Linux gator3097.hostgator.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
Apache
Server IP : 192.185.227.195 & Your IP : 216.73.216.0
Domains :
Cant Read [ /etc/named.conf ]
User : mave78
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Lock Shell
Lock File++
Readme
/
etc /
Delete
Unzip
Name
Size
Permission
Date
Action
ImageMagick-6
[ DIR ]
drwxr-xr-x
2025-08-06 08:06
NetworkManager
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
X11
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
acpi
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
alloy
[ DIR ]
drwxrwx---
2026-02-03 12:07
alternatives
[ DIR ]
drwxr-xr-x
2026-03-05 01:47
apache2
[ DIR ]
drwxr-xr-x
2026-02-10 17:23
audisp
[ DIR ]
drwxr-x---
2025-08-06 09:13
audit
[ DIR ]
drwxr-x---
2025-08-06 07:52
auto.master.d
[ DIR ]
drwxr-xr-x
2023-03-07 14:49
bash_completion.d
[ DIR ]
drwxr-xr-x
2026-03-13 02:07
binfmt.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:02
chkconfig.d
[ DIR ]
drwxr-xr-x
2020-10-13 15:46
chkserv.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:04
clamd.d
[ DIR ]
drwxr-xr-x
2026-02-06 21:58
collectd.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
collector
[ DIR ]
drwxr-xr-x
2025-08-06 08:05
conntrackd
[ DIR ]
drwxr-xr-x
2025-08-06 08:02
container
[ DIR ]
drwxr-xr-x
2025-08-06 08:13
cpanel
[ DIR ]
drwx--x--x
2026-03-14 05:27
cron.d
[ DIR ]
drwxr-xr-x
2026-03-01 18:46
cron.daily
[ DIR ]
drwxr-xr-x
2025-11-27 15:07
cron.hourly
[ DIR ]
drwxr-xr-x
2026-03-13 02:07
cron.monthly
[ DIR ]
drwxr-xr-x
2014-06-09 22:14
cron.weekly
[ DIR ]
drwxr-xr-x
2014-06-09 22:14
datacycle
[ DIR ]
drwxr-xr-x
2025-08-06 08:07
dbus-1
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
dconf
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
default
[ DIR ]
drwxr-xr-x
2025-11-13 21:07
depmod.d
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
dhcp
[ DIR ]
drwxr-x---
2025-08-06 07:49
dovecot
[ DIR ]
drwxr-xr-x
2026-03-14 11:51
dpkg
[ DIR ]
drwxr-xr-x
2025-08-06 07:58
dracut.conf.d
[ DIR ]
drwxr-xr-x
2020-09-30 15:57
egl
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
exports.d
[ DIR ]
drwxr-xr-x
2021-10-14 12:29
firewall
[ DIR ]
drwxr-xr-x
2016-01-28 04:33
firewalld
[ DIR ]
drwxr-x---
2025-08-06 08:01
fonts
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
gconf
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
gcrypt
[ DIR ]
drwxr-xr-x
2017-08-02 15:54
ghostscript
[ DIR ]
drwxr-xr-x
2020-09-30 16:20
glvnd
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
gnupg
[ DIR ]
drwxr-xr-x
2018-07-13 13:05
groff
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
grub.d
[ DIR ]
drwx------
2025-08-06 07:49
gss
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
gssproxy
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
gt
[ DIR ]
drwxr-xr-x
2026-01-15 16:15
httpd
[ DIR ]
drwxr-xr-x
2025-08-06 08:14
incron.d
[ DIR ]
drwxr-xr-x
2019-03-18 17:56
init.d
[ DIR ]
drwxr-xr-x
2026-01-11 21:07
ipmi
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
iproute2
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
kernel
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
krb5.conf.d
[ DIR ]
drwxr-xr-x
2022-11-30 19:01
ld.so.conf.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:10
libnl
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
libpaper.d
[ DIR ]
drwxr-xr-x
2020-09-30 16:48
lldpd.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:05
logrotate.d
[ DIR ]
drwxr-xr-x
2026-03-12 20:50
mail
[ DIR ]
drwxr-xr-x
2025-08-06 07:55
mercurial
[ DIR ]
drwxr-xr-x
2025-08-06 08:02
modprobe.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:05
modules-load.d
[ DIR ]
drwxr-xr-x
2023-12-07 14:51
monit.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:08
my.cnf.d
[ DIR ]
drwxr-xr-x
2018-09-18 03:15
named
[ DIR ]
drwxr-x---
2016-11-02 15:53
ntp
[ DIR ]
drwxr-xr-x
2025-08-06 08:05
nxlog.d
[ DIR ]
drwxr-xr-x
2025-08-12 06:39
openldap
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
opt
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
osquery
[ DIR ]
drwxr-xr-x
2025-12-18 00:33
pam.d
[ DIR ]
drwxr-xr-x
2026-02-24 06:25
percona-server.conf.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:02
pkcs11
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
pki
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
plymouth
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
pm
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
polkit-1
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
popt.d
[ DIR ]
drwxr-xr-x
2014-06-10 04:03
portreserve
[ DIR ]
drwxr-xr-x
2025-08-06 08:07
ppp
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
prelink.conf.d
[ DIR ]
drwxr-xr-x
2023-10-18 13:13
profile.d
[ DIR ]
drwxr-xr-x
2026-02-24 06:26
proftpd
[ DIR ]
drwxr-x--x
2026-03-14 23:41
proxy_conf
[ DIR ]
d-wx-wx-wx
2026-03-14 18:49
proxy_notify
[ DIR ]
drwx-wx-wx
2026-03-15 01:45
puppet
[ DIR ]
drwx------
2025-08-06 08:01
pure-ftpd
[ DIR ]
drwx--x--x
2025-08-23 08:31
python
[ DIR ]
drwxr-xr-x
2025-08-06 07:48
qemu-ga
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
rbld.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:08
rc.d
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
rc0.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:08
rc1.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:08
rc2.d
[ DIR ]
drwxr-xr-x
2026-03-05 01:47
rc3.d
[ DIR ]
drwxr-xr-x
2026-03-05 01:47
rc4.d
[ DIR ]
drwxr-xr-x
2026-03-05 01:47
rc5.d
[ DIR ]
drwxr-xr-x
2026-03-05 01:47
rc6.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:08
request-key.d
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
rpm
[ DIR ]
drwxr-xr-x
2026-02-10 17:23
rsyslog.d
[ DIR ]
drwxr-xr-x
2025-12-10 06:26
rwtab.d
[ DIR ]
drwxr-xr-x
2025-08-06 07:54
sasl2
[ DIR ]
drwxr-xr-x
2025-08-06 07:53
scl
[ DIR ]
drwxr-xr-x
2025-08-06 07:55
security
[ DIR ]
drwxr-xr-x
2025-08-06 08:04
selinux
[ DIR ]
drwxr-xr-x
2026-02-24 06:25
sgml
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
skel
[ DIR ]
drwxr-xr-x
2025-08-06 08:02
skipresbackup
[ DIR ]
drwxrwx---
2026-03-15 01:45
smartmontools
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
snapi
[ DIR ]
drwx------
2025-08-06 08:05
snmp
[ DIR ]
drwxr-xr-x
2025-08-12 06:39
ssh
[ DIR ]
drwxr-xr-x
2026-03-14 05:29
sshd_client
[ DIR ]
drwx------
2025-08-06 08:07
ssl
[ DIR ]
drwxr-xr-x
2025-07-20 05:25
statetab.d
[ DIR ]
drwxr-xr-x
2020-11-16 16:20
subversion
[ DIR ]
drwxr-xr-x
2020-09-30 17:47
sudoers.d
[ DIR ]
drwxr-x---
2025-08-06 08:06
sw-engine
[ DIR ]
drwxr-xr-x
2025-09-03 05:25
sysconfig
[ DIR ]
drwxr-xr-x
2026-03-06 13:54
sysctl.d
[ DIR ]
drwxr-xr-x
2025-08-06 08:21
systemd
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
terminfo
[ DIR ]
drwxr-xr-x
2017-09-06 22:08
tmpfiles.d
[ DIR ]
drwxr-xr-x
2025-10-15 05:25
tuned
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
udev
[ DIR ]
drwxr-xr-x
2026-02-06 21:56
valiases
[ DIR ]
drwxr-x--x
2026-03-11 06:39
vdomainaliases
[ DIR ]
drwxr-x--x
2026-03-11 06:39
vfilters
[ DIR ]
drwxr-x--x
2026-03-11 06:39
vftp
[ DIR ]
drwxr-x--x
2026-03-14 23:41
wpa_supplicant
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
xdg
[ DIR ]
drwxr-xr-x
2025-08-06 07:49
xinetd.d
[ DIR ]
drwxr-xr-x
2018-04-11 04:59
xml
[ DIR ]
drwxr-xr-x
2025-08-06 08:01
yum
[ DIR ]
drwxr-xr-x
2025-08-06 08:05
yum.repos.d
[ DIR ]
drwxr-xr-x
2026-03-14 05:27
.pwd.lock
0
B
-rw-------
2025-08-06 07:49
.updated
163
B
-rw-r--r--
2025-08-12 06:41
.whostmgrft
0
B
-rw-r--r--
2025-08-06 07:57
DIR_COLORS
4.97
KB
-rw-r--r--
2020-11-16 14:40
DIR_COLORS.256color
5.59
KB
-rw-r--r--
2020-11-16 14:40
DIR_COLORS.lightbgcolor
4.56
KB
-rw-r--r--
2020-11-16 14:40
GREP_COLORS
94
B
-rw-r--r--
2017-03-24 16:39
GeoIP.conf
1.66
KB
-rw-r--r--
2023-06-12 14:00
adjtime
16
B
-rw-r--r--
2025-08-06 07:51
aliases
1.49
KB
-rw-r--r--
2020-04-01 04:29
aliases.db
12
KB
-rw-r--r--
2025-08-06 07:52
anacrontab
541
B
-rw-------
2018-05-24 18:56
antivirus.exim
6.55
KB
-rw-r--r--
2026-01-07 06:28
asound.conf
55
B
-rw-r--r--
2019-08-08 11:47
at.deny
1
B
-rw-r--r--
2022-05-18 15:54
auto.backups
652
B
-rw-r--r--
2025-08-12 06:58
auto.master
33
B
-rw-r-----
2025-08-06 08:04
auto.master.rpmnew
795
B
-rw-r--r--
2023-03-07 14:49
auto.misc
524
B
-rw-r--r--
2023-03-07 14:49
auto.net
1.23
KB
-rwxr-xr-x
2023-03-07 14:49
auto.smb
687
B
-rwxr-xr-x
2023-03-07 14:49
autofs.conf
15.47
KB
-rw-r-----
2025-08-06 08:07
autofs.conf.rpmnew
14.78
KB
-rw-r--r--
2023-03-07 14:49
autofs_ldap_auth.conf
232
B
-rw-------
2023-03-07 14:49
backupmxhosts
0
B
-rw-r-----
2025-08-06 07:55
banneddomains
4.3
KB
-rw-r--r--
2025-08-06 08:05
bashrc
1.92
KB
-rw-rw-r--
2026-02-24 06:30
blocked_incoming_email_countries
0
B
-rw-r-----
2025-08-06 07:55
blocked_incoming_email_country_ips
0
B
-rw-r-----
2025-08-06 07:55
blocked_incoming_email_domains
0
B
-rw-r-----
2025-08-06 07:55
blockeddomains
8.46
KB
-rw-r--r--
2025-08-06 08:06
blockedemails
322
B
-rw-r--r--
2025-08-06 08:08
centos-release
37
B
-rw-r--r--
2024-05-21 14:48
centos-release-upstream
51
B
-rw-r--r--
2024-05-21 14:48
cgconfig.conf
2.29
KB
-rw-r-----
2025-08-06 08:21
checkyumdisable
0
B
-rw-r--r--
2025-08-06 08:07
clamddisable
0
B
-rw-r--r--
2025-08-06 08:05
collectd.conf
7.49
KB
-rw-------
2026-01-07 00:07
cpanel_exim_system_filter
11.86
KB
-rw-r--r--
2025-08-06 08:03
cpanel_mail_netblocks
15
B
-rw-r-----
2026-02-24 06:30
cpanel_php_fpmdisable
0
B
-rw-r--r--
2025-08-06 08:05
cpanelsync.exclude
1.12
KB
-rw-r--r--
2025-08-06 08:04
cpbackup-exclude.conf
138
B
-rw-r--r--
2025-08-06 08:05
cpbackup.conf
406
B
-rw-r--r--
2026-03-13 03:39
cpbackup.conf.cache
503
B
-rw-r--r--
2026-03-13 04:01
cpsources.conf
34
B
