PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/proc/thread-self/root/etc/
Upload File :
Current File : //proc/thread-self/root/etc/exim.conf
#!!# cPanel Exim 4 Config

chunking_advertise_hosts=""
# +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking.
# +retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled.
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_recipients +received_sender +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +subject +tls_cipher +tls_peerdn
deliver_queue_load_max = 40
perl_startup = do '/etc/exim.pl'
smtp_receive_timeout = 7m
timeout_frozen_after = 1d
openssl_options = +no_compression +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 +cipher_server_preference
tls_require_ciphers = HIGH:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES256-SHA256:!AES256-GCM-SHA384:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SHA256:!AES128-SHA256:!ADH:!aNULL:!3DES:!SSLv2:!SSLv3
smtp_accept_max = 200
smtp_connect_backlog = 100
smtp_accept_max_per_connection = 50
system_filter_file_transport = address_file

hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8

hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts

hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts

hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks

hostlist blocked_incoming_email_country_ips = ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} }

hostlist backupmx_hosts = lsearch;/etc/backupmxhosts

hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts

hostlist recent_authed_mail_ips = net-iplsearch;/etc/recent_authed_mail_ips

hostlist neighbor_netblocks = net-iplsearch;/etc/neighbor_netblocks

hostlist greylist_trusted_netblocks = net-iplsearch;/etc/greylist_trusted_netblocks

hostlist greylist_common_mail_providers = net-iplsearch;/etc/greylist_common_mail_providers

hostlist cpanel_mail_netblocks = net-iplsearch;/etc/cpanel_mail_netblocks

hostlist recent_recipient_mail_server_ips = net-iplsearch;/etc/recent_recipient_mail_server_ips

domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}

domainlist local_domains = lsearch;/etc/localdomains

domainlist secondarymx_domains = lsearch;/etc/secondarymx

domainlist relay_domains = +local_domains : +secondarymx_domains

domainlist blocked_domains = wildlsearch;/etc/blocked_incoming_email_domains

domainlist manualmx_domains = ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} }

localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N

smtp_accept_queue_per_connection = 30

remote_max_parallel = 10

ignore_bounce_errors_after = 1d

rfc1413_query_timeout = 0s

auto_thaw = 7d

callout_domain_negative_expire = 1h

callout_negative_expire = 1h

acl_not_smtp = acl_not_smtp

acl_not_smtp_mime = acl_not_smtp_mime

acl_smtp_connect = acl_smtp_connect

acl_smtp_data = acl_smtp_data

acl_smtp_helo = acl_smtp_helo

acl_smtp_mail = acl_smtp_mail

acl_smtp_mime = acl_smtp_mime

acl_smtp_rcpt = acl_smtp_rcpt

message_body_newlines = true

check_rfc2047_length = false

keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR

add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin

queue_only_load = 216

daemon_smtp_ports = 25 : 26 : 465 : 587

tls_on_connect_ports = 465

system_filter_user = cpaneleximfilter

system_filter_group = cpaneleximfilter

smtputf8_advertise_hosts = :

timezone = Asia/Kolkata

spamd_address = 127.0.0.1 783 retry=30s tmo=3m

tls_certificate = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.crt} \
        }} \
    }} \
    {/etc/exim.crt} \
}


tls_privatekey = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.key} \
        }} \
    }} \
    {/etc/exim.key} \
}


system_filter = /etc/eig_exim_system_filter




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.


#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.




addresslist secondarymx = *@partial-lsearch;/etc/secondarymx

######################################################################
#                  Runtime configuration file for Exim               #
######################################################################


# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
    We do not authorize the use of this system to transport unsolicited, \n\
    and/or bulk e-mail."


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false



split_spool_directory = yes


# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000


# Specify a set of options to control the behavior of OpenSSL. The default is to
# disable SSLv2 and SSLv3 due to weaknesses in these protocols.


# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers





tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl



########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 108.002
# Template: universal.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################

acl_not_smtp:

#BEGIN ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK
# BEGIN INSERT resolve_vhost_owner
warn
        condition   = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
        set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}

# END INSERT resolve_vhost_owner
# BEGIN INSERT end_default_outgoing_notsmtp_checkall
	accept

# END INSERT end_default_outgoing_notsmtp_checkall

#END ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK

#BEGIN ACL-NOT-SMTP-BLOCK

#END ACL-NOT-SMTP-BLOCK

acl_not_smtp_mime:

#BEGIN ACL-NOT-SMTP-MIME-BLOCK
# BEGIN INSERT disallowed_filenames_bl
# Reject inbound mail with potentially dangerous attachments
# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny
  log_message = DENY: disallowed \"$mime_filename\"
  condition = ${if match \
  {${lc:$mime_filename}} \
  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}
  message = Attached file '$mime_filename' has disallowed extension.

accept

# END INSERT disallowed_filenames_bl

#END ACL-NOT-SMTP-MIME-BLOCK

acl_not_smtp_start:

#BEGIN ACL-NOT-SMTP-START-BLOCK

#END ACL-NOT-SMTP-START-BLOCK

acl_smtp_auth:

#BEGIN ACL-SMTP-AUTH-BLOCK

#END ACL-SMTP-AUTH-BLOCK

acl_smtp_connect:

#BEGIN ACL-CONNECT-BLOCK
# BEGIN INSERT custom_begin_connect
deny
    message = "$sender_fullhost is in an RBL on bl.pro1.websitewelcome.com, see $dnslist_text"
    log_message = Host is banned
    dnslists = bl.pro1.websitewelcome.com


# END INSERT custom_begin_connect
# BEGIN INSERT blockedcountryips


drop
    message = Your country is not allowed to connect to this server.
    log_message = Country is banned
    hosts = +blocked_incoming_email_country_ips


