����JFIFXX�����    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222����"��4�� ���,�PG"Z_�4�˷����kjز�Z�,F+��_z�,�© �����zh6�٨�ic�fu���#ډb���_�N�?��wQ���5-�~�I���8����TK<5o�Iv-�����k�_U_�����~b�M��d����Ӝ�U�Hh��?]��E�w��Q���k�{��_}qFW7HTՑ��Y��F�?_�'ϔ��_�Ջt��=||I ��6�έ"�����D���/[�k�9���Y�8ds|\���Ҿp6�Ҵ���]��.����6�z<�v��@]�i%��$j��~�g��J>��no����pM[me�i$[����s�o�ᘨ�˸ nɜG-�ĨU�ycP�3.DB�li�;��hj���x7Z^�N�h������N3u{�:j�x�힞��#M&��jL P@_���� P��&��o8������9�����@Sz6�t7#O�ߋ �s}Yf�T���lmr����Z)'N��k�۞p����w\�Tȯ?�8`�O��i{wﭹW�[�r�� ��Q4F�׊���3m&L�=��h3����z~��#�\�l :�F,j@�� ʱ�wQT����8�"kJO���6�֚l����}���R�>ډK���]��y����&����p�}b��;N�1�m�r$�|��7�>e�@B�TM*-iH��g�D�)� E�m�|�ؘbҗ�a��Ҿ����t4���o���G��*oCN�rP���Q��@z,|?W[0�����:�n,jWiE��W��$~/�hp\��?��{(�0���+�Y8rΟ�+����>S-S����VN;�}�s?.����� w�9��˟<���Mq4�Wv'��{)0�1mB��V����W[�����8�/<� �%���wT^�5���b��)iM� pg�N�&ݝ��VO~�q���u���9� ����!��J27����$O-���! �:�%H��� ـ����y�ΠM=t{!S�� oK8������t<����è:a������[�����ա�H���~��w��Qz`�po�^ ����Q��n� �,uu�C�$ ^���,������8�#��:�6��e�|~���!�3�3.�\0��q��o�4`.|� ����y�Q�`~;�d�ׯ,��O�Zw�������`73�v�܋�<���Ȏ�� ـ4k��5�K�a�u�=9Yd��$>x�A�&�� j0� ���vF��� Y�|�y��� ~�6�@c��1vOp�Ig����4��l�OD���L����� R���c���j�_�uX6��3?nk��Wy�f;^*B� ��@�~a�`��Eu������+���6�L��.ü>��}y���}_�O�6�͐�:�YrG�X��kG�����l^w���~㒶sy��Iu�!� W ��X��N�7BV��O��!X�2����wvG�R�f�T#�����t�/?���%8�^�W�aT��G�cL�M���I��(J����1~�8�?aT ���]����AS�E��(��*E}� 2��#I/�׍qz��^t�̔���b�Yz4x���t�){ OH��+(E��A&�N�������XT��o��"�XC��'���)}�J�z�p� ��~5�}�^����+�6����w��c��Q�|Lp�d�H��}�(�.|����k��c4^�"�����Z?ȕ ��a<�L�!039C� �Eu�C�F�Ew�ç ;�n?�*o���B�8�bʝ���'#Rqf���M}7����]����s2tcS{�\icTx;�\��7K���P���ʇ Z O-��~��c>"��?�������P��E��O�8��@�8��G��Q�g�a�Վ���󁶠�䧘��_%#r�>�1�z�a��eb��qcPѵ��n���#L��� =��׀t� L�7�`��V���A{�C:�g���e@�w1 Xp3�c3�ġ����p��M"'-�@n4���fG��B3�DJ�8[Jo�ߐ���gK)ƛ��$���� ���8�3�����+���� �����6�ʻ���� ���S�kI�*KZlT _`���?��K����QK�d����B`�s}�>���`��*�>��,*@J�d�oF*����弝��O}�k��s��]��y�ߘ��c1G�V���<=�7��7����6�q�PT��tXԀ�!9*4�4Tހ3XΛex�46���Y��D ����� �BdemDa����\�_l,��G�/���֌7���Y�](�xTt^%�GE�����4�}bT���ڹ�����;Y)���B�Q��u��>J/J �⮶.�XԄ��j�ݳ�+E��d ��r�5�_D�1 ��o�� �B�x�΢�#���<��W�����8���R6�@g�M�.��� dr�D��>(otU��@x=��~v���2� ӣ�d�oBd��3�eO�6�㣷�����ݜ6��6Y��Qz`��S��{���\P�~z m5{J/L��1������<�e�ͅPu�b�]�ϔ���'������f�b� Zpw��c`"��i���BD@:)ִ�:�]��hv�E�w���T�l��P���"Ju�}��وV J��G6��. J/�Qgl߭�e�����@�z�Zev2u�)]կ�����7x���s�M�-<ɯ�c��r�v�����@��$�ޮ}lk���a���'����>x��O\�ZFu>�����ck#��&:��`�$�ai�>2Δ����l���oF[h��lE�ܺ�Πk:)���`�� $[6�����9�����kOw�\|���8}������ބ:��񶐕��I�A1/�=�2[�,�!��.}gN#�u����b��� ~��݊��}34q����d�E��Lc��$��"�[q�U�硬g^��%B �z���r�pJ�ru%v\h1Y�ne`ǥ:g���pQM~�^�Xi� ��`S�:V29.�P���V�?B�k�� AEvw%�_�9C�Q����wKekPؠ�\�;Io d�{ ߞo�c1eP����\� `����E=���@K<�Y���eڼ�J���w����{av�F�'�M�@/J��+9p���|]�����Iw &`��8���&M�hg��[�{��Xj��%��Ӓ�$��(����ʹN���<>�I���RY���K2�NPlL�ɀ)��&e����B+ь����( � �JTx���_?EZ� }@ 6�U���뙢ط�z��dWI�n` D����噥�[��uV��"�G&Ú����2g�}&m��?ċ�"����Om#��������� ��{�ON��"S�X��Ne��ysQ���@Fn��Vg���dX�~nj�]J�<�K]:��FW��b�������62�=��5f����JKw��bf�X�55��~J �%^����:�-�QIE��P��v�nZum� z � ~ə ���� ���ة����;�f��\v���g�8�1��f24;�V���ǔ�)����9���1\��c��v�/'Ƞ�w�������$�4�R-��t���� e�6�/�ġ �̕Ecy�J���u�B���<�W�ַ~�w[B1L۲�-JS΂�{���΃������A��20�c#��@ 0!1@AP"#2Q`$3V�%45a6�FRUq��� ����^7ׅ,$n�������+��F�`��2X'��0vM��p�L=������5��8������u�p~���.�`r�����\���O��,ư�0oS ��_�M�����l���4�kv\JSd���x���SW�<��Ae�IX����������$I���w�:S���y���›R��9�Q[���,�5�;�@]�%���u�@ *ro�lbI �� ��+���%m:�͇ZV�����u�̉����θau<�fc�.����{�4Ա� �Q����*�Sm��8\ujqs]{kN���)qO�y�_*dJ�b�7���yQqI&9�ԌK!�M}�R�;������S�T���1���i[U�ɵz�]��U)V�S6���3$K{�ߊ<�(� E]Զ[ǼENg�����'�\?#)Dkf��J���o��v���'�%ƞ�&K�u�!��b�35LX�Ϸ��63$K�a�;�9>,R��W��3�3� d�JeTYE.Mϧ��-�o�j3+y��y^�c�������VO�9NV\nd�1 ��!͕_)a�v;����թ�M�lWR1��)El��P;��yوÏ�u 3�k�5Pr6<�⒲l�!˞*��u־�n�!�l:����UNW ��%��Chx8vL'��X�@��*��)���̮��ˍ��� ���D-M�+J�U�kvK����+�x8��cY������?�Ԡ��~3mo��|�u@[XeY�C�\Kp�x8�oC�C�&����N�~3-H���� ��MX�s�u<`���~"WL��$8ξ��3���a�)|:@�m�\���^�`�@ҷ)�5p+��6���p�%i)P M���ngc�����#0Aruz���RL+xSS?���ʮ}()#�t��mˇ!��0}}y����<�e� �-ή�Ԩ��X������ MF���ԙ~l L.3���}�V뽺�v�����멬��Nl�)�2����^�Iq��a��M��qG��T�����c3#������3U�Ǎ���}��לS�|qa��ڃ�+���-��2�f����/��bz��ڐ�� �ݼ[2�ç����k�X�2�* �Z�d���J�G����M*9W���s{��w���T��x��y,�in�O�v��]���n����P�$�JB@=4�OTI�n��e�22a\����q�d���%�$��(���:���: /*�K[PR�fr\nڙdN���F�n�$�4�[�� U�zƶ����� �mʋ���,�ao�u 3�z� �x��Kn����\[��VFmbE;�_U��&V�Gg�]L�۪&#n%�$ɯ�dG���D�TI=�%+AB�Ru#��b4�1�»x�cs�YzڙJG��f��Il��d�eF'T� iA��T���uC�$����Y��H?����[!G`}���ͪ� �纤Hv\������j�Ex�K���!���OiƸ�Yj�+u-<���'q����uN�*�r\��+�]���<�wOZ.fp�ێ��,-*)V?j-kÊ#�`�r��dV����(�ݽBk�����G�ƛk�QmUڗe��Z���f}|����8�8��a���i��3'J�����~G_�^���d�8w������ R�`(�~�.��u���l�s+g�bv���W���lGc}��u���afE~1�Ue������Z�0�8�=e�� f@/�jqEKQQ�J��oN��J���W5~M>$6�Lt�;$ʳ{���^��6�{����v6���ķܰg�V�cnn �~z�x�«�,2�u�?cE+Ș�H؎�%�Za�)���X>uW�Tz�Nyo����s���FQƤ��$��*�&�LLXL)�1�" L��eO��ɟ�9=���:t��Z���c��Ž���Y?�ӭV�wv�~,Y��r�ۗ�|�y��GaF�����C�����.�+� ���v1���fήJ�����]�S��T��B��n5sW}y�$��~z�'�c ��8 ��� ,! �p��VN�S��N�N�q��y8z˱�A��4��*��'������2n<�s���^ǧ˭P�Jޮɏ�U�G�L�J�*#��<�V��t7�8����TĜ>��i}K%,���)[��z�21z ?�N�i�n1?T�I�R#��m-�����������������1����lA�`��fT5+��ܐ�c�q՝��ʐ��,���3�f2U�եmab��#ŠdQ�y>\��)�SLY����w#��.���ʑ�f��� ,"+�w�~�N�'�c�O�3F�������N<���)j��&��,-� �љ���֊�_�zS���TǦ����w�>��?�������n��U仆�V���e�����0���$�C�d���rP �m�׈e�Xm�Vu� �L��.�bֹ��� �[Դaզ���*��\y�8�Է:�Ez\�0�Kq�C b��̘��cө���Q��=0Y��s�N��S.���3.���O�o:���#���v7�[#߫ ��5�܎�L���Er4���9n��COWlG�^��0k�%<���ZB���aB_���������'=��{i�v�l�$�uC���mƎҝ{�c㱼�y]���W�i ��ߧc��m�H� m�"�"�����;Y�ߝ�Z�Ǔ�����:S#��|}�y�,/k�Ld� TA�(�AI$+I3��;Y*���Z��}|��ӧO��d�v��..#:n��f>�>���ȶI�TX��� 8��y����"d�R�|�)0���=���n4��6ⲑ�+��r<�O�܂~zh�z����7ܓ�HH�Ga롏���nCo�>������a ���~]���R���̲c?�6(�q�;5%� |�uj�~z8R=X��I�V=�|{v�Gj\gc��q����z�؋%M�ߍ����1y��#��@f^���^�>N�����#x#۹��6�Y~�?�dfPO��{��P�4��V��u1E1J �*|���%���JN��`eWu�zk M6���q t[�� ��g�G���v��WIG��u_ft����5�j�"�Y�:T��ɐ���*�;� e5���4����q$C��2d�}���� _S�L#m�Yp��O�.�C�;��c����Hi#֩%+) �Ӎ��ƲV���SYź��g |���tj��3�8���r|���V��1#;.SQ�A[���S������#���`n�+���$��$I �P\[�@�s��(�ED�z���P��])8�G#��0B��[ى��X�II�q<��9�~[Z멜�Z�⊔IWU&A>�P~�#��dp<�?����7���c��'~���5 ��+$���lx@�M�dm��n<=e�dyX��?{�|Aef ,|n3�<~z�ƃ�uۧ�����P��Y,�ӥQ�*g�#먙R�\���;T��i,��[9Qi歉����c>]9�� ��"�c��P�� �Md?٥��If�ت�u��k��/����F��9�c*9��Ǎ:�ØF���z�n*�@|I�ށ9����N3{'��[�'ͬ�Ҳ4��#}��!�V� Fu��,�,mTIk���v C�7v���B�6k�T9��1�*l� '~��ƞF��lU��'�M ����][ΩũJ_�{�i�I�n��$���L�� j��O�dx�����kza۪��#�E��Cl����x˘�o�����V���ɞ�ljr��)�/,�߬h�L��#��^��L�ф�,íMƁe�̩�NB�L�����iL����q�}��(��q��6IçJ$�W�E$��:������=#����(�K�B����zђ <��K(�N�۫K�w��^O{!����)�H���>x�������lx�?>Պ�+�>�W���,Ly!_�D���Ō�l���Q�!�[ �S����J��1��Ɛ�Y}��b,+�Lo�x�ɓ)����=�y�oh�@�꥟/��I��ѭ=��P�y9��� �ۍYӘ�e+�p�Jnϱ?V\SO%�(�t� ���=?MR�[Ș�����d�/ ��n�l��B�7j� ��!�;ӥ�/�[-���A�>�dN�sLj ��,ɪv��=1c�.SQ�O3�U���ƀ�ܽ�E����������̻��9G�ϷD�7(�}��Ävӌ\�y�_0[w ���<΍>����a_��[0+�L��F.�޺��f�>oN�T����q;���y\��bՃ��y�jH�<|q-eɏ�_?