Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

#1  2010-08-02 15:20:04

  cyb - Użytkownik

cyb
Użytkownik
Zarejestrowany: 2010-07-27

exim4 i aliasy?

teraz mam w eximie tak zdefiniowane kwetsie aliasow:

Kod:

virtusertable_alias:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup{$local_part@$domain}lsearch{/etc/mail/virtusertable}}
   file_transport = address_file
   pipe_transport = address_pipe
virtusertable_defaultalias:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup{@$domain}lsearch{/etc/mail/virtusertable}}
   file_transport = address_file
   pipe_transport = address_pipe

chcialym moc ustawiac tak, ze:
imie1@domena.pl idzie do usera1
imie2@domena.pl idzie do usera2
a wszystkie inne emaile do domena.pl ida do usera3

a niestety powyzsze aliasy pwooduja,
ze jak tylko ustawie

Kod:

@domena.pl user3

to do usera3 trafiaja wszystkie emaile, rowniez te ktore powinny isc do user1 i user2.


jak powyzsze mozna rozwiazac?

Offline

 

#2  2010-08-02 17:24:53

  bercik - Moderator Mamut

bercik
Moderator Mamut
Skąd: Warszawa
Zarejestrowany: 2006-09-23
Serwis

Re: exim4 i aliasy?

pusc cos na adres imie1@domena.pl w trybie testowania exim -bh host.OR.IP i sproboj zobaczyc dlaczego sie nie zalapuje na virtusertable_alias ... mam nadzieje ze kolejnosc w konfigu jest taka jak podales ...


"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)

Offline

 

#3  2010-08-02 18:57:56

  cyb - Użytkownik

cyb
Użytkownik
Zarejestrowany: 2010-07-27

Re: exim4 i aliasy?

bercik napisał(-a):

pusc cos na adres imie1@domena.pl w trybie testowania exim -bh host.OR.IP i sproboj zobaczyc dlaczego sie nie zalapuje na virtusertable_alias ... mam nadzieje ze kolejnosc w konfigu jest taka jak podales ...

kolejnosc jest taka sama, robilem ^C^V.

ten fragment jest interesujacy:

Kod:

>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing imie1@domena.pl
>>> calling virtusertable_alias router
>>> routed by virtusertable_alias router
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing user1@domena.pl
>>> calling virtusertable_alias router
>>> virtusertable_alias router declined for user1@domena.pl
>>> calling virtusertable_defaultalias router
>>> routed by virtusertable_defaultalias router
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing user3@domena.pl
>>> calling virtusertable_alias router
>>> virtusertable_alias router declined for user3@domena.pl
>>> calling virtusertable_defaultalias router
>>> routed by virtusertable_defaultalias router
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing user3@domena.pl
>>> calling virtusertable_alias router
>>> virtusertable_alias router declined for user3@domena.pl

czyli jak widac pyta po kolei i wpierw wg virtusertable_alias jest ok, kieruje poczte do user1,
ale pozniej nie wiaodmo po co pyta sie virtusertable_defaultalias i  wtedy przekierowywuje do user3


gdy w /etc/mail/virtusertables zakomentuje linie:
#@domena.pl user3 to wtedy wszystko ladnie i cacy:

Kod:

>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing imie1@domena.pl
>>> calling virtusertable_alias router
>>> routed by virtusertable_alias router
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing user1@domena.pl
>>> calling virtusertable_alias router
>>> virtusertable_alias router declined for user1@domena.pl
>>> calling virtusertable_defaultalias router
>>> virtusertable_defaultalias router declined for user1@domena.pl

Ostatnio edytowany przez cyb (2010-08-02 19:25:27)

Offline

 

#4  2010-08-02 19:47:02

  bercik - Moderator Mamut

bercik
Moderator Mamut
Skąd: Warszawa
Zarejestrowany: 2006-09-23
Serwis

Re: exim4 i aliasy?

to sporo wyjasnia ... sproboj w /etc/mail/virtusertables dac:

Kod:

imie1@domena.pl user1@podstawowa.domena.serwera

lub

Kod:

imie1@domena.pl \\user1

"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)

Offline

 

#5  2010-08-02 20:03:34

  cyb - Użytkownik

cyb
Użytkownik
Zarejestrowany: 2010-07-27

Re: exim4 i aliasy?

bercik napisał(-a):

to sporo wyjasnia

mi akurat niewiele wyjasnilo.
mozesz poszerzyc swoja wypowiedz?

niestety obie metody nie dzialaja.

na wszelki wypadek publikuje exim4.conf.template, moze ktos cos wypatrzy blednego w konfiduracji
(czesc komentarzy wywalilem, bo post byl za duzy)

Kod:

#####################################################
### main/01_exim4-config_listmacrosdefs
#####################################################
######################################################################
#      Runtime configuration file for Exim 4 (Debian Packaging)      #
######################################################################


exim_path = /usr/sbin/exim4


primary_hostname = domena.pl

#pod ssl:
tls_certificate = /etc/mail/exim.crt
tls_privatekey = /etc/mail/exim.key
tls_advertise_hosts = *

daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465

.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif


UPEX4CmacrosUPEX4C = 1
#domainlist local_domains = MAIN_LOCAL_DOMAINS

domainlist local_domains =  domena.pl : domena.com : domena.eu 


domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS

hostlist relay_from_hosts = MAIN_RELAY_NETS


# Decide which domain to use to add to all unqualified addresses.
# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
# the first line of /etc/mailname is used.
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif

# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif

.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim4/update-exim4.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
LOCAL_DELIVERY=mail_spool
.endif

# The gecos field in /etc/passwd holds not only the name. see passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1


.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif

.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif

# always log tls_peerdn as we use TLS for outgoing connects by default
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif
#####################################################
### end main/01_exim4-config_listmacrosdefs
#####################################################
#####################################################
### main/02_exim4-config_options
#####################################################

### main/02_exim4-config_options
#################################


# Defines the access control list that is run when an
# SMTP MAIL command is received.
#
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL


# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT


# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA


# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif

# av_scanner = clamd:/tmp/clamd


# spamd_address = 127.0.0.1 783

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif


.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif


# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif

.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif

.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif




# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER

.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER

.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL


# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR


# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif


# users in admin group can do many other things
# admin_groups = <unset>


# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
#####################################################
### end main/02_exim4-config_options
#####################################################
#####################################################
### main/03_exim4-config_tlsoptions
#####################################################

### main/03_exim4-config_tlsoptions
#################################

# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.

.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS


.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif

# Pointer to the CA Certificates against which client certificates are
# checked. This is controlled by the `tls_verify_hosts' and
# `tls_try_verify_hosts' lists below.
# If you want to check server certificates, you need to add an
# tls_verify_certificates statement to the smtp transport.
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates(8) command.
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
                                    {/etc/ssl/certs/ca-certificates.crt}\
                    {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES


# A list of hosts which are constrained by `tls_verify_certificates'. A host
# that matches `tls_verify_host' must present a certificate that is
# verifyable through `tls_verify_certificates' in order to be accepted as an
# SMTP client. If it does not, the connection is aborted.
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif

.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

.endif
#####################################################
### end main/03_exim4-config_tlsoptions
#####################################################
#####################################################
### main/90_exim4-config_log_selector
#####################################################

### main/90_exim4-config_log_selector
#################################

# uncomment this for debugging
# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments

.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
#####################################################
### end main/90_exim4-config_log_selector
#####################################################
#####################################################
### acl/00_exim4-config_header
#####################################################

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################
begin acl


#####################################################
### end acl/00_exim4-config_header
#####################################################
#####################################################
### acl/20_exim4-config_local_deny_exceptions
#####################################################

### acl/20_exim4-config_local_deny_exceptions
#################################


acl_local_deny_exceptions:
  accept
    hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
                 {CONFDIR/host_local_deny_exceptions}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
                   {CONFDIR/sender_local_deny_exceptions}\
                   {}}
  accept
    hosts = ${if exists{CONFDIR/local_host_whitelist}\
                 {CONFDIR/local_host_whitelist}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/local_sender_whitelist}\
                   {CONFDIR/local_sender_whitelist}\
                   {}}

  # This hook allows you to hook in your own ACLs without having to
  # modify this file. If you do it like we suggest, you'll end up with
  # a small performance penalty since there is an additional file being
  # accessed. This doesn't happen if you leave the macro unset.
  .ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
  .include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
  .endif
  
  # this is still supported for a transition period and is deprecated.
  .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
  .endif
#####################################################
### end acl/20_exim4-config_local_deny_exceptions
#####################################################
#####################################################
### acl/30_exim4-config_check_mail
#####################################################

### acl/30_exim4-config_check_mail
#################################

# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif

  accept
#####################################################
### end acl/30_exim4-config_check_mail
#####################################################
#####################################################
### acl/30_exim4-config_check_rcpt
#####################################################

### acl/30_exim4-config_check_rcpt
#################################

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:

  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  # testing for an empty sending host field.
  accept
    hosts = :



  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
  deny
    domains = +local_domains
    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
    message = restricted characters in address
  .endif


  # The second rule applies to all other domains, and its default is
  # considerably less strict.
  
  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
  deny
    domains = !+local_domains
    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
    message = restricted characters in address
  .endif


  # Accept mail to postmaster in any local domain, regardless of the source,
  # and without verifying the sender.
  #
  accept
    .ifndef CHECK_RCPT_POSTMASTER
    local_parts = postmaster
    .else
    local_parts = CHECK_RCPT_POSTMASTER
    .endif
    domains = +local_domains : +relay_to_domains


  .ifdef CHECK_RCPT_VERIFY_SENDER
  deny
    message = Sender verification failed
    !acl = acl_local_deny_exceptions
    !verify = sender
  .endif

  # Verify senders listed in local_sender_callout with a callout.
  #
  # In smarthost and satellite setups, this causes the callout to be
  # done to the smarthost. Verification will thus only be reliable if the
  # smarthost does reject illegal addresses in the SMTP dialog.
  deny
    !acl = acl_local_deny_exceptions
    senders = ${if exists{CONFDIR/local_sender_callout}\
                         {CONFDIR/local_sender_callout}\
                   {}}
    !verify = sender/callout




  accept
    hosts = +relay_from_hosts
    control = submission/sender_retain


  accept
    authenticated = *
    control = submission/sender_retain


  require
    message = relay not permitted
    domains = +local_domains : +relay_to_domains


