Fix CVE-2016-1531
[users/jgh/exim.git] / test / confs / 0001
1 # Exim test configuration 0001
2
3 # This configuration sets every option that is not dependent on optional code
4 # in the binary, except for exim_user and exim_group, because setting them can
5 # mess up the creation of the spool directory etc.
6
7 exim_path = EXIM_PATH
8 keep_environment =
9 host_lookup_order = bydns
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15
16 no_accept_8bitmime
17 acl_not_smtp = check_local_message
18 acl_smtp_auth = check_auth
19 acl_smtp_connect = check_connect
20 acl_smtp_data = check_message
21 acl_smtp_etrn = check_etrn
22 acl_smtp_expn = check_expn
23 acl_smtp_helo = check_helo
24 acl_smtp_mail = check_mail
25 acl_smtp_mailauth = check_mailauth
26 acl_smtp_quit = check_quit
27 acl_smtp_predata = check_predata
28 acl_smtp_rcpt = check_recipient
29 acl_smtp_vrfy = check_vrfy
30 admin_groups = 1234
31 allow_mx_to_ip
32 allow_utf8_domains
33 auth_advertise_hosts = a.a.h
34 auto_thaw = 1d
35 bi_command =
36 bounce_message_file =
37 bounce_message_text =
38 bounce_return_body = false
39 no_bounce_return_message
40 return_size_limit = 12K
41 bounce_return_size_limit = 10K
42 bounce_return_linesize_limit = 997
43 callout_domain_negative_expire = 1h
44 callout_domain_positive_expire = 1d
45 callout_negative_expire = 5h
46 callout_positive_expire = 1w
47 callout_random_local_part = xxx\
48                             xx
49 check_log_inodes = 0
50 check_log_space = 0
51 check_spool_inodes = 0
52 check_spool_space = 0
53 daemon_smtp_port =
54 daemon_smtp_ports =
55 daemon_startup_retries = 3
56 daemon_startup_sleep = 8s
57 delay_warning = 1d
58 delay_warning_condition = ${if match{$h_precedence:}{(?i)bulk|list}{no}{yes}}
59 deliver_drop_privilege
60 deliver_queue_load_max = 6.2
61 delivery_date_remove
62 dns_again_means_nonexist = *.esri.com:jeni.com
63 dns_check_names_pattern = ^.*$
64 dns_ipv4_lookup = *
65 dns_retrans = 0s
66 dns_retry = 0
67 drop_cr
68 envelope_to_remove
69 errors_copy =
70 errors_reply_to = postmaster@cam.ac.uk
71 extra_local_interfaces = 1.2.3.4
72 no_extract_addresses_remove_arguments
73 finduser_retries = 0
74 allow_domain_literals
75 freeze_tell = postmaster
76 headers_charset = UTF-8
77 header_maxsize = 2M
78 header_line_maxsize = 2K
79 helo_accept_junk_hosts =
80 helo_allow_chars = _
81 helo_lookup_domains =
82 helo_verify_hosts = localhost
83 helo_try_verify_hosts = 1.2.3.4
84 hold_domains =
85 host_lookup = a.b.c.d
86 host_reject_connection = 10.9.8.7
87 hosts_connection_nolog = 127.0.0.1
88 hosts_treat_as_local =
89 ignore_bounce_errors_after = 2m
90 ignore_fromline_hosts = a.b.c.d
91 ignore_fromline_local
92 keep_malformed = 4d
93 no_local_from_check
94 local_from_prefix = *-
95 local_from_suffix = =*
96 local_interfaces =
97 local_scan_timeout = 10s
98 local_sender_retain
99 localhost_number = "3 "
100 log_selector =  \
101               +address_rewrite \
102               -all \
103               +all_parents \
104               +arguments \
105               -connection_reject \
106               -delay_delivery \
107               +incoming_interface \
108               +incoming_port \
109               +lost_incoming_connection \
110               -queue_run \
111               +received_recipients \
112               +received_sender \
113               -retry_defer \
114               +return_path_on_delivery \
115               +sender_on_delivery \
116               +size_reject \
117               -skip_delivery \
