{"ok":true,"c":"#!!# cPanel Exim 4 Config\n\nchunking_advertise_hosts=\"\"\n\nhostlist loopback = <; @[]; 127.0.0.0\/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000\/8\n\nhostlist senderverifybypass_hosts = net-iplsearch;\/etc\/senderverifybypasshosts\n\nhostlist skipsmtpcheck_hosts = net-iplsearch;\/etc\/skipsmtpcheckhosts\n\nhostlist spammeripblocks = net-iplsearch;\/etc\/spammeripblocks\n\nhostlist backupmx_hosts = lsearch;\/etc\/backupmxhosts\n\nhostlist trustedmailhosts = lsearch;\/etc\/trustedmailhosts\n\nhostlist recent_authed_mail_ips = net-iplsearch;\/etc\/recent_authed_mail_ips\n\nhostlist neighbor_netblocks = net-iplsearch;\/etc\/neighbor_netblocks\n\nhostlist greylist_trusted_netblocks = net-iplsearch;\/etc\/greylist_trusted_netblocks\n\nhostlist greylist_common_mail_providers = net-iplsearch;\/etc\/greylist_common_mail_providers\n\nhostlist cpanel_mail_netblocks = net-iplsearch;\/etc\/cpanel_mail_netblocks\n\nhostlist recent_recipient_mail_server_ips = net-iplsearch;\/etc\/recent_recipient_mail_server_ips\n\ndomainlist user_domains = ${if exists{\/etc\/userdomains} {lsearch;\/etc\/userdomains} fail}\n\ndomainlist local_domains = lsearch;\/etc\/localdomains\n\ndomainlist secondarymx_domains = lsearch;\/etc\/secondarymx\n\ndomainlist relay_domains = +local_domains : +secondarymx_domains\n\nsmtp_accept_queue_per_connection = 30\n\nremote_max_parallel = 10\n\nsmtp_receive_timeout = 165s\n\nignore_bounce_errors_after = 1d\n\nrfc1413_query_timeout = 0s\n\ntimeout_frozen_after = 5d\n\nauto_thaw = 7d\n\ncallout_domain_negative_expire = 1h\n\ncallout_negative_expire = 1h\n\nacl_not_smtp = acl_not_smtp\n\nacl_smtp_connect = acl_smtp_connect\n\nacl_smtp_data = acl_smtp_data\n\nacl_smtp_helo = acl_smtp_helo\n\nacl_smtp_mail = acl_smtp_mail\n\nacl_smtp_quit = acl_smtp_quit\n\nacl_smtp_notquit = acl_smtp_notquit\n\nacl_smtp_rcpt = acl_smtp_rcpt\n\nmessage_body_newlines = true\n\ncheck_rfc2047_length = false\n\nkeep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR\n\nadd_environment = PATH=\/usr\/local\/sbin::\/usr\/local\/bin::\/sbin::\/bin::\/usr\/sbin::\/usr\/bin::\/sbin::\/bin\n\ndeliver_queue_load_max = 72\n\nqueue_only_load = 144\n\ndaemon_smtp_ports = 25 : 465 : 587\n\ntls_on_connect_ports = 465\n\nsystem_filter_user = cpaneleximfilter\n\nsystem_filter_group = cpaneleximfilter\n\nsmtputf8_advertise_hosts = :\n\nopenssl_options = +no_sslv2 +no_sslv3\n\ntls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS\n\ntimezone = \n\nspamd_address = 127.0.0.1 783 retry=30s tmo=3m\n\ntls_certificate = ${if and \\\n    { \\\n        {gt{$tls_in_sni}{}} \\\n        {!match{$tls_in_sni}{\/}} \\\n    } \\\n    {${if exists {\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined} \\\n        {\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined} \\\n        {${if exists {${sg{\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined}{(.+\/)[^.]+(.+\/combined)}{\\$1*\\$2}}} \\\n            {${sg{\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined}{(.+\/)[^.]+(.+\/combined)}{\\$1*\\$2}}} \\\n            {\/etc\/exim.crt} \\\n        }} \\\n    }} \\\n    {\/etc\/exim.crt} \\\n}\n\n\ntls_privatekey = ${if and \\\n    { \\\n        {gt{$tls_in_sni}{}} \\\n        {!match{$tls_in_sni}{\/}} \\\n    } \\\n    {${if exists {\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined} \\\n        {\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined} \\\n        {${if exists {${sg{\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined}{(.+\/)[^.]+(.+\/combined)}{\\$1*\\$2}}} \\\n            {${sg{\/var\/cpanel\/ssl\/domain_tls\/$tls_in_sni\/combined}{(.+\/)[^.]+(.+\/combined)}{\\$1*\\$2}}} \\\n            {\/etc\/exim.key} \\\n        }} \\\n    }} \\\n    {\/etc\/exim.key} \\\n}\n\n\n# +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking.\n# +retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled.\nlog_selector = +incoming_port +smtp_connection +all_parents +retry_defer +subject +arguments +received_recipients\n\n\nsystem_filter = \/etc\/cpanel_exim_system_filter\n\n\n\n\n#!!# These options specify the Access Control Lists (ACLs) that\n#!!# are used for incoming SMTP messages - after the RCPT and DATA\n#!!# commands, respectively.\n\n\n#!!# This setting defines a named domain list called\n#!!# local_domains, created from the old options that\n#!!# referred to local domains. It will be referenced\n#!!# later on by the syntax \"+local_domains\".\n#!!# Other domain and host lists may follow.\n\n\n\naddresslist secondarymx = *@partial-lsearch;\/etc\/secondarymx\n\n######################################################################\n#                  Runtime configuration file for Exim               #\n######################################################################\n\n\n# This is a default configuration file which will operate correctly in\n# uncomplicated installations. Please see the manual for a complete list\n# of all the runtime configuration options that can be included in a\n# configuration file. There are many more than are mentioned here. The\n# manual is in the file doc\/spec.txt in the Exim distribution as a plain\n# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from\n# the Exim ftp sites. The manual is also online via the Exim web sites.\n\n\n# This file is divided into several parts, all but the last of which are\n# terminated by a line containing the word \"end\". The parts must appear\n# in the correct order, and all must be present (even if some of them are\n# in fact empty). Blank lines, and lines starting with # are ignored.\n\n\n\n######################################################################\n#                    MAIN CONFIGURATION SETTINGS                     #\n######################################################################\n\nperl_startup = do '\/etc\/exim.pl'\n\n#dns_retry = 1\n#dns_retrans = 1s\n\n# Specify your host's canonical name here. This should normally be the fully\n# qualified \"official\" name of your host. If this option is not set, the\n# uname() function is called to obtain the name.\n\nsmtp_banner = \"${primary_hostname} ESMTP Exim ${version_number} \\\n\\#${compile_number} ${tod_full} \\n\\\n  We do not authorize the use of this system to transport unsolicited, \\n\\\n  and\/or bulk e-mail.\"\n\n\n#nobody as the sender seems to annoy people\nuntrusted_set_sender = *\nlocal_from_check = false\n\n\n\nsplit_spool_directory = yes\n\nsmtp_connect_backlog = 50\nsmtp_accept_max = 100\n\n# primary_hostname =\n\n# Specify the domain you want to be added to all unqualified addresses\n# here. An unqualified address is one that does not contain an \"@\" character\n# followed by a domain. For example, \"caesar@rome.ex\" is a fully qualified\n# address, but the string \"caesar\" (i.e. just a login name) is an unqualified\n# email address. Unqualified addresses are accepted only from local callers by\n# default. See the receiver_unqualified_{hosts,nets} options if you want\n# to permit unqualified addresses from remote sources. If this option is\n# not set, the primary_hostname value is used for qualification.\n\n# qualify_domain =\n\n\n# If you want unqualified recipient addresses to be qualified with a different\n# domain to unqualified sender addresses, specify the recipient domain here.\n# If this option is not set, the qualify_domain value is used.\n\n# qualify_recipient =\n\n\n# Specify your local domains as a colon-separated list here. If this option\n# is not set (i.e. not mentioned in the configuration file), the\n# qualify_recipient value is used as the only local domain. If you do not want\n# to do any local deliveries, uncomment the following line, but do not supply\n# any data for it. This sets local_domains to an empty string, which is not\n# the same as not mentioning it at all. An empty string specifies that there\n# are no local domains; not setting it at all causes the default value (the\n# setting of qualify_recipient) to be used.\n\n\n\n#!!# message_filter renamed system_filter\nmessage_body_visible = 5000\n\n\n# Specify a set of options to control the behavior of OpenSSL. The default is to\n# disable SSLv2 and SSLv3 due to weaknesses in these protocols.\n\n\n# If you want to accept mail addressed to your host's literal IP address, for\n# example, mail addressed to \"user@[111.111.111.111]\", then uncomment the\n# following line, or supply the literal domain(s) as part of \"local_domains\"\n# above.