Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2010-08-02 15:20:04
cyb - Użytkownik
- cyb
- Użytkownik
- Zarejestrowany: 2010-07-27
exim4 i aliasy?
teraz mam w eximie tak zdefiniowane kwetsie aliasow:
Kod:
virtusertable_alias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipe
virtusertable_defaultalias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipechcialym moc ustawiac tak, ze:
imie1@domena.pl idzie do usera1
imie2@domena.pl idzie do usera2
a wszystkie inne emaile do domena.pl ida do usera3
a niestety powyzsze aliasy pwooduja,
ze jak tylko ustawie
Kod:
@domena.pl user3
to do usera3 trafiaja wszystkie emaile, rowniez te ktore powinny isc do user1 i user2.
jak powyzsze mozna rozwiazac?
Offline
#2 2010-08-02 17:24:53
bercik - 
Moderator Mamut
Re: exim4 i aliasy?
pusc cos na adres imie1@domena.pl w trybie testowania exim -bh host.OR.IP i sproboj zobaczyc dlaczego sie nie zalapuje na virtusertable_alias ... mam nadzieje ze kolejnosc w konfigu jest taka jak podales ...
"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)
Offline
#3 2010-08-02 18:57:56
cyb - Użytkownik
- cyb
- Użytkownik
- Zarejestrowany: 2010-07-27
Re: exim4 i aliasy?
bercik napisał(-a):
pusc cos na adres imie1@domena.pl w trybie testowania exim -bh host.OR.IP i sproboj zobaczyc dlaczego sie nie zalapuje na virtusertable_alias ... mam nadzieje ze kolejnosc w konfigu jest taka jak podales ...
kolejnosc jest taka sama, robilem ^C^V.
ten fragment jest interesujacy:
Kod:
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing imie1@domena.pl >>> calling virtusertable_alias router >>> routed by virtusertable_alias router >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing user1@domena.pl >>> calling virtusertable_alias router >>> virtusertable_alias router declined for user1@domena.pl >>> calling virtusertable_defaultalias router >>> routed by virtusertable_defaultalias router >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing user3@domena.pl >>> calling virtusertable_alias router >>> virtusertable_alias router declined for user3@domena.pl >>> calling virtusertable_defaultalias router >>> routed by virtusertable_defaultalias router >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing user3@domena.pl >>> calling virtusertable_alias router >>> virtusertable_alias router declined for user3@domena.pl
czyli jak widac pyta po kolei i wpierw wg virtusertable_alias jest ok, kieruje poczte do user1,
ale pozniej nie wiaodmo po co pyta sie virtusertable_defaultalias i wtedy przekierowywuje do user3
gdy w /etc/mail/virtusertables zakomentuje linie:
#@domena.pl user3 to wtedy wszystko ladnie i cacy:
Kod:
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing imie1@domena.pl >>> calling virtusertable_alias router >>> routed by virtusertable_alias router >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing user1@domena.pl >>> calling virtusertable_alias router >>> virtusertable_alias router declined for user1@domena.pl >>> calling virtusertable_defaultalias router >>> virtusertable_defaultalias router declined for user1@domena.pl
Ostatnio edytowany przez cyb (2010-08-02 19:25:27)
Offline
#4 2010-08-02 19:47:02
bercik - Moderator Mamut
Re: exim4 i aliasy?
to sporo wyjasnia ... sproboj w /etc/mail/virtusertables dac:
Kod:
imie1@domena.pl user1@podstawowa.domena.serwera
lub
Kod:
imie1@domena.pl \\user1
"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)
Offline
#5 2010-08-02 20:03:34
cyb - Użytkownik
- cyb
- Użytkownik
- Zarejestrowany: 2010-07-27
Re: exim4 i aliasy?
bercik napisał(-a):
to sporo wyjasnia
mi akurat niewiele wyjasnilo.
mozesz poszerzyc swoja wypowiedz?
niestety obie metody nie dzialaja.