_9+P���Hp$�����[ux�K w�Mw��N�ی'$Y2�=��q���KB��P��~������Yul:�[<����F1�2�O���5=d����]Y�sw:���Ϯ���E��j,_Q��X��z`H1,#II ��d�wr��P˂@�ZJV����y$�\y�{}��^~���[:N����ߌ�U�������O��d�����ؾe��${p>G��3c���Ė�lʌ�� ת��[��`ϱ�-W����dg�I��ig2��� ��}s ��ؤ(%#sS@���~���3�X�nRG�~\jc3�v��ӍL��M[JB�T��s3}��j�Nʖ��W����;7��ç?=X�F=-�=����q�ߚ���#���='�c��7���ڑW�I(O+=:uxq�������������e2�zi+�kuG�R��������0�&e�n���iT^J����~\jy���p'dtG��s����O��3����9* �b#Ɋ�� p������[Bws�T�>d4�ۧs���nv�n���U���_�~,�v����ƜJ1��s�� �QIz��)�(lv8M���U=�;����56��G���s#�K���MP�=��LvyGd��}�VwWBF�'�à �?MH�U�g2�� ����!�p�7Q��j��ڴ����=��j�u��� Jn�A s���uM������e��Ɔ�Ҕ�!)'��8Ϣ�ٔ��ޝ(��Vp���צ֖d=�IC�J�Ǡ{q������kԭ�߸���i��@K����u�|�p=..�*+����x�����z[Aqġ#s2a�Ɗ���RR�)*HRsi�~�a &f��M��P����-K�L@��Z��Xy�'x�{}��Zm+���:�)�) IJ�-i�u���� ���ܒH��'�L(7�y�GӜq���� j��� 6ߌg1�g�o���,kر���tY�?W,���p���e���f�OQS��!K�۟cҒA�|ս�j�>��=⬒��˧L[�� �߿2JaB~R��u�:��Q�] �0H~���]�7��Ƽ�I���(}��cq '�ήET���q�?f�ab���ӥvr� �)o��-Q��_'����ᴎo��K������;��V���o��%���~OK ����*��b�f:���-ťIR��`B�5!RB@���ï�� �u �̯e\�_U�_������� g�ES��3�������QT��a����x����U<~�c?�*�#]�MW,[8O�a�x��]�1bC|踤�P��lw5V%�)�{t�<��d��5���0i�XSU��m:��Z�┵�i�"��1�^B�-��P�hJ��&)O��*�D��c�W��vM��)����}���P��ܗ-q����\mmζZ-l@�}��a��E�6��F�@��&Sg@���ݚ�M����� ȹ 4����#p�\H����dYDo�H���"��\��..R�B�H�z_�/5˘����6��KhJR��P�mƶi�m���3�,#c�co��q�a)*Pt����R�m�k�7x�D�E�\Y�閣_X�<���~�)���c[[�BP����6�Yq���S��0����%_����;��Àv�~�| VS؇ ��'O0��F0��\���U�-�d@�����7�SJ*z��3n��y��P����O���������m�~�P�3|Y��ʉr#�C�<�G~�.,! ���bqx���h~0=��!ǫ�jy����l�O,�[B��~��|9��ٱ����Xly�#�i�B��g%�S��������tˋ���e���ې��\[d�t)��.+u�|1 ������#�~Oj����hS�%��i.�~X���I�H�m��0n���c�1uE�q��cF�RF�o���7� �O�ꮧ� ���ۛ{��ʛi5�rw?׌#Qn�TW��~?y$��m\�\o����%W� ?=>S�N@�� �Ʈ���R����N�)�r"C�:��:����� �����#��qb��Y�. �6[��2K����2u�Ǧ�HYR��Q�MV��� �G�$��Q+.>�����nNH��q�^��� ����q��mM��V��D�+�-�#*�U�̒ ���p욳��u:�������IB���m���PV@O���r[b= �� ��1U�E��_Nm�yKbN�O���U�}�the�`�|6֮P>�\2�P�V���I�D�i�P�O;�9�r�mAHG�W�S]��J*�_�G��+kP�2����Ka�Z���H�'K�x�W�MZ%�O�YD�Rc+o��?�q��Ghm��d�S�oh�\�D�|:W������UA�Qc yT�q������~^�H��/��#p�CZ���T�I�1�ӏT����4��"�ČZ�����}��`w�#�*,ʹ�� ��0�i��課�Om�*�da��^gJ݅{���l�e9uF#T�ֲ��̲�ٞC"�q���ߍ ոޑ�o#�XZTp����@ o�8��(jd��xw�]�,f���`~�|,s��^����f�1���t��|��m�򸄭/ctr��5s��7�9Q�4�H1꠲BB@l9@���C�����+�wp�xu�£Yc�9��?`@#�o�mH�s2��)�=��2�.�l����jg�9$�Y�S�%*L������R�Y������7Z���,*=�䷘$�������arm�o�ϰ���UW.|�r�uf����IGw�t����Zwo��~5 ��YյhO+=8fF�)�W�7�L9lM�̘·Y���֘YLf�큹�pRF���99.A �"wz��=E\Z���'a� 2��Ǚ�#;�'}�G���*��l��^"q��+2FQ� hj��kŦ��${���ޮ-�T�٭cf�|�3#~�RJ����t��$b�(R��(����r���dx� >U b�&9,>���%E\� Ά�e�$��'�q't��*�א���ެ�b��-|d���SB�O�O��$�R+�H�)�܎�K��1m`;�J�2�Y~9��O�g8=vqD`K[�F)k�[���1m޼c��n���]s�k�z$@��)!I �x՝"v��9=�ZA=`Ɠi �:�E��)`7��vI��}d�YI�_ �o�:ob���o ���3Q��&D&�2=�� �Ά��;>�h����y.*ⅥS������Ӭ�+q&����j|UƧ����}���J0��WW< ۋS�)jQR�j���Ư��rN)�Gű�4Ѷ(�S)Ǣ�8��i��W52���No˓� ۍ%�5brOn�L�;�n��\G����=�^U�dI���8$�&���h��'���+�(������cȁ߫k�l��S^���cƗjԌE�ꭔ��gF���Ȓ��@���}O���*;e�v�WV���YJ\�]X'5��ղ�k�F��b 6R�o՜m��i N�i����>J����?��lPm�U��}>_Z&�KK��q�r��I�D�Չ~�q�3fL�:S�e>���E���-G���{L�6p�e,8��������QI��h��a�Xa��U�A'���ʂ���s�+טIjP�-��y�8ۈZ?J$��W�P� ��R�s�]��|�l(�ԓ��sƊi��o(��S0��Y� 8�T97.�����WiL��c�~�dxc�E|�2!�X�K�Ƙਫ਼�$((�6�~|d9u+�qd�^3�89��Y�6L�.I�����?���iI�q���9�)O/뚅����O���X��X�V��ZF[�یgQ�L��K1���RҖr@v�#��X�l��F���Нy�S�8�7�kF!A��sM���^rkp�jP�DyS$N���q��nxҍ!U�f�!eh�i�2�m���`�Y�I�9r�6� �TF���C}/�y�^���Η���5d�'��9A-��J��>{�_l+�`��A���[�'��յ�ϛ#w:݅�%��X�}�&�PSt�Q�"�-��\縵�/����$Ɨh�Xb�*�y��BS����;W�ջ_mc�����vt?2}1�;qS�d�d~u:2k5�2�R�~�z+|HE!)�Ǟl��7`��0�<�,�2*���Hl-��x�^����'_TV�gZA�'j� ^�2Ϊ��N7t�����?w�� �x1��f��Iz�C-Ȗ��K�^q�;���-W�DvT�7��8�Z�������� hK�(P:��Q- �8�n�Z���܃e貾�<�1�YT<�,�����"�6{/ �?�͟��|1�:�#g��W�>$����d��J��d�B��=��jf[��%rE^��il:��B���x���Sּ�1հ��,�=��*�7 fcG��#q� �eh?��2�7�����,�!7x��6�n�LC�4x��},Geǝ�tC.��vS �F�43��zz\��;QYC,6����~;RYS/6���|2���5���v��T��i����������mlv��������&� �nRh^ejR�LG�f���? �ۉҬܦƩ��|��Ȱ����>3����!v��i�ʯ�>�v��オ�X3e���_1z�Kȗ\<������!�8���V��]��?b�k41�Re��T�q��mz��TiOʦ�Z��Xq���L������q"+���2ۨ��8}�&N7XU7Ap�d�X��~�׿��&4e�o�F��� �H����O���č�c�� 懴�6���͉��+)��v;j��ݷ�� �UV�� i��� j���Y9GdÒJ1��詞�����V?h��l����l�cGs�ځ�������y�Ac�����\V3�? �� ܙg�>qH�S,�E�W�[�㺨�uch�⍸�O�}���a��>�q�6�n6����N6�q������N ! 1AQaq�0@����"2BRb�#Pr���3C`��Scst���$4D���%Td�� ?���N����a��3��m���C���w��������xA�m�q�m���m������$����4n淿t'��C"w��zU=D�\R+w�p+Y�T�&�պ@��ƃ��3ޯ?�Aﶂ��aŘ���@-�����Q�=���9D��ռ�ѻ@��M�V��P��܅�G5�f�Y<�u=,EC)�<�Fy'�"�&�չ�X~f��l�KԆV��?�� �W�N����=(� �;���{�r����ٌ�Y���h{�١������jW����P���Tc�����X�K�r��}���w�R��%��?���E��m�� �Y�q|����\lEE4���r���}�lsI�Y������f�$�=�d�yO����p�����yBj8jU�o�/�S��?�U��*������ˍ�0������u�q�m [�?f����a�� )Q�>����6#������� ?����0UQ����,IX���(6ڵ[�DI�MNލ�c&���υ�j\��X�R|,4��� j������T�hA�e��^���d���b<����n�� �즇�=!���3�^�`j�h�ȓr��jẕ�c�,ٞX����-����a�ﶔ���#�$��]w�O��Ӫ�1y%��L�Y<�wg#�ǝ�̗`�x�xa�t�w��»1���o7o5��>�m뭛C���Uƃߜ}�C���y1Xνm�F8�jI���]����H���ۺиE@I�i;r�8ӭ����V�F�Շ| ��&?�3|x�B�MuS�Ge�=Ӕ�#BE5G�����Y!z��_e��q�р/W>|-�Ci߇�t�1ޯќd�R3�u��g�=0 5��[?�#͏��q�cf���H��{ ?u�=?�?ǯ���}Z��z���hmΔ�BFTW�����<�q�(v� ��!��z���iW]*�J�V�z��gX֧A�q�&��/w���u�gYӘa���; �i=����g:��?2�dž6�ى�k�4�>�Pxs����}������G�9��3 ���)gG�R<>r h�$��'nc�h�P��Bj��J�ҧH� -��N1���N��?��~��}-q!=��_2hc�M��l�vY%UE�@|�v����M2�.Y[|y�"Eï��K�ZF,�ɯ?,q�?v�M 80jx�"�;�9vk�����+ ֧�� �ȺU��?�%�vcV��mA�6��Qg^M����A}�3�nl� QRN�l8�kkn�'�����(��M�7m9و�q���%ޟ���*h$Zk"��$�9��: �?U8�Sl��,,|ɒ��xH(ѷ����Gn�/Q�4�P��G�%��Ա8�N��!� �&�7�;���eKM7�4��9R/%����l�c>�x;������>��C�:�����t��h?aKX�bhe�ᜋ^�$�Iհ �hr7%F$�E��Fd���t��5���+�(M6�t����Ü�UU|zW�=a�Ts�Tg������dqP�Q����b'�m���1{|Y����X�N��b �P~��F^F:����k6�"�j!�� �I�r�`��1&�-$�Bevk:y���#yw��I0��x��=D�4��tU���P�ZH��ڠ底taP��6����b>�xa����Q�#� WeF��ŮNj�p�J* mQ�N����*I�-*�ȩ�F�g�3 �5��V�ʊ�ɮ�a��5F���O@{���NX��?����H�]3��1�Ri_u��������ѕ�� ����0��� F��~��:60�p�͈�S��qX#a�5>���`�o&+�<2�D����: �������ڝ�$�nP���*)�N�|y�Ej�F�5ټ�e���ihy�Z �>���k�bH�a�v��h�-#���!�Po=@k̆IEN��@��}Ll?j�O������߭�ʞ���Q|A07x���wt!xf���I2?Z��<ץ�T���cU�j��]��陎Ltl �}5�ϓ��$�,��O�mˊ�;�@O��jE��j(�ا,��LX���LO���Ц�90�O �.����a��nA���7������j4 ��W��_ٓ���zW�jcB������y՗+EM�)d���N�g6�y1_x��p�$Lv:��9�"z��p���ʙ$��^��JԼ*�ϭ����o���=x�Lj�6�J��u82�A�H�3$�ٕ@�=Vv�]�'�qEz�;I˼��)��=��ɯ���x �/�W(V���p�����$ �m�������u�����񶤑Oqˎ�T����r��㠚x�sr�GC��byp�G��1ߠ�w e�8�$⿄����/�M{*}��W�]˷.�CK\�ުx���/$�WPw���r� |i���&�}�{�X� �>��$-��l���?-z���g����lΆ���(F���h�vS*���b���߲ڡn,|)mrH[���a�3�ר�[1��3o_�U�3�TC�$��(�=�)0�kgP���� ��u�^=��4 �WYCҸ:��vQ�ר�X�à��tk�m,�t*��^�,�}D*� �"(�I��9R����>`�`��[~Q]�#af��i6l��8���6�:,s�s�N6�j"�A4���IuQ��6E,�GnH��zS�HO�uk�5$�I�4��ؤ�Q9�@��C����wp�BGv[]�u�Ov���0I4���\��y�����Q�Ѹ��~>Z��8�T��a��q�ޣ;z��a���/��S��I:�ܫ_�|������>=Z����8:�S��U�I�J��"IY���8%b8���H��:�QO�6�;7�I�S��J��ҌAά3��>c���E+&jf$eC+�z�;��V����� �r���ʺ������my�e���aQ�f&��6�ND��.:��NT�vm�<- u���ǝ\MvZY�N�NT��-A�>jr!S��n�O 1�3�Ns�%�3D@���`������ܟ 1�^c<���� �a�ɽ�̲�Xë#�w�|y�cW�=�9I*H8�p�^(4���՗�k��arOcW�tO�\�ƍR��8����'�K���I�Q�����?5�>[�}��yU�ײ -h��=��% q�ThG�2�)���"ו3]�!kB��*p�FDl�A���,�eEi�H�f�Ps�����5�H:�Փ~�H�0Dت�D�I����h�F3�������c��2���E��9�H��5�zԑ�ʚ�i�X�=:m�xg�hd(�v����׊�9iS��O��d@0ڽ���:�p�5�h-��t�&���X�q�ӕ,��ie�|���7A�2���O%P��E��htj��Y1��w�Ѓ!