\n\n# local_domains_include_host_literals\n\n\n# No local deliveries will ever be run under the uids of these users (a colon-\n# separated list). An attempt to do so gets changed so that it runs under the\n# uid of \"nobody\" instead. This is a paranoic safety catch. Note the default\n# setting means you cannot deliver mail addressed to root as if it were a\n# normal user. This isn't usually a problem, as most sites have an alias for\n# root that redirects such mail to a human administrator.\n\nnever_users = root\n\n\n# The use of your host as a mail relay by any host, including the local host\n# calling its own SMTP port, is locked out by default. If you want to permit\n# relaying from the local host, you should set\n#\n# host_accept_relay = localhost\n#\n# If you want to permit relaying through your host from certain hosts or IP\n# networks, you need to set the option appropriately, for example\n#\n#\n#\n# If you are an MX backup or gateway of some kind for some domains, you must\n# set relay_domains to match those domains. This will allow any host to\n# relay through your host to those domains.\n#\n# See the section of the manual entitled \"Control of relaying\" for more\n# information.\n\n# The setting below causes Exim to do a reverse DNS lookup on all incoming\n# IP calls, in order to get the true host name. If you feel this is too\n# expensive, you can specify the networks for which a lookup is done, or\n# remove the setting entirely.\n\n#host_lookup = 0.0.0.0\/0\n\n\n# By default, Exim expects all envelope addresses to be fully qualified, that\n# is, they must contain both a local part and a domain. If you want to accept\n# unqualified addresses (just a local part) from certain hosts, you can specify\n# these hosts by setting one or both of\n#\n# receiver_unqualified_hosts =\n# sender_unqualified_hosts =\n#\n# to control sender and receiver addresses, respectively. When this is done,\n# unqualified addresses are qualified using the settings of qualify_domain\n# and\/or qualify_recipient (see above).\n\n\n# Exim contains support for the Realtime Blocking List (RBL) that is being\n# maintained as part of the DNS. See http:\/\/maps.vix.com\/rbl\/ for background.\n# Uncommenting the first line below will make Exim reject mail from any\n# host whose IP address is blacklisted in the RBL at maps.vix.com. Some\n# others have followed the RBL lead and have produced other lists: DUL is\n# a list of dial-up addresses, and ORBS is a list of open relay systems. The\n# second line below checks all three lists.\n\n# rbl_domains = rbl.maps.vix.com\n# rbl_domains = rbl.maps.vix.com\n\n\n# If you want Exim to support the \"percent hack\" for all your local domains,\n# uncomment the following line. This is the feature by which mail addressed\n# to x%y@z (where z is one of your local domains) is locally rerouted to\n# x@y and sent on. Otherwise x%y is treated as an ordinary local part.\n\n# percent_hack_domains = *\n\n#sender_host_accept = +include_unknown:*\n#sender_host_reject = +include_unknown:lsearch*;\/etc\/spammers\n\n\n\n\n\ntls_advertise_hosts = *\n\nhelo_accept_junk_hosts = *\n\nsmtp_enforce_sync = false\n\n\n#!!#######################################################!!#\n#!!# This new section of the configuration contains ACLs #!!#\n#!!# (Access Control Lists) derived from the Exim 3      #!!#\n#!!# policy control options.                             #!!#\n#!!#######################################################!!#\n\n#!!# These ACLs are crudely constructed from Exim 3 options.\n#!!# They are almost certainly not optimal. You should study\n#!!# them and rewrite as necessary.\n\nbegin acl\n\n\n\n########################################################################################\n# DO NOT ALTER THIS BLOCK\n########################################################################################\n#\n# cPanel Default ACL Template Version: 10.9911\n# Template: universal.dist\n#\n########################################################################################\n# DO NOT ALTER THIS BLOCK\n########################################################################################\n\nacl_not_smtp:\n\n#BEGIN ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK\n# BEGIN INSERT resolve_vhost_owner\nwarn\n        condition   = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}\n        set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}\n\n# END INSERT resolve_vhost_owner\n# BEGIN INSERT end_default_outgoing_notsmtp_checkall\n\taccept\n\n# END INSERT end_default_outgoing_notsmtp_checkall\n\n#END ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK\n\n#BEGIN ACL-NOT-SMTP-BLOCK\n\n#END ACL-NOT-SMTP-BLOCK\n\nacl_not_smtp_mime:\n\n#BEGIN ACL-NOT-SMTP-MIME-BLOCK\n\n#END ACL-NOT-SMTP-MIME-BLOCK\n\nacl_not_smtp_start:\n\n#BEGIN ACL-NOT-SMTP-START-BLOCK\n\n#END ACL-NOT-SMTP-START-BLOCK\n\nacl_smtp_auth:\n\n#BEGIN ACL-SMTP-AUTH-BLOCK\n\n#END ACL-SMTP-AUTH-BLOCK\n\nacl_smtp_connect:\n\n#BEGIN ACL-CONNECT-BLOCK\n# BEGIN INSERT delay_unknown_hosts\n\n\nwarn\n    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks\n    #only rate limit port 25\n    condition = ${if eq {$received_port}{25}{yes}{no}}\n    delay = 20s\n\n\n# END INSERT delay_unknown_hosts\n# BEGIN INSERT ratelimit\n\n    accept\n        hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts\n\n    accept\n        hosts = +trustedmailhosts\n\n    accept\n        condition = ${if match_ip{$sender_host_address}{net-iplsearch;\/etc\/trustedmailhosts}{1}{0}}\n\n    defer\n        #only rate limit port 25\n        condition = ${if eq {$received_port}{25}{yes}{no}}\n        message = The server has reached its limit for processing requests from your host.  Please try again later.\n        log_message = \"Host is ratelimited ($sender_rate\/$sender_rate_period max:$sender_rate_limit)\"\n        ratelimit = 1.2 \/ 1h \/ strict \/ per_conn \/ noupdate\n\n\n# END INSERT ratelimit\n# BEGIN INSERT slow_fail_block\n   warn\n        #only rate limit port 25\n        condition = ${if eq {$received_port}{25}{yes}{no}}\n        # host had a success in the last hour\n        ratelimit = 1 \/ 1h \/ noupdate \/ per_conn \/ slow_fail_accept_$sender_host_address\n        set acl_m4 = 1\n\n   defer\n        #only rate limit port 25\n        condition = ${if eq {$received_port}{25}{yes}{no}}\n        condition = ${if eq {${acl_m4}}{1}{0}{1}}\n        log_message = \"Host is ratelimited due to multiple failure only connections ($sender_rate\/$sender_rate_period max:$sender_rate_limit)\"\n        ratelimit = 5 \/ 1h \/ noupdate \/ per_conn \/ slow_fail_block_$sender_host_address\n\n\n# END INSERT slow_fail_block\n# BEGIN INSERT spammerlist\n\n\ndrop\n    message = Your host is not allowed to connect to this server.\n    log_message = Host is banned\n    hosts = +spammeripblocks\n\n\n# END INSERT spammerlist\n\n#END ACL-CONNECT-BLOCK\n\n#BEGIN ACL-CONNECT-POST-BLOCK\n# BEGIN INSERT default_connect_post\n\n# do not change the comment in the line below, it is required for \/usr\/local\/cpanel\/bin\/check_exim_config\n#acl_smtp_notquit is required for this to work (exim 4.68)\n    accept\n\n\n# END INSERT default_connect_post\n\n#END ACL-CONNECT-POST-BLOCK\n\nacl_smtp_data:\n\n# exiscan only\n\n# exiscan only\n\n#BEGIN ACL-OUTGOING-SMTP-CHECKALL-BLOCK\n\n#END ACL-OUTGOING-SMTP-CHECKALL-BLOCK\n\n#BEGIN ACL-CHECK-MESSAGE-PRE-BLOCK\n# BEGIN INSERT default_check_message_pre\n#\n#  Enabling this will make the server non-rfc compliant\n#  require verify = header_sender\n#\n\n    accept  hosts = : +loopback : +recent_authed_mail_ips\n\n    accept\n            authenticated = *\n            hosts = *\n\n    accept\n            condition = ${extract{size}{${stat:\/etc\/trustedmailhosts}}}\n            hosts = +trustedmailhosts\n\n    accept\n            condition = ${extract{size}{${stat:\/etc\/trustedmailhosts}}}\n            condition = ${if match_ip{$sender_host_address}{net-iplsearch;\/etc\/trustedmailhosts}{1}{0}}\n\n\n\n# END INSERT default_check_message_pre\n\n#END ACL-CHECK-MESSAGE-PRE-BLOCK\n\n#BEGIN ACL-PRE-SPAM-SCAN\n# BEGIN INSERT mailproviders\n# Research in Motion - Blackberry white list\n accept\n     condition = ${if exists {\/etc\/mailproviders\/rim\/ips}{${if match_ip{$sender_host_address}{iplsearch;\/etc\/mailproviders\/rim\/ips}{1}{0}}}{0}}\n\n# END INSERT mailproviders\n\n#END ACL-PRE-SPAM-SCAN\n\n#BEGIN ACL-SPAM-SCAN-BLOCK\n# BEGIN INSERT default_spam_scan\n\n  warn\n     # Remove spam headers from outside sources\n     remove_header  = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report\n\n\n  warn\n    condition = ${if eq {${acl_m0}}{1}{1}{0}}\n    spam =  ${acl_m1}\/defer_ok\n    # Always make sure cPanel support mail can get through\n    !hosts = : +trustedmailhosts : +cpanel_mail_netblocks\n    log_message = \"SpamAssassin as ${acl_m1} detected message as spam ($spam_score)\"\n    add_header = X-Spam-Subject: ***SPAM*** $rh_subject\n    add_header = X-Spam-Status: Yes, score=$spam_score\n    add_header = X-Spam-Score: $spam_score_int\n    add_header = X-Spam-Bar: $spam_bar\n    add_header = X-Spam-Report: $spam_report\n    add_header = X-Spam-Flag: YES\n    set acl_m2 = 1\n\n  warn\n      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}\n\n  warn\n  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}\n  add_header = X-Spam-Status: No, score=$spam_score\n  add_header = X-Spam-Score: $spam_score_int\n  add_header = X-Spam-Bar: $spam_bar\n  add_header = X-Ham-Report: $spam_report\n  add_header = X-Spam-Flag: NO\n  log_message = \"SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)\"\n\n\n\n# END INSERT default_spam_scan\n\n#END ACL-SPAM-SCAN-BLOCK\n\n# exiscan only\n\n# exiscan only\n\n#BEGIN ACL-RATELIMIT-SPAM-BLOCK\n\n#END ACL-RATELIMIT-SPAM-BLOCK\n\n#BEGIN ACL-SPAM-BLOCK\n\n#END ACL-SPAM-BLOCK\n\n#BEGIN ACL-CHECK-MESSAGE-POST-BLOCK\n# BEGIN INSERT default_check_message_post\n\n accept\n\n# END INSERT default_check_message_post\n\n#END ACL-CHECK-MESSAGE-POST-BLOCK\n\nacl_smtp_etrn:\n\n#BEGIN ACL-SMTP-ETRN-BLOCK\n\n#END ACL-SMTP-ETRN-BLOCK\n\nacl_smtp_helo:\n\n#BEGIN ACL-SMTP-HELO-BLOCK\n\n#END ACL-SMTP-HELO-BLOCK\n\n#BEGIN ACL-SMTP-HELO-POST-BLOCK\n# BEGIN INSERT default_smtp_helo\n\n    accept\n\n\n# END INSERT default_smtp_helo\n\n#END ACL-SMTP-HELO-POST-BLOCK\n\nacl_smtp_mail:\n\n#BEGIN ACL-MAIL-PRE-BLOCK\n# BEGIN INSERT default_mail_pre\n\n    # ignore authenticated hosts\n    accept\n        authenticated = *\n\n    warn\n        condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}\n        set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}\n\n    accept\n        hosts = : +loopback : +recent_authed_mail_ips\n\n\n\n# END INSERT default_mail_pre\n\n#END ACL-MAIL-PRE-BLOCK\n\n#BEGIN ACL-MAIL-BLOCK\n# BEGIN INSERT requirehelo\n\ndeny\n    condition = ${if eq{$sender_helo_name}{}}\n    message   = HELO required before MAIL\n\n\n# END INSERT requirehelo\n# BEGIN INSERT requirehelonoforge\n\n\ndrop\n    # if ($sender_helo_name eq $primary_hostname) {\n    #      if (defined $interface_address) {\n    #           return is_loopback($interface_address) ? 0 : 1;  #ok from localhost\n    #      } else {\n    #            return 0; #exim -bs\n    #      }\n    # } else {\n    #      return 0;\n    # }\n    condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}}\n    message   = \"REJECTED - Bad HELO - Host impersonating [$sender_helo_name]\"\n\n\ndrop\n    condition = ${if eq{[$interface_address]}{$sender_helo_name}}\n    message   = \"REJECTED - Interface: $interface_address is _my_ address\"\n\n# END INSERT requirehelonoforge\n# BEGIN INSERT requirehelosyntax\n\ndrop\n    condition   = ${if isip{$sender_helo_name}}\n    message     = Access denied - Invalid HELO name (See RFC2821 4.1.3)\n\ndrop\n    # Required because \"[IPv6:<address>]\" will have no .s\n    condition   = ${if match{$sender_helo_name}{\\N^\\[\\N}{no}{yes}}\n    condition   = ${if match{$sender_helo_name}{\\N\\.\\N}{no}{yes}}\n    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)\n\ndrop\n    condition   = ${if match{$sender_helo_name}{\\N\\.$\\N}}\n    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)\n\ndrop\n    condition   = ${if match{$sender_helo_name}{\\N\\.\\.\\N}}\n    message     = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)\n\n# END INSERT requirehelosyntax\n\n#END ACL-MAIL-BLOCK\n\n#BEGIN ACL-MAIL-POST-BLOCK\n# BEGIN INSERT default_mail_post\n\n    accept\n\n\n# END INSERT default_mail_post\n\n#END ACL-MAIL-POST-BLOCK\n\nacl_smtp_mailauth:\n\n#BEGIN ACL-SMTP-MAILAUTH-BLOCK\n\n#END ACL-SMTP-MAILAUTH-BLOCK\n\nacl_smtp_mime:\n\n#BEGIN ACL-SMTP-MIME-BLOCK\n\n#END ACL-SMTP-MIME-BLOCK\n\nacl_smtp_notquit:\n\n#BEGIN ACL-NOTQUIT-BLOCK\n# BEGIN INSERT ratelimit\n\n# ignore authenticated hosts\naccept authenticated = *\n\naccept hosts = : +recent_authed_mail_ips : +loopback\n\nwarn\n    #only rate limit port 25\n    condition = ${if eq {$received_port}{25}{yes}{no}}\n    condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}\n    log_message = \"Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate\/$sender_rate_period max:$sender_rate_limit)\"\n    ratelimit = 1.2 \/ 1h \/ strict \/ per_conn\n\n\n# END INSERT ratelimit\n\n#END ACL-NOTQUIT-BLOCK\n\nacl_smtp_predata:\n\n#BEGIN ACL-SMTP-PREDATA-BLOCK\n\n#END ACL-SMTP-PREDATA-BLOCK\n\nacl_smtp_quit:\n\n#BEGIN ACL-SMTP-QUIT-BLOCK\n# BEGIN INSERT slow_fail_block\n\n  warn\n    log_message = \"Detected session with all messages failed\"\n    condition = ${if >= {${eval:$rcpt_count}}{1}{${if == {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}\n    set acl_m6 = 1\n\n  warn\n    condition = ${if eq {${acl_m6}}{1}{1}{0}}\n    ratelimit = 0 \/ 1h \/ strict \/ per_conn \/ slow_fail_block_$sender_host_address\n    log_message = \"Increment slow_fail_block Ratelimit - $sender_fullhost because of all messages failed\"\n\n  warn\n    ratelimit = 1 \/ 1h \/ noupdate \/ per_conn \/ slow_fail_block_$sender_host_address\n    condition = ${if >= {${eval:$rcpt_count}}{1}{${if < {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}}\n    set acl_m5 = 1\n    log_message = \"Detected session with ok message that previous had all failed\"\n\n  warn\n    condition = ${if eq {${acl_m5}}{1}{1}{0}}\n    ratelimit = 0 \/ 1h \/ strict \/ per_conn \/ slow_fail_accept_$sender_host_address\n    log_message = \"Decrement slow_fail_lock Ratelimit - $sender_fullhost because one message was successful\"\n\n\n\n# END INSERT slow_fail_block\n\n#END ACL-SMTP-QUIT-BLOCK\n\nacl_smtp_rcpt:\n\n#BEGIN ACL-RATELIMIT-BLOCK\n\n#END ACL-RATELIMIT-BLOCK\n\n#BEGIN ACL-PRE-RECIPIENT-BLOCK\n# BEGIN INSERT delay_unknown_hosts\n\n\nwarn\n    !authenticated = *\n    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks\n    #only rate limit port 25\n    condition = ${if eq {$received_port}{25}{yes}{no}}\n    delay = 20s\n\n# END INSERT delay_unknown_hosts\n# BEGIN INSERT dkim_disable\n\n warn\n   control = dkim_disable_verify\n\n\n# END INSERT dkim_disable\n\n#END ACL-PRE-RECIPIENT-BLOCK\n\n#BEGIN ACL-RECIPIENT-BLOCK\n# BEGIN INSERT default_recipient\n  accept  hosts = :\n\n  accept\n     condition = ${extract{size}{${stat:\/etc\/skipsmtpcheckhosts}}}\n     hosts = +skipsmtpcheck_hosts\n\n  # implemented for \"suspend incoming email\" feature\n  deny\n       domains = +local_domains\n       condition = ${if exists {${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/etc\/\\.$local_part\\@$domain\\.suspended_incoming}}\n       message = Mail to ${lc:$local_part@$domain} has been suspended\n       log_message = Mail to ${lc:$local_part@$domain} has been suspended\n\n  # implemented for \"suspend outgoing email\" feature for domains and individual webmail\/pop accounts\n  deny\n    domains = ! +local_domains\n    condition = ${perl{check_outgoing_mail_suspended}}\n    message = ${perl{get_outgoing_mail_suspended_message}}\n    log_message = ${perl{get_outgoing_mail_suspended_message}}\n\n\n# END INSERT default_recipient\n\n#END ACL-RECIPIENT-BLOCK\n#mailman only\n\n#BEGIN ACL-RECIPIENT-MAILMAN-BLOCK\n# BEGIN INSERT default_recipient_mailman\n\n # Accept bounces to lists even if callbacks or other checks would fail\n  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes\n           condition    = \\\n           ${if and {{match{$local_part}{(.*)-bounces\\+.*}} \\\n                     {exists {\/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc:$1}\/config.pck}}} \\\n                {yes}{no}}\n\n  accept   condition    = \\\n           ${if and {{match{$local_part}{(.*)-bounces\\+.*}} \\\n                     {exists {\/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc:$1}\/config.pck}}} \\\n                {yes}{no}}\n\n\n  # Accept bounces to lists even if callbacks or other checks would fail\n  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes\n           condition    = \\\n           ${if and {{match{$local_part}{(.*)-bounces\\+.