  # We also require all accepted addresses to be verifiable. This check will
  # do local part verification for local domains, but only check the domain
  # for remote domains.
  require
    verify = recipient

  deny
    !acl = acl_local_deny_exceptions
    recipients = ${if exists{CONFDIR/local_rcpt_callout}\
                            {CONFDIR/local_rcpt_callout}\
                      {}}
    !verify = recipient/callout


  deny
    message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_local_deny_exceptions
    senders = ${if exists{CONFDIR/local_sender_blacklist}\
                   {CONFDIR/local_sender_blacklist}\
                   {}}



  deny
    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_local_deny_exceptions
    hosts = ${if exists{CONFDIR/local_host_blacklist}\
                 {CONFDIR/local_host_blacklist}\
                 {}}


  # Warn if the sender host does not have valid reverse DNS.
  # 
  # If your system can do DNS lookups without delay or cost, you might want
  # to enable this.
  # If sender_host_address is defined, it's a remote call.  If
  # sender_host_name is not defined, then reverse lookup failed.  Use
  # this instead of !verify = reverse_host_lookup to catch deferrals
  # as well as outright failures.
  .ifdef CHECK_RCPT_REVERSE_DNS
  warn
    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
                      {yes}{no}}
  .endif


  # Use spfquery to perform a pair of SPF checks (for details, see
  # http://www.openspf.org/)
  #
  # This is quite costly in terms of DNS lookups (~6 lookups per mail).  Do not
  # enable if that's an issue.  Also note that if you enable this, you must
  # install "libmail-spf-query-perl" which provides the spfquery command.
  # Missing libmail-spf-query-perl will trigger the "Unexpected error in
  # SPF check" warning.
  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
              Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
    log_message = SPF check failed.
    !acl = acl_local_deny_exceptions
    condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
                     {no}{${if eq {$runrc}{1}{yes}{no}}}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}

  warn
    message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
                                 {${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}

  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}

  # Support for best-guess (see http://www.openspf.org/developers-guide.html)
  warn
    message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
                                {pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
                                {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
    condition = ${if <={$runrc}{6}{yes}{no}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}
  .endif


  # Check against classic DNS "black" lists (DNSBLs) which list
  # sender IP addresses
  .ifdef CHECK_RCPT_IP_DNSBLS
  warn
    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    dnslists = CHECK_RCPT_IP_DNSBLS
  .endif


  # Check against DNSBLs which list sender domains, with an option to locally
  # whitelist certain domains that might be blacklisted.
  #
  # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
  # "/$sender_address_domain" after each domain.  For example:
  # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
  #                            : rhsbl.bar.org/$sender_address_domain
  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
  warn
    message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                    {CONFDIR/local_domain_dnsbl_whitelist}\
                    {}}
    dnslists = CHECK_RCPT_DOMAIN_DNSBLS
  .endif


  # This hook allows you to hook in your own ACLs without having to
  # modify this file. If you do it like we suggest, you'll end up with
  # a small performance penalty since there is an additional file being
  # accessed. This doesn't happen if you leave the macro unset.
  .ifdef CHECK_RCPT_LOCAL_ACL_FILE
  .include CHECK_RCPT_LOCAL_ACL_FILE
  .endif


  #############################################################################
  # This check is commented out because it is recognized that not every
  # sysadmin will want to do it. If you enable it, the check performs
  # Client SMTP Authorization (csa) checks on the sending host. These checks
  # do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
  # an Internet draft. You can, of course, add additional conditions to this
  # ACL statement to restrict the CSA checks to certain hosts only.
  #
  # require verify = csa
  #############################################################################


  # Accept if the address is in a domain for which we are an incoming relay,
  # but again, only if the recipient can be verified.

  accept
    domains = +relay_to_domains
    endpass
    verify = recipient


  # At this point, the address has passed all the checks that have been
  # configured, so we accept it unconditionally.

  accept
#####################################################
### end acl/30_exim4-config_check_rcpt
#####################################################
#####################################################
### acl/40_exim4-config_check_data
#####################################################

### acl/40_exim4-config_check_data
#################################

# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.

acl_check_data:

  # Deny unless the address list headers are syntactically correct.
  #
  # If you enable this, you might reject legitimate mail.
  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_local_deny_exceptions
    !verify = header_syntax
  .endif


  # require that there is a verifiable sender address in at least
  # one of the "Sender:", "Reply-To:", or "From:" header lines.
  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_local_deny_exceptions
    !verify = header_sender
  .endif



  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif


  # accept otherwise
  accept
#####################################################
### end acl/40_exim4-config_check_data
#####################################################
#####################################################
### router/00_exim4-config_header
#####################################################

######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################

begin routers


#vdom_aliases:
#      driver = redirect
#      allow_defer
#      allow_fail
#      domains = dsearch;/etc/mail/virtual
#      data = ${expand:${lookup{$local_part}lsearch*@{/etc/mail/virtual/$domain}}}
#      retry_use_local_part
#      pipe_transport   = address_pipe
#      file_transport   = address_file


virtusertable_alias:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup{$local_part@$domain}lsearch{/etc/mail/virtusertable}}
   file_transport = address_file
   pipe_transport = address_pipe

virtusertable_defaultalias:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup{@$domain}lsearch{/etc/mail/virtusertable}}
   file_transport = address_file
   pipe_transport = address_pipe






#####################################################
### end router/00_exim4-config_header
#####################################################
#####################################################
### router/100_exim4-config_domain_literal
#####################################################

### router/100_exim4-config_domain_literal
#################################

# This router handles e-mail addresses in "domain literal" form like
# <user@[10.11.12.13]>. The RFCs require this facility, but it is disabled
# in the default config since it is seldomly used and frequently abused.
# Domain literal support also needs to be enabled in the main config,
# which is automatically done if you use the enable macro
# MAIN_ALLOW_DOMAIN_LITERALS.

