p!ranha?

#!!# cPanel Exim 4 Config openssl_options = +no_sslv2 +no_sslv3 tls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS hostlist loopback = <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8 hostlist senderverifybypass_hosts = net-iplsearch;/etc/senderverifybypasshosts hostlist skipsmtpcheck_hosts = net-iplsearch;/etc/skipsmtpcheckhosts hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks hostlist blocked_incoming_email_country_ips = ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} } hostlist backupmx_hosts = lsearch;/etc/backupmxhosts hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts hostlist recent_authed_mail_ips = net-iplsearch;/etc/recent_authed_mail_ips hostlist neighbor_netblocks = net-iplsearch;/etc/neighbor_netblocks hostlist greylist_trusted_netblocks = net-iplsearch;/etc/greylist_trusted_netblocks hostlist greylist_common_mail_providers = net-iplsearch;/etc/greylist_common_mail_providers hostlist cpanel_mail_netblocks = net-iplsearch;/etc/cpanel_mail_netblocks hostlist recent_recipient_mail_server_ips = net-iplsearch;/etc/recent_recipient_mail_server_ips domainlist user_domains = ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail} domainlist local_domains = lsearch;/etc/localdomains domainlist secondarymx_domains = lsearch;/etc/secondarymx domainlist relay_domains = +local_domains : +secondarymx_domains domainlist blocked_domains = wildlsearch;/etc/blocked_incoming_email_domains domainlist manualmx_domains = ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} } localpartlist path_safe_localparts = \N^\.*[^./][^/]*$\N smtp_accept_queue_per_connection = 30 remote_max_parallel = 10 smtp_receive_timeout = 165s ignore_bounce_errors_after = 1d rfc1413_query_timeout = 0s timeout_frozen_after = 5d auto_thaw = 7d callout_domain_negative_expire = 1h callout_negative_expire = 1h acl_not_smtp = acl_not_smtp acl_not_smtp_mime = acl_not_smtp_mime acl_smtp_connect = acl_smtp_connect acl_smtp_data = acl_smtp_data acl_smtp_helo = acl_smtp_helo acl_smtp_mail = acl_smtp_mail acl_smtp_mime = acl_smtp_mime acl_smtp_quit = acl_smtp_quit acl_smtp_notquit = acl_smtp_notquit acl_smtp_rcpt = acl_smtp_rcpt message_body_newlines = true check_rfc2047_length = false keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin chunking_advertise_hosts = 198.51.100.1 deliver_queue_load_max = 6 queue_only_load = 12 daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 system_filter_user = cpaneleximfilter system_filter_group = cpaneleximfilter smtputf8_advertise_hosts = : timezone = UTC spamd_address = 127.0.0.1 783 retry=30s tmo=3m tls_certificate = ${if and \ { \ {gt{$tls_in_sni}{}} \ {!match{$tls_in_sni}{/}} \ } \ {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {/etc/exim.crt} \ }} \ }} \ {/etc/exim.crt} \ } tls_privatekey = ${if and \ { \ {gt{$tls_in_sni}{}} \ {!match{$tls_in_sni}{/}} \ } \ {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \ {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \ {/etc/exim.key} \ }} \ }} \ {/etc/exim.key} \ } # +incoming_port, +smtp_connection, +all_parents are needed for cPanel email tracking. # +retry_defer, +subject, +arguments, +received_recipients are suggested settings that may be disabled. log_selector = +incoming_port +smtp_connection +all_parents +retry_defer +subject +arguments +received_recipients system_filter = /etc/cpanel_exim_system_filter #!!# These options specify the Access Control Lists (ACLs) that #!!# are used for incoming SMTP messages - after the RCPT and DATA #!!# commands, respectively. #!!# This setting defines a named domain list called #!!# local_domains, created from the old options that #!!# referred to local domains. It will be referenced #!!# later on by the syntax "+local_domains". #!!# Other domain and host lists may follow. addresslist secondarymx = *@partial-lsearch;/etc/secondarymx ###################################################################### # Runtime configuration file for Exim # ###################################################################### # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML) are available from # the Exim ftp sites. The manual is also online via the Exim web sites. # This file is divided into several parts, all but the last of which are # terminated by a line containing the word "end". The parts must appear # in the correct order, and all must be present (even if some of them are # in fact empty). Blank lines, and lines starting with # are ignored. ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### perl_startup = do '/etc/exim.pl' #dns_retry = 1 #dns_retrans = 1s # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \ \#${compile_number} ${tod_full} \n\ We do not authorize the use of this system to transport unsolicited, \n\ and/or bulk e-mail." #nobody as the sender seems to annoy people untrusted_set_sender = * local_from_check = false split_spool_directory = yes smtp_connect_backlog = 50 smtp_accept_max = 100 # primary_hostname = # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character # followed by a domain. For example, "caesar@rome.ex" is a fully qualified # address, but the string "caesar" (i.e. just a login name) is an unqualified # email address. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. # qualify_domain = # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # Specify your local domains as a colon-separated list here. If this option # is not set (i.e. not mentioned in the configuration file), the # qualify_recipient value is used as the only local domain. If you do not want # to do any local deliveries, uncomment the following line, but do not supply # any data for it. This sets local_domains to an empty string, which is not # the same as not mentioning it at all. An empty string specifies that there # are no local domains; not setting it at all causes the default value (the # setting of qualify_recipient) to be used. #!!# message_filter renamed system_filter message_body_visible = 5000 # Specify a set of options to control the behavior of OpenSSL. The default is to # disable SSLv2 and SSLv3 due to weaknesses in these protocols. # If you want to accept mail addressed to your host's literal IP address, for # example, mail addressed to "user@[111.111.111.111]", then uncomment the # following line, or supply the literal domain(s) as part of "local_domains" # above. # local_domains_include_host_literals # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. never_users = root # The use of your host as a mail relay by any host, including the local host # calling its own SMTP port, is locked out by default. If you want to permit # relaying from the local host, you should set # # host_accept_relay = localhost # # If you want to permit relaying through your host from certain hosts or IP # networks, you need to set the option appropriately, for example # # # # If you are an MX backup or gateway of some kind for some domains, you must # set relay_domains to match those domains. This will allow any host to # relay through your host to those domains. # # See the section of the manual entitled "Control of relaying" for more # information. # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. #host_lookup = 0.0.0.0/0 # By default, Exim expects all envelope addresses to be fully qualified, that # is, they must contain both a local part and a domain. If you want to accept # unqualified addresses (just a local part) from certain hosts, you can specify # these hosts by setting one or both of # # receiver_unqualified_hosts = # sender_unqualified_hosts = # # to control sender and receiver addresses, respectively. When this is done, # unqualified addresses are qualified using the settings of qualify_domain # and/or qualify_recipient (see above). # Exim contains support for the Realtime Blocking List (RBL) that is being # maintained as part of the DNS. See http://maps.vix.com/rbl/ for background. # Uncommenting the first line below will make Exim reject mail from any # host whose IP address is blacklisted in the RBL at maps.vix.com. Some # others have followed the RBL lead and have produced other lists: DUL is # a list of dial-up addresses, and ORBS is a list of open relay systems. The # second line below checks all three lists. # rbl_domains = rbl.maps.vix.com # rbl_domains = rbl.maps.vix.com # If you want Exim to support the "percent hack" for all your local domains, # uncomment the following line. This is the feature by which mail addressed # to x%y@z (where z is one of your local domains) is locally rerouted to # x@y and sent on. Otherwise x%y is treated as an ordinary local part. # percent_hack_domains = * #sender_host_accept = +include_unknown:* #sender_host_reject = +include_unknown:lsearch*;/etc/spammers tls_advertise_hosts = * helo_accept_junk_hosts = * smtp_enforce_sync = false #!!#######################################################!!# #!!# This new section of the configuration contains ACLs #!!# #!!# (Access Control Lists) derived from the Exim 3 #!!# #!!# policy control options. #!!# #!!#######################################################!!# #!!# These ACLs are crudely constructed from Exim 3 options. #!!# They are almost certainly not optimal. You should study #!!# them and rewrite as necessary. begin acl ######################################################################################## # DO NOT ALTER THIS BLOCK ######################################################################################## # # cPanel Default ACL Template Version: 108.002 # Template: universal.dist # ######################################################################################## # DO NOT ALTER THIS BLOCK ######################################################################################## acl_not_smtp: #BEGIN ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK # BEGIN INSERT resolve_vhost_owner warn condition = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}} set acl_c_vhost_owner = ${perl{resolve_vhost_owner}} # END INSERT resolve_vhost_owner # BEGIN INSERT end_default_outgoing_notsmtp_checkall accept # END INSERT end_default_outgoing_notsmtp_checkall #END ACL-OUTGOING-NOTSMTP-CHECKALL-BLOCK #BEGIN ACL-NOT-SMTP-BLOCK #END ACL-NOT-SMTP-BLOCK acl_not_smtp_mime: #BEGIN ACL-NOT-SMTP-MIME-BLOCK # BEGIN INSERT disallowed_filenames_bl # Reject inbound mail with potentially dangerous attachments # Obfuscation of file names using parameter value continuation evades other filters, but not this one deny log_message = DENY: disallowed \"$mime_filename\" condition = ${if match \ {${lc:$mime_filename}} \ {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}} message = Attached file '$mime_filename' has disallowed extension. accept # END INSERT disallowed_filenames_bl #END ACL-NOT-SMTP-MIME-BLOCK acl_not_smtp_start: #BEGIN ACL-NOT-SMTP-START-BLOCK #END ACL-NOT-SMTP-START-BLOCK acl_smtp_auth: #BEGIN ACL-SMTP-AUTH-BLOCK #END ACL-SMTP-AUTH-BLOCK acl_smtp_connect: #BEGIN ACL-CONNECT-BLOCK # BEGIN INSERT blockedcountryips drop message = Your country is not allowed to connect to this server. log_message = Country is banned hosts = +blocked_incoming_email_country_ips # END INSERT blockedcountryips # BEGIN INSERT delay_unknown_hosts warn !