*}} \\\n                     {exists {\/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc:$1}_${lc:$domain}\/config.pck}}} \\\n                {yes}{no}}\n\n  accept   condition    = \\\n           ${if and {{match{$local_part}{(.*)-bounces\\+.*}} \\\n                     {exists {\/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc:$1}_${lc:$domain}\/config.pck}}} \\\n                {yes}{no}}\n\n  #if it gets here it isn't mailman\n\n\n# END INSERT default_recipient_mailman\n\n#END ACL-RECIPIENT-MAILMAN-BLOCK\n#mailman only\n\n#BEGIN ACL-IDENTIFY-SENDER-BLOCK\n# BEGIN INSERT default_identify_sender\n# Accept authenticated connections when the connection comes from the main\n# account (foo@foo.com, where foo.com's user is foo).  Otherwise, we end up\n# unintentionally rejecting mail if the user is set to :fail:.\n  accept\n          authenticated = *\n          hosts = *\n          condition = ${if eq{${lookup{$sender_address_domain}lsearch{\/etc\/userdomains}{$value}}}{$sender_address_local_part}{1}{0}}\n\n# deny must be on the same line as hosts so it will get removed by buildeximconf if turned off\n   deny hosts = ! +loopback : ! +senderverifybypass_hosts\n        ! verify = sender\n\n  accept  hosts = *\n          authenticated = *\n\n  # if they used \"pop before smtp\" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain\n  warn\n        domains = ! +local_domains\n        hosts = ! +loopback\n        hosts = +recent_authed_mail_ips\n        set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}\n        add_header = ${if exists{\/etc\/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}}\n\n  # if they used \"pop before smtp\" then we just accept\n  accept\n    condition = ${if exists{\/etc\/popbeforesmtp}{1}{0}}\n    hosts = ! +loopback\n    hosts = +recent_authed_mail_ips\n\n  # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled\n  warn\n    hosts = ! +loopback\n    condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{\/etc\/popbeforesmtp}}}{${if exists {\/etc\/alwaysrelay}{${lookup{$sender_host_address}iplsearch{\/etc\/alwaysrelay}{1}{0}}}{0}}}{0}}\n    set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}}\n    set acl_c_alwaysrelay = 1\n\n  accept\n    condition = $acl_c_alwaysrelay\n\n  #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of\n  # a clogged outbox in outlook\n\n   # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user)\n   # We need to do it here before we can test the two drops\n   warn\n       condition = ${if def:acl_c_authenticated_local_user {0}{${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}}}}\n       set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}}\n\n  # drop connections to localhost that are from demo accounts (required for manual connections)\n  drop\n       condition = ${if eq{$acl_c_authenticated_local_user}{root}{0}{1}}\n       condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \\\n                             {def:acl_c_authenticated_local_user}} \\\n                      {${lookup{$acl_c_authenticated_local_user}lsearch{\/etc\/demousers}{yes}{no}}}{no}}\n       message   = Demo accounts may not send mail\n\n  # drop connections to localhost that fail auth (required for Horde)\n  drop\n       condition = ${if and {{match_ip{$sender_host_address}{+loopback}} \\\n                             {def:authentication_failed}} \\\n                      {$authentication_failed}{no}}\n       message   = Authentication failed\n\n  # we learned this in the acl_smtp_mail block\n  accept\n    condition = ${if def:acl_c_authenticated_local_user {yes}{no}}\n\n\n\n# END INSERT default_identify_sender\n# BEGIN INSERT default_message_submission\n\n# Reject unauthenticated relay on port 587\n drop\n    condition = ${if eq{$received_port}{587}{1}{0}}\n    message = SMTP AUTH is required for message submission on port 587\n\n# END INSERT default_message_submission\n\n#END ACL-IDENTIFY-SENDER-BLOCK\n\n\n\n#BEGIN ACL-RECP-VERIFY-BLOCK\n# BEGIN INSERT default_recp_verify\n   #recipient verifications are required for all messages that are not sent to the local machine    #this was done at multiple users requests\n    require verify = recipient\n\n\n\n# END INSERT default_recp_verify\n\n#END ACL-RECP-VERIFY-BLOCK\n\n#BEGIN ACL-POST-RECP-VERIFY-BLOCK\n# BEGIN INSERT dictionary_attack\n\n\n  warn\n    log_message = \"Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)\"\n    condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}\n    set acl_m7 = 1\n\n  warn\n    condition = ${if eq {${acl_m7}}{1}{1}{0}}\n    ratelimit = 0 \/ 1h \/ strict \/ per_conn\n    log_message = \"Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack\"\n\n  drop\n    condition = ${if eq {${acl_m7}}{1}{1}{0}}\n    message = \"Number of failed recipients exceeded.  Come back in a few hours.\"\n\n\n# END INSERT dictionary_attack\n\n#END ACL-POST-RECP-VERIFY-BLOCK\n\n#BEGIN ACL-TRUSTEDLIST-BLOCK\n\n#END ACL-TRUSTEDLIST-BLOCK\n\n#BEGIN ACL-RBL-BLOCK\n\n#END ACL-RBL-BLOCK\n\n#BEGIN ACL-MAILAUTH-BLOCK\n\n#END ACL-MAILAUTH-BLOCK\n\n#BEGIN ACL-GREYLISTING-BLOCK\n\n#END ACL-GREYLISTING-BLOCK\n\n#BEGIN ACL-RCPT-HARD-LIMIT-BLOCK\n\n#END ACL-RCPT-HARD-LIMIT-BLOCK\n\n#BEGIN ACL-RCPT-SOFT-LIMIT-BLOCK\n\n#END ACL-RCPT-SOFT-LIMIT-BLOCK\n\n#BEGIN ACL-SPAM-SCAN-CHECK-BLOCK\n# BEGIN INSERT default_spam_scan_check\n\n    # The only problem with this setup is that if the message is for multiple users on the same server\n    # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used.\n    # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase.\n\n\n  warn  domains = ! ${primary_hostname} : +local_domains\n         condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{\/etc\/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/.spamassassinenable}{1}{0}}}}}}}{0}}\n         set acl_m0    = 1\n         set acl_m1    = ${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\n\n  warn  domains = ${primary_hostname}\n          condition = ${if <= {$message_size}{200K}{${if eq {${acl_m0}}{1}{0}{${if exists{\/etc\/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}\/.spamassassinenable}{1}{0}}}}}}}{0}}\n          set acl_m0    = 1\n          set acl_m1    = $local_part\n\n\n\n# END INSERT default_spam_scan_check\n# BEGIN INSERT spam_scan_secondarymx\n\n  # Support for scanning secondarymx domains\n\n  warn  domains = ! +local_domains : +secondarymx_domains\n         condition = ${if <= {$message_size}{200K}{1}{0}}\n          set acl_m0    = 1\n          set acl_m1    = cpaneleximscanner\n\n\n\n# END INSERT spam_scan_secondarymx\n\n#END ACL-SPAM-SCAN-CHECK-BLOCK\n\n#BEGIN ACL-POST-SPAM-SCAN-CHECK-BLOCK\n# BEGIN INSERT delay_unknown_hosts\n\n\nwarn\n    #acl_m2 is spam = YES\n    condition = ${if eq {${acl_m2}}{1}{1}{0}}\n    !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks\n    delay = 40s\n\n# END INSERT delay_unknown_hosts\n# BEGIN INSERT mailproviders\n# Research in Motion - Blackberry white list\n warn\n     condition = ${if exists {\/etc\/mailproviders\/rim\/ips}{${if match_ip{$sender_host_address}{iplsearch;\/etc\/mailproviders\/rim\/ips}{1}{0}}}{0}}\n     set acl_m0 = 0\n\n# END INSERT mailproviders\n\n#END ACL-POST-SPAM-SCAN-CHECK-BLOCK\n\n#BEGIN ACL-RECIPIENT-POST-BLOCK\n# BEGIN INSERT default_recipient_post\n\n\n\n  accept  domains = +relay_domains\n\n  deny    message = ${expand:${lookup{host_accept_relay}lsearch{\/etc\/eximrejects}{$value}}}\n          log_message = Rejected relay attempt: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain'\n\n\n# END INSERT default_recipient_post\n\n#END ACL-RECIPIENT-POST-BLOCK\n\nacl_smtp_starttls:\n\n#BEGIN ACL-SMTP-STARTTLS-BLOCK\n\n#END ACL-SMTP-STARTTLS-BLOCK\n\nacl_smtp_vrfy:\n\n#BEGIN ACL-SMTP-SMTP-VRFY-BLOCK\n\n#END ACL-SMTP-SMTP-VRFY-BLOCK\n\nacl_smtp_dkim:\n\n#BEGIN ACL-SMTP-DKIM-BLOCK\n\n#END ACL-SMTP-DKIM-BLOCK\n\n\n\n\n\nbegin authenticators\n\n\ndovecot_plain:\n    driver = dovecot\n    public_name = PLAIN\n    server_socket = \/var\/run\/dovecot\/auth-client\n    server_set_id = $auth1\n    server_condition = ${if and {{!match {$auth1}{\\N[\/]\\N}}{eq{${if match {$auth1}{\\N[+%:@]\\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{\/etc\/demodomains}{yes}}}{${lookup{$auth1}lsearch{\/etc\/demousers}{yes}}}}}{}}}{true}{false}}\n\n\n\ndovecot_login:\n  driver = dovecot\n  public_name = LOGIN\n  server_socket = \/var\/run\/dovecot\/auth-client\n  server_set_id = $auth1\n  server_condition = ${if and {{!match {$auth1}{\\N[\/]\\N}}{eq{${if match {$auth1}{\\N[+%:@]\\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{\/etc\/demodomains}{yes}}}{${lookup{$auth1}lsearch{\/etc\/demousers}{yes}}}}}{}}}{true}{false}}\n\n\n\n\n\n\n######################################################################\n#                      REWRITE CONFIGURATION                         #\n######################################################################\n\n# There are no rewriting specifications in this default configuration file.