[EXIM] mail behind a firewall

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dave Waller
Date:  
À: exim-users@exim.org
Sujet: [EXIM] mail behind a firewall
I have exim installed on my firewall to pass packets to my real mail
server on the inside. At least that is what I am triing to do. I am
not getting something and wonder if someone could this out.

Below is the exim.conf from the firewall computer.


Thanks in advance

Dave Waller

-----

# This is the main exim configuration file.
# It was originally generated by `eximconfig', part of the exim package
# distributed with Debian, but it may edited by the mail system
administrator.
# This file originally generated by eximconfig at Wed Oct 7 08:01:20
CDT 1998
# See exim info section for details of the things that can be configured
here.

# Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file.

# This file is divided into several parts, all but the last of which are

# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them
are
# in fact empty). Blank lines, and lines starting with # are ignored.

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want

# to permit unqualified addresses from remote sources. If this option is

# not set, the primary_hostname value is used for qualification.

# dlw qualify_domain = pdcrouter

# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain
here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =

# Specify your local domains as a colon-separated list here. If this
option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do
not want
# to do any local deliveries, uncomment the following line, but do not
supply
# any data for it. This sets local_domains to an empty string, which is
not
# the same as not mentioning it at all. An empty string specifies that
there
# are no local domains; not setting it at all causes the default value
(the
# setting of qualify_recipient) to be used.

local_domains =

# Allow mail addressed to our hostname, or to our IP address.

local_domains_include_host = true
local_domains_include_host_literals = true

# Domains we relay for; that is domains that aren't considered local but
we
# accept mail for them.

#relay_domains =

# If this is uncommented, we accept and relay mail for all domains we
are
# in the DNS as an MX for.

#relay_domains_include_local_mx = true

# No local deliveries will ever be run under the uids of these users (a
colon-
# separated list). An attempt to do so gets changed so that it runs
under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the
default
# setting means you cannot deliver mail addressed to root as if it were
a
# normal user. This isn't usually a problem, as most sites have an alias
for
# root that redirects such mail to a human administrator.

never_users = root

# The setting below causes Exim to do a reverse DNS lookup on all
incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or

# remove the setting entirely.

host_lookup_nets = 0.0.0.0/0

# Exim contains support for the Realtime Blocking List (RBL) that is
being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for
background.
# Uncommenting the following line will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com.

#rbl_domains = rbl.maps.vix.com
#rbl_reject_recipients = false
#rbl_warn_header = true

# The setting below locks out the use of your host as a mail relay by
any
# other host. See the section of the manual entitled "Control of
relaying"
# for more info.

sender_host_reject_relay = *

# If you want Exim to support the "percent hack" for all your local
domains,
# uncomment the following line. This is the feature by which mail
addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to

# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains=*

# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.

trusted_users = mail

# If this option is true, the SMTP command VRFY is supported on incoming

# SMTP connections; otherwise it is not.

smtp_verify = false

# Some operating systems use the "gecos" field in the system password
file
# to hold other information in addition to users' real names. Exim looks
up
# this field when it is creating "sender" and "from" headers. If these
options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields
matched
# by the pattern.

gecos_pattern = ^([^,:]*)
gecos_name = $1

# This string defines the contents of the \`Received' message header
that
# is added to each message, except for the timestamp, which is
automatically
# added on at the end, preceded by a semicolon. The string is expanded
each
# time it is used.

received_header_text = "Received: \
          ${if def:sender_fullhost {from ${sender_fullhost} \
          ${if def:sender_ident {(${sender_ident})}}\n\t}\
          {${if def:sender_ident {from ${sender_ident} }}}}\
          by ${primary_hostname} \
          ${if def:received_protocol {with ${received_protocol}}} \
          (Exim ${version_number} #${compile_number} (Debian))\n\t\
          id ${message_id}"
end



######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# This transport is used for local delivery to user mailboxes. On debian

# systems group mail is used so we can write to the /var/spool/mail
# directory. (The alternative, which most other unixes use, is to
deliver
# as the user's own group, into a sticky-bitted directory)

local_delivery:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
file = /var/spool/mail/${local_part}

# This transport is used for handling pipe addresses generated by alias
# or .forward files. It has a conventional name, since it is not
actually
# mentioned elsewhere in this configuration file. (A different name
*can*
# be specified via the "address_pipe_transport" option if you really
want
# to.) If the pipe generates any standard output, it is returned to the
sender
# of the message as a delivery error. Set return_fail_output instead if
you
# want this to happen only when the pipe fails to complete normally.

address_pipe:
driver = pipe
return_output

# This transport is used for handling file addresses generated by alias
# or .forward files. It has a conventional name, since it is not
actually
# mentioned elsewhere in this configuration file.

address_file:
driver = appendfile

# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be
treated
# as a directory name rather than a file name. Each message is then
delivered
# to a unique file in the directory. If instead you want all such
deliveries to
# be in the "maildir" format that is used by some other mail software,
# uncomment the final option below. If this is done, the directory
specified
# in the .forward or alias file is the base maildir directory.
#
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another
transport,
# called address_directory2. This is used if the path ends in "//" so
should
# be the one used for maildir, as the double slash suggests another
level
# of directory. In the absence of address_directory2, paths ending in //

# are passed to address_directory.

address_directory:
driver = appendfile
no_from_hack
prefix = ""
suffix = ""
# maildir_format

# This transport is used for handling autoreplies generated by the
filtering
# option of the forwardfile director. It has a conventional name, since
it
# is not actually mentioned elsewhere in this configuration file.

address_reply:
driver = autoreply

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

end


######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# This allows local delivery to be forced, avoiding alias files and
# forwarding.

real_local:
prefix = real-
driver = localuser
transport = local_delivery

# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.

system_aliases:
driver = aliasfile
file = /etc/aliases
search_type = lsearch
# user = list
# Uncomment the above line if you are running smartlist

# This director handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.

# For standard debian setup of one group per user, it is
acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the
exim
# default of 022 will apply, which is probably what you want.

userforward:
driver = forwardfile
no_verify
check_ancestor
file = .forward
modemask = 002
filter

# For a satellite sytem, all mail sent to local users is re-directed to
# their accounts on mail.pdcinc.com

smart:
driver = smartuser
new_address = ${local_part}@172.16.0.32

end


######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# Send all mail to a smarthost

smarthost:
driver = domainlist
transport = remote_smtp
route_list = "* 172.16.0.32 byname"

end


######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It
specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,

# starting at 2 hours and increasing each time by a factor of 1.5, up to
16
# hours, then retries every 8 hours until 4 days have passed since the
first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,2h,1.5; F,4d,8h


end


######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# These rewriters make sure the mail messages appear to have originated
# from the real mail-reading host.

^(?i)(root|postmaster|mailer-daemon)@pdcrouter ${1}@??? Ffr
*@pdcrouter ${1}@??? Ffr
*@in.limbo dave@??? Ffr


# This is an example of a useful rewriting rule---it looks up the real
# address of all local users in a file

# *@pdcrouter    ${lookup{$1}lsearch{/etc/email-addresses}\
#                                               {$value}fail} bcfrF


# End of Exim configuration file


--
*** Exim information can be found at http://www.exim.org/ ***