# END INSERT blockedcountryips
# BEGIN INSERT delay_unknown_hosts


warn
    !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 5s



# END INSERT delay_unknown_hosts
# BEGIN INSERT spammerlist


drop
    message = Your host is not allowed to connect to this server.
    log_message = Host is banned
    !hosts = : +skipsmtpcheck_hosts : +trustedmailhosts
    hosts = +spammeripblocks


# END INSERT spammerlist
# BEGIN INSERT custom_end_connect
   warn
        # host had a success in the last hour 
        ratelimit = 1 / 30m / noupdate / per_conn / slow_fail_accept_$sender_host_address
        set acl_m4 = 1

   defer 
        condition = ${if eq {${acl_m4}}{1}{0}{1}}
        log_message = "Host is ratelimited due to multiple failure only connections ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
        ratelimit = 30 / 30m / noupdate / per_conn / slow_fail_block_$sender_host_address



# END INSERT custom_end_connect

#END ACL-CONNECT-BLOCK

#BEGIN ACL-CONNECT-POST-BLOCK
# BEGIN INSERT default_connect_post

# do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
    accept


# END INSERT default_connect_post

#END ACL-CONNECT-POST-BLOCK

acl_smtp_data:

# exiscan only

# exiscan only

#BEGIN ACL-OUTGOING-SMTP-CHECKALL-BLOCK

#END ACL-OUTGOING-SMTP-CHECKALL-BLOCK

#BEGIN ACL-CHECK-MESSAGE-PRE-BLOCK
# BEGIN INSERT default_check_message_pre
#
#  Enabling this will make the server non-rfc compliant
#  require verify = header_sender
#

    accept  hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts

    accept
            authenticated = *
            hosts = *

    accept
            condition = ${extract \
    {size} \
    {${stat:/etc/trustedmailhosts}} \
}
            hosts = +trustedmailhosts

    accept
            condition = ${extract \
    {size} \
    {${stat:/etc/trustedmailhosts}} \
}
            condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}



# END INSERT default_check_message_pre

#END ACL-CHECK-MESSAGE-PRE-BLOCK

#BEGIN ACL-PRE-SPAM-SCAN
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
 accept
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}

# END INSERT mailproviders

#END ACL-PRE-SPAM-SCAN

#BEGIN ACL-SPAM-SCAN-BLOCK
# BEGIN INSERT custom_end_spam_scan

  warn
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
    add_header = X-Spam-Subject: [SPAM] $h_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: $spam_report
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1

  warn
      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}


  warn
  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  add_header = X-Spam-Status: No, score=$spam_score
  add_header = X-Spam-Score: $spam_score_int
  add_header = X-Spam-Bar: $spam_bar
  add_header = X-Spam-Flag: NO
  log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"


# END INSERT custom_end_spam_scan

#END ACL-SPAM-SCAN-BLOCK

# exiscan only

# exiscan only

#BEGIN ACL-RATELIMIT-SPAM-BLOCK

#END ACL-RATELIMIT-SPAM-BLOCK

#BEGIN ACL-SPAM-BLOCK

#END ACL-SPAM-BLOCK

#BEGIN ACL-CHECK-MESSAGE-POST-BLOCK
# BEGIN INSERT default_check_message_post

 accept

# END INSERT default_check_message_post

#END ACL-CHECK-MESSAGE-POST-BLOCK

acl_smtp_etrn:

#BEGIN ACL-SMTP-ETRN-BLOCK

#END ACL-SMTP-ETRN-BLOCK

acl_smtp_helo:

#BEGIN ACL-SMTP-HELO-BLOCK
# BEGIN INSERT custom_helo_block
  warn
     log_message = got HELO: $sender_helo_name
  drop message     = Banned HELO.
       log_message = Banned HELO
       condition   = ${lookup {$sender_helo_name}lsearch{/etc/eximrejecthelo}{yes}{no}}
  accept

# END INSERT custom_helo_block

#END ACL-SMTP-HELO-BLOCK

#BEGIN ACL-SMTP-HELO-POST-BLOCK
# BEGIN INSERT default_smtp_helo

    accept


# END INSERT default_smtp_helo

#END ACL-SMTP-HELO-POST-BLOCK

acl_smtp_mail:

#BEGIN ACL-MAIL-PRE-BLOCK
# BEGIN INSERT default_mail_pre

    # ignore authenticated hosts
    accept
        authenticated = *

    warn
        condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}
        set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

    accept
        hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts



# END INSERT default_mail_pre

#END ACL-MAIL-PRE-BLOCK

#BEGIN ACL-MAIL-BLOCK
# BEGIN INSERT requirehelo

deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL


# END INSERT requirehelo
# BEGIN INSERT requirehelonoforge


drop
    # if ($sender_helo_name eq $primary_hostname) {
    #      if (defined $interface_address) {
    #           return is_loopback($interface_address) ? 0 : 1;  #ok from localhost
    #      } else {
    #            return 0; #exim -bs
    #      }
    # } else {
    #      return 0;
    # }
    condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}}
    message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"


drop
    condition = ${if eq{[$interface_address]}{$sender_helo_name}}
    message   = "REJECTED - Interface: $interface_address is _my_ address"

# END INSERT requirehelonoforge
# BEGIN INSERT requirehelosyntax

drop
    condition   = ${if isip{$sender_helo_name}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)

drop
    # Required because "[IPv6:<address>]" will have no .s
    condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
    condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

drop
    condition   = ${if match{$sender_helo_name}{\N\.$\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

drop
    condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

# END INSERT requirehelosyntax

#END ACL-MAIL-BLOCK

#BEGIN ACL-MAIL-POST-BLOCK
# BEGIN INSERT default_mail_post

    accept


# END INSERT default_mail_post

#END ACL-MAIL-POST-BLOCK

acl_smtp_mailauth:

#BEGIN ACL-SMTP-MAILAUTH-BLOCK

#END ACL-SMTP-MAILAUTH-BLOCK

acl_smtp_mime:

#BEGIN ACL-SMTP-MIME-BLOCK
# BEGIN INSERT disallowed_filenames_bl
# Reject inbound mail with potentially dangerous attachments
# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny
  log_message = DENY: disallowed \"$mime_filename\"
  condition = ${if match \
  {${lc:$mime_filename}} \
  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}
  message = Attached file '$mime_filename' has disallowed extension.

accept

# END INSERT disallowed_filenames_bl

#END ACL-SMTP-MIME-BLOCK

acl_smtp_notquit:

#BEGIN ACL-NOTQUIT-BLOCK

#END ACL-NOTQUIT-BLOCK

acl_smtp_predata:

#BEGIN ACL-SMTP-PREDATA-BLOCK

#END ACL-SMTP-PREDATA-BLOCK

acl_smtp_quit:

#BEGIN ACL-SMTP-QUIT-BLOCK

#END ACL-SMTP-QUIT-BLOCK

acl_smtp_rcpt:

#BEGIN ACL-RATELIMIT-BLOCK

#END ACL-RATELIMIT-BLOCK

#BEGIN ACL-PRE-RECIPIENT-BLOCK
# BEGIN INSERT default_pre_recipient
warn
  !domains = +relay_domains
  set acl_m_outbound_recipient = 1


# END INSERT default_pre_recipient
# BEGIN INSERT delay_unknown_hosts


warn
    !authenticated = *
    !hosts = : +neighbor_netblocks : +loopback : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 5s


# END INSERT delay_unknown_hosts
# BEGIN INSERT dkim_disable

 warn
   control = dkim_disable_verify


# END INSERT dkim_disable

#END ACL-PRE-RECIPIENT-BLOCK

#BEGIN ACL-RECIPIENT-BLOCK
# BEGIN INSERT blockeddomains
  deny
    message = Your host is not allowed to connect to this server.
    log_message = Sender domain is banned
    sender_domains = !+local_domains : +blocked_domains

# END INSERT blockeddomains
# BEGIN INSERT default_recipient
  accept  hosts = :

  accept hosts = +skipsmtpcheck_hosts

 deny message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
     condition =  ${if match_domain{$sender_address_domain}{lsearch;/etc/spfdomains}{true}{false}}
     spf = !pass


# END INSERT default_recipient

#END ACL-RECIPIENT-BLOCK
#mailman only

#BEGIN ACL-RECIPIENT-MAILMAN-BLOCK
# BEGIN INSERT default_recipient_mailman

 # Accept bounces to lists even if callbacks or other checks would fail
  accept
           domains    = +local_domains
           condition  = ${if match{$local_part}{\N^(\.*[^./][^/]*)-bounces(\+.*)?$\N}}
           condition  = ${if exists{/usr/local/cpanel/3rdparty/mailman/lists/${1}${if !eq{$domain}{$primary_hostname}{_${domain}}{}}/config.pck}}
           add_header = X-WhitelistedRCPT-nohdrfromcallback: Yes

  #if it gets here it isn't mailman


# END INSERT default_recipient_mailman

#END ACL-RECIPIENT-MAILMAN-BLOCK
#mailman only

#BEGIN ACL-IDENTIFY-SENDER-BLOCK
# BEGIN INSERT default_identify_sender
# Accept authenticated connections when the connection comes from the main
# account (foo@foo.com, where foo.com's user is foo).  Otherwise, we end up
# unintentionally rejecting mail if the user is set to :fail:.
  accept
          authenticated = *
          condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}}}{$sender_address_local_part}}
          endpass
          verify = recipient

# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
   deny hosts = ! +loopback : ! +senderverifybypass_hosts
        ! verify = sender

  accept
          authenticated = *
          endpass
          verify = recipient

  # if they used "pop before smtp" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain
  warn
        domains = ! +local_domains
        hosts = ! +loopback
        hosts = +recent_authed_mail_ips
        set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
        add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}}

  # if they used "pop before smtp" then we just accept
  accept
    condition = ${if exists{/etc/popbeforesmtp}{1}{0}}
    hosts = ! +loopback
    hosts = +recent_authed_mail_ips
    endpass
    verify = recipient

  # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled
  accept
    hosts = ! +loopback
    condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{/etc/popbeforesmtp}}}{${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}}{0}}
    set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
    set acl_c_alwaysrelay = 1
    endpass
    verify = recipient

  #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
  # a clogged outbox in outlook

   # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user)
   # We need to do it here before we can test the two drops
   warn
       condition = ${if !def:acl_c_authenticated_local_user}
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       condition = ${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}
       set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

  # drop connections to localhost that are from demo accounts (required for manual connections)
  drop
       condition = ${if def:acl_c_authenticated_local_user}
       condition = ${if !eq{$acl_c_authenticated_local_user}{root}}
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       condition = ${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{1}}
       message   = Demo accounts may not send mail

  # drop connections to localhost that fail auth (required for Horde)
  drop
       condition = $authentication_failed
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       message   = Authentication failed

  # we learned this in the acl_smtp_mail block
  accept
    condition = ${if def:acl_c_authenticated_local_user}
    endpass
    verify = recipient


# END INSERT default_identify_sender
# BEGIN INSERT default_message_submission

# Reject unauthenticated relay on port 587
 drop
    condition = ${if eq{$received_port}{587}{1}{0}}
    message = SMTP AUTH is required for message submission on port 587

# END INSERT default_message_submission

#END ACL-IDENTIFY-SENDER-BLOCK



#BEGIN ACL-RECP-VERIFY-BLOCK
# BEGIN INSERT default_recp_verify
  # recipient verification to confirm the address is routable.
  # no callouts to remote systems are performed by default.
  require
    verify = recipient

  # skip content scanning for suspended recipients that are being queued, blackholed or relayed
  accept
    condition = ${extract{suspended}{$address_data}}


# END INSERT default_recp_verify

#END ACL-RECP-VERIFY-BLOCK

#BEGIN ACL-POST-RECP-VERIFY-BLOCK
# BEGIN INSERT dictionary_attack


  warn
    log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
    condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
    set acl_m7 = 1

  warn
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"

  drop
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    message = "Number of failed recipients exceeded.  Come back in a few hours."