\n\nbegin rewrite\n\n\n\n\n#!!#######################################################!!#\n#!!# Here follow routers created from the old routers,   #!!#\n#!!# for handling non-local domains.                     #!!#\n#!!#######################################################!!#\n\nbegin routers\n\n\n\n\n######################################################################\n#                      ROUTERS CONFIGURATION                         #\n#            Specifies how remote addresses are handled              #\n######################################################################\n#                          ORDER DOES MATTER                         #\n#  A remote address is passed to each in turn until it is accepted.  #\n######################################################################\n\n# Remote addresses are those with a domain that does not match any item\n# in the \"local_domains\" setting above.\n\n\n\n\ndeliver_local_outside_jail:\n    driver = manualroute\n    require_files = \"+\/jail_owner\"\n    # users outside the jail will not be in \/etc\/passwd => We need to check if $local_part is in \/jail_owner\n    # we can't just check to see if they exist\n    # because we still want to be able to mail root\n    domains = +local_domains\n    transport = remote_smtp\n    route_list = \"* 127.0.0.1\"\n    # self = send allows us to send outside the jail\n    # we make sure \/home\/virtfs does not exist before we get here\n    # to be safe\n    self = send\n\n\n\n\n# The main routers handle traffic to the lists themselves and the suffixed ones\n# handle mail to administrative aliases.  We have to use a two step process\n# because otherwise mail to a list such as foo-admin@example.tld will not be\n# handled properly.\n\nmailman_virtual_router:\n    driver = accept\n    domains = !$primary_hostname : +local_domains\n    require_files = \/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc::$local_part}_${lc::$domain}\/config.pck : \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman\n    transport = mailman_virtual_transport\n\n\n\nmailman_virtual_router_suffixed:\n    driver = accept\n    require_files = \/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc::$local_part}_${lc::$domain}\/config.pck : \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman\n    domains = !$primary_hostname : +local_domains\n    local_part_suffix = -admin     : \\\n            -bounces   : -bounces+* : \\\n                        -confirm   : -confirm+* : \\\n            -join      : -leave     : \\\n            -owner     : -request   : \\\n            -subscribe : -unsubscribe\n    transport = mailman_virtual_transport\n\n\n\nmailman_virtual_router_nodns:\n    driver = accept\n    require_files = \/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc::$local_part}\/config.pck : \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman\n    condition    = \\\n           ${if or {{match{$local_part}{.*_.*}} \\\n                     {eq{$local_part}{mailman}}} \\\n                {1}{0}}\n    domains = $primary_hostname\n    transport = mailman_virtual_transport_nodns\n\n\n\nmailman_virtual_router_nodns_suffixed:\n    driver = accept\n    require_files = \/usr\/local\/cpanel\/3rdparty\/mailman\/lists\/${lc::$local_part}\/config.pck : \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman\n    condition    = \\\n           ${if or {{match{$local_part}{.*_.*}} \\\n                     {eq{$local_part}{mailman}}} \\\n                {1}{0}}\n    local_part_suffix = -admin     : \\\n            -bounces   : -bounces+* : \\\n                        -confirm   : -confirm+* : \\\n            -join      : -leave     : \\\n            -owner     : -request   : \\\n            -subscribe : -unsubscribe\n    domains = $primary_hostname\n    transport = mailman_virtual_transport_nodns\n\ndemocheck:\n    driver = redirect\n    require_files = \"+\/etc\/demouids\"\n    condition = ${if >= {$originator_uid}{100}{1}{0}}\n    condition = \"${extract{size}{${stat:\/etc\/demouids}}}\"\n    condition = \"${if eq {${lookup {$originator_uid} lsearch {\/etc\/demouids} {$value}}}{}{false}{true}}\"\n    allow_fail\n    data = :fail: demo accounts are not permitted to relay email\n\n\n\n# cPanel Mail Archiving is disabled\n\n\nsend_to_smart_host:\ndriver = manualroute\nroute_list = !+local_domains dedrelay.secureserver.net\ntransport = remote_smtp\n\n\n\n\n#\n# Handles identification of messages, nobody and webspam and mail trap checks\n# in check_mail_permissions and notifies if we are defering a message\n#\n\n\nboxtrapper_autowhitelist:\n  driver = accept\n  condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{\\N^e?smtps?a$\\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if eq{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$sender_ident}}}{0}}}}}}}}\n  require_files = \"+\/usr\/local\/cpanel\/bin\/boxtrapper\"\n  transport = boxtrapper_autowhitelist\n  no_verify\n  unseen\n\ncheck_mail_permissions:\n    domains = ! +local_domains\n    condition =  ${if eq {$authenticated_id}{root}{0}{1}}\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    driver = redirect\n    allow_filter\n    reply_transport = address_reply\n    user = mailnull\n    expn = false\n    condition = \"${perl{check_mail_permissions}}\"\n    data = \"${perl{check_mail_permissions_results}}\"\n\n\n#\n#  discover_sender_information is not included\n#  because from_rewrites are not enabled\n#\n\n\n#\n# If check_mail_permissions needs to defer or fail a message it is done here\n#\nenforce_mail_permissions:\n    domains = ! +local_domains\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    condition =  ${if eq {$authenticated_id}{root}{0}{1}}\n    driver = redirect\n    allow_fail\n    allow_defer\n    expn = false\n    condition = \"${perl{enforce_mail_permissions}}\"\n    data = \"${perl{enforce_mail_permissions_results}}\"\n\n#\n# Increments max emails per hour if needed\n#\nincrement_max_emails_per_hour_if_needed:\n    domains = ! +local_domains\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    condition =  ${if eq {$authenticated_id}{root}{0}{1}}\n    driver = redirect\n    allow_fail\n    no_verify\n    one_time\n    expn = false\n    condition = \"${perl{increment_max_emails_per_hour_if_needed}}\"\n    data = \":unknown:\"\n\n\n\n\n\n#\n#  reject_forwarded_mail_marked_as_spam is not included\n#  because no_forward_outbound_spam and no_forward_outbound_spam_over_int\n#  are both disabled\n#\n\n\n\n\n#\n# Lookup host router for remote smtp and ignores verisign site finder 'service'\n# This matches lookup exactly except we look for X-Precedence and Precedence so\n# we can determinte what is an auto responder message in the log.\n# Note: there is nothing to\n# prevent X-Precedence from being added to non-autoresponded messages so this is for\n# logging reasons only\n#\n# Note: Boxtrapper sets Precedence to auto_reply\n#\nautoreply_dkim_lookuphost:\n    driver = dnslookup\n    domains = ! +local_domains\n    condition = \"${if or {{match{$h_Precedence:}{auto}}{match{$h_X-Precedence:}{auto}}}{1}{0}}\"\n    #ignore verisign to prevent waste of bandwidth\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    require_files = \"+\/var\/cpanel\/domain_keys\/private\/${lc::${if eq {${perl{get_message_sender_domain}}}{-system-}{$sender_address_domain}{${perl{get_message_sender_domain}}}}}\"\n    headers_add = \"${perl{mailtrapheaders}}\"\n    transport = dkim_remote_smtp\n\n#\n# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys\n#\n\n\ndkim_lookuphost:\n    driver = dnslookup\n    domains = ! +local_domains\n    #ignore verisign to prevent waste of bandwidth\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    require_files = \"+\/var\/cpanel\/domain_keys\/private\/${lc::${if eq {${perl{get_message_sender_domain}}}{-system-}{$sender_address_domain}{${perl{get_message_sender_domain}}}}}\"\n    headers_add = \"${perl{mailtrapheaders}}\"\n    transport = dkim_remote_smtp\n\n#\n# Lookup host router for remote smtp and ignores verisign site finder 'service'\n# This matches lookup exactly except we look for X-Precedence and Precedence so\n# we can determinte what is an auto responder message in the log.