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} delay = 20s # END INSERT delay_unknown_hosts # BEGIN INSERT ratelimit accept hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts accept hosts = +trustedmailhosts accept condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}} defer #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} message = The server has reached its limit for processing requests from your host. Please try again later. log_message = "Host is ratelimited ($sender_rate/$sender_rate_period max:$sender_rate_limit)" ratelimit = 1.2 / 1h / strict / per_conn / noupdate # END INSERT ratelimit # BEGIN INSERT slow_fail_block warn #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} # host had a success in the last hour ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_accept_$sender_host_address set acl_m4 = 1 defer #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} condition = ${if eq {${acl_m4}}{1}{0}{1}} log_message = "Host is ratelimited due to multiple failure only connections ($sender_rate/$sender_rate_period max:$sender_rate_limit)" ratelimit = 5 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address # END INSERT slow_fail_block # BEGIN INSERT spammerlist drop message = Your host is not allowed to connect to this server. log_message = Host is banned !hosts = : +skipsmtpcheck_hosts : +trustedmailhosts hosts = +spammeripblocks # END INSERT spammerlist #END ACL-CONNECT-BLOCK #BEGIN ACL-CONNECT-POST-BLOCK # BEGIN INSERT default_connect_post # do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config #acl_smtp_notquit is required for this to work (exim 4.68) accept # END INSERT default_connect_post #END ACL-CONNECT-POST-BLOCK acl_smtp_data: # exiscan only # exiscan only #BEGIN ACL-OUTGOING-SMTP-CHECKALL-BLOCK #END ACL-OUTGOING-SMTP-CHECKALL-BLOCK #BEGIN ACL-CHECK-MESSAGE-PRE-BLOCK # BEGIN INSERT default_check_message_pre # # Enabling this will make the server non-rfc compliant # require verify = header_sender # accept hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts accept authenticated = * hosts = * accept condition = ${extract \ {size} \ {${stat:/etc/trustedmailhosts}} \ } hosts = +trustedmailhosts accept condition = ${extract \ {size} \ {${stat:/etc/trustedmailhosts}} \ } condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}} # END INSERT default_check_message_pre #END ACL-CHECK-MESSAGE-PRE-BLOCK #BEGIN ACL-PRE-SPAM-SCAN # BEGIN INSERT mailproviders # Research in Motion - Blackberry white list accept condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}} # END INSERT mailproviders #END ACL-PRE-SPAM-SCAN #BEGIN ACL-SPAM-SCAN-BLOCK # BEGIN INSERT default_spam_scan warn # Remove spam headers from outside sources condition = ${perl{spamd_is_available}} !hosts = +skipsmtpcheck_hosts remove_header = x-spam-subject : x-spam-status : x-spam-score : x-spam-bar : x-spam-report : x-spam-flag : x-ham-report warn condition = ${perl{spamd_is_available}} condition = ${if eq {${acl_m0}}{1}{1}{0}} spam = ${acl_m1}/defer_ok # Always make sure cPanel support mail can get through !hosts = : +trustedmailhosts : +cpanel_mail_netblocks log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)" add_header = X-Spam-Subject: ***SPAM*** $rh_subject add_header = X-Spam-Status: Yes, score=$spam_score add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Spam-Report: ${sg{$spam_report}{\N\n \n\N}{\n}} add_header = X-Spam-Flag: YES set acl_m2 = 1 warn condition = ${perl{spamd_is_available}} condition = ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}} warn condition = ${perl{spamd_is_available}} condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}} add_header = X-Spam-Status: No, score=$spam_score add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Ham-Report: ${sg{$spam_report}{\N\n \n\N}{\n}} add_header = X-Spam-Flag: NO log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)" # END INSERT default_spam_scan #END ACL-SPAM-SCAN-BLOCK # exiscan only # exiscan only #BEGIN ACL-RATELIMIT-SPAM-BLOCK #END ACL-RATELIMIT-SPAM-BLOCK #BEGIN ACL-SPAM-BLOCK #END ACL-SPAM-BLOCK #BEGIN ACL-CHECK-MESSAGE-POST-BLOCK # BEGIN INSERT default_check_message_post accept # END INSERT default_check_message_post #END ACL-CHECK-MESSAGE-POST-BLOCK acl_smtp_etrn: #BEGIN ACL-SMTP-ETRN-BLOCK #END ACL-SMTP-ETRN-BLOCK acl_smtp_helo: #BEGIN ACL-SMTP-HELO-BLOCK #END ACL-SMTP-HELO-BLOCK #BEGIN ACL-SMTP-HELO-POST-BLOCK # BEGIN INSERT default_smtp_helo accept # END INSERT default_smtp_helo #END ACL-SMTP-HELO-POST-BLOCK acl_smtp_mail: #BEGIN ACL-MAIL-PRE-BLOCK # BEGIN INSERT default_mail_pre # ignore authenticated hosts accept authenticated = * warn condition = ${if match_ip{$sender_host_address}{+loopback}{${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}}}{0}} set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}} accept hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts # END INSERT default_mail_pre #END ACL-MAIL-PRE-BLOCK #BEGIN ACL-MAIL-BLOCK # BEGIN INSERT requirehelo deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL # END INSERT requirehelo # BEGIN INSERT requirehelonoforge drop # if ($sender_helo_name eq $primary_hostname) { # if (defined $interface_address) { # return is_loopback($interface_address) ? 0 : 1; #ok from localhost # } else { # return 0; #exim -bs # } # } else { # return 0; # } condition = ${if eq{${lc:$sender_helo_name}}{${lc:$primary_hostname}}{${if def:interface_address {${if match_ip{$interface_address}{+loopback}{0}{1}}}{0}}}{0}} message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]" drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = "REJECTED - Interface: $interface_address is _my_ address" # END INSERT requirehelonoforge # BEGIN INSERT requirehelosyntax drop condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) drop # Required because "[IPv6:<address>]" will have no .s condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) drop condition = ${if match{$sender_helo_name}{\N\.$\N}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) drop condition = ${if match{$sender_helo_name}{\N\.\.\N}} message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) # END INSERT requirehelosyntax #END ACL-MAIL-BLOCK #BEGIN ACL-MAIL-POST-BLOCK # BEGIN INSERT default_mail_post accept # END INSERT default_mail_post #END ACL-MAIL-POST-BLOCK acl_smtp_mailauth: #BEGIN ACL-SMTP-MAILAUTH-BLOCK #END ACL-SMTP-MAILAUTH-BLOCK acl_smtp_mime: #BEGIN ACL-SMTP-MIME-BLOCK # BEGIN INSERT disallowed_filenames_bl # Reject inbound mail with potentially dangerous attachments # Obfuscation of file names using parameter value continuation evades other filters, but not this one deny log_message = DENY: disallowed \"$mime_filename\" condition = ${if match \ {${lc:$mime_filename}} \ {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}} message = Attached file '$mime_filename' has disallowed extension. accept # END INSERT disallowed_filenames_bl #END ACL-SMTP-MIME-BLOCK acl_smtp_notquit: #BEGIN ACL-NOTQUIT-BLOCK # BEGIN INSERT ratelimit # ignore authenticated hosts accept authenticated = * accept hosts = : +recent_authed_mail_ips : +loopback : +backupmx_hosts warn #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}} log_message = "Connection Ratelimit - $sender_fullhost because of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period max:$sender_rate_limit)" ratelimit = 1.2 / 1h / strict / per_conn # END INSERT ratelimit #END ACL-NOTQUIT-BLOCK acl_smtp_predata: #BEGIN ACL-SMTP-PREDATA-BLOCK #END ACL-SMTP-PREDATA-BLOCK acl_smtp_quit: #BEGIN ACL-SMTP-QUIT-BLOCK # BEGIN INSERT slow_fail_block warn log_message = "Detected session with all messages failed" condition = ${if >= {${eval:$rcpt_count}}{1}{${if == {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}} set acl_m6 = 1 warn condition = ${if eq {${acl_m6}}{1}{1}{0}} ratelimit = 0 / 1h / strict / per_conn / slow_fail_block_$sender_host_address log_message = "Increment slow_fail_block Ratelimit - $sender_fullhost because of all messages failed" warn ratelimit = 1 / 1h / noupdate / per_conn / slow_fail_block_$sender_host_address condition = ${if >= {${eval:$rcpt_count}}{1}{${if < {${eval:$rcpt_fail_count}}{${eval:$rcpt_count}}{yes}{no}}}{no}} set acl_m5 = 1 log_message = "Detected session with ok message that previous had all failed" warn condition = ${if eq {${acl_m5}}{1}{1}{0}} ratelimit = 0 / 1h / strict / per_conn / slow_fail_accept_$sender_host_address log_message = "Decrement slow_fail_lock Ratelimit - $sender_fullhost because one message was successful" # END INSERT slow_fail_block #END ACL-SMTP-QUIT-BLOCK acl_smtp_rcpt: #BEGIN ACL-RATELIMIT-BLOCK #END ACL-RATELIMIT-BLOCK #BEGIN ACL-PRE-RECIPIENT-BLOCK # BEGIN INSERT default_pre_recipient warn !domains = +relay_domains set acl_m_outbound_recipient = 1 # END INSERT default_pre_recipient # BEGIN INSERT delay_unknown_hosts warn !authenticated = * !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks #only rate limit port 25 condition = ${if eq {$received_port}{25}{yes}{no}} delay = 20s # END INSERT delay_unknown_hosts # BEGIN INSERT dkim_disable warn control = dkim_disable_verify # END INSERT dkim_disable #END ACL-PRE-RECIPIENT-BLOCK #BEGIN ACL-RECIPIENT-BLOCK # BEGIN INSERT blockeddomains deny message = Your host is not allowed to connect to this server. log_message = Sender domain is banned sender_domains = !+local_domains : +blocked_domains # END INSERT blockeddomains # BEGIN INSERT default_recipient accept hosts = : endpass verify = recipient # Accept from any of the domain’s cached remote MX hosts. # As an optimization, we only check this for local domains because # only local domains will be in the remote MX cache. accept domains = +local_domains condition = ${if exists {/etc/domain_remote_mx_ips.cdb}{1}{0}} hosts = ${lookup{$domain}cdb{/etc/domain_remote_mx_ips.cdb}} endpass verify = recipient accept condition = ${extract{size}{${stat:/etc/skipsmtpcheckhosts}}} hosts = +skipsmtpcheck_hosts endpass verify = recipient # implemented for "suspend incoming email" feature deny domains = !$primary_hostname : +local_domains condition = ${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}}}}}{$value}}/etc/.${sg{$local_part}{\N[/+].*\N}{}}@${domain}.suspended_incoming}} message = 525 5.7.13 Disabled recipient address log_message = Mail to ${local_part}@${domain} has been suspended # implemented for "suspend outgoing email" feature for domains and individual webmail/pop accounts deny domains = ! +local_domains condition = ${perl{check_outgoing_mail_suspended}} message = ${perl{get_outgoing_mail_suspended_message}} log_message = ${perl{get_outgoing_mail_suspended_message}} # END INSERT default_recipient #END ACL-RECIPIENT-BLOCK #mailman only #BEGIN ACL-RECIPIENT-MAILMAN-BLOCK # BEGIN INSERT default_recipient_mailman # Accept bounces to lists even if callbacks or other checks would fail accept domains = +local_domains condition = ${if match{$local_part}{\N^(\.*[^./][^/]*)-bounces(\+.*)?$\N}} condition = ${if exists{/usr/local/cpanel/3rdparty/mailman/lists/${1}${if !eq{$domain}{$primary_hostname}{_${domain}}{}}/config.pck}} add_header = X-WhitelistedRCPT-nohdrfromcallback: Yes #if it gets here it isn't mailman # END INSERT default_recipient_mailman #END ACL-RECIPIENT-MAILMAN-BLOCK #mailman only #BEGIN ACL-IDENTIFY-SENDER-BLOCK # BEGIN INSERT default_identify_sender # Accept authenticated connections when the connection comes from the main # account (foo@foo.com, where foo.com's user is foo). Otherwise, we end up # unintentionally rejecting mail if the user is set to :fail:. accept authenticated = * condition = ${if eq{${lookup{$sender_address_domain}lsearch{/etc/userdomains}}}{$sender_address_local_part}} endpass verify = recipient # deny must be on the same line as hosts so it will get removed by buildeximconf if turned off deny hosts = ! +loopback : ! +senderverifybypass_hosts ! verify = sender accept authenticated = * endpass verify = recipient # if they used "pop before smtp" and its not bound for a localdomain we remember the recent_authed_mail_ips_domain warn domains = ! +local_domains hosts = ! +loopback hosts = +recent_authed_mail_ips set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}} add_header = ${if exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}}{}} # if they used "pop before smtp" then we just accept accept condition = ${if exists{/etc/popbeforesmtp}{1}{0}} hosts = ! +loopback hosts = +recent_authed_mail_ips endpass verify = recipient # we need to check alwaysrelay since we don't require recentauthedmailiptracker to be enabled accept hosts = ! +loopback condition = ${if or {{eq{$acl_c_recent_authed_mail_ips_text_entry}{}}{!exists{/etc/popbeforesmtp}}}{${if exists {/etc/alwaysrelay}{${lookup{$sender_host_address}iplsearch{/etc/alwaysrelay}{1}{0}}}{0}}}{0}} set acl_c_recent_authed_mail_ips_text_entry = ${perl{get_recent_authed_mail_ips_text_entry}{1}} set acl_c_alwaysrelay = 1 endpass verify = recipient #recipient verifications are now done after smtp auth and pop before smtp so the users get back bounces instead of # a clogged outbox in outlook # If we skipped identifying the sender in acl_smtp_mail (ie !def:acl_c_authenticated_local_user) # We need to do it here before we can test the two drops warn condition = ${if !def:acl_c_authenticated_local_user} condition = ${if match_ip{$sender_host_address}{+loopback}} condition = ${perl{identify_local_connection}{$sender_host_address}{$sender_host_port}{$received_ip_address}{$received_port}{1}} set acl_c_authenticated_local_user = ${perl{get_identified_local_connection_user}} # drop connections to localhost that are from demo accounts (required for manual connections) drop condition = ${if def:acl_c_authenticated_local_user} condition = ${if !eq{$acl_c_authenticated_local_user}{root}} condition = ${if match_ip{$sender_host_address}{+loopback}} condition = ${lookup{$acl_c_authenticated_local_user}lsearch{/etc/demousers}{1}} message = Demo accounts may not send mail # drop connections to localhost that fail auth (required for Horde) drop condition = $authentication_failed condition = ${if match_ip{$sender_host_address}{+loopback}} message = Authentication failed # we learned this in the acl_smtp_mail block accept condition = ${if def:acl_c_authenticated_local_user} endpass verify = recipient # END INSERT default_identify_sender # BEGIN INSERT default_message_submission # Reject unauthenticated relay on port 587 drop condition = ${if eq{$received_port}{587}{1}{0}} message = SMTP AUTH is required for message submission on port 587 # END INSERT default_message_submission #END ACL-IDENTIFY-SENDER-BLOCK #BEGIN ACL-RECP-VERIFY-BLOCK # BEGIN INSERT default_recp_verify # recipient verification to confirm the address is routable. # no callouts to remote systems are performed by default. require verify = recipient # skip content scanning for suspended recipients that are being queued, blackholed or relayed accept condition = ${extract{suspended}{$address_data}} # END INSERT default_recp_verify #END ACL-RECP-VERIFY-BLOCK #BEGIN ACL-POST-RECP-VERIFY-BLOCK # BEGIN INSERT dictionary_attack warn log_message = "Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)" condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}} set acl_m7 = 1 warn condition = ${if eq {${acl_m7}}{1}{1}{0}} ratelimit = 0 / 1h / strict / per_conn log_message = "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack" drop condition = ${if eq {${acl_m7}}{1}{1}{0}} message = "Number of failed recipients exceeded. Come back in a few hours." # END INSERT dictionary_attack #END ACL-POST-RECP-VERIFY-BLOCK #BEGIN ACL-TRUSTEDLIST-BLOCK #END ACL-TRUSTEDLIST-BLOCK #BEGIN ACL-RBL-BLOCK #END ACL-RBL-BLOCK #BEGIN ACL-MAILAUTH-BLOCK #END ACL-MAILAUTH-BLOCK #BEGIN ACL-GREYLISTING-BLOCK # BEGIN INSERT greylisting # Greylisting defer message = Temporarily unable to process your email. Please try again later. # skip if authenticated (with SMTP AUTH ...) !authenticated = * !hosts = +recent_recipient_mail_server_ips : +greylist_trusted_netblocks : +greylist_common_mail_providers : +cpanel_mail_netblocks domains = +local_domains : +relay_domains condition = ${sg{${readsocket{/var/run/cpgreylistd.sock}\ {should_defer ${sg{$sender_host_address}{ }{\x01}} ${sg{$sender_address}{ }{\x01}} ${sg{$local_part@$domain}{ }{\x01}}\n}\ {5s}{\n}{no}}}{\n}{}} log_message = Deferred due to greylisting. Host: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain' SPF: '${if def:spf_result {$spf_result}{unchecked}}' # END INSERT greylisting #END ACL-GREYLISTING-BLOCK #BEGIN ACL-RCPT-HARD-LIMIT-BLOCK #END ACL-RCPT-HARD-LIMIT-BLOCK #BEGIN ACL-RCPT-SOFT-LIMIT-BLOCK #END ACL-RCPT-SOFT-LIMIT-BLOCK #BEGIN ACL-SPAM-SCAN-CHECK-BLOCK # BEGIN INSERT default_spam_scan_check # The only problem with this setup is that if the message is for multiple users on the same server # and they are on different unix accounts, the settings for the first recipient which has spamassassin enabled will be used. # This shouldn't be a problem 99.9% of the time, however its a very small price to pay for a massive speed increase. warn domains = +local_domains condition = ${if <= {$message_size}{1000K}} condition = ${if !eq{${acl_m0}}{1}} condition = ${if exists{/etc/global_spamassassin_enable}{1}{${if exists{${extract{5}{::}{${lookup passwd{${if eq{$domain}{$primary_hostname}{${sg{$local_part}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}}}}}}/.spamassassinenable}}}} set acl_m0 = 1 # $local_part should work here rather than $local_part_data, but # $local_part_data sidesteps a taint-checking bug in Exim 4.94. # # Commit 12b7f811de is advertised as the fix for it, but during # testing an Exim built with that change still had the bug. # cf. https://www.mail-archive.com/exim-users@exim.org/msg54624.html # set acl_m1 = ${if eq{$domain}{$primary_hostname}{${sg{$local_part_data}{\N[/+].*\N}{}}}{${lookup{$domain}lsearch{/etc/userdomains}}}} # END INSERT default_spam_scan_check # BEGIN INSERT spam_scan_secondarymx # Support for scanning secondarymx domains warn domains = ! +local_domains : +secondarymx_domains condition = ${if <= {$message_size}{1000K}{1}{0}} set acl_m0 = 1 set acl_m1 = cpaneleximscanner # END INSERT spam_scan_secondarymx #END ACL-SPAM-SCAN-CHECK-BLOCK #BEGIN ACL-POST-SPAM-SCAN-CHECK-BLOCK # BEGIN INSERT delay_unknown_hosts warn #acl_m2 is spam = YES condition = ${if eq {${acl_m2}}{1}{1}{0}} !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : +recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : +senderverifybypass_hosts : +greylist_trusted_netblocks : +cpanel_mail_netblocks delay = 40s # END INSERT delay_unknown_hosts # BEGIN INSERT mailproviders # Research in Motion - Blackberry white list warn condition = ${if exists {/etc/mailproviders/rim/ips}{${if match_ip{$sender_host_address}{iplsearch;/etc/mailproviders/rim/ips}{1}{0}}}{0}} set acl_m0 = 0 # END INSERT mailproviders #END ACL-POST-SPAM-SCAN-CHECK-BLOCK #BEGIN ACL-RECIPIENT-POST-BLOCK # BEGIN INSERT default_recipient_post accept domains = +relay_domains deny message = ${expand:${lookup{host_accept_relay}lsearch{/etc/eximrejects}{$value}}} log_message = Rejected relay attempt: '$sender_host_address' From: '$sender_address' To: '$local_part@$domain' # END INSERT default_recipient_post #END ACL-RECIPIENT-POST-BLOCK acl_smtp_starttls: #BEGIN ACL-SMTP-STARTTLS-BLOCK #END ACL-SMTP-STARTTLS-BLOCK acl_smtp_vrfy: #BEGIN ACL-SMTP-SMTP-VRFY-BLOCK #END ACL-SMTP-SMTP-VRFY-BLOCK acl_smtp_dkim: #BEGIN ACL-SMTP-DKIM-BLOCK #END ACL-SMTP-DKIM-BLOCK begin authenticators dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}} server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}} dovecot_login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 server_condition = ${if and {{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers}{yes}}}}}{}}}{true}{false}} server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}{1}{0}} # smarthost authentication disabled ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # There are no rewriting specifications in this default configuration file. begin rewrite #!!#######################################################!!# #!!# Here follow routers created from the old routers, #!!# #!!# for handling non-local domains. #!!# #!!#######################################################!!# begin routers ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. blackhole_dovenull: driver= redirect local_parts = "@dovenull" allow_fail = true data = :fail: Unrouteable address deliver_local_outside_jail: driver = manualroute require_files = "+/jail_owner" # users outside the jail will not be in /etc/passwd => We need to check if $local_part is in /jail_owner # we can't just check to see if they exist # because we still want to be able to mail root domains = +local_domains transport = remote_smtp route_list = "* 127.0.0.1" # self = send allows us to send outside the jail # we make sure /home/virtfs does not exist before we get here # to be safe self = send suspendedcheck: driver = redirect domains = +local_domains local_parts = ${if eq {$domain} \ {$primary_hostname} \ {+path_safe_localparts} \ {*} \ } require_files = \ +/etc/exim_suspended_list \ : +/var/cpanel/suspended/${if eq {$domain} {$primary_hostname} \ {$local_part} \ {${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {$value} \ {::::invalid::::} \ }} \ } local_part_suffix = +* local_part_suffix_optional allow_fail allow_defer allow_freeze # Sets r_suspendinfo to the contents of the suspendinfo file, # r_suspended_shell to the original shell of the suspended account, # r_suspended_redirect to the real mapped redirect setting. set = r_suspended_shell=${perl \ {get_suspended_shell} \ {${if eq {$domain} {$primary_hostname} \ {$local_part} \ {${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ }} \ } # This skips content scanning for the primary account address with # live-transfers and handles the special :queue: setting by pretending # those are :blackhole: deliveries during address verification address_data = \ router=$router_name \ ${if \ !match {${lookup \ {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*(:unknown:.*)?$\N} \ { \ suspended=1 \ redirect=${quote:${if \ !match{${lookup \ {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*:\N} \ {${if eq \ {$verify_mode} \ {} \ {${lookup{$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {:blackhole:} \ }} \ {${sg \ {${lookup {$local_part@$domain} \ wildlsearch{/etc/exim_suspended_list} \ {$value} \ {:unknown:} \ }} \ {\N^\s*:queue:\N} \ {${if eq \ {$verify_mode} \ {} \ {:defer:} \ {:blackhole:} \ }} \ }} \ }} \ } \ } data = ${extract \ {redirect} \ {$address_data} \ } # The main routers handle traffic to the lists themselves and the suffixed ones # handle mail to administrative aliases. We have to use a two step process # because otherwise mail to a list such as foo-admin@example.tld will not be # handled properly. mailman_virtual_router: driver = accept domains = !$primary_hostname : +local_domains local_parts = +path_safe_localparts require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman transport = mailman_virtual_transport mailman_virtual_router_suffixed: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman domains = !$primary_hostname : +local_domains local_parts = +path_safe_localparts local_part_suffix = -admin : \ -bounces : -bounces+* : \ -confirm : -confirm+* : \ -join : -leave : \ -owner : -request : \ -subscribe : -unsubscribe transport = mailman_virtual_transport mailman_virtual_router_nodns: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman condition = \ ${if or {{match{$local_part}{.*_.*}} \ {eq{$local_part}{mailman}}} \ {1}{0}} domains = $primary_hostname local_parts = +path_safe_localparts transport = mailman_virtual_transport_nodns mailman_virtual_router_nodns_suffixed: driver = accept require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck : /usr/local/cpanel/3rdparty/mailman/mail/mailman condition = \ ${if or {{match{$local_part}{.*_.*}} \ {eq{$local_part}{mailman}}} \ {1}{0}} local_part_suffix = -admin : \ -bounces : -bounces+* : \ -confirm : -confirm+* : \ -join : -leave : \ -owner : -request : \ -subscribe : -unsubscribe domains = $primary_hostname local_parts = +path_safe_localparts transport = mailman_virtual_transport_nodns democheck: driver = redirect require_files = "+/etc/demouids" condition = ${if >= {$originator_uid}{100}{1}{0}} condition = "${extract{size}{${stat:/etc/demouids}}}" condition = "${if eq \ {${lookup \ {$originator_uid} \ lsearch{/etc/demouids} \ {$value} \ }} \ {} \ {false} \ {true} \ }" allow_fail data = :fail: demo accounts are not permitted to relay email # # This is to make sure that cpanel@* always passes sender verification # so that the system notifications don't get rejected by spam filters # doing a sender verification check. # blackhole_cpanel_at: driver = redirect local_parts = cpanel domains = !