����  ���� ࢽ��My�7�\�a�@�ţ�J �4�Ȼ�F�@o�̒?4�wx��)��]�P��~�����u�����5�����7X ��9��^ܩ�U;Iꭆ 5 �������eK2�7(�{|��Y׎ �V��\"���Z�1� Z�����}��(�Ǝ"�1S���_�vE30>���p;� ΝD��%x�W�?W?v����o�^V�i�d��r[��/&>�~`�9Wh��y�;���R��� ;;ɮT��?����r$�g1�K����A��C��c��K��l:�'��3 c�ﳯ*"t8�~l��)���m��+U,z��`(�>yJ�?����h>��]��v��ЍG*�{`��;y]��I�T� ;c��NU�fo¾h���/$���|NS���1�S�"�H��V���T���4��uhǜ�]�v;���5�͠x��'C\�SBpl���h}�N����� A�Bx���%��ޭ�l��/����T��w�ʽ]D�=����K���ž�r㻠l4�S�O?=�k �M:� ��c�C�a�#ha���)�ѐxc�s���gP�iG��{+���x���Q���I= �� z��ԫ+ �8"�k�ñ�j=|����c ��y��CF��/��*9ж�h{ �?4�o� ��k�m�Q�N�x��;�Y��4膚�a�w?�6�>e]�����Q�r�:����g�,i"�����ԩA�*M�<�G��b�if��l^M��5� �Ҩ�{����6J��ZJ�����P�*�����Y���ݛu�_4�9�I8�7���������,^ToR���m4�H��?�N�S�ѕw��/S��甍�@�9H�S�T��t�ƻ���ʒU��*{Xs�@����f�����֒Li�K{H�w^���������Ϥm�tq���s� ���ք��f:��o~s��g�r��ט� �S�ѱC�e]�x���a��) ���(b-$(�j>�7q�B?ӕ�F��hV25r[7 Y� }L�R��}����*sg+��x�r�2�U=�*'WS��ZDW]�WǞ�<��叓���{�$�9Ou4��y�90-�1�'*D`�c�^o?(�9��u���ݐ��'PI&� f�Jݮ�������:wS����jfP1F:X �H�9dԯ���˝[�_54 �}*;@�ܨ�� ð�yn�T���?�ןd�#���4rG�ͨ��H�1�|-#���Mr�S3��G�3�����)�.᧏3v�z֑��r����$G"�`j �1t��x0<Ɔ�Wh6�y�6��,œ�Ga��gA����y��b��)��h�D��ß�_�m��ü �gG;��e�v��ݝ�nQ� ��C����-�*��o���y�a��M��I�>�<���]obD��"�:���G�A��-\%LT�8���c�)��+y76���o�Q�#*{�(F�⽕�y����=���rW�\p���۩�c���A���^e6��K������ʐ�cVf5$�'->���ՉN"���F�"�UQ@�f��Gb~��#�&�M=��8�ט�JNu9��D��[̤�s�o�~������ G��9T�tW^g5y$b��Y'��س�Ǵ�=��U-2 #�MC�t(�i� �lj�@Q 5�̣i�*�O����s�x�K�f��}\��M{E�V�{�υ��Ƈ�����);�H����I��fe�Lȣr�2��>��W�I�Ȃ6������i��k�� �5�YOxȺ����>��Y�f5'��|��H+��98pj�n�.O�y�������jY��~��i�w'������l�;�s�2��Y��:'lg�ꥴ)o#'Sa�a�K��Z� �m��}�`169�n���"���x��I ��*+� }F<��cГ���F�P�������ֹ*�PqX�x۩��,� ��N�� �4<-����%����:��7����W���u�`����� $�?�I��&����o��o��`v�>��P��"��l���4��5'�Z�gE���8���?��[�X�7(��.Q�-��*���ތL@̲����v��.5���[��=�t\+�CNܛ��,g�SQnH����}*F�G16���&:�t��4ُ"A��̣��$�b �|����#rs��a�����T�� ]�<�j��BS�('$�ɻ� �wP;�/�n��?�ݜ��x�F��yUn�~mL*-�������Xf�wd^�a�}��f�,=t�׵i�.2/wpN�Ep8�OР���•��R�FJ� 55TZ��T �ɭ�<��]��/�0�r�@�f��V��V����Nz�G��^���7hZi����k��3�,kN�e|�vg�1{9]_i��X5y7� 8e]�U����'�-2,���e"����]ot�I��Y_��n�(JҼ��1�O ]bXc���Nu�No��pS���Q_���_�?i�~�x h5d'�(qw52] ��'ޤ�q��o1�R!���`ywy�A4u���h<קy���\[~�4�\ X�Wt/� 6�����n�F�a8��f���z �3$�t(���q��q�x��^�XWeN'p<-v�!�{�(>ӽDP7��ո0�y)�e$ٕv�Ih'Q�EA�m*�H��RI��=:��� ���4牢) �%_iN�ݧ�l]� �Nt���G��H�L��� ɱ�g<���1V�,�J~�ٹ�"K��Q�� 9�HS�9�?@��k����r�;we݁�]I�!{ �@�G�[�"��`���J:�n]�{�cA�E����V��ʆ���#��U9�6����j�#Y�m\��q�e4h�B�7��C�������d<�?J����1g:ٳ���=Y���D�p�ц� ׈ǔ��1�]26؜oS�'��9�V�FVu�P�h�9�xc�oq�X��p�o�5��Ա5$�9W�V(�[Ak�aY錎qf;�'�[�|���b�6�Ck��)��#a#a˙��8���=äh�4��2��C��4tm^ �n'c���]GQ$[Wҿ��i���vN�{Fu ��1�gx��1┷���N�m��{j-,��x�� Ūm�ЧS�[�s���Gna���䑴�� x�p 8<������97�Q���ϴ�v�aϚG��Rt�Һ׈�f^\r��WH�JU�7Z���y)�vg=����n��4�_)y��D'y�6�]�c�5̪�\� �PF�k����&�c;��cq�$~T�7j ���nç]�<�g ":�to�t}�159�<�/�8������m�b�K#g'I'.W�����6��I/��>v��\�MN��g���m�A�yQL�4u�Lj�j9��#44�t��l^�}L����n��R��!��t��±]��r��h6ٍ>�yҏ�N��fU�� ���� Fm@�8}�/u��jb9������he:A�y�ծw��GpΧh�5����l}�3p468��)U��d��c����;Us/�֔�YX�1�O2��uq�s��`hwg�r~�{ R��mhN��؎*q 42�*th��>�#���E����#��Hv�O����q�}�����6�e��\�,Wk�#���X��b>��p}�դ��3���T5��†��6��[��@�P�y*n��|'f�֧>�lư΂�̺����SU�'*�q�p�_S�����M�� '��c�6�����m�� ySʨ;M��r���Ƌ�m�Kxo,���Gm�P��A�G�:��i��w�9�}M(�^�V��$ǒ�ѽ�9���|���� �a����J�SQ�a���r�B;����}���ٻ֢�2�%U���c�#�g���N�a�ݕ�'�v�[�OY'��3L�3�;,p�]@�S��{ls��X�'���c�jw�k'a�.��}�}&�� �dP�*�bK=ɍ!����;3n�gΊU�ߴmt�'*{,=SzfD� A��ko~�G�aoq�_mi}#�m�������P�Xhύ����mxǍ�΂���巿zf��Q���c���|kc�����?���W��Y�$���_Lv����l߶��c���`?����l�j�ݲˏ!V��6����U�Ђ(A���4y)H���p�Z_�x��>���e��R��$�/�`^'3qˏ�-&Q�=?��CFVR �D�fV�9��{�8g�������n�h�(P"��6�[�D���< E�����~0<@�`�G�6����Hг�cc�� �c�K.5��D��d�B���`?�XQ��2��ٿyqo&+�1^� DW�0�ꊩ���G�#��Q�nL3��c���������/��x ��1�1[y�x�პCW��C�c�UĨ80�m�e�4.{�m��u���I=��f�����0QRls9���f���������9���~f�����Ǩ��a�"@�8���ȁ�Q����#c�ic������G��$���G���r/$W�(��W���V�"��m�7�[m�A�m����bo��D� j����۳� l���^�k�h׽����� ��#� iXn�v��eT�k�a�^Y�4�BN��ĕ��0 !01@Q"2AaPq3BR������?���@4�Q�����T3,���㺠�W�[=JK�Ϟ���2�r^7��vc�:�9 �E�ߴ�w�S#d���Ix��u��:��Hp��9E!�� V 2;73|F��9Y���*ʬ�F��D����u&���y؟��^EA��A��(ɩ���^��GV:ݜDy�`��Jr29ܾ�㝉��[���E;Fzx��YG��U�e�Y�C���� ����v-tx����I�sם�Ę�q��Eb�+P\ :>�i�C'�;�����k|z�رn�y]�#ǿb��Q��������w�����(�r|ӹs��[�D��2v-%��@;�8<a���[\o[ϧw��I!��*0�krs)�[�J9^��ʜ��p1)� "��/_>��o��<1����A�E�y^�C��`�x1'ܣn�p��s`l���fQ��):�l����b>�Me�jH^?�kl3(�z:���1ŠK&?Q�~�{�ٺ�h�y���/�[��V�|6��}�KbX����mn[-��7�5q�94�������dm���c^���h� X��5��<�eޘ>G���-�}�دB�ޟ� ��|�rt�M��V+�]�c?�-#ڛ��^ǂ}���Lkr���O��u�>�-D�ry� D?:ޞ�U��ǜ�7�V��?瓮�"�#���r��չģVR;�n���/_� ؉v�ݶe5d�b9��/O��009�G���5n�W����JpA�*�r9�>�1��.[t���s�F���nQ� V 77R�]�ɫ8����_0<՜�IF�u(v��4��F�k�3��E)��N:��yڮe��P�`�1}�$WS��J�SQ�N�j�ٺ��޵�#l���ј(�5=��5�lǏmoW�v-�1����v,W�mn��߀$x�<����v�j(����c]��@#��1������Ǔ���o'��u+����;G�#�޸��v-lη��/(`i⣍Pm^���ԯ̾9Z��F��������n��1��� ��]�[��)�'������:�֪�W��FC����� �B9،!?���]��V��A�Վ�M��b�w��G F>_DȬ0¤�#�QR�[V��kz���m�w�"��9ZG�7'[��=�Q����j8R?�zf�\a�=��O�U����*oB�A�|G���2�54 �p��.w7� �� ��&������ξxGHp� B%��$g�����t�Џ򤵍z���HN�u�Я�-�'4��0��;_��3 !01"@AQa2Pq#3BR������?��ʩca��en��^��8���<�u#��m*08r��y�N"�<�Ѳ0��@\�p��� �����Kv�D��J8�Fҽ� �f�Y��-m�ybX�NP����}�!*8t(�OqѢ��Q�wW�K��ZD��Δ^e��!� ��B�K��p~�����e*l}z#9ң�k���q#�Ft�o��S�R����-�w�!�S���Ӥß|M�l޶V��!eˈ�8Y���c�ЮM2��tk���� ������J�fS����Ö*i/2�����n]�k�\���|4yX�8��U�P.���Ы[���l��@"�t�<������5�lF���vU�����W��W��;�b�cД^6[#7@vU�xgZv��F�6��Q,K�v��� �+Ъ��n��Ǣ��Ft���8��0��c�@�!�Zq s�v�t�;#](B��-�nῃ~���3g������5�J�%���O������n�kB�ĺ�.r��+���#�N$?�q�/�s�6��p��a����a��J/��M�8��6�ܰ"�*������ɗud"\w���aT(����[��F��U՛����RT�b���n�*��6���O��SJ�.�ij<�v�MT��R\c��5l�sZB>F��<7�;EA��{��E���Ö��1U/�#��d1�a�n.1ě����0�ʾR�h��|�R��Ao�3�m3 ��%�� ���28Q� ��y��φ���H�To�7�lW>����#i`�q���c����a��� �m,B�-j����݋�'mR1Ήt�>��V��p���s�0IbI�C.���1R�ea�����]H�6����������4B>��o��](��$B���m�����a�!=��?�B� K�Ǿ+�Ծ"�n���K��*��+��[T#�{E�J�S����Q�����s�5�:�U�\wĐ�f�3����܆&�)����I���Ԇw��E T�lrTf6Q|R�h:��[K�� �z��c֧�G�C��%\��_�a�84��HcO�bi��ؖV��7H �)*ģK~Xhչ0��4?�0��� �E<���}3���#���u�?�� ��|g�S�6ꊤ�|�I#Hڛ� �ա��w�X��9��7���Ŀ%�SL��y6č��|�F�a 8���b��$�sק�h���b9RAu7�˨p�Č�_\*w��묦��F ����4D~�f����|(�"m���NK��i�S�>�$d7SlA��/�²����SL��|6N�}���S�˯���g��]6��; �#�.��<���q'Q�1|KQ$�����񛩶"�$r�b:���N8�w@��8$�� �AjfG|~�9F ���Y��ʺ��Bwؒ������M:I岎�G��`s�YV5����6��A �b:�W���G�q%l�����F��H���7�������Fsv7��k�� 403WebShell
403Webshell
Server IP : 97.74.90.209  /  Your IP : 216.73.216.15
Web Server : Apache
System : Linux live.indianstaffingfederation.org 4.18.0-553.54.1.el8_10.x86_64 #1 SMP Tue May 27 22:49:52 EDT 2025 x86_64
User : indianstaffing ( 1003)
PHP Version : 8.3.22
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /etc//exim.conf
#!!# cPanel Exim 4 Config