# END INSERT dictionary_attack
# BEGIN INSERT custom_end_post_recp_verify
 deny  message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
       condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}}
       spf = fail:neutral


# END INSERT custom_end_post_recp_verify

#END ACL-POST-RECP-VERIFY-BLOCK

#BEGIN ACL-TRUSTEDLIST-BLOCK
# BEGIN INSERT trustedmailhosts
 accept
    hosts = +trustedmailhosts

 accept
     condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}

# END INSERT trustedmailhosts

#END ACL-TRUSTEDLIST-BLOCK

#BEGIN ACL-RBL-BLOCK
# BEGIN INSERT davehaus_rbl
## Block no from address
# warn
#    condition = ${if eq{$sender_address} {}}
#    log_message = "The host didn't send a from address."
#
# drop
#    condition = ${if eq{$sender_address} {}}
#

# Dave MFIN Collins.. on 84's.

 deny message = "JunkMail rejected - $sender_fullhost is in an RBL on rbl.websitewelcome.com, see $dnslist_text"
     dnslists = rbl.websitewelcome.com
     hosts = +backupmx_hosts

 warn
     dnslists = rbl.websitewelcome.com
     set acl_m8 = 1
     set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL on rbl.websitewelcome.com, see $dnslist_text"

 warn
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"


 drop
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

 deny message = "JunkMail rejected - $sender_fullhost is in an RBL on csi.cloudmark.com/reset-request/?ip=$sender_host_address , see $dnslist_text"
     !authenticated = *
     dnslists = csi.websitewelcome.com


# END INSERT davehaus_rbl

#END ACL-RBL-BLOCK

#BEGIN ACL-MAILAUTH-BLOCK
# BEGIN INSERT spf_hg_check

 warn spf = fail
   add_header = X-SPF-Check: $sender_host_address is not allowed to send mail from $sender_address_domain
 !verify = reverse_host_lookup
   add_header = X-PTR-Check: No (consistent) reverse DNS set.


# END INSERT spf_hg_check

#END ACL-MAILAUTH-BLOCK

#BEGIN ACL-GREYLISTING-BLOCK

#END ACL-GREYLISTING-BLOCK

#BEGIN ACL-RCPT-HARD-LIMIT-BLOCK

#END ACL-RCPT-HARD-LIMIT-BLOCK

#BEGIN ACL-RCPT-SOFT-LIMIT-BLOCK

#END ACL-RCPT-SOFT-LIMIT-BLOCK

#BEGIN ACL-SPAM-SCAN-CHECK-BLOCK
# BEGIN INSERT default_spam_scan_check

  # The only problem with this setup is that if the message is for multiple users on the same server
  # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
  # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.

  warn
         domains    = +local_domains
         condition  = ${if <= {$message_size}{200K}}
         condition  = ${if !eq{${acl_m0}}{1}}
         condition  = ${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${if eq{$domain}{$primary_hostname}{${sg{$local_part}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}}}}}/.spamassassinenable}}}}
         set acl_m0 = 1

         # $local_part should work here rather than $local_part_data, but
         # $local_part_data sidesteps a taint-checking bug in Exim 4.94.
         #
         # Commit 12b7f811de is advertised as the fix for it, but during
         # testing an Exim built with that change still had the bug.
         # cf. https://www.mail-archive.com/exim-users@exim.org/msg54624.html
         #
         set acl_m1 = ${if eq{$domain}{$primary_hostname}{${sg{$local_part_data}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}


# END INSERT default_spam_scan_check
# BEGIN INSERT spam_scan_secondarymx

  # Support for scanning secondarymx domains

  warn  domains = ! +local_domains : +secondarymx_domains
         condition = ${if <= {$message_size}{200K}{1}{0}}
          set acl_m0    = 1
          set acl_m1    = cpaneleximscanner



# END INSERT spam_scan_secondarymx

#END ACL-SPAM-SCAN-CHECK-BLOCK

#BEGIN ACL-POST-SPAM-SCAN-CHECK-BLOCK
# BEGIN INSERT delay_unknown_hosts


warn
    #acl_m2 is spam = YES
    condition = ${if eq {${acl_m2}}{1}{1}{0}}
    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    delay = 40s

# END INSERT delay_unknown_hosts
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
 warn
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
     set acl_m0 = 0

# END INSERT mailproviders

#END ACL-POST-SPAM-SCAN-CHECK-BLOCK

#BEGIN ACL-RECIPIENT-POST-BLOCK
# BEGIN INSERT default_recipient_post



  accept  domains = +relay_domains

  deny    message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}}
          log_message = Rejected relay attempt: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain'


# END INSERT default_recipient_post

#END ACL-RECIPIENT-POST-BLOCK

acl_smtp_starttls:

#BEGIN ACL-SMTP-STARTTLS-BLOCK

#END ACL-SMTP-STARTTLS-BLOCK

acl_smtp_vrfy:

#BEGIN ACL-SMTP-SMTP-VRFY-BLOCK

#END ACL-SMTP-SMTP-VRFY-BLOCK

acl_smtp_dkim:

#BEGIN ACL-SMTP-DKIM-BLOCK

#END ACL-SMTP-DKIM-BLOCK





begin authenticators


dovecot_plain:
    driver = dovecot
    public_name = PLAIN
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth1
    server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}



dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
  server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}



# smarthost authentication disabled





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite




#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#

begin routers




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.