$primary_hostname verify_only data = :blackhole: # cPanel Mail Archiving is disabled # # Handles identification of messages, nobody and webspam and mail trap checks # in check_mail_permissions and notifies if we are defering a message # boxtrapper_autowhitelist: driver = accept condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{$local_part@$domain}{0}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if eq{$received_protocol}{local}{${perl{checkbx_autowhitelist}{$sender_ident}}}{0}}}}}}}} require_files = "+/usr/local/cpanel/bin/boxtrapper" transport = boxtrapper_autowhitelist no_verify unseen check_mail_permissions: domains = ! +local_domains condition = ${if eq {$authenticated_id}{root}{0}{1}} ignore_target_hosts = +loopback : 64.94.110.0/24 driver = redirect allow_filter reply_transport = address_reply user = mailnull no_verify expn = false condition = "${perl{check_mail_permissions}}" data = "${perl{check_mail_permissions_results}}" # # discover_sender_information is not included # because from_rewrites are not enabled # # # If check_mail_permissions needs to defer or fail a message it is done here # enforce_mail_permissions: domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 condition = ${if eq {$authenticated_id}{root}{0}{1}} driver = redirect allow_fail allow_defer no_verify expn = false condition = "${perl{enforce_mail_permissions}}" data = "${perl{enforce_mail_permissions_results}}" # # Increments max emails per hour if needed # increment_max_emails_per_hour_if_needed: domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 condition = ${if eq {$authenticated_id}{root}{0}{1}} driver = redirect allow_fail no_verify one_time expn = false condition = "${perl{increment_max_emails_per_hour_if_needed}}" data = ":unknown:" # # reject_forwarded_mail_marked_as_spam is not included # because no_forward_outbound_spam and no_forward_outbound_spam_over_int # are both disabled # # This router routes to a statically defined host from /etc/manualmx # so that any mail received for the domain will skip MX lookups and attempt to # deliver the message directly to the specified host. manualmx: driver = manualroute domains = +manualmx_domains transport = remote_smtp route_data = ${lookup \ {$domain} \ lsearch{/etc/manualmx} \ } # # lookuphost router # # # Lookup host router for remote smtp and ignores verisign site finder 'service' # This matches lookup exactly except we look for X-Precedence and Precedence so # we can determinte what is an auto responder message in the log. # Note: there is nothing to # prevent X-Precedence from being added to non-autoresponded messages so this is for # logging reasons only # # Note: Boxtrapper sets Precedence to auto_reply # autoreply_dkim_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${perl{sender_domain_can_dkim_sign}}" condition = "${if \ or { \ {match{$h_precedence:}{auto}} \ {match{$h_x-precedence:}{auto}} \ } \ {1}{0} \ }" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" transport = dkim_remote_smtp # # Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys # dkim_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${perl{sender_domain_can_dkim_sign}}" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {dkim_remote_smtp} {dkim_remote_forwarded_smtp}} .else transport = dkim_remote_smtp .endif # # Lookup host router for remote smtp and ignores verisign site finder 'service' # This matches lookup exactly except we look for X-Precedence and Precedence so # we can determinte what is an auto responder message in the log. # Note: there is nothing to # prevent X-Precedence from being added to non-autoresponded messages so this is for # logging reasons only # # Note: Boxtrapper sets Precedence to auto_reply # autoreply_lookuphost: driver = dnslookup domains = ! +local_domains condition = "${if \ or { \ {match{$h_precedence:}{auto}} \ {match{$h_x-precedence:}{auto}} \ } \ {1}{0} \ }" #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" transport = remote_smtp # # Lookup host router for remote smtp and ignores verisign site finder 'service' # lookuphost: # router from etc/exim/replacecf/dkim/lookuphost driver = dnslookup domains = ! +local_domains #ignore verisign to prevent waste of bandwidth ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {remote_smtp} {remote_forwarded_smtp}} .else transport = remote_smtp .endif # This router routes to remote hosts over SMTP by explicit IP address, # given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs # require this facility, which is why it is enabled by default in Exim. # If you want to lock it out, set forbid_domain_literals in the main # configuration section above. # # Literal Transports .. ignores verisigns sitefinder service # literal: driver = ipliteral domains = ! +local_domains ignore_target_hosts = +loopback : 64.94.110.0/24 headers_add = "${perl{mailtrapheaders}}" .ifdef SRSENABLED # if outbound, and forwarding has been done, use an alternate transport transport = ${if eq {$local_part@$domain} \ {$original_local_part@$original_domain} \ {remote_smtp} {remote_forwarded_smtp}} .else transport = remote_smtp .endif #!!# This new router is put here to fail all domains that #!!# were not in local_domains in the Exim 3 configuration. # # Trap Failures to Remote Domain # fail_remote_domains: driver = redirect domains = ! +local_domains : ! localhost : ! localhost.localdomain allow_fail data = ${if eq {$verify_mode}{S} \ {:fail: The mail server does not recognize $local_part@$domain as a valid sender.} \ {:fail: The mail server could not deliver mail to $local_part@$domain. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.} \ } #!!#######################################################!!# #!!# Here follow routers created from the old directors, #!!# #!!# for handling local domains. #!!# #!!#######################################################!!# ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### # Local addresses are those with a domain that matches some item in the # "local_domains" setting above, or those which are passed back from the # routers because of a "self=local" setting (not used in this configuration). # This director handles aliasing using a traditional /etc/aliases file. # If any of your aliases expand to pipes or files, you will need to set # up a user and a group for these deliveries to run under. You can do # this by uncommenting the "user" option below (changing the user name # as appropriate) and adding a "group" option if necessary. Alternatively, you # can specify "user" on the transports that are used. Note that those # listed below are the same as are used for .forward files; you might want # to set up different ones for pipe and file deliveries from aliases. #spam_filter: # driver = forwardfile # file = /etc/spam.filter # no_check_local_user # no_verify # filter # allow_system_actions # # Account level filtering for everything but the main account # central_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket no_check_local_user domains = !$primary_hostname : dsearch;/etc/vfilters require_files = "+/etc/vfilters/${domain_data}" condition = "${extract \ {size} \ {${stat:/etc/vfilters/${domain_data}}} \ }" file = /etc/vfilters/${domain_data} file_transport = address_file directory_transport = address_directory pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract{6} \ {:} \ {${lookup \ passwd{ \ ${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ } \ } \ }} \ }:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } reply_transport = address_reply router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" no_verify # # Account level filtering for the main account # # checks /etc/vfilters/maindomain if its a localuser (ie main acct) # mainacct_central_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_local_user domains = $primary_hostname condition = ${if eq \ {${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }} \ {} \ {0} \ {${if exists \ {/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }} \ {${extract \ {size} \ {${stat:/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }}} \ }} \ {0} \ }} \ } file = "/etc/vfilters/${lookup \ {$local_part_data} \ lsearch{/etc/domainusers} \ {$value} \ }" directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply user = $local_part_data group = $local_part_data retry_use_local_part no_verify # # User Level Filtering for the main account # central_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_local_user domains = $primary_hostname require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter" condition = "${extract \ {size} \ {${stat:${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter}} \ }" file = "${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ }/etc/filter" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{$local_part_data} \ {$value} \ }} \ } directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply user = $local_part_data group = $local_part_data local_part_suffix = +* local_part_suffix_optional retry_use_local_part no_verify # # User Level Filtering for virtual users # virtual_user_filter: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data/$local_part_data/filter" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } local_parts = ${if exists{${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data}{dsearch;${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data}} condition = "${extract{size}{${stat:$home/etc/$domain_data/$local_part_data/filter}}}" file = "$home/etc/$domain_data/$local_part_data/filter" directory_transport = address_directory file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract{6} \ {:} \ {${lookup \ passwd{ \ ${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ } \ } \ }} \ }:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } reply_transport = address_reply local_part_suffix = +* local_part_suffix_optional retry_use_local_part no_verify virtual_aliases_nostar: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/valiases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" address_data = \ "router=$router_name \ redirect=${quote:${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } local_part_suffix = +* local_part_suffix_optional retry_use_local_part unseen virtual_user_overquota: driver = redirect domains = !$primary_hostname : ${lookup{$domain}lsearch{/etc/userdomains}{${perl{untaint}{$domain}}}} require_files = "+$home/etc/$domain_data" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } # NB: On busy servers Dovecot may take several seconds to respond to # this request. So we set the timeout generously: condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}@${quote:$domain_data}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}" data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded" verify_only allow_fail # # Virtual User Spam Boxes # virtual_user_spam: driver = redirect local_parts = +path_safe_localparts domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}} require_files = \ "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/.spamassassinboxenable: \ +${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } headers_remove="x-uidl" data = "${quote_local_part:$local_part}+spam@$domain_data" redirect_router = virtual_user virtual_boxtrapper_user: driver = accept local_parts = +path_safe_localparts domains = !$primary_hostname : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint} \ {$domain} \ }} \ } require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/etc/$domain_data/$local_part/.boxtrapperenable:+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = "${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }" headers_remove="x-uidl" transport = virtual_boxtrapper_userdelivery virtual_user: driver = accept domains = \ !