exim-forwarder/snippets/exim4.conf

domainlist forward_domains = lsearch;/etc/exim4/forward_domains

tls_advertise_hosts = *


acl_smtp_connect = acl_connect
acl_smtp_helo = acl_helo
acl_smtp_rcpt = acl_rcpt
acl_smtp_data = acl_data

begin acl

acl_connect:
  deny message = Reverse DNS required
       !verify = reverse_host_lookup
  accept

acl_helo:
  deny message = Invalid HELO/EHLO name
       condition = ${if match{$sender_helo_name}{\N^(localhost|localhost\.localdomain|\[?[0-9]{1,3}(\.[0-9]{1,3}){3}\]?)$\N}{yes}{no}}
   accept

acl_rcpt:
  require verify = recipient

  # SPF check
  deny  message = Access denied (1)
        spf = fail

  # Greylisting
  defer message = Try again later
        !seen = 72h / key=${sender_address}_${local_part}@${domain}

  # Rate limit
  deny  message = Access denied (2)
        ratelimit = 10 / 10m / strict

  accept condition = ${if match_domain{$domain}{+forward_domains}{yes}{no}}

  deny  message = Access denied (x)

acl_data:
  warn  dkim_status = invalid
        add_header = X-DKIM-Status: invalid
  warn  dkim_status = pass
        add_header = X-DKIM-Status: pass

  accept


begin routers

forward_aliases:
  driver  = redirect
  domains = +forward_domains
  data    = ${lookup{$local_part@$domain}lsearch{/etc/exim4/forward_addresses}}
  no_expn
  allow_defer
  allow_fail

dnslookup_out:
  driver    = dnslookup
  domains   = ! +forward_domains
  transport = remote_smtp
  no_more


begin transports

remote_smtp:
  driver = smtp
  hosts_require_tls = *