blackhole_dovenull:
    driver= redirect
    local_parts = "@dovenull"
    allow_fail = true
    data = :fail: Unrouteable address

deliver_local_outside_jail:
    driver = manualroute
    require_files = "+/jail_owner"
    # users outside the jail will not be in /etc/passwd => We need to check if $local_part is in /jail_owner
    # we can't just check to see if they exist
    # because we still want to be able to mail root
    domains = +local_domains
    transport = remote_smtp
    route_list = "* 127.0.0.1"
    # self = send allows us to send outside the jail
    # we make sure /home/virtfs does not exist before we get here
    # to be safe
    self = send



suspendedcheck:
    driver = redirect
    domains = +local_domains
    local_parts = ${if eq {$domain} \
        {$primary_hostname} \
        {+path_safe_localparts} \
        {*} \
    }
    require_files = \
        +/etc/exim_suspended_list \
        : +/var/cpanel/suspended/${if eq {$domain} {$primary_hostname} \
            {$local_part} \
            {${lookup \
                {$domain} \
                lsearch{/etc/userdomains} \
                {$value} \
                {::::invalid::::} \
            }} \
        }
    local_part_suffix = +*
    local_part_suffix_optional
    allow_fail
    allow_defer
    allow_freeze
    # Sets r_suspendinfo to the contents of the suspendinfo file,
    # r_suspended_shell to the original shell of the suspended account,
    # r_suspended_redirect to the real mapped redirect setting.
    set = r_suspended_shell=${perl \
        {get_suspended_shell} \
        {${if eq {$domain} {$primary_hostname} \
            {$local_part} \
            {${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        }} \
    }
    # This skips content scanning for the primary account address with
    # live-transfers and handles the special :queue: setting by pretending
    # those are :blackhole: deliveries during address verification
    address_data = \
        router=$router_name \
        ${if \
            !match {${lookup \
                    {$local_part@$domain} \
                    wildlsearch{/etc/exim_suspended_list} \
                    {$value} \
                    {:unknown:} \
            }} \
            {\N^\s*(:unknown:.*)?$\N} \
            { \
                suspended=1 \
                redirect=${quote:${if \
                    !match{${lookup \
                            {$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                    }} \
                    {\N^\s*:\N} \
                    {${if eq \
                        {$verify_mode} \
                        {} \
                        {${lookup{$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                        }} \
                        {:blackhole:} \
                    }} \
                    {${sg \
                        {${lookup {$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                        }} \
                        {\N^\s*:queue:\N} \
                        {${if eq \
                            {$verify_mode} \
                            {} \
                            {:defer:} \
                            {:blackhole:} \
                        }} \
                    }} \
                }} \
            } \
        }
    data = ${extract \
    {redirect} \
    {$address_data} \
}


# The main routers handle traffic to the lists themselves and the suffixed ones
# handle mail to administrative aliases.  We have to use a two step process
# because otherwise mail to a list such as foo-admin@example.tld will not be
# handled properly.

mailman_virtual_router:
    driver = accept
    domains = !$primary_hostname : +local_domains
    local_parts = +path_safe_localparts
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman
    transport = mailman_virtual_transport



mailman_virtual_router_suffixed:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman
    domains = !$primary_hostname : +local_domains
    local_parts = +path_safe_localparts
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner     : -request   : \
            -subscribe : -unsubscribe
    transport = mailman_virtual_transport



mailman_virtual_router_nodns:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    domains = $primary_hostname
    local_parts = +path_safe_localparts
    transport = mailman_virtual_transport_nodns



mailman_virtual_router_nodns_suffixed:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    local_part_suffix = -admin     : \
            -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
            -join      : -leave     : \
            -owner     : -request   : \
            -subscribe : -unsubscribe
    domains = $primary_hostname
    local_parts = +path_safe_localparts
    transport = mailman_virtual_transport_nodns

democheck:
    driver = redirect
    require_files = "+/etc/demouids"
    condition = ${if >= {$originator_uid}{100}{1}{0}}
    condition = "${extract{size}{${stat:/etc/demouids}}}"
    condition = "${if eq \
        {${lookup \
            {$originator_uid} \
            lsearch{/etc/demouids} \
            {$value} \
        }} \
        {} \
        {false} \
        {true} \
    }"
    allow_fail
    data = :fail: demo accounts are not permitted to relay email

#
# This is to make sure that cpanel@* always passes sender verification
# so that the system notifications don't get rejected by spam filters
# doing a sender verification check.
#
blackhole_cpanel_at:
    driver = redirect
    local_parts = cpanel
    domains = !$primary_hostname
    verify_only
    data = :blackhole:



# cPanel Mail Archiving is disabled


boxtrapper_autowhitelistHG:
  driver = accept
  condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}}
  require_files = "+/usr/local/cpanel/bin/boxtrapper"
  transport = boxtrapper_autowhitelist
  unseen

fightspamHG:
    driver = redirect
    domains = ! +local_domains
    condition = "${perl{spam_fighter}}"
    data = /dev/null
    file_transport = address_file
    no_more

check_mailpermissions:
    domains = ! +local_domains
    condition = "${perl{check_mail_permissions}}"
    driver = redirect
    ignore_target_hosts = +loopback : 64.94.110.0/24
    allow_filter
    reply_transport = address_reply
    user = mailnull
    expn = false
    data = "${perl{check_mail_permissions_results}}"

enforce_mail_permissionsHG:
    domains = ! +local_domains
    condition = "${perl{enforce_mail_permissions}}"
    driver = redirect
    ignore_target_hosts = +loopback : 64.94.110.0/24
    allow_fail
    allow_defer
    expn = false
    data = "${perl{enforce_mail_permissions_results}}"


increment_max_emails_per_hour:
    domains = ! +local_domains
    condition = "${perl{increment_max_emails_per_hour_if_needed}}"
    driver = redirect
    ignore_target_hosts = +loopback : 64.94.110.0/24
    allow_fail
    no_verify
    one_time
    expn = false
    data = ":unknown:"

blockeddomains:
    driver = redirect
    require_files = "+/etc/blockeddomains"
    domains = "/etc/blockeddomains"
    allow_fail
    data = :fail: "Sorry, you are sending to/from an address that has been blacklisted"

