[Exim] virtual domains, filter and procmail

Top Page
Delete this message
Reply to this message
Author: list.exim-users
Date:  
To: exim-users
Subject: [Exim] virtual domains, filter and procmail
--

Hi,

I'm using exim 3.35, debian.

Exim right now accept mails for the virtuals
domains listed in /usr/local/mail/etc/domains.

I'm using suffixes.

virtual delivery is working great.

I'm trying to add .forward (filtering)
and procmail capabilities to the virtual domains.

here is what i came up with :

virtual_forward:
driver = forwardfile
domains = lsearch;/usr/local/mail/etc/domains
#file = /usr/local/mail/etc/passwd.${domain}
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
check_ancestor
#check_local_user
file = .forward
modemask = 002
filter
suffix = DSUFFIX*
suffix_optional

virtual_procmail:
driver = aliasfile
transport = procmail_pipe
domains = lsearch;/usr/local/mail/etc/domains
file = /usr/local/mail/etc/passwd.${domain}
search_type = lsearch
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
suffix = DSUFFIX*
suffix_optional
no_verify



but it doesn't work as expected,
virtual_forward does a look up on local users instead
of virtual users.

looks like my directors don't catch when it should.

any ideas ?

in attachement, my exim.conf

also,
since i added suffixes i can't do smtp_verify...
is there a way to look up users whithout suffixes ?

thanks

--
xavier renaut, 514 906 1212 x226
--
# This is the main exim configuration file.
# It was originally generated by `eximconfig', part of the exim package
# distributed with Debian, but it may edited by the mail system administrator.
# This file originally generated by eximconfig at Mon Nov 18 08:27:25 EST 2002
# See exim info section for details of the things that can be configured here.

# Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file.

# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

qualify_domain = natch.8d.com

primary_hostname = natch.8d.com

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =

# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.

local_domains = localhost:natch:natch.8d.com:natch.dyndns.org

# Allow mail addressed to our hostname, or to our IP address.

local_domains_include_host = true
local_domains_include_host_literals = true

# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.

#relay_domains = natch.dyndns.org
relay_domains =

# If this is uncommented, we accept and relay mail for all domains we are
# in the DNS as an MX for.

#relay_domains_include_local_mx = true

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *

# The setting below would, if uncommented, cause Exim to check the syntax of
# all the headers that are supposed to contain email addresses (To:, From:,
# etc). This reduces the level of bounced bounces considerably.

# headers_check_syntax

# Exim contains support for the Realtime Blocking List (RBL), and the many
# similar services that are being maintained as part of the DNS. See
# http://www.mail-abuse.org/ for background. The line below, if uncommented,
# will reject mail from hosts in the RBL, and add warning headers to mail
# from hosts in a list of dynamic-IP dialups. Note that MAPS may charge
# for this service.

#rbl_domains = rbl.mail-abuse.org/reject : dialups.mail-abuse.org/warn

# http://www.rfc-ignorant.org is another interesting site with a number of
# services you can use with the rbl_domains option

# The setting below allows your host to be used as a mail relay only by
# localhost: it locks out the use of your host as a mail relay by any
# other host. See the section of the manual entitled "Control of relaying"
# for more info.

host_accept_relay = 127.0.0.1 : ::::1

# This setting allows anyone who has authenticated to use your host as a
# mail relay. To use this you will need to set up some authenticators at
# the end of the file

host_auth_accept_relay = *

# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part

# percent_hack_domains=*

# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.

trusted_users = mail:xavier

# If this option is true, the SMTP command VRFY is supported on incoming
# SMTP connections; otherwise it is not.

smtp_verify = no

# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched
# by the pattern.

gecos_pattern = ^([^,:]*)
gecos_name = $1

# This sets the maximum number of messages that will be accepted in one
# connection and immediately delivered. If one connection sends more
# messages than this, any further ones are accepted and queued but not
# delivered. The default is 10, which is probably enough for most purposes,
# but is too low on dialup SMTP systems, which often have many more mails
# queued for them when they connect.

smtp_accept_queue_per_connection = 100

# Send a mail to the postmaster when a message is frozen. There are many
# reasons this could happen; one is if exim cannot deliver a mail with no
# return address (normally a bounce) another that may be common on dialup
# systems is if a DNS lookup of a smarthost fails. Read the documentation
# for more details: you might like to look at the auto_thaw option

freeze_tell_mailmaster = true

# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.

received_header_text = "Received: \
         ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
         {${if def:sender_ident {from ${sender_ident} }}\
         ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
         by ${primary_hostname} \
         ${if def:received_protocol {with ${received_protocol}}} \
         (Exim ${version_number} #${compile_number} (Debian))\n\t\
         id ${message_id}\
         ${if def:received_for {\n\tfor <$received_for>}}"


# Attempt to verify recipient address before receiving mail, so that mails
# to invalid addresses are rejected rather than accepted and then bounced.
# Apparently some spammers are abusing servers that accept and then bounce
# to send bounces containing their spam to people.

#receiver_try_verify = true
# should verify with local part
receiver_try_verify = false

# This would make exim advertise the 8BIT-MIME option. According to
# RFC1652, this means it will take an 8bit message, and ensure it gets
# delivered correctly. exim won't do this: it is entirely 8bit clean
# but won't do any conversion if the next hop isn't. Therefore, if you
# set this option you are asking exim to lie and not be RFC
# compliant. But some people want it.