\n# Note: there is nothing to\n# prevent X-Precedence from being added to non-autoresponded messages so this is for\n# logging reasons only\n#\n# Note: Boxtrapper sets Precedence to auto_reply\n#\n\n\nautoreply_lookuphost:\n    driver = dnslookup\n    domains = ! +local_domains\n    condition = \"${if or {{match{$h_Precedence:}{auto}}{match{$h_X-Precedence:}{auto}}}{1}{0}}\"\n    #ignore verisign to prevent waste of bandwidth\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    headers_add = \"${perl{mailtrapheaders}}\"\n    transport = remote_smtp\n\n#\n# Lookup host router for remote smtp and ignores verisign site finder 'service'\n#\n\n\nlookuphost:\n    driver = dnslookup\n    domains = ! +local_domains\n    #ignore verisign to prevent waste of bandwidth\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    headers_add = \"${perl{mailtrapheaders}}\"\n    transport = remote_smtp\n\n\n# This router routes to remote hosts over SMTP by explicit IP address,\n# given as a \"domain literal\" in the form [nnn.nnn.nnn.nnn]. The RFCs\n# require this facility, which is why it is enabled by default in Exim.\n# If you want to lock it out, set forbid_domain_literals in the main\n# configuration section above.\n\n\n#\n# Literal Transports .. ignores verisigns sitefinder service\n#\n\nliteral:\n    driver = ipliteral\n    domains = ! +local_domains\n    ignore_target_hosts = +loopback : 64.94.110.0\/24\n    headers_add = \"${perl{mailtrapheaders}}\"\n    transport = remote_smtp\n\n\n\n\n\n\n#!!# This new router is put here to fail all domains that\n#!!# were not in local_domains in the Exim 3 configuration.\n\n\n#\n# Trap Failures to Remote Domain\n#\n\nfail_remote_domains:\n  driver = redirect\n  domains = ! +local_domains : ! localhost : ! localhost.localdomain\n  allow_fail\n  data = \":fail: The mail server could not deliver mail to $local_part@$domain.  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.\"\n\n\n\n\n\n\n#!!#######################################################!!#\n#!!# Here follow routers created from the old directors, #!!#\n#!!# for handling local domains.                         #!!#\n#!!#######################################################!!#\n\n######################################################################\n#                      DIRECTORS CONFIGURATION                       #\n#             Specifies how local addresses are handled              #\n######################################################################\n#                          ORDER DOES MATTER                         #\n#   A local address is passed to each in turn until it is accepted.  #\n######################################################################\n\n# Local addresses are those with a domain that matches some item in the\n# \"local_domains\" setting above, or those which are passed back from the\n# routers because of a \"self=local\" setting (not used in this configuration).\n\n\n# This director handles aliasing using a traditional \/etc\/aliases file.\n# If any of your aliases expand to pipes or files, you will need to set\n# up a user and a group for these deliveries to run under. You can do\n# this by uncommenting the \"user\" option below (changing the user name\n# as appropriate) and adding a \"group\" option if necessary. Alternatively, you\n# can specify \"user\" on the transports that are used. Note that those\n# listed below are the same as are used for .forward files; you might want\n# to set up different ones for pipe and file deliveries from aliases.\n\n#spam_filter:\n#  driver = forwardfile\n#  file = \/etc\/spam.filter\n#  no_check_local_user\n#  no_verify\n#  filter\n#  allow_system_actions\n\n\n\n\n\n\n\n\n\n\n\n\n#\n# Account level filtering for everything but the main account\n#\n\ncentral_filter:\n    driver = redirect\n    allow_filter\n    allow_fail\n    forbid_filter_run\n    forbid_filter_perl\n    forbid_filter_lookup\n    forbid_filter_readfile\n    forbid_filter_readsocket\n    no_check_local_user\n    domains = !$primary_hostname\n    require_files = \"+\/etc\/vfilters\/${domain}\"\n    condition = \"${extract{size}{${stat:\/etc\/vfilters\/${domain}}}}\"\n    file = \/etc\/vfilters\/${domain}\n    file_transport = address_file\n    directory_transport = address_directory\n    pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}\n    reply_transport = address_reply\n    router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\n    user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n    no_verify\n\n\n\n#\n# Account level filtering for the main account\n#\n# checks \/etc\/vfilters\/maindomain if its a localuser (ie main acct)\n#\nmainacct_central_user_filter:\n    driver = redirect\n    allow_filter\n    allow_fail\n    forbid_filter_run\n    forbid_filter_perl\n    forbid_filter_lookup\n    forbid_filter_readfile\n    forbid_filter_readsocket\n    check_local_user\n    domains = $primary_hostname\n    condition = ${if eq {${lookup{$local_part}lsearch{\/etc\/domainusers}{$value}}}{}{0}{${if exists {\/etc\/vfilters\/${lookup{$local_part}lsearch{\/etc\/domainusers}{$value}}}{${extract{size}{${stat:\/etc\/vfilters\/${lookup{$local_part}lsearch{\/etc\/domainusers}{$value}}}}}}{0}}}}\n    file = \"\/etc\/vfilters\/${lookup{$local_part}lsearch{\/etc\/domainusers}{$value}}\"\n    directory_transport = address_directory\n    file_transport = address_file\n    pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{$local_part}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_address_pipe}{address_pipe}}}}\n    reply_transport = address_reply\n    user = $local_part\n    group = $local_part\n    retry_use_local_part\n    no_verify\n\n#\n# User Level Filtering for the main account\n#\n\n\ncentral_user_filter:\n    driver = redirect\n    allow_filter\n    allow_fail\n    forbid_filter_run\n    forbid_filter_perl\n    forbid_filter_lookup\n    forbid_filter_readfile\n    forbid_filter_readsocket\n    check_local_user\n    domains = $primary_hostname\n    require_files = \"+${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}\/etc\/filter\"\n    condition = \"${extract{size}{${stat:${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}\/etc\/filter}}}\"\n    file = \"${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}\/etc\/filter\"\n    router_home_directory = ${extract{5}{::}{${lookup passwd{$local_part}{$value}}}}\n    directory_transport = address_directory\n    file_transport = address_file\n    pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{$local_part}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_address_pipe}{address_pipe}}}}\n    reply_transport = address_reply\n    user = $local_part\n    group = $local_part\n    local_part_suffix = +*\n    local_part_suffix_optional\n    retry_use_local_part\n    no_verify\n\n#\n# User Level Filtering for virtual users\n#\n\n\nvirtual_user_filter:\n    driver = redirect\n    allow_filter\n    allow_fail\n    forbid_filter_run\n    forbid_filter_perl\n    forbid_filter_lookup\n    forbid_filter_readfile\n    forbid_filter_readsocket\n    no_check_local_user\n    domains = !$primary_hostname\n    require_files = \"+\/etc\/valiases\/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/etc\/$domain\/$local_part\/filter\"\n    router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\n    condition = \"${extract{size}{$home\/etc\/$domain\/$local_part\/filter}}}\"\n    file = \"$home\/etc\/$domain\/$local_part\/filter\"\n    directory_transport = address_directory\n    file_transport = address_file\n    pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}\n    reply_transport = address_reply\n    user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n    local_part_suffix = +*\n    local_part_suffix_optional\n    retry_use_local_part\n    no_verify\n\n\n\n\n\n\nvirtual_aliases_nostar:\n  driver = redirect\n  allow_defer\n  allow_fail\n  domains = !$primary_hostname\n  require_files = \"+\/etc\/valiases\/$domain\"\n  user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n  address_data = ${lookup{$local_part@$domain}lsearch{\/etc\/valiases\/$domain}}\n  data = $address_data\n  file_transport = address_file\n  pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}\n  retry_use_local_part\n  unseen\n\n\n\n#\n# virtual_user_overquota is disabled\n#\n# WHM \u00bb Service Configuration \u00bb Mailserver Configuration\n# Disk Quota Delivery Failure Response\n# is set to \"Defer delivery temporarily\" (defer)\n#\n\n\n\n\n\n\n\n#\n# Virtual User Spam Boxes\n#\n\nvirtual_user_spam:\n    driver = redirect\n    domains = !