.include_if_exists /var/cpanel/exim_hidden/srs_config

hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8

hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts

hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts

hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks

hostlist blocked_incoming_email_country_ips = ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} }

hostlist backupmx_hosts = lsearch;/etc/backupmxhosts

hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts

hostlist recent_authed_mail_ips = net-iplsearch;/etc/recent_authed_mail_ips

hostlist neighbor_netblocks = net-iplsearch;/etc/neighbor_netblocks

hostlist greylist_trusted_netblocks = net-iplsearch;/etc/greylist_trusted_netblocks

hostlist greylist_common_mail_providers = net-iplsearch;/etc/greylist_common_mail_providers

hostlist cpanel_mail_netblocks = net-iplsearch;/etc/cpanel_mail_netblocks

hostlist recent_recipient_mail_server_ips = net-iplsearch;/etc/recent_recipient_mail_server_ips

domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}

domainlist local_domains = lsearch;/etc/localdomains

domainlist secondarymx_domains = lsearch;/etc/secondarymx

domainlist relay_domains = +local_domains : +secondarymx_domains

domainlist blocked_domains = wildlsearch;/etc/blocked_incoming_email_domains

domainlist manualmx_domains = ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} }

localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N

smtp_accept_queue_per_connection = 30

remote_max_parallel = 10

smtp_receive_timeout = 165s

ignore_bounce_errors_after = 1d

rfc1413_query_timeout = 0s

timeout_frozen_after = 5d

auto_thaw = 7d

callout_domain_negative_expire = 1h

callout_negative_expire = 1h

acl_not_smtp = acl_not_smtp

acl_not_smtp_mime = acl_not_smtp_mime

acl_smtp_connect = acl_smtp_connect

acl_smtp_data = acl_smtp_data

acl_smtp_helo = acl_smtp_helo

acl_smtp_mail = acl_smtp_mail

acl_smtp_mime = acl_smtp_mime

acl_smtp_rcpt = acl_smtp_rcpt

acl_smtp_dkim = acl_smtp_dkim

message_body_newlines = true

check_rfc2047_length = false

keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR

add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin

chunking_advertise_hosts = 198.51.100.1

deliver_queue_load_max = 12

queue_only_load = 24

daemon_smtp_ports = 25 : 465 : 587

tls_on_connect_ports = 465

system_filter_user = cpaneleximfilter

system_filter_group = cpaneleximfilter

smtputf8_advertise_hosts = :

openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1

av_scanner = clamd:/var/clamd

timezone = UTC

spamd_address = 127.0.0.1 783 retry=30s tmo=3m

tls_certificate = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.crt} \
        }} \
    }} \
    {/etc/exim.crt} \
}


tls_privatekey = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.key} \
        }} \
    }} \
    {/etc/exim.key} \
}


# +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking.
# +retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled.
log_selector = +incoming_port +smtp_connection +all_parents +retry_defer +subject +arguments +received_recipients


system_filter = /etc/cpanel_exim_system_filter




#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.


