# These are snippets of my Exim configuration (variant with ${run ). # http://wiki.exim.org/DbLessGreyListingRun # Lena(at)lena.kiev.ua June 5, 2024 WRONG_RCPT_LIMIT = 100 PERIOD = 1h WARNTO = abuse@example.com SHELL = /bin/sh P7ZIP = /usr/local/bin/7zz # port archivers/7-zip in case of FreeBSD BINFORBIDDEN = Windows-executable attachments forbidden WINBIN = exe|com|js|pif|scr|bat|jse|cpl|vbe|vbs|ace # more cautious: ace|apk|bat|btm|cgi|chm|cmd|com|cpl|dat|dll|exe|flv|hta|jar|js|jse|jsp|lnk|msi|msu|mst|ocx|pif|prf|ps1|reg|scr|sys|vb|vba|vbe|vbs|wsf|cab|7za|lah|lzo|lzx|arj|bin|msi|cbr|deb|rpm|gzip|jar|pak|pkg|tar-gz|xar|zipx|wim|tb2|paq|iso|jar|lzh|lzma|pak|pk3|pk4|smzip|u3p|xpi|zipx|cpio|xar|lz|rk|zoo|img|ha|z|uu # WinRAR can uncompress .ace, so trojans are sometimes compressed .ace COMPREXT = zip|rar|7z|arj|bz2|gz|uue|xz|z|tar|tgz|iso|img|r\d+ IPNOTIF = echo Subject: blocked $sender_host_address $acl_c_country \ ${sg{${lookup dnsdb{>, defer_never,ptr=$sender_host_address}}}{\N[^\w.,-]\N}{}}; \ echo; echo for bruteforce auth cracking attempt.; .ifdef _OPT_MAIN_CHUNKING_ADVERTISE_HOSTS chunking_advertise_hosts = .endif daemon_smtp_ports = 25 : 587 accept_8bitmime = true untrusted_set_sender = * local_from_check = false helo_accept_junk_hosts = * message_body_newlines = true check_rfc2047_length = false headers_charset = KOI8-R smtp_return_error_details = true bounce_return_size_limit = 7K delay_warning = 4h:99d message_id_header_domain = lena.kiev # nonexistent domain in order to avoid spam to Message-IDs tls_advertise_hosts = * tls_certificate = /etc/ssl/exim.crt tls_privatekey = /etc/ssl/exim.pem host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 2s log_selector = +smtp_confirmation +queue_time -retry_defer \ +smtp_incomplete_transaction +smtp_no_mail +deliver_time hostlist whitelisted_hosts = \ # yahooGroups: 66.163.168.0/23 : \ 66.196.80.0/23 : \ 67.195.87.0/24 : \ 98.136.45.0/24 : \ 98.136.218.0/23 : \ 98.137.34.0/24 : \ 98.138.120.0/23 : \ 98.138.214.0/23 : \ 98.139.164.0/23 : \ 98.139.237.0/24 : \ # yahooGroups old: 98.136.218.0/23 : \ 98.139.44.0/24 : \ 98.138.214.0/23 : \ 98.139.164.0/23 : \ 66.163.168.0/23 : \ 67.195.134.0/23 : \ 69.147.64.0/23 : \ 69.147.102.0/23 : \ 74.6.140.0/24 : \ 98.136.44.0/23 : \ 202.86.5.0/24 : \ 203.188.202.0/24 : \ 217.146.182.0/23 : \ 209.131.38.0/24 : \ 209.191.87.0/24 : \ 209.191.125.0/24 : \ 68.142.206.0/23 : \ 68.142.236.0/23 : \ # groups.io: 66.175.222.12 : \ 66.175.222.108 : \ # rambler.ru: 81.19.78.103/28 : \ 81.19.92.32/28 : \ 81.19.66.0/23 : \ 81.19.88.0/24 : \ # mail.ru: 194.67.23.0/24 : \ 194.67.57.0/24 : \ 94.100.179.0/24 : \ 194.67.45.0/24 : \ 195.239.211.0/24 : \ 194.186.55.0/24 : \ 195.239.174.0/24 : \ 94.100.176.0/20 : \ 217.69.128.0/20 : \ # yandex.ru: 87.250.230.0/24 : \ 5.255.227.0/24 : \ 95.108.253.0/24 : \ 77.88.32.0/24 : \ 87.250.248.0/24 : \ 213.180.200.0/24 : \ 213.180.223.0/24 : \ 77.88.46.0/23 : \ 77.88.60.0/23 : \ 95.108.130.0/23 : \ 84.201.186.0/23 : \ # pochta.ru: 81.211.64.0/24 : \ 82.204.219.0/24 : \ # aha.ru/go.ru: # 195.2.83.0/24 : \ # beelinegprs: 217.118.66.233 : \ # ngs.ru: 81.176.214.0/24 : \ 195.93.186.0/24 : \ 212.164.71.0/24 : \ 195.19.71.0/27 : \ # tut.by: 195.137.160.39 : \ 195.137.160.40 : \ 195.137.160.44/31 : \ # kyivstar.net: 193.41.60.22 : \ # ntvplus.ru: 217.106.225.56 : \ # subscribe.ru: 81.222.217.0/24 : \ 81.222.129.0/24 : \ 81.9.34.128/25 : \ 81.9.46.0/24 : \ 185.76.232.0/22 : \ 185.138.180.0/22 : \ # livejournal.com: 81.19.74.146/24 : \ # spamgourmet.com: 216.75.35.164 : \ # shootthebreeze.net: 74.220.195.67 : \ # nym.alias.net: 18.26.0.252 : \ # WatchThatPage.com: 178.79.142.95 : \ # satline.net: 212.72.193.50 : \ # allegro.pl: 91.194.188.90 : 91.207.14.90 : 91.207.14.247 : 91.207.14.248 : \ 91.194.189.11 : 91.194.189.12 : 178.21.155.24 : 178.21.155.25 : \ 91.194.188.241 : 91.207.14.113 : 194.0.251.100/31 : \ # slando.ru : 83.231.211.64/28 : 83.231.236.0/24 : \ # skylots.org: 91.234.33.227 : \ # ntvplus.ru: 217.106.225.56 : \ # mailing lists @ opennet.ru (open source software): 217.195.210.187 : \ # spam-l.com: 204.238.179.8 : 204.238.179.3 : 204.238.179.19 : \ # spammers.dontlike.us: 192.249.57.241 : \ # mon.itor.us: 208.76.247.123 : \ # mon.itor.us / monitis.com 208.76.245.178 : \ # lekafarm.com.ua: 193.193.194.47 : \ # mailfilter-out-01.viettel.com.vn: 203.113.131.24 : \ # paypal: 206.165.243.109 : 206.165.243.110/31 : 206.165.243.112/28 : \ 206.165.243.128/29 : 206.165.243.136/30 : 206.165.243.140/31 : \ # gmail (from spf 13Nov2008): 216.239.32.0/19 : 64.233.160.0/19 : 66.249.80.0/20 : \ 72.14.192.0/18 : 209.85.128.0/17 : 66.102.0.0/20 : \ 74.125.0.0/16 : 64.18.0.0/20 : 207.126.144.0/20 : \ # from exim-users May 8, 2008: # Blueyonder: 195.188.213.0/29 : 195.188.213.8/31 : \ # Freeserve: # 193.252.22.156/30 : 193.252.22.128/32 : \ # Tucows: 64.97.168.37/32 : 64.97.136.128/26 : \ # Hotmail: 65.54.246.0/24 : \ # Google: 209.85.132.130/32 : 209.85.132.184/29 : 209.85.132.241/32 : \ 209.85.132.244/32 : 209.85.132.250/32 : 212.159.30.228/32 : \ 64.233.162.176/28 : 64.233.162.224/27 : 64.233.182.167/32 : \ 64.233.184.130/32 : 64.233.184.224/27 : 66.249.82.224/28 : \ 66.249.92.171/32 : 66.249.93.114/32 : 66.249.93.27/32 : \ # Messagelabs: # 134.159.150.64/26 : 193.109.254.0/23 : 194.106.220.0/23 : \ # 195.245.230.0/23 : 203.129.72.208/28 : 203.129.72.240/28 : \ # 203.129.74.224/27 : 203.166.119.128/26 : 212.125.75.0/27 : \ # 216.82.240.0/20 : 62.173.108.16/28 : 62.173.108.208/28 : \ # 62.231.131.0/24 : 64.124.170.128/28 : 85.158.136.0/21 : \ # manchester.worldispnetwork.com (with qmail): 216.218.232.61 : \ # from http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?view=markup , # but 195.238.2.0/15->195.238.2.0/23: 12.5.136.141 : 12.5.136.142/31 : 12.5.136.144 : 12.107.209.244 : \ 63.82.37.110 : 63.169.44.143 : 63.169.44.144 : 64.7.153.18 : \ 64.12.137.0/24 : 64.12.138.0/24 : \ 64.124.204.39 : 64.125.132.254 : 66.100.210.82 : 66.135.209.0/24 : \ 66.135.197.0/24 : 66.162.216.166 : 66.206.22.82/31 : 66.206.22.84/31 : \ 66.27.51.218 : 152.163.225.0/24 : 194.245.101.88 : 195.235.39.19 : \ 195.238.2.0/23 : 204.107.120.10 : 205.188.139.136/31 : 205.188.139.137 : \ 205.188.144.207 : 205.188.144.208 : 205.188.156.66 : 205.188.157.0/24 : \ 205.188.159.7 : 205.206.231.0/24 : 205.211.164.50 : 207.115.63.0/24 : \ 207.171.168.0/24 : 207.171.180.0/24 : 207.171.187.0/24 : 207.171.188.0/24 : \ 207.171.190.0/24 : 209.132.176.174 : 211.29.132.0/24 : 213.136.52.31 : \ 217.158.50.178 pipelining_advertise_hosts = ${if eq{$sender_host_name}{$sender_helo_name}\ {*}{+whitelisted_hosts}} acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_predata = acl_check_predata acl_smtp_mime = acl_check_mime acl_smtp_helo = acl_check_helo acl_smtp_auth = acl_check_auth acl_smtp_mail = acl_check_mail acl_smtp_connect = acl_check_connect acl_smtp_quit = acl_check_quit acl_smtp_notquit = acl_check_notquit acl_not_smtp = acl_check_notsmtp acl_not_smtp_mime = acl_check_notsmtpmime =============== =============== begin acl acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@] : ^.