Autor: Patrick O'Neal Data: CC: exim-users Assumpte: Re: [Exim] Exim 4.3 on Gentoo Linux
You sure you are ready for this.... This is so long... Okay, I actually
do have Exim running, and all of the other programs running that I
mentioned, but I am trying to use exim to relay mail to a smart host, as
I am on a dsl connection in a dialup pool. My problem is that I am
having all kinds of client authentication problems.. Now, upon the
advice of a brother of mine, instead of using PAM directly for
authentication, I compiled in cyrus-sasl (which is using PAM to
authenticate with.. Maybe I should change that to shadow? this suddenly
occurs to me.) support into exim and gentoo. After I actually got
Cyrus-Sasl to actually start, and run, I am still having authentication
issues like the following:
2004-02-04 01:57:35 fixed_login authenticator failed for
computername.here [192.168.1.37]: 535 Incorrect authentication data
(set_id=usernamehere)
I get the same things whether I use plain, or login for authentication.
I am including a copy of my config file, and hopefully no one will laugh
as it is very dirty right now as I have been commenting things on and
off to see if I can get everything to work right.
######################################################################
# Runtime configuration file for Exim #
######################################################################
#exim_user = root
exim_user = exim
# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are
available
# from the Exim ftp sites. The manual is also online at the Exim web
sites.
# This file is divided into several parts, all but the first of which
are
# headed by a line starting with the word "begin". Only those parts that
# are required need to be present. Blank lines, and lines starting with
#
# are ignored.
########### IMPORTANT ########## IMPORTANT ########### IMPORTANT
###########
# #
# Whenever you change Exim's configuration file, you *must* remember to
#
# HUP the Exim daemon, because it will not pick up the new configuration
#
# until you do. However, any other Exim processes that are started, for
#
# example, a process started by an MUA in order to send a message, will
#
# see the new configuration as soon as it is in place. #
# #
# You do not need to HUP the daemon for changes in auxiliary files that
#
# are referenced from this file. They are read every time they are used.
#
# #
# It is usually a good idea to test a new configuration for syntactic #
# correctness before installing it (for example, by running the command
#
# "exim -C /config/file.new -bV"). #
# #
########### IMPORTANT ########## IMPORTANT ########### IMPORTANT
###########
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Specify your host's canonical name here. This should normally be the
fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.
primary_hostname = jeremiah.xxxxxx.info
# The next three settings create two lists of domains and one list of
hosts.
# These lists are referred to later in this configuration using the
syntax
# +local_domains, +relay_to_domains, and +relay_from_hosts,
respectively. They
# are all colon-separated lists:
# YOU HAVE TO EDIT THIS BLOCK TO SUIT YOUR NEED!!
domainlist local_domains = xxxxxxxx.info
domainlist relay_to_domains =
#domainlist dead_and_dying = example.com:jexample.com
hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/24
AUTH_PLAINTEXT=yes
# Most straightforward access control requirements can be obtained by
# appropriate settings of the above options. In more complicated
situations, you
# may need to modify the Access Control List (ACL) which appears later
in this
# file.
# The first setting specifies your local domains, for example:
#
# domainlist local_domains = my.first.domain : my.second.domain
#
# You can use "@" to mean "the name of the local host", as in the
default
# setting above. This is the name that is specified by primary_hostname,
# as specified above (or defaulted). If you do not want to do any local
# deliveries, remove the "@" from the setting above. If you want to
accept mail
# addressed to your host's literal IP address, for example, mail
addressed to
# "user@???", you can add "@[]" as an item in the local
domains
# list. You also need to uncomment "allow_domain_literals" below. This
is not
# recommended for today's Internet.
# The second setting specifies domains for which your host is an
incoming relay.