deliver_through_cm_smtp:
   condition = ${if !eq{$original_domain}{$domain}}
   driver = manualroute
   domains = ! +local_domains
   #ignore verisign to prevent waste of bandwidth
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
   headers_add = "${perl{mailtrapheaders2}}"
   transport = remote_smtp
   hosts_randomize = true 
   route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71

dkim_lookuphostHG:
    driver = manualroute
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
    headers_add = "${perl{mailtrapheaders2}}"
    transport = dkim_remote_smtp
    hosts_randomize = true 
    route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71

send_to_cm:
   driver = manualroute
   condition = "${perl{checkspam3}}"
   domains = ! +local_domains
   #ignore verisign to prevent waste of bandwidth
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
   headers_add = "${perl{mailtrapheaders2}}"
   transport = remote_smtp
   hosts_randomize = true 
   route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71

send_to_gateway:
   driver = manualroute
   domains = ! +local_domains
   #ignore verisign to prevent waste of bandwidth
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
   headers_add = "${perl{mailtrapheaders2}}"
   transport = remote_smtp
   hosts_randomize = true 
   route_data = eig-east.smtp.a.cloudfilter.net:eig-west.smtp.a.cloudfilter.net:+:3.228.35.199:18.215.58.191:+:34.223.136.48:34.217.196.71


#
# Handles identification of messages, nobody and webspam and mail trap checks
# in check_mail_permissions and notifies if we are defering a message
#


boxtrapper_autowhitelist:
  driver = accept
  condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if eq{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$sender_ident}}}{0}}}}}}}}
  require_files = "+/usr/local/cpanel/bin/boxtrapper"
  transport = boxtrapper_autowhitelist
  no_verify
  unseen

check_mail_permissions:
    domains = ! +local_domains
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    ignore_target_hosts = +loopback : 64.94.110.0/24
    driver = redirect
    allow_filter
    reply_transport = address_reply
    user = mailnull
    no_verify
    expn = false
    condition = "${perl{check_mail_permissions}}"
    data = "${perl{check_mail_permissions_results}}"


#
#  discover_sender_information is not included
#  because from_rewrites are not enabled
#


#
# If check_mail_permissions needs to defer or fail a message it is done here
#
enforce_mail_permissions:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    allow_defer
    no_verify
    expn = false
    condition = "${perl{enforce_mail_permissions}}"
    data = "${perl{enforce_mail_permissions_results}}"

#
# Increments max emails per hour if needed
#
increment_max_emails_per_hour_if_needed:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    no_verify
    one_time
    expn = false
    condition = "${perl{increment_max_emails_per_hour_if_needed}}"
    data = ":unknown:"





#
#  reject_forwarded_mail_marked_as_spam is not included
#  because no_forward_outbound_spam and no_forward_outbound_spam_over_int
#  are both disabled
#


# This router routes to a statically defined host from /etc/manualmx
# so that any mail received for the domain will skip MX lookups and attempt to
# deliver the message directly to the specified host.
manualmx:
    driver = manualroute
    domains = +manualmx_domains
    transport = remote_smtp
    route_data = ${lookup \
        {$domain} \
        lsearch{/etc/manualmx} \
    }

#
# lookuphost router
#



#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#
autoreply_dkim_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    condition = "${perl{sender_domain_can_dkim_sign}}"
    condition = "${if \
        or { \
            {match{$h_precedence:}{auto}} \
            {match{$h_x-precedence:}{auto}} \
        } \
        {1}{0} \
    }"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = dkim_remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
#


dkim_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    condition = "${perl{sender_domain_can_dkim_sign}}"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {dkim_remote_smtp} {dkim_remote_forwarded_smtp}}
.else
    transport = dkim_remote_smtp
.endif

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#


autoreply_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    condition = "${if \
        or { \
            {match{$h_precedence:}{auto}} \
            {match{$h_x-precedence:}{auto}} \
        } \
        {1}{0} \
    }"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#



lookuphost:
    # router from etc/exim/replacecf/dkim/lookuphost
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {remote_smtp} {remote_forwarded_smtp}}
.else
    transport = remote_smtp
.endif


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.


#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = ipliteral
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {remote_smtp} {remote_forwarded_smtp}}
.else
    transport = remote_smtp
.endif




#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.


#
# Trap Failures to Remote Domain
#

fail_remote_domains:
    driver = redirect
    domains = ! +local_domains : ! localhost : ! localhost.localdomain
    allow_fail
    data = ${if eq {$verify_mode}{S} \
        {:fail: The mail server does not recognize $local_part@$domain as a valid sender.} \
        {:fail: The mail server could not deliver mail to $local_part@$domain.  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.} \
    }





#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
#  driver = forwardfile
#  file = /etc/spam.filter
#  no_check_local_user
#  no_verify
#  filter
#  allow_system_actions












#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = !$primary_hostname : dsearch;/etc/vfilters
    require_files = "+/etc/vfilters/${domain_data}"
    condition = "${extract \
        {size} \
        {${stat:/etc/vfilters/${domain_data}}} \
    }"
    file = /etc/vfilters/${domain_data}
    file_transport = address_file
    directory_transport = address_directory
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract{6} \
    {:} \
    {${lookup \
        passwd{ \
            ${lookup \
                {$domain_data} \
                lsearch{/etc/userdomains} \
            } \
        } \
    }} \
}:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    reply_transport = address_reply
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    no_verify



#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
#
mainacct_central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname
    condition = ${if eq \
        {${lookup \
            {$local_part_data} \
            lsearch{/etc/domainusers} \
            {$value} \
        }} \
        {} \
        {0} \
        {${if exists \
            {/etc/vfilters/${lookup \
                {$local_part_data} \
                lsearch{/etc/domainusers} \
                {$value} \
            }} \
            {${extract \
                {size} \
                {${stat:/etc/vfilters/${lookup \
                    {$local_part_data} \
                    lsearch{/etc/domainusers} \
                    {$value} \
                }}} \
            }} \
            {0} \
        }} \
    }
    file = "/etc/vfilters/${lookup \
        {$local_part_data} \
        lsearch{/etc/domainusers} \
        {$value} \
    }"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    user = $local_part_data
    group = $local_part_data
    retry_use_local_part
    no_verify

