summaryrefslogtreecommitdiffstats
path: root/cd-system/cd-exim.conf
blob: 085ce79e820888dba1d51c1a9661e54c1386a68c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
RETIOLUM_HOSTNAME = cd.retiolum

primary_hostname = RETIOLUM_HOSTNAME

HOST_REDIR = /etc/exim4/host_redirect
INTERNET_ALIASES = /etc/exim4/internet_aliases


# Domains not listed in local_domains need to be deliverable remotely.
# XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains    = @ : localhost
domainlist relay_to_domains =
hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 5s


log_selector = -queue_run +address_rewrite +all_parents +queue_time
log_file_path = syslog
syslog_timestamp = false
syslog_duplication = false

begin acl

acl_check_rcpt:
  accept  hosts = :
          control = dkim_disable_verify

  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains


  accept  hosts         = +relay_from_hosts
          control       = submission
          # debian: control = submission/sender_retain
          # arch & debian:
          control       = dkim_disable_verify

  accept  authenticated = *
          control       = submission
          control       = dkim_disable_verify

  accept message = relay not permitted 2
          recipients = lsearch;INTERNET_ALIASES

  require message = relay not permitted
          domains = +local_domains : +relay_to_domains

  require
    message = unknown user
    verify = recipient/callout

  accept


acl_check_data:
  accept


begin routers

retiolum:
  debug_print = "R: retiolum for $local_part@$domain"
  driver = manualroute
  domains = ! RETIOLUM_HOSTNAME : *.retiolum
  transport = retiolum_smtp
  route_list = ^.* $0 byname
  no_more

internet_aliases:
  debug_print = "R: internet_aliases for $local_part@$domain"
  driver = redirect
  data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}}

host_redirect:
  debug_print = "R: host_redirect for $local_part@$domain"
  driver = redirect
  domains = local_part;HOST_REDIR
  data = $local_part@${lookup{$domain}lsearch{HOST_REDIR}}

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1
  no_more


begin transports

retiolum_smtp:
  driver = smtp
  retry_include_ip_address = false

remote_smtp:
  driver = smtp


home_maildir:
  driver = appendfile

  #file = /var/mail/$local_part
  maildir_format
  maildir_use_size_file
  directory = $home/Maildir
  directory_mode = 0700

  delivery_date_add
  envelope_to_add
  return_path_add



begin retry

*.retiolum             *           F,42d,1m
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

begin authenticators