$primary_hostname\n    condition = ${if match{$h_X-Spam-Status:}{\\N^Yes\\N}{true}{false}}\n    require_files = \"+\/etc\/valiases\/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/mail\/$domain\/$local_part\"\n    headers_remove=\"x-uidl\"\n    data = \"${quote_local_part:$local_part}+spam@$domain\"\n    redirect_router = virtual_user\n\n\n\nvirtual_boxtrapper_user:\n  driver = accept\n  domains = !$primary_hostname\n  require_files = \"+\/etc\/valiases\/$domain:+\/usr\/local\/cpanel\/bin\/boxtrapper:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/etc\/$domain\/$local_part\/.boxtrapperenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/mail\/$domain\/$local_part\"\n  user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n  router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\n  headers_remove=\"x-uidl\"\n  transport = virtual_boxtrapper_userdelivery\n\nvirtual_user:\n  driver = accept\n  domains = !$primary_hostname\n  require_files = \"+\/etc\/valiases\/$domain:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\/mail\/$domain\/$local_part\"\n  router_home_directory = ${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}\n  headers_remove=\"x-uidl\"\n  local_part_suffix = +*\n  local_part_suffix_optional\n  user = mailnull\n  group = mail\n  transport = ${if forany {${addresses:$h_to:}:${addresses:$h_cc:}}{or {{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{$local_part@$domain}}{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{$original_local_part@$original_domain}}}}{dovecot_virtual_delivery}{dovecot_virtual_delivery_no_batch}}\n  #\n  # If the delivery address, original address (forwarded),\n  # or address with subaddress is shown on the To: or Cc:\n  # lines or the message has the List-Id: or Precedence:\n  # header we allow the message to be batched to\n  # dovecot LMTP via transport dovecot_virtual_delivery\n  #\n  # If it does match match the above we do not allow the message\n  # to be batched in order to ensure that the Envelope-To: header\n  # does not contain a user that was Bcc:ed so savvy recipients\n  # cannot see that another email was Bcc:ed in the header\n  # via transport dovecot_virtual_delivery_no_batch\n  #\n  # Note: match_address would be nice here but the second string\n  # is not expanded for security reasons\n  #\n\n\n\n\n#\n# has_alias_but_no_mailbox_discarded_to_prevent_loop required either of the following:\n#\n# 1. There is an active alias in the valias file\n# 2. There is an active autoresponder and the * is set to :fail:\n#\nhas_alias_but_no_mailbox_discarded_to_prevent_loop:\n        driver = redirect\n        domains = !$primary_hostname\n        require_files = \"+\/etc\/valiases\/$domain\"\n        condition = ${lookup{$local_part@$domain}lsearch{\/etc\/valiases\/$domain}{1}{0}}\n        condition = \"${if forany{<, ${lookup{$local_part@$domain}lsearch{\/etc\/valiases\/$domain}{$value}}}{!match{$item}{\\N\/autorespond\\N}}{1}{${if match {${lookup{\\N*\\N}lsearch{\/etc\/valiases\/$domain}{$value}}}{:fail:}{1}{0}}}}\"\n        data=\":blackhole:\"\n        local_part_suffix = +*\n        local_part_suffix_optional\n        disable_logging = true\n\n\n\n\n# srs is disabled\n\n\n\n\n\n\n\n\nvalias_domain_file:\n  driver = redirect\n  allow_defer\n  allow_fail\n  require_files = +\/etc\/vdomainaliases\/$domain\n  user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n  condition = ${lookup {$domain} lsearch {\/etc\/vdomainaliases\/$domain}{yes}{no} }\n  address_data = ${quote_local_part:$local_part}@${lookup {$domain} lsearch {\/etc\/vdomainaliases\/$domain} }\n  data = $address_data\n\nvirtual_aliases:\n    driver = redirect\n    allow_defer\n    allow_fail\n    domains = !$primary_hostname\n    require_files = \"+\/etc\/valiases\/$domain\"\n    user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n    address_data = ${lookup{*}lsearch{\/etc\/valiases\/$domain}}\n    data = $address_data\n    file_transport = address_file\n    pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}\n\n\n\n\n\n\n\n# This director handles forwarding using traditional .forward files.\n# If you want it also to allow mail filtering when a forward file\n# starts with the string \"# Exim filter\", uncomment the \"filter\" option.\n# The check_ancestor option means that if the forward file generates an\n# address that is an ancestor of the current one, the current one gets\n# passed on instead. This covers the case where A is aliased to B and B\n# has a .forward file pointing to A. The three transports specified at the\n# end are those that are used when forwarding generates a direct delivery\n# to a file, or to a pipe, or sets up an auto-reply, respectively.\n\nsystem_aliases:\n  driver = redirect\n  allow_defer\n  allow_fail\n  domains = $primary_hostname : localhost\n  address_data = ${lookup{$local_part}lsearch{\/etc\/aliases}}\n  data = $address_data\n  file_transport = address_file\n  pipe_transport = address_pipe\n# user = exim\n\n\nlocal_aliases:\n  driver = redirect\n  allow_defer\n  allow_fail\n  domains = $primary_hostname : localhost\n  address_data = ${lookup{$local_part}lsearch{\/etc\/localaliases}}\n  data = $address_data\n  file_transport = address_file\n  pipe_transport = address_pipe\n  check_local_user\n\n\n\n\n\nuserforward:\n  driver = redirect\n  allow_filter\n  allow_fail\n  forbid_filter_run\n  forbid_filter_perl\n  forbid_filter_lookup\n  forbid_filter_readfile\n  forbid_filter_readsocket\n  check_ancestor\n  check_local_user\n  domains = $primary_hostname\n  no_expn\n  require_files = \"+$home\/.forward\"\n  condition = \"${extract{size}{${stat:$home\/.forward}}}\"\n  file = $home\/.forward\n  file_transport = address_file\n  pipe_transport = ${if forall{\/bin\/cagefs_enter:\/usr\/sbin\/cagefsctl}{exists{$item}}{cagefs_address_pipe}{${if match{${extract{6}{:}{${lookup passwd{$local_part}{$value}}}}}{\\N(jail|no)shell\\N}{jailed_address_pipe}{address_pipe}}}}\n  reply_transport = address_reply\n  directory_transport = address_directory\n  user = $local_part\n  group = $local_part\n  no_verify\n\n\n\n\n# srs is disabled\n\n\n\n\n\n\nlocaluser_root:\n    driver = redirect\n    allow_fail\n    domains = $primary_hostname : localhost\n    check_local_user\n    condition = ${if eq {$local_part}{root}}\n    data = :fail: root cannot accept local mail deliveries\n\n\n\n#\n# localuser_overquota is disabled\n#\n# WHM \u00bb Service Configuration \u00bb Mailserver Configuration\n# Disk Quota Delivery Failure Response\n# is set to \"Defer delivery temporarily\" (defer)\n#\n\n\n#\n# Optimized spambox router\n#\n\nlocaluser_spam:\n    driver = redirect\n    domains = $primary_hostname\n    require_files = \"+$home\/.spamassassinboxenable\"\n    condition = ${if match{$h_X-Spam-Status:}{\\N^Yes\\N}{true}{false}}\n# sets home,user,group\n    check_local_user\n    headers_remove=\"x-uidl\"\n    data = \"${quote_local_part:$local_part}+spam\"\n    redirect_router = localuser\n\n\n\n\nboxtrapper_localuser:\n  driver = accept\n  require_files = \"+\/usr\/local\/cpanel\/bin\/boxtrapper:+$home\/etc\/.boxtrapperenable\"\n  check_local_user\n  domains = $primary_hostname\n  transport = local_boxtrapper_delivery\n\nlocaluser:\n    driver = accept\n# sets home,user,group\n    check_local_user\n    domains = $primary_hostname\n    headers_remove=\"x-uidl\"\n    local_part_suffix = +*\n    local_part_suffix_optional\n    user = mailnull\n    group = mail\n    transport = ${if forany {${addresses:$h_to:}:${addresses:$h_cc:}}{or {{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{$local_part@$domain}}{eqi{${extract{1}{+}{${local_part:$item}}}@${domain:$item}}{$original_local_part@$original_domain}}}}{dovecot_delivery}{dovecot_delivery_no_batch}}\n    #\n    # If the delivery address, original address (forwarded),\n    # or address with subaddress is shown on the To: or Cc:\n    # lines or the message has the List-Id: or Precedence:\n    # header we allow the message to be batched to\n    # dovecot LMTP via transport dovecot_virtual_delivery\n    #\n    # If it does match match the above we do not allow the message\n    # to be batched in order to ensure that the Envelope-To: header\n    # does not contain a user that was Bcc:ed so savvy recipients\n    # cannot see that another email was Bcc:ed in the header\n    # via transport dovecot_virtual_delivery_no_batch\n    #\n    # Note: match_address would be nice here but the second string\n    # is not expanded for security reasons\n    #\n\n# This director matches local user mailboxes.