*/\\.\\./ # was ^[./|] : ^.*[@%!] : ^.*/\\.\\./ warn condition = ${if !def:acl_m_pmfirst} local_parts = postmaster : abuse domains = +local_domains set acl_m_pmfirst = 1 warn condition = ${if !def:acl_m_pmfirst} !local_parts = postmaster : abuse domains = +local_domains set acl_m_pmfirst = 0 defer message = letters to postmaster and abuse are accepted separately \ from letters to other addresses local_parts = postmaster : abuse domains = +local_domains !condition = $acl_m_pmfirst defer message = letters to postmaster and abuse are accepted separately \ from letters to other addresses !local_parts = postmaster : abuse domains = +local_domains condition = $acl_m_pmfirst warn set acl_m_greyfile = /var/spool/exim/greylist/${length_255:\ ${sg{$sender_host_address}{\N\.\d+$\N}{}},\ ${sg{$sender_address,$local_part@$domain}{\N[^\w.,=@-]\N}{}}} accept local_parts = postmaster : abuse domains = +local_domains set acl_m_postmaster = $sender_address,$local_part@$domain require verify = sender drop hosts = !@[] : +relay_from_hosts set acl_m_user = $sender_host_address # or username from RADIUS condition = ${if exists{$spool_directory/blocked_relay_users}} set acl_m_wasfree = ${if def:acl_c_blocked{$acl_c_spoolfree}\ {${lookup{$acl_m_user}lsearch\ {$spool_directory/blocked_relay_users}}}} condition = ${if match{$acl_m_wasfree}{\N^\d+$\N}} condition = ${if match{$spool_space}{\N^\d+$\N}} condition = ${if >$spool_directory/blocked_relay_users; \ { echo Subject: relay user $acl_m_user blocked; echo; echo \ because has sent mail to WRONG_RCPT_LIMIT invalid recipients \ during PERIOD.; } | $exim_path -f root WARNTO"}} continue = ${run{SHELL -c "$acl_m_shargs control = freeze/no_tell control = submission/domain= add_header = X-Relayed-From: $acl_m_user accept hosts = +relay_from_hosts control = submission/domain= drop authenticated = * set acl_m_user = ${sg{$authenticated_id}{\N[^\w.=@-]\N}{}} # in case of mailboxes in /var/mail: ${sg{$authenticated_id}{\N\W.*$\N}{}} condition = ${if exists{$spool_directory/blocked_authenticated_users}} set acl_m_wasfree = ${if def:acl_c_blocked{$acl_c_spoolfree}\ {${lookup{$acl_m_user}lsearch\ {$spool_directory/blocked_authenticated_users}}}} condition = ${if match{$acl_m_wasfree}{\N^\d+$\N}} condition = ${if match{$spool_space}{\N^\d+$\N}} condition = ${if >$spool_directory/blocked_authenticated_users; \ { echo Subject: user $acl_m_user blocked; echo; echo because \ has sent mail to WRONG_RCPT_LIMIT invalid recipients during \ PERIOD.; } | $exim_path -f root WARNTO continue = ${run{SHELL -c "$acl_m_shargs"}} control = freeze/no_tell control = submission/domain= add_header = X-Authenticated-As: $acl_m_user accept authenticated = * condition = ${if !={$received_port}{25}} control = submission/domain= deny message = rejected because `HELO $sender_helo_name` means \ impersonation/forgery of one of my domains by a spammer condition = ${if match_domain{$sender_helo_name}{+local_domains}} !hosts = @[] deny message = rejected because HELO is my (recipient server) IP-address \ as some spammers lie instead of sender hostname condition = ${if match{$sender_helo_name}\ {\N^\[?