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
  debug_print = "R: domain_literal for $local_part@$domain"
  driver = ipliteral
  domains = ! +local_domains
  transport = remote_smtp
.endif
#####################################################
### end router/100_exim4-config_domain_literal
#####################################################
#####################################################
### router/150_exim4-config_hubbed_hosts
#####################################################




# router/150_exim4-config_hubbed_hosts
#################################

# route specific domains manually.
#
# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for
# more detailed documentation.

hubbed_hosts:
  debug_print = "R: hubbed_hosts for $domain"
  driver = manualroute
  domains = "${if exists{CONFDIR/hubbed_hosts}\
                   {partial-lsearch;CONFDIR/hubbed_hosts}\
              fail}"
  same_domain_copy_routing = yes
  route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
  transport = remote_smtp
#####################################################
### end router/150_exim4-config_hubbed_hosts
#####################################################
#####################################################
### router/200_exim4-config_primary
#####################################################

### router/200_exim4-config_primary
#################################
# This file holds the primary router, responsible for nonlocal mails

.ifdef DCconfig_internet
# configtype=internet
#
# deliver mail to the recipient if recipient domain is a domain we
# relay for. We do not ignore any target hosts here since delivering to
# a site local or even a link local address might be wanted here, and if
# such an address has found its way into the MX record of such a domain,
# the local admin is probably in a place where that broken MX record
# could be fixed.

dnslookup_relay_to_domains:
  debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains : +relay_to_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  no_more

# deliver mail directly to the recipient. This router is only reached
# for domains that we do not relay for. Since we most probably can't
# have broken MX records pointing to site local or link local IP
# addresses fixed, we ignore target hosts pointing to these addresses.

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  # ignore private rfc1918 and APIPA addresses
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
            255.255.255.255
  no_more

.endif


.ifdef DCconfig_local
# configtype=local
#
# Stand-alone system, so generate an error for mail to a non-local domain
nonlocal:
  debug_print = "R: nonlocal for $local_part@$domain"
  driver = redirect
  domains = ! +local_domains
  allow_fail
  data = :fail: Mailing to remote domains not supported
  no_more

.endif


.ifdef DCconfig_smarthost DCconfig_satellite
# configtype=smarthost or configtype=satellite
#
# Send all non-local mail to a single other machine (smarthost).
#
# This means _ALL_ non-local mail goes to the smarthost. This will most
# probably not do what you want for domains that are listed in
# relay_domains. The most typical use for relay_domains is to control
# relaying for incoming e-mail on secondary MX hosts. In that case,
# it doesn't make sense to send the mail to the smarthost since the
# smarthost will probably send the message right back here, causing a
# loop.
#
# If you want to use a smarthost while being secondary MX for some
# domains, you'll need to copy the dnslookup_relay_to_domains router
# here so that mail to relay_domains is handled separately.

smarthost:
  debug_print = "R: smarthost for $local_part@$domain"
  driver = manualroute
  domains = ! +local_domains
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = defer
  same_domain_copy_routing = yes
  no_more

.endif


# The "no_more" above means that all later routers are for
# domains in the local_domains list, i.e. just like Exim 3 directors.
#####################################################
### end router/200_exim4-config_primary
#####################################################
#####################################################
### router/300_exim4-config_real_local
#####################################################

### router/300_exim4-config_real_local
#################################

# This router allows reaching a local user while avoiding local
# processing. This can be used to inform a user of a broken .forward
# file, for example. The userforward router does this.

COND_LOCAL_SUBMITTER = "\
               ${if match_ip{$sender_host_address}{:@[]}\
                    {1}{0}\
        }"

real_local:
  debug_print = "R: real_local for $local_part@$domain"
  driver = accept
  domains = +local_domains
  condition = COND_LOCAL_SUBMITTER
  local_part_prefix = real-
  check_local_user
  transport = LOCAL_DELIVERY

#####################################################
### end router/300_exim4-config_real_local
#####################################################
#####################################################
### router/400_exim4-config_system_aliases
#####################################################

### router/400_exim4-config_system_aliases
#################################

# This router handles aliasing using a traditional /etc/aliases file.
#
##### NB  You must ensure that /etc/aliases exists. It used to be the case
##### NB  that every Unix had that file, because it was the Sendmail default.
##### NB  These days, there are systems that don't have it. Your aliases
##### NB  file should at least contain an alias for "postmaster".
#
# This router handles the local part in a case-insensitive way which
# satisfies the RFCs requirement that postmaster be reachable regardless
# of case. If you decide to handle /etc/aliases in a caseful way, you
# need to make arrangements for a caseless postmaster.
#
# Delivery to arbitrary directories, files, and piping to programs in
# /etc/aliases is disabled per default.
# If that is a problem for you, see
#   /usr/share/doc/exim4-base/README.Debian.gz
# for explanation and some workarounds.