#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.




addresslist secondarymx = *@partial-lsearch;/etc/secondarymx

######################################################################
#                  Runtime configuration file for Exim               #
######################################################################


# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################

perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
    We do not authorize the use of this system to transport unsolicited, \n\
    and/or bulk e-mail."


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false



split_spool_directory = yes

smtp_connect_backlog = 50
smtp_accept_max = 100

# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000


# Specify a set of options to control the behavior of OpenSSL. The default is to
# disable SSLv2 and SSLv3 due to weaknesses in these protocols.


# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers





tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl



########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################
#
# cPanel Default ACL Template Version: 116.001
# Template: universal.dist
#
########################################################################################
# DO NOT ALTER THIS BLOCK
########################################################################################

acl_not_smtp:

#BEGIN ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK
# BEGIN INSERT resolve_vhost_owner
warn
        condition   = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
        set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}

# END INSERT resolve_vhost_owner
# BEGIN INSERT end_default_outgoing_notsmtp_checkall
	accept

# END INSERT end_default_outgoing_notsmtp_checkall

#END ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK

#BEGIN ACL-NOT-SMTP-BLOCK

#END ACL-NOT-SMTP-BLOCK

acl_not_smtp_mime:

#BEGIN ACL-NOT-SMTP-MIME-BLOCK
# BEGIN INSERT disallowed_filenames_bl
# Reject inbound mail with potentially dangerous attachments
# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny
  log_message = DENY: disallowed \"$mime_filename\"
  condition = ${if match \
  {${lc:$mime_filename}} \
  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}
  message = Attached file '$mime_filename' has disallowed extension.

accept

# END INSERT disallowed_filenames_bl

#END ACL-NOT-SMTP-MIME-BLOCK

acl_not_smtp_start:

#BEGIN ACL-NOT-SMTP-START-BLOCK

#END ACL-NOT-SMTP-START-BLOCK

acl_smtp_auth:

#BEGIN ACL-SMTP-AUTH-BLOCK

#END ACL-SMTP-AUTH-BLOCK

acl_smtp_connect:

#BEGIN ACL-CONNECT-BLOCK
# BEGIN INSERT blockedcountryips


drop
    message = Your country is not allowed to connect to this server.
    log_message = Country is banned
    hosts = +blocked_incoming_email_country_ips


# END INSERT blockedcountryips
# BEGIN INSERT delay_unknown_hosts


warn
    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 20s


# END INSERT delay_unknown_hosts
# BEGIN INSERT spammerlist


drop
    message = Your host is not allowed to connect to this server.
    log_message = Host is banned
    !hosts = : +skipsmtpcheck_hosts : +trustedmailhosts
    hosts = +spammeripblocks


# END INSERT spammerlist

#END ACL-CONNECT-BLOCK

#BEGIN ACL-CONNECT-POST-BLOCK
# BEGIN INSERT default_connect_post

# do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)
    accept


# END INSERT default_connect_post

#END ACL-CONNECT-POST-BLOCK

acl_smtp_data:

# exiscan only

# exiscan only

#BEGIN ACL-OUTGOING-SMTP-CHECKALL-BLOCK

#END ACL-OUTGOING-SMTP-CHECKALL-BLOCK

#BEGIN ACL-CHECK-MESSAGE-PRE-BLOCK
# BEGIN INSERT default_check_message_pre
#
#  Enabling this will make the server non-rfc compliant
#  require verify = header_sender
#

    accept  hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts

    accept
            authenticated = *
            hosts = *

    accept
            condition = ${extract \
    {size} \
    {${stat:/etc/trustedmailhosts}} \
}
            hosts = +trustedmailhosts

    accept
            condition = ${extract \
    {size} \
    {${stat:/etc/trustedmailhosts}} \
}
            condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}



# END INSERT default_check_message_pre

#END ACL-CHECK-MESSAGE-PRE-BLOCK

#BEGIN ACL-PRE-SPAM-SCAN
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
 accept
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}

# END INSERT mailproviders

#END ACL-PRE-SPAM-SCAN

#BEGIN ACL-SPAM-SCAN-BLOCK
# BEGIN INSERT default_spam_scan

  warn
     # Remove spam headers from outside sources
     condition = ${perl{spamd_is_available}}
     !hosts = +skipsmtpcheck_hosts
     remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report


  warn
    condition = ${perl{spamd_is_available}}
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    # Always make sure cPanel support mail can get through
    !hosts = : +trustedmailhosts : +cpanel_mail_netblocks
    log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
    add_header = X-Spam-Subject: ***SPAM*** $rh_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: ${sg{$spam_report}{\N\n \n\N}{\n}}
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1

  warn
      condition = ${perl{spamd_is_available}}
      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}

  warn
  condition = ${perl{spamd_is_available}}
  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  add_header = X-Spam-Status: No, score=$spam_score
  add_header = X-Spam-Score: $spam_score_int
  add_header = X-Spam-Bar: $spam_bar
  add_header = X-Ham-Report: ${sg{$spam_report}{\N\n \n\N}{\n}}
  add_header = X-Spam-Flag: NO
  log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"



# END INSERT default_spam_scan

#END ACL-SPAM-SCAN-BLOCK

# exiscan only

#BEGIN ACL-EXISCAN-BLOCK
# BEGIN INSERT default_exiscan

	deny message = This message contains a virus or other harmful content ($malware_name)
	     malware = */defer_ok

    warn log_message = Message has been scanned: no virus or other harmful content was found


# END INSERT default_exiscan

#END ACL-EXISCAN-BLOCK
# exiscan only

#BEGIN ACL-RATELIMIT-SPAM-BLOCK

#END ACL-RATELIMIT-SPAM-BLOCK

#BEGIN ACL-SPAM-BLOCK

#END ACL-SPAM-BLOCK

#BEGIN ACL-CHECK-MESSAGE-POST-BLOCK
# BEGIN INSERT default_check_message_post

 accept

# END INSERT default_check_message_post

#END ACL-CHECK-MESSAGE-POST-BLOCK

acl_smtp_etrn:

#BEGIN ACL-SMTP-ETRN-BLOCK

#END ACL-SMTP-ETRN-BLOCK

acl_smtp_helo:

#BEGIN ACL-SMTP-HELO-BLOCK

#END ACL-SMTP-HELO-BLOCK

#BEGIN ACL-SMTP-HELO-POST-BLOCK
# BEGIN INSERT default_smtp_helo

    accept


# END INSERT default_smtp_helo

#END ACL-SMTP-HELO-POST-BLOCK

acl_smtp_mail:

#BEGIN ACL-MAIL-PRE-BLOCK
# BEGIN INSERT default_mail_pre

    # ignore authenticated hosts
    accept
        authenticated = *

    warn
        condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}
        set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

    accept
        hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts



# END INSERT default_mail_pre

#END ACL-MAIL-PRE-BLOCK

#BEGIN ACL-MAIL-BLOCK
# BEGIN INSERT requirehelo

deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL


# END INSERT requirehelo
# BEGIN INSERT requirehelonoforge


drop
    # if ($sender_helo_name eq $primary_hostname) {
    #      if (defined $interface_address) {
    #           return is_loopback($interface_address) ? 0 : 1;  #ok from localhost
    #      } else {
    #            return 0; #exim -bs
    #      }
    # } else {
    #      return 0;
    # }
    condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}}
    message   = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"


drop
    condition = ${if eq{[$interface_address]}{$sender_helo_name}}
    message   = "REJECTED - Interface: $interface_address is _my_ address"

# END INSERT requirehelonoforge

#END ACL-MAIL-BLOCK

#BEGIN ACL-MAIL-POST-BLOCK
# BEGIN INSERT default_mail_post

    accept


# END INSERT default_mail_post

#END ACL-MAIL-POST-BLOCK

acl_smtp_mailauth:

#BEGIN ACL-SMTP-MAILAUTH-BLOCK

#END ACL-SMTP-MAILAUTH-BLOCK

acl_smtp_mime:

#BEGIN ACL-SMTP-MIME-BLOCK
# BEGIN INSERT disallowed_filenames_bl
# Reject inbound mail with potentially dangerous attachments
# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny
  log_message = DENY: disallowed \"$mime_filename\"
  condition = ${if match \
  {${lc:$mime_filename}} \
  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}
  message = Attached file '$mime_filename' has disallowed extension.

accept

# END INSERT disallowed_filenames_bl

#END ACL-SMTP-MIME-BLOCK

acl_smtp_notquit:

#BEGIN ACL-NOTQUIT-BLOCK

#END ACL-NOTQUIT-BLOCK

acl_smtp_predata:

#BEGIN ACL-SMTP-PREDATA-BLOCK

#END ACL-SMTP-PREDATA-BLOCK

acl_smtp_quit:

#BEGIN ACL-SMTP-QUIT-BLOCK

#END ACL-SMTP-QUIT-BLOCK

acl_smtp_rcpt:

#BEGIN ACL-RATELIMIT-BLOCK
# BEGIN INSERT 0tracksenders
# Log all senders' rates
    warn ratelimit = 0 / 1h / strict
    log_message = Sender rate $sender_rate / $sender_rate_period

# END INSERT 0tracksenders

#END ACL-RATELIMIT-BLOCK

#BEGIN ACL-PRE-RECIPIENT-BLOCK
# BEGIN INSERT default_pre_recipient
warn
  !domains = +relay_domains
  set acl_m_outbound_recipient = 1


# END INSERT default_pre_recipient
# BEGIN INSERT delay_unknown_hosts


warn
    !authenticated = *
    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    #only rate limit port 25
    condition = ${if eq {$received_port}{25}{yes}{no}}
    delay = 20s

# END INSERT delay_unknown_hosts
# BEGIN INSERT dkim_disable

 warn
   control = dkim_disable_verify


# END INSERT dkim_disable

#END ACL-PRE-RECIPIENT-BLOCK

#BEGIN ACL-RECIPIENT-BLOCK
# BEGIN INSERT blockeddomains
  deny
    message = Your host is not allowed to connect to this server.
    log_message = Sender domain is banned
    sender_domains = !+local_domains : +blocked_domains

# END INSERT blockeddomains
# BEGIN INSERT default_recipient
  accept
      hosts = :
      endpass
      verify = recipient

  # Accept from any of the domain’s cached remote MX hosts.
  # As an optimization, we only check this for local domains because
  # only local domains will be in the remote MX cache.
  accept
      domains   = +local_domains
      condition = ${if exists {/etc/domain_remote_mx_ips.cdb}{1}{0}}
      hosts     = ${lookup{$domain}cdb{/etc/domain_remote_mx_ips.cdb}}
      endpass
      verify = recipient

  accept
     condition = ${extract{size}{${stat:/etc/skipsmtpcheckhosts}}}
     hosts     = +skipsmtpcheck_hosts
     endpass
     verify = recipient

  # implemented for "suspend incoming email" feature
  deny
       domains     = !$primary_hostname : +local_domains
       condition   = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}}}}}{$value}}/etc/.${sg{$local_part}{\N[/+].*\N}{}}@${domain}.suspended_incoming}}
       message     = 525 5.7.13 Disabled recipient address
       log_message = Mail to ${local_part}@${domain} has been suspended

