Re: [Exim] Evil hack for the cookbook - DNS-based virtual do…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: exim-users
Old-Topics: Re: [Exim] Evil hack for the cookbook - DNS-based virtual domains.
Subject: Re: [Exim] Evil hack for the cookbook - DNS-based virtual domains.
On Tue, 2003-12-16 at 09:49 +0000, Philip Hazel wrote:
> On Mon, 15 Dec 2003, David Woodhouse wrote:
>
> > The following routers use it to implement a virtual domain. You could of
> > course omit the first and just make sure you have postmaster in all the
> > zones you use this way...
>
> I've saved this to put in the config samples / FAQ when I next update them.


There was a bug in the handling of '@domain' TXT records, which I use as
wildcards for some virtual domains, to redirect all localparts without
their own TXT record to a single host which handles the majority of that
domain. In the case where the local part started with numbers, the
expansion of the outermost ${sg...} in the dns_virtual_domains router we
getting confused, because it expanded $local_part before attempting to
expand $1.

This is the new version with one extra backslash to cause the expansion
of $local_part to happen in the same pass as the expansion of $1, and
hence not cause this breakage.

domainlist dns_virtual_domains = lsearch;CONFDIR/dns-virtual-domains

<...>

virtual_postmaster:
driver = redirect
domains = +dns_virtual_domains
local_parts = postmaster:root:abuse:mailer-daemon
data = postmaster@$primary_hostname

# For virtual domains, look up the target in DNS and rewrite...

dns_virtual_domains:
driver = redirect
domains = +dns_virtual_domains
check_ancestor
repeat_use
one_time
allow_defer
allow_fail
forbid_file
forbid_pipe
retry_use_local_part
qualify_preserve_domain

# Stash the lookup domain root for use in the next router.
address_data = ${lookup{$domain}lsearch{CONFDIR/dns-virtual-domains}}

# The lookup failure won't distinguish between absent record, absent
# domain, or other temporary failures. So we make this router just
# give up, and sort out the various failure modes later.

# The ${sg...} bits turn multiple TXT records (which Exim gives us
# separated by \n) into a comma-separated list, and also rewrite
# any element of that list of the form '@domain' (i.e. without a
# local part) to $local_part@domain, using the original local part
# from the address being routed, at the newly-provided domain.

  # Addresses containing _only_ a localpart are qualified at the
  # same domain as is being looked up, by qualify_preserve_domain
  # above.
  data = ${sg{\
        ${sg{\
           ${lookup dnsdb{txt=$local_part.$address_data}{$value}fail}\
        }{\n}{,}}\
     }{(,|^)[ ]*@}{\$1\$local_part@}}


dns_virtual_failed:
  driver = redirect
  domains = +dns_virtual_domains
  allow_fail
  allow_defer
  data = ${lookup dnsdb{ns=$address_data}\
    # If NS lookup succeeded, the domain exists and we can find it.
    # Therefore, the above lookup failure meant that the user
        # just doesn't exist. Fail appropriately:
    {:fail:Unknown user at virtual domain}\
    # NS lookup failed. This means there's a DNS problem -- so we
    # shouldn't fail the delivery; let the following routers handle
    # it... Note "fail" not "{:fail:}". It means 'pass'. :)
    fail}



# We have DNS problems. If we're actually _delivering_, then try to
# deliver to a higher-priority MX if one exists. Otherwise, we defer and
# let it stay on the queue until the problem is fixed.
# You may prefer to freeze or bounce in this situation; I don't.
dns_virtual_relay:
driver = dnslookup
domains = +dns_virtual_domains
transport = remote_smtp
self = defer
no_verify
no_more

# On the other hand, if there's a DNS problem and we're only _verifying_,
# as we do when accepting incoming mail, then accept it for now and
# it'll get queued for when the DNS works again.
dns_virtual_verify_fallback:
driver = accept
domains = +dns_virtual_domains
verify_only
no_more



--
dwmw2