<config>
> hostlist relay_from_hosts = 127.0.0.1
it's an good idea to add your local ip's here too
> helo_try_verify_hosts = *:!local_domains
This entry is BS in three ways
1. Exim will abort after the *, because this matches for everything, so
!local_domains will never be checked
2. local_domains is a domainlist, so it can't be used if you want to
check for HOSTS
3. Lists are given with +listname, otherwise it is an single name
> ######ACL#######
> begin acl
>
> acl_check_rcpt:
> accept hosts = :
>
> deny local_parts = ^.*[@%!/|]
> message = invalid characters in local part
>
> accept local_parts = postmaster
> domains = +local_domains
> require verify = sender
First sender verify ^^^^^^^^^
>
> accept domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
>
> accept domains = +relay_to_domains
> endpass
> message = unrouteable adress
> verify = recipient
>
> accept hosts = +relay_from_hosts
> accept authenticated = *
> message = not authenticated
> deny message = relay not permitted
>
> require message = Sender verify failed
> verify = sender
The last one is useless, because it will NEVER be reached, because you
deny everything that does not match before, further, you did a sender
verification before
Reorder your routers!
amavis_router:
dnslookup:
virtual_known_local_useralias:
virtual_user_alias_forward:
virtual_user_forward:
virtual_known_local_user:
virtual_unknown_local_user:
localuser:
I did not check the routers themself, because they are too messy, and
it's too late ;), but a quick overviews shows, that some could be
removed, or putted together with another router.
</config>
volker augustin wrote:
> thanks nico,
> thats a great help. i carefully read it and tryied around with a new
> configuration.
Doesn't look much better than the old one ;)
> now, i put the ACL's in the suggested order and changed my domain lists
> to the following:
>
> domainlist local domains =@ : pgsql;SELECT domain from domain where
> aktiv=1 and "local"=1
> and
> domainlist relay_to_domains = pgsql;SELECT domain from domain where
> aktiv=1 and "local"=0
do you need the "" around local?
> and i set my relay from hosts list to:
> hostlist relay_from_hosts = 127.0.0.1
Add you local ips too.
> so, i understand my mistake with the lookup in the domainlists and also
> the acl stuff makes sense (i dont understand it well, but it may work *g*)
Read the docs, again and again and again, until you really know them.
If in doubt, read them again ;)
> now i can send messages from yahoo or somewhere else to one of my
> accounts on the server, and also send messages from an authenticated
> host to my server.
> authentication seems to work well,
> but if i send a mail through my server to another doman which is not on
> my server, i got an 'unrouteable address' -error?
This could be a problem with your ordering of the routers. Try the
current order, if in doubt, run exim with exim -d and look for the
output, it's VERY helpfull.
> what am i doing wrong?
> any suggestions? i took my old config to send this mail to the list ;)
Try again....
> another question:
>
> does it make sense to set
> domains = !+local_domains : !+relay_to_domains
> in the dnslookup-router??
Nope, (at least not in most cases) if you are a backup mx for the
relay_to_domains the dnslookup router just tries to send the mail to the
primary mx. If you have a destination that is "behind you", and there is
no primary mx record that you could send the mail too, you need a
manualrouter, to say "hey, mails for this domain to this mx please".
>
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 127.0.0.0/8
add :0.0.0.0 here
> no_more
> ##############
> > the lookup;-syntax is more like a command, it means "do the lookup if
> > you reach this, if i get a good response, this is fine for me"
> you mean i results in something like 'true' and 'false'?
mostly, yes