#accept_8bitmime = true

# This will cause it to accept mail only from the local interface

#local_interfaces = 127.0.0.1

# If this next line is uncommented, any user can see the mail queue
# by using the mailq command or exim -bp.

#queue_list_requires_admin = false

# additions

DSUFFIX = .




######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# This transport is used for local delivery to user mailboxes. On debian
# systems group mail is used so we can write to the /var/spool/mail
# directory. (The alternative, which most other unixes use, is to deliver
# as the user's own group, into a sticky-bitted directory)

local_delivery:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
file = /var/spool/mail/${local_part}

virtual_localdelivery:
driver = appendfile
user = xavier
group = mail
mode = 660
envelope_to_add = true
return_path_add = true
mode_fail_narrower = false
# file = /usr/local/mail/${domain}/${local_part}
# directory=${home}/Maildir
directory= /usr/local/mail/${domain}/${local_part}
maildir_format = true
# prefix = ""


# imap
#local_delivery:
# driver = appendfile
# group = mail
# mode = 0660
# mode_fail_narrower = false
# envelope_to_add = true
# return_path_add = true
#
# directory=${home}/Maildir
# maildir_format = true
# prefix = ""


# This transport is used for handling pipe addresses generated by
# alias or .forward files. If the pipe generates any standard output,
# it is returned to the sender of the message as a delivery error. Set
# return_fail_output instead if you want this to happen only when the
# pipe fails to complete normally.

address_pipe:
driver = pipe
path = /usr/bin:/bin:/usr/local/bin
return_output

# This transport is used for handling file addresses generated by alias
# or .forward files.

address_file:
driver = appendfile
envelope_to_add = true
return_path_add = true

# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name. Each message is then delivered
# to a unique file in the directory. If instead you want all such deliveries to
# be in the "maildir" format that is used by some other mail software,
# uncomment the final option below. If this is done, the directory specified
# in the .forward or alias file is the base maildir directory.
#
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another transport,
# called address_directory2. This is used if the path ends in "//" so should
# be the one used for maildir, as the double slash suggests another level
# of directory. In the absence of address_directory2, paths ending in //
# are passed to address_directory.

address_directory:
driver = appendfile
no_from_hack
prefix = ""
suffix = ""
# maildir_format

# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
driver = autoreply

# This transport is used for procmail

procmail_pipe:
driver = pipe
command = "/usr/bin/procmail"
# command = "procmail -a ${substr_1:${local_part_suffix}} -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
# check_string = "From "
# escape_string = ">From "
suffix = ""


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp
# authenticate_hosts = smarthost.isp.com

# To use SMTP AUTH when sending to a particular host, such as your ISP's
# smarthost, uncomment and edit the above line, and also the example
# client-side authenticators at the bottom of the file



######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# This allows local delivery to be forced, avoiding alias files and
# forwarding.

real_local:
prefix = real-
driver = localuser
transport = local_delivery

virtual_alias:
driver = aliasfile
domains = lsearch;/usr/local/mail/etc/domains
file = /usr/local/mail/etc/aliases.${domain}
search_type = lsearch
qualify_preserve_domain

#virtual_forward:
# driver = forwardfile
# domains = lsearch;/usr/local/mail/etc/domains
# #file = /usr/local/mail/etc/passwd.${domain}
# file_transport = address_file
# pipe_transport = address_pipe
# reply_transport = address_reply
# no_verify
# check_ancestor
# #check_local_user
# file = .forward
# modemask = 002
# filter
# suffix = DSUFFIX*
# suffix_optional

virtual_procmail:
driver = aliasfile
transport = procmail_pipe
domains = lsearch;/usr/local/mail/etc/domains
file = /usr/local/mail/etc/passwd.${domain}
search_type = lsearch
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
suffix = DSUFFIX*
suffix_optional
no_verify



virtual_localuser:
driver = aliasfile
transport = virtual_localdelivery
domains = lsearch;/usr/local/mail/etc/domains
file = /usr/local/mail/etc/passwd.${domain}
search_type = lsearch
suffix = DSUFFIX*
suffix_optional
no_more

# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.

system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch
# user = list
# Uncomment the above line if you are running smartlist


# This director handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.

# For standard debian setup of one group per user, it is acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the exim
# default of 022 will apply, which is probably what you want.

userforward:
driver = forwardfile
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
check_ancestor
check_local_user
file = .forward
modemask = 002
filter

# This director runs procmail for users who have a .procmailrc file

procmail:
driver = localuser
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail:!${home}/.forward
suffix = DSUFFIX*
suffix_optional
# ???
no_verify

# This director matches local user mailboxes.

localuser:
driver = localuser
transport = local_delivery




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################


# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

lookuphost:
driver = lookuphost
transport = remote_smtp

# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.

literal:
driver = ipliteral
transport = remote_smtp



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 2 hours and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,2h,1.5; F,4d,8h




######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################



# There are no rewriting specifications in this default configuration file.


# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file

*@natch    ${lookup{$1}lsearch{/etc/email-addresses}\
                        {$value}fail} frFs



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.

# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.

# plain:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $1
#
# login:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $1

# These examples below are the equivalent for client side authentication.
# They assume that you only use client side authentication to connect to
# one host (such as a smarthost at your ISP), or else use the same user
# name and password everywhere

# plain:
# driver = plaintext
# public_name = PLAIN
# client_send = "^username^password"
#
# login:
# driver = plaintext
# public_name = LOGIN
# client_send = ": username : password"
#
# cram_md5:
# driver = cram_md5
# public_name = CRAM-MD5
# client_name = username
# client_secret = password

# End of Exim configuration file
--