  # implemented for "suspend outgoing email" feature for domains and individual webmail/pop accounts
  deny
    domains     = ! +local_domains
    condition   = ${perl{check_outgoing_mail_suspended}}
    message     = ${perl{get_outgoing_mail_suspended_message}}
    log_message = ${perl{get_outgoing_mail_suspended_message}}

   # We want the SPF check headers if ARC signing is enabled, but don't need to affect delivery
.ifdef ARCSIGNING
  warn
    spf = neutral
    add_header = ${authresults {$primary_hostname}}
.endif

# END INSERT default_recipient

#END ACL-RECIPIENT-BLOCK
#mailman only

#mailman only

#BEGIN ACL-IDENTIFY-SENDER-BLOCK
# BEGIN INSERT default_identify_sender
# Accept authenticated connections when the connection comes from the main
# account (foo@foo.com, where foo.com's user is foo).  Otherwise, we end up
# unintentionally rejecting mail if the user is set to :fail:.
  accept
          authenticated = *
          condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}}}{$sender_address_local_part}}
          endpass
          verify = recipient

# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off
   deny hosts = ! +loopback : ! +senderverifybypass_hosts
        ! verify = sender

  accept
          authenticated = *
          endpass
          verify = recipient

  # if they used "pop before smtp" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain
  warn
        domains = ! +local_domains
        hosts = ! +loopback
        hosts = +recent_authed_mail_ips
        set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
        add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}}

  # if they used "pop before smtp" then we just accept
  accept
    condition = ${if exists{/etc/popbeforesmtp}{1}{0}}
    hosts = ! +loopback
    hosts = +recent_authed_mail_ips
    endpass
    verify = recipient

  # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled
  accept
    hosts = ! +loopback
    condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{/etc/popbeforesmtp}}}{${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}}{0}}
    set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}
    set acl_c_alwaysrelay = 1
    endpass
    verify = recipient

  #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of
  # a clogged outbox in outlook

   # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user)
   # We need to do it here before we can test the two drops
   warn
       condition = ${if !def:acl_c_authenticated_local_user}
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       condition = ${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}
       set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}

  # drop connections to localhost that are from demo accounts (required for manual connections)
  drop
       condition = ${if def:acl_c_authenticated_local_user}
       condition = ${if !eq{$acl_c_authenticated_local_user}{root}}
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       condition = ${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{1}}
       message   = Demo accounts may not send mail

  # drop connections to localhost that fail auth
  drop
       condition = $authentication_failed
       condition = ${if match_ip{$sender_host_address}{+loopback}}
       message   = Authentication failed

  # we learned this in the acl_smtp_mail block
  accept
    condition = ${if def:acl_c_authenticated_local_user}
    endpass
    verify = recipient


# END INSERT default_identify_sender
# BEGIN INSERT default_message_submission

# Reject unauthenticated relay on port 465
 drop
    condition = ${if eq{$received_port}{465}{1}{0}}
    message = SMTP AUTH is required for message submission on port 465

# Reject unauthenticated relay on port 587
 drop
    condition = ${if eq{$received_port}{587}{1}{0}}
    message = SMTP AUTH is required for message submission on port 587

# END INSERT default_message_submission

#END ACL-IDENTIFY-SENDER-BLOCK



#BEGIN ACL-RECP-VERIFY-BLOCK
# BEGIN INSERT default_recp_verify
  # recipient verification to confirm the address is routable.
  # no callouts to remote systems are performed by default.
  require
    verify = recipient

  # skip content scanning for suspended recipients that are being queued, blackholed or relayed
  accept
    condition = ${extract{suspended}{$address_data}}


# END INSERT default_recp_verify

#END ACL-RECP-VERIFY-BLOCK

#BEGIN ACL-POST-RECP-VERIFY-BLOCK
# BEGIN INSERT dictionary_attack


  warn
    log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)"
    condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
    set acl_m7 = 1

  warn
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack"

  drop
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    message = "Number of failed recipients exceeded.  Come back in a few hours."


# END INSERT dictionary_attack

#END ACL-POST-RECP-VERIFY-BLOCK

#BEGIN ACL-TRUSTEDLIST-BLOCK

#END ACL-TRUSTEDLIST-BLOCK

#BEGIN ACL-RBL-BLOCK

#END ACL-RBL-BLOCK

#BEGIN ACL-MAILAUTH-BLOCK

#END ACL-MAILAUTH-BLOCK

#BEGIN ACL-GREYLISTING-BLOCK

#END ACL-GREYLISTING-BLOCK

#BEGIN ACL-RCPT-HARD-LIMIT-BLOCK
# BEGIN INSERT deny_rcpt_hard_limit
  warn
    log_message = "Number of RCPT commands exceeds hard limit"
    condition = ${if > {${eval:$rcpt_count}}{100}{1}{0}}
    set acl_m7 = 1

  warn
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of RCPT command abuse"

  drop
    condition = ${if eq {${acl_m7}}{1}{1}{0}}
    message = Too many recipients specified.  Come back in a few hours.

# END INSERT deny_rcpt_hard_limit

#END ACL-RCPT-HARD-LIMIT-BLOCK

#BEGIN ACL-RCPT-SOFT-LIMIT-BLOCK
# BEGIN INSERT deny_rcpt_soft_limit
  defer
    condition = ${if > {${eval:$rcpt_count}}{100}{1}{0}}
    message = 452 too many recipients

# END INSERT deny_rcpt_soft_limit

#END ACL-RCPT-SOFT-LIMIT-BLOCK

#BEGIN ACL-SPAM-SCAN-CHECK-BLOCK
# BEGIN INSERT default_spam_scan_check

  # The only problem with this setup is that if the message is for multiple users on the same server
  # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.
  # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.

  warn
         domains    = +local_domains
         condition  = ${if <= {$message_size}{1000K}}
         condition  = ${if !eq{${acl_m0}}{1}}
         condition  = ${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${if eq{$domain}{$primary_hostname}{${sg{$local_part}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}}}}}/.spamassassinenable}}}}
         set acl_m0 = 1

         # $local_part should work here rather than $local_part_data, but
         # $local_part_data sidesteps a taint-checking bug in Exim 4.94.
         #
         # Commit 12b7f811de is advertised as the fix for it, but during
         # testing an Exim built with that change still had the bug.
         # cf. https://www.mail-archive.com/exim-users@exim.org/msg54624.html
         #
         set acl_m1 = ${if eq{$domain}{$primary_hostname}{${sg{$local_part_data}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}


# END INSERT default_spam_scan_check
# BEGIN INSERT spam_scan_secondarymx

  # Support for scanning secondarymx domains

  warn  domains = ! +local_domains : +secondarymx_domains
         condition = ${if <= {$message_size}{1000K}{1}{0}}
          set acl_m0    = 1
          set acl_m1    = cpaneleximscanner



# END INSERT spam_scan_secondarymx

#END ACL-SPAM-SCAN-CHECK-BLOCK

#BEGIN ACL-POST-SPAM-SCAN-CHECK-BLOCK
# BEGIN INSERT delay_unknown_hosts


warn
    #acl_m2 is spam = YES
    condition = ${if eq {${acl_m2}}{1}{1}{0}}
    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks
    delay = 40s

# END INSERT delay_unknown_hosts
# BEGIN INSERT mailproviders
# Research in Motion - Blackberry white list
 warn
     condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}}
     set acl_m0 = 0

# END INSERT mailproviders

#END ACL-POST-SPAM-SCAN-CHECK-BLOCK

#BEGIN ACL-RECIPIENT-POST-BLOCK
# BEGIN INSERT default_recipient_post



  accept  domains = +relay_domains

  deny    message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}}
          log_message = Rejected relay attempt: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain'


# END INSERT default_recipient_post

#END ACL-RECIPIENT-POST-BLOCK

acl_smtp_starttls:

#BEGIN ACL-SMTP-STARTTLS-BLOCK

#END ACL-SMTP-STARTTLS-BLOCK

acl_smtp_vrfy:

#BEGIN ACL-SMTP-SMTP-VRFY-BLOCK

#END ACL-SMTP-SMTP-VRFY-BLOCK

acl_smtp_dkim:

#BEGIN ACL-SMTP-DKIM-BLOCK
# BEGIN INSERT dkim_authres
.ifdef ARCSIGNING
  warn
    condition = ${if def:h_dkim-signature: {yes}{no}}
    add_header = ${authresults {$primary_hostname}}
.endif
.ifndef DKIMREJECT
  accept
.endif

# END INSERT dkim_authres

#END ACL-SMTP-DKIM-BLOCK





begin authenticators


dovecot_plain:
    driver = dovecot
    public_name = PLAIN
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth1
    server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
    server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}



dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
  server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}}
  server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}}



# smarthost authentication disabled





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite




#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#

begin routers




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.




blackhole_dovenull:
    driver= redirect
    local_parts = "@dovenull"
    allow_fail = true
    data = :fail: Unrouteable address

deliver_local_outside_jail:
    driver = manualroute
    require_files = "+/jail_owner"
    # users outside the jail will not be in /etc/passwd => We need to check if $local_part is in /jail_owner
    # we can't just check to see if they exist
    # because we still want to be able to mail root
    domains = +local_domains
    transport = remote_smtp
    route_list = "* 127.0.0.1"
    # self = send allows us to send outside the jail
    # we make sure /home/virtfs does not exist before we get here
    # to be safe
    self = send



suspendedcheck:
    driver = redirect
    domains = +local_domains
    local_parts = ${if eq {$domain} \
        {$primary_hostname} \
        {+path_safe_localparts} \
        {*} \
    }
    require_files = \
        +/etc/exim_suspended_list \
        : +/var/cpanel/suspended/${if eq {$domain} {$primary_hostname} \
            {$local_part} \
            {${lookup \
                {$domain} \
                lsearch{/etc/userdomains} \
                {$value} \
                {::::invalid::::} \
            }} \
        }
    local_part_suffix = +*
    local_part_suffix_optional
    allow_fail
    allow_defer
    allow_freeze
    # Sets r_suspendinfo to the contents of the suspendinfo file,
    # r_suspended_shell to the original shell of the suspended account,
    # r_suspended_redirect to the real mapped redirect setting.
    set = r_suspended_shell=${perl \
        {get_suspended_shell} \
        {${if eq {$domain} {$primary_hostname} \
            {$local_part} \
            {${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        }} \
    }
    # This skips content scanning for the primary account address with
    # live-transfers and handles the special :queue: setting by pretending
    # those are :blackhole: deliveries during address verification
    address_data = \
        router=$router_name \
        ${if \
            !match {${lookup \
                    {$local_part@$domain} \
                    wildlsearch{/etc/exim_suspended_list} \
                    {$value} \
                    {:unknown:} \
            }} \
            {\N^\s*(:unknown:.*)?$\N} \
            { \
                suspended=1 \
                redirect=${quote:${if \
                    !match{${lookup \
                            {$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                    }} \
                    {\N^\s*:\N} \
                    {${if eq \
                        {$verify_mode} \
                        {} \
                        {${lookup{$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                        }} \
                        {:blackhole:} \
                    }} \
                    {${sg \
                        {${lookup {$local_part@$domain} \
                            wildlsearch{/etc/exim_suspended_list} \
                            {$value} \
                            {:unknown:} \
                        }} \
                        {\N^\s*:queue:\N} \
                        {${if eq \
                            {$verify_mode} \
                            {} \
                            {:defer:} \
                            {:blackhole:} \
                        }} \
                    }} \
                }} \
            } \
        }
    data = ${extract \
    {redirect} \
    {$address_data} \
}


