#!!! ASSP Exim 4 Config For ASSP # # Michael Freeman (Pucky) # www.efastconsulting.com # # Edited by Martynas Bendorius (smtalk) # # DO NOT ENALBE Spamassassin # Ensure that Spamd is not running. # MailScanner must be uninstalled or disabled. # # For use with Exim + ASSP # # The latest version of this file is always available at; # http://efastconsulting.com/files/assp/exim.conf # # A new exim system filter is included. The latest version # of this file is always available at; # http://efastconsulting.com/files/assp/system_filter.exim # # MODIFICATION ARE AT YOUR OWN RISK!!! # #################################################### # BLOCK START: SPAM/VIRUS SCANNERS # #################################################### # ASSP connection local_interfaces = 127.0.0.1 daemon_smtp_ports = 125 #################################################### # BLOCK START: ACL DURING SMTP # #################################################### # SMTP Connect check host acl_smtp_connect = acl_check_host # SMTP Mail check sender acl_smtp_mail = acl_check_sender # CHANGE LOGGING BEHAVIOR # We weren't happy with the default Exim logging behavior through # syslog; it didn't give us enough information. So we turned off # syslog behavior and changed the logging behavior to give us what we # felt was more helpful information. You may choose to delete or modify # this section. # # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment # log verbosity log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +etrn +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients -retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn syslog_duplication = false # ALLOW UNDERSCORE IN EMAIL DOMAIN NAME # domains shouldn't use the underscore character "_" but some # may. Because John Postel, one of the architects of the Internet, # said "Be liberal in what you accept and conservative in what you # transmit, we choose to allow underscore in email domain names so we # can receive email form domains which use the underscore character # in their domain name. # OPTIONAL MODIFICATIONS: # These defaults work for us; you may wish to modify them # for your environment helo_allow_chars = _ #################################################### # BLOCK START: MESSAGES LIMITS # # Max recipients, sizes. # #################################################### recipients_max = 50 recipients_max_reject = true message_size_limit = 16384000 return_size_limit = 65536 #################################################### # BLOCK START: QUEUE SETTINGS # # Delays, load based params. # #################################################### # Immediate delivery, no "queue_only" queue_only_load = 10 deliver_queue_load_max = 9 queue_run_max = 5 remote_max_parallel = 1 print_topbitchars = true smtp_receive_timeout = 5m smtp_accept_max = 100 #################################################### # BLOCK START: FROZEN/BOUNCES MAILS SETTINGS # #################################################### # the next line is required to start the system_filter included in # DirectAdmin to refuse potentiallly harmful payloads in # email messages system_filter=/etc/system_filter.exim #################################################### # BLOCK START: FROZEN/BOUNCES MAILS SETTINGS # #################################################### timeout_frozen_after = 2d ignore_bounce_errors_after = 2d #!!# These options specify the Access Control Lists (ACLs) that #!!# are used for incoming SMTP messages - after the RCPT and DATA #!!# commands, respectively. #av_scanner = clamd:/var/clamd acl_smtp_rcpt = check_recipient acl_smtp_data = check_message #!!# This setting defines a named domain list called #!!# local_domains, created from the old options that #!!# referred to local domains. It will be referenced #!!# later on by the syntax "+local_domains". #!!# Other domain and host lists may follow. # define local lists domainlist local_domains = lsearch;/etc/virtual/domains domainlist relay_domains = lsearch;/etc/virtual/domains : localhost hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 hostlist auth_relay_hosts = * ###################################################################### # Runtime configuration file for Exim # ###################################################################### # # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML) are available from # the Exim ftp sites. The manual is also online via the Exim web sites. # # This file is divided into several parts, all but the last of which are # terminated by a line containing the word "end". The parts must appear # in the correct order, and all must be present (even if some of them are # in fact empty). Blank lines, and lines starting with # are ignored. ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### perl_startup = do '/etc/exim.pl' # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \ \#${compile_number} ${tod_full} \n\ We do not authorize the use of this system to transport unsolicited, \n\ and/or bulk e-mail." # nobody as the sender seems to annoy people untrusted_set_sender = * local_from_check = false # split_spool_directory = no smtp_connect_backlog = 50 # primary_hostname = auto_thaw = 4d # DISALLOW IDENT CALLBACKS # OPTIONAL MODIFICATIONS: # Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up an SMTP session. By default # we disable callbacks for incoming SMTP calls. You may change # rfc1413_query_timeout to 30s or some other positive number of seconds to # enable callbacks for incoming SMTP calls. rfc1413_hosts = * rfc1413_query_timeout = 2s # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # Specify your local domains as a colon-separated list here. If this option # is not set (i.e. not mentioned in the configuration file), the # qualify_recipient value is used as the only local domain. If you do not want # to do any local deliveries, uncomment the following line, but do not supply # any data for it. This sets local_domains to an empty string, which is not # the same as not mentioning it at all. An empty string specifies that there # are no local domains; not setting it at all causes the default value (the # setting of qualify_recipient) to be used. #!!