# If you are not doing any relaying, you should leave the list empty.
However,
# if your host is an MX backup or gateway of some kind for some domains,
you
# must set relay_to_domains to match those domains. For example:
#
# domainlist relay_to_domains = *.myco.com : my.friend.org
#
# This will allow any host to relay through your host to those domains.
# See the section of the manual entitled "Control of relaying" for more
# information.
# The third setting specifies hosts that can use your host as an
outgoing relay
# to any other host on the Internet. Such a setting commonly refers to a
# complete local network as well as the localhost. For example:
#
# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
#
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note
that you
# have to include 127.0.0.1 if you want to allow processes on your host
to send
# SMTP mail by using the loopback address. A number of MUAs use this
method of
# sending mail.
# All three of these lists may contain many different kinds of item,
including
# wildcarded names, regular expressions, and file lookups. See the
reference
# manual for details. The lists above are used in the access control
list for
# incoming messages. The name of this ACL is defined here:
acl_smtp_rcpt = acl_check_rcpt
# You should not change that setting until you understand how ACLs work.
# The following ACL entry is used if you want to do content scanning
with the
# exiscan-acl patch. When you uncomment this line, you must also review
the
# acl_check_content entry in the ACL section further below.
acl_smtp_data = acl_check_content
# This configuration variable defines the virus scanner that is used
with
# the 'malware' ACL condition of the exiscan acl-patch. If you do not
use
# virus scanning, leave it commented. Please read
doc/exiscan-acl-readme.txt
# for a list of supported scanners.
# The following setting is only needed if you use the 'spam' ACL
condition
# of the exiscan-acl patch. It specifies on which host and port the
SpamAssassin
# "spamd" daemon is listening. If you do not use this condition, or you
use
# the default of "127.0.0.1 783", you can omit this option.
spamd_address = 127.0.0.1 783
# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@"
character
# followed by a domain. For example, "caesar@???" is a fully
qualified
# address, but the string "caesar" (i.e. just a login name) is an
unqualified
# email address. Unqualified addresses are accepted only from local
callers by
# default. See the recipient_unqualified_hosts option if you want to
permit
# unqualified addresses from remote sources. If this option is not set,
the
# primary_hostname value is used for qualification.
qualify_domain = xxxxxx.info
# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain
here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# The following line must be uncommented if you want Exim to recognize
# addresses of the form "user@???" that is, with a "domain
literal"
# (an IP address) instead of a named domain. The RFCs still require this
form,
# but it makes little sense to permit mail to be sent to specific hosts
by
# their IP address in the modern Internet. This ancient format has been
used
# by those seeking to abuse hosts by using them for unwanted relaying.
If you
# really do want to support domain literals, uncomment the following
line, and
# see also the "domain_literal" router below.
# allow_domain_literals
# No deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so causes a panic error to be
logged, and
# the delivery to be deferred. This is a paranoic safety catch. Note
that the
# default setting means you cannot deliver mail addressed to root as if
it
# were a normal user. This isn't usually a problem, as most sites have
an alias
# for root that redirects such mail to a human administrator.
#never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all
incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = *
# The settings below, which are actually the same as the defaults in the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming
SMTP
# calls. You can limit the hosts to which these calls are made, and/or
change
# the timeout that is used. If you set the timeout to zero, all RFC 1413
calls
# are disabled. RFC 1413 calls are cheap and can provide useful
information
# for tracing problem messages, but some hosts and firewalls have
problems
# with them. This can result in a timeout instead of an immediate
refused
# connection, leading to delays on starting up an SMTP session.
rfc1413_hosts = *
rfc1413_query_timeout = 1s
# By default, Exim expects all envelope addresses to be fully qualified,
that
# is, they must contain both a local part and a domain. If you want to
accept
# unqualified addresses (just a local part) from certain hosts, you can
specify
# these hosts by setting one or both of
#
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
#
# to control sender and recipient addresses, respectively. When this is
done,
# unqualified addresses are qualified using the settings of
qualify_domain
# and/or qualify_recipient (see above).
# If you want Exim to support the "percent hack" for certain domains,
# uncomment the following line and provide a list of domains. The
"percent
# hack" is the feature by which mail addressed to x%y@z (where z is one
of
# the domains listed) is locally rerouted to x@y and sent on. If z is
not one
# of the "percent hack" domains, x%y is treated as an ordinary local
part. This
# hack is rarely needed nowadays; you should not enable it unless you
are sure
# that you really need it.
#
# percent_hack_domains =
#
# As well as setting this option you will also need to remove the test
# for local parts containing % in the ACL definition below.
# When Exim can neither deliver a message nor return it to sender, it
"freezes"
# the delivery error message (aka "bounce message"). There are also
other
# circumstances in which messages get frozen. They will stay on the
queue for
# ever unless one of the following options is set.
# This option unfreezes frozen bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.
ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a
week.
