Re: [Exim] Allowing more INBOUND SMTP connections

Startseite
Nachricht löschen
Nachricht beantworten
Autor: George R Kasica
Datum:  
To: exim-users
Betreff: Re: [Exim] Allowing more INBOUND SMTP connections
On Wed, 31 Oct 2001 12:40:07 +0100 (CET), you wrote:

>On Tue, 30 Oct 2001, George R. Kasica wrote:
>
> > How can I allow exim to permit more INBOUND connections?? Would
>
>smtp_accept_max

DO you have any recommendation for the following values on a busy SMTP
Server running Linux (650MHz CPU, 120GB Disk 768MB RAM:

queue_only_load
smtp_accept_max

Any other things you can think of?

I'm including my conf file for your review if you have the time and
are willing to make any suggestions.

Here it is:

queue_only = true
split_spool_directory = false
######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete
list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a
plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are
available
# from the Exim ftp sites. The manual is also online via the Exim web
sites.


# This file is divided into several parts, all but the last of which
are
# terminated by a line containing the word "end". The parts must
appear
# in the correct order, and all must be present (even if some of them
are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# Specify your host's canonical name here. This should normally be the
fully
# qualified "official" name of your host. If this option is not set,
the
# uname() function is called to obtain the name.

# primary_hostname =


# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@"
character
# followed by a domain. For example, "caesar@???" is a fully
qualified
# address, but the string "caesar" (i.e. just a login name) is an
unqualified
# email address. Unqualified addresses are accepted only from local
callers by
# default. See the receiver_unqualified_{hosts,nets} options if you
want
# to permit unqualified addresses from remote sources. If this option
is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain
here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this
option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do
not want
# to do any local deliveries, uncomment the following line, but do not
supply
# any data for it. This sets local_domains to an empty string, which
is not
# the same as not mentioning it at all. An empty string specifies that
there
# are no local domains; not setting it at all causes the default value
(the
# setting of qualify_recipient) to be used.

local_domains = "dbm;/usr/local/exim/etc/local-domains.db"


# If you want to accept mail addressed to your host's literal IP
address, for
# example, mail addressed to "user@???", then uncomment
the
# following line, or supply the literal domain(s) as part of
"local_domains"
# above. You also need to comment "forbid_domain_literals" below. This
is not
# recommended for today's Internet.

# local_domains_include_host_literals


# The following line prevents Exim from recognizing addresses of the
form
# "user@???" that is, with a "domain literal" (an IP
address)
# instead of a named domain. The RFCs still require this form, but it
makes
# little sense to permit mail to be sent to specific hosts by their IP
address
# in the modern Internet, and this ancient format has been used by
those
# seeking to abuse hosts by using them for unwanted relaying. If you
really
# do want to support domain literals, remove the following line, and
see
# also the "domain_literal" router below.

forbid_domain_literals


# No local deliveries will ever be run under the uids of these users
(a colon-
# separated list). An attempt to do so gets changed so that it runs
under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the
default
# setting means you cannot deliver mail addressed to root as if it
were a
# normal user. This isn't usually a problem, as most sites have an
alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the
local host
# calling its own SMTP port, is locked out by default. If you want to
permit
# relaying from the local host, you should set

host_accept_relay =
"127.0.0.1:lsearch;/usr/local/exim/popw/lib/popauth"

# If you want to permit relaying through your host from certain hosts
or IP
# networks, you need to set the option appropriately, for example
#
# host_accept_relay = my.friends.host : 131.111.0.0/16
#
# If you are an MX backup or gateway of some kind for some domains,
you must
# set relay_domains to match those domains. This will allow any host
to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for
more
# information.


# The setting below causes Exim to do a reverse DNS lookup on all
incoming
# IP calls, in order to get the true host name. If you feel this is
too
# expensive, you can specify the networks for which a lookup is done,
or
# remove the setting entirely.

host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully
qualified, that
# is, they must contain both a local part and a domain. If you want to
accept
# unqualified addresses (just a local part) from certain hosts, you
can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is
done,
# unqualified addresses are qualified using the settings of
qualify_domain
# and/or qualify_recipient (see above).


# By default, Exim does not make any checks, other than syntactic
ones, on
# incoming addresses during the SMTP dialogue. This reduces delays in
SMTP
# transactions, but it does mean that you might accept messages with
unknown
# recipients, and/or bad senders.

# Uncomment this line if you want incoming recipient addresses to be
verified
# during the SMTP dialogue. Unknown recipients are then rejected at
this stage,
# and the generation of a failure message is the job of the sending
host.

# receiver_verify

# Uncomment this line if you want incoming sender addresses
(return-paths) to
# be verified during the SMTP dialogue. Verification can normally only
check
# that the domain exists.

# sender_verify


# Exim contains support for the Realtime Blocking List (RBL) that is
being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for
background.
# Uncommenting the first line below will make Exim reject mail from
any
# host whose IP address is blacklisted in the RBL at maps.vix.com.
Some
# others have followed the RBL lead and have produced other lists: DUL
is
# a list of dial-up addresses, and ORBS is a list of open relay
systems. The
# second line below checks all three lists.
#       RBL = blackholes.mail-abuse.org
#       RSS = relays.mail-abuse.org
#       DUL = dialups.mail-abuse.org
#       RBL+ = rbl-plus.mail.abuse.org


# rbl_domains = blackholes.mail-abuse.org
# rbl_domains =
blackholes.mail-abuse.org:dialups.mail-abuse.org:inputs.orbs.org
# rbl_domains = blackholes.mail-abuse.org:inputs.orbs.org
rbl_domains = relays.ordb.org/reject:or.orbl.org

# If you want Exim to support the "percent hack" for all your local
domains,
# uncomment the following line. This is the feature by which mail
addressed
# to x%y@z (where z is one of your local domains) is locally rerouted
to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

trusted_users = "root : majordom"

remote_max_parallel = 40

message_filter = /usr/local/exim/etc/exim.sysfilter

message_body_visible = 5000

end



######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router
that
# successfully handles an address.


# This transport is used for delivering messages over SMTP
connections.

remote_smtp:
driver = smtp

# This transport is used for local delivery for systems with procmail
installed

procmail:
driver = pipe
command = "/usr/bin/procmail -d ${local_part}"

# This transport is used for local delivery to user mailboxes in
traditional
# BSD mailbox format. By default it will be run under the uid and gid
of the
# local user, and requires the sticky bit to be set on the /var/mail
directory.
# Some systems use the alternative approach of running mail deliveries
under a
# particular group instead of using the sticky bit. The commented
options below
# show how this can be done.

local_delivery:
driver = appendfile
file = /var/spool/mail/${local_part}
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660


# This transport is used for handling pipe deliveries generated by
alias
# or .forward files. If the pipe generates any standard output, it is
returned
# to the sender of the message as a delivery error. Set
return_fail_output
# instead of return_output if you want this to happen only when the
pipe fails
# to complete normally. You can set different transports for aliases
and
# forwards if you want to - see the references to address_pipe in the
directors
# section below.

address_pipe:
driver = pipe
return_output


# This transport is used for handling deliveries directly to files
that are
# generated by aliassing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the
filtering
# option of the forwardfile director.

address_reply:
driver = autoreply


end



######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in
the
# "local_domains" setting above, or those which are passed back from
the
# routers because of a "self=local" setting (not used in this
configuration).


# This director handles aliasing using a traditional /etc/aliases
file.
# If any of your aliases expand to pipes or files, you will need to
set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.
Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might
want
# to set up different ones for pipe and file deliveries from aliases.

virtual_aliases:
driver = aliasfile
file = /usr/local/exim/etc/virtual-aliases.db
search_type = dbm*@
include_domain = true
file_transport = address_file
pipe_transport = address_pipe

system_aliases:
driver = aliasfile
file = /usr/local/exim/etc/aliases.db
search_type = dbm
# user = exim
file_transport = address_file
pipe_transport = address_pipe

#
# Majordomo public aliases
#

majordomo_aliases:
driver = aliasfile
file = /usr/local/exim/etc/majordomo-aliases.db
search_type = dbm
user = majordom
group = majordom
file_transport = address_file
pipe_transport = address_pipe

#
# Majordomo private aliases
#

majordomo_private_aliases:
  driver = aliasfile
  file = /usr/local/exim/etc/majordomo-private-aliases.db
  search_type = dbm
  user = majordom
  group = mail
  file_transport = address_file
  pipe_transport = address_pipe
  condition = "${if eq {$received_protocol}{local} \
               {${if eq {$sender_ident}{majordom} \
               {true}{false}}}{false}}"


# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter"
option.

# The no_verify setting means that this director will be skipped when
# verifying addresses if sender_verify or receiver_verify is set
(though
# they are not set by default). Similarly, no_expn means that this
director
# will be skipped if smtp_expn_hosts is set to allow any hosts to use
the
# EXPN command.

# The check_ancestor option means that if the forward file generates
an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and
B
# has a .forward file pointing to A.

# The three transports specified at the end are those that are used
when
# forwarding generates a direct delivery to a file, or to a pipe, or
sets
# up an auto-reply, respectively.

userforward:
driver = forwardfile
file = .forward
no_verify
no_expn
check_ancestor
# filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply

# This director handles local delivery for systems with procmail
installed.

procmail:
driver = localuser
require_files = /usr/bin/procmail
transport = procmail

# This director matches local user mailboxes.

localuser:
driver = localuser
transport = local_delivery


end



######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any
item
# in the "local_domains" setting above.


# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

lookuphost:
driver = lookuphost
transport = remote_smtp


# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for
example,
# <user@???>. The RFCs require this facility. However, it
is
# little-known these days, and has been exploited by evil people
seeking
# to abuse SMTP relays. Consequently it is commented out in the
default
# configuration. If you uncomment this router, you also need to
comment out
# "forbid_domain_literals" above, so that Exim can recognize the
syntax of
# domain literal addresses.

# domain_literal:
# driver = ipliteral
# transport = remote_smtp


end



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It
specifies
# retries every 15 minutes for 2 hours, then increasing retry
intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up
to 16
# hours, then retries every 8 hours until 4 days have passed since the
first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h


end



######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration
file.

*@eagle.netwrx1.com
${lookup{$1}dbm{/usr/local/exim/etc/reverse-virtual-alia
ses.db}\
                        {$value}fail}


*@eagle.netwrx1.com     $1@???


end



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


# There are no authenticator specifications in this default
configuration file.

# End of Exim configuration file


===[George R. Kasica]===        +1 262 677 0766
President                       +1 206 374 6482 FAX 
Netwrx Consulting Inc.          Jackson, WI USA 
http://www.netwrx1.com
georgek@???
ICQ #12862186
===[George R. Kasica]===        +1 262 677 0766
President                       +1 206 374 6482 FAX 
Netwrx Consulting Inc.          Jackson, WI USA 
http://www.netwrx1.com
georgek@???
ICQ #12862186