# message_filter renamed system_filter message_body_visible = 5000 # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. # local_domains_include_host_literals # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # The use of your host as a mail relay by any host, including the local host # calling its own SMTP port, is locked out by default. If you want to permit # relaying from the local host, you should set # # host_accept_relay = localhost # # If you want to permit relaying through your host from certain hosts or IP # networks, you need to set the option appropriately, for example # # If you are an MX backup or gateway of some kind for some domains, you must # set relay_domains to match those domains. This will allow any host to # relay through your host to those domains. # # See the section of the manual entitled "Control of relaying" for more # information. # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. # host_lookup = 0.0.0.0/0 # By default, Exim expects all envelope addresses to be fully qualified, that # is, they must contain both a local part and a domain. If you want to accept # unqualified addresses (just a local part) from certain hosts, you can specify # these hosts by setting one or both of # # receiver_unqualified_hosts = # sender_unqualified_hosts = # # to control sender and receiver addresses, respectively. When this is done, # unqualified addresses are qualified using the settings of qualify_domain # and/or qualify_recipient (see above). # Exim contains support for the Realtime Blocking List (RBL) that is being # maintained as part of the DNS. See http://maps.vix.com/rbl/ for background. # Uncommenting the first line below will make Exim reject mail from any # host whose IP address is blacklisted in the RBL at maps.vix.com. Some # others have followed the RBL lead and have produced other lists: DUL is # a list of dial-up addresses, and ORBS is a list of open relay systems. The # second line below checks all three lists. # rbl_domains = rbl.maps.vix.com # rbl_domains = rbl.maps.vix.com # If you want Exim to support the "percent hack" for all your local domains, # uncomment the following line. This is the feature by which mail addressed # to x%y@z (where z is one of your local domains) is locally rerouted to # x@y and sent on. Otherwise x%y is treated as an ordinary local part. # percent_hack_domains = * # sender_host_accept = +include_unknown:* # sender_host_reject = +include_unknown:lsearch*;/etc/spammers # TRUSTED USERS # OPTIONAL MODIFICATIONS: # if you must add additional trusted users, do so here; continue the # colon-delimited list trusted_users = mail:majordomo:apache:diradmin # SSL/TLS cert and key tls_certificate = /etc/exim.cert tls_privatekey = /etc/exim.key tls_advertise_hosts = * #auth_over_tls_hosts = * helo_accept_junk_hosts = * smtp_enforce_sync = false ###################################################################### # ACLs # ###################################################################### #!!# These ACLs are crudely constructed from Exim options. #!!# They are almost certainly not optimal. You should study #!!# them and rewrite as necessary. begin acl #!!# This ACL is used at the start of an incoming connection. #!!# The tests are run in order until the connection is #!!# either accepted or denied. acl_check_host: accept #!!# This ACL is used for the MAIL FROM: command in an #!!# incoming SMTP transaction. The tests are run in order until the #!!# sender address is either accepted or denied. acl_check_sender: accept # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # accept mail to postmaster in any local domain, regardless of source # accept local_parts = postmaster # domains = +local_domains # accept mail to abuse in any local domain, regardless of source # accept local_parts = abuse # domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source # accept local_parts = hostmaster # domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to errors@yourdomain.com, then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to errors@example.com, regardless of source # accept local_parts = errors # domains = example.com # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out # require verify = sender ######################################################## # BLOCK START: ACL RECIPIENTS LIMITS # ######################################################## # Limit the number of recipients in sent email deny message = Too many recipients, 15 maximum without SMTP Authentication condition = ${if >{$recipients_count}{15} {yes}{no}} !authenticated= * deny message = Too many recipients, 50 maximum with SMTP Authentication condition = ${if >{$recipients_count}{50} {yes}{no}} ######################################################## # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted ########################################################################################## # BLOCK END: ACL RELAYING SETTINGS # ########################################################################################## #!!# ACL that is used after the DATA command check_message: # Log some header lines so we can see the message subject in exim's log files. warn logwrite = Subject: $h_Subject: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # There are no authenticator specifications in this default configuration file. begin authenticators plain: driver = plaintext public_name = PLAIN server_prompts = : server_condition = "${perl{smtpauth}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${perl{smtpauth}}" server_set_id = $1 ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### begin routers # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup. Any domain # that resolves to an IP address on the loopback interface (127.0.0.0/8) is # treated as if it had no DNS entry. lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 127.0.0.0/8 condition = "${perl{check_limits}}" transport = remote_smtp no_more # This router routes to remote hosts over SMTP by explicit IP address, # when an email address is given in "domain literal" form, for example, # . The RFCs require this facility. However, it is # little-known these days, and has been exploited by evil