
tls_certificate = \
${if and {\
{ eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
{ exists{/usr/local/hestia/ssl/mail/$tls_in_sni.crt} }\
}\
{/usr/local/hestia/ssl/mail/$tls_in_sni.crt}\
{/usr/local/hestia/ssl/certificate.crt}\
}
tls_privatekey = \
${if and {\
{ eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
{ exists{/usr/local/hestia/ssl/mail/$tls_in_sni.key} }\
}\
{/usr/local/hestia/ssl/mail/$tls_in_sni.key}\
{/usr/local/hestia/ssl/certificate.key}\
}
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
tls_require_ciphers = PERFORMANCE:-RSA:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
OUTGOING_IP = /etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/ip
SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}
SMTP_RELAY_HOST = ${lookup{host}lsearch{SMTP_RELAY_FILE}}
SMTP_RELAY_PORT = ${lookup{port}lsearch{SMTP_RELAY_FILE}}
SMTP_RELAY_USER = ${lookup{user}lsearch{SMTP_RELAY_FILE}}
SMTP_RELAY_PASS = ${lookup{pass}lsearch{SMTP_RELAY_FILE}}
# Custom Filter
system_filter = /etc/exim4/system.filter
system_filter_user = Debian-exim
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
acl_not_smtp = acl_not_smtp
begin acl
# Limit per user for PHP scripts
acl_not_smtp:
deny message = Website of user $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 200 / 1h / $authenticated_id
warn ratelimit = 100 / 1h / strict / $authenticated_id
log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period
accept
acl_check_spammers:
accept hosts = +whitelist
drop message = Your host in blacklist on this server.
log_message = Host in blacklist
hosts = +spammers
accept
acl_check_mail:
deny condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop !authenticated = *
message = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
delay = 45s
drop !authenticated = *
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop !authenticated = *
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = $interface_address is _my_ address
accept
acl_check_rcpt:
accept hosts = :
# Limit per email account for SMTP auhenticated users
deny message = Email account $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
set acl_c_msg_limit = ${if exists{/etc/exim4/domains/${lookup{${domain:$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{${lookup {$authenticated_id} lsearch{/etc/exim4/domains/${lookup{${domain:$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{$value}{${readfile{/etc/exim4/limit.conf}}}}}{${readfile{/etc/exim4/limit.conf}}} }
ratelimit = $acl_c_msg_limit / 1h / strict/ $authenticated_id
warn ratelimit = ${eval:$acl_c_msg_limit / 2} / 1h / strict / $authenticated_id
log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission/domain=
deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
hosts = !+whitelist
dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}}
require message = relay not permitted
domains = +local_domains : +relay_to_domains
deny message = smtp auth required
sender_domains = +local_domains
!authenticated = *
require verify = recipient
.ifdef CLAMD
warn set acl_m0 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
set acl_m0 = yes
.endif
.ifdef SPAMASSASSIN
warn set acl_m1 = no
set acl_m3 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
warn condition = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}
set acl_m3 = yes
.endif
accept
acl_check_data:
.ifdef CLAMD
deny message = Message contains a virus ($malware_name) and has been rejected
malware = */defer_ok
condition = ${if eq{$acl_m0}{yes}{yes}{no}}
.endif
.ifdef SPAMASSASSIN
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{1024K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = debian-spamd:true/defer_ok
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
message = SpamAssassin detected spam (from $sender_address to $recipients).
# Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled
deny message = This message scored $spam_score spam points
spam = debian-spamd:true
condition = ${if eq{$acl_m3}{yes}{yes}{no}}
condition = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}
.endif
accept
acl_check_mime:
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}}{\N(\.ace|\.ade|\.adp|\.app|\.arj|\.asp|\.aspx|\.asx|\.bas|\.bat|\.cab|\.cer|\.chm|\.cmd|\.cnt|\.com|\.cpl|\.crt|\.csh|\.der|\.diagcab|\.dll|\.efi|\.exe|\.fla|\.fon|\.fxp|\.gadget|\.grp|\.hlp|\.hpj|\.hta|\.htc|\.img|\.inf|\.ins|\.iso|\.isp|\.its|\.jar|\.jnlp|\.js|\.jse|\.ksh|\.lib|\.lnk|\.mad|\.maf|\.mag|\.mam|\.maq|\.mar|\.mas|\.mat|\.mau|\.mav|\.maw|\.mcf|\.mda|\.mdb|\.mde|\.mdt|\.mdw|\.mdz|\.msc|\.msh|\.msh1|\.msh1xml|\.msh2|\.msh2xml|\.mshxml|\.msi|\.msp|\.mst|\.msu|\.ops|\.osd|\.pcd|\.pif|\.pl|\.plg|\.prf|\.prg|\.printerexport|\.ps1|\.ps1xml|\.ps2|\.ps2xml|\.psc1|\.psc2|\.psd1|\.psdm1|\.pst|\.py|\.pyc|\.pyo|\.pyw|\.pyz|\.pyzw|\.reg|\.scf|\.scr|\.sct|\.sfx|\.shb|\.shs|\.swf|\.sys|\.theme|\.tmp|\.ttf|\.url|\.vb|\.vba|\.vbe|\.vbp|\.vbs|\.vhd|\.vhdx|\.vsmacros|\.vsw|\.vxd|\.webpnp|\.website|\.wim|\.ws|\.wsc|\.wsf|\.wsh|\.xbap|\.xll|\.xnk)$\N}{1}{0}}
accept
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
smtp_relay_login:
driver = plaintext
public_name = LOGIN
hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
send_via_unauthenticated_smtp_relay:
driver = manualroute
address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT
domains = !+local_domains
require_files = SMTP_RELAY_FILE
condition = ${if eq{SMTP_RELAY_USER}{}}
transport = remote_smtp
route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}
no_more
no_verify
send_via_smtp_relay:
driver = manualroute
address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT
domains = !+local_domains
require_files = SMTP_RELAY_FILE
transport = smtp_relay_smtp
route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}
no_more
no_verify
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
no_more
userforward:
driver = redirect
check_local_user
file = $home/.forward
require_files = ${local_part}:+${home}/.forward
domains = +local_domains
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
autoreplay:
driver = accept
require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg
condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
retry_use_local_part
transport = userautoreply
unseen
aliases:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
require_files = /etc/exim4/domains/$domain/aliases
redirect_router = dnslookup
pipe_transport = address_pipe
unseen
localuser_fwd_only:
driver = accept
transport = devnull
condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}}
localuser:
driver = accept
transport = dovecot_virtual_delivery
condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}}
catchall:
driver = redirect
headers_add = X-redirected: yes
require_files = /etc/exim4/domains/$domain/aliases
data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
file_transport = local_delivery
redirect_router = dnslookup
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}
condition = ${lookup{@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}
terminate_alias:
driver = accept
transport = devnull
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
begin transports
smtp_relay_smtp:
driver = smtp
hosts_require_auth = $host_address
hosts_require_tls = $host_address
remote_smtp:
driver = smtp
helo_data = ${lookup dnsdb{>: defer_never,ptr=$sending_ip_address}{${listextract{1}{$value}}}{$primary_hostname}}
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
hosts_try_fastopen = !*.l.google.com
interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
.ifdef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_linelength_limit = 2048000
.endif
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output
local_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
quota_warn_threshold = 75%
local_spam_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/."
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
quota_warn_threshold = 75%
dovecot_virtual_delivery:
driver = pipe
command = /usr/lib/dovecot/dovecot-lda -e -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain
delivery_date_add
envelope_to_add
return_path_add
log_output = true
log_defer_output = true
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
group = mail
return_output
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
userautoreply:
driver = autoreply
file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg
from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"
headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
to = "${sender_address}"
devnull:
driver = appendfile
file = /dev/null
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
######################################################################