# Place holder

democheck:
    driver = redirect
    require_files = "+/etc/demouids"
    condition = ${if >= {$originator_uid}{100}{1}{0}}
    condition = "${extract{size}{${stat:/etc/demouids}}}"
    condition = "${if eq \
        {${lookup \
            {$originator_uid} \
            lsearch{/etc/demouids} \
            {$value} \
        }} \
        {} \
        {false} \
        {true} \
    }"
    allow_fail
    data = :fail: demo accounts are not permitted to relay email

#
# This is to make sure that cpanel@* always passes sender verification
# so that the system notifications don't get rejected by spam filters
# doing a sender verification check.
#
blackhole_cpanel_at:
    driver = redirect
    local_parts = cpanel
    domains = !$primary_hostname
    verify_only
    data = :blackhole:



# cPanel Mail Archiving is disabled


send_to_smart_host:
driver = manualroute
route_list = !+local_domains sg2nlvphout-v01.shr.prod.sin2.secureserver.net
transport = remote_smtp


#
# Handles identification of messages, nobody and webspam and mail trap checks
# in check_mail_permissions and notifies if we are defering a message
#


boxtrapper_autowhitelist:
  driver = accept
  condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if eq{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$sender_ident}}}{0}}}}}}}}
  require_files = "+/usr/local/cpanel/bin/boxtrapper"
  transport = boxtrapper_autowhitelist
  no_verify
  unseen

check_mail_permissions:
    domains = ! +local_domains
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    ignore_target_hosts = +loopback : 64.94.110.0/24
    driver = redirect
    allow_filter
    reply_transport = address_reply
    user = mailnull
    no_verify
    expn = false
    condition = "${perl{check_mail_permissions}}"
    data = "${perl{check_mail_permissions_results}}"


#
#  discover_sender_information is not included
#  because from_rewrites are not enabled
#


#
# If check_mail_permissions needs to defer or fail a message it is done here
#
enforce_mail_permissions:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    allow_defer
    no_verify
    expn = false
    condition = "${perl{enforce_mail_permissions}}"
    data = "${perl{enforce_mail_permissions_results}}"

#
# Increments max emails per hour if needed
#
increment_max_emails_per_hour_if_needed:
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    condition =  ${if eq {$authenticated_id}{root}{0}{1}}
    driver = redirect
    allow_fail
    no_verify
    one_time
    expn = false
    condition = "${perl{increment_max_emails_per_hour_if_needed}}"
    data = ":unknown:"





#
#  reject_forwarded_mail_marked_as_spam is not included
#  because no_forward_outbound_spam and no_forward_outbound_spam_over_int
#  are both disabled
#


# This router routes to a statically defined host from /etc/manualmx
# so that any mail received for the domain will skip MX lookups and attempt to
# deliver the message directly to the specified host.
manualmx:
    driver = manualroute
    domains = +manualmx_domains
    transport = remote_smtp
    route_data = ${lookup \
        {$domain} \
        lsearch{/etc/manualmx} \
    }

#
# lookuphost router
#



#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#
autoreply_dkim_lookuphost:
    driver = manualroute
    route_list = * dedrelay.secureserver.net
    domains = ! +local_domains
    condition = "${perl{sender_domain_can_dkim_sign}}"
    condition = "${if \
        or { \
            {match{$h_precedence:}{auto}} \
            {match{$h_x-precedence:}{auto}} \
        } \
        {1}{0} \
    }"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = dkim_remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
#


dkim_lookuphost:
    driver = manualroute
    route_list = * dedrelay.secureserver.net
    domains = ! +local_domains
    condition = "${perl{sender_domain_can_dkim_sign}}"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {dkim_remote_smtp} {dkim_remote_forwarded_smtp}}
.else
    transport = dkim_remote_smtp
.endif

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
# This matches lookup exactly except we look for X-Precedence and Precedence so
# we can determinte what is an auto responder message in the log.
# Note: there is nothing to
# prevent X-Precedence from being added to non-autoresponded messages so this is for
# logging reasons only
#
# Note: Boxtrapper sets Precedence to auto_reply
#


autoreply_lookuphost:
    driver = manualroute
    route_list = * dedrelay.secureserver.net
    domains = ! +local_domains
    condition = "${if \
        or { \
            {match{$h_precedence:}{auto}} \
            {match{$h_x-precedence:}{auto}} \
        } \
        {1}{0} \
    }"
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp

#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#



lookuphost:
    # router from etc/exim/replacecf/dkim/lookuphost
    driver = manualroute
    route_list = * dedrelay.secureserver.net
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {remote_smtp} {remote_forwarded_smtp}}
.else
    transport = remote_smtp
.endif


# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.


#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = manualroute
    route_list = * dedrelay.secureserver.net
    domains = ! +local_domains
    ignore_target_hosts = +loopback : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
.ifdef SRSENABLED
    # if outbound, and forwarding has been done, use an alternate transport
    transport = ${if eq {$local_part@$domain} \
                        {$original_local_part@$original_domain} \
                     {remote_smtp} {remote_forwarded_smtp}}
.else
    transport = remote_smtp
.endif




#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.


#
# Trap Failures to Remote Domain
#

fail_remote_domains:
    driver = redirect
    domains = ! +local_domains : ! localhost : ! localhost.localdomain
    allow_fail
    data = ${if eq {$verify_mode}{S} \
        {:fail: The mail server does not recognize $local_part@$domain as a valid sender.} \
        {:fail: The mail server could not deliver mail to $local_part@$domain.  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.} \
    }





#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
#  driver = forwardfile
#  file = /etc/spam.filter
#  no_check_local_user
#  no_verify
#  filter
#  allow_system_actions












#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = !$primary_hostname : dsearch;/etc/vfilters
    require_files = "+/etc/vfilters/${domain_data}"
    condition = "${extract \
        {size} \
        {${stat:/etc/vfilters/${domain_data}}} \
    }"
    file = /etc/vfilters/${domain_data}
    file_transport = address_file
    directory_transport = address_directory
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract{6} \
    {:} \
    {${lookup \
        passwd{ \
            ${lookup \
                {$domain_data} \
                lsearch{/etc/userdomains} \
            } \
        } \
    }} \
}:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    reply_transport = address_reply
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    no_verify



#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
#
mainacct_central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname
    condition = ${if eq \
        {${lookup \
            {$local_part_data} \
            lsearch{/etc/domainusers} \
            {$value} \
        }} \
        {} \
        {0} \
        {${if exists \
            {/etc/vfilters/${lookup \
                {$local_part_data} \
                lsearch{/etc/domainusers} \
                {$value} \
            }} \
            {${extract \
                {size} \
                {${stat:/etc/vfilters/${lookup \
                    {$local_part_data} \
                    lsearch{/etc/domainusers} \
                    {$value} \
                }}} \
            }} \
            {0} \
        }} \
    }
    file = "/etc/vfilters/${lookup \
        {$local_part_data} \
        lsearch{/etc/domainusers} \
        {$value} \
    }"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    user = $local_part_data
    group = $local_part_data
    retry_use_local_part
    no_verify

#
# User Level Filtering for the main account
#


central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_local_user
    domains = $primary_hostname

    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter"
    condition = "${extract \
        {size} \
        {${stat:${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter}} \
    }"
    file = "${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}/etc/filter"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{$local_part_data} \
        {$value} \
    }} \
}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    user = $local_part_data
    group = $local_part_data
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

#
# User Level Filtering for virtual users
#


virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data/$local_part_data/filter"
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    local_parts = ${if exists{${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data}{dsearch;${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data}}
    condition = "${extract{size}{${stat:$home/etc/$domain_data/$local_part_data/filter}}}"
    file = "$home/etc/$domain_data/$local_part_data/filter"
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract{6} \
    {:} \
    {${lookup \
        passwd{ \
            ${lookup \
                {$domain_data} \
                lsearch{/etc/userdomains} \
            } \
        } \
    }} \
}:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    reply_transport = address_reply
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify






virtual_aliases_nostar:
    driver = redirect
    allow_defer
    allow_fail
    domains = !$primary_hostname : dsearch;/etc/valiases
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    address_data = \
        "router=$router_name \
        redirect=${quote:${lookup \
            {$local_part@$domain_data} \
            lsearch{/etc/valiases/$domain_data} \
    }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    unseen



virtual_user_overquota:
  driver = redirect
  domains = !$primary_hostname : ${lookup{$domain}lsearch{/etc/userdomains}{${perl{untaint}{$domain}}}}
  require_files = "+$home/etc/$domain_data"
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}

  # NB: On busy servers Dovecot may take several seconds to respond to
  # this request. So we set the timeout generously:
  condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain_data}\nsize=$message_size\n\n}{45s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"

  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  verify_only
  allow_fail







#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = redirect
    local_parts = +path_safe_localparts
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
    require_files = \
        "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/.spamassassinboxenable: \
            +${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    headers_remove="x-uidl"
    data = "${quote_local_part:$local_part}+spam@$domain_data"
    redirect_router = virtual_user



virtual_boxtrapper_user:
  driver = accept
  local_parts = +path_safe_localparts
  domains = !$primary_hostname : ${lookup \
    {$domain} \
    lsearch{/etc/userdomains} \
    {${perl{untaint} \
        {$domain} \
    }} \
}
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/etc/$domain_data/$local_part/.boxtrapperenable:+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  router_home_directory = "${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}"
  headers_remove="x-uidl"
  transport = virtual_boxtrapper_userdelivery

virtual_user:
    driver = accept
    domains = \
        !$primary_hostname \
        : ${lookup \
            {$domain} \
            lsearch{/etc/userdomains} \
            {${perl{untaint}{$domain}}} \
        }
    local_parts = +path_safe_localparts
    require_files = "+${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}/mail/$domain_data/$local_part"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    headers_remove="x-uidl"
    local_part_suffix = +*
    local_part_suffix_optional
    user = mailnull
    group = mail
    transport = dovecot_virtual_delivery
    set = r_bcc_addr=${if forany \
        {${addresses:$h_to:}:${addresses:$h_cc:}} \
        {or { \
            {eqi \
                {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
                {$local_part@$domain_data} \
            } \
            {eqi \
                {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \
                {$original_local_part@$original_domain} \
            } \
        }} \
        {} \
        {$local_part@$domain} \
    }
    set = r_cpanel_user=${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}
    #
    # If the delivery address, original address (forwarded),
    # or address with subaddress is shown on the To: or Cc:
    # lines or the message has the List-Id: or Precedence:
    # header we allow the message to be batched to
    # dovecot LMTP via transport dovecot_virtual_delivery
    #
    # If it does match match the above we do not allow the message
    # to be batched in order to ensure that the Envelope-To: header
    # does not contain a user that was Bcc:ed so savvy recipients
    # cannot see that another email was Bcc:ed in the header
    # via transport dovecot_virtual_delivery_no_batch
    #
    # Note: match_address would be nice here but the second string
    # is not expanded for security reasons
    #