\N$interface_address\N\]?$\N}} !hosts = @[] deny message = `HELO $sender_helo_name` locally blacklisted condition = ${lookup{$sender_helo_name}nwildlsearch\ {/usr/local/etc/exim/blacklist_re_helo}{1}{0}} !hosts = +whitelisted_hosts deny message = sender address domain $sender_address_domain locally \ blacklisted condition = ${lookup{$sender_address_domain}nwildlsearch\ {/usr/local/etc/exim/blacklist_sender_domain}{1}{0}} !hosts = +whitelisted_hosts deny message = sender hostname $sender_host_name locally blacklisted \ because of too much spam from it log_message = sender hostname locally blacklisted condition = ${lookup{$sender_host_name}nwildlsearch\ {/usr/local/etc/exim/blacklist_re_hostname}{1}{0}} !hosts = +whitelisted_hosts deny message = sender IP-address $sender_host_address locally \ blacklisted because of too much spam from it log_message = sender IP locally blacklisted condition = ${lookup{$sender_host_address}iplsearch\ {/usr/local/etc/exim/blacklist_hostaddress}{1}{0}} !hosts = +whitelisted_hosts deny message = google photos abused by spammers sender_domains = photos-server.bounces.google.com require message = relay not permitted domains = +local_domains : +relay_to_domains require verify = recipient accept hosts = +whitelisted_hosts logwrite = $sender_host_address locally whitelisted deny message = rejected because recognized as Russian spam (type 2) condition = ${if eq{${lookup dnsdb\ {defer_never,a=$sender_address_domain}}}\ {195.191.40.160}} accept dnslists = list.dnswl.org!=127.0.0.255 : \ swl.spamhaus.org : \ hostkarma.junkemailfilter.com=127.0.0.1 logwrite = $sender_host_address whitelisted in \ $dnslist_domain=$dnslist_value # http://www.dnswl.org/ , http://spamhauswhitelist.com , # http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists # deny message = rejected because $sender_host_address is in a black list \ # at $dnslist_domain. $dnslist_text # dnslists = smtp.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.5 RIP # # : orvedb.aupads.org # # open relays http://www.aupads.org/ordb.html # # dnsbl.njabl.org=127.0.0.2 # open relays RIP :-( # # list.dsbl.org, dul.ru RIP :-( deny message = I don`t accept mail from China,HongKong,Taiwan, Korea, \ Vietnam because too many admins there do not care \ about outgoing spam. Your \ IP-address seems to belong to: $acl_c_country. dnslists = all.ascc.dnsbl.bit.nl=127.0.0.39,127.0.0.73,127.0.0.156,\ 127.0.0.93,127.0.0.165 # https://noc.bit.nl/dnsbl/ , https://noc.bit.nl/dnsbl/ascc/ # I found country codes in all.ascc.dnsbl.bit.nl using # ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-extended-latest # linked from https://metacpan.org/pod/IP::Country::DB_File::Builder # 3 AD 4 AE 5 AG 6 AL 7 AM 9 AO 11 AR 12 AS 13 AT 14 AU 15 AW # 16 AZ 17 BA 18 BB 19 BD 20 BE 21 BF 22 BG 23 BH 24 BJ 25 BM 26 BN 27 BO 28 BR # 29 BS 30 BT 31 BW 32 BY 33 BZ 34 CA 35 CH 36 CK 37 CL 38 CM 39 CN 40 CO 41 CR # 42 CU 43 CY 44 CZ 45 DE 46 DK 47 DM 48 DO 49 DZ 50 EC 51 EE 52 EG 53 ES 54 ET # 56 FI 57 FJ 58 FM 59 FO 60 FR 61 GA 62 GD 63 GE 64 GH 65 GI 66 GL 67 GM 68 GP # 69 GR 70 GT 71 GU 72 GY 73 HK 74 HN 75 HR 76 HT 77 HU 78 ID 79 IE 80 IL 81 IN # 82 IO 83 IR 84 IS 85 IT 86 JM 87 JO 88 JP 89 KE 90 KG 91 KH 92 KN 93 KR 94 KW # 95 KY 96 KZ 97 LA 98 LB 99 LI 100 LK 101 LS 