-rw-r--r--
2025-08-06 07:53
cpsources.conf.plugins.example
2.78
KB
-rw-r--r--
2026-03-03 18:34
cpspamd.conf
45
B
-rw-r--r--
2025-08-06 08:05
cpupdate.conf
88
B
-rw-r--r--
2026-02-27 00:07
cron.deny
7
B
-rw-------
2025-08-06 07:55
crontab
451
B
-rw-r--r--
2014-06-09 22:14
crypttab
0
B
-rw-------
2025-08-06 07:48
csh.cshrc
1.58
KB
-rw-r--r--
2020-04-01 04:29
csh.login
1.08
KB
-rw-r--r--
2020-04-01 04:29
dbowners
7.46
KB
-rw-r-----
2026-03-14 05:36
demodomains
0
B
-rw-r-----
2026-03-14 05:36
demouids
0
B
-rw-r-----
2026-03-14 05:36
demousers
0
B
-rw-r-----
2026-03-14 05:36
digestshadow
0
B
-rw-r-----
2025-08-06 07:57
domain_remote_mx_ips.cdb
48.94
KB
-rw-r-----
2026-03-05 10:45
domainips
277
B
-rw-r--r--
2026-03-11 06:38
domainusers
11.31
KB
-rw-r-----
2026-03-14 05:36
dracut.conf
1.25
KB
-rw-r--r--
2020-09-30 15:57
e2fsck.conf
112
B
-rw-r--r--
2020-09-30 13:21
eig_exim_system_filter
5.56
KB
-rw-r--r--
2025-08-06 08:05
elinks.conf
1.07
KB
-rw-r--r--
2019-01-10 17:00
email_send_limits
85.03
KB
-rw-r-----
2026-03-14 05:36
environment
0
B
-rw-r--r--
2020-04-01 04:29
ethertypes
1.29
KB
-rw-r--r--
2018-04-11 02:44
exim.conf
86.56
KB
-rw-r--r--
2026-02-24 06:30
exim.conf.dist
25.79
KB
-rw-r--r--
2025-12-23 17:28
exim.conf.local
4.79
KB
-rw-r--r--
2025-08-06 08:08
exim.conf.localopts
1.33
KB
-rw-r--r--
2026-02-24 06:30
exim.conf.localopts.shadow
0
B
-rw-------
2025-08-06 07:55
exim.conf.mailman2.dist
29.03
KB
-rw-r--r--
2025-12-23 17:28
exim.conf.mailman2.exiscan.dist
29.2
KB
-rw-r--r--
2025-12-23 17:28
exim.crt
6.74
KB
-rw-rw----
2025-08-20 17:07
exim.key
1.66
KB
-rw-rw----
2025-08-20 17:07
exim.pl
231
B
-rw-r--r--
2025-12-23 17:28
exim.pl.local
179.71
KB
-rw-r--r--
2026-02-24 06:30
exim_excludereceiver_mailchannels
0
B
-rw-r--r--
2025-08-06 08:05
exim_excludesender_mailchannels
0
B
-rw-r--r--
2025-08-06 08:05
exim_suspended_list
715
B
-rw-r-----
2025-08-06 07:55
exim_trusted_configs
24
B
-rw-r--r--
2025-08-06 07:55
eximmailtrap
0
B
-rw-r--r--
2025-08-06 07:55
eximrejecthelo
37
B
-rw-r--r--
2025-08-06 08:06
eximrejects
225
B
-rw-r--r--
2026-02-24 06:30
eximrejects.rpmorig
367
B
-rw-r--r--
2025-08-06 07:55
exports
0
B
-rw-r--r--
2013-06-07 14:31
favicon.png
1.05
KB
-rw-r--r--
2014-03-08 05:48
filesystems
70
B
-rw-r--r--
2020-04-01 04:29
freshclam.conf
8.77
KB
-rw-r-----
2025-08-06 08:08
fstab
1.61
KB
-rw-r--r--
2025-08-12 06:58
ftpd-ca.pem
0
B
-rw-rw----
2018-10-16 05:27
ftpd-rsa-key.pem
1.64
KB
-rw-rw----
2018-10-16 18:51
ftpd-rsa.pem
8.41
KB
-rw-rw----
2025-08-20 17:07
grafana-agent.yaml
12.83
KB
-rw-r-----
2025-08-06 16:37
greylist_common_mail_providers
0
B
-rw-r--r--
2026-02-24 06:30
greylist_trusted_netblocks
0
B
-rw-r-----
2026-02-24 06:30
group
8.95
KB
-rw-r--r--
2026-03-13 11:24
group-
8.96
KB
-rw-r--r--
2026-02-26 10:07
gshadow
8.42
KB
-rw-------
2026-02-18 10:47
gshadow-
8.5
KB
-rw-------
2026-01-23 15:07
hiera.yaml
314
B
-rw-r--r--
2014-06-06 17:54
host.conf
9
B
-rw-r--r--
2013-06-07 14:31
hostname
24
B
-rw-r--r--
2024-10-22 07:57
hosts
1.65
KB
-rw-r--r--
2026-03-14 05:27
hosts.1754467454
616
B
-rw-r--r--
2025-08-06 08:04
hosts.1754467746
1.45
KB
-rw-r--r--
2025-08-06 08:08
hosts.allow
370
B
-rw-r--r--
2013-06-07 14:31
hosts.deny
460
B
-rw-r--r--
2013-06-07 14:31
idmapd.conf
4.74
KB
-rw-r--r--
2018-04-11 04:07
incron.conf
1.69
KB
-rw-r--r--
2015-02-09 09:03
inittab
511
B
-rw-r--r--
2020-11-16 16:20
inputrc
942
B
-rw-r--r--
2013-06-07 14:31
inrbld
200
B
-rw-rw----
2026-02-06 21:57
ipaddrpool
29
B
-rw-r--r--
2026-03-15 01:33
ips
558
B
-rw-r--r--
2026-02-06 21:57
ips.remotedns
28
B
-rw-r--r--
2026-02-19 01:54
issue
23
B
-rw-r--r--
2024-05-21 14:48
issue.net
22
B
-rw-r--r--
2024-05-21 14:48
jwhois.conf
72.81
KB
-rw-r--r--
2019-09-18 07:26
kdump.conf
7.1
KB
-rw-r--r--
2025-08-06 07:49
kill_dbwhitelist
2.36
KB
-rw-r--r--
2026-03-15 01:45
kill_whitelist
2.58
KB
-rw-rw----
2026-03-15 01:45
killwhitelist
0
B
-rw-r--r--
2025-12-12 20:36
krb5.conf
646
B
-rw-r--r--
2022-01-13 17:58
kshrc
1.1
KB
-rw-r--r--
2022-08-10 17:53
ld.so.cache
53.29
KB
-rw-r--r--
2026-02-26 21:53
ld.so.conf
28
B
-rw-r--r--
2013-02-27 20:29
lftp.conf
3.49
KB
-rw-r--r--
2025-08-06 08:04
libaudit.conf
191
B
-rw-r-----
2019-03-01 21:11
libuser.conf
2.33
KB
-rw-r--r--
2013-10-12 21:56
localaliases
0
B
-rw-r--r--
2025-12-23 17:28
localdomains
79.96
KB
-rw-r-----
2026-03-11 06:39
localdomains.rpmnew
0
B
-rw-r--r--
1998-01-01 16:10
locale.conf
19
B
-rw-r--r--
2025-08-06 07:51
localtime
3.49
KB
-rw-r--r--
2024-02-14 15:04
lock_manager_local.ini
829
B
-rw-r--r--
1990-01-01 12:00
login.defs
1.94
KB
-rw-r--r--
2025-08-12 06:35
logrotate.conf
663
B
-rw-r--r--
2025-08-06 08:04
lynx-site.cfg
66
B
-rw-r--r--
2014-06-10 04:27
lynx.cfg
152.6
KB
-rw-r--r--
2014-06-10 04:27
lynx.lss
3.5
KB
-rw-r--r--
2014-06-10 04:27
machine-id
33
B
-r--r--r--
2025-08-06 07:49
magic
111
B
-rw-r--r--
2020-09-30 16:07
mail.rc
1.92
KB
-rw-r--r--
2018-04-11 07:07
mailbox_formats
7.17
KB
-rw-r-----
2026-03-14 05:36
mailcap
272
B
-rw-r--r--
2013-05-14 20:23
mailhelo
0
B
-rw-r-----
2026-03-14 05:36
mailips
0
B
-rw-r-----
2026-03-14 05:36
makedumpfile.conf.sample
5
KB
-rw-r--r--
2021-06-09 16:09
man_db.conf
5.05
KB
-rw-r--r--
2018-10-30 20:26
manualmx
1
B
-rw-r-----
2026-03-11 06:39
mime.types
50.57
KB
-rw-r--r--
2013-05-14 20:23
mke2fs.conf
1.08
KB
-rw-r--r--
2020-09-30 15:58
monarx-agent.conf
266
B
-rw-------
2026-03-05 20:36
monitrc
12.8
KB
-rw-------
2025-08-06 08:07
motd
0
B
-rw-r--r--
2013-06-07 14:31
mtab
0
B
-r--r--r--
2026-03-15 01:45
my.cnf
1.4
KB
-rw-r--r--
2026-02-26 22:11
my.cnf.rpmsave
1.06
KB
-rw-r--r--
2025-08-06 07:56
named.conf
343.41
KB
-rw-r-----
2026-03-11 06:38
named.conf.cache
43.55
KB
-rw-------
2026-03-11 06:38
named.conf.precpanelinstall
1.39
KB
-rw-r--r--
2025-08-06 07:55
named.conf.prerebuilddnsconfig
3.43
KB
-rw-r--r--
2025-08-06 07:55
named.conf.rebuilddnsconfig
3.43
KB
-rw-r--r--
2025-08-06 07:55
named.conf.zonedir.cache
57
B
-rw-------
2026-03-11 06:38
named.iscdlv.key
3.83
KB
-rw-r--r--
2024-06-11 14:41
named.rfc1912.zones
931
B
-rw-r-----
2007-06-21 10:09
named.root.key
1.84
KB
-rw-r--r--
2017-04-13 14:17
nanorc
8.68
KB
-rw-r--r--
2014-06-10 04:47
neighbor_netblocks
60
B
-rw-r-----
2026-03-14 05:25
netconfig
767
B
-rw-r--r--
2019-08-09 00:35
networks
58
B
-rw-r--r--
2020-11-16 16:20
nfs.conf
1023
B
-rw-r--r--
2021-10-14 12:29
nfsmount.conf
3.31
KB
-rw-r--r--
2021-10-14 12:29
nocgiusers
0
B
-rw-r-----
2026-03-14 05:36
nscd.conf
1.72
KB
-rw-r--r--
2025-08-06 08:05
nsswitch.conf
1.9
KB
-rw-r--r--
2025-08-06 07:49
nsswitch.conf.bak
1.89
KB
-rw-r--r--
2024-06-04 14:41
ntp.conf
468
B
-rw-r-----
2025-08-06 08:05
ntp.conf.rpmnew
1.95
KB
-rw-r--r--
2019-11-27 16:47
nxlog.conf
1.44
KB
-rw-r-----
2025-08-06 08:08
odbcinst.ini
469
B
-rw-r--r--
2025-08-06 08:05
os-release
393
B
-rw-r--r--
2024-05-21 14:48
outgoing_mail_hold_users
26
B
-rw-r-----
2025-09-30 20:56
outgoing_mail_suspended_users
348
B
-rw-r-----
2026-03-13 11:24
p0fdisable
0
B
-rw-r--r--
2025-08-06 08:04
papersize
68
B
-rw-r--r--
2020-09-30 16:48
passwd
32.22
KB
-rw-r--r--
2026-03-13 11:24
passwd-
32.55
KB
-rw-r--r--
2026-01-23 11:29
passwd.cache
179.48
KB
-rw-------
2026-03-13 11:25
passwd.nouids.cache
90.57
KB
-rw-------
2026-03-14 05:26
percona-server.cnf
354
B
-rw-r--r--
2018-09-18 03:15
phishing.txt
946
B
-rw-r--r--
2025-08-06 08:05
php_selector.conf
2
B
-rw-r--r--
2025-08-06 08:04
popbeforesmtp
0
B
-rw-r--r--
2025-08-06 08:14
printcap
233
B
-rw-r--r--
2013-06-07 14:31
profile
1.76
KB
-rw-r--r--
2026-02-24 06:30
protocols
6.39
KB
-rw-r--r--
2020-04-01 04:29
pure-ftpd.conf
10.86
KB
-rw-------
2026-02-24 06:26
pure-ftpd.pem
8.41
KB
-rw-rw----
2025-08-20 17:07
rarfiles.lst
1.13
KB
-rw-r--r--
2016-08-03 19:33
rbld.conf
422
B
-rw-r--r--
2025-08-06 08:06
rc.local
473
B
-rw-r--r--
2023-12-07 14:51
recent_authed_mail_ips
4.54
KB
-rw-r--r--
2026-03-15 01:45
recent_authed_mail_ips_users
25.35
KB
-rw-r--r--
2026-03-15 01:45
recent_recipient_mail_server_ips
1.02
KB
-rw-r-----
2026-03-15 01:44
redhat-release
37
B
-rw-r--r--
2024-05-21 14:48
relayhosts
4.54
KB
-rw-r--r--
2026-03-15 01:45
relayhostsusers
25.35
KB
-rw-r--r--
2026-03-15 01:45
remotedomains
1.88
KB
-rw-r--r--
2026-02-27 17:42
request-key.conf
1.75
KB
-rw-r--r--
2014-06-10 02:17
reservedipreasons
276
B
-rw-r--r--
2026-03-15 01:33
reservedipreasons,v
469
B
-r--r--r--
2026-03-15 01:33
reservedips
133
B
-rw-r--r--
2026-03-15 01:33
reservedips,v
326
B
-r--r--r--
2026-03-15 01:33
resolv.conf
163
B
-rw-r--r--
2025-08-12 06:39
resolv.conf.save
51
B
-rw-r--r--
2025-08-06 08:19
rndc.key
77
B
-rw-------
2013-06-05 06:24
rpc
1.6
KB
-rw-r--r--
2012-12-25 03:02
rsyncd.conf
458
B
-rw-r--r--
2022-12-15 16:21
rsyslog.conf
3.17
KB
-rw-r-----
2025-08-06 08:05
rwtab
1008
B
-rw-r--r--
2020-11-16 16:20
screenrc
6.56
KB
-rw-r--r--
2021-03-09 15:26
secondarymx
0
B
-rw-r-----
2024-09-04 13:15
securetty
221
B
-rw-------
2020-04-01 04:29
senderverifybypasshosts
0
B
-rw-r-----
2025-08-06 07:55
services
654.58
KB
-rw-r--r--
2013-06-07 14:31
sestatus.conf
216
B
-rw-r--r--
2020-04-01 04:04
shadow
27.29
KB
-rw-------
2026-03-13 11:24
shadow-
27.7
KB
-rw-------
2026-01-23 11:29
shadow.nouids.cache
104.25
KB
-rw-------
2026-03-13 11:24
shells
147
B
-rw-r--r--
2026-03-14 05:26
skipsmtpcheckhosts
0
B
-rw-r-----
2025-08-06 07:55
spammeripblocks
0
B
-rw-r-----
2025-08-06 07:55
spammers
0
B
-rw-r--r--
2025-12-23 17:28
spfdomains
9
B
-rw-r--r--
2025-08-06 08:05
ssldomains
0
B
-rw-------
2025-08-06 07:57
statetab
212
B
-rw-r--r--
2020-11-16 16:20
stats.conf
89
B
-rw-r--r--
2025-08-06 08:07
subgid
0
B
-rw-r--r--
2020-04-01 04:29
subuid
0
B
-rw-r--r--
2020-04-01 04:29
sudo-ldap.conf
3.11
KB
-rw-r-----
2022-01-07 16:57
