Re: [Exim] Overview/Beginner questions (quickies?)

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Nico Erfurth
Date:  
À: Derek Simkowiak
CC: exim-users@exim.org
Sujet: Re: [Exim] Overview/Beginner questions (quickies?)
>     I'm trying to move a Postfix setup to Exim. I've read through the
> general sections of the manual, and skimmed the list archives, and am just
> about ready to dive into building my configuration file.


You should read through the whole configuration, exims docs are very
helpful.

>     I've heard good things about the Exim community, so I'm hoping


Yeah, we are nice guys here :)

> that users can help me with any tips, tricks, or config snippets that I
> should be aware of before I get started. In short, I'm looking for a
> little bit of hand-holding until my confidence and experience grow. Even
> just a "yes that is possible and has been done before" would be very
> encouraging at this point.


From the first view, I think "yes, everything of this is possible"

>     So here it is:

>
> 1. RPMs, anyone? I'm unable to find any RPMs of the 4.x series. I'm
> looking for either a .src.rpm or a Mandrake 9.0 i386 with support for SMTP
> AUTH "LOGIN" and OpenLDAP.


Not that I'm aware of, but IMHO, if you start with exim, go and compile it
yourself, so it just includes what you need.

> 2. SMTP AUTH. I've read that Exim can use PAM directly for SMTP AUTH.
> Where can I read about that kind of setup? (What config options, what
> filename in /etc/pam.d/, is there a howto, etc.)


Pam can be used with the ${if pam{user}{password}}-expansion syntax, but,
if I look at the other needs you have, you maybe don' need it it all.
(And pam with exim needs a special pam module, because exim does not run
as root when it queries pam)

> 3. Misc.
>
>     Here's a brief overview of my setup.  My domains and local users
> are stored in an LDAP database.  I want to make it so that any AUTH'd user
> can relay to wherever he pleases (no matter what I.P. he is coming from).


Pretty easy to do with ACLs, but you should require TLS for AUTH, because
the LOGIN and PLAIN Auth methods are very insecure.

> Other than that, Exim will receive mail for any local user (in the LDAP
> database), but everything else is rejected. (Pretty standard...?)


Exim has the concept of routers, every router tries to process a mail, if
it conditions met (domain/senders/local_part). for rejecting mail to
unknown users, you simply run a verify from ACL, and it will check if the
current address is deliverable, else it will be rejected (or whatever
you defined in your ACL).

>     Note that the LDAP server is also used by PAM; so the email
> accounts are not just in LDAP, they are also "local" to the system via
> PAM.


So every user in the database has his email-address as login? and a single
UID for every user?

Well, this shouldn't be a big deal, you can use the
uid/gid/router_home_directory options of exim 4.12 to set the needed
informations for the router and transport.

>     Here are the tricky bits.  I want to use procmail as the Local
> Delivery Agent for my local users, for two reasons:

>
> 1. It supports the Maildir format, which I need


IIRC procmail doesn't support maildir by default, only with a patch, but I
could be wrong.

> 2. It allows for advanced filtering through well-documented recipes


Have you looked at exim filters?

>     Is there any problem with using procmail as the LDA in Maildir
> mode (when the users are in LDAP and/or PAM)?


It's just a pipe-transport, maybe you need to set some enviroment
variables to make procmail work completly.

>     Finally, here is the really tricky part.  This is what I could not
> (so far) do with Postfix.  This server needs to support multiple domains,
> AND each user needs to have a real Unix system account.  So what's the big
> deal?  The big deal is that I need the system to allow for

>
> dereks@???
> dereks@???
> [etc.]


Soy you really have usernames like "dereks@???" ? Never saw such
things :) But this should be possible, you cant user the usual
check_local_user option to check for a localuser, but you can user
ldap-lookups to check for it, and set uid/gid/... like you need it, and
start a procmail-delivery for every user.

Hmmm, thinking twice about this, it could also be possible to just use.

>     So the really big question is: is there any reason why local users
> cannot have the form "user@???"?  It seems to me that I can just
> define a direct LDAP search to look for the entire email address, instead
> of using $local_part.  (Postfix is hard-coded to only use the stuff up to
> the first '@' when looking for local users, and procmail cannot be used as
> the LDA with Postfix's "virtual users".  Therefor, I'm stuck.  Plus Exim's
> design and feature set is looking very attractive...)


Exim makes no real difference between local and virtual users, you specify
the routers, and exim does what you want.

ciao.