102 LT 103 LU 104 LV 105 LY # 106 MA 107 MD 108 MK 109 ML 110 MM 111 MN 112 MO 113 MP 114 MT 115 MU 116 MV # 117 MX 118 MY 119 NA 120 NC 121 NG 122 NI 123 NL 124 NO 125 NP 126 NU 127 NZ # 128 PA 129 PE 130 PF 131 PG 132 PK 133 PL 134 PR 135 PS 136 PT 138 PW 139 PY # 140 RO 141 RU 142 SA 143 SD 144 SE 145 SG 146 SI 147 SK 148 SM 149 SV 150 SZ # 151 TC 152 TH 153 TM 154 TR 155 TT 156 TW 157 TZ 158 UA 160 US 161 UY 162 UZ # 163 VE 165 VN 166 VU 167 WS 168 YE 169 ZA 170 ZM 171 ZW 173 BQ 174 CI 175 CW # 176 DJ 177 GB 178 JE 179 ME 180 MW 181 NR 182 OM 183 PH 184 QA 185 RS 186 SX # 188 UG 189 GG 190 SR 191 TD 192 SO 193 GF 194 NF 196 AX 197 TO 198 KP 199 SB # 200 MC 201 TJ 202 TL 203 TN 204 MH 206 SC 207 GN 208 KM 209 RE 210 GQ 211 AF # 212 BI 213 CD 214 CG 215 IM 216 IQ 217 LR 218 MF 219 MG 220 MR 221 MZ 222 NE # 223 PM 224 RW 225 SL 226 SS 227 SY 228 TG 229 VC 230 VG 231 WF 232 VA 233 CF # 234 SN 235 YT 236 ST 237 GW set acl_c_country = ${if match{$dnslist_text}{ CC=(\\S+) }{$1}} # # uncomment if you need mail from China: # message = rejected because $sender_host_address is in a black list \ # at $dnslist_domain. $dnslist_text # dnslists = zen.spamhaus.org : bl.spamcop.net : dnsbl.sorbs.net : \ # hostkarma.junkemailfilter.com=127.0.0.2,127.0.0.4 # deny message = Blocked as Peruvian spam condition = ${if eq{$sender_address_local_part}{no-responder}} set acl_m_partip = ${if match{$sender_host_address}\ {\N^(?:\d+\.){2}([\d.]+)$\N}{$1}} condition = ${if eq{$sender_host_name}\ {a$acl_m_partip.$sender_address_domain}} deny message = rejected because recognized as Russian spam (type 5) condition = ${if match{$message_headers_raw}\ {\N\nContent-Type: multipart/alternative;\n\t\ boundary=(.+\n)+\ Content-Type: multipart/alternative;\Z\N}} # accept condition = ${if def:tls_cipher} # condition = ${if !match{$tls_cipher}{128|168}} # condition = ${if eq{$received_protocol}{esmtps}} # # not smtps accept condition = ${lookup{$sender_host_name}nwildlsearch\ {/usr/local/etc/exim/whitelist_re_hostname}{1}{0}} logwrite = sender hostname $sender_host_name locally whitelisted defer condition = ${if def:acl_c_grey_checked} message = $acl_c_grey_checked condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} defer log_message = greylisted because of HELO $sender_helo_name condition = ${if or{\ {!match{$sender_helo_name}{\\.}}\ {match{$sender_helo_name}\ {\N^(\[?(\d{1,3}\.){3}\d{1,3}\]?|\.*[-0-_]+\.*)$\N}}\ }} set acl_c_grey_checked = deferred/greylisted because \ HELO `$sender_helo_name` is not a domain name message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} # 1 - defer, 0 - allow condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} logwrite = passed greylisting helo \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting helo defer log_message = greylisted because of protocol smtp condition = ${if eq{$received_protocol}{smtp}} # smtp (HELO), not esmtp (EHLO) condition = ${if def:sender_address} # not a verify/callout from another Exim condition = ${if !match{$sender_address}{verif|callout|postmaster}} set acl_c_grey_checked = deferred/greylisted. protocol SMTP message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting smtp logwrite = passed greylisting smtp \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} defer log_message = greylisted because $sender_host_name looks dynamic condition = ${if