#
# User Level Filtering for the main account
#


central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname

    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter"
    condition = "${extract \
        {size} \
        {${stat:${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter}} \
    }"
    file = "${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    user = $local_part_data
    group = $local_part_data
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

#
# User Level Filtering for virtual users
#


virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data/$local_part_data/filter"
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    local_parts = ${if exists{${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data}{dsearch;${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data}}
    condition = "${extract{size}{${stat:$home/etc/$domain_data/$local_part_data/filter}}}"
    file = "$home/etc/$domain_data/$local_part_data/filter"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract{6} \
    {:} \
    {${lookup \
        passwd{ \
            ${lookup \
                {$domain_data} \
                lsearch{/etc/userdomains} \
            } \
        } \
    }} \
}:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    reply_transport = address_reply
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify






virtual_aliases_nostar:
    driver = redirect
    allow_defer
    allow_fail
    domains = !$primary_hostname : dsearch;/etc/valiases
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    address_data = \
        "router=$router_name \
        redirect=${quote:${lookup \
            {$local_part@$domain_data} \
            lsearch{/etc/valiases/$domain_data} \
    }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    unseen



virtual_user_overquota:
  driver = redirect
  domains = !$primary_hostname : ${lookup{$domain}lsearch{/etc/userdomains}{${perl{untaint}{$domain}}}}
  require_files = "+$home/etc/$domain_data"
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}

  # NB: On busy servers Dovecot may take several seconds to respond to
  # this request. So we set the timeout generously:
  condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain_data}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"

  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  verify_only
  allow_fail







#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = redirect
    local_parts = +path_safe_localparts
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
    require_files = \
        "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/.spamassassinboxenable: \
            +${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    headers_remove="x-uidl"
    data = "${quote_local_part:$local_part}+spam@$domain_data"
    redirect_router = virtual_user



virtual_boxtrapper_user:
  driver = accept
  local_parts = +path_safe_localparts
  domains = !$primary_hostname : ${lookup \
    {$domain} \
    lsearch{/etc/userdomains} \
    {${perl{untaint} \
        {$domain} \
    }} \
}
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data/$local_part/.boxtrapperenable:+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  router_home_directory = "${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}"
  headers_remove="x-uidl"
  transport = virtual_boxtrapper_userdelivery

virtual_user:
    driver = accept
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    local_parts = +path_safe_localparts
    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    headers_remove="x-uidl"
    local_part_suffix = +*
    local_part_suffix_optional
    user = mailnull
    group = mail
    transport = dovecot_virtual_delivery
    set = r_bcc_addr=${if forany \
        {${addresses:$h_to:}:${addresses:$h_cc:}} \
        {or { \
            {eqi \
                {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
                {$local_part@$domain_data} \
            } \
            {eqi \
                {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
                {$original_local_part@$original_domain} \
            } \
        }} \
        {} \
        {$local_part@$domain} \
    }
    set = r_cpanel_user=${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}
    #
    # If the delivery address, original address (forwarded),
    # or address with subaddress is shown on the To: or Cc:
    # lines or the message has the List-Id: or Precedence:
    # header we allow the message to be batched to
    # dovecot LMTP via transport dovecot_virtual_delivery
    #
    # If it does match match the above we do not allow the message
    # to be batched in order to ensure that the Envelope-To: header
    # does not contain a user that was Bcc:ed so savvy recipients
    # cannot see that another email was Bcc:ed in the header
    # via transport dovecot_virtual_delivery_no_batch
    #
    # Note: match_address would be nice here but the second string
    # is not expanded for security reasons
    #




#
# has_alias_but_no_mailbox_discarded_to_prevent_loop required either of the following:
#
# 1. There is an active alias in the valias file
# 2. There is an active autoresponder and the * is set to :fail:
#
has_alias_but_no_mailbox_discarded_to_prevent_loop:
    driver = redirect
    domains = !$primary_hostname : dsearch;/etc/valiases
    condition = ${lookup \
        {$local_part@$domain_data} \
        lsearch{/etc/valiases/$domain_data} \
        {1} \
        {0} \
    }
    condition = "${if forany{<, \
        ${lookup \
            {$local_part@$domain_data} \
            lsearch{/etc/valiases/$domain_data} \
            {$value} \
        }} \
        {!match{$item}{\N/autorespond\N}} \
        {1} \
        {${if match \
            {${lookup \
                {\N*\N} \
                lsearch{/etc/valiases/$domain_data} \
                {$value} \
            }} \
            {:fail:} \
            {1} \
            {0} \
        }} \
    }"
    data=":blackhole:"
    local_part_suffix = +*
    local_part_suffix_optional
    disable_logging = true




# srs is disabled








valias_domain_file:
  driver = redirect
  allow_defer
  allow_fail
  domains = !$primary_hostname : dsearch;/etc/vdomainaliases
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  condition = ${lookup {$domain_data} lsearch {/etc/vdomainaliases/$domain_data}{yes}{no} }
  address_data = router=$router_name redirect=${quote:${quote_local_part:$local_part}@${lookup{$domain_data}lsearch{/etc/vdomainaliases/$domain_data}}}
  data = ${extract{redirect}{$address_data}}

virtual_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = !$primary_hostname : dsearch;/etc/valiases
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    address_data = \
        "router=$router_name \
        redirect=${quote:${lookup \
            {*} \
            lsearch{/etc/valiases/$domain_data} \
        }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }







# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = $primary_hostname : localhost
    address_data = \
        "router=$router_name \
        redirect=${quote: \
            ${lookup \
                {$local_part} \
                lsearch{/etc/aliases} \
            }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = address_pipe
    # user = exim


local_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = $primary_hostname : localhost
    address_data = \
        "router=$router_name \
        redirect=${quote: \
            ${lookup \
                {$local_part} \
                lsearch{/etc/localaliases} \
            }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = address_pipe
    check_local_user





userforward:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_ancestor
    check_local_user
    domains = $primary_hostname
    no_expn
    require_files = "+$home/.forward"
    condition = "${extract{size}{${stat:$home/.forward}}}"
    file = $home/.forward
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    directory_transport = address_directory
    user = $local_part_data
    group = $local_part_data
    no_verify




# srs is disabled






localuser_root:
    driver = redirect
    allow_fail
    domains = $primary_hostname : localhost
    check_local_user
    condition = ${if eq {$local_part_data}{root}}
    data = :fail: root cannot accept local mail deliveries



localuser_overquota:
  driver = redirect
  domains = $primary_hostname
  check_local_user

  # NB: On busy servers Dovecot may take several seconds to respond to
  # this request. So we set the timeout generously:
  condition =  "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"

  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  verify_only
  allow_fail


#
# Optimized spambox router
#

localuser_spam:
    driver = redirect
    domains = $primary_hostname
    require_files = "+$home/.spamassassinboxenable"
    condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
# sets home,user,group
    check_local_user
    headers_remove="x-uidl"
    data = "${quote_local_part:$local_part_data}+spam"
    redirect_router = localuser




boxtrapper_localuser:
  driver = accept
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
  check_local_user
  domains = $primary_hostname
  transport = local_boxtrapper_delivery

localuser:
    driver = accept
# sets home,user,group
    check_local_user
    domains = $primary_hostname
    headers_remove="x-uidl"
    local_part_suffix = +*
    local_part_suffix_optional
    user = mailnull
    group = mail
    transport = dovecot_delivery
    set = r_bcc_addr=${if forany \
        {${addresses:$h_to:}:${addresses:$h_cc:}} \
        {or { \
            { eqi \
                {${extract \
                    {1} \
                    {+} \
                    {${local_part:$item}} \
                }@${domain:$item}} \
                {$local_part@$domain} \
            } \
            { eqi \
                {${extract \
                    {1} \
                    {+} \
                    {${local_part:$item}} \
                }@${domain:$item}} \
                {$original_local_part@$original_domain} \
            } \
        }} \
        {} \
        {$local_part@$domain} \
    }
    set = r_cpanel_user=${local_part}
    #
    # If the delivery address, original address (forwarded),
    # or address with subaddress is shown on the To: or Cc:
    # lines or the message has the List-Id: or Precedence:
    # header we allow the message to be batched to
    # dovecot LMTP via transport dovecot_virtual_delivery
    #
    # If it does match match the above we do not allow the message
    # to be batched in order to ensure that the Envelope-To: header
    # does not contain a user that was Bcc:ed so savvy recipients
    # cannot see that another email was Bcc:ed in the header
    # via transport dovecot_virtual_delivery_no_batch
    #
    # Note: match_address would be nice here but the second string
    # is not expanded for security reasons
    #

# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports






mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${perl{untaint}{${lc:$local_part}_${lc:$domain}}}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman




mailman_virtual_transport_nodns:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${perl{untaint}{${lc:$local_part}}}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman


remote_smtp:
  driver = smtp
  interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
  helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
  hosts_try_chunking = 198.51.100.1
  message_linelength_limit = 1000000



dkim_remote_smtp:
  driver = smtp
  interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
  helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
  dkim_domain = ${perl{get_dkim_domain}}
  dkim_selector = default
  dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
  dkim_canon = relaxed
  hosts_try_chunking = 198.51.100.1
  message_linelength_limit = 1000000




# remote_forwarded_srs absent due to SRS support being disabled


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.






# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.


address_directory:
  driver = pipe
  command = /usr/libexec/dovecot/dovecot-lda -f ${perl{untaint}{$sender_address}} -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

address_pipe:
    driver = pipe
    return_output

virtual_address_pipe:
    driver = pipe
    return_output

jailed_address_pipe:
    driver = pipe
    force_command
    command = /usr/local/cpanel/bin/jailexec $address_pipe
    return_output

jailed_virtual_address_pipe:
    driver = pipe
    force_command
    command = /usr/local/cpanel/bin/jailexec $address_pipe
    return_output

cagefs_address_pipe:
    driver = pipe
    force_command
    command = /bin/cagefs_enter $address_pipe
    return_output

cagefs_virtual_address_pipe:
    driver = pipe
    force_command
    command = /bin/cagefs_enter $address_pipe
    return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.


address_file:
    driver = pipe
    command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
    message_prefix =
    message_suffix =
    log_output
    delivery_date_add
    envelope_to_add
    return_path_add
    temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



boxtrapper_autowhitelist:
  driver = pipe
  headers_only
  command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${perl{untaint}{$authenticated_id}}"
  user = ${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}
  group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}}{$value}}}}
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



local_boxtrapper_delivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper "${perl{untaint}{$local_part_data}}" $home
  user = $local_part_data
  group = ${extract{3}{:}{${lookup passwd{$local_part_data}{$value}}}}
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



virtual_boxtrapper_userdelivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper \
    "${perl{untaint}{$local_part}}@${perl{untaint}{$domain}}" \
    $home
  user = "${lookup{${perl{untaint}{$domain}}}lsearch{/etc/userdomains}{$value}}"
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

dovecot_delivery:
    driver = lmtp
    socket = /var/run/dovecot/lmtp
    batch_max = 200
    batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}"
    rcpt_include_affixes
    delivery_date_add
    envelope_to_add
    return_path_add

dovecot_virtual_delivery:
    driver = lmtp
    socket = /var/run/dovecot/lmtp
    batch_max = 200
    batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}"
    rcpt_include_affixes
    delivery_date_add
    envelope_to_add
    return_path_add

address_reply:
    driver = autoreply



# cPanel Mail Archiving is disabled









######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry



*                               *                               F,8h,3m; G,16h,1h,1.5; F,4d,8h



# End of Exim 4 configuration