sudo.conf
1.74
KB
-rw-r-----
2022-01-07 16:57
sudoers
4.23
KB
-r--r-----
2022-01-07 16:57
sys-snap.conf
66
B
-rw-------
2025-08-06 08:09
sys-snap.conf.rpmorig
66
B
-rw-------
2025-08-06 08:04
sysctl.conf
1.9
KB
-rw-------
2025-08-06 08:22
system-release
37
B
-rw-r--r--
2024-05-21 14:48
system-release-cpe
23
B
-rw-r--r--
2024-05-21 14:48
tcsd.conf
6.88
KB
-rw-------
2017-08-03 17:16
trueuserdomains
11.31
KB
-rw-r-----
2026-03-14 05:36
trueuserowners
5.95
KB
-rw-r--r--
2026-03-14 05:36
trusted-key.key
750
B
-rw-r--r--
2024-06-11 14:41
trusted_mail_users
0
B
-rw-r-----
2025-08-06 07:55
trustedmailhosts
0
B
-rw-r-----
2026-02-24 06:30
updatedb.conf
447
B
-rw-r--r--
2025-08-06 08:04
userbwlimits
7.5
KB
-rw-r-----
2026-03-14 05:36
userdatadomains
468.63
KB
-rw-r-----
2026-03-14 11:51
userdatadomains.json
509.85
KB
-rw-r-----
2026-03-14 11:51
userdomains
99.24
KB
-rw-r-----
2026-03-14 05:36
userips
9.96
KB
-rw-r-----
2026-03-14 05:36
userplans
8.75
KB
-rw-r-----
2026-03-14 05:36
vconsole.conf
37
B
-rw-r--r--
2025-08-06 07:51
vimrc
1.94
KB
-rw-r--r--
2020-12-15 16:44
virc
1.94
KB
-rw-r--r--
2020-12-15 16:44
webspam
0
B
-rw-r--r--
2025-08-06 07:55
wgetrc
4.37
KB
-rw-r--r--
2019-05-15 21:01
wwwacct.conf
293
B
-rw-r--r--
2026-03-15 01:33
wwwacct.conf.cache
373
B
-rw-r--r--
2026-03-15 01:33
wwwacct.conf.shadow
79
B
-rw-------
2025-08-06 07:57
wwwacct.conf.shadow.cache
476
B
-rw-------
2026-03-15 01:33
yum.conf
522
B
-rw-r--r--
2026-02-10 18:07
Save
Rename
#!!# cPanel Exim 4 Config chunking_advertise_hosts="" # +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking. # +retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled. log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_recipients +received_sender +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +subject +tls_cipher +tls_peerdn deliver_queue_load_max = 40 perl_startup = do '/etc/exim.pl' smtp_receive_timeout = 7m timeout_frozen_after = 1d openssl_options = +no_compression +no_sslv2 +no_sslv3 tls_require_ciphers = HIGH:!SSLv2:!ADH:!aNULL:!3DES smtp_accept_max = 200 smtp_connect_backlog = 100 smtp_accept_max_per_connection = 50 system_filter_file_transport = address_file hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8 hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks hostlist blocked_incoming_email_country_ips = ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} } hostlist backupmx_hosts = lsearch;/etc/backupmxhosts hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts hostlist recent_authed_mail_ips = net-iplsearch;/etc/recent_authed_mail_ips hostlist neighbor_netblocks = net-iplsearch;/etc/neighbor_netblocks hostlist greylist_trusted_netblocks = net-iplsearch;/etc/greylist_trusted_netblocks hostlist greylist_common_mail_providers = net-iplsearch;/etc/greylist_common_mail_providers hostlist cpanel_mail_netblocks = net-iplsearch;/etc/cpanel_mail_netblocks hostlist recent_recipient_mail_server_ips = net-iplsearch;/etc/recent_recipient_mail_server_ips domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail} domainlist local_domains = lsearch;/etc/localdomains domainlist secondarymx_domains = lsearch;/etc/secondarymx domainlist relay_domains = +local_domains : +secondarymx_domains domainlist blocked_domains = wildlsearch;/etc/blocked_incoming_email_domains domainlist manualmx_domains = ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} } localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N smtp_accept_queue_per_connection = 30 remote_max_parallel = 10 ignore_bounce_errors_after = 1d rfc1413_query_timeout = 0s auto_thaw = 7d callout_domain_negative_expire = 1h callout_negative_expire = 1h acl_not_smtp = acl_not_smtp acl_not_smtp_mime = acl_not_smtp_mime acl_smtp_connect = acl_smtp_connect acl_smtp_data = acl_smtp_data acl_smtp_helo = acl_smtp_helo acl_smtp_mail = acl_smtp_mail acl_smtp_mime = acl_smtp_mime acl_smtp_rcpt = acl_smtp_rcpt message_body_newlines = true check_rfc2047_length = false keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin queue_only_load = 264 daemon_smtp_ports = 25 : 26 : 465 : 587 tls_on_connect_ports = 465 system_filter_user = cpaneleximfilter system_filter_group = cpaneleximfilter smtputf8_advertise_hosts = : timezone = America/Chicago spamd_address = 127.0.0.1 783 retry=30s tmo=3m tls_certificate = ${if and \ { \ {gt{$tls_in_sni}{}} \ {!match{$tls_in_sni}{/}} \ } \ {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {/etc/exim.crt} \ }} \ }} \ {/etc/exim.crt} \ } tls_privatekey = ${if and \ { \ {gt{$tls_in_sni}{}} \ {!match{$tls_in_sni}{/}} \ } \ {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {/etc/exim.key} \ }} \ }} \ {/etc/exim.key} \ } system_filter = /etc/eig_exim_system_filter #!!# These options specify the Access Control Lists (ACLs) that #!!# are used for incoming SMTP messages - after the RCPT and DATA #!!# commands, respectively. #!!# This setting defines a named domain list called #!!# local_domains, created from the old options that #!!# referred to local domains. It will be referenced #!!# later on by the syntax "+local_domains". #!!# Other domain and host lists may follow. addresslist secondarymx = *@partial-lsearch;/etc/secondarymx ###################################################################### # Runtime configuration file for Exim # ###################################################################### # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML) are available from # the Exim ftp sites. The manual is also online via the Exim web sites. # This file is divided into several parts, all but the last of which are # terminated by a line containing the word "end". The parts must appear # in the correct order, and all must be present (even if some of them are # in fact empty). Blank lines, and lines starting with # are ignored. ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### #dns_retry = 1 #dns_retrans = 1s # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \ \#${compile_number} ${tod_full} \n\ We do not authorize the use of this system to transport unsolicited, \n\ and/or bulk e-mail." #nobody as the sender seems to annoy people untrusted_set_sender = * local_from_check = false split_spool_directory = yes # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # Specify your local domains as a colon-separated list here. If this option # is not set (i.e. not mentioned in the configuration file), the # qualify_recipient value is used as the only local domain. If you do not want # to do any local deliveries, uncomment the following line, but do not supply # any data for it. This sets local_domains to an empty string, which is not # the same as not mentioning it at all. An empty string specifies that there # are no local domains; not setting it at all causes the default value (the # setting of qualify_recipient) to be used. #!!# message_filter renamed system_filter message_body_visible = 5000 # Specify a set of options to control the behavior of OpenSSL. The default is to # disable SSLv2 and SSLv3 due to weaknesses in these protocols. # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. # local_domains_include_host_literals # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # The use of your host as a mail relay by any host, including the local host # calling its own SMTP port, is locked out by default. If you want to permit # relaying from the local host, you should set # # host_accept_relay = localhost # # If you want to permit relaying through your host from certain hosts or IP # networks, you need to set the option appropriately, for example # # # # If you are an MX backup or gateway of some kind for some domains, you must # set relay_domains to match those domains. This will allow any host to # relay through your host to those domains. # # See the section of the manual entitled "Control of relaying" for more # information. # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. #host_lookup = 0.0.0.0/0 # By default, Exim expects all envelope addresses to be fully qualified, that # is, they must contain both a local part and a domain. If you want to accept # unqualified addresses (just a local part) from certain hosts, you can specify # these hosts by setting one or both of # # receiver_unqualified_hosts = # sender_unqualified_hosts = # # to control sender and receiver addresses, respectively. When this is done, # unqualified addresses are qualified using the settings of qualify_domain # and/or qualify_recipient (see above). # Exim contains support for the Realtime Blocking List (RBL) that is being # maintained as part of the DNS. See http://maps.vix.com/rbl/ for background. # Uncommenting the first line below will make Exim reject mail from any # host whose IP address is blacklisted in the RBL at maps.vix.com. Some # others have followed the RBL lead and have produced other lists: DUL is # a list of dial-up addresses, and ORBS is a list of open relay systems. The # second line below checks all three lists. # rbl_domains = rbl.maps.vix.com # rbl_domains = rbl.maps.vix.com # If you want Exim to support the "percent hack" for all your local domains, # uncomment the following line. This is the feature by which mail addressed # to x%y@z (where z is one of your local domains) is locally rerouted to # x@y and sent on. Otherwise x%y is treated as an ordinary local part. # percent_hack_domains = * #sender_host_accept = +include_unknown:* #sender_host_reject = +include_unknown:lsearch*;/etc/spammers tls_advertise_hosts = * helo_accept_junk_hosts = * smtp_enforce_sync = false #!!#######################################################!!# #!!