# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
+acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
trusted_users = <%= node[:exim][:trusted_users].join(" : ") %>
+# Do all deliveries via a limited set of queues.
+
+queue_only = true
+queue_run_max = <%= node[:exim][:queue_run_max] %>
+
+
+# Maximum number of simultaneous SMTP connections
+
+smtp_accept_max = <%= node[:exim][:smtp_accept_max] %>
+
+
######################################################################
# ACL CONFIGURATION #
begin acl
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+ accept
+
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
message = Rejected because $sender_address is blacklisted\nQueries to postmaster@$qualify_domain
!hosts = +relay_from_hosts
+ deny sender_domains= partial-lsearch;/etc/exim4/blocked-sender-domains
+ message = Rejected because $sender_address is blacklisted\nQueries to postmaster@$qualify_domain
+ !hosts = +relay_from_hosts
+
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
# relay domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
- require verify = recipient
+ deny domains = +relay_to_domains
+ !verify = recipient/callout=use_sender
+
+ deny domains = !+relay_to_domains
+ !verify = recipient
<% if node[:exim][:dns_blacklists] -%>
# Deny any messages from hosts in certain blacklists.
!hosts = +relay_from_hosts
message = This message failed local spam checks.
- # Accept the message.
+ # Accept messages from relay hosts without modification.
- accept
+ accept hosts = +relay_from_hosts
+
+ # Accept messages from external hosts and add authentication results.
+
+ accept add_header = :at_start:${authresults {$primary_hostname}}
<% else -%>
transport = <%= name %>
<% end -%>
+<% if details[:case_sensitive] -%>
+ caseful_local_part
+<% end -%>
<% end -%>
signed_smtp:
driver = smtp
+ connect_timeout = 1m
dkim_domain = ${lookup{${domain:$h_from:}}partial-lsearch{/etc/exim4/dkim-domains}{$value}}
dkim_selector = ${lookup{$dkim_domain}lsearch{/etc/exim4/dkim-selectors}{$value}}
dkim_private_key = /etc/exim4/dkim-keys/${dkim_domain}
dkim_identity = ${lc:${address:$h_from:}}
- # dkim_timestamps = 1209600
+ dkim_timestamps = 1209600
multi_domain = false
+ hosts_try_dane =
tls_require_ciphers = <%= node[:ssl][:gnutls_ciphers] %>:%LATEST_RECORD_VERSION
+<% if node[:exim][:external_interface] -%>
+ interface = <%= node[:exim][:external_interface] %>
+<% end -%>
# This transport is used for handling pipe deliveries generated by alias or
to = $sender_address
subject = Re: $header_subject:
headers = MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8
- file = /etc/exim4/noreply/$local_part_data
+ file = ${lookup{$local_part}dsearch,filter=file,ret=full{/etc/exim4/noreply}}
user = Debian-exim
group = Debian-exim