$primary_hostname \ : ${lookup \ {$domain} \ lsearch{/etc/userdomains} \ {${perl{untaint}{$domain}}} \ } local_parts = +path_safe_localparts require_files = "+${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ }/mail/$domain_data/$local_part" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } headers_remove="x-uidl" local_part_suffix = +* local_part_suffix_optional user = mailnull group = mail transport = dovecot_virtual_delivery set = r_bcc_addr=${if forany \ {${addresses:$h_to:}:${addresses:$h_cc:}} \ {or { \ {eqi \ {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \ {$local_part@$domain_data} \ } \ {eqi \ {${extract{1}{+}{${local_part:$item}}}@${domain:$item}} \ {$original_local_part@$original_domain} \ } \ }} \ {} \ {$local_part@$domain} \ } set = r_cpanel_user=${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}} # # If the delivery address, original address (forwarded), # or address with subaddress is shown on the To: or Cc: # lines or the message has the List-Id: or Precedence: # header we allow the message to be batched to # dovecot LMTP via transport dovecot_virtual_delivery # # If it does match match the above we do not allow the message # to be batched in order to ensure that the Envelope-To: header # does not contain a user that was Bcc:ed so savvy recipients # cannot see that another email was Bcc:ed in the header # via transport dovecot_virtual_delivery_no_batch # # Note: match_address would be nice here but the second string # is not expanded for security reasons # # # has_alias_but_no_mailbox_discarded_to_prevent_loop required either of the following: # # 1. There is an active alias in the valias file # 2. There is an active autoresponder and the * is set to :fail: # has_alias_but_no_mailbox_discarded_to_prevent_loop: driver = redirect domains = !$primary_hostname : dsearch;/etc/valiases condition = ${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ {1} \ {0} \ } condition = "${if forany{<, \ ${lookup \ {$local_part@$domain_data} \ lsearch{/etc/valiases/$domain_data} \ {$value} \ }} \ {!match{$item}{\N/autorespond\N}} \ {1} \ {${if match \ {${lookup \ {\N*\N} \ lsearch{/etc/valiases/$domain_data} \ {$value} \ }} \ {:fail:} \ {1} \ {0} \ }} \ }" data=":blackhole:" local_part_suffix = +* local_part_suffix_optional disable_logging = true # srs is disabled valias_domain_file: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/vdomainaliases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" condition = ${lookup {$domain_data} lsearch {/etc/vdomainaliases/$domain_data}{yes}{no} } address_data = router=$router_name redirect=${quote:${quote_local_part:$local_part}@${lookup{$domain_data}lsearch{/etc/vdomainaliases/$domain_data}}} data = ${extract{redirect}{$address_data}} virtual_aliases: driver = redirect allow_defer allow_fail domains = !$primary_hostname : dsearch;/etc/valiases user = "${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}" router_home_directory = ${extract \ {5} \ {::} \ {${lookup \ passwd{${lookup \ {$domain_data} \ lsearch{/etc/userdomains} \ {$value}}} \ {$value} \ }} \ } address_data = \ "router=$router_name \ redirect=${quote:${lookup \ {*} \ lsearch{/etc/valiases/$domain_data} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_virtual_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_virtual_address_pipe} \ {virtual_address_pipe} \ }} \ } # This director handles forwarding using traditional .forward files. # If you want it also to allow mail filtering when a forward file # starts with the string "# Exim filter", uncomment the "filter" option. # The check_ancestor option means that if the forward file generates an # address that is an ancestor of the current one, the current one gets # passed on instead. This covers the case where A is aliased to B and B # has a .forward file pointing to A. The three transports specified at the # end are those that are used when forwarding generates a direct delivery # to a file, or to a pipe, or sets up an auto-reply, respectively. system_aliases: driver = redirect allow_defer allow_fail domains = $primary_hostname : localhost address_data = \ "router=$router_name \ redirect=${quote: \ ${lookup \ {$local_part} \ lsearch{/etc/aliases} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = address_pipe # user = exim local_aliases: driver = redirect allow_defer allow_fail domains = $primary_hostname : localhost address_data = \ "router=$router_name \ redirect=${quote: \ ${lookup \ {$local_part} \ lsearch{/etc/localaliases} \ }}" data = ${extract \ {redirect} \ {$address_data} \ } file_transport = address_file pipe_transport = address_pipe check_local_user userforward: driver = redirect allow_filter allow_fail forbid_filter_run forbid_filter_perl forbid_filter_lookup forbid_filter_readfile forbid_filter_readsocket check_ancestor check_local_user domains = $primary_hostname no_expn require_files = "+$home/.forward" condition = "${extract{size}{${stat:$home/.forward}}}" file = $home/.forward file_transport = address_file pipe_transport = ${if forall \ {/bin/cagefs_enter:/usr/sbin/cagefsctl} \ {exists{$item}} \ {cagefs_address_pipe} \ {${if forany \ {${extract \ {6} \ {:} \ {${lookup \ passwd{$local_part_data} \ }} \ } \:$r_suspended_shell} \ {match{$item}{\N(jail|no)shell\N}} \ {jailed_address_pipe} \ {address_pipe} \ }} \ } reply_transport = address_reply directory_transport = address_directory user = $local_part_data group = $local_part_data no_verify # srs is disabled localuser_root: driver = redirect allow_fail domains = $primary_hostname : localhost check_local_user condition = ${if eq {$local_part_data}{root}} data = :fail: root cannot accept local mail deliveries localuser_overquota: driver = redirect domains = $primary_hostname check_local_user # NB: On busy servers Dovecot may take several seconds to respond to # this request. So we set the timeout generously: condition = "${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy\nrecipient=${quote:$local_part}\nsize=$message_size\n\n}{30s}{\n}{SOCKETFAIL}}}{action=5}{true}{false}}" data = ":fail:Mailbox is full / Blocks limit exceeded / Inode limit exceeded" verify_only allow_fail # # Optimized spambox router # localuser_spam: driver = redirect domains = $primary_hostname require_files = "+$home/.spamassassinboxenable" condition = ${if match{$h_x-spam-status:}{\N^Yes\N}{true}{false}} # sets home,user,group check_local_user headers_remove="x-uidl" data = "${quote_local_part:$local_part_data}+spam" redirect_router = localuser boxtrapper_localuser: driver = accept require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable" check_local_user domains = $primary_hostname transport = local_boxtrapper_delivery localuser: driver = accept # sets home,user,group check_local_user domains = $primary_hostname headers_remove="x-uidl" local_part_suffix = +* local_part_suffix_optional user = mailnull group = mail transport = dovecot_delivery set = r_bcc_addr=${if forany \ {${addresses:$h_to:}:${addresses:$h_cc:}} \ {or { \ { eqi \ {${extract \ {1} \ {+} \ {${local_part:$item}} \ }@${domain:$item}} \ {$local_part@$domain} \ } \ { eqi \ {${extract \ {1} \ {+} \ {${local_part:$item}} \ }@${domain:$item}} \ {$original_local_part@$original_domain} \ } \ }} \ {} \ {$local_part@$domain} \ } set = r_cpanel_user=${local_part} # # If the delivery address, original address (forwarded), # or address with subaddress is shown on the To: or Cc: # lines or the message has the List-Id: or Precedence: # header we allow the message to be batched to # dovecot LMTP via transport dovecot_virtual_delivery # # If it does match match the above we do not allow the message # to be batched in order to ensure that the Envelope-To: header # does not contain a user that was Bcc:ed so savvy recipients # cannot see that another email was Bcc:ed in the header # via transport dovecot_virtual_delivery_no_batch # # Note: match_address would be nice here but the second string # is not expanded for security reasons # # This director matches local user mailboxes. ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### # A transport is used only when referenced from a director or a router that # successfully handles an address. # This transport is used for delivering messages over SMTP connections. begin transports mailman_virtual_transport: driver = pipe command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \ '${if def:local_part_suffix \ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ {post}}' \ ${perl{untaint}{${lc:$local_part}_${lc:$domain}}} current_directory = /usr/local/cpanel/3rdparty/mailman home_directory = /usr/local/cpanel/3rdparty/mailman user = mailman group = mailman mailman_virtual_transport_nodns: driver = pipe command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \ '${if def:local_part_suffix \ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ {post}}' \ ${perl{untaint}{${lc:$local_part}}} current_directory = /usr/local/cpanel/3rdparty/mailman home_directory = /usr/local/cpanel/3rdparty/mailman user = mailman group = mailman remote_smtp: driver = smtp interface = <; ${if > \ {${extract \ {size} \ {${stat:/etc/mailips}} \ }} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailips} \ {$value} \ {} \ }} \ }} \ }} \ } helo_data = ${if > \ {${extract{size}{${stat:/etc/mailhelo}}}} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailhelo} \ {$value} \ {$primary_hostname} \ }} \ }} \ }} \ {$primary_hostname} \ } hosts_try_chunking = 198.51.100.1 message_linelength_limit = 2048 dkim_remote_smtp: driver = smtp interface = <; ${if > \ {${extract \ {size} \ {${stat:/etc/mailips}} \ }} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailips} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailips} \ {$value} \ {} \ }} \ }} \ }} \ } helo_data = ${if > \ {${extract{size}{${stat:/etc/mailhelo}}}} \ {0} \ {${lookup \ {${lc:${perl{get_message_sender_domain}}}} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${if match_domain \ {$original_domain} \ {+relay_domains} \ {${lc:$original_domain}} \ {} \ }} \ lsearch{/etc/mailhelo} \ {$value} \ {${lookup \ {${perl{get_sender_from_uid}}} \ lsearch*{/etc/mailhelo} \ {$value} \ {$primary_hostname} \ }} \ }} \ }} \ {$primary_hostname} \ } dkim_domain = ${perl{get_dkim_domain}} dkim_selector = default dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}" dkim_canon = relaxed hosts_try_chunking = 198.51.100.1 message_linelength_limit = 2048 # remote_forwarded_srs absent due to SRS support being disabled # This transport is used for local delivery to user mailboxes. By default # it will be run under the uid and gid of the local user, and requires # the sticky bit to be set on the /var/mail directory. Some systems use # the alternative approach of running mail deliveries under a particular # group instead of using the sticky bit. The commented options below show # how this can be done. # This transport is used for handling pipe deliveries generated by alias # or .