# This new section of the configuration contains ACLs #!!# #!!# (Access Control Lists) derived from the Exim 3 #!!# #!!# policy control options. #!!# #!!#######################################################!!# #!!# These ACLs are crudely constructed from Exim 3 options. #!!# They are almost certainly not optimal. You should study #!!# them and rewrite as necessary. begin acl ######################################################################################## # DO NOT ALTER THIS BLOCK ######################################################################################## # # cPanel Default ACL Template Version: 110.003 # Template: universal.dist # ######################################################################################## # DO NOT ALTER THIS BLOCK ######################################################################################## acl_not_smtp: #BEGIN ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK # BEGIN INSERT resolve_vhost_owner warn condition = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}} set acl_c_vhost_owner = ${perl{resolve_vhost_owner}} # END INSERT resolve_vhost_owner # BEGIN INSERT end_default_outgoing_notsmtp_checkall accept # END INSERT end_default_outgoing_notsmtp_checkall #END ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK #BEGIN ACL-NOT-SMTP-BLOCK #END ACL-NOT-SMTP-BLOCK acl_not_smtp_mime: #BEGIN ACL-NOT-SMTP-MIME-BLOCK # BEGIN INSERT disallowed_filenames_bl # Reject inbound mail with potentially dangerous attachments # Obfuscation of file names using parameter value continuation evades other filters, but not this one deny log_message = DENY: disallowed \"$mime_filename\" condition = ${if match \ {${lc:$mime_filename}} \ {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}} message = Attached file '$mime_filename' has disallowed extension. accept # END INSERT disallowed_filenames_bl #END ACL-NOT-SMTP-MIME-BLOCK acl_not_smtp_start: #BEGIN ACL-NOT-SMTP-START-BLOCK #END ACL-NOT-SMTP-START-BLOCK acl_smtp_auth: #BEGIN ACL-SMTP-AUTH-BLOCK #END ACL-SMTP-AUTH-BLOCK acl_smtp_connect: #BEGIN ACL-CONNECT-BLOCK # BEGIN INSERT custom_begin_connect deny message = "$sender_fullhost is in an RBL on bl.pro1.websitewelcome.com, see $dnslist_text" log_message = Host is banned dnslists = bl.pro1.websitewelcome.com # END INSERT custom_begin_connect # BEGIN INSERT blockedcountryips drop message = Your country is not allowed to connect to this server. log_message = Country is banned hosts = +blocked_incoming_email_country_ips # END INSERT blockedcountryips # BEGIN INSERT delay_unknown_hosts warn !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} delay = 5s # END INSERT delay_unknown_hosts # BEGIN INSERT spammerlist drop message = Your host is not allowed to connect to this server. log_message = Host is banned !hosts = : +skipsmtpcheck_hosts : +trustedmailhosts hosts = +spammeripblocks # END INSERT spammerlist # BEGIN INSERT custom_end_connect warn # host had a success in the last hour ratelimit = 1 / 30m / noupdate / per_conn / slow_fail_accept_$sender_host_address set acl_m4 = 1 defer condition = ${if eq {${acl_m4}}{1}{0}{1}} log_message = "Host is ratelimited due to multiple failure only connections ($sender_rate/$sender_rate_period max:$sender_rate_limit)" ratelimit = 30 / 30m / noupdate / per_conn / slow_fail_block_$sender_host_address # END INSERT custom_end_connect #END ACL-CONNECT-BLOCK #BEGIN ACL-CONNECT-POST-BLOCK # BEGIN INSERT default_connect_post # do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config #acl_smtp_notquit is required for this to work (exim 4.68) accept # END INSERT default_connect_post #END ACL-CONNECT-POST-BLOCK acl_smtp_data: # exiscan only # exiscan only #BEGIN ACL-OUTGOING-SMTP-CHECKALL-BLOCK #END ACL-OUTGOING-SMTP-CHECKALL-BLOCK #BEGIN ACL-CHECK-MESSAGE-PRE-BLOCK # BEGIN INSERT default_check_message_pre # # Enabling this will make the server non-rfc compliant # require verify = header_sender # accept hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts accept authenticated = * hosts = * accept condition = ${extract \ {size} \ {${stat:/etc/trustedmailhosts}} \ } hosts = +trustedmailhosts accept condition = ${extract \ {size} \ {${stat:/etc/trustedmailhosts}} \ } condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}} # END INSERT default_check_message_pre #END ACL-CHECK-MESSAGE-PRE-BLOCK #BEGIN ACL-PRE-SPAM-SCAN # BEGIN INSERT mailproviders # Research in Motion - Blackberry white list accept condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}} # END INSERT mailproviders #END ACL-PRE-SPAM-SCAN #BEGIN ACL-SPAM-SCAN-BLOCK # BEGIN INSERT custom_end_spam_scan warn condition = ${if eq {${acl_m0}}{1}{1}{0}} spam = ${acl_m1}/defer_ok log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)" add_header = X-Spam-Subject: [SPAM] $h_subject add_header = X-Spam-Status: Yes, score=$spam_score add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Spam-Report: $spam_report add_header = X-Spam-Flag: YES set acl_m2 = 1 warn condition = ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}} warn condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}} add_header = X-Spam-Status: No, score=$spam_score add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Spam-Flag: NO log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)" # END INSERT custom_end_spam_scan #END ACL-SPAM-SCAN-BLOCK # exiscan only # exiscan only #BEGIN ACL-RATELIMIT-SPAM-BLOCK #END ACL-RATELIMIT-SPAM-BLOCK #BEGIN ACL-SPAM-BLOCK #END ACL-SPAM-BLOCK #BEGIN ACL-CHECK-MESSAGE-POST-BLOCK # BEGIN INSERT default_check_message_post accept # END INSERT default_check_message_post #END ACL-CHECK-MESSAGE-POST-BLOCK acl_smtp_etrn: #BEGIN ACL-SMTP-ETRN-BLOCK #END ACL-SMTP-ETRN-BLOCK acl_smtp_helo: #BEGIN ACL-SMTP-HELO-BLOCK # BEGIN INSERT custom_helo_block warn log_message = got HELO: $sender_helo_name drop message = Banned HELO. log_message = Banned HELO condition = ${lookup {$sender_helo_name}lsearch{/etc/eximrejecthelo}{yes}{no}} accept # END INSERT custom_helo_block #END ACL-SMTP-HELO-BLOCK #BEGIN ACL-SMTP-HELO-POST-BLOCK # BEGIN INSERT default_smtp_helo accept # END INSERT default_smtp_helo #END ACL-SMTP-HELO-POST-BLOCK acl_smtp_mail: #BEGIN ACL-MAIL-PRE-BLOCK # BEGIN INSERT default_mail_pre # ignore authenticated hosts accept authenticated = * warn condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}} set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}} accept hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts # END INSERT default_mail_pre #END ACL-MAIL-PRE-BLOCK #BEGIN ACL-MAIL-BLOCK # BEGIN INSERT requirehelo deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL # END INSERT requirehelo # BEGIN INSERT requirehelonoforge drop # if ($sender_helo_name eq $primary_hostname) { # if (defined $interface_address) { # return is_loopback($interface_address) ? 0 : 1; #ok from localhost # } else { # return 0; #exim -bs # } # } else { # return 0; # } condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}} message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]" drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = "REJECTED - Interface: $interface_address is _my_ address" # END INSERT requirehelonoforge # BEGIN INSERT requirehelosyntax drop condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) drop # Required because "[IPv6:<address>]" will have no .s condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) drop condition = ${if match{$sender_helo_name}{\N\.$\N}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) drop condition = ${if match{$sender_helo_name}{\N\.\.\N}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) # END INSERT requirehelosyntax #END ACL-MAIL-BLOCK #BEGIN ACL-MAIL-POST-BLOCK # BEGIN INSERT default_mail_post accept # END INSERT default_mail_post #END ACL-MAIL-POST-BLOCK acl_smtp_mailauth: #BEGIN ACL-SMTP-MAILAUTH-BLOCK #END ACL-SMTP-MAILAUTH-BLOCK acl_smtp_mime: #BEGIN ACL-SMTP-MIME-BLOCK # BEGIN INSERT disallowed_filenames_bl # Reject inbound mail with potentially dangerous attachments # Obfuscation of file names using parameter value continuation evades other filters, but not this one deny log_message = DENY: disallowed \"$mime_filename\" condition = ${if match \ {${lc:$mime_filename}} \ {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}} message = Attached file '$mime_filename' has disallowed extension. accept # END INSERT disallowed_filenames_bl #END ACL-SMTP-MIME-BLOCK acl_smtp_notquit: #BEGIN ACL-NOTQUIT-BLOCK #END ACL-NOTQUIT-BLOCK acl_smtp_predata: #BEGIN ACL-SMTP-PREDATA-BLOCK #END ACL-SMTP-PREDATA-BLOCK acl_smtp_quit: #BEGIN ACL-SMTP-QUIT-BLOCK #END ACL-SMTP-QUIT-BLOCK acl_smtp_rcpt: #BEGIN ACL-RATELIMIT-BLOCK #END ACL-RATELIMIT-BLOCK #BEGIN ACL-PRE-RECIPIENT-BLOCK # BEGIN INSERT default_pre_recipient warn !domains = +relay_domains set acl_m_outbound_recipient = 1 # END INSERT default_pre_recipient # BEGIN INSERT delay_unknown_hosts warn !authenticated = * !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} delay = 5s # END INSERT delay_unknown_hosts # BEGIN INSERT dkim_disable warn control = dkim_disable_verify # END INSERT dkim_disable #END ACL-PRE-RECIPIENT-BLOCK #BEGIN ACL-RECIPIENT-BLOCK # BEGIN INSERT blockeddomains deny message = Your host is not allowed to connect to this server. log_message = Sender domain is banned sender_domains = !