na wszelki wypadek publikuje exim4.conf.template, moze ktos cos wypatrzy blednego w konfiduracji
(czesc komentarzy wywalilem, bo post byl za duzy)
Kod:
#####################################################
### main/01_exim4-config_listmacrosdefs
#####################################################
######################################################################
# Runtime configuration file for Exim 4 (Debian Packaging) #
######################################################################
exim_path = /usr/sbin/exim4
primary_hostname = domena.pl
#pod ssl:
tls_certificate = /etc/mail/exim.crt
tls_privatekey = /etc/mail/exim.key
tls_advertise_hosts = *
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
UPEX4CmacrosUPEX4C = 1
#domainlist local_domains = MAIN_LOCAL_DOMAINS
domainlist local_domains = domena.pl : domena.com : domena.eu
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
hostlist relay_from_hosts = MAIN_RELAY_NETS
# Decide which domain to use to add to all unqualified addresses.
# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
# the first line of /etc/mailname is used.
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim4/update-exim4.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
LOCAL_DELIVERY=mail_spool
.endif
# The gecos field in /etc/passwd holds not only the name. see passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
# always log tls_peerdn as we use TLS for outgoing connects by default
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif
#####################################################
### end main/01_exim4-config_listmacrosdefs
#####################################################
#####################################################
### main/02_exim4-config_options
#####################################################
### main/02_exim4-config_options
#################################
# Defines the access control list that is run when an
# SMTP MAIL command is received.
#
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
# av_scanner = clamd:/tmp/clamd
# spamd_address = 127.0.0.1 783
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
# users in admin group can do many other things
# admin_groups = <unset>
# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
#####################################################
### end main/02_exim4-config_options
#####################################################
#####################################################
### main/03_exim4-config_tlsoptions
#####################################################
### main/03_exim4-config_tlsoptions
#################################
# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif
# Pointer to the CA Certificates against which client certificates are
# checked. This is controlled by the `tls_verify_hosts' and
# `tls_try_verify_hosts' lists below.
# If you want to check server certificates, you need to add an
# tls_verify_certificates statement to the smtp transport.
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates(8) command.
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
# A list of hosts which are constrained by `tls_verify_certificates'. A host
# that matches `tls_verify_host' must present a certificate that is
# verifyable through `tls_verify_certificates' in order to be accepted as an
# SMTP client. If it does not, the connection is aborted.
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
#####################################################
### end main/03_exim4-config_tlsoptions
#####################################################
#####################################################
### main/90_exim4-config_log_selector
#####################################################
### main/90_exim4-config_log_selector
#################################
# uncomment this for debugging
# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
#####################################################
### end main/90_exim4-config_log_selector
#####################################################
#####################################################
### acl/00_exim4-config_header
#####################################################
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
#####################################################
### end acl/00_exim4-config_header
#####################################################
#####################################################
### acl/20_exim4-config_local_deny_exceptions
#####################################################
### acl/20_exim4-config_local_deny_exceptions
#################################
acl_local_deny_exceptions:
accept
hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
{CONFDIR/host_local_deny_exceptions}\
{}}
accept
senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
{CONFDIR/sender_local_deny_exceptions}\
{}}
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.endif
# this is still supported for a transition period and is deprecated.
.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif
#####################################################
### end acl/20_exim4-config_local_deny_exceptions
#####################################################
#####################################################
### acl/30_exim4-config_check_mail
#####################################################
### acl/30_exim4-config_check_mail
#################################
# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
.ifdef CHECK_MAIL_HELO_ISSUED
deny
message = no HELO given before MAIL command
condition = ${if def:sender_helo_name {no}{yes}}
.endif
accept
#####################################################
### end acl/30_exim4-config_check_mail
#####################################################
#####################################################
### acl/30_exim4-config_check_rcpt
#####################################################
### acl/30_exim4-config_check_rcpt
#################################
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept
hosts = :
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# The second rule applies to all other domains, and its default is
# considerably less strict.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
accept
hosts = +relay_from_hosts
control = submission/sender_retain
accept
authenticated = *
control = submission/sender_retain
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains.