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output # instead of return_output if you want this to happen only when the pipe fails # to complete normally. You can set different transports for aliases and # forwards if you want to - see the references to address_pipe below. address_directory: driver = pipe command = /usr/libexec/dovecot/dovecot-lda -f ${perl{untaint}{$sender_address}} -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}} message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 address_pipe: driver = pipe return_output virtual_address_pipe: driver = pipe return_output jailed_address_pipe: driver = pipe force_command command = /usr/local/cpanel/bin/jailexec $address_pipe return_output jailed_virtual_address_pipe: driver = pipe force_command command = /usr/local/cpanel/bin/jailexec $address_pipe return_output cagefs_address_pipe: driver = pipe force_command command = /bin/cagefs_enter $address_pipe return_output cagefs_virtual_address_pipe: driver = pipe force_command command = /bin/cagefs_enter $address_pipe return_output # This transport is used for handling deliveries directly to files that are # generated by aliassing or forwarding. address_file: driver = pipe command = /usr/libexec/dovecot/dovecot-lda -e -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}} message_prefix = message_suffix = log_output delivery_date_add envelope_to_add return_path_add temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 boxtrapper_autowhitelist: driver = pipe headers_only command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${perl{untaint}{$authenticated_id}}" user = ${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}} group = ${extract{3}{:}{${lookup passwd{${perl{getemailuser}{$authenticated_id}{$received_protocol}{$sender_ident}}}{$value}}}} log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 local_boxtrapper_delivery: driver = pipe command = /usr/local/cpanel/bin/boxtrapper "${perl{untaint}{$local_part_data}}" $home user = $local_part_data group = ${extract{3}{:}{${lookup passwd{$local_part_data}{$value}}}} log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 virtual_boxtrapper_userdelivery: driver = pipe command = /usr/local/cpanel/bin/boxtrapper \ "${perl{untaint}{$local_part}}@${perl{untaint}{$domain}}" \ $home user = "${lookup{${perl{untaint}{$domain}}}lsearch{/etc/userdomains}{$value}}" log_output = true return_fail_output = true return_path_add = false temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 dovecot_delivery: driver = lmtp socket = /var/run/dovecot/lmtp batch_max = 200 batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}" rcpt_include_affixes delivery_date_add envelope_to_add return_path_add dovecot_virtual_delivery: driver = lmtp socket = /var/run/dovecot/lmtp batch_max = 200 batch_id = "$r_cpanel_user ${if def:r_bcc_addr {$r_bcc_addr}}" rcpt_include_affixes delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply # cPanel Mail Archiving is disabled ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry +secondarymx * F,4h,5m; G,16h,1h,1.5; F,4d,8h * * F,2h,15m; G,16h,1h,1.5; F,4d,8h # End of Exim 4 configuration

N4m3	5!z3	L45t M0d!f!3d	0wn3r / Gr0up	P3Rm!55!0n5	0pt!0n5
..	--	March 07 2026 10:23:32	root / root	0555
ImageMagick-6	--	November 27 2024 04:08:35	root / root	0755
NetworkManager	--	June 11 2024 14:35:41	root / root	0755
X11	--	October 23 2020 09:07:04	root / root	0755
acpi	--	October 23 2020 09:17:33	root / root	0755
alternatives	--	June 11 2025 04:09:17	root / root	0755
apache2	--	June 11 2025 04:09:21	root / root	0755
audisp	--	October 23 2020 09:08:05	root / root	0750
audit	--	October 23 2020 09:17:10	root / root	0750
bash_completion.d	--	August 15 2024 04:08:51	root / root	0755
binfmt.d	--	March 26 2024 12:56:27	root / root	0755
chkconfig.d	--	October 13 2020 15:46:48	root / root	0755
chkserv.d	--	May 31 2022 03:27:31	root / root	0755
cpanel	--	March 07 2026 04:08:06	root / root	0751
cron.d	--	February 27 2025 20:09:35	root / root	0755
cron.daily	--	October 10 2023 04:08:33	root / root	0755
cron.hourly	--	May 19 2023 04:08:20	root / root	0755
cron.monthly	--	June 09 2014 22:14:31	root / root	0755
cron.weekly	--	June 09 2014 22:14:31	root / root	0755
csf	--	February 27 2025 20:09:36	root / root	0600
dbus-1	--	August 03 2021 20:11:09	root / root	0755
default	--	July 19 2024 04:08:29	root / root	0755
depmod.d	--	October 23 2020 09:06:59	root / root	0755
dhcp	--	June 11 2024 14:35:41	root / root	0750
dovecot	--	January 14 2026 10:05:23	root / root	0755
dracut.conf.d	--	September 30 2020 15:57:57	root / root	0755
egl	--	August 03 2021 20:07:35	root / root	0755
exports.d	--	October 14 2021 12:29:26	root / root	0755
firewalld	--	August 03 2021 20:11:32	root / root	0750
fonts	--	October 23 2020 09:20:03	root / root	0755
gcrypt	--	November 02 2023 15:22:54	root / root	0755
ghostscript	--	September 30 2020 16:20:55	root / root	0755
glvnd	--	August 03 2021 20:07:35	root / root	0755
gnupg	--	July 13 2018 13:05:22	root / root	0755
groff	--	October 23 2020 09:05:07	root / root	0755
grub.d	--	June 11 2025 04:08:52	root / root	0700
gss	--	February 12 2025 13:26:19	root / root	0755
gssproxy	--	October 16 2021 04:08:46	root / root	0755
init.d	--	July 04 2024 04:08:43	root / root	0755
iproute2	--	August 03 2021 20:11:02	root / root	0755
kernel	--	October 23 2020 09:08:17	root / root	0755
krb5.conf.d	--	February 12 2025 13:26:19	root / root	0755
ld.so.conf.d	--	June 11 2025 04:10:24	root / root	0755
libnl	--	October 23 2020 09:05:06	root / root	0755
libpaper.d	--	September 30 2020 16:48:18	root / root	0755
logrotate.d	--	March 07 2026 09:51:03	root / root	0755
mail	--	October 23 2020 09:28:44	root / root	0755
mc	--	October 23 2020 09:08:24	root / root	0755
modprobe.d	--	September 24 2022 04:08:23	root / root	0755
modules-load.d	--	March 26 2024 12:56:27	root / root	0755
my.cnf.d	--	May 11 2023 04:08:45	root / root	0755
nagios	--	August 03 2021 20:06:07	root / root	0775
named	--	March 28 2025 11:31:52	root / named	0750
nginx	--	February 12 2025 05:55:38	root / root	0755
nrpe.d	--	September 08 2020 14:36:02	root / root	0755
openldap	--	July 04 2024 04:08:42	root / root	0755
opt	--	April 11 2018 04:59:55	root / root	0755
pam.d	--	January 16 2025 04:09:11	root / root	0755
pdns	--	September 19 2024 04:08:45	root / root	0755
pkcs11	--	October 23 2020 09:05:06	root / root	0755
pki	--	October 23 2020 09:28:29	root / root	0755
plymouth	--	August 03 2021 20:11:15	root / root	0755
pm	--	October 23 2020 09:04:33	root / root	0755
polkit-1	--	January 25 2022 19:42:48	root / root	0755
popt.d	--	June 10 2014 04:03:22	root / root	0755
ppp	--	August 03 2021 20:11:14	root / root	0755
prelink.conf.d	--	June 11 2025 04:09:17	root / root	0755
profile.d	--	July 29 2024 04:09:41	root / root	0755
proftpd	--	August 07 2025 13:58:34	root / root	0751
pure-ftpd	--	October 30 2024 12:41:43	root / root	0755
python	--	October 16 2024 04:08:47	root / root	0755
qemu-ga	--	October 23 2020 09:08:12	root / root	0755
rc.d	--	July 04 2024 04:08:43	root / root	0755
rc0.d	--	October 13 2020 15:46:48	root / root	0755
rc1.d	--	October 13 2020 15:46:48	root / root	0755
rc2.d	--	October 13 2020 15:46:48	root / root	0755
rc3.d	--	October 13 2020 15:46:48	root / root	0755
rc4.d	--	October 13 2020 15:46:48	root / root	0755
rc5.d	--	October 13 2020 15:46:48	root / root	0755
rc6.d	--	October 13 2020 15:46:48	root / root	0755
request-key.d	--	October 16 2021 04:08:46	root / root	0755
rpm	--	June 12 2025 04:08:38	root / root	0755
rsyslog.d	--	July 04 2024 04:08:43	root / root	0755
rwtab.d	--	June 11 2025 04:10:06	root / root	0755
sasl2	--	February 24 2022 13:27:39	root / root	0755
scl	--	October 23 2020 09:25:22	root / root	0755
security	--	May 11 2023 04:08:45	root / root	0755
selinux	--	January 16 2025 04:09:11	root / root	0755
skel	--	December 02 2021 04:09:03	root / root	0755
smartmontools	--	October 23 2020 09:20:25	root / root	0755
ssh	--	June 13 2025 04:12:35	root / root	0755
ssl	--	November 27 2024 04:08:33	root / root	0755
statetab.d	--	November 16 2020 16:20:16	root / root	0755
sudoers.d	--	March 28 2024 17:37:49	root / root	0750
sw-engine	--	January 14 2026 17:56:25	root / root	0755
sysconfig	--	June 11 2025 04:10:46	root / root	0755
sysctl.d	--	March 26 2024 12:56:27	root / root	0755
systemd	--	July 04 2024 04:08:43	root / root	0755
terminfo	--	May 17 2024 07:49:49	root / root	0755
tmpfiles.d	--	March 26 2024 12:56:27	root / root	0755
tuned	--	September 24 2022 04:08:23	root / root	0755
udev	--	July 20 2025 02:09:56	root / root	0755
valiases	--	July 24 2025 18:08:28	root / mail	0751
vdomainaliases	--	July 24 2025 18:08:28	root / mail	0751
vfilters	--	July 24 2025 18:08:28	root / mail	0751
wpa_supplicant	--	August 03 2021 20:11:10	root / root	0755
xdg	--	October 23 2020 09:07:04	root / root	0755
xinetd.d	--	April 11 2018 04:59:55	root / root	0755
yum	--	August 03 2021 20:11:17	root / root	0755
yum.repos.d	--	June 13 2025 04:09:26	root / root	0755

.pwd.lock	0 KB	October 23 2020 09:06:54	root / root	0600
.updated	0.159 KB	July 20 2025 02:04:41	root / root	0644
.whostmgrft	0 KB	January 05 2022 10:29:14	root / root	0644
DIR_COLORS	4.971 KB	November 16 2020 14:40:20	root / root	0644
DIR_COLORS.256color	5.591 KB	November 16 2020 14:40:20	root / root	0644
DIR_COLORS.lightbgcolor	4.56 KB	November 16 2020 14:40:20	root / root	0644
GREP_COLORS	0.092 KB	March 24 2017 16:39:09	root / root	0644
GeoIP.conf	1.664 KB	June 12 2023 14:00:57	root / root	0644
adjtime	0.018 KB	October 23 2020 09:14:51	root / root	0644
aliases	1.493 KB	August 19 2021 04:11:21	root / root	0644
aliases.db	12 KB	October 23 2020 09:17:15	root / root	0644
anacrontab	0.528 KB	May 16 2023 14:28:21	root / root	0600
antivirus.exim	10.385 KB	July 22 2024 18:49:25	root / root	0644
asound.conf	0.054 KB	August 08 2019 11:47:50	root / root	0644
at.deny	0.001 KB	May 18 2022 15:54:00	root / root	0644
backupmxhosts	0 KB	October 23 2020 09:24:14	root / mail	0640
bashrc	3.435 KB	August 03 2021 20:14:50	root / root	0644
bento-metadata.json	0.032 KB	October 23 2020 09:17:22	root / root	0444
blocked_incoming_email_countries	0 KB	October 23 2020 09:24:14	root / mail	0640
blocked_incoming_email_country_ips	0 KB	October 23 2020 09:31:34	root / mail	0640
blocked_incoming_email_domains	0 KB	October 23 2020 09:24:14	root / mail	0640
centos-release	0.036 KB	May 21 2024 14:48:02	root / root	0644
centos-release-upstream	0.05 KB	May 21 2024 14:48:02	root / root	0644
chrony.conf	1.082 KB	August 08 2019 11:40:15	root / root	0644
chrony.keys	0.47 KB	August 08 2019 11:40:15	root / chrony	0640
cpanel_exim_system_filter	11.859 KB	January 16 2025 04:09:11	root / root	0644
cpanel_mail_netblocks	0.015 KB	January 16 2025 04:09:11	root / mail	0640
cpspamd.conf	0 KB	February 22 2023 04:10:01	root / root	0644
cpupdate.conf	0.084 KB	June 13 2025 04:08:47	root / root	0644
cron.deny	0.007 KB	October 23 2020 09:31:28	root / root	0600
crontab	0.44 KB	June 09 2014 22:14:31	root / root	0644
crypttab	0 KB	October 23 2020 09:04:14	root / root	0600
csh.cshrc	1.582 KB	April 01 2020 04:29:31	root / root	0644
csh.login	1.077 KB	April 01 2020 04:29:32	root / root	0644
dbowners	0.072 KB	July 24 2025 18:08:29	root / mail	0640
demodomains	0 KB	July 24 2025 18:08:29	root / mail	0640
demouids	0 KB	July 24 2025 18:08:29	root / mail	0640
demousers	0 KB	July 24 2025 18:08:29	root / mail	0640
digestshadow	0 KB	October 23 2020 09:31:24	root / root	0640
domain_remote_mx_ips.cdb	2.413 KB	June 29 2022 16:03:57	root / mail	0640
domain_secondary_mx_ips.cdb	2 KB	August 04 2021 23:31:47	root / mail	0640
domainips	0.015 KB	July 24 2025 16:55:20	root / root	0644
domainusers	0.071 KB	July 24 2025 18:08:29	root / mail	0640
dracut.conf	1.255 KB	September 30 2020 15:57:57	root / root	0644
e2fsck.conf	0.109 KB	March 26 2024 13:11:56	root / root	0644
elinks.conf	1.067 KB	January 10 2019 17:00:54	root / root	0644
email_send_limits	0.266 KB	July 24 2025 18:08:29	root / mail	0640
environment	0 KB	April 01 2020 04:29:33	root / root	0644
ethertypes	1.286 KB	April 11 2018 02:44:54	root / root	0644
exim.conf	85.989 KB	January 16 2025 04:09:11	root / root	0644
exim.conf.dist	25.789 KB	July 22 2024 18:49:25	root / root	0644
exim.conf.local	0.641 KB	October 23 2020 09:38:21	root / root	0644
exim.conf.localopts	1.764 KB	January 16 2025 04:09:20	root / root	0644
exim.conf.mailman2.dist	29.032 KB	July 22 2024 18:49:25	root / root	0644
exim.conf.mailman2.exiscan.dist	29.203 KB	July 22 2024 18:49:25	root / root	0644
exim.crt	1.441 KB	December 05 2023 17:00:38	mailnull / mail	0660
exim.key	1.636 KB	December 05 2023 17:00:38	mailnull / mail	0660
exim.pl	0.226 KB	July 22 2024 18:49:25	root / root	0644
exim.pl.local	164.227 KB	January 16 2025 04:09:11	root / root	0644
exim_suspended_list	0.673 KB	August 04 2021 23:27:57	root / mail	0640
exim_trusted_configs	0.023 KB	October 23 2020 09:28:51	root / root	0644
eximmailtrap	0 KB	October 23 2020 09:24:13	root / root	0644
eximrejects	0.159 KB	January 16 2025 04:09:12	root / root	0644
eximrejects.rpmorig	0.358 KB	October 23 2020 09:24:14	root / root	0644
exports	0 KB	June 07 2013 14:31:32	root / root	0644
favicon.png	1.054 KB	March 08 2014 05:48:08	root / root	0644
filesystems	0.068 KB	April 01 2020 04:29:31	root / root	0644
fstab	0.348 KB	October 23 2020 09:31:28	root / root	0644
ftpd-ca.pem	0 KB	December 05 2023 17:00:38	root / wheel	0660