+local_domains : +blocked_domains # END INSERT blockeddomains # BEGIN INSERT default_recipient accept hosts = : accept hosts = +skipsmtpcheck_hosts deny message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain condition = ${if match_domain{$sender_address_domain}{lsearch;/etc/spfdomains}{true}{false}} spf = !pass # END INSERT default_recipient #END ACL-RECIPIENT-BLOCK #mailman only #BEGIN ACL-RECIPIENT-MAILMAN-BLOCK # BEGIN INSERT default_recipient_mailman # Accept bounces to lists even if callbacks or other checks would fail accept domains = +local_domains condition = ${if match{$local_part}{\N^(\.*[^./][^/]*)-bounces(\+.*)?$\N}} condition = ${if exists{/usr/local/cpanel/3rdparty/mailman/lists/${1}${if !eq{$domain}{$primary_hostname}{_${domain}}{}}/config.pck}} add_header = X-WhitelistedRCPT-nohdrfromcallback: Yes #if it gets here it isn't mailman # END INSERT default_recipient_mailman #END ACL-RECIPIENT-MAILMAN-BLOCK #mailman only #BEGIN ACL-IDENTIFY-SENDER-BLOCK # BEGIN INSERT default_identify_sender # Accept authenticated connections when the connection comes from the main # account (foo@foo.com, where foo.com's user is foo). Otherwise, we end up # unintentionally rejecting mail if the user is set to :fail:. accept authenticated = * condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}}}{$sender_address_local_part}} endpass verify = recipient # deny must be on the same line as hosts so it will get removed by buildeximconf if turned off deny hosts = ! +loopback : ! +senderverifybypass_hosts ! verify = sender accept authenticated = * endpass verify = recipient # if they used "pop before smtp" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain warn domains = ! +local_domains hosts = ! +loopback hosts = +recent_authed_mail_ips set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}} add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}} # if they used "pop before smtp" then we just accept accept condition = ${if exists{/etc/popbeforesmtp}{1}{0}} hosts = ! +loopback hosts = +recent_authed_mail_ips endpass verify = recipient # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled accept hosts = ! +loopback condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{/etc/popbeforesmtp}}}{${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}}{0}} set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}} set acl_c_alwaysrelay = 1 endpass verify = recipient #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of # a clogged outbox in outlook # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user) # We need to do it here before we can test the two drops warn condition = ${if !def:acl_c_authenticated_local_user} condition = ${if match_ip{$sender_host_address}{+loopback}} condition = ${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}} set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}} # drop connections to localhost that are from demo accounts (required for manual connections) drop condition = ${if def:acl_c_authenticated_local_user} condition = ${if !eq{$acl_c_authenticated_local_user}{root}} condition = ${if match_ip{$sender_host_address}{+loopback}} condition = ${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{1}} message = Demo accounts may not send mail # drop connections to localhost that fail auth (required for Horde) drop condition = $authentication_failed condition = ${if match_ip{$sender_host_address}{+loopback}} message = Authentication failed # we learned this in the acl_smtp_mail block accept condition = ${if def:acl_c_authenticated_local_user} endpass verify = recipient # END INSERT default_identify_sender # BEGIN INSERT default_message_submission # Reject unauthenticated relay on port 587 drop condition = ${if eq{$received_port}{587}{1}{0}} message = SMTP AUTH is required for message submission on port 587 # END INSERT default_message_submission #END ACL-IDENTIFY-SENDER-BLOCK #BEGIN ACL-RECP-VERIFY-BLOCK # BEGIN INSERT default_recp_verify # recipient verification to confirm the address is routable. # no callouts to remote systems are performed by default. require verify = recipient # skip content scanning for suspended recipients that are being queued, blackholed or relayed accept condition = ${extract{suspended}{$address_data}} # END INSERT default_recp_verify #END ACL-RECP-VERIFY-BLOCK #BEGIN ACL-POST-RECP-VERIFY-BLOCK # BEGIN INSERT dictionary_attack warn log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)" condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}} set acl_m7 = 1 warn condition = ${if eq {${acl_m7}}{1}{1}{0}} ratelimit = 0 / 1h / strict / per_conn log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack" drop condition = ${if eq {${acl_m7}}{1}{1}{0}} message = "Number of failed recipients exceeded. Come back in a few hours." # END INSERT dictionary_attack # BEGIN INSERT custom_end_post_recp_verify deny message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}} spf = fail:neutral # END INSERT custom_end_post_recp_verify #END ACL-POST-RECP-VERIFY-BLOCK #BEGIN ACL-TRUSTEDLIST-BLOCK # BEGIN INSERT trustedmailhosts accept hosts = +trustedmailhosts accept condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}} # END INSERT trustedmailhosts #END ACL-TRUSTEDLIST-BLOCK #BEGIN ACL-RBL-BLOCK # BEGIN INSERT davehaus_rbl ## Block no from address # warn # condition = ${if eq{$sender_address} {}} # log_message = "The host didn't send a from address." # # drop # condition = ${if eq{$sender_address} {}} # # Dave MFIN Collins.. on 84's. deny message = "JunkMail rejected - $sender_fullhost is in an RBL on rbl.websitewelcome.com, see $dnslist_text" dnslists = rbl.websitewelcome.com hosts = +backupmx_hosts warn dnslists = rbl.websitewelcome.com set acl_m8 = 1 set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL on rbl.websitewelcome.com, see $dnslist_text" warn condition = ${if eq {${acl_m8}}{1}{1}{0}} ratelimit = 0 / 1h / strict / per_conn log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match" drop condition = ${if eq {${acl_m8}}{1}{1}{0}} message = ${acl_m9} deny message = "JunkMail rejected - $sender_fullhost is in an RBL on csi.cloudmark.com/reset-request/?ip=$sender_host_address , see $dnslist_text" !authenticated = * dnslists = csi.websitewelcome.com # END INSERT davehaus_rbl #END ACL-RBL-BLOCK #BEGIN ACL-MAILAUTH-BLOCK # BEGIN INSERT spf_hg_check warn spf = fail add_header = X-SPF-Check: $sender_host_address is not allowed to send mail from $sender_address_domain !verify = reverse_host_lookup add_header = X-PTR-Check: No (consistent) reverse DNS set. # END INSERT spf_hg_check #END ACL-MAILAUTH-BLOCK #BEGIN ACL-GREYLISTING-BLOCK #END ACL-GREYLISTING-BLOCK #BEGIN ACL-RCPT-HARD-LIMIT-BLOCK #END ACL-RCPT-HARD-LIMIT-BLOCK #BEGIN ACL-RCPT-SOFT-LIMIT-BLOCK #END ACL-RCPT-SOFT-LIMIT-BLOCK #BEGIN ACL-SPAM-SCAN-CHECK-BLOCK # BEGIN INSERT default_spam_scan_check # The only problem with this setup is that if the message is for multiple users on the same server # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used. # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase. warn domains = +local_domains condition = ${if <= {$message_size}{200K}} condition = ${if !eq{${acl_m0}}{1}} condition = ${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${if eq{$domain}{$primary_hostname}{${sg{$local_part}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}}}}}/.spamassassinenable}}}} set acl_m0 = 1 # $local_part should work here rather than $local_part_data, but # $local_part_data sidesteps a taint-checking bug in Exim 4.94. # # Commit 12b7f811de is advertised as the fix for it, but during # testing an Exim built with that change still had the bug. # cf. https://www.mail-archive.com/exim-users@exim.org/msg54624.html # set acl_m1 = ${if eq{$domain}{$primary_hostname}{${sg{$local_part_data}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}} # END INSERT default_spam_scan_check # BEGIN INSERT spam_scan_secondarymx # Support for scanning secondarymx domains warn domains = ! +local_domains : +secondarymx_domains condition = ${if <= {$message_size}{200K}{1}{0}} set acl_m0 = 1 set acl_m1 = cpaneleximscanner # END INSERT spam_scan_secondarymx #END ACL-SPAM-SCAN-CHECK-BLOCK #BEGIN ACL-POST-SPAM-SCAN-CHECK-BLOCK # BEGIN INSERT delay_unknown_hosts warn #acl_m2 is spam = YES condition = ${if eq {${acl_m2}}{1}{1}{0}} !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks delay = 40s # END INSERT delay_unknown_hosts # BEGIN INSERT mailproviders # Research in Motion - Blackberry white list warn condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}} set acl_m0 = 0 # END INSERT mailproviders #END ACL-POST-SPAM-SCAN-CHECK-BLOCK #BEGIN ACL-RECIPIENT-POST-BLOCK # BEGIN INSERT default_recipient_post accept domains = +relay_domains deny message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}} log_message = Rejected relay attempt: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain' # END INSERT default_recipient_post #END ACL-RECIPIENT-POST-BLOCK acl_smtp_starttls: #BEGIN ACL-SMTP-STARTTLS-BLOCK #END ACL-SMTP-STARTTLS-BLOCK acl_smtp_vrfy: #BEGIN ACL-SMTP-SMTP-VRFY-BLOCK #END ACL-SMTP-SMTP-VRFY-BLOCK acl_smtp_dkim: #BEGIN ACL-SMTP-DKIM-BLOCK #END ACL-SMTP-DKIM-BLOCK begin authenticators dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}} dovecot_login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}} # smarthost authentication disabled ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite #!!#######################################################!!# #!!# Here follow routers created from the old routers, #!!# #!!# for handling non-local domains. #!!# #!!#######################################################!!