match{$sender_host_name}\ {\N(\d{1,3}[-.]){3}\d\N}} condition = ${if !match{$sender_host_name}{sta}} set acl_c_grey_checked = deferred/greylisted because sender hostname \ $sender_host_name looks like dynamic message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting dyn logwrite = passed greylisting dyn \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} defer log_message = greylisted because `HELO $sender_helo_name` looks \ dynamic condition = ${if match{$sender_helo_name}\ {\N(\d{1,3}[-.]){3}\d\N}} condition = ${if !match{$sender_helo_name}{sta}} set acl_c_grey_checked = deferred/greylisted because \ `HELO $sender_helo_name` looks like dynamic message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting helo dyn logwrite = passed greylisting helo dyn \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} defer log_message = greylisted because no hostname condition = ${if eq{$sender_host_name}{}} set acl_c_grey_checked = deferred/greylisted because \ $sender_host_address doesn't resolve to hostname or the \ hostname doesn't resolve back to $sender_host_address message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting \ no hostname logwrite = passed greylisting no hostname \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} deny set acl_m_spf = ${lookup dnsdb{defer_never,txt=$sender_address_domain}} message = SPF record for $sender_address_domain explicitly states \ that this domain should never send mail condition = ${if eq{$acl_m_spf}{v=spf1 -all}} deny message = SPF record for $sender_address_domain lists too many \ IP-addresses, perhaps the whole world - that`s cheating condition = ${if match{$acl_m_spf}\ {\N(?m)^v=spf((.+?/\d\s){2}|.+/[1-6]\s)\N}} accept !dnslists = hostkarma.junkemailfilter.com=127.0.0.2 : \ # http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \ RIP # socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3 : \ # open HTTP,SOCKS proxies # dnsbl.njabl.org=127.0.0.9 # open proxies RIP cbl.abuseat.org # uncomment next line and comment out the cbl line if you need mail from China: # zen.spamhaus.org=127.0.0.2 defer log_message = greylisted because in $dnslist_domain: $dnslist_text set acl_c_grey_checked = deferred/greylisted because \ $sender_host_address is in a black list at \ $dnslist_domain. $dnslist_text message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept logwrite = passed greylisting $dnslist_domain \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting \ $dnslist_domain acl_check_predata: #(Exim4.71+) require control = dkim_disable_verify deny message = too many invalid recipients condition = ${if >{$rcpt_fail_count}{2}} accept hosts = +relay_from_hosts accept authenticated = * accept condition = ${if !def:acl_m_postmaster} defer condition = ${if def:acl_c_grey_checked} message = $acl_c_grey_checked condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} defer log_message = postmaster greylisted set acl_c_grey_checked = All mail to postmaster is \ deferred/greylisted here for 3 min because \ of too much spam and no other checks. message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting \ postmaster logwrite = passed greylisting postmaster \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} acl_check_mime: accept condition = ${if def:header_List-ID:} accept condition = ${lookup{$sender_address_domain}nwildlsearch\ {/usr/local/etc/exim/mailing_list_domains}{1}{0}} deny condition = ${if eq{$mime_content_type}{text/plain}} !hosts = +whitelisted_hosts !sender_domains = returns.groups.yahoo.com : groups.io !authenticated = * condition = ${if !def:header_List-ID:} set acl_m_fakedom = ${if match{$message_headers_raw}{\N\nReceived: \ .