Re: [Exim] Converting to v4 questions

Pàgina inicial
Delete this message
Reply to this message
Autor: Dan Egli
Data:  
A: exim-users
Assumpte: Re: [Exim] Converting to v4 questions
This is a multi-part message in MIME format.
--
Philip Hazel wrote:
> On Wed, 4 Sep 2002, Dan Egli wrote:
>
>
>> In my exim 3 config I have the system set to route all mail to one
>> particular machine. I accomplished this using a domainlist router.
>> However, in v4 appearently routers don't have a domainlist driver.
>> So my simple question is: How would I define ALL outbound mail to
>> go to a particular transport?
>
>
> Use an accept router with appropriate pre-conditions to define what
> you mean by "outbound mail".
>


Ummm, Ok and how do I do that? I'm still quite the novice at v4.

>
>> I have my true mail server (the one I am not upgrading YET) setup
>> to relay to the local machine only unless the user authenticates
>> first. How do I setup the client authentication in exim 4? I tried
>> copying my transport deffinetion from my v3 config file, but it did
>> not recognise authenticate_hosts in the transport deffinetion.
>
>
> Do this kind of check in the ACL. Have you tried passing your v3
> configuration through the convert4r4 script?
>
>

Ok, and how do I check for that in the ACL? And as to the script, Yes I
ran convert4r4. I sent you the config file that convert4r4 didn't parse
properly. Recall the config line that ended with a _ ?? :>

localuser:
driver = domainlist
relay_to_
retry_use_local_part
route_list = "* shortcircuit.dyndns.org byname"
transport = shortcircuit




That is straight from the config file created by convert4r4. Thats why
you wanted my v3 file so you could try and fix convert4r4. I'm sure it's
easy to get folks on this list mixed up though so no worries :>

FYI, I am attaching the exim.conf produced by convert4r4. I have not
touched it at all except to replace the username and password in the
authenticator with place holders.



--
#!!# This file is output from the convert4r4 script, which tries
#!!# to convert Exim 3 configurations into Exim 4 configurations.
#!!# However, it is not perfect, especially with non-simple
#!!# configurations. You must check it before running it.


#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.

domainlist local_domains = eglifam.dyndns.org

domainlist relay_domains = eglifam.dyndns.org
hostlist auth_hosts = shortcircuit.dyndns.org
hostlist relay_hosts = localhost : \
    192.168.0.1/24
hostlist auth_relay_hosts = *


######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available
# from the Exim ftp sites. The manual is also online via the Exim web sites.

# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.


############ IMPORTANT ########## IMPORTANT ########### IMPORTANT ############
#                                                                            #
# Whenever you change Exim's configuration file, you *must* remember to HUP  #
# the Exim daemon, because it will not pick up the new configuration until   #
# until you do this. It is usually a good idea to test a new configuration   #
# for syntactic correctness (e.g. using "exim -C /config/file -bV") first.   #
#                                                                            #
############ IMPORTANT ########## IMPORTANT ########### IMPORTANT ############




######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

primary_hostname = eglifam.dyndns.org


# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@???" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =

# We want to take up to 20 messages per SMTP connection. More than that
# will be delayed till at lest next queue run.
# 20 still craps the system out - Reset to 10
# smtp_accept_queue_per_connection = 20
# 50 was too high, caused some MASSIVE slowdowns. 20 is safer.

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@???", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.

# local_domains_include_host_literals


# The following line prevents Exim from recognizing addresses of the form
# "user@???" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.

# forbid_domain_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

smtp_banner = $primary_hostname ESMTP Exim $tod_full


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
# host_accept_relay = my.friends.host : 192.168.0.0/16
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
#
# See the section of the manual entitled "Control of relaying" for more
# information.


# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# By default, Exim does not make any checks, other than syntactic ones, on
# incoming addresses during the SMTP dialogue. This reduces delays in SMTP
# transactions, but it does mean that you might accept messages with unknown
# recipients, and/or bad senders.

# Uncomment this line if you want incoming recipient addresses to be verified
# during the SMTP dialogue. Unknown recipients are then rejected at this stage,
# and the generation of a failure message is the job of the sending host.

# receiver_verify

# Uncomment this line if you want incoming sender addresses (return-paths) to
# be verified during the SMTP dialogue. Verification can normally only check
# that the domain exists.

# sender_verify


# Exim contains support for the Realtime Blackhole List (RBL) that is being
# maintained as part of the DNS. See http://mail-abuse.org/rbl/ for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at blackholes.mail-abuse.org.
# Some others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and there are also a number of other lists
# of various kinds at orbs.org.

# rbl_domains = blackholes.mail-abuse.org


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *


# When Exim can neither deliver a message nor return it to sender, it "freezes"
# the delivery error message (aka "bounce message"). There are also other
# circumstances in which messages get frozen. They will stay on the queue for
# ever unless one of the following options is set.

# This option unfreezes unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

#!!# ignore_errmsg_errors_after renamed ignore_bounce_errors_after
ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than a week.

timeout_frozen_after = 1d


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl

#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :
  deny    hosts = +auth_hosts
          message = authentication required
         !authenticated = *
  deny    message = host is listed in $dnslist_domain
          dnslists = blackholes.mail-abuse.org:dialups.mail-abuse.org
  accept  domains = +local_domains
  accept  domains = +relay_domains
  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted


#!!# ACL that is used after the DATA command
check_message:
accept




######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################



begin authenticators

shortcircuit:
driver = plaintext
public_name = LOGIN
client_send = : <UNAME> : <PASS>





######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.


#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#


begin routers




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

#bypass_for_Rick:
#driver=domainlist
#route_list="*.theashfords.org ef.theashfords.org byname"
#transport = remote_smtp


# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.

lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
transport = remote_smtp

# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@???>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.

domain_literal:
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
no_more



#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#
######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
#
##### NB NB You must ensure that /etc/aliases exists. It used to be the case
##### NB NB that every Unix had that file, because it was the Sendmail default.
##### NB NB These days, there are systems that don't have it. Your aliases
##### NB NB file should at least contain an alias for "postmaster".
#
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim


# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.

# The no_verify setting means that this director will be skipped when
# verifying addresses if sender_verify or receiver_verify is set (though
# they are not set by default). Similarly, no_expn means that this director
# will be skipped if smtp_expn_hosts is set to allow any hosts to use the
# EXPN command.

# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.

# The three transports specified at the end are those that are used when
# forwarding generates a direct delivery to a file, or to a pipe, or sets
# up an auto-reply, respectively.

userforward:
driver = redirect
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
# filter


# This director matches local user mailboxes.

localuser:
driver = domainlist
relay_to_
retry_use_local_part
route_list = "* shortcircuit.dyndns.org byname"
transport = shortcircuit





######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports

remote_smtp:
driver = smtp


# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/spool/mail/$local_part
group = mail
mode = 0660
return_path_add

shortcircuit:
#!!# authenticate_hosts renamed hosts_try_auth
driver = smtp
hosts = shortcircuit.dyndns.org
hosts_try_auth = shortcircuit.dyndns.org
port = 4000
# hosts_override

# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
driver = pipe
return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
driver = autoreply


# end of transports



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------



begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h



# End of Exim 4 configuration
--