118               +smtp_confirmation \
119               +smtp_connection \
120               +smtp_syntax_error \
121               +subject \
122               +tls_cipher \
123               +tls_peerdn
124 log_timezone
125 lookup_open_max = 16
126 max_username_length = 8
127 message_body_visible = 500
128 message_id_header_domain = a.b.c
129 message_id_header_text = x.y.z
130 no_message_logs
131 message_size_limit = 500K
132 mua_wrapper
133 never_users = root:0
134 percent_hack_domains =
135 pipelining_advertise_hosts = *.b.c
136 pid_file_path = /some/thing
137 no_preserve_message_logs
138 primary_hostname = some.host.name
139 no_print_topbitchars
140 process_log_path = /a/b/c/d
141 prod_requires_admin
142 qualify_domain = some.dom.ain
143 qualify_recipient = some.dom.ain
144 queue_domains = a.b.c
145 queue_list_requires_admin
146 no_queue_only
147 no_queue_only_override
148 queue_only_file = /var/spool/exim/queue_only
149 queue_only_load = 8.2
150 no_queue_run_in_order
151 queue_run_max = 5
152 queue_smtp_domains = x.y.z
153 receive_timeout = 0s
154 received_header_text = Received: ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}{${if def:sender_ident {from ${sender_ident} }}${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}by ${primary_hostname} ${if def:received_protocol {with ${received_protocol}}} (Exim ${version_number} #${compile_number})\n\tid ${message_id}${if def:received_for {\n\tfor $received_for}}
155 received_headers_max = 30
156 recipient_unqualified_hosts = localhost:some.host.name
157 recipients_max = 0
158 no_recipients_max_reject
159 remote_max_parallel = 1
160 remote_sort_domains =
161 retry_data_expire = 24h
162 retry_interval_max = 3d
163 return_path_remove
164 rfc1413_hosts =
165 sender_unqualified_hosts = localhost:some.host.name
166 smtp_accept_keepalive
167 smtp_accept_max = 20
168 smtp_accept_max_nonmail = 40
169 smtp_accept_max_nonmail_hosts = !       *.b.c
170 smtp_accept_max_per_connection = 20
171 smtp_accept_max_per_host = 4
172 smtp_accept_queue = 0
173 smtp_accept_queue_per_connection = 10
174 smtp_active_hostname = x.y.z
175 no_smtp_enforce_sync
176 smtp_max_synprot_errors = 11
177 smtp_max_unknown_commands = 10
178 smtp_ratelimit_hosts = *
179 smtp_ratelimit_mail = 1, 1s, 2, 10s
180 smtp_ratelimit_rcpt = 10, 2s, 5, 5m
181 smtp_accept_reserve = 0
182 smtp_banner = ${primary_hostname} ESMTP Exim ${version_number} #${compile_number} ${tod_full}
183 smtp_check_spool_space
184 smtp_connect_backlog = 5
185 smtp_etrn_command =
186 smtp_etrn_serialize
187 smtp_load_reserve = 2
188 smtp_receive_timeout = 1m
189 smtp_reserve_hosts =
190 smtp_return_error_details
191 no_split_spool_directory
192 no_strip_excess_angle_brackets
193 no_strip_trailing_dot
194 no_syslog_duplication
195 syslog_facility = uucp
196 syslog_processname = mta-exim
197 no_syslog_timestamp
198 system_filter = /home/exim/test/filter
199 system_filter_directory_transport =
200 system_filter_file_transport =
201 system_filter_group = mail
202 system_filter_pipe_transport =
203 system_filter_reply_transport =
204 system_filter_user = 99
205 tcp_nodelay = false
206 timeout_frozen_after = 7d
207 timezone = EDT
208 tls_advertise_hosts =
209 trusted_groups = 42
210 trusted_users = ${readfile{DIR/aux-fixed/TESTNUM.trusted}{:}}
211 unknown_login = unknownlogin
212 unknown_username = Exim Testing
213 untrusted_set_sender = *
214 uucp_from_pattern = ^From\s+(\S+)\s+(?:[a-zA-Z]{3},?\s+)?(?:[a-zA-Z]{3}\s+\d?\d|\d?\d\s+[a-zA-Z]{3}\s+\d\d(?:\d\d)?)\s+\d\d?:\d\d?