system_aliases:
  debug_print = "R: system_aliases for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  .ifdef SYSTEM_ALIASES_USER
  user = SYSTEM_ALIASES_USER
  .endif
  .ifdef SYSTEM_ALIASES_GROUP
  group = SYSTEM_ALIASES_GROUP
  .endif
  .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
  file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
  pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
  .endif
  .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
  .endif


#####################################################
### end router/400_exim4-config_system_aliases
#####################################################
#####################################################
### router/500_exim4-config_hubuser
#####################################################

### router/500_exim4-config_hubuser
#################################

.ifdef DCconfig_satellite
# This router is only used for configtype=satellite.
# It takes care to route all mail targetted to <somelocaluser@this.machine>
# to the host where we read our mail
#
hub_user:
  debug_print = "R: hub_user for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = ${local_part}@DCreadhost
  check_local_user

# Grab the redirected mail and deliver it.
# This is a duplicate of the smarthost router, needed because
# DCreadhost might end up as part of +local_domains
hub_user_smarthost:
  debug_print = "R: hub_user_smarthost for $local_part@$domain"
  driver = manualroute
  domains = DCreadhost
  transport = remote_smtp_smarthost
  route_list = * DCsmarthost byname
  host_find_failed = defer
  same_domain_copy_routing = yes
  check_local_user
.endif


#####################################################
### end router/500_exim4-config_hubuser
#####################################################
#####################################################
### router/600_exim4-config_userforward
#####################################################

### router/600_exim4-config_userforward
#################################

# This router handles forwarding using traditional .forward files in users'
# home directories. It also allows mail filtering with a forward file
# starting with the string "# Exim filter" or "# Sieve filter".
#
# The no_verify setting means that this router is skipped when Exim is
# verifying addresses. Similarly, no_expn means that this router is skipped if
# Exim is processing an EXPN command.
#
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.
#
# The four transports specified at the end are those that are used when
# forwarding generates a direct delivery to a directory, or a file, or to a
# pipe, or sets up an auto-reply, respectively.
#
userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  check_local_user
  file = $home/.forward
  require_files = $local_part:$home/.forward
  no_verify
  no_expn
  check_ancestor
  allow_filter
  forbid_smtp_code = true
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.

#####################################################
### end router/600_exim4-config_userforward
#####################################################
#####################################################
### router/700_exim4-config_procmail
#####################################################

procmail:
  debug_print = "R: procmail for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = procmail_pipe
  # emulate OR with "if exists"-expansion
  require_files = ${local_part}:\
                  ${if exists{/etc/procmailrc}\
                    {/etc/procmailrc}{${home}/.procmailrc}}:\
                  +/usr/bin/procmail
  no_verify
  no_expn

#####################################################
### end router/700_exim4-config_procmail
#####################################################
#####################################################
### router/800_exim4-config_maildrop
#####################################################

### router/800_exim4-config_maildrop
#################################

maildrop:
  debug_print = "R: maildrop for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = maildrop_pipe
  require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
  no_verify
  no_expn

#####################################################
### end router/800_exim4-config_maildrop
#####################################################
#####################################################
### router/850_exim4-config_lowuid
#####################################################

### router/850_exim4-config_lowuid
#################################

.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif

.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif

COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
               ${if and{{! match_ip{$sender_host_address}{:@[]}}\
                        {<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
                    {1}{0}\
        }"

lowuid_aliases:
  debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
  check_local_user
  driver = redirect
  allow_fail
  domains = +local_domains
  condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
  data = ${if exists{/etc/exim4/lowuid-aliases}\
              {${lookup{$local_part}lsearch{/etc/exim4/lowuid-aliases}\
              {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
#####################################################
### end router/850_exim4-config_lowuid
#####################################################
#####################################################
### router/900_exim4-config_local_user
#####################################################

### router/900_exim4-config_local_user
#################################

# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".

local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  local_parts = ! root
  transport = LOCAL_DELIVERY
  cannot_route_message = Unknown user
#####################################################
### end router/900_exim4-config_local_user
#####################################################
#####################################################
### router/mmm_mail4root
#####################################################

### router/mmm_mail4root
#################################
# deliver mail addressed to root to /var/mail/mail as user mail:mail
# if it was not redirected in /etc/aliases or by other means
# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)

mail4root:
  debug_print = "R: mail4root for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  data = /var/mail/mail
  file_transport = address_file
  local_parts = root
  user = mail
  group = mail

#####################################################
### end router/mmm_mail4root
#####################################################
#####################################################
### transport/00_exim4-config_header
#####################################################

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports

#####################################################
### end transport/00_exim4-config_header
#####################################################
#####################################################
### transport/10_exim4-config_transport-macros
#####################################################

### transport/10_exim4-config_transport-macros
#################################

.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif

.ifdef REMOTE_SMTP_HELO_FROM_DNS
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
#####################################################
### end transport/10_exim4-config_transport-macros
#####################################################
#####################################################
### transport/30_exim4-config_address_file
#####################################################

# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
#
address_file:
  debug_print = "T: address_file for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

#####################################################
### end transport/30_exim4-config_address_file
#####################################################
#####################################################
### transport/30_exim4-config_address_pipe
#####################################################