require
verify = recipient
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
# Warn if the sender host does not have valid reverse DNS.
#
# If your system can do DNS lookups without delay or cost, you might want
# to enable this.
# If sender_host_address is defined, it's a remote call. If
# sender_host_name is not defined, then reverse lookup failed. Use
# this instead of !verify = reverse_host_lookup to catch deferrals
# as well as outright failures.
.ifdef CHECK_RCPT_REVERSE_DNS
warn
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
.endif
# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
# install "libmail-spf-query-perl" which provides the spfquery command.
# Missing libmail-spf-query-perl will trigger the "Unexpected error in
# SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}
warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}
# Support for best-guess (see http://www.openspf.org/developers-guide.html)
warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
{pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
warn
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################
# Accept if the address is in a domain for which we are an incoming relay,
# but again, only if the recipient can be verified.
accept
domains = +relay_to_domains
endpass
verify = recipient
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
#####################################################
### end acl/30_exim4-config_check_rcpt
#####################################################
#####################################################
### acl/40_exim4-config_check_data
#####################################################
### acl/40_exim4-config_check_data
#################################
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
acl_check_data:
# Deny unless the address list headers are syntactically correct.
#
# If you enable this, you might reject legitimate mail.
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_local_deny_exceptions
!verify = header_syntax
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# accept otherwise
accept
#####################################################
### end acl/40_exim4-config_check_data
#####################################################
#####################################################
### router/00_exim4-config_header
#####################################################
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
#vdom_aliases:
# driver = redirect
# allow_defer
# allow_fail
# domains = dsearch;/etc/mail/virtual
# data = ${expand:${lookup{$local_part}lsearch*@{/etc/mail/virtual/$domain}}}
# retry_use_local_part
# pipe_transport = address_pipe
# file_transport = address_file
virtusertable_alias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipe
virtusertable_defaultalias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipe
#####################################################
### end router/00_exim4-config_header
#####################################################
#####################################################
### router/100_exim4-config_domain_literal
#####################################################
### router/100_exim4-config_domain_literal
#################################
# This router handles e-mail addresses in "domain literal" form like
# <user@[10.11.12.13]>. The RFCs require this facility, but it is disabled
# in the default config since it is seldomly used and frequently abused.
# Domain literal support also needs to be enabled in the main config,
# which is automatically done if you use the enable macro
# MAIN_ALLOW_DOMAIN_LITERALS.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif
#####################################################
### end router/100_exim4-config_domain_literal
#####################################################
#####################################################
### router/150_exim4-config_hubbed_hosts
#####################################################
# router/150_exim4-config_hubbed_hosts
#################################
# route specific domains manually.
#
# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for
# more detailed documentation.
hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
same_domain_copy_routing = yes
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp
#####################################################
### end router/150_exim4-config_hubbed_hosts
#####################################################
#####################################################
### router/200_exim4-config_primary
#####################################################
### router/200_exim4-config_primary
#################################
# This file holds the primary router, responsible for nonlocal mails
.ifdef DCconfig_internet
# configtype=internet
#
# deliver mail to the recipient if recipient domain is a domain we
# relay for. We do not ignore any target hosts here since delivering to
# a site local or even a link local address might be wanted here, and if
# such an address has found its way into the MX record of such a domain,
# the local admin is probably in a place where that broken MX record
# could be fixed.
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
# deliver mail directly to the recipient. This router is only reached
# for domains that we do not relay for. Since we most probably can't
# have broken MX records pointing to site local or link local IP
# addresses fixed, we ignore target hosts pointing to these addresses.
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
.endif
.ifdef DCconfig_local
# configtype=local
#
# Stand-alone system, so generate an error for mail to a non-local domain
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
# configtype=smarthost or configtype=satellite
#
# Send all non-local mail to a single other machine (smarthost).
#
# This means _ALL_ non-local mail goes to the smarthost. This will most
# probably not do what you want for domains that are listed in
# relay_domains. The most typical use for relay_domains is to control
# relaying for incoming e-mail on secondary MX hosts. In that case,
# it doesn't make sense to send the mail to the smarthost since the
# smarthost will probably send the message right back here, causing a
# loop.
#
# If you want to use a smarthost while being secondary MX for some
# domains, you'll need to copy the dnslookup_relay_to_domains router
# here so that mail to relay_domains is handled separately.
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more
.endif
# The "no_more" above means that all later routers are for
# domains in the local_domains list, i.e. just like Exim 3 directors.
#####################################################
### end router/200_exim4-config_primary
#####################################################
#####################################################
### router/300_exim4-config_real_local
#####################################################
### router/300_exim4-config_real_local
#################################
# This router allows reaching a local user while avoiding local
# processing. This can be used to inform a user of a broken .forward
# file, for example. The userforward router does this.
COND_LOCAL_SUBMITTER = "\
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
}"