215 uucp_from_sender = $1
216 warn_message_file = /home/exim/test/warnmsg_file
217 write_rejectlog = false
218
219
220 # ----- Routers -----
221
222 begin routers
223
224 # The manualroute router
225
226 manualroute:
227   driver = manualroute
228   address_data = domainlist address data
229   cannot_route_message = can't route this address
230   caseful_local_part
231   condition =
232   debug_print =
233   disable_logging
234   domains =
235   errors_to =
236   no_fail_verify_recipient
237   no_fail_verify_sender
238   fallback_hosts = localhost
239   group = mail
240   headers_add =
241   headers_remove =
242   host_find_failed = freeze
243   hosts_randomize
244   no_initgroups
245   local_parts =
246   more
247   no_pass_on_timeout
248   pass_router = manualroute2
249   redirect_router = manualroute2
250   require_files =
251   route_data = ${lookup{$local_part}lsearch{/}}
252   router_home_directory = /usr
253   self = freeze
254   senders =
255   transport = smtp
256   no_unseen
257   user = root
258   no_verify_only
259   verify_recipient
260   verify_sender
261
262 # Manualroute2 router, for mutually exclusive options
263
264 manualroute2:
265   driver = manualroute
266   domains = ! +local_domains
267   route_list = ^fax(\.cl(\.cam(\.ac\.uk)?)?)?$ cl.cam.ac.uk; \
268                *.uucp  britain.eu.net
269
270 # The redirect router, in "alias" mode
271
272 alias:
273   driver = redirect
274   address_data = aliasfile address data
275   allow_fail
276   allow_freeze
277   caseful_local_part
278   no_check_ancestor
279   condition =
280   data = ${lookup{$local_part}lsearch{/etc/aliases}}
281   debug_print =
282   directory_transport = dummy
283   domains =
284   errors_to =
285   expn
286   no_fail_verify_recipient
287   no_fail_verify_sender
288   fallback_hosts =
289   file_transport = dummy
290   forbid_blackhole
291   no_forbid_file
292   forbid_include
293   no_forbid_pipe
294   group = 100
295   headers_add =
296   headers_remove =
297   hide_child_in_errmsg
298   include_directory = /i/n/c
299   no_initgroups
300   local_part_prefix =
301   no_local_part_prefix_optional
302   local_part_suffix =
303   no_local_part_suffix_optional
304   local_parts =
305   more
306   no_one_time
307   pipe_transport = dummy
308   no_qualify_preserve_domain
309   no_repeat_use
310   qualify_domain = xxxx
311   redirect_router = aliasfile2
312   require_files =
313   retry_use_local_part
314   no_rewrite
315   senders =
316   sieve_vacation_directory = /thing/thong
317   sieve_subaddress = rhubarb
318   sieve_useraddress = custard
319   no_skip_syntax_errors
320   syntax_errors_to =
321   transport_current_directory =
322   transport_home_directory =
323   no_unseen
324   user = 100
325   no_verify_only
326   verify_recipient
327   verify_sender
328
329 # Aliasfile2 for mutually exclusive options
330
331 aliasfile2:
332   driver = redirect
333   allow_defer
334   caseful_local_part
335   check_group
336   check_owner
337   file = /some/file
338   retry_use_local_part
339
340 # The redirect router in "forward" mode
341
342 forward:
343   driver = redirect
344   allow_filter
345   forbid_exim_filter
346   forbid_sieve_filter
347   caseful_local_part
348   check_ancestor
349   check_local_user
350   condition =
351   debug_print =
352   directory_transport = dummy
353   domains =
354   errors_to =
355   expn
356   no_fail_verify_recipient
357   no_fail_verify_sender
358   fallback_hosts =
359   file = //.forward2
360   file_transport = dummy
361   no_forbid_file
362   forbid_blackhole
363   forbid_filter_existstest
364   no_forbid_filter_logwrite
365   forbid_filter_dlfunc
366   forbid_filter_lookup
367   forbid_filter_readfile
368   forbid_filter_readsocket
369   forbid_filter_reply
370   forbid_filter_run
371   no_forbid_include
372   no_forbid_pipe
373   group = mail
374   headers_add =
375   headers_remove =
376   hide_child_in_errmsg
377   no_ignore_eacces
378   no_ignore_enotdir
379   no_initgroups
380   local_part_prefix = xxx-
381   local_part_prefix_optional
382   local_part_suffix =
383   no_local_part_suffix_optional
384   local_parts =
385   modemask = 022
386   more
387   no_one_time
388   owners = root
389   owngroups = mail
390   pipe_transport = dummy
391   no_qualify_preserve_domain
392   redirect_router = aliasfile2
393   reply_transport = dummy
394   require_files =
395   rewrite
396   senders =
397   no_skip_syntax_errors
398   syntax_errors_text = rhubarb
399   syntax_errors_to =
400   transport_current_directory =
401   transport_home_directory =
402   no_unseen
403   user = root
404   no_verify_only
405   no_verify_recipient
406   no_verify_sender
407
408 # The accept router
409
410 localuser:
411   driver = accept
412   no_address_test
413   caseful_local_part
414   check_local_user
415   condition =