# This transport is used for handling pipe deliveries generated by
# .forward files. If the commands fails and produces any output on standard
# output or standard error streams, the output is returned to the sender
# of the message as a delivery error.
address_pipe:
  debug_print = "T: address_pipe for $local_part@$domain"
  driver = pipe
  return_fail_output

#####################################################
### end transport/30_exim4-config_address_pipe
#####################################################
#####################################################
### transport/30_exim4-config_address_reply
#####################################################

# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
#
address_reply:
  debug_print = "T: autoreply for $local_part@$domain"
  driver = autoreply

#####################################################
### end transport/30_exim4-config_address_reply
#####################################################
#####################################################
### transport/30_exim4-config_mail_spool
#####################################################

### transport/30_exim4-config_mail_spool

# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format.
#
mail_spool:
  debug_print = "T: appendfile for $local_part@$domain"
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0660
  mode_fail_narrower = false

quota = ${lookup{$local_part}lsearch{/etc/mail/local_quota.conf}{$value}{50M}}
message_size_limit = 50M
quota_warn_message = "\
Content-Type: text/plain; charset=ISO-8859-2\n\
To: $local_part@$domain\n\
Reply-to: root@$domain\n\
Subject: Twoja skrzynka pocztowa jest prawie PELNA (w 90%)!!!\n\
\n\
*** Ta wiadomo¶ć została wygenerowana automatycznie ***\n\
\n\
Uprzejmie informujemy, iż skrzynka pocztowa została zapełniona w 90%\n\
swojej pojemno¶ci. W przypadku 100% nie będ± dostarczane\n\
do Ciebie nowe wiadomo¶ci. Opróżnij skrzynkę pocztow± ze starych\n\
wiadomo¶ci.\n"
    quota_warn_threshold = 90%


#####################################################
### end transport/30_exim4-config_mail_spool
#####################################################
#####################################################
### transport/30_exim4-config_maildir_home
#####################################################

### transport/30_exim4-config_maildir_home
#################################

# Use this instead of mail_spool if you want to to deliver to Maildir in
# home-directory - change the definition of LOCAL_DELIVERY
#
maildir_home:
  debug_print = "T: maildir_home for $local_part@$domain"
  driver = appendfile
  .ifdef MAILDIR_HOME_MAILDIR_LOCATION
  directory = MAILDIR_HOME_MAILDIR_LOCATION
  .else
  directory = $home/Maildir
  .endif
  .ifdef MAILDIR_HOME_CREATE_DIRECTORY
  create_directory
  .endif
  .ifdef MAILDIR_HOME_CREATE_FILE
  create_file = MAILDIR_HOME_CREATE_FILE
  .endif
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  .ifdef MAILDIR_HOME_DIRECTORY_MODE
  directory_mode = MAILDIR_HOME_DIRECTORY_MODE
  .else
  directory_mode = 0700
  .endif
  .ifdef MAILDIR_HOME_MODE
  mode = MAILDIR_HOME_MODE
  .else
  mode = 0600
  .endif
  mode_fail_narrower = false
  # This transport always chdirs to $home before trying to deliver. If
  # $home is not accessible, this chdir fails and prevents delivery.
  # If you are in a setup where home directories might not be
  # accessible, uncomment the current_directory line below.
  # current_directory = /
#####################################################
### end transport/30_exim4-config_maildir_home
#####################################################
#####################################################
### transport/30_exim4-config_maildrop_pipe
#####################################################

maildrop_pipe:
  debug_print = "T: maildrop_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/maildrop"
  return_path_add
  delivery_date_add
  envelope_to_add

#####################################################
### end transport/30_exim4-config_maildrop_pipe
#####################################################
#####################################################
### transport/30_exim4-config_procmail_pipe
#####################################################

procmail_pipe:
  debug_print = "T: procmail_pipe for $local_part@$domain"
  driver = pipe
  path = "/bin:/usr/bin:/usr/local/bin"
  command = "/usr/bin/procmail"
  return_path_add
  delivery_date_add
  envelope_to_add

#####################################################
### end transport/30_exim4-config_procmail_pipe
#####################################################
#####################################################
### transport/30_exim4-config_remote_smtp
#####################################################

### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
#####################################################
### end transport/30_exim4-config_remote_smtp
#####################################################
#####################################################
### transport/30_exim4-config_remote_smtp_smarthost
#####################################################

### transport/30_exim4-config_remote_smtp_smarthost
#################################

# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
        {\
        ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
        }\
        {} \
      }
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
#####################################################
### end transport/30_exim4-config_remote_smtp_smarthost
#####################################################
#####################################################
### transport/35_exim4-config_address_directory
#####################################################
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name.

address_directory:
  debug_print = "T: address_directory for $local_part@$domain"
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  check_string = ""
  escape_string = ""
  maildir_format

#####################################################
### end transport/35_exim4-config_address_directory
#####################################################
#####################################################
### retry/00_exim4-config_header
#####################################################

######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

begin retry

#####################################################
### end retry/00_exim4-config_header
#####################################################
#####################################################
### retry/30_exim4-config
#####################################################

### retry/30_exim4-config
#################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Please note that these rules only limit the frequenzy of retries, the
# effective retry-time depends on the frequenzy of queue-running, too.
# See QUEUEINTERVAL in /etc/default/exim4.