\n\n\n\n\n\n\n\n######################################################################\n#                      TRANSPORTS CONFIGURATION                      #\n######################################################################\n#                       ORDER DOES NOT MATTER                        #\n#     Only one appropriate transport is called for each delivery.    #\n######################################################################\n\n# A transport is used only when referenced from a director or a router that\n# successfully handles an address.\n\n\n# This transport is used for delivering messages over SMTP connections.\n\nbegin transports\n\n\n\n\n\n\nmailman_virtual_transport:\n    driver = pipe\n    command = \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman \\\n              '${if def:local_part_suffix \\\n                    {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} \\\n                    {post}}' \\\n              ${lc:$local_part}_${lc:$domain}\n    current_directory = \/usr\/local\/cpanel\/3rdparty\/mailman\n    home_directory = \/usr\/local\/cpanel\/3rdparty\/mailman\n    user = mailman\n    group = mailman\n\n\n\n\nmailman_virtual_transport_nodns:\n    driver = pipe\n    command = \/usr\/local\/cpanel\/3rdparty\/mailman\/mail\/mailman \\\n              '${if def:local_part_suffix \\\n                    {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} \\\n                    {post}}' \\\n              ${lc:$local_part}\n    current_directory = \/usr\/local\/cpanel\/3rdparty\/mailman\n    home_directory = \/usr\/local\/cpanel\/3rdparty\/mailman\n    user = mailman\n    group = mailman\n\n\nremote_smtp:\n  driver = smtp\n  interface = <; ${if > {${extract{size}{${stat:\/etc\/mailips}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{\/etc\/mailips}{$value}{${lookup{${lc:$original_domain}}lsearch{\/etc\/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{\/etc\/mailips}{$value}{}}}}}}}}\n  helo_data = ${if > {${extract{size}{${stat:\/etc\/mailhelo}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{\/etc\/mailhelo}{$value}{${lookup{${lc:$original_domain}}lsearch{\/etc\/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{\/etc\/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}\n  hosts_try_chunking = 198.51.100.1\n\n\n\ndkim_remote_smtp:\n  driver = smtp\n  interface = <; ${if > {${extract{size}{${stat:\/etc\/mailips}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{\/etc\/mailips}{$value}{${lookup{${lc:$original_domain}}lsearch{\/etc\/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{\/etc\/mailips}{$value}{}}}}}}}}\n  helo_data = ${if > {${extract{size}{${stat:\/etc\/mailhelo}}}}{0}{${lookup{${lc:${perl{get_message_sender_domain}}}}lsearch{\/etc\/mailhelo}{$value}{${lookup{${lc:$original_domain}}lsearch{\/etc\/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{\/etc\/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}\n  dkim_domain = ${lc::${if eq {${perl{get_message_sender_domain}}}{-system-}{$sender_address_domain}{${perl{get_message_sender_domain}}}}}\n  dkim_selector = default\n  dkim_private_key = \"\/var\/cpanel\/domain_keys\/private\/${dkim_domain}\"\n  dkim_canon = relaxed\n  hosts_try_chunking = 198.51.100.1\n\n\n\n# This transport is used for local delivery to user mailboxes. By default\n# it will be run under the uid and gid of the local user, and requires\n# the sticky bit to be set on the \/var\/mail directory. Some systems use\n# the alternative approach of running mail deliveries under a particular\n# group instead of using the sticky bit. The commented options below show\n# how this can be done.\n\n\n\n\n\n\n# This transport is used for handling pipe deliveries generated by alias\n# or .forward files. If the pipe generates any standard output, it is returned\n# to the sender of the message as a delivery error. Set return_fail_output\n# instead of return_output if you want this to happen only when the pipe fails\n# to complete normally. You can set different transports for aliases and\n# forwards if you want to - see the references to address_pipe below.\n\n\naddress_directory:\n  driver = pipe\n  command = \/usr\/libexec\/dovecot\/dovecot-lda -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}\n  message_prefix =\n  message_suffix =\n  log_output\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78\n\naddress_pipe:\n  driver = pipe\n  return_output\n\nvirtual_address_pipe:\n  driver = pipe\n  return_output\n\njailed_address_pipe:\n  driver = pipe\n  force_command\n  command = \/usr\/local\/cpanel\/bin\/jailexec $address_pipe\n  return_output\n\njailed_virtual_address_pipe:\n  driver = pipe\n  force_command\n  command = \/usr\/local\/cpanel\/bin\/jailexec $address_pipe\n  return_output\n\ncagefs_address_pipe:\n  driver = pipe\n  force_command\n  command = \/bin\/cagefs_enter $address_pipe\n  return_output\n\ncagefs_virtual_address_pipe:\n  driver = pipe\n  force_command\n  command = \/bin\/cagefs_enter $address_pipe\n  return_output\n\n\n# This transport is used for handling deliveries directly to files that are\n# generated by aliassing or forwarding.\n\n\naddress_file:\n  driver = pipe\n  command = \/usr\/libexec\/dovecot\/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}\n  message_prefix =\n  message_suffix =\n  log_output\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78\n\n\n# For email with a bcc:\ndovecot_delivery_no_batch:\n  driver = lmtp\n  socket = \/var\/run\/dovecot\/lmtp\n  batch_max = 1\n  rcpt_include_affixes\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n\n# For email with a bcc:\ndovecot_virtual_delivery_no_batch:\n  driver = lmtp\n  socket = \/var\/run\/dovecot\/lmtp\n  batch_max = 1\n  rcpt_include_affixes\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n\n\n\nboxtrapper_autowhitelist:\n  driver = pipe\n  headers_only\n  command = \/usr\/local\/cpanel\/bin\/boxtrapper --autowhitelist \"${authenticated_id}\"\n  user = ${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}\n  group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}}{$value}}}}\n  log_output = true\n  current_directory = \"\/tmp\"\n  return_fail_output = true\n  return_path_add = false\n  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78\n\n\n\nlocal_boxtrapper_delivery:\n  driver = pipe\n  command = \/usr\/local\/cpanel\/bin\/boxtrapper \"${local_part}\" $home\n  user = $local_part\n  group = ${extract{3}{:}{${lookup passwd{$local_part}{$value}}}}\n  log_output = true\n  current_directory = \"\/tmp\"\n  return_fail_output = true\n  return_path_add = false\n  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78\n\n\n\nvirtual_boxtrapper_userdelivery:\n  driver = pipe\n  command = \/usr\/local\/cpanel\/bin\/boxtrapper \"${local_part}@${domain}\" $home\n  user = \"${lookup{$domain}lsearch{\/etc\/userdomains}{$value}}\"\n  log_output = true\n  current_directory = \"\/tmp\"\n  return_fail_output = true\n  return_path_add = false\n  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78\n\ndovecot_delivery:\n  driver = lmtp\n  socket = \/var\/run\/dovecot\/lmtp\n  batch_max = 200\n  rcpt_include_affixes\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n\ndovecot_virtual_delivery:\n  driver = lmtp\n  socket = \/var\/run\/dovecot\/lmtp\n  batch_max = 200\n  rcpt_include_affixes\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n\naddress_reply:\n  driver = autoreply\n\n\n\n# cPanel Mail Archiving is disabled\n\n\n\n\n\n\n\n\n\n######################################################################\n#                      RETRY CONFIGURATION                           #\n######################################################################\n\n# This single retry rule applies to all domains and all errors. It specifies\n# retries every 15 minutes for 2 hours, then increasing retry intervals,\n# starting at 1 hour and increasing each time by a factor of 1.5, up to 16\n# hours, then retries every 8 hours until 4 days have passed since the first\n# failed delivery.\n\n# Domain               Error       Retries\n# ------               -----       -------\n\n\nbegin retry\n\n\n\n\n+secondarymx           *           F,4h,5m; G,16h,1h,1.5; F,4d,8h\n*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h\n\n\n\n\n# End of Exim 4 configuration"}