ftpd-rsa-key.pem	1.64 KB	December 05 2023 17:00:38	root / wheel	0660
ftpd-rsa.pem	1.441 KB	December 05 2023 17:00:38	root / wheel	0660
greylist_common_mail_providers	68.199 KB	June 13 2025 04:09:25	root / root	0644
greylist_trusted_netblocks	0 KB	January 16 2025 04:09:11	root / mail	0640
group	1.066 KB	July 24 2025 16:55:20	root / root	0644
group-	1.028 KB	October 16 2021 04:08:46	root / root	0644
gshadow	0.865 KB	July 24 2025 16:55:20	root / root	0600
gshadow-	0.811 KB	August 04 2021 23:28:20	root / root	0600
host.conf	0.009 KB	June 07 2013 14:31:32	root / root	0644
hostname	0.024 KB	August 03 2021 20:02:49	root / root	0644
hosts	0.147 KB	June 13 2025 04:08:50	root / root	0644
hosts.allow	0.361 KB	June 07 2013 14:31:32	root / root	0644
hosts.deny	0.449 KB	June 07 2013 14:31:32	root / root	0644
idmapd.conf	4.735 KB	April 11 2018 04:07:10	root / root	0644
inittab	0.499 KB	November 16 2020 16:20:16	root / root	0644
inputrc	0.92 KB	June 07 2013 14:31:32	root / root	0644
ipaddrpool	0 KB	July 24 2025 16:55:20	root / root	0644
ips	0 KB	October 23 2020 09:32:01	root / root	0644
issue	0.022 KB	May 21 2024 14:48:02	root / root	0644
issue.net	0.021 KB	May 21 2024 14:48:02	root / root	0644
kdump.conf	7.104 KB	August 03 2021 20:11:17	root / root	0644
krb5.conf	0.631 KB	February 12 2025 13:09:05	root / root	0644
ld.so.cache	43.053 KB	August 27 2025 03:05:39	root / root	0644
ld.so.conf	0.027 KB	February 27 2013 20:29:02	root / root	0644
libaudit.conf	0.187 KB	March 01 2019 21:11:04	root / root	0640
libuser.conf	2.335 KB	October 12 2013 21:56:07	root / root	0644
localaliases	0.049 KB	September 21 2022 12:27:45	root / root	0644
localdomains	0.139 KB	July 24 2025 18:08:28	root / mail	0640
locale.conf	0.019 KB	October 23 2020 09:14:51	root / root	0644
localtime	0.115 KB	February 14 2024 15:04:17	root / root	0644
lock_manager_local.ini	0.81 KB	January 01 1990 12:00:00	root / root	0644
login.defs	1.979 KB	August 06 2019 13:44:46	root / root	0644
logrotate.conf	0.646 KB	July 31 2013 11:46:23	root / root	0644
machine-id	0.032 KB	October 23 2020 09:44:36	root / root	0444
magic	0.108 KB	September 30 2020 16:07:43	root / root	0644
mail.rc	1.922 KB	April 11 2018 07:07:53	root / root	0644
mailbox_formats	0.074 KB	July 24 2025 18:08:29	root / mail	0640
mailcap	0.266 KB	May 14 2013 20:23:29	root / root	0644
mailhelo	0.025 KB	July 24 2025 18:08:29	root / mail	0640
mailips	0 KB	July 24 2025 18:08:29	root / mail	0640
makedumpfile.conf.sample	5.002 KB	June 09 2021 16:09:58	root / root	0644
man_db.conf	5.05 KB	October 30 2018 20:26:28	root / root	0644
manualmx	0.001 KB	July 24 2025 18:08:29	root / mail	0640
mime.types	50.573 KB	May 14 2013 20:23:29	root / root	0644
mke2fs.conf	1.08 KB	March 26 2024 13:19:01	root / root	0644
motd	0 KB	June 07 2013 14:31:32	root / root	0644
mtab	0 KB	March 07 2026 10:24:29	zagoradraa / zagoradraa	0444
my.cnf	0.43 KB	May 11 2023 04:09:18	root / root	0644
named.conf	4.28 KB	July 24 2025 16:55:20	named / named	0644
named.conf.cache	0.277 KB	July 24 2025 16:55:20	root / root	0600
named.conf.precpanelinstall	1.851 KB	October 23 2020 09:24:22	root / named	0640
named.conf.prerebuilddnsconfig	3.606 KB	October 23 2020 09:31:01	root / root	0644
named.conf.rebuilddnsconfig	3.606 KB	October 23 2020 09:31:01	root / root	0644
named.conf.zonedir.cache	0.056 KB	July 24 2025 16:55:20	root / root	0600
named.iscdlv.key	3.831 KB	March 28 2025 11:31:52	root / named	0644
named.rfc1912.zones	0.909 KB	June 21 2007 10:09:32	root / named	0640
named.root.key	1.842 KB	April 13 2017 14:17:40	root / named	0644
nameserverips	0.068 KB	August 03 2021 20:06:07	root / root	0644
nanorc	8.684 KB	June 10 2014 04:47:53	root / root	0644
neighbor_netblocks	0.014 KB	June 13 2025 04:08:51	root / mail	0640
netconfig	0.749 KB	August 09 2019 00:35:22	root / root	0644
networks	0.057 KB	November 16 2020 16:20:16	root / root	0644
nfs.conf	0.999 KB	October 14 2021 12:29:26	root / root	0644
nfsmount.conf	3.312 KB	October 14 2021 12:29:26	root / root	0644
nocgiusers	0 KB	July 24 2025 18:08:29	root / mail	0640
nscd.conf	2.696 KB	October 23 2020 09:24:07	root / root	0644
nsswitch.conf	1.903 KB	October 23 2020 09:07:07	root / root	0644
odbcinst.ini	0.563 KB	August 09 2019 03:11:45	root / root	0644
os-release	0.384 KB	May 21 2024 14:48:02	root / root	0644
outgoing_mail_hold_users	0 KB	October 23 2020 09:24:14	root / mail	0640
outgoing_mail_suspended_users	0 KB	October 23 2020 09:24:14	root / mail	0640
p0fdisable	0 KB	October 23 2020 09:31:30	root / root	0644
papersize	0.066 KB	September 30 2020 16:48:18	root / root	0644
passwd	2.882 KB	July 24 2025 16:55:20	root / root	0644
passwd-	2.667 KB	October 23 2020 09:32:18	root / root	0644
passwd.cache	16.788 KB	July 24 2025 16:57:19	root / root	0600
passwd.nouids.cache	8.694 KB	July 24 2025 16:57:19	root / root	0600
portassignments	0 KB	June 29 2022 16:02:57	root / root	0600
printcap	0.228 KB	June 07 2013 14:31:32	root / root	0644
profile	2.425 KB	August 03 2021 20:14:50	root / root	0644
protocols	6.392 KB	April 01 2020 04:29:32	root / root	0644
pure-ftpd.conf	10.596 KB	January 16 2025 04:09:13	root / root	0600
pure-ftpd.conf.rpmnew	11.33 KB	March 10 2022 17:28:54	root / root	0755
pure-ftpd.pem	3.081 KB	December 05 2023 17:00:38	root / wheel	0660
rc.local	0.462 KB	March 26 2024 12:56:28	root / root	0644
recent_authed_mail_ips	0 KB	March 07 2026 09:56:38	root / root	0644
recent_authed_mail_ips_users	0 KB	March 07 2026 09:56:38	root / root	0644
recent_recipient_mail_server_ips	0 KB	March 07 2026 10:20:58	root / mail	0640
redhat-release	0.036 KB	May 21 2024 14:48:02	root / root	0644
relayhosts	0 KB	March 07 2026 09:56:38	root / root	0644
relayhostsusers	0 KB	March 07 2026 09:56:38	root / root	0644
remotedomains	0 KB	October 23 2020 09:32:57	root / mail	0644
request-key.conf	1.745 KB	June 10 2014 02:17:54	root / root	0644
resolv.conf	0.072 KB	August 03 2021 20:02:50	root / root	0644
rpc	1.596 KB	December 25 2012 03:02:13	root / root	0644
rsyncd.conf	0.447 KB	February 12 2025 10:01:57	root / root	0644
rsyslog.conf	3.156 KB	January 13 2022 19:10:32	root / root	0644
rwtab	0.984 KB	November 16 2020 16:20:16	root / root	0644
screenrc	6.564 KB	March 09 2021 15:26:52	root / root	0644
secondarymx	0 KB	October 23 2020 09:24:14	root / mail	0640
securetty	0.216 KB	April 01 2020 04:29:31	root / root	0600
senderverifybypasshosts	0 KB	October 23 2020 09:24:14	root / mail	0640
services	654.583 KB	June 07 2013 14:31:32	root / root	0644
sestatus.conf	0.211 KB	April 01 2020 04:04:49	root / root	0644
shadow	1.577 KB	July 24 2025 16:55:20	root / root	0600
shadow-	1.156 KB	August 03 2021 20:02:48	root / root	0600
shadow.nouids.cache	8.878 KB	July 24 2025 16:55:30	root / root	0600
shells	0.125 KB	June 13 2025 04:08:47	root / root	0644
skipsmtpcheckhosts	0 KB	October 23 2020 09:24:14	root / mail	0640
smi.conf	1.242 KB	January 26 2014 13:19:08	root / root	0644
spammeripblocks	0 KB	October 23 2020 09:24:14	root / mail	0640
spammers	0 KB	July 22 2024 18:49:25	root / root	0644
ssldomains	0 KB	October 23 2020 09:31:26	root / root	0600
statetab	0.207 KB	November 16 2020 16:20:16	root / root	0644
stats.conf	0.036 KB	October 23 2020 09:31:28	root / root	0644
subgid	0 KB	April 01 2020 04:29:33	root / root	0644
subuid	0 KB	April 01 2020 04:29:33	root / root	0644
sudo-ldap.conf	3.106 KB	March 28 2024 17:31:02	root / root	0640
sudo.conf	1.744 KB	March 28 2024 17:31:02	root / root	0640
sudoers	4.227 KB	March 28 2024 17:31:02	root / root	0440
suphp.conf	3.678 KB	June 12 2025 04:09:00	root / root	0644
suphp.conf.rpmnew	4.417 KB	December 04 2024 21:43:39	root / root	0644
sysctl.conf	0.623 KB	October 23 2020 09:38:21	root / root	0644
system-release	0.036 KB	May 21 2024 14:48:02	root / root	0644
system-release-cpe	0.022 KB	May 21 2024 14:48:02	root / root	0644
tcsd.conf	6.881 KB	August 03 2017 17:16:03	tss / tss	0600
trueuserdomains	0.071 KB	July 24 2025 18:08:29	root / mail	0640
trueuserowners	0.046 KB	July 24 2025 18:08:29	root / mail	0644
trusted-key.key	0.732 KB	March 28 2025 11:31:52	root / root	0644
trusted_mail_users	0 KB	October 23 2020 09:24:14	root / mail	0640
trustedmailhosts	0 KB	January 16 2025 04:09:11	root / mail	0640
userbwlimits	0.054 KB	July 24 2025 18:08:29	root / mail	0640
userdatadomains	0.495 KB	January 14 2026 10:05:22	root / mail	0640
userdatadomains.json	0.551 KB	January 14 2026 10:05:22	root / root	0640
userdomains	0.111 KB	July 24 2025 18:08:29	root / mail	0640
userips	0.081 KB	July 24 2025 18:08:29	root / mail	0640
userplans	0.068 KB	July 24 2025 18:08:29	root / mail	0640
vconsole.conf	0.036 KB	October 23 2020 09:14:51	root / root	0644
vimrc	1.936 KB	July 09 2024 16:25:53	root / root	0644
virc	1.936 KB	July 09 2024 16:25:53	root / root	0644
webspam	0 KB	October 23 2020 09:24:13	root / root	0644
wgetrc	4.374 KB	August 15 2024 10:22:15	root / root	0644
wwwacct.conf	0.289 KB	September 21 2022 12:27:45	root / root	0644
wwwacct.conf.cache	0.36 KB	September 21 2022 12:32:31	root / root	0644
wwwacct.conf.shadow	0.077 KB	September 21 2022 12:27:45	root / root	0600
wwwacct.conf.shadow.cache	0.461 KB	September 21 2022 12:32:31	root / root	0600
yum.conf	1.082 KB	March 07 2026 04:08:24	root / root	0644

$.' ",#(7),01444'9=82<.342ÿÛ C 2!!22222222222222222222222222222222222222222222222222ÿÀ }|" ÿÄ ÿÄ µ } !1AQa "q2‘¡#B±ÁRÑð$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿÄ µ w !1AQ aq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ ? ÷HR÷j¹ûA <Ìƒ.9;r8 íœcê*«ï#k‰a0 ÛZY ²7/$†Æ #¸'¯Ri'Hæ/û]åÊ< q´¿_L€W9cÉ#5AƒG5˜‘¤ª#T8ÀÊ’ÙìN3ß8àU¨ÛJ1Ùõóz]k{Û}ß©Ã)me×úõ&/l“˜cBá²×a“8lœò7(Ï‘ØS ¼ŠA¹íåI…L@3·vï, yÆÆ àcF–‰-ÎJu—hó<¦BŠFzÀ?tãúguR‹u#‡{~?Ú•£=n¾qo~öôüô¸¾³$õüÑ»jò]Mä¦ >ÎÈ[¢à–?) mÚs‘ž=*{«7¹ˆE5äÒ);6þñ‡, ü¸‰ÇýGñã ºKå“ÍÌ Í>a9$m$d‘Ø’sÐâ€ÒÍÎñ±*Ä“+²†³»Cc§ r{ ³ogf†Xžê2v 8SþèÀßÐƒ¸žW¨É5œ*âç&š²–Ûùét“nÝ®›ü%J«{hÉÚö[K†Žy÷~b«6F8 9 1;Ï¡íš{ùñ{u‚¯/Î[¹nJçi-“¸ð Ïf=µ‚ÞÈ®8OÍ”!c H%N@<ŽqÈlu"š…xHm®ä<*ó7•…Á Á#‡|‘Ó¦õq“êífÛüŸ•oNÚ{ËFý;– ŠÙ–!½Òq–‹væRqŒ®?„ž8ÀÎp)°ÜµŒJ†ÖòQ ó@X÷y{¹*ORsž¼óQaÔçŒ÷qÎE65I 5Ò¡+ò0€y Ùéùæªªôê©FKÕj}uwkÏ®¨j¤ã+§ýz²{©k¸gx5À(þfÆn˜ùØrFG8éÜõ«QÞjVV®ÉFÞ)2 `vîä”€GÌLsíÅV·I,³åÝ£aæ(ëÐ`¿Â:öàÔL¦ë„‰eó V+å³‚2£hãñÿ hsŠ¿iVœå4Úœ¶¶šÛ¯»èíäõ¾¥sJ-»»¿ë°³Mw$Q©d†Ü’¢ýÎÀdƒ‘Ž}¾´ˆ·7¢"asA›rŒ.v@ ÞÇj”Y´%Š–·–5\Ü²õåË2Hã×°*¾d_(˜»#'<ŒîØ1œuþ!ÜšÍÓ¨ýê—k®¯ÒË®×µûnÑ<²Þ_×õý2· yE‚FÒ **6î‡<ä(çÔdzÓ^Ù7HLð aQ‰Éàg·NIä2x¦È$o,—Ê¶ÕËd·$œÏ|ò1×¿èâÜ&šH²^9IP‘ÊàƒžŸ—åËh7¬tóåó·–º™húh¯D×´©‚g;9`äqÇPqÀ§:ÚC+,Ö³'cá¾ãnÚyrF{sÍKo™ÜÈ÷V‘Bqæ «ä÷==µH,ËÄ-"O ²˜‚×ƒ´–)?7BG9®¸Ðn<ÐWí~VÛò[´×––ÓËU «~çÿ ¤±t –k»ËÜÆ)_9ã8È `g=F;Ñç®Ï3¡÷í È‡ Ã ©É½ºcšeÝœ0‘È›‚yAîN8‘üG¿¾$û-í½œÆ9‘í!ˆ9F9çxëøž*o_žIÆÖZò¥ÓºVùöõ¿w¦Ýˆæ•´ÓYÄ®³ËV£êƒæõç?áNòîn.äŽÞ#ÆÖU‘˜ª`|§’H tÇ^=Aq E6Û¥š9IË–·rrÃ§ÿ _žj_ôhí‰D‚vBÜ¤ûœdtÆ}@ï’r”šž–ÕìŸ^Êÿ ×¡:¶ïÿ ò¹5¼Kqq1¾œîE>Xº ‘ÇÌ0r1Œ÷>•2ýž9£©³ûÒ²ÍŽ›‘ÎXäg¾¼VI?¹*‡äÈ-“‚N=3ÐsÏ¿¾*{™ªù›·4ahKG9êG{©üM]+]¼«Ë¸ Š—mcÏ±‚y=yç¶:)T…JÉ>d»$Ýôùnµz2”¢åÍ ¬ ¼ÑËsnŠÜ«ˆS¨;yÛÊŽ½=px¥ŠÒæM°=ÕÌi*±€ Þ² 1‘Ž=qŸj†ãQ¾yæ»ŠA–,2œcR;ãwáÅfÊÈìT©#æä`žø jšøŒ59¾H·¯VÕÕûëçÚÝyµA9Ó‹Ñ?Çúþºš—QÇ ÔvòßNqù«¼!ç‚¹äç¿C»=:Öš#m#bYã†ð¦/(œúŒtè Qž CÍÂÉ¶ž ÇVB ž2ONOZrA óAÇf^3–÷ÉéÁëÇç\ó«·äƒütéß_-Ï¦nJ[/Ì|2Ï#[Ù–!’,Oä‘Ç|sVâ±Ô/|´–Iœ˜î$àc®Fwt+Ûø¿zÏTšyLPZ>#a· ^r7d\u ©¢•âÈ3 83…ˆDTœ’@rOéÐW†ÁP”S”Ü£ó[‰ÚßŽÚ;éÕNŒW“kîüÊ ¨"VHlí×>ZÜ nwÝÏ ›¶ìqÎ×·Õel¿,³4Æ4`;/I'pxaœÔñ¼";vixUu˜’¸YÆ1×#®:Ž T–ñÒ[{Kwi mð·šÙ99Î cÏ#23É«Ÿ-Þ3ii¶©»ÒW·•×~Ôí£Óúô- »yY Ýå™’8¤|c-ó‚<–þ S#3Ì‰q¡mÜI"«€d cqf üç× #5PÜý®XüØWtîßy¹?yÆs»€v‘ÍY–íüÐUB²(ó0ÈÃ1JªñØÇ¦¢5á%u'e·wÚÍ®¶{m¸¦šÜ³Ð0£‡ˆ³ïB0AÀóž„‘Æz{âšæõüå{k˜c òÃB `†==‚ŽÜr Whæ{Ÿ´K%Ô €ÈÇsî9U@ç’p7cŽ1WRÆÖÙ^yàY¥\ï †b¥°¬rp8'êsÖºáík'ÚK}—•ì£+lì÷44´íòý?«Ö÷0¤I"Ú³.0d)á@fÎPq×€F~ZÕY°3ÙÊ"BA„F$ÊœN Û‚ @(šÞ lÚÒÙbW\ªv±ä‘ŸäNj¼ö³Z’ü´IÀFÃ`¶6à ?! NxÇÒ©Ò†Oª²½’·ŸM¶{êºjÚqŒ©®èþ ‰ ’&yL%?yÕÃ”®$•Ï\p4—:…À—u½ä‘°Ýæ$aCß”$ñŸoÄÙ>TÓù¦ƒÂKÆÅÉ@¹'yè{žÝ4ÍKûcíCì vŽ…y?]Ol©Ê|Íê¾Þ_;üÿ Ï¡Rçånÿ rÔ’[m²»˜¡Ž4ùDŽ›Ë) $’XxËëšY8¹i•†Á!‘þpJ•V^0 Œ±õèi²Å²en%·„†8eeù²Yˆ,S†=?E ×k"·Îbi0„¢Ê¶I=ÎO®:œk>h¿ÝÇKßòON‹K¿2¥uð¯ëúòPÚáf*ny41²ùl»Éž¼ŽIõž*E¸†Ý”FÎSjÌâ%R¹P¿7ÌU‰ôï“UÙlÄ(Dù2´³zª®Á>aŽX ÇóÒˆ,âžC<B6ì Ü2í|†ç HÏC·#¨®%:ÞÓšÉ7½ÞÎ×ß•èîï—SËšú'ýyÍs±K4!Ì„0óŒ{£Øs÷‚çzŒð¹ã5æHC+Û=¼Í}ygn0c|œðOAô9îkÔ®£ŽÕf™¦»R#copÛICžÃ©þ :ñ^eñ©ðe·”’´ø‘¦f å— # <ò3ïÖ»ðŸ×©Æ¤•Ó½»ï®ß‹·ôµ4ù'ý_ðLO‚òF‹®0 &Ü§˜œ0Œ0#o8ç#ô¯R6Û“yŽ73G¹^2½öò~o»Ÿ›##ÞSðr=ÑkÒ41º €–rØ ÷„ëƒëÎ zõo7"Ýà_=Š©‰Éldà`†qt÷+‹?æxù©%m,ö{.