# Address or Domain    Error       Retries
# -----------------    -----       -------

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

#####################################################
### end retry/30_exim4-config
#####################################################
#####################################################
### rewrite/00_exim4-config_header
#####################################################

######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

begin rewrite

#####################################################
### end rewrite/00_exim4-config_header
#####################################################
#####################################################
### rewrite/31_exim4-config_rewriting
#####################################################

### rewrite/31_exim4-config_rewriting
#################################

# This rewriting rule is particularily useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
# identical rewriting rule for /etc/mailname
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
.endif


#####################################################
### end rewrite/31_exim4-config_rewriting
#####################################################
#####################################################
### auth/00_exim4-config_header
#####################################################

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

begin authenticators


#####################################################
### end auth/00_exim4-config_header
#####################################################
#####################################################
### auth/30_exim4-config_examples
#####################################################

### auth/30_exim4-config_examples
#################################

# The examples below are for server side authentication, when the
# local exim is SMTP server and clients authenticate to the local exim.

# They allow two styles of plain-text authentication against an
# CONFDIR/passwd file whose syntax is described in exim4_passwd(5).

# Hosts that are allowed to use AUTH are defined by the
# auth_advertise_hosts option in the main configuration. The default is
# "*", which allows authentication to all hosts over all kinds of
# connections if there is at least one authenticator defined here.
# Authenticators which rely on unencrypted clear text passwords don't
# advertise on unencrypted connections by default. Thus, it might be
# wise to set up TLS to allow encrypted connections. If TLS cannot be
# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
# advertise unencrypted clear text password based authenticators on all
# connections. As this is severely reducing security, using TLS is
# preferred over allowing clear text password based authenticators on
# unencrypted connections.

# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.

# plain_server:
#   driver = plaintext
#   public_name = PLAIN
#   server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
#   server_set_id = $auth2
#   server_prompts = :
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.

# login_server:
#   driver = plaintext
#   public_name = LOGIN
#   server_prompts = "Username:: : Password::"
#   server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif
#
# cram_md5_server:
#   driver = cram_md5
#   public_name = CRAM-MD5
#   server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
#   server_set_id = $auth1

# Here is an example of CRAM-MD5 authentication against PostgreSQL:
#
# psqldb_auth_server:
#   driver = cram_md5
#   public_name = CRAM-MD5
#   server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
#   server_set_id = $auth1

# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
# plain_saslauthd_server:
#   driver = plaintext
#   public_name = PLAIN
#   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
#   server_set_id = $auth2
#   server_prompts = :
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif
#
# login_saslauthd_server:
#   driver = plaintext
#   public_name = LOGIN
#   server_prompts = "Username:: : Password::"
#   # don't send system passwords over unencrypted connections
#   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif
#
# ntlm_sasl_server:
#   driver = cyrus_sasl
#   public_name = NTLM
#   server_realm = <short main hostname>
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif
# 
# digest_md5_sasl_server:
#   driver = cyrus_sasl
#   public_name = DIGEST-MD5
#   server_realm = <short main hostname>
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

# Authentcate against cyrus-sasl
# This is mainly untested, please report any problems to
# pkg-exim4-users@lists.alioth.debian.org.
# cram_md5_sasl_server:
#   driver = cyrus_sasl
#   public_name = CRAM-MD5
#   server_realm = <short main hostname>
#   server_set_id = $auth1
#
# plain_sasl_server:
#   driver = cyrus_sasl
#   public_name = PLAIN
#   server_realm = <short main hostname>
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif
#
# login_sasl_server:
#   driver = cyrus_sasl
#   public_name = LOGIN
#   server_realm = <short main hostname>
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

# Authenticate against courier authdaemon

# This is now the (working!) example from
# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
# Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
# plain_courier_authdaemon:
#   driver = plaintext
#   public_name = PLAIN
#   server_condition = \
#     ${extract {ADDRESS} \
#               {${readsocket{/var/run/courier/authdaemon/socket} \
#               {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
#               {yes} \
#               fail}
#   server_set_id = $auth2
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

# login_courier_authdaemon:
#   driver = plaintext
#   public_name = LOGIN
#   server_prompts = Username:: : Password::
#   server_condition = \
#     ${extract {ADDRESS} \
#               {${readsocket{/var/run/courier/authdaemon/socket} \
#               {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
#               {yes} \
#               fail}
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# If your list of offered authenticators is other than PLAIN and LOGIN,
# you need to adapt the public_name line manually.
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.

# support_broken_outlook_express_4_server:
#   driver = plaintext
#   public_name = "\r\n250-AUTH=PLAIN LOGIN"
#   server_prompts = User Name : Password
#   server_condition = no
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
#   .endif

##############
# See /usr/share/doc/exim4-base/README.Debian.gz
##############

# These examples below are the equivalent for client side authentication.
# They get the passwords from CONFDIR/passwd.client, whose format is
# defined in exim4_passwd_client(5)

# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.


#cram_md5:
#  driver = cram_md5
#  public_name = CRAM-MD5
#  client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
#  client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
#
## this returns the matching line from passwd.client and doubles all ^
#PASSWDLINE=${sg{\
#                ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
#            }\
#            {\\N[\\^]\\N}\
#            {^^}\
#        }
#
#plain:
#  driver = plaintext
#  public_name = PLAIN
#.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
#  client_send = "<; ${if !eq{$tls_cipher}{}\
#                    {^${extract{1}{:}{PASSWDLINE}}\
#             ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
#           }fail}"
#.else
#  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
#            ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.endif
#
#login:
#  driver = plaintext
#  public_name = LOGIN
#.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
#  # Return empty string if not non-TLS AND looking up $host in passwd-file
#  # yields a non-empty string; fail otherwise.
#  client_send = "<; ${if and{\
#                          {!eq{$tls_cipher}{}}\
#                          {!eq{PASSWDLINE}{}}\
#                         }\
#                      {}fail}\
#                 ; ${extract{1}{::}{PASSWDLINE}}\
#         ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.else
#  # Return empty string if looking up $host in passwd-file yields a
#  # non-empty string; fail otherwise.
#  client_send = "<; ${if !eq{PASSWDLINE}{}\
#                      {}fail}\
#                 ; ${extract{1}{::}{PASSWDLINE}}\
#         ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.endif

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
  server_prompts = :
  # powyższy wpis zadziała przy saslauthd -a shadow, jeżeli
  # uruchomicie saslauthd -a pam (np. PLD) wpiszcie wtedy:
  # server_condition = ${if saslauthd{{$2}{$3}{smtp}}{1}{0}}
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"

  server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
  # powyższy wpis zadziała przy saslauthd -a shadow, jeżeli
  # uruchomicie saslauthd -a pam (np. PLD) wpiszcie wtedy:
  # server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
 server_set_id = $1




#####################################################
### end auth/30_exim4-config_examples
#####################################################

Ostatnio edytowany przez cyb (2010-08-02 21:29:07)

Offline

 

#6  2010-08-02 22:13:28

  bercik - Moderator Mamut

bercik
Moderator Mamut
Skąd: Warszawa
Zarejestrowany: 2006-09-23
Serwis

Re: exim4 i aliasy?

wyjasnia to to ze virtusertable dziala ... tylko z jakiegos powodu konta user1, user2 uznawane sa za lezace w domenie "domena.pl" ... plik konfiguracyjny wyjasnia ze domena.pl jest podstawowa domena pocztowa (primary_hostname)  ... a to wyjasnia dlaczego tak sie dzieje ...

jezeli faktycznie masz tylko ta jedna domene lub chesz zrobic takie przekierowanie dla podatwowej domeny pocztowej najprosciej chyba dodac w odpowiednim miejscu (po obsludze dostarczania do lokalnego usera) router powodujacy przeslanie pozostalych listow do user3 zamiast uzywania takiego wpisu w virtusertable ...

Ostatnio edytowany przez bercik (2010-08-02 22:13:54)


"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)

Offline

 

#7  2010-08-02 22:27:45

  cyb - Użytkownik

cyb
Użytkownik
Zarejestrowany: 2010-07-27

Re: exim4 i aliasy?

bercik napisał(-a):

wyjasnia to to ze virtusertable dziala ... tylko z jakiegos powodu konta user1, user2 uznawane sa za lezace w domenie "domena.pl" ... plik konfiguracyjny wyjasnia ze domena.pl jest podstawowa domena pocztowa (primary_hostname)  ... a to wyjasnia dlaczego tak sie dzieje ...

jezeli faktycznie masz tylko ta jedna domene lub chesz zrobic takie przekierowanie dla podatwowej domeny pocztowej najprosciej chyba dodac w odpowiednim miejscu (po obsludze dostarczania do lokalnego usera) router powodujacy przeslanie pozostalych listow do user3 zamiast uzywania takiego wpisu w virtusertable ...

domen mam kilka i to akurat niedotyczy tylko podstawowej domeny.

jesli zrobie w virtusertable:

imie2@domena.com   user2
@domena.com  user3

to i tak email wyslany do imie2@domena2.com  laduje w skrzynce user3

caly problem polega na tym, ze nie moge powydzielac sobie poczty dla userow, a to co przyjdzie na domene i nie bedzie przypisane do konkretnego usera, to zeby szlo do domyslnego usera

czyli jak do istniejacych regulek dorobic sobie catch all?

Ostatnio edytowany przez cyb (2010-08-02 23:38:18)

Offline

 

#8  2010-08-03 11:54:07

  bercik - Moderator Mamut

bercik
Moderator Mamut
Skąd: Warszawa
Zarejestrowany: 2006-09-23
Serwis

Re: exim4 i aliasy?

tak wiec jaki jest przebieg (exim -bh host.OR.IP) dla maila na imie1@domena.nie.podstawowa gdy w virtusertables masz wpisy:

Kod:

imie1@domena.nie.podstawowa user1@domena.podstawowa
@domena.nie.podstawowa user2@domena.podstawowa

i nie masz wpisu "@domena.podstawowa user3"

PS1 chodzi o to ze metodyka ogolnie jest ok tylko cos gdzies masz skopane ... a zamienianie wszystkich domen na domena.pl w pokazywanych konfigach nie ulatwia szukania tego
PS2 troche w dziwnym miejscu masz wpisana obsluge virtusertables ... zwyczajowo jest po wysylaniu zewnetrznym ...
PS3 moj konfig z dzialajacymi @domena.podstawowa masz na http://www.opcode.eu.org/usage_and_config/ip_networ … s/exim4.conf/


"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)

Offline

 

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Możesz wyłączyć AdBlock — tu nie ma reklam ;-)