domainlist forward_domains = lsearch;/etc/exim/db/forward_domains

primary_hostname = home.of.the.smiling-proxy.de

tls_advertise_hosts = *
tls_certificate = /etc/exim/ssl/server.crt
tls_privatekey = /etc/exim/ssl/server.key

log_file_path = /var/log/exim
log_selector  = -all
message_logs  = true


# acl_smtp_connect = acl_connect
acl_smtp_helo = acl_helo
acl_smtp_rcpt = acl_rcpt
acl_smtp_data = acl_data

begin acl

# acl_connect:
#   deny message = Reverse DNS required
#        !verify = reverse_host_lookup
#   accept

acl_helo:
  deny message = Invalid HELO/EHLO name
       condition = ${if match{$sender_helo_name}{\N^(localhost|localhost\.localdomain|\[?[0-9]{1,3}(\.[0-9]{1,3}){3}\]?)$\N}{yes}{no}}
   accept

acl_rcpt:
  # recipient verification
  deny  message = Access denied (1)
      !verify = recipient
  
  # SPF check
  deny  message = Access denied (2)
        spf = fail

  # Greylisting
  defer message = Try again later
        !seen = 72h / key=${sender_address}_${local_part}@${domain}

  # Rate limit
  deny  message = Access denied (3)
        ratelimit = 10 / 10m / strict

  accept condition = ${if match_domain{$domain}{+forward_domains}{yes}{no}}

  deny  message = Access denied (4)

acl_data:
  warn  dkim_status = invalid
        add_header = X-DKIM-Status: invalid
  warn  dkim_status = pass
        add_header = X-DKIM-Status: pass

  accept


begin routers

forward_aliases:
  driver  = redirect
  domains = +forward_domains
  data    = ${lookup{$local_part@$domain}lsearch{/etc/exim/db/forward_addresses}}
  no_expn
  allow_defer
  allow_fail

dnslookup_out:
  driver    = dnslookup
  domains   = ! +forward_domains
  transport = remote_smtp
  no_more


begin transports

remote_smtp:
  driver = smtp
  hosts_require_tls = *