*?(?:\n\s.*?)*?\ (?:helo=|HELO |EHLO |from )([a-z]{4,6}\.(?:com|net|org))\ .*?(?:\n\s.*?)*?\ (?i)(?:smtpsa|bizsmtp|ASMTP \(SSL)\ .*?(?:\n\s.*?)*?\ \n[^R\s]\N}{$1}} condition = ${if def:acl_m_fakedom} mime_regex = https?.// !mime_regex = (?s)https?.//.+https?.// condition = ${if eq{}{${lookup dnsdb{defer_never,a=$acl_m_fakedom}}}} condition = ${if eq{}{${lookup dnsdb{defer_never,mxh=$acl_m_fakedom}}}} message = trojan link suspected: \ ${if match{$message_body}{\N(https?://[^>\s]+)\N}{$1}} \ rcpthelo=$acl_m_fakedom recipients=$recipients deny message = rejected because recognized as spam via a relay \ authenticated with a stolen password condition = ${if eq{$mime_content_type}{text/plain}} condition = ${if !def:header_List-ID:} condition = ${lookup{$sender_address_domain}nwildlsearch\ {/usr/local/etc/exim/mailing_list_domains}{0}{1}} !mime_regex = (?s)https?.//.+https?.// mime_regex = \Nhttp.//([^/]+)(/[^>\s]+) condition = ${if or{\ {>{${listcount:${addresses:$rheader_To:}}}{1}}\ {match{$regex2}{\N(^/|\?)[a-fA-F\d]{4}$\N}}\ }} # $regex requires Exim 4.87+ condition = ${lookup dnsdb{defer_never,a=$regex1}{1}{0}} set acl_m_red = ${if match{${readsocket{inet:$regex1:80}\ {HEAD $regex2 HTTP/1.0\r\nHost: $regex1\r\n\r\n}\ {4s}{%~}{socket failure}}}\ # Exim 4.90+: {4s:shutdown=no} {\N(?i)\AHTTP/... 3.+%~Location: (?:https?://)?(.*?)\s*%~\N}{$1}} logwrite = :reject: $regex1$regex2 redirect to $acl_m_red set acl_m_domred = ${sg{$acl_m_red}{/.*}{}} condition = ${if or{\ {and{\ {eq{$acl_m_red}{$regex2}}\ {match{$regex2}{\N(^/|\?)[a-fA-F\d]{4}$\N}}\ }}\ {bool{${lookup{$acl_m_domred}nwildlsearch\ {/usr/local/etc/exim/redirect_domains}{1}{0}}}}\ }} deny message = rejected because recognized as spam via a relay \ authenticated with a stolen password condition = ${if def:acl_m_domred} condition = ${if >{${listcount:${addresses:$rheader_To:}}}{1}} set acl_m_uri = ${sg{$acl_m_red}{^[^/]+/?}{/}} condition = ${lookup dnsdb{defer_never,a=$acl_m_domred}{1}{0}} set acl_m_red = ${if match{${readsocket{inet:$acl_m_domred:80}\ {HEAD $acl_m_uri HTTP/1.0\r\nHost: $acl_m_domred\r\n\r\n}\ {4s}{%~}{socket failure}}}\ # Exim 4.90+: {4s:shutdown=no} {\N\AHTTP/... 3.+%~Location: https?://(.*?)\s*%~\N}{$1}} logwrite = :reject: $acl_m_domred$acl_m_uri second redirect to $acl_m_red set acl_m_domred = ${sg{$acl_m_red}{/.*}{}} condition = ${lookup{$acl_m_domred}nwildlsearch\ {/usr/local/etc/exim/redirect_domains}{1}{0}} deny message = BINFORBIDDEN log_message = forbidden attachment: filename=$mime_filename, \ content-type=$mime_content_type, recipients=$recipients condition = ${if or{\ {match{$mime_content_type}\ {(?i)executable|application/x-ace-compressed}}\ {match{$mime_filename}{\N(?i)\.(WINBIN)(\.(COMPREXT))*$\N}}\ }} deny message = Compressed BINFORBIDDEN condition = ${if or{\ {match{$mime_content_type}{(?i)application/\ (octet-stream|x(-zip)?-compressed|zip)}}\ {match{$mime_filename}{\N(?i)\.(COMPREXT)$\N}}\ }} condition = ${if ]+_GB2312> deny message = Blocked as Korean spam (type 2) condition = ${if eq{$mime_content_type}{text/html}} mime_regex = \N\A\