Re: [Exim] multiple domains

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc Perkel
Date:  
À: Matthew Daubenspeck, exim-users
Sujet: Re: [Exim] multiple domains
There are a number of ways to do that. Nothing is standard. Here's mine.

######################################################################
#                         Virtual Email Domains                      #
######################################################################


# The Virtual email domains are configured in a manner that is compatible
# with Linuxconf (http://www.solucorp.qc.ca/linuxconf). Linuxconf is a
# great front end menu system for configuring a lot of settings including
# sendmail, which he added vdeliver for virtual email delivery. The
# linuxconf directory structure is widely accepted as a standard for
# virtual email and there are a number of POP servers that are compatible
# with it. The director structure is as follows:

# Alaises/passwd/shadow:
# /etc/vmail/aliases.$domain
# /etc/vmail/passwd.$domain
# /etc/vmail/shadow.$domain

# Virtual Mailboxes:
# /var/spool/vmail/$domain/$localpart

# Virtual Home:
# /vhome/$domain/home/$localpart

# A list of virtual aliases is kept in /etc/vmail/vdomains



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

primary_hostname = darwin.ctyme.com


# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@???" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.

local_domains = lsearch;/etc/vmail/vdomains : darwin.ctyme.com : 127.0.0.1


# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@???", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.

# local_domains_include_host_literals


# The following line prevents Exim from recognizing addresses of the form
# "user@???" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.

forbid_domain_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

# never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#

host_auth_accept_relay = *
# auth_always_advertise = false

######################################################################
#                      CUSTOMIZATIONS SECTION                        #
######################################################################
#                         Special Commands                           #
######################################################################



# This is the IDENT lookup. The NAT firewall causes a 30 second delay on sends
# So this disables IDENT lookup for people in the office.

rfc1413_hosts = *


# Global Message Filtering

message_filter = /etc/mail/exim.filter
message_filter_file_transport = local_delivery
message_filter_reply_transport = address_reply

# host_reject = /etc/mail/spammers

log_smtp_connections = true
log_level = 4

# sender_reject = rogue@??? : rogue@???
# message_size_limit = 5M
return_size_limit = 5K
message_body_visible = 1500

tls_advertise_hosts = *
tls_certificate = /etc/mail/certs/smtp.ctyme.com.pem
tls_privatekey = /etc/mail/certs/smtp.ctyme.com.pem
tls_host_accept_relay = *

smtp_accept_max = 100
smtp_accept_max_per_host = 10
smtp_accept_reserve = 10

auto_thaw = 1h

remote_max_parallel = 100

# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#

# host_accept_relay =

# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# relay_domains =
#
# See the section of the manual entitled "Control of relaying" for more
# information.


# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# By default, Exim does not make any checks, other than syntactic ones, on
# incoming addresses during the SMTP dialogue. This reduces delays in SMTP
# transactions, but it does mean that you might accept messages with unknown
# recipients, and/or bad senders.

# Uncomment this line if you want incoming recipient addresses to be verified
# during the SMTP dialogue. Unknown recipients are then rejected at this stage,
# and the generation of a failure message is the job of the sending host.

# receiver_verify

# Uncomment this line if you want incoming sender addresses (return-paths) to
# be verified during the SMTP dialogue. Verification can normally only check
# that the domain exists.

sender_verify


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com:dul.maps.vix.com:relays.orbs.org


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *


# When Exim can neither deliver a message nor return it to sender, it "freezes"
# the delivery error message (aka "bounce message"). There are also other
# circumstances in which messages get frozen. They will stay on the queue for
# ever unless one of the following options is set.

# This option unfreezes unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

ignore_errmsg_errors_after = 2d

# This option cancels (removes) frozen messages that are older than a week.

timeout_frozen_after = 7d

end


######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp



# This director handles virtual domains using linuxconf vdeliver - NOT WORKING.

vdeliver:
driver = pipe
command = /usr/lib/linuxconf/lib/vdeliver $local_part $domain
current_directory = /
return_path_add
envelope_to_add
delivery_date_add
return_output
prefix = ""
user = root
group = root


# This director handles virtual domains using local delivery.- linuxconf format

virtual_local_delivery:
driver = appendfile
create_directory = true
directory_mode = 700
file = /var/spool/vmail/${domain}/${local_part}
delivery_date_add
envelope_to_add
return_path_add
allow_symlink
user = ${extract{2} {:} {${lookup {$local_part} lsearch {/etc/vmail/passwd.$domain} {$value}}}}
group = mail
mode = 600



# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
allow_symlink
group = mail
mode = 0660


# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
driver = pipe
return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
driver = autoreply


# Big List LoopBack
loopback_smtp:
driver = smtp
max_rcpt = 100


end



######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

# I'm not using system_aliases

system_aliases:
driver = aliasfile
file = /etc/aliases
domains = darwin.ctyme.com
search_type = lsearch
user = root
file_transport = address_file
pipe_transport = address_pipe


# This director handles virtual user aliases the same was alias files
# are handled

virtual_alias:
driver = aliasfile
user = root
expand
file_transport = address_file
pipe_transport = address_pipe
domains = lsearch;/etc/vmail/vdomains
require_files = /etc/vmail/aliases.$domain
file = /etc/vmail/aliases.$domain
search_type = lsearch*
qualify_preserve_domain


# This director allows me to have an individual domain filter for
# each virtual domain.

virtualdomainfilter:
driver = forwardfile
domains = none.com
# file = /etc/mail/exim.filter
file = /etc/vmail/filter.$domain
user = mail
group = mail
no_verify
no_expn
no_check_local_user
check_ancestor
filter
skip_syntax_errors
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply


# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.

# The no_verify setting means that this director will be skipped when
# verifying addresses if sender_verify or receiver_verify is set (though
# they are not set by default). Similarly, no_expn means that this director
# will be skipped if smtp_expn_hosts is set to allow any hosts to use the
# EXPN command.

# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.

# The three transports specified at the end are those that are used when
# forwarding generates a direct delivery to a file, or to a pipe, or sets
# up an auto-reply, respectively.

userforward:
driver = forwardfile
require_files = /etc/vmail/passwd.$domain
condition = ${lookup {$local_part} lsearch {/etc/vmail/passwd.$domain} {$value}}
file = ${lookup{$local_part}lsearch{/etc/vmail/passwd.$domain}{${extract{5}{:}{$value}}/.forward}}
no_verify
no_expn
no_check_local_user
check_ancestor
filter
skip_syntax_errors
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply


# This director matches virtual local user mailboxes.

virtual_localuser:
driver = smartuser
transport = virtual_local_delivery
# transport = vdeliver
require_files = /etc/vmail/passwd.$domain
domains = lsearch;/etc/vmail/vdomains
condition=${lookup {$local_part} lsearch {/etc/vmail/passwd.$domain} {$value}}



# This director matches local user mailboxes. I'm not using localuser.

localuser:
domains = darwin.ctyme.com
driver = localuser
transport = local_delivery


# VIRTUAL DOMAIN FALLBACK

# If there is no alias and local delivery fails, but there is an alternative
# domain name to forward unsent mail to, then fallbackdomain picks up the new
# name and resends the message. Thus if a message is sent to domain1.com and
# there are not matching user mailboxes or aliases, then the message is
# forwarded to the same user at domain2.com. Domains can be chained.

# The file format is as follows:
#    domain1.com: domain2.com
#    domain2.com: domain3.com


fallbackdomain:
driver = smartuser
condition=${lookup{$domain}lsearch{/etc/vmail/domainfallback}{$value}}
new_address = ${lookup{$domain}lsearch{/etc/vmail/domainfallback}{$local_part@$value}{$local_part@$domain}}


end



######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router splits up lists bigger that 100 messages

split_up_big_list:
driver = domainlist
condition = ${if > {$recipients_count}{100}{yes}{no}}
transport = loopback_smtp
route_list = * 127.0.0.1 byname
self = send



# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

lookuphost:
driver = lookuphost
transport = remote_smtp


# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@???>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.

# domain_literal:
# driver = ipliteral
# transport = remote_smtp


end



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h


end



######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# The /etc/vmail/domainaliases file contains a list of domain aliases

# mydomain.net: mydomain.com
# mydomain.org: mydomain.com

*@* ${lookup{$2}lsearch{/etc/vmail/domainaliases}{$local_part@$value}{$local_part@$domain}} E
*@mail.* $1@$2

end