416   debug_print =
417   domains =
418   errors_to =
419   expn
420   no_fail_verify_recipient
421   no_fail_verify_sender
422   fallback_hosts =
423   group = mail
424   headers_add = X-added: by localuser
425   headers_remove =
426   no_initgroups
427   local_part_prefix =
428   no_local_part_prefix_optional
429   local_part_suffix =
430   no_local_part_suffix_optional
431   local_parts =
432   no_log_as_local
433   more
434   redirect_router = smartuser
435   require_files =
436   senders =
437   transport = ${if eq{$local_part}{caller}{local_mbx_delivery}{local_delivery}}
438   transport_current_directory =
439   transport_home_directory =
440   no_unseen
441   user = 99
442   no_verify_only
443   verify_recipient
444   verify_sender
445
446 # The redirect router in "smartuser" mode
447
448 smartuser:
449   driver = redirect
450   caseful_local_part
451   condition =
452   data = user@domain
453   debug_print =
454   domains =
455   errors_to =
456   expn
457   no_fail_verify_recipient
458   no_fail_verify_sender
459   fallback_hosts =
460   file_transport = dummy
461   forbid_file
462   forbid_pipe
463   group = mail
464   headers_add =
465   headers_remove =
466   hide_child_in_errmsg
467   no_initgroups
468   local_part_prefix =
469   no_local_part_prefix_optional
470   local_part_suffix =
471   no_local_part_suffix_optional
472   local_parts = abcd
473   log_as_local
474   more
475   pipe_transport = dummy
476   qualify_preserve_domain
477   redirect_router = localuser
478   require_files =
479   retry_use_local_part
480   no_rewrite
481   senders =
482   no_unseen
483   user = root
484   no_verify_only
485   verify_recipient
486   verify_sender
487
488
489 # ----- Transports -----
490
491 # Dummy transport, to refer back to
492
493 begin transports
494
495 dummy:
496   driver = pipe
497   disable_logging
498
499 # Appendfile Transport
500
501 appendfile:
502   driver = appendfile
503   allow_fifo
504   no_allow_symlink
505   batch_max = 100
506   batch_id = rhubarb
507   body_only
508   no_check_group
509   no_check_owner
510   check_string = abcd
511   create_directory
512   create_file = anywhere
513   current_directory =
514   debug_print =
515   delivery_date_add
516   directory_mode = 0700
517   envelope_to_add
518   escape_string = xyz
519   file = /home/$local_part/inbox
520   file_format = "From : appendfile"
521   no_file_must_exist
522   group = mail
523   headers_add = X-original-domain: $original_domain\nX-original-localp: $original_local_part
524   headers_remove =
525   headers_rewrite = a@b c@d
526   lock_fcntl_timeout = 10s
527   lock_interval = 3s
528   lock_retries = 10
529   lockfile_mode = 0600
530   lockfile_timeout = 30m
531   mailbox_size = 1000
532   mailbox_filecount = 9999
533   message_size_limit = 1M
534   mode = 0600
535   mode_fail_narrower
536   no_notify_comsat
537   message_prefix = From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}\n
538   quota =
539   no_quota_is_inclusive
540   quota_size_regex = (\d+)$
541   quota_warn_message = "A warning message"
542   quota_warn_threshold =
543   rcpt_include_affixes
544   retry_use_local_part
545   return_path = xxxx
546   return_path_add
547   shadow_condition = $h_return-receipt-to
548   shadow_transport = dummy
549   message_suffix = \n
550   transport_filter =
551   transport_filter_timeout = 10s
552   no_use_crlf
553   use_fcntl_lock
554   use_lockfile
555   user = root
556
557 # For options that are mutually exclusive with those above
558
559 appendfile2:
560   driver = appendfile
561   directory = /etc
562   directory_file = afilename
563   quota_directory = /some/directory
564   quota = 1M
565   quota_filecount = 10
566   use_bsmtp
567
568 # Ditto
569
570 appendfile4:
571   driver = appendfile
572   directory = /etc
573
574 # Smtp transport
575
576 smtp:
577   driver = smtp
578   authenticated_sender = abcde
579   authenticated_sender_force = true
580   no_allow_localhost
581   command_timeout = 5m
582   connect_timeout = 0s
583   connection_max_messages = 0
584   data_timeout = 5m
585   debug_print =
586   delay_after_cutoff
587   no_delivery_date_add
588   dns_qualify_single
589   no_dns_search_parents
590   no_envelope_to_add
591   fallback_hosts = localhost
592   final_timeout = 10m
593   no_gethostbyname
594   headers_add =
595   headers_remove =
596   helo_data = some.text
597   hosts = localhost
598   hosts_avoid_esmtp = x.y.z
599   hosts_max_try = 10
600   hosts_max_try_hardlimit = 20
601   hosts_override
602   hosts_randomize
603   hosts_require_auth = *
604   hosts_try_auth = *
605   interface = 127.0.0.1
606   max_rcpt = 0
607   multi_domain
608   port = 25
609   retry_include_ip_address
610   no_return_path_add
611   serialize_hosts =
612   size_addition = -1
613   transport_filter =
614
615 # End