#
# has_alias_but_no_mailbox_discarded_to_prevent_loop required either of the following:
#
# 1. There is an active alias in the valias file
# 2. There is an active autoresponder and the * is set to :fail:
#
has_alias_but_no_mailbox_discarded_to_prevent_loop:
    driver = redirect
    domains = !$primary_hostname : dsearch;/etc/valiases
    condition = ${lookup \
        {$local_part@$domain_data} \
        lsearch{/etc/valiases/$domain_data} \
        {1} \
        {0} \
    }
    condition = "${if forany{<, \
        ${lookup \
            {$local_part@$domain_data} \
            lsearch{/etc/valiases/$domain_data} \
            {$value} \
        }} \
        {!match{$item}{\N/autorespond\N}} \
        {1} \
        {${if match \
            {${lookup \
                {\N*\N} \
                lsearch{/etc/valiases/$domain_data} \
                {$value} \
            }} \
            {:fail:} \
            {1} \
            {0} \
        }} \
    }"
    data=":blackhole:"
    local_part_suffix = +*
    local_part_suffix_optional
    disable_logging = true




.ifdef SRSENABLED

srs_router_pre:
  driver=redirect
  condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
  data=${srs_recipient}



srs_router_pre_failure:
  driver    =    redirect
  # detect inbound bounces which look SRS'd but are invalid
  condition = ${if inbound_srs {$local_part} {}}
  allow_fail
  data      = :fail: Invalid SRS recipient address

.endif








valias_domain_file:
  driver = redirect
  allow_defer
  allow_fail
  domains = !$primary_hostname : dsearch;/etc/vdomainaliases
  user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
  condition = ${lookup {$domain_data} lsearch {/etc/vdomainaliases/$domain_data}{yes}{no} }
  address_data = router=$router_name redirect=${quote:${quote_local_part:$local_part}@${lookup{$domain_data}lsearch{/etc/vdomainaliases/$domain_data}}}
  data = ${extract{redirect}{$address_data}}

virtual_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = !$primary_hostname : dsearch;/etc/valiases
    user = "${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}"
    router_home_directory = ${extract \
    {5} \
    {::} \
    {${lookup \
        passwd{${lookup \
    {$domain_data} \
    lsearch{/etc/userdomains} \
    {$value}}} \
        {$value} \
    }} \
}
    address_data = \
        "router=$router_name \
        redirect=${quote:${lookup \
            {*} \
            lsearch{/etc/valiases/$domain_data} \
        }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_virtual_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_virtual_address_pipe} \
            {virtual_address_pipe} \
        }} \
    }







# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = $primary_hostname : localhost
    address_data = \
        "router=$router_name \
        redirect=${quote: \
            ${lookup \
                {$local_part} \
                lsearch{/etc/aliases} \
            }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = address_pipe
    # user = exim


local_aliases:
    driver = redirect
    allow_defer
    allow_fail
    domains = $primary_hostname : localhost
    address_data = \
        "router=$router_name \
        redirect=${quote: \
            ${lookup \
                {$local_part} \
                lsearch{/etc/localaliases} \
            }}"
    data = ${extract \
    {redirect} \
    {$address_data} \
}
    file_transport = address_file
    pipe_transport = address_pipe
    check_local_user





userforward:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    check_ancestor
    check_local_user
    domains = $primary_hostname
    no_expn
    require_files = "+$home/.forward"
    condition = "${extract{size}{${stat:$home/.forward}}}"
    file = $home/.forward
    file_transport = address_file
    pipe_transport = ${if forall \
        {/bin/cagefs_enter:/usr/sbin/cagefsctl} \
        {exists{$item}} \
        {cagefs_address_pipe} \
        {${if forany \
            {${extract \
    {6} \
    {:} \
    {${lookup \
        passwd{$local_part_data} \
    }} \
} \:$r_suspended_shell} \
            {match{$item}{\N(jail|no)shell\N}} \
            {jailed_address_pipe} \
            {address_pipe} \
        }} \
    }
    reply_transport = address_reply
    directory_transport = address_directory
    user = $local_part_data
    group = $local_part_data
    no_verify




.ifdef SRSENABLED
srs_router:
  driver=redirect
  condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
  data=${srs_recipient}



srs_router_failure:
  driver    =    redirect
  # detect inbound bounces which look SRS'd but are invalid
  condition = ${if inbound_srs {$local_part} {}}
  allow_fail
  data      = :fail: Invalid SRS recipient address

.endif






localuser_root:
    driver = redirect
    allow_fail
    domains = $primary_hostname : localhost
    check_local_user
    condition = ${if eq {$local_part_data}{root}}
    data = :fail: root cannot accept local mail deliveries



localuser_overquota:
  driver = redirect
  domains = $primary_hostname
  check_local_user

  # NB: On busy servers Dovecot may take several seconds to respond to
  # this request. So we set the timeout generously:
  condition =  "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{45s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}"

  data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  verify_only
  allow_fail


#
# Optimized spambox router
#

localuser_spam:
    driver = redirect
    domains = $primary_hostname
    require_files = "+$home/.spamassassinboxenable"
    condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}}
# sets home,user,group
    check_local_user
    headers_remove="x-uidl"
    data = "${quote_local_part:$local_part_data}+spam"
    redirect_router = localuser




boxtrapper_localuser:
  driver = accept
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
  check_local_user
  domains = $primary_hostname
  transport = local_boxtrapper_delivery

localuser:
    driver = accept
# sets home,user,group
    check_local_user
    domains = $primary_hostname
    headers_remove="x-uidl"
    local_part_suffix = +*
    local_part_suffix_optional
    user = mailnull
    group = mail
    transport = dovecot_delivery
    set = r_bcc_addr=${if forany \
        {${addresses:$h_to:}:${addresses:$h_cc:}} \
        {or { \
            { eqi \
                {${extract \
                    {1} \
                    {+} \
                    {${local_part:$item}} \
                }@${domain:$item}} \
                {$local_part@$domain} \
            } \
            { eqi \
                {${extract \
                    {1} \
                    {+} \
                    {${local_part:$item}} \
                }@${domain:$item}} \
                {$original_local_part@$original_domain} \
            } \
        }} \
        {} \
        {$local_part@$domain} \
    }
    set = r_cpanel_user=${local_part}
    #
    # If the delivery address, original address (forwarded),
    # or address with subaddress is shown on the To: or Cc:
    # lines or the message has the List-Id: or Precedence:
    # header we allow the message to be batched to
    # dovecot LMTP via transport dovecot_virtual_delivery
    #
    # If it does match match the above we do not allow the message
    # to be batched in order to ensure that the Envelope-To: header
    # does not contain a user that was Bcc:ed so savvy recipients
    # cannot see that another email was Bcc:ed in the header
    # via transport dovecot_virtual_delivery_no_batch
    #
    # Note: match_address would be nice here but the second string
    # is not expanded for security reasons
    #

# This director matches local user mailboxes.







######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports






# Place holder


remote_smtp:
  driver = smtp
  interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
  helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
  hosts_try_chunking = 198.51.100.1
  message_linelength_limit = 2048



dkim_remote_smtp:
  driver = smtp
  interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
  helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
  dkim_domain = ${perl{get_dkim_domain}}
  dkim_selector = default
  dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
  dkim_canon = relaxed
  hosts_try_chunking = 198.51.100.1
  message_linelength_limit = 2048
.ifdef ARCSIGNING
 arc_sign = $primary_hostname:default:/var/cpanel/domain_keys/private/$primary_hostname:default
.endif




.ifdef SRSENABLED
remote_forwarded_smtp:
    driver      = smtp
    interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
    helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
    max_rcpt    = 1
    return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
    # Disable chunking with empty list:
    hosts_try_chunking = :
    message_linelength_limit = 2048



dkim_remote_forwarded_smtp:
    driver = smtp
    interface = <; ${if > \
    {${extract \
        {size} \
        {${stat:/etc/mailips}} \
    }} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailips} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailips} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailips} \
                {$value} \
                {} \
            }} \
        }} \
    }} \
}
    helo_data = ${if > \
    {${extract{size}{${stat:/etc/mailhelo}}}} \
    {0} \
    {${lookup \
        {${lc:${perl{get_message_sender_domain}}}} \
        lsearch{/etc/mailhelo} \
        {$value} \
        {${lookup \
            {${if match_domain \
                {$original_domain} \
                {+relay_domains} \
                {${lc:$original_domain}} \
                {} \
            }} \
            lsearch{/etc/mailhelo} \
            {$value} \
            {${lookup \
                {${perl{get_sender_from_uid}}} \
                lsearch*{/etc/mailhelo} \
                {$value} \
                {$primary_hostname} \
            }} \
        }} \
    }} \
    {$primary_hostname} \
}
    dkim_domain = ${perl{get_dkim_domain}}
    dkim_selector = default
    dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
    dkim_canon = relaxed
    max_rcpt    = 1
    return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
    # Disable chunking with empty list:
    hosts_try_chunking = :
    message_linelength_limit = 2048
.endif


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.






# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.


address_directory:
  driver = pipe
  command = /usr/libexec/dovecot/dovecot-lda -f ${perl{untaint}{$sender_address}} -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

address_pipe:
    driver = pipe
    return_output

virtual_address_pipe:
    driver = pipe
    return_output

jailed_address_pipe:
    driver = pipe
    force_command
    command = /usr/local/cpanel/bin/jailexec $address_pipe
    return_output

jailed_virtual_address_pipe:
    driver = pipe
    force_command
    command = /usr/local/cpanel/bin/jailexec $address_pipe
    return_output

cagefs_address_pipe:
    driver = pipe
    force_command
    command = /bin/cagefs_enter $address_pipe
    return_output

cagefs_virtual_address_pipe:
    driver = pipe
    force_command
    command = /bin/cagefs_enter $address_pipe
    return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.


address_file:
    driver = pipe
    command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
    message_prefix =
    message_suffix =
    log_output
    delivery_date_add
    envelope_to_add
    return_path_add
    temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



boxtrapper_autowhitelist:
  driver = pipe
  headers_only
  command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${perl{untaint}{$authenticated_id}}"
  user = ${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}
  group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}}{$value}}}}
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



local_boxtrapper_delivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper "${perl{untaint}{$local_part_data}}" $home
  user = $local_part_data
  group = ${extract{3}{:}{${lookup passwd{$local_part_data}{$value}}}}
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78



virtual_boxtrapper_userdelivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper \
    "${perl{untaint}{$local_part}}@${perl{untaint}{$domain}}" \
    $home
  user = "${lookup{${perl{untaint}{$domain}}}lsearch{/etc/userdomains}{$value}}"
  log_output = true
  return_fail_output = true
  return_path_add = false
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

dovecot_delivery:
    driver = lmtp
    socket = /var/run/dovecot/lmtp
    batch_max = 200
    batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}"
    rcpt_include_affixes
    delivery_date_add
    envelope_to_add
    return_path_add

dovecot_virtual_delivery:
    driver = lmtp
    socket = /var/run/dovecot/lmtp
    batch_max = 200
    batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}"
    rcpt_include_affixes
    delivery_date_add
    envelope_to_add
    return_path_add

address_reply:
    driver = autoreply



# cPanel Mail Archiving is disabled









######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry




+secondarymx           *           F,4h,5m; G,16h,1h,1.5; F,4d,8h
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h




# End of Exim 4 configuration

Youez - 2016 - github.com/yon3zu
LinuXploit