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
by
# testing for an empty sending host field.
accept hosts = :
# Deny if the local part contains @ or % or / or | or !. These are
rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.
# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is
common.
# However, actually starting with a dot may cause trouble if the local
part
# is used as a file name (e.g. for a mailing list).
deny local_parts = ^.*[@%!/|] : ^\\.
# These are domains that at one time had 100s of users and now only have
a few.
# Most of the mail going to these domains is spam... so unless it is for
one of
# the few remaining end users we reject it on connect and don't bother
going through
# the rest of the config.
#deny domains = +dead_and_dying
# local_parts = !username : !user.name : !kmb : !ithelp
# message = Domain email for $domain No longer served
# Accept mail to postmaster in any local domain, regardless of the
source,
# and without verifying the sender.
#############################################################################
# There are no checks on DNS "black" lists because the domains that
contain
# these lists are changing all the time. However, here are two examples
of
# how you could get Exim to perform a DNS black list lookup at this
point.
# The first one denies, while the second just warns.
#
# deny message = rejected because $sender_host_address is in a black
list at
# $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
#
# warn message = X-Warning: $sender_host_address is in a black list at
$dnslist_domain
# log_message = found in $dnslist_domain
# dnslists = black.list.example
#############################################################################
# deny message = rejected because we do not want mail from
# $sender_host_address
# sender_domains = !+local_domains
# senders = @@lsearch;/etc/exim/reject-by-domain
#
# deny message = rejected because $sender_host_address is in a
# black list at $dnslist_domain\n$dnslist_text
# sender_domains = !+local_domains
# dnslists = relays.ordb.org : \
# relays.orirusoft.com : \
# inputs.relays.orirusoft.com : \
# sbl.spamhaus.org : \
# orbs.dorkslayers.org : \
# blackholes.mail-abuse.org : \
# relays.mail-abuse.org
# Accept if the address is in a local domain, but only if the recipient
can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or
denying
# access (if tests below it fail).
# If control reaches this point, the domain is neither in +local_domains
# nor in +relay_to_domains.
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. Recipient verification is omitted here, because in
many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should
probably
# add recipient verification here.
accept hosts = +relay_from_hosts
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.
accept authenticated = *
# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.
deny message = Yo, Yo, Yo, please don't try to do this, as you are
basically a cool person, but I just can't let you do it. God Bless You!
# This access control list is used for content scanning with the
exiscan-acl
# patch. You must also uncomment the entry for acl_smtp_data (scroll
up),
# otherwise the ACL will not be used. IMPORTANT: the default entries
here
# should be treated as EXAMPLES. You MUST read the file
doc/exiscan-acl-spec.txt
# to fully understand what you are doing ...
acl_check_content:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension
($found_extension)
demime = scr:vbs:bat:lnk:pif:com:bat:ade:adp:chm:cmd:cpl:eml:hlp:\
hta:ins:inf:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:\
pcd:reg:scr:sct:shs:url:vbe:wsf:wsh:wsc
# Reject messages containing "viagra" in all kinds of whitespace/case
combinations
# WARNING: this is an example !
deny message = This message matches a blacklisted regular expression
($regex_match_string)
regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]
# Always add X-Spam-Score and X-Spam-Report headers, using SA
system-wide settings
# (user "nobody"), no matter if over threshold or not.
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = nobody
# Reject spam messages with score over 10, using an extra condition.
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
# finally accept all the rest
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@???>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to
uncomment
# allow_domain_literals above, so that Exim can recognize the syntax of
# domain literal addresses.
# This router routes addresses that are not in local domains by doing a
DNS
# lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a
# loopback interface address (127.0.0.0/Cool is treated as if it had no
DNS
# entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly
treated
# as the local host inside the network stack. It is not 0.0.0.0/0, the
default
# route. If the DNS lookup fails, no further routers are tried because
of
# the no_more setting, and consequently the address is unrouteable.
# The remaining routers handle addresses in the local domain(s).
# This router handles aliasing using a linearly searched alias file with
the
# name /etc/mail/aliases. When this configuration is installed
automatically,
# the name gets inserted into this file