# begin routers ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. blackhole_dovenull: driver= redirect local_parts = "@dovenull" allow_fail = true data = :fail: Unrouteable address deliver_local_outside_jail: driver = manualroute require_files = "+/jail_owner" # users outside the jail will not be in /etc/passwd => We need to check if $local_part is in /jail_owner # we can't just check to see if they exist # because we still want to be able to mail root domains = +local_domains transport = remote_smtp route_list = "* 127.0.0.1" # self = send allows us to send outside the jail # we make sure /home/virtfs does not exist before we get here # to be safe self = send suspendedcheck: driver = redirect domains = +local_domains local_parts = ${if eq {$domain} \ {$primary_hostname} \ {+path_safe_localparts} \ {*} \ } require_files = \ +/etc/exim_suspended_list \ : +/var/cpanel/suspended/${if eq {$domain} {$primary_hostname} \ {$local_part} \ {${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {$value} \ {::::invalid::::} \ }} \ } local_part_suffix = +* local_part_suffix_optional allow_fail allow_defer allow_freeze # Sets r_suspendinfo to the contents of the suspendinfo file, # r_suspended_shell to the original shell of the suspended account, # r_suspended_redirect to the real mapped redirect setting. set = r_suspended_shell=${perl \ {get_suspended_shell} \ {${if eq {$domain} {$primary_hostname} \ {$local_part} \ {${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ }} \ } # This skips content scanning for the primary account address with # live-transfers and handles the special :queue: setting by pretending # those are :blackhole: deliveries during address verification address_data = \ router=$router_name \ ${if \ !match {${lookup \ {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*(:unknown:.*)?$\N} \ { \ suspended=1 \ redirect=${quote:${if \ !match{${lookup \ {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*:\N} \ {${if eq \ {$verify_mode} \ {} \ {${lookup{$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {:blackhole:} \ }} \ {${sg \ {${lookup {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*:queue:\N} \ {${if eq \ {$verify_mode} \ {} \ {:defer:} \ {:blackhole:} \ }} \ }} \ }} \ } \ } data = ${extract \ {redirect} \ {$address_data} \ } # The main routers handle traffic to the lists themselves and the suffixed ones # handle mail to administrative aliases. We have to use a two step process # because otherwise mail to a list such as foo-admin@example.tld will not be # handled properly. mailman_virtual_router: driver = accept domains = !$primary_hostname : +local_domains local_parts = +path_safe_localparts require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman transport = mailman_virtual_transport mailman_virtual_router_suffixed: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman domains = !$primary_hostname : +local_domains local_parts = +path_safe_localparts local_part_suffix = -admin : \ -bounces : -bounces+* : \ -confirm : -confirm+* : \ -join : -leave : \ -owner : -request : \ -subscribe : -unsubscribe transport = mailman_virtual_transport mailman_virtual_router_nodns: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman condition = \ ${if or {{match{$local_part}{.*_.*}} \ {eq{$local_part}{mailman}}} \ {1}{0}} domains = $primary_hostname local_parts = +path_safe_localparts transport = mailman_virtual_transport_nodns mailman_virtual_router_nodns_suffixed: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman condition = \ ${if or {{match{$local_part}{.*_.*}} \ {eq{$local_part}{mailman}}} \ {1}{0}} local_part_suffix = -admin : \ -bounces : -bounces+* : \ -confirm : -confirm+* : \ -join : -leave : \ -owner : -request : \ -subscribe : -unsubscribe domains = $primary_hostname local_parts = +path_safe_localparts transport = mailman_virtual_transport_nodns democheck: driver = redirect require_files = "+/etc/demouids" condition = ${if >= {$originator_uid}{100}{1}{0}} condition = "${extract{size}{${stat:/etc/demouids}}}" condition = "${if eq \ {${lookup \ {$originator_uid} \ lsearch{/etc/demouids} \ {$value} \ }} \ {} \ {false} \ {true} \ }" allow_fail data = :fail: demo accounts are not permitted to relay email # # This is to make sure that cpanel@* always passes sender verification # so that the system notifications don't get rejected by spam filters # doing a sender verification check. # blackhole_cpanel_at: driver = redirect local_parts = cpanel domains = !$primary_hostname verify_only data = :blackhole: # cPanel Mail Archiving is disabled boxtrapper_autowhitelistHG: driver = accept condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}} require_files = "+/usr/local/cpanel/bin/boxtrapper" transport = boxtrapper_autowhitelist unseen fightspamHG: driver = redirect domains = ! +local_domains condition = "${perl{spam_fighter}}" data = /dev/null file_transport = address_file no_more check_mailpermissions: domains = ! +local_domains condition = "${perl{check_mail_permissions}}" driver = redirect ignore_target_hosts = +loopback : 64.94.110.0/24 allow_filter reply_transport = address_reply user = mailnull expn = false data = "${perl{check_mail_permissions_results}}" enforce_mail_permissionsHG: domains = ! +local_domains condition = "${perl{enforce_mail_permissions}}" driver = redirect ignore_target_hosts = +loopback : 64.94.110.0/24 allow_fail allow_defer expn = false data = "${perl{enforce_mail_permissions_results}}" increment_max_emails_per_hour: domains = ! +local_domains condition = "${perl{increment_max_emails_per_hour_if_needed}}" driver = redirect ignore_target_hosts = +loopback : 64.94.110.0/24 allow_fail no_verify one_time expn = false data = ":unknown:" blockeddomains: driver = redirect require_files = "+/etc/blockeddomains" domains = "/etc/blockeddomains" allow_fail data = :fail: "Sorry, you are sending to/from an address that has been blacklisted" deliver_through_cm_smtp: condition = ${if !eq{$original_domain}{$domain}} driver = manualroute domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders2}}" transport = remote_smtp hosts_randomize = true route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71 dkim_lookuphostHG: driver = manualroute domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24 require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}" headers_add = "${perl{mailtrapheaders2}}" transport = dkim_remote_smtp hosts_randomize = true route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71 send_to_cm: driver = manualroute condition = "${perl{checkspam3}}" domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders2}}" transport = remote_smtp hosts_randomize = true route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71 send_to_gateway: driver = manualroute domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders2}}" transport = remote_smtp hosts_randomize = true route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71 # # Handles identification of messages, nobody and webspam and mail trap checks # in check_mail_permissions and notifies if we are defering a message # boxtrapper_autowhitelist: driver = accept condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if eq{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$sender_ident}}}{0}}}}}}}} require_files = "+/usr/local/cpanel/bin/boxtrapper" transport = boxtrapper_autowhitelist no_verify unseen check_mail_permissions: domains = ! +local_domains condition = ${if eq {$authenticated_id}{root}{0}{1}} ignore_target_hosts = +loopback : 64.94.110.0/24 driver = redirect allow_filter reply_transport = address_reply user = mailnull no_verify expn = false condition = "${perl{check_mail_permissions}}" data = "${perl{check_mail_permissions_results}}" # # discover_sender_information is not included # because from_rewrites are not enabled # # # If check_mail_permissions needs to defer or fail a message it is done here # enforce_mail_permissions: domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 condition = ${if eq {$authenticated_id}{root}{0}{1}} driver = redirect allow_fail allow_defer no_verify expn = false condition = "${perl{enforce_mail_permissions}}" data = "${perl{enforce_mail_permissions_results}}" # # Increments max emails per hour if needed # increment_max_emails_per_hour_if_needed: domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 condition = ${if eq {$authenticated_id}{root}{0}{1}} driver = redirect allow_fail no_verify one_time expn = false condition = "${perl{increment_max_emails_per_hour_if_needed}}" data = ":unknown:" # # reject_forwarded_mail_marked_as_spam is not included # because no_forward_outbound_spam and no_forward_outbound_spam_over_int # are both disabled # # This router routes to a statically defined host from /etc/manualmx # so that any mail received for the domain will skip MX lookups and attempt to # deliver the message directly to the specified host. manualmx: driver = manualroute domains = +manualmx_domains transport = remote_smtp route_data = ${lookup \ {$domain} \ lsearch{/etc/manualmx} \ } # # lookuphost router # # # Lookup host router for remote smtp and ignores verisign site finder 'service' # This matches lookup exactly except we look for X-Precedence and Precedence so # we can determinte what is an auto responder message in the log. # Note: there is nothing to # prevent X-Precedence from being added to non-autoresponded messages so this is for # logging reasons only # # Note: Boxtrapper sets Precedence to auto_reply # autoreply_dkim_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${perl{sender_domain_can_dkim_sign}}" condition = "${if \ or { \ {match{$h_precedence:}{auto}} \ {match{$h_x-precedence:}{auto}} \ } \ {1}{0} \ }" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" transport = dkim_remote_smtp # # Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys # dkim_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${perl{sender_domain_can_dkim_sign}}" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {dkim_remote_smtp} {dkim_remote_forwarded_smtp}} .else transport = dkim_remote_smtp .endif # # Lookup host router for remote smtp and ignores verisign site finder 'service' # This matches lookup exactly except we look for X-Precedence and Precedence so # we can determinte what is an auto responder message in the log. # Note: there is nothing to # prevent X-Precedence from being added to non-autoresponded messages so this is for # logging reasons only # # Note: Boxtrapper sets Precedence to auto_reply # autoreply_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${if \ or { \ {match{$h_precedence:}{auto}} \ {match{$h_x-precedence:}{auto}} \ } \ {1}{0} \ }" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" transport = remote_smtp # # Lookup host router for remote smtp and ignores verisign site finder 'service' # lookuphost: # router from etc/exim/replacecf/dkim/lookuphost driver = dnslookup domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {remote_smtp} {remote_forwarded_smtp}} .else transport = remote_smtp .endif # This router routes to remote hosts over SMTP by explicit IP address, # given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs # require this facility, which is why it is enabled by default in Exim. # If you want to lock it out, set forbid_domain_literals in the main # configuration section above. # # Literal Transports .. ignores verisigns sitefinder service # literal: driver = ipliteral domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {remote_smtp} {remote_forwarded_smtp}} .else transport = remote_smtp .endif #!!# This new router is put here to fail all domains that #!!# were not in local_domains in the Exim 3 configuration. # # Trap Failures to Remote Domain # fail_remote_domains: driver = redirect domains = ! +local_domains : ! localhost : ! localhost.localdomain allow_fail data = ${if eq {$verify_mode}{S} \ {:fail: The mail server does not recognize $local_part@$domain as a valid sender.} \ {:fail: The mail server could not deliver mail to $local_part@$domain. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.} \ } #!!#######################################################!!# #!!# Here follow routers created from the old directors, #!!# #!!# for handling local domains. #!!# #!!#######################################################!!# ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # This director handles aliasing using a traditional /etc/aliases file. # If any of your aliases expand to pipes or files, you will need to set # up a user and a group for these deliveries to run under. You can do # this by uncommenting the "user" option below (changing the user name # as appropriate) and adding a "group" option if necessary. Alternatively, you # can specify "user" on the transports that are used. Note that those # listed below are the same as are used for .forward files; you might want # to set up different ones for pipe and file deliveries from aliases. #spam_filter: # driver = forwardfile # file = /etc/spam.filter # no_check_local_user # no_verify # filter # allow_system_actions # # Account level filtering for everything but the main account # central_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket no_check_local_user domains = !$primary_hostname : dsearch;/etc/vfilters require_files = "+/etc/vfilters/${domain_data}" condition = "${extract \ {size} \ {${stat:/etc/vfilters/${domain_data}}} \ }" file = /etc/vfilters/${domain_data} file_transport = address_file directory_transport = address_directory pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract{6} \ {:} \ {${lookup \ passwd{ \ ${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ } \ } \ }} \ }:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } reply_transport = address_reply router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" no_verify # # Account level filtering for the main account # # checks /etc/vfilters/maindomain if its a localuser (ie main acct) # mainacct_central_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_local_user domains = $primary_hostname condition = ${if eq \ {${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }} \ {} \ {0} \ {${if exists \ {/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }} \ {${extract \ {size} \ {${stat:/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }}} \ }} \ {0} \ }} \ } file = "/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }" directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply user = $local_part_data group = $local_part_data retry_use_local_part no_verify # # User Level Filtering for the main account # central_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_local_user domains = $primary_hostname require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter" condition = "${extract \ {size} \ {${stat:${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter}} \ }" file = "${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ } directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply user = $local_part_data group = $local_part_data local_part_suffix = +* local_part_suffix_optional retry_use_local_part no_verify # # User Level Filtering for virtual users # virtual_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data/$local_part_data/filter" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } local_parts = ${if exists{${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data}{dsearch;${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data}} condition = "${extract{size}{${stat:$home/etc/$domain_data/$local_part_data/filter}}}" file = "$home/etc/$domain_data/$local_part_data/filter" directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract{6} \ {:} \ {${lookup \ passwd{ \ ${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ } \ } \ }} \ }:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } reply_transport = address_reply local_part_suffix = +* local_part_suffix_optional retry_use_local_part no_verify virtual_aliases_nostar: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/valiases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" address_data = \ "router=$router_name \ redirect=${quote:${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } local_part_suffix = +* local_part_suffix_optional retry_use_local_part unseen virtual_user_overquota: driver = redirect domains = !$primary_hostname : ${lookup{$domain}lsearch{/etc/userdomains}{${perl{untaint}{$domain}}}} require_files = "+$home/etc/$domain_data" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } # NB: On busy servers Dovecot may take several seconds to respond to # this request. So we set the timeout generously: condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain_data}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}" data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded" verify_only allow_fail # # Virtual User Spam Boxes # virtual_user_spam: driver = redirect local_parts = +path_safe_localparts domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}} require_files = \ "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/.spamassassinboxenable: \ +${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } headers_remove="x-uidl" data = "${quote_local_part:$local_part}+spam@$domain_data" redirect_router = virtual_user virtual_boxtrapper_user: driver = accept local_parts = +path_safe_localparts domains = !$primary_hostname : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint} \ {$domain} \ }} \ } require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data/$local_part/.boxtrapperenable:+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = "${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }" headers_remove="x-uidl" transport = virtual_boxtrapper_userdelivery virtual_user: driver = accept domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } local_parts = +path_safe_localparts require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } headers_remove="x-uidl" local_part_suffix = +* local_part_suffix_optional user = mailnull group = mail transport = dovecot_virtual_delivery set = r_bcc_addr=${if forany \ {${addresses:$h_to:}:${addresses:$h_cc:}} \ {or { \ {eqi \ {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \ {$local_part@$domain_data} \ } \ {eqi \ {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \ {$original_local_part@$original_domain} \ } \ }} \ {} \ {$local_part@$domain} \ } set = r_cpanel_user=${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}} # # If the delivery address, original address (forwarded), # or address with subaddress is shown on the To: or Cc: # lines or the message has the List-Id: or Precedence: # header we allow the message to be batched to # dovecot LMTP via transport dovecot_virtual_delivery # # If it does match match the above we do not allow the message # to be batched in order to ensure that the Envelope-To: header # does not contain a user that was Bcc:ed so savvy recipients # cannot see that another email was Bcc:ed in the header # via transport dovecot_virtual_delivery_no_batch # # Note: match_address would be nice here but the second string # is not expanded for security reasons # # # has_alias_but_no_mailbox_discarded_to_prevent_loop required either of the following: # # 1. There is an active alias in the valias file # 2. There is an active autoresponder and the * is set to :fail: # has_alias_but_no_mailbox_discarded_to_prevent_loop: driver = redirect domains = !