people seeking # to abuse SMTP relays. Consequently it is commented out in the default # configuration. If you uncomment this router, you also need to comment out # "forbid_domain_literals" above, so that Exim can recognize the syntax of # domain literal addresses. # domain_literal: # driver = ipliteral # transport = remote_smtp ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # Spam Assassin #spamcheck_director: # driver = accept # condition = "${if and { \ # {!def:h_X-Spam-Flag:} \ # {!eq {$received_protocol}{spam-scanned}} \ # {!eq {$received_protocol}{local}} \ # {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \ # } {1}{0}}" # retry_use_local_part # transport = spamcheck # no_verify majordomo_aliases: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} domains = lsearch;/etc/virtual/domainowners directory_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part no_rewrite user = majordomo majordomo_private: driver = redirect allow_defer allow_fail #condition = "${if eq {$received_protocol} {local} {true} {false} }" condition = "${if or { {eq {$received_protocol} {local}} \ {eq {$received_protocol} {spam-scanned}} } {true} {false} }" data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}} domains = lsearch;/etc/virtual/domainowners file_transport = address_file group = daemon pipe_transport = majordomo_pipe retry_use_local_part user = majordomo domain_filter: driver = redirect allow_filter no_check_local_user condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}" user = "mail" file = /etc/virtual/${domain}/filter file_transport = address_file pipe_transport = virtual_address_pipe retry_use_local_part no_verify uservacation: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = uservacation unseen userautoreply: driver = accept condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}} require_files = /etc/virtual/${domain}/reply/${local_part}.msg transport = userautoreply unseen virtual_aliases_nostar: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part unseen #include_domain = true virtual_user: driver = accept #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}} condition = ${perl{save_virtual_user}} domains = lsearch;/etc/virtual/domainowners group = mail retry_use_local_part transport = virtual_localdelivery #accept it only if local_part is not in the aliases file #otherwise known as thet catch-all virtual_aliases: driver = redirect allow_defer allow_fail condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}} data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}} file_transport = address_file group = mail pipe_transport = virtual_address_pipe retry_use_local_part #include_domain = true #if we have an alias, but no passwd entry we have to drop the email because the #first alias is unseen (so that you can forward as well as save it) #The save part is "seen" (virtual_user), but the forward before it isn't. This #will be the spot where we "see" the email so that it doesn't send a bounce if #we have an alias but no pop. drop_solo_alias: driver = redirect allow_defer allow_fail data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}} file_transport = devnull group = mail #pipe_transport = virtual_address_pipe pipe_transport = devnull retry_use_local_part #include_domain = true # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. userforward: driver = redirect allow_filter check_ancestor check_local_user no_expn file = $home/.forward file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply no_verify system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = exim localuser: driver = accept check_local_user condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}" transport = local_delivery # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # Spam Assassin begin transports spamcheck: driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}} use_bsmtp user = mail # must use a privileged user to set $received_protocol on the way back in! #majordomo majordomo_pipe: driver = pipe group = daemon return_fail_output user = majordomo # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done. local_delivery: driver = appendfile delivery_date_add envelope_to_add directory = /home/$local_part/Maildir/ directory_mode = 770 create_directory = true maildir_format group = mail mode = 0660 return_path_add user = ${local_part} ## for delivering virtual domains to their own mail spool virtual_localdelivery: driver = appendfile create_directory delivery_date_add directory_mode = 770 envelope_to_add directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir maildir_format group = mail mode = 660 return_path_add user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}" quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}} ## vacation transport uservacation: driver = autoreply file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}" text = "\ ------ ------\n\n\ This message was automatically generated by email software\n\ The delivery of your message has not been affected.\n\n\ ------ ------\n\n" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once userautoreply: driver = autoreply bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}} file = /etc/virtual/${domain}/reply/${local_part}.msg from = "${local_part}@${domain}" log = /etc/virtual/${domain}/reply/${local_part}.log no_return_message subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" to = "${sender_address}" user = mail #once = /etc/virtual/${domain}/reply/${local_part}.once devnull: driver = appendfile file = /dev/null # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe in the directors # section below. address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe group = nobody return_output user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}" # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * quota * * F,2h,15m; G,16h,1h,1.5; F,4d,8h ###################################################################### # BLOCK START: LAST RETRY SETTINGS # ###################################################################### * rcpt_4xx F,10m,2m; F,2h,10m * refused F,1h,15m; G,2h,1h,1.5; F,1d,3h * * F,1h,15m; G,2h,1h,1.5; F,1d,3h # End of Exim 4 configuration