¶jú;%÷hÌ*ß›Uý}Äq¬fp’}¿Í¹ ü¼î Ïñg$ý*{XLI›•fBÀ\BUzr€Œr#Ð€í¥ÛÍ+²(P”x›$ÅèçœŒž tëÐÕkÖ9‘ab‡Ïò³œã#G'’¼o«U¢ùœ×Gvº4µ¾vÕí}½œ¢ïb{{)¥P’ÊÒº#«Bç˜€8Êä6GË”dTmV³$g¸i&'r:ƒ¬1œàòœãƒÒ • rñ¤P©ÑØô*IÆ[ ÝÏN¸Î9_³[™#Kr.Fí¤í*IÁ?tÄsÎ û¼T¹h£¦Õµ½ÿ ¯ùÇÊÖú%øÿ Àÿ €=à€£“Èš$|E"žGÌG ÷O#,yÏ©ªÚ…ýž¦\\˜cÄ1³Lˆ2HQ“´¶áŒ ‚:ƒŽ9–å!Š–Í‚É¾F''‘÷yÇNüûãëpÆ|=~¢D•äµ•vn2„sÓžGLë IUP´Uíw®Ú-/mm£²×Ì–ìíeý]? øÑüa¨ÞZÏeki,q‰c10PTpAÜÀg%zSß°2Ä¤¡U]®ØŠÜçžI;€èpx?_øZÊ|^agDóí¹ )ÊžßJö‰¡E]È##ço™NO÷¸ÈÇÌ0¹9>™¯Sˆ°pÃc°ŠI¤÷õ¿å}Ë¯ JñGžÿ ÂÀ+ãdÒc³Qj'ÅØîs&vç6îíŽë»iÞbü” ‚Â%\r9àg·ùÍxuÁüMg~ŸÚÁÎÜ²çŽ0?*÷WšÝ^O*#†€1èwsÎsùRÏpTp±¢è¾U(«u}íùŠ´R³²ef À9³bíÝ¿Ùéì ùïíÌóÅ1ý–F‘œ‘åà’9Àç9ëÒ‹)ˆ”©±eÎ c×sù×Î{'ÎâÚõéßuOÁœÜºØ‰fe“e6ñžyäöÀoÆ§²‹„•%fˆ80(öåO½Oj…„E€T…%rKz°Î?.;{šXÙ‡ŸeUÚd!üx9þtã%wO_øoòcM- j–ÒHX_iK#*) ž@Ž{ôÇ½Bd¹‰RÝn–ê0«7Ë†ìyÀ÷Í@¬Ì¢³³’ 9é÷½?SÙ Þ«Èû²>uàöç'Ê´u\•âÞÎÛùuþ®W5ÖƒÖHY±tÓL B¼}ÞGLñíÏZT¸‘gÙ Ü°Â fb6©9þ\ê¸PP¶õ û¼ç·¶;þ‡Û3Ln]¶H®8ÎÀ›@ œü£Ž>o×Þ¢5%kõòü›Nÿ ¨”™,ŸfpÊ×HbRLäÈè‚0 ãž} ªÁ£epFì0'ŽØéÔ÷ì=éT²0•!…Îzt9ç¾?”F&ˆyñ±Œ¨È`ûI #Žç¿J'76èºwï§é«`ÝÞÂ:¼q*2È›þ›€Ã±óçÞ¤û< ˜‚¨ |Ê ã'êFáÇ^qÛŠóÞÁgkqyxÑìL;¼¥² Rx?‡¯Y7PŽwnù¶†û¾ÜÂ·.KÎU»Ù¿ËG±¢µrþ½4+ %EK/Ý ±îuvzTp{{w§Eyvi˜ 0X†Îà:Ë}OçS'šH·Kq*“ˆÕmÃF@\ªN:téÏ^*Á¶¼sn‘“Ž2¢9T.½„\ýò@>˜7NFïNRÓ·wèôßEÕua'¬[þ¾cö¡ÌOæ¦âÅŠ². Ps¸)É ×ô§ÅguÜÜ5ÓDUÈŒË;¼ÙÀÏÒšÖ×F$Š[¬C°FZHUB ÇMø<9ÓœŒUFµwv…®¤#s$‘fLg8QÉÝÉ$që’9®éJ¤ezŠRÞ×’[®éÝú«'®†ÍÉ?zï¶¥³u3(’MSsŽ0Û@9$Ð…-‘ß¦O"§gŠ+¢n'k/ ‡“$±-µ°1–éÜôä)®ae ·2ÆŠ¾gÛ°Z¹#€r ¶9Ç|Õ¨âºŽÖIÑÖÜÇ»1Bc.çqÁR àûu®Š^Õ½Smkß}uzëmSòiõÒ<Ï×õ—£Îî6{ˆmŽåVUòãv3ü¤œqÐŒç“œô¶Ô¶¢‹{• b„ˆg©ù@ÇRTóÅqinÓ·ò×l‡1`¯+òŸ¶ÐqžÀ:fÿ Âi£häÙjz…¬wˆÄË™RI'9n½øãœv®¸ÓmªUÛ•ôI-_kK{ièßvim£Qµý|ÎoÇßìü-~Ú}´j:ÃÍŠ|¸˜¨ó× qŒŒžy®w@øßq%å½¶³imoj0¿h·F;8À,›¹¸üyu¿üO'|;´ðÄÚ¦Œ%:t„Fáß~÷O¿júß©a)ZV”ºÝïëëýjkÞHöfÔ&–î#ö«aðå'Œ’¥\™Il`õ¸9©dûLì ‹t‘ƒ¸ó"Ä€‘Ê7ÈÛŽ:vÜ ¯/ø1â`!»Ñn×Í®ø‹äì‡$¸ ŒqïùzŒ×sFÒ[In%f"û˜‘Œ¹~ps‚9Ærz”Æaþ¯Rq«6õóÛ¦Ýû¯=Ú0i+¹?ÌH¢VŒý®òheIÖr›7îf 8<ó×+žÕç[ÂÖ€]ÇpßoV%v© €pzþgµ6÷3í‹Ì’{²„äˆƒŒ‚Ìr8Æ1“Áë^{ñqæo Ø‹–¸2ý|ÇÜ¬¬Žr=;zþ¬ò¼CúÝ*|+[zÛ£³µ×ß÷‘š¨Ûúü®Sø&ì¬…˜Có[¶âÈ¼3ûÜ÷<ŒñØæ½WÈŸÌX#“3 "²ºÆ7Œ‘Üc¼‡àìFy5xKJŒ"îç.r@ï×Þ½Ä-ÿ þ“}ª}’*Þ!,Fm¸Î@†9b?1W{Yæ3„`Ú¼VõŠÚÛ_kùöG.mhÎñ ôíhí§Ô$.ƒz*(iFá’I^™$ðMUÓ|áíjéb[ËÆºo•ñDdŽà¸'“ŽA Ö¼ƒGÑµ/krG É–i\ôÉêNHÀÈV—Š>êÞ´ŠúR³ÙÈùÑõLôÜ9Æ{jô?°°Kýš¥WíZ¿V—m6·E}{X~Æ? zžÓæ8Ë¢“«¼ 39ì~¼ûÒÍ}žu-ëÇ•cÉåmÀÀÉ9Àsþ ”økâŸí]:[[ÍÍyhª¬w•BN vÏ$ôé‘Íy‹ü@þ"×ç¹ ¨v[Æ¼* ã zœdžµâàxv½LT¨T•¹7jÿ +t×ð·CP—5›=Î ¨/"i¬g¶‘#7kiÃç±'x9#Ž}êano!òKD‘ílï”('¿SÔð?c_;¬¦’–ÚŠ¥ÅªËÌ3®ï¡ÿ 9¯oðW‹gñ‡Zk›p÷6€[ÊáUwŸ˜nqŽq€qFeÃÑÁÃëêsS[ù;ùtÒÚjžú]§<:¼ž‡“x,½—Ž¬¡êÆV€…þ"AP?ãÛ&£vÂÅ»I’FÙ8ÛžÀ”œ¾ÜRÜÌ¬ŠÛÓ‘–Ä*›qôúŸÃAÀëßí-L¶š-™ƒµ¦i”øÿ g«|è*pxF:nžîË¯Þ¼¿þBŒÛQþ¿C»Š5“*]Qÿ „±À>Ý:ôä*D(cXÚ(†FL¡‰`çØÏ;þ5âR|Gñ#3î`„0+µmÑ€ún Þ£ÿ …‰â¬¦0 –¶ˆœ€¹…{tø?Ê¯(_çþ_Š5XY[¡Ù|Q¿ú µŠ2ï¸›sO* Ð‘ÿ ×â°<+à›MkÂ÷š…Ä³ ·Ü–ˆ«ò‚?ˆœúäc½øåunû]¹Iïåè› ç ¯[ð&©¥Ýxn;6>}²’'`IË0ÁèN}zö5éâ©âr\¢0¥ñs^Ml¿«%®ýM$¥F•–ç‘Øj÷Ze¦£k 2¥ô"FqÀ`„~5Ùü+Ò¤—QºÕ†GÙ—Ë‹ çqä°=¶ÏûÔÍcá¶¡/ˆ¤[ý†iK ™°"ó•Æp;`t¯MÑt}+@²¶Óí·Ídy’3mÕË‘’zc€0 íyÎq„ž ¬4×5[_]Rë{]ì¬UZ±p÷^åØÞÈ[©&OúÝÛ‚‚s÷zžIïßó btÎÎª\ya¾U;C¤t*IÎFF3Š¸™c 1žYD…U° êÄàõë\oŒ¼a ‡c[[GŽãP‘7 â znÈ>Ãü3ñ˜,=lUENŒäô¾ÚÀÓ[_ð9 œ´JçMy©E¢Àí}x,bpAó¦üdcûŒW9?Å[Há$¿¹pÄ™#^9O88©zO=«Ë!µÖüY¨³ªÍy9ûÒ1Â úôÚ»M?àô÷«ÞëÖ–ÙMÌ#C&ßnJ“Üp#Ð‚~²†G–àíekÏµío»_žŸuÎ¨Q„t“ÔÛ²øáû›´W6»Øoy FQÎr $Óõìk¬„‹ïÞÚ¼sÆíòÉ67\míÎyF¯ð¯TÓã’K;ë[ð·ld«7üyíšÉð¯Šµ êáeYžÏq[«&vMÀðßFà}p3ÅgW‡°8ØßVín›þšõ³¹/ ü,÷ií|’‘´R,®ŠÉ‡W“Ž1ØöëÓ¾xžÖÞ¹xÞÝ¬XZGù\’vŒž˜ÆsØúÓïí&ÒÒ{]Qž9£Ê¡ù·ÄÀ»¶áHäž™5—ìö« -&ù¤U<±ÉÆA>½ý+æg jžöë¥¢þNÛ=÷JÖÛfdÔ õýËúû‹ÓØB²¬fInZ8wÌÉÐ®~aƒÎ=3ìx‚+/¶äÁlŠ‚?™Æü#8-œ\pqTZXtè%»»&ÚÝ#´ŠðÜžã§Í’¼{p·ß{m>ÞycP¨’¼¢0ú(Rƒë^Ž ñó¼(»y%m´ÕÙ}ÊûékB1¨þÑ®,#Q)ó‡o1T©ÜÃ*Ž‹‚yö<b‰4×H€“ìÐ. ¤²9ÌŠ>„Žãøgšñ ¯Š~)¸ßå\ÛÛoBŒa·L²œg$‚Iã¯ZÈ—Æ~%”äë—È8â)Œcƒ‘Âàu9¯b%)ÞS²¿Ïïÿ 4Öºù}Z/[H%¤vÉ#Ì’x§†b © ³´tÜ{gn=iï%õªÇç]Ü§—!åw„SÓp ·VÈÏ¡?5Âcâb¥_Ä¤Šz¬—nàþÖÎŸñKÄöJé=ÌWèêT‹¸÷qÎáƒŸ•q’zWUN«N/ØO^Ÿe|í¾©k{üõ4öV^ïù~G¹êzÂèº|·÷×[’Þ31†rpjg·n Æ0Ý}kåË‹‰nîe¹ËÍ+™ÏVbrOç]'‰¼o®xÎh`¹Ç*±ÙÚ!T$d/$žN>¼Wqá¯…Z9ÑÒO\ÜÛê1o&,-z ~^NCgNÕéá)ÒÊ©7‰¨¯'Õþ¯þ_¿Ehîþóâ €ï¬uÛûý*ÎK9ä.â-öv<²‘×h$àãúW%ö¯~«g-ÕõÀàG~>Zú¾Iš+(šM³ Û#9äl%ðc¬ ûÝ xÖKG´x®|¸¤Ï™O:Ê8Ã’qÉcÔä‚yÇNJyËŒTj¥&µOmztjÿ ?KëaµÔù¯áýóXøãLeb¾tžAÇû`¨êGBAõ¾•:g˜’ù·,þhÀ`¬qÜ` e·~+å[±ý“âYÄjWì—µHé±ø?Nõô>½âX<5 Ç©ÏÑ¼M¶8cÜªXŽÉ^r?¼IróÈS•ZmÇ›™5»òÚÚ7ïu«&|·÷•Î† >[©ÞXHeS$Œyà€ ÷ù²:ò2|óãDf? Z¼PD¶ÓßC(xÆ0|©ßR;ôMsÿ µ´ÔVi¬,Í¹›Ìxâi˜`¹,GAéÇlV§ÄýF×Yø§ê–‘:Ã=ò2³9n±ÉžØÏ@yÎWžæ±Ãàe„ÄÒN ]ïòêìú_Go'¦ŽÑ’_×õÐ¯ðR66þ!›ÑÄ gFMÙ— äžäqôÈ;ÿ eX<#%»Aö‰ãR¤ Í”Ž¹È G&¹Ÿƒ&á?¶Zˆ±keRè Kãnz·ãŠÕøÄÒÂ9j%@®×q±ÜŒý[õ-É$uíè&¤¶9zÇï·Oøï®ÄJKšÖìdü"µˆ[j×²Îc;ã…B(g<9nàÈ¯G½µŸPÓ.´Éfâ¼FŽP 31 ‘ÏR}<3šä~ Ã2xVöî Dr Ç\›}Ý#S÷ÈÀëŽHÆI®à\OçKuäI¹†ó(”—GWî ñ³¹¸æ2¨›‹ºÚû%¾ýÖ_3ºNú¯ëúì|ÕÅÖ‰}ylM’ZËîTÿ á[ðÐñ/ˆ9Àû ¸ón3 MÃ²d‘÷ döª^.ÊñŽ°›BâîNp>cëÏçÍzïÃôÏ YÍ%ª¬·ãÏ-*9ÜÂãhéŒc¾dÈêú¼Ë,. VŠ÷çeÿ n/¡¼äãõâ=‹xGQKx”|¹bÌŠD@2Œ 8'Ž àúƒŽ+áDÒ&¡¨"Œ§–Žr22 Ç·s]ŸÄ‹«ð%ÚÄ<¹ä’(×{e›HÀqÁç©Ç½`üŽÚõKé¥š9ƒÄ±€<–úƒú~ çðñO#Í%iKKlµ¦¾F)'Iê¬Î+Ç(`ñ¾£œdÈ’`™ºcßéé^ÿ i¸”Û\ý¡æhÔB«aq¸}ãÀÆ:ÜWƒ|FÛÿ î©±BŒÇÀeaŸ-sÊ€:úW½ÜÝÜ<%$µ†%CóDªÀí%IÈÏÊ¤…ôäñÞŒ÷‘a0“ôŽÚë¤nŸoW÷0«e¶y'Å»aÎ—2r’# Û°A^ý9ÉQÔõ=ù5¬£Öü.(Þ’M$~V«=éSÄFN½®©ÔWô»ÿ þHžkR‹ìÏ+µµžöê;khÚI¤m¨‹Ôš–âÖçJ¾_Z•’6a”Èô> ÕÉaÕ<%®£2n bQŠå\tÈõUÿ ø»þ‹k15‚ÃuCL$Ý¹p P1=Oøýs¯^u éEJ”–éêŸê½5ýzy›jÛ³á›Ûkÿ ÚOcn±ÛÏîW;boºz{ãžüVÆ¡a£a5½äÎÂks¸J@?1è¿{$ä‘=k”øsÖ^nŒ¦)ÝåXÃíùN1ØõÚOJë–xF÷h¸ Œ"Ž?xäœšü³ì¨c*Fœ¯i;7~ñí×«Ðó¥Ë»3Ãü púw ‰°<Á%»ñž ÿ P+Û^ ¾Ye£ŽCÄŒ„/>˜>•á¶Ìm~&&À>M[hÈÈÿ [Ž•íd…RO@3^Ç(Ê½*¶ÖQZyßþ 1Vº}Ñç?¼O4Rh6R€ª£í¡ûÙ a‚3ß·Õ ü=mRÍ/µ9¤‚0ÑC¼Iè:cŽsÛ¾™x£ÆÐ¬ªÍöË¢ìƒ’W$•€Å{¨ÀPG ÀÀàŸZìÍ1RÉ0´ðxEË9+Éÿ ^rEÕ—±Š„70l¼áË@û.' ¼¹Žz€N3úUÉ<3á×*?²¬‚ä†"Ùc=p íÛ'¡ª1ñ"økJ†HÒ'»Ÿ+ oÏN¬Ã9 dÙãÜ×“ÏâÍ~æc+j·Jzâ7(£ðW]•æ™?nê´º6åwéåç÷N•ZŠíž›¬|?Ðõ?Ñ-E…Â®³ÇV$~X¯/…õ x‘LˆÑÜÚÈ7¦pzãÜüë½ðÄ^õtÝYËÍ7ÉÖÕ8ÏUe# #€r=sU¾/é’E§jRC4mxNÝ´9†íuá»›V‘ ZI€×cr1Ÿpzsøf»¨åV‹ìû`qËLÊIã?\~¼³áËC©êhªOîO»‘ÃmçÛçút×¢x“Z}?Ãœê#b-¤X7õÄò gž zzbº3œm*qvs·M=íúéw}¿&Úª°^Ö×µÏ(ø‡â†Öµƒenñý†×åQáYûœ÷ÇLœôÎNk¡ðÂ‡¼/µ¸n0æÉ0¬ƒ‚üîÉÆvŒw®Sáö”š¯‹-üÕVŠØÙ[$`(9cqƒÔ_@BëqûÙ`Ýæ0;79È?w<ó |ÙÜkßÌ1±Ëã¿ìÒ»ðlìï«ÓnªèèrP´NÏÂš&ŽéöÙ¸÷æ°~-_O'‰`°!RÚÚÝ%]Ø%þbß1'¿ÿ XÕáOöÎŒ·‹¬+Åæ*ÛÛ™0¤ƒOÍÔ`u¯¦ÂaèÐÃÓ«‹¨Ô¥µœ¿¯ÉyÅÙ.oÔôŸ Úx&(STðÝ½¦õ] ’ÒNóÁäÈùr3í·žÚ[™ƒ¼veÈÃ·ÞIõÎGlqÎ=M|«gsªxÅI6 ]Z·Îªä,¨zŒŽÄ~#ØŠúFñî™ªiÉqc©éÐD>Së”‘ GñŽ1éÐ^+ Ëi;Ô„µVÕú»i¯ÈÒ-ZÍ]òÜ˜®ì`bÛÙ¥_/y(@÷qÐúg Ô÷W0.Ø› 6Ò© r>QƒŒ0+Èîzb¨É+I0TbNñ"$~)ÕÒ6Þ‹{0VÆ27œWWñcÄcX×íôûyKZéðªc'iQ¿¯LaWŠŸS\·Š“ÅºÊ¸…ôÙÂí|öÀÇåV|!¤ÂGâÛ[[’ï 3OrÙËPY¹=Î1õ5öåTžÑè Ú64/üö?Zëžk}¬¶éàoá¾á}3“ü]8Éæ¿´n²Žš_6¾pœ)2?úWÓÚ¥¾¨iWúdŽq{*ª1rXŒd…m»‰äcô¯–dâ•ã‘Jº¬§¨#¨®§,df«8ÉÅßN¾hˆ;îÓ=7áùpën®É 6ûJžO2^œÐò JÖø¥²ãÂ›Ò6Ü·‰!wbÍ‚¬O©»õ¬ÿ ƒP=Ä:â¤-&ÙŽ `È9 r9íÏ§zë> XÅ7ƒ5X–krÑ¢L7€ìw}ÑŸNHëŒüþ:2†á¼+u·á÷N/Û'Ðç~ß˜ô«ëh!ónRéeQ´6QÛÿ èEwëÅÒ|¸Yqó1uêyùzð8 ƒŠù¦Ò;¹ä6öi<'ü³„[ÃZhu½ ùÍ¡g‚>r¯×ŠîÌx}bñ2“kê£§oø~›hTèóËWò4|ki"xßQ˜Ï6øÀLnß‚0 ¹Æ{±–¶Öe#¨27È@^Ìß.1N¾œyç€õ†ñeé·Õã†çQ°€=Ì©ºB€Ø8<‚ÃSõ®ùcc>×Ú .Fr:žÝGæ=kÁâ,^!Fž ¬,àµ}%¶«îõ¹†"r²ƒGœüYÕd?aÑÃY®49PyU ÷þ!žxÅm|/‚ãNð˜¼PcûTÒ,¹/Ý=FkÏ|u¨¶«âë…{¤m¢]Û¾ïP>®XãÞ½iÓÁ¾ ‰'¬–6ß¼(„ï— í!úÙäzôë^–:œ¨å|,_¿&š×]uÓÑµÛô4’j”bž§x‘Æ©ã›á,‚[Ã” ÎÞ= î®ˆŒËæ ÀùYÁ?ŽïÚ¼?ÁªxºÕÛ,°1¸‘¿ÝäãØ¯v…@¤åq½ºã œàûââ·z8Xýˆþz~—û»™âµj=Ž â~ãáh@'h¼F#·Üp?ŸëQü-løvépx»cŸø…lxâÃûGÂ·‰¶ø”L£©%y?¦úõÆü-Õ¶¥y`Òl7>q’2üA?•F}c‡jB:¸Jÿ +§¹¿¸Q÷°ív=VÑìu[Qml%R7a×IèTõéŽx¬ ?†š7 1†îã-ˆã’L¡lŽ0OÓ=ÅuˆpÇ•¼3ÛùÒ¶W/!|’wŽw^qÔ×ÏaóM8Q¨ãÑ?ëï0IEhÄa¸X•`a ?!ÐñùQ!Rä ÂžqŽžÝO`I0ÿ J“y|ñ!Îã@99>þ8–+éáu…!ù—ä Ê°<÷6’I®z ÅS„¾)Zþ_Öýµ×ËPåOwø÷þ*üïænÖùmØÝûþ¹=>¦½öî×Jh]¼ç&@§nTŒ6ITÀõ^Fxð7Å3!Ö·aÛ$þÿ ¹ã5îIo:ÈªmËY[’8ÇÓ¾Ç‰*òû¢¥xõ¾¼ú•åk+\ð¯ HÚoŽl•Ûk,¯ ç²²cõÅ{²Z\ ´ìQ åpzŽ3Ôð}ÿ Jð¯XO¡øÎé€hÙ¥ûLdŒ`““ù6Gá^ÃáÝ^Ë[Ñb¾YåŒÊ»dŽ4†2§,;ÿ CQÄ´¾°¨c–±”mºV{«ßÕýÄW\ÖŸ‘çŸ,çMRÆí“l-ƒn~ë©ÉÈê Ü?#Ž•¹ðãSÒ¥ÐWNíà½;ãž)™ÎSÈ9cóLjëµ¿Å«iÍk¨ió¶X‚7÷ƒ€yãnyÏŽëÞ Öt`×À×V's$È9Ú:ä{wÆEk€«†Çàc—â$éÎ.éí~Ýëk}ÅAÆpörÑ¢‡Šl¡ÑüSs‹¨‰IÃ„óÀ×wñ&eºðf™pŒÆ9gŽTø£lñëÀçŽ NkÊUK0U’p ï^¡ãÈ¥´ø{£ÙHp`’ØåbqÏ©äó^Æ: Ž' ÊóM«õz+ß×ó5Ÿ»('¹ð¦C„$˜Å¢_ºÈI?»^äã'ñêzž+ë€ñ-½»´}¡Ë*õ?.xÇ^1ŽMyÇÂ¸&“Â—L–îëöâ7…' bqéÎGé]Ëªâ1$o²¸R8Ã`.q€}sÖ¾C98cêÆÞíïóòvÓòùœÕfÔÚéýuèÖ·Ú Å‚_¤³ÜÛºÆ‘ÃŸ”à×¨ý:×ƒxPþÅÕî-/üØmnQìïGÎŠÙRqê=>¢½õnæ·r!—h`+’;ò3È<“Û©éšóŸx*÷V¹¸×tÈiˆßwiÔÿ |cŒñÏ®3Ö½Ì°‰Ë Qr©ö½®¼ÛoÑÙZÅÑ«Oàµ¯ýw8;k›ÿ x†;ˆJa;‘º9÷÷R+¡ñgŽí|Iáë{ôáo2Ê²9 029ÉÏLí\‰¿¸Ÿb˜ "Bv$£&#ßiê>=ªª©f ’N ëí>¡NXW~5×úíø\‰»½Ï^ø(—wÖú¥¤2íŽÞXæÁ$°eÈ888^nÝë²ñÝÔ^ ÖÚ9Q~Ëå7ï DC¶ÑµƒsËÇè9®Wáþƒ6‡£´·°2\Ý:ÈÑ?(#¨'$õèGJ¥ñW\ÿ ‰E¶—¸™g˜ÌÀ¹;Pv ú±ÎNs·ëŸ’–"Ž/:té+ûË]öJöÓM»ëø˜*‘•^Uý—êd|‰åñMæÔÝ‹23å™6æHùÛ‚ëüñ^…ñ1¢oêûÑEØ.õ7*ÅHtÎp{g<·Á«+¸c¿¿pÓ¾Æby=8É_ÄsÆk¬ñB\jÞÔì••Ë[9Píb‹Bãƒ… =93§ð§LšÛáÖšÆæXÌÞdÛP.0\ãïÛ0?™úJ¸™Ë ”•œº+=<µI£¦í¯õêt¬d‹T¬P=ËFêT>ÍØØ@Ï9<÷AQÌ×»Õ¡xùk",JÎæù±Éç$œŽŸZWH®¯"·UÌQÂ ’ÙÈ]ÅXg<ã ß¨g3-Üqe€0¢¨*Œ$Üƒ ’Sû 8ãŽ¼_/e'+Ï–-èÓ¶¶Õíß[·ÙÙ½îì—¼sk%§µxä‰â-pÒeÆCrú ôÏƒžû=”šÅô(QW‚Õd\ƒæ. \àö¹¯F½°³½0M>‘gr÷q+œ¶NïºHO— ¤ Ü¥Ý”n·J|ÆP6Kµc=Isó}Ò çGš)a=—#vK›åoK§ßóÙ¤¶¿õú…ÄRÚ[ËsöÙ¼Ë•Ë ópw®qœŒ·Ø ùÇâ‹ý‡ãKèS&ÞvûDAù‘É9ŒîqÅ} $SnIV[]Ñ´Ó}ØÜ¾A Ü|½kÅþÓ|EMuR¼.I¼¶däò‚ÃkÆ}ðy¹vciUœZ…Õõ»z¾÷¿n¦*j-É/àœHã\y5 Û ß™ó0—äŸnzôã#Ô¯,†¥ÚeÔ÷ÜÅ´„“'c…<íÝ€<·SŠ¥k§Ã¢éÆÆÙna‚8–=«Êª[Ÿ™°pNî02z“ÔÙ–K8.È’Þî(vƒ2®@ äÈûãçžxäÇf¯ˆu¹yUÕîýWšÙ|›ëÒ%Q^í[æ|éo5ï‚¼ZY•^{96ˆY‚§v*x>âº_|U¹Ö´©tûMÒÂ9PÇ#«£#€ éÉñ‘ƒÍz/‰´-Ä¯¹°dd,Ð‘›p03ƒœ{ç9=+ Ûá§‡¬¦[‡‚êå©º¸#±ß=³ý¿•Õµjñ½HÙh›Û[§ÚýÊöô÷{˜?ô÷·Ô.u©–_%còcAÀ˜’ }0x9Î>žñÇáÍ9,ahï¦Ì2òÓ ñÛAäry$V²Nð ]=$Ž ‚#Ù‚1ƒƒødõMax‡ÂÖ^!±KkÛ‘ «“Çó²FN8+ëÎ{Ò¼oí§[«ÕMRoËeç×[_m/¦¦k.kôgŽxsSÓ´ý`êzªÜÜKo‰cPC9ÎY‰#§^üý9¹âïÞx£Ë·Ú`±‰‹¤;³–=ÏaôÕAð‚÷kêÁNBéÎælcõö®£Fð†ô2Ò¬]ßÂK$ÓÜ®•”/ÊHàã$ä¸÷ëf¹Oµúâ“”’²øè´µþöjçNü÷üÌ¿ xNïFÒd»¼·h®îT9ŽAµÖ>qÁçÔœtïÒ»\È¶ÎîcÞäîó3¶@#ÉIÎ ÔñW.<´’¥–ÑÑ€ÕšA‚ ;†qÓë‚2q ÒÂó$# Çí‡ !Ë}Õ9ÈÎÑÉã=;ŒÇÎuñ+ÉûÏ¥öíeÙ+$úíÜå¨¯'+êZH4ƒq¶FV‹gïŒ208ÆÌ)íÐ±>M|÷âÍãÂ¾"iì‹¥£Jd´™OÝç;sÈúr+ÜäˆË)DŒ¥šF°*3Õ”d{zÔwºQ¿·UžÉf†~>I+ŒqÔ`ð3œ“Ü×f]œTÁÔn4“ƒø’Ýßõ_«*5šzGCÊ,þ+ê1Ã²÷O¶¸cœºb2yÇ;cùÕ£ñh¬›áÑŠr¤ÝäNBk¥—á—†gxšX/ì‘˜hŸ*Tçn =ûã¦2|(ð¿e·ºÖ$ ýìŸ!'åÎ°yîî+×öœ=Y:²¦ÓÞ×iü’—ü -BK™£˜›âÆ¡&véðõ-ûÉY¹=Onj¹ø¯¯yf4·±T Pó`çœ7={×mÃ/¢˜ZÚòK…G½¥b„’G AãÜœ*í¯Ã¿ IoæI¦NU8‘RwÈã;·€ Û×ëÒ”1Y •£E»ÿ Oyto¢<£Áö·šï,ä‰§ûA¼sû»Nò}¹üE{ÜÖªò1’õÞr0â}ÎØ#>à/8ïéÎ~—áÍ#Ã±Îlí§³2f'h”?C÷YËdð:qëõÓ·‚ïeÄ© ÔÈØÜRL+žAÎ3¼g=åšó³Œt3 ÑQ¦ùRÙßE®¼±w_;þhš’Sirÿ ^ˆã¼ià©‡|RòO„m°J/“$·l“ ÇÓ¿ÿ [ÑŠÆ“„†Õø>cFÆ6Ø1ƒ– àz7Ldòxäüwá‹ÝAXùO•Úý’é®ähm •NÀ±ÌTÈç ƒ‘I$pGž:‚ÄbêW¢®œ´|¦nÍ>¶ÖÏ¢§ÎÜ¢ºö¹•%ÄqL^öÛKpNA<ã¡ …î==ª¸óffËF‡yÌcÉ ©ç$ð=ñÏYþÊ’Ú]—¥‚¬‚eDïÎH>Ÿ_ÌTP™aÂ‰ch['çÆÜò7a‡?w°Ïn§âÎ5”’¨¹uÚÛ|´ÓÓc§{O—ü1•ªxsÃZ…ÊÏy¡Ã3¸Ë2Èé» ‘ƒÎ äžÜðA§cáOéúÛ4ý5-fŒï„ù¬ûô.Ç Üsž•Ò¾•wo<¶Ÿ"¬¡º|£ î2sÇ¡éE²ÉFÑ±rU°dÜ6œ¨ mc†Îxë×ºÞ'0²¡Rr„{j¾í·è›µ÷)º·å–‹î2|I®Y¼ºÍË·–ÃÆàã£'óÆxƒOÆÞ&>\lóÌxP Xc¸ì Sþ5§qà/ê>#žÞW¸if$\3 ® ûÄ“ùŽÕê¾ð<Ó‹H¶óÏ" å·( á‘€:ã†8Ï=+ê¨¬UA×ÃËÚT’ÑÞöù¥¢]{»ms¥F0\ÑÕ—ô}&ÛB´ƒOŽÚ+›xíÄÀ1 ,v± žIëíZ0Ç§™3í2®0à¸—p9öÝÔž)ÓZËoq/Ú“‘L ²ŒmùŽï‘Ó9§[Û#Ä‘\ÞB¬Çs [;à à«g‚2ôòªœÝV§»·¯/[uó½õÛï¾ /šÍ}öüÿ «=x»HŸÂÞ.™ ÌQùŸh´‘#a$‚'¡u<Š›Æ>2>+ƒLSiöwµFó1!eg`£åœ ÷ëÛö}Á¿ÛVÙêv $¬ƒ|,s÷z€ðÎƒ¨x÷ÅD\ÜŒÞmåÔ„ ˆ o| :{ÇÓ¶–òÁn!´0Ål€, ƒ ( ÛŒŒc¶rsšæ,4‹MÛOH!@¢ ÇŽ„`å²9ÝÃw;AÍt0®¤¡…¯ØÄ.Àìí´ƒ‘ßñ5Í,Óëu-ÈÔc¢KÃÓ£òÖÌºU.õL¯0…%2È—"~x ‚[`có±nHàŽyàö™¥keˆìŒÛFç{(Ø©†`Jã#Žwg<“:ÚÉ;M ^\yhûX‡vB·÷zrF?§BÊÔ/s<ÐÈB)Û± ·ÍÔwç5Âã:så§e{mÑ¤ï«Òíh—]Wm4âí¿ùþW4bC3¶ª¾Ùr$pw`àädzt!yŠI„hÂîàM)!edŒm'æ>Ç?wzºKìcŒ´¯Ìq6fp$)ãw¡éUl`µ»ARAˆÝÕgr:äŒgƒéé[Ôö±”iYs5Ýï«ÙG—K=þF’æMG«óÿ `ŠKÉ¦uOQ!ÕåŒ/ÎGÞ`@ËqÕzdõâ«Ê/Ö(ƒK´%ŽbMüåÜŸö—>¤óŒŒV‘°„I¢Yž#™¥ùÏÊ@8 œgqöö5ª4v×“[¬(q cò¨À!FGaÁõõ¯?§†¥ÏU½í¿WªZ$úyú½Žz×§Éþ?>Ã×È•6°{™™ŽÙ.$`ÎUœ…çè ' ¤r$1Ø(y7 ðV<ž:È ÁÎMw¾Â'Øb§øxb7gãÐž½óÉÊë²,i„FÈ¹£§8ãäÂ½k¹¥¦ê/ç{ïêï¦‡2œ/«ü?¯Ô›ìñÜ$þeýœRIåŒg9Ác’zrrNO bÚi¢ ÑºË/$,“ª¯Ýä;Œ× ´<ÛÑn³IvŸb™¥ nm–ÄŸ—nÝÀãŽ3ëÍG,.öó³˜Ù£¹uÊÌrŠ[<±!@Æ:c9ÅZh ì’M5ÄìÌ-‚¼ëÉùqŽGì9¬á ;¨A-ž—évþÖ–^ON·Ô”ŸEý}ú×PO&e[]ÒG¸˜Ûp ƒÃà/Ë·8ûÀ€1ž@¿ÚB*²¼ñì8@p™8Q“žÆH'8«I-%¸‚ F»“åó6°Uù|¶Ú¸ã ò^Äw¥ŠÖK–1ÜÝK,Žddlí²0PÀü“×ükG…¯U«·¶–´w¶ŽÍ¾©yÞú[Zös•¯Á[™6° ¨¼ÉVæq·,# ìãï‘×8îry®A››¨,ãc66»Ë´ã'æÉù?t}¢æH--Òá"›|ˆ¬[í 7¶ö#¸9«––‹$,+Ëqœ\Êøc€yê^Ý¸Äa°«™B-9%«×®‹V´w~vÜTéê¢·þ¼ˆ%·¹• ’[xç•÷2gØS?6åÀÚ õ9É#š@÷bT¸º²C*3Bá¤òÎA9 =úU§Ó"2Ãlá0iÝIc‚2Î@%öç94ùô»'»HÄ¥Ô¾@à Tp£šíx:úÊ:5eºßMý×wµ›Ó_+šº3Ýyvÿ "ºÇ<ÂI>Õ1G·Ë«È«É# àÈÇ øp Jv·šæDûE¿›†Ë’NFr2qŸ½ÇAÜšu•´éí#Ä¦8£2”Ú2Ã/€[ÎTr;qŠz*ý’Îþ(â‰ ;¡TÆâ›;ºÿ àçœk‘Þ8¾Uª¾íé{^×IZéwÓkXÉûÑZo¯_øo×È¡¬ â–ÞR§2„‚Àœü½ùç® SVa†Âüª¼±D‘ŒísŸàä|ä2 æ[‹z”¯s{wn„ÆmáóCO+†GO8Ïeçåº`¯^¼ðG5f{Xžä,k‰<á y™¥voÆ éÛõëI=œ1‹éíÔÀÑ)R#;AÂncäŽ:tÏ#¶TkB.0Œ-ÖÞZÛgumß}fÎJÉ+#2êÔP£žùÈÅi¢%œ3P*Yƒò‚Aì“Ž2r:ƒÐúñiRUQq‰H9!”={~¼“JŽV¥»×²m.ÛßºiYl¾òk˜gL³·rT• ’…wHÁ6ä`–Î3ùÌ4Øe³†&òL‘•%clyÃ®AÂäà0 žüç$[3uÅ˜î¹•pNOÀÉ=† cï{rYK ååä~FÁ •a»"Lär1Ó¯2Äõæ<™C•.fÕ»è¥~½-¿g½Â4¡{[ør¨¶·Žõäx¥’l®qpwÇ»8ärF \cŽ¸ÜÆÓ-g‚yciÏÀ¾rÎwèØÈ#o°Á9ã5¢šfÔxÞæfGusÏÌJÿ µ×œ/LtãÅT7²¶w,l É³;”eúà·¨çîŒsÜgTÃS¦^ '~‹®›¯+k÷ZÖd©Æ*Ó[Ü«%Œk0ŽXƒ”$k#È¨ P2bv‘ƒŸáÇ™ÆÕb)m$É*8óLE‘8'–ÜN Úyàúô+{uº±I'wvš4fÜr íì½=úuú sFlìV$‘ö†HÑù€$§ õ=½¸«Ž] :Ž+•¦ïmRþ½l´îÊT#nkiøÿ _ðÆT¶7Ò½ºÒ£Î¸d\ã8=yãŽÜäR{x]ZâÚé#¸r²#»ÎHÆ6õ ç® ÎFkr;sºÄ.&;só±Ç9êH÷ýSšÕtÐU¢-n Ì| vqœ„{gŒt§S.P‹’Ž‰_[;m¥ÞZýRûÂX{+¥úü¼ú•-àÓ7!„G"“´‹žƒnrYXã¸îp éœ!ÓoPÌtÑ (‰Þ¹é€sÓ#GLçÕšÑnJý¡!‘Tä#“ß?îýp}xÇ‚I¥Õn#·¸–y'qó@r[ Êô÷<ÔWÃÓ¢áN¥4Ô’I&Ý¼¬¬¼ÞºvéÆ FQV~_ÒüJÖÚt¥¦Xá3BÄP^%ÈÎW-×c¡ú©¤·Iþèk¥š?–UQåIR[’O 5x\ÉhÆI¶K4«2ùªŠŒ<¼óœçØ`u«‚Í.VHä€ Ëgfx''9ÆI#±®Z8 sISºku¢ßÞ]úk»Jößl¡B.Ü»ÿ MWe °·Ž%šêÉ†¼»Âù³´œ O¿cÐÓÄh©"ÛÜÏ.ÖV’3nüÄmnq[ŒòznšÖ>J¬òˆæ…qýØP Ž:ä7^0yëWšÍ_79äoaÈ °#q0{ää×mœy”R{vÒÞ¶ÚÏe¥“ÚÆÐ¥Ì®—õýjR •íç›Ìb„+JyÜØÙ•Ç]¿Ôd þËOL²”9-Œ—õÃc'æÝ×œçÚ²ìejP“½ âù°¨†ðqòädÐƒÉäÖÜj÷PÇp“ÍšŠå«‘î <iWNsmª»¶vÓz5»ûì:Rs\Ðßôû×uÔÿÙ