$primary_hostname : dsearch;/etc/valiases condition = ${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ {1} \ {0} \ } condition = "${if forany{<, \ ${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ {$value} \ }} \ {!match{$item}{\N/autorespond\N}} \ {1} \ {${if match \ {${lookup \ {\N*\N} \ lsearch{/etc/valiases/$domain_data} \ {$value} \ }} \ {:fail:} \ {1} \ {0} \ }} \ }" data=":blackhole:" local_part_suffix = +* local_part_suffix_optional disable_logging = true # srs is disabled valias_domain_file: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/vdomainaliases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" condition = ${lookup {$domain_data} lsearch {/etc/vdomainaliases/$domain_data}{yes}{no} } address_data = router=$router_name redirect=${quote:${quote_local_part:$local_part}@${lookup{$domain_data}lsearch{/etc/vdomainaliases/$domain_data}}} data = ${extract{redirect}{$address_data}} virtual_aliases: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/valiases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } address_data = \ "router=$router_name \ redirect=${quote:${lookup \ {*} \ lsearch{/etc/valiases/$domain_data} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. system_aliases: driver = redirect allow_defer allow_fail domains = $primary_hostname : localhost address_data = \ "router=$router_name \ redirect=${quote: \ ${lookup \ {$local_part} \ lsearch{/etc/aliases} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = address_pipe # user = exim local_aliases: driver = redirect allow_defer allow_fail domains = $primary_hostname : localhost address_data = \ "router=$router_name \ redirect=${quote: \ ${lookup \ {$local_part} \ lsearch{/etc/localaliases} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = address_pipe check_local_user userforward: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_ancestor check_local_user domains = $primary_hostname no_expn require_files = "+$home/.forward" condition = "${extract{size}{${stat:$home/.forward}}}" file = $home/.forward file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply directory_transport = address_directory user = $local_part_data group = $local_part_data no_verify # srs is disabled localuser_root: driver = redirect allow_fail domains = $primary_hostname : localhost check_local_user condition = ${if eq {$local_part_data}{root}} data = :fail: root cannot accept local mail deliveries localuser_overquota: driver = redirect domains = $primary_hostname check_local_user # NB: On busy servers Dovecot may take several seconds to respond to # this request. So we set the timeout generously: condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}" data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded" verify_only allow_fail # # Optimized spambox router # localuser_spam: driver = redirect domains = $primary_hostname require_files = "+$home/.spamassassinboxenable" condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}} # sets home,user,group check_local_user headers_remove="x-uidl" data = "${quote_local_part:$local_part_data}+spam" redirect_router = localuser boxtrapper_localuser: driver = accept require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable" check_local_user domains = $primary_hostname transport = local_boxtrapper_delivery localuser: driver = accept # sets home,user,group check_local_user domains = $primary_hostname headers_remove="x-uidl" local_part_suffix = +* local_part_suffix_optional user = mailnull group = mail transport = dovecot_delivery set = r_bcc_addr=${if forany \ {${addresses:$h_to:}:${addresses:$h_cc:}} \ {or { \ { eqi \ {${extract \ {1} \ {+} \ {${local_part:$item}} \ }@${domain:$item}} \ {$local_part@$domain} \ } \ { eqi \ {${extract \ {1} \ {+} \ {${local_part:$item}} \ }@${domain:$item}} \ {$original_local_part@$original_domain} \ } \ }} \ {} \ {$local_part@$domain} \ } set = r_cpanel_user=${local_part} # # If the delivery address, original address (forwarded), # or address with subaddress is shown on the To: or Cc: # lines or the message has the List-Id: or Precedence: # header we allow the message to be batched to # dovecot LMTP via transport dovecot_virtual_delivery # # If it does match match the above we do not allow the message # to be batched in order to ensure that the Envelope-To: header # does not contain a user that was Bcc:ed so savvy recipients # cannot see that another email was Bcc:ed in the header # via transport dovecot_virtual_delivery_no_batch # # Note: match_address would be nice here but the second string # is not expanded for security reasons # # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # This transport is used for delivering messages over SMTP connections. begin transports mailman_virtual_transport: driver = pipe command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \ '${if def:local_part_suffix \ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ {post}}' \ ${perl{untaint}{${lc:$local_part}_${lc:$domain}}} current_directory = /usr/local/cpanel/3rdparty/mailman home_directory = /usr/local/cpanel/3rdparty/mailman user = mailman group = mailman mailman_virtual_transport_nodns: driver = pipe command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \ '${if def:local_part_suffix \ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ {post}}' \ ${perl{untaint}{${lc:$local_part}}} current_directory = /usr/local/cpanel/3rdparty/mailman home_directory = /usr/local/cpanel/3rdparty/mailman user = mailman group = mailman remote_smtp: driver = smtp interface = <; ${if > \ {${extract \ {size} \ {${stat:/etc/mailips}} \ }} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailips} \ {$value} \ {} \ }} \ }} \ }} \ } helo_data = ${if > \ {${extract{size}{${stat:/etc/mailhelo}}}} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailhelo} \ {$value} \ {$primary_hostname} \ }} \ }} \ }} \ {$primary_hostname} \ } hosts_try_chunking = 198.51.100.1 message_linelength_limit = 1000000 dkim_remote_smtp: driver = smtp interface = <; ${if > \ {${extract \ {size} \ {${stat:/etc/mailips}} \ }} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailips} \ {$value} \ {} \ }} \ }} \ }} \ } helo_data = ${if > \ {${extract{size}{${stat:/etc/mailhelo}}}} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailhelo} \ {$value} \ {$primary_hostname} \ }} \ }} \ }} \ {$primary_hostname} \ } dkim_domain = ${perl{get_dkim_domain}} dkim_selector = default dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}" dkim_canon = relaxed hosts_try_chunking = 198.51.100.1 message_linelength_limit = 1000000 # remote_forwarded_srs absent due to SRS support being disabled # This transport is used for local delivery to user mailboxes. By default # it will be run under the uid and gid of the local user, and requires # the sticky bit to be set on the /var/mail directory. Some systems use # the alternative approach of running mail deliveries under a particular # group instead of using the sticky bit. The commented options below show # how this can be done. # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe below. address_directory: driver = pipe command = /usr/libexec/dovecot/dovecot-lda -f ${perl{untaint}{$sender_address}} -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}} message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe return_output jailed_address_pipe: driver = pipe force_command command = /usr/local/cpanel/bin/jailexec $address_pipe return_output jailed_virtual_address_pipe: driver = pipe force_command command = /usr/local/cpanel/bin/jailexec $address_pipe return_output cagefs_address_pipe: driver = pipe force_command command = /bin/cagefs_enter $address_pipe return_output cagefs_virtual_address_pipe: driver = pipe force_command command = /bin/cagefs_enter $address_pipe return_output # This transport is used for handling deliveries directly to files that are # generated by aliassing or forwarding. address_file: driver = pipe command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}} message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 boxtrapper_autowhitelist: driver = pipe headers_only command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${perl{untaint}{$authenticated_id}}" user = ${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}} group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}}{$value}}}} log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 local_boxtrapper_delivery: driver = pipe command = /usr/local/cpanel/bin/boxtrapper "${perl{untaint}{$local_part_data}}" $home user = $local_part_data group = ${extract{3}{:}{${lookup passwd{$local_part_data}{$value}}}} log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 virtual_boxtrapper_userdelivery: driver = pipe command = /usr/local/cpanel/bin/boxtrapper \ "${perl{untaint}{$local_part}}@${perl{untaint}{$domain}}" \ $home user = "${lookup{${perl{untaint}{$domain}}}lsearch{/etc/userdomains}{$value}}" log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 dovecot_delivery: driver = lmtp socket = /var/run/dovecot/lmtp batch_max = 200 batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}" rcpt_include_affixes delivery_date_add envelope_to_add return_path_add dovecot_virtual_delivery: driver = lmtp socket = /var/run/dovecot/lmtp batch_max = 200 batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}" rcpt_include_affixes delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply # cPanel Mail Archiving is disabled ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,8h,3m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration
