Re: [Exim] Offer some exim advice?

Top Page
Delete this message
Reply to this message
Author: Yann Golanski
Date:  
To: Brett Thorson
CC: exim-users
Subject: Re: [Exim] Offer some exim advice?
--
Quoth Brett Thorson on Thu, Feb 13, 2003 at 11:03:47 -0500
> I have configured exim to work with majordomo and mailman, and I think it is
> great.


Why both mailman and majordomo?

> The mail server would be outside the firewall, and be used for incoming e-mail
> from everyone, and relaying for employees outside our network (working from
> home, authenticated with TLS / OpenSSL).


Do make sure that your mail server is running IPchains -- or whatever
firewall software your OS likes -- otherwise you may have some nasty
surprises. I'd have some intrustion detection system there as well as
well as some monitoring tools -- write in C not in a Pathetic Excuse for
a Real Language.

As for mail authenticity there is something called AUTH that you should
look at. It's somewhere in the manual. Of course your users can use
ESMTP as well -- which is a good idea if they are coming from hostil
networks. A hostil network is any where you do not have root access on
the routers.

> We would have a spam filter program accepting mail on port 25. If the mail
> passes through the filter, then it gets sent into Exim for processing on an
> unadvertised SMTP port. Exim would restrict connections to this hidden port
> to the output of the SPAM filter (Same machine basically). It would also
> stop relaying.


No need to do that as you can run Spamassassin from Exim itself.

> I would also like to run a relay for home users. Using the SSMTP port, accept
> and verify users, and then allow that mail to be sent through anywhere.


See AUTH.

> Do I have the basics right? Or would I look at an option where everyone
> connects to port 25. Then if they don't start a secure connection
> TLS/Openssl with authentication I deny forwarding, and pass them to the spam
> filter. If they do open a secure connection and authenticate properly, I let
> them do whatever they want.


You want something that does: port 25 -> black list -> ACLs (-> AUTH)
spamassassin -> virus scanner -> system alias -> system filter ->
mailman mailing list -> user filter -> users delivery. At least that's
how I would use it.

> Advice, or even "Look at this document for clues" would be greatly
> appreciated. Thank you all so much for your support thus far. The user
> community here is great!


I've written a white paper on Exim a while back which may help:
http://gridlock.york.ac.uk/~yann/lsm.pdf

I'd read the whole of the manual as well. Trust me, it's worth spending
the time doing it.

--
yann@???                  -=*=-                      www.kierun.org
    PGP:   009D 7287 C4A7 FD4F 1680  06E4 F751 7006 9DE2 6318
    IRC:   nick kierun, server spod.uk.amiganet.org, channel #sanctus
    NNGS:  nick kierun, server nngs.cosmic.org, port 9696.
--
[ Content of type application/pgp-signature deleted ]
--