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY
#####################################################
### end router/300_exim4-config_real_local
#####################################################
#####################################################
### router/400_exim4-config_system_aliases
#####################################################
### router/400_exim4-config_system_aliases
#################################
# This router handles aliasing using a traditional /etc/aliases file.
#
##### NB You must ensure that /etc/aliases exists. It used to be the case
##### NB that every Unix had that file, because it was the Sendmail default.
##### NB These days, there are systems that don't have it. Your aliases
##### NB file should at least contain an alias for "postmaster".
#
# This router handles the local part in a case-insensitive way which
# satisfies the RFCs requirement that postmaster be reachable regardless
# of case. If you decide to handle /etc/aliases in a caseful way, you
# need to make arrangements for a caseless postmaster.
#
# Delivery to arbitrary directories, files, and piping to programs in
# /etc/aliases is disabled per default.
# If that is a problem for you, see
# /usr/share/doc/exim4-base/README.Debian.gz
# for explanation and some workarounds.
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif
#####################################################
### end router/400_exim4-config_system_aliases
#####################################################
#####################################################
### router/500_exim4-config_hubuser
#####################################################
### router/500_exim4-config_hubuser
#################################
.ifdef DCconfig_satellite
# This router is only used for configtype=satellite.
# It takes care to route all mail targetted to <somelocaluser@this.machine>
# to the host where we read our mail
#
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user
# Grab the redirected mail and deliver it.
# This is a duplicate of the smarthost router, needed because
# DCreadhost might end up as part of +local_domains
hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
check_local_user
.endif
#####################################################
### end router/500_exim4-config_hubuser
#####################################################
#####################################################
### router/600_exim4-config_userforward
#####################################################
### router/600_exim4-config_userforward
#################################
# This router handles forwarding using traditional .forward files in users'
# home directories. It also allows mail filtering with a forward file
# starting with the string "# Exim filter" or "# Sieve filter".
#
# The no_verify setting means that this router is skipped when Exim is
# verifying addresses. Similarly, no_expn means that this router is skipped if
# Exim is processing an EXPN command.
#
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.
#
# The four transports specified at the end are those that are used when
# forwarding generates a direct delivery to a directory, or a file, or to a
# pipe, or sets up an auto-reply, respectively.
#
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.
#####################################################
### end router/600_exim4-config_userforward
#####################################################
#####################################################
### router/700_exim4-config_procmail
#####################################################
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
# emulate OR with "if exists"-expansion
require_files = ${local_part}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn
#####################################################
### end router/700_exim4-config_procmail
#####################################################
#####################################################
### router/800_exim4-config_maildrop
#####################################################
### router/800_exim4-config_maildrop
#################################
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn
#####################################################
### end router/800_exim4-config_maildrop
#####################################################
#####################################################
### router/850_exim4-config_lowuid
#####################################################
### router/850_exim4-config_lowuid
#################################
.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif
.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif
COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
${if and{{! match_ip{$sender_host_address}{:@[]}}\
{<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
{1}{0}\
}"
lowuid_aliases:
debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
check_local_user
driver = redirect
allow_fail
domains = +local_domains
condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
data = ${if exists{/etc/exim4/lowuid-aliases}\
{${lookup{$local_part}lsearch{/etc/exim4/lowuid-aliases}\
{$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
#####################################################
### end router/850_exim4-config_lowuid
#####################################################
#####################################################
### router/900_exim4-config_local_user
#####################################################
### router/900_exim4-config_local_user
#################################
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user
#####################################################
### end router/900_exim4-config_local_user
#####################################################
#####################################################
### router/mmm_mail4root
#####################################################
### router/mmm_mail4root
#################################
# deliver mail addressed to root to /var/mail/mail as user mail:mail
# if it was not redirected in /etc/aliases or by other means
# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail
#####################################################
### end router/mmm_mail4root
#####################################################
#####################################################
### transport/00_exim4-config_header
#####################################################
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
#####################################################
### end transport/00_exim4-config_header
#####################################################
#####################################################
### transport/10_exim4-config_transport-macros
#####################################################
### transport/10_exim4-config_transport-macros
#################################
.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
#####################################################
### end transport/10_exim4-config_transport-macros
#####################################################
#####################################################
### transport/30_exim4-config_address_file
#####################################################
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
#
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
#####################################################
### end transport/30_exim4-config_address_file
#####################################################
#####################################################
### transport/30_exim4-config_address_pipe
#####################################################
# This transport is used for handling pipe deliveries generated by
# .forward files. If the commands fails and produces any output on standard
# output or standard error streams, the output is returned to the sender
# of the message as a delivery error.
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output
#####################################################
### end transport/30_exim4-config_address_pipe
#####################################################
#####################################################
### transport/30_exim4-config_address_reply
#####################################################
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
#
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply
#####################################################
### end transport/30_exim4-config_address_reply
#####################################################
#####################################################
### transport/30_exim4-config_mail_spool
#####################################################
### transport/30_exim4-config_mail_spool
# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format.
#
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false
quota = ${lookup{$local_part}lsearch{/etc/mail/local_quota.conf}{$value}{50M}}
message_size_limit = 50M
quota_warn_message = "\
Content-Type: text/plain; charset=ISO-8859-2\n\
To: $local_part@$domain\n\
Reply-to: root@$domain\n\
Subject: Twoja skrzynka pocztowa jest prawie PELNA (w 90%)!!!\n\
\n\
*** Ta wiadomo¶ć została wygenerowana automatycznie ***\n\
\n\
Uprzejmie informujemy, iż skrzynka pocztowa została zapełniona w 90%\n\
swojej pojemno¶ci. W przypadku 100% nie będ± dostarczane\n\
do Ciebie nowe wiadomo¶ci. Opróżnij skrzynkę pocztow± ze starych\n\
wiadomo¶ci.\n"
quota_warn_threshold = 90%
#####################################################
### end transport/30_exim4-config_mail_spool
#####################################################
#####################################################
### transport/30_exim4-config_maildir_home
#####################################################
### transport/30_exim4-config_maildir_home
#################################
# Use this instead of mail_spool if you want to to deliver to Maildir in
# home-directory - change the definition of LOCAL_DELIVERY
#
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false
# This transport always chdirs to $home before trying to deliver. If
# $home is not accessible, this chdir fails and prevents delivery.
# If you are in a setup where home directories might not be
# accessible, uncomment the current_directory line below.
# current_directory = /
#####################################################
### end transport/30_exim4-config_maildir_home
#####################################################
#####################################################
### transport/30_exim4-config_maildrop_pipe
#####################################################
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add
#####################################################
### end transport/30_exim4-config_maildrop_pipe
#####################################################
#####################################################
### transport/30_exim4-config_procmail_pipe
#####################################################
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
#####################################################
### end transport/30_exim4-config_procmail_pipe
#####################################################
#####################################################
### transport/30_exim4-config_remote_smtp
#####################################################
### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
helo_data=REMOTE_SMTP_HELO_DATA
.endif
#####################################################
### end transport/30_exim4-config_remote_smtp
#####################################################
#####################################################
### transport/30_exim4-config_remote_smtp_smarthost
#####################################################
### transport/30_exim4-config_remote_smtp_smarthost
#################################
# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
helo_data=REMOTE_SMTP_HELO_DATA
.endif
#####################################################
### end transport/30_exim4-config_remote_smtp_smarthost
#####################################################
#####################################################
### transport/35_exim4-config_address_directory
#####################################################
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name.
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
maildir_format
#####################################################
### end transport/35_exim4-config_address_directory
#####################################################
#####################################################
### retry/00_exim4-config_header
#####################################################
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
#####################################################
### end retry/00_exim4-config_header
#####################################################
#####################################################
### retry/30_exim4-config
#####################################################
### retry/30_exim4-config
#################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.
# Please note that these rules only limit the frequenzy of retries, the
# effective retry-time depends on the frequenzy of queue-running, too.
# See QUEUEINTERVAL in /etc/default/exim4.
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
#####################################################
### end retry/30_exim4-config
#####################################################
#####################################################
### rewrite/00_exim4-config_header
#####################################################
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
#####################################################
### end rewrite/00_exim4-config_header
#####################################################
#####################################################
### rewrite/31_exim4-config_rewriting
#####################################################
### rewrite/31_exim4-config_rewriting
#################################
# This rewriting rule is particularily useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
# identical rewriting rule for /etc/mailname
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
.endif
#####################################################
### end rewrite/31_exim4-config_rewriting
#####################################################
#####################################################
### auth/00_exim4-config_header
#####################################################
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
#####################################################
### end auth/00_exim4-config_header
#####################################################
#####################################################
### auth/30_exim4-config_examples
#####################################################
### auth/30_exim4-config_examples
#################################
# The examples below are for server side authentication, when the
# local exim is SMTP server and clients authenticate to the local exim.
# They allow two styles of plain-text authentication against an
# CONFDIR/passwd file whose syntax is described in exim4_passwd(5).
# Hosts that are allowed to use AUTH are defined by the
# auth_advertise_hosts option in the main configuration. The default is
# "*", which allows authentication to all hosts over all kinds of
# connections if there is at least one authenticator defined here.
# Authenticators which rely on unencrypted clear text passwords don't
# advertise on unencrypted connections by default. Thus, it might be
# wise to set up TLS to allow encrypted connections. If TLS cannot be
# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
# advertise unencrypted clear text password based authenticators on all
# connections. As this is severely reducing security, using TLS is
# preferred over allowing clear text password based authenticators on
# unencrypted connections.
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
#
# cram_md5_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
# server_set_id = $auth1
# Here is an example of CRAM-MD5 authentication against PostgreSQL:
#
# psqldb_auth_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
# server_set_id = $auth1
# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
# plain_saslauthd_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
#
# login_saslauthd_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# # don't send system passwords over unencrypted connections
# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
#
# ntlm_sasl_server:
# driver = cyrus_sasl
# public_name = NTLM
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
#
# digest_md5_sasl_server:
# driver = cyrus_sasl
# public_name = DIGEST-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
# Authentcate against cyrus-sasl
# This is mainly untested, please report any problems to
# pkg-exim4-users@lists.alioth.debian.org.
# cram_md5_sasl_server:
# driver = cyrus_sasl
# public_name = CRAM-MD5
# server_realm = <short main hostname>
# server_set_id = $auth1
#
# plain_sasl_server:
# driver = cyrus_sasl
# public_name = PLAIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
#
# login_sasl_server:
# driver = cyrus_sasl
# public_name = LOGIN
# server_realm = <short main hostname>
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
# Authenticate against courier authdaemon
# This is now the (working!) example from
# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
# Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
# plain_courier_authdaemon:
# driver = plaintext
# public_name = PLAIN
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/var/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
# {yes} \
# fail}
# server_set_id = $auth2
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
# login_courier_authdaemon:
# driver = plaintext
# public_name = LOGIN
# server_prompts = Username:: : Password::
# server_condition = \
# ${extract {ADDRESS} \
# {${readsocket{/var/run/courier/authdaemon/socket} \
# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
# {yes} \
# fail}
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
# This one is a bad hack to support the broken version 4.xx of
# Microsoft Outlook Express which violates the RFCs by demanding
# "250-AUTH=" instead of "250-AUTH ".
# If your list of offered authenticators is other than PLAIN and LOGIN,
# you need to adapt the public_name line manually.
# It has to be the last authenticator to work and has not been tested
# well. Use at your own risk.
# See the thread entry point from
# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html
# for the related discussion on the exim-users mailing list.
# Thanks to Fred Viles for this great work.
# support_broken_outlook_express_4_server:
# driver = plaintext
# public_name = "\r\n250-AUTH=PLAIN LOGIN"
# server_prompts = User Name : Password
# server_condition = no
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
##############
# See /usr/share/doc/exim4-base/README.Debian.gz
##############
# These examples below are the equivalent for client side authentication.
# They get the passwords from CONFDIR/passwd.client, whose format is
# defined in exim4_passwd_client(5)
# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.
#cram_md5:
# driver = cram_md5
# public_name = CRAM-MD5
# client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
# client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
#
## this returns the matching line from passwd.client and doubles all ^
#PASSWDLINE=${sg{\
# ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
# }\
# {\\N[\\^]\\N}\
# {^^}\
# }
#
#plain:
# driver = plaintext
# public_name = PLAIN
#.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
# client_send = "<; ${if !eq{$tls_cipher}{}\
# {^${extract{1}{:}{PASSWDLINE}}\
# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
# }fail}"
#.else
# client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.endif
#
#login:
# driver = plaintext
# public_name = LOGIN
#.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
# # Return empty string if not non-TLS AND looking up $host in passwd-file
# # yields a non-empty string; fail otherwise.
# client_send = "<; ${if and{\
# {!eq{$tls_cipher}{}}\
# {!eq{PASSWDLINE}{}}\
# }\
# {}fail}\
# ; ${extract{1}{::}{PASSWDLINE}}\
# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.else
# # Return empty string if looking up $host in passwd-file yields a
# # non-empty string; fail otherwise.
# client_send = "<; ${if !eq{PASSWDLINE}{}\
# {}fail}\
# ; ${extract{1}{::}{PASSWDLINE}}\
# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
#.endif
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_prompts = :
# powyższy wpis zadziała przy saslauthd -a shadow, jeżeli
# uruchomicie saslauthd -a pam (np. PLD) wpiszcie wtedy:
# server_condition = ${if saslauthd{{$2}{$3}{smtp}}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
# powyższy wpis zadziała przy saslauthd -a shadow, jeżeli
# uruchomicie saslauthd -a pam (np. PLD) wpiszcie wtedy:
# server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}}
server_set_id = $1
#####################################################
### end auth/30_exim4-config_examples
#####################################################Ostatnio edytowany przez cyb (2010-08-02 21:29:07)
Offline
#6 2010-08-02 22:13:28
bercik - Moderator Mamut
Re: exim4 i aliasy?
wyjasnia to to ze virtusertable dziala ... tylko z jakiegos powodu konta user1, user2 uznawane sa za lezace w domenie "domena.pl" ... plik konfiguracyjny wyjasnia ze domena.pl jest podstawowa domena pocztowa (primary_hostname) ... a to wyjasnia dlaczego tak sie dzieje ...
jezeli faktycznie masz tylko ta jedna domene lub chesz zrobic takie przekierowanie dla podatwowej domeny pocztowej najprosciej chyba dodac w odpowiednim miejscu (po obsludze dostarczania do lokalnego usera) router powodujacy przeslanie pozostalych listow do user3 zamiast uzywania takiego wpisu w virtusertable ...
Ostatnio edytowany przez bercik (2010-08-02 22:13:54)
"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)
Offline
#7 2010-08-02 22:27:45
cyb - Użytkownik
- cyb
- Użytkownik
- Zarejestrowany: 2010-07-27
Re: exim4 i aliasy?
bercik napisał(-a):
wyjasnia to to ze virtusertable dziala ... tylko z jakiegos powodu konta user1, user2 uznawane sa za lezace w domenie "domena.pl" ... plik konfiguracyjny wyjasnia ze domena.pl jest podstawowa domena pocztowa (primary_hostname) ... a to wyjasnia dlaczego tak sie dzieje ...
jezeli faktycznie masz tylko ta jedna domene lub chesz zrobic takie przekierowanie dla podatwowej domeny pocztowej najprosciej chyba dodac w odpowiednim miejscu (po obsludze dostarczania do lokalnego usera) router powodujacy przeslanie pozostalych listow do user3 zamiast uzywania takiego wpisu w virtusertable ...
domen mam kilka i to akurat niedotyczy tylko podstawowej domeny.
jesli zrobie w virtusertable:
imie2@domena.com user2
@domena.com user3
to i tak email wyslany do imie2@domena2.com laduje w skrzynce user3
caly problem polega na tym, ze nie moge powydzielac sobie poczty dla userow, a to co przyjdzie na domene i nie bedzie przypisane do konkretnego usera, to zeby szlo do domyslnego usera
czyli jak do istniejacych regulek dorobic sobie catch all?
Ostatnio edytowany przez cyb (2010-08-02 23:38:18)
Offline
#8 2010-08-03 11:54:07
bercik - Moderator Mamut
Re: exim4 i aliasy?
tak wiec jaki jest przebieg (exim -bh host.OR.IP) dla maila na imie1@domena.nie.podstawowa gdy w virtusertables masz wpisy:
Kod:
imie1@domena.nie.podstawowa user1@domena.podstawowa @domena.nie.podstawowa user2@domena.podstawowa
i nie masz wpisu "@domena.podstawowa user3"
PS1 chodzi o to ze metodyka ogolnie jest ok tylko cos gdzies masz skopane ... a zamienianie wszystkich domen na domena.pl w pokazywanych konfigach nie ulatwia szukania tego
PS2 troche w dziwnym miejscu masz wpisana obsluge virtusertables ... zwyczajowo jest po wysylaniu zewnetrznym ...
PS3 moj konfig z dzialajacymi @domena.podstawowa masz na http://www.opcode.eu.org/usage_and_config/ip_networ … s/exim4.conf/
"Wszyscy wiedzą, że czegoś zrobić nie można. Ale przypadkowo znajduje się jakiś nieuk, który tego nie wie. I on właśnie robi odkrycie." (A.Einstein)
Offline