Re: [Exim] replacement for smail's pathalias driver

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: John Jetmore
CC: exim-users
Temat: Re: [Exim] replacement for smail's pathalias driver
On Mon, 18 Jun 2001, John Jetmore wrote:

> They need to be treated differently, unfortunately. Although you may not
> need this, let me explain our set up in a bit more detail.


Thinking through this in "Exim mode":

> 1) we have many customer who route their mail through us for virus
> scanning. I will refer to the generic domain.com. Under our smail set
> up, none of these domains are considered local.
>
> 2) mail is received, and it is matched against a scan_inbound router.
> This router (pathalias under smail) rewrites the address as
> 2scan.domain.com and hands it off to a scan_inbound router, which is a
> pipe that does various things with the message. This is a delivery
> transport.


Why does it need to rewrite the address? In Exim you could just match
these domains against a domainlist router, and route them to a transport
that does the pipe, without rewriting. Is there some reason why the
address has to be rewritten?

> 3) the program, when it is done with the message, calls /usr/lib/sendmail
> to re-introduce the message to the queue, still addressed to
> user@???.


What happens if you received a message from outside addressed to
user@????

> 4) Now the message is matched and handled by the scan_outbound router
> (also pathalias). This router statically routes the email to the
> customer's private email server and also rewrites the domain to
> scanned.domain.com.


How does it know what server to use if the address is always
user@???? I can't see how it distinguishes between
different original domains. Something is missing here (may be my
understanding).

> Those are the steps I need to replicate in exim. I need the upmost in
> flexibility, also, because, for instance, in step four above, some of our
> customers have the domain rewritten back to just domain.com. If at all
> possible, I would also like to avoid having to include a transport and
> router for each domain.


The way most people do virus scanning on Exim is to make use of the
"received protocol" field. That can be set (using -oMr) by a trusted
caller. They set up an Exim configuration that passes all messages (or
those to a specific domain(set)) to the scanner unless the received
protocol is "scanned-ok". The scanner is permitted to pass them back
with that particular setting. Thus, no rewriting of any addresses is
involved. All you need is a first router which says, in effect,

If domain matches xxx and received-protocol is not scanned-ok, route
to such-and-such-a-transport.

You can use the "domains" and "condition" options to do this. (Or match
the domains in a domainlist route_list pattern.) The transport sets up
the pipe.

If you were to adopt such an approach, then rewriting certain
domains xxx.domain.com to just domain.com after scanning is a
rewriting issue, not a routing issue. Exim's rewriting rules should be
able to handle that.

[I'm beginning to suspect that this problem is a conflation of rewriting
and routing - things which I feel ought to be entirely separate. There's
a history of people using rewriting for routing - starting with Sendmail
- and my feeling is that is just confuses things.]

If this doesn't help enough, send me a real example with some real
domain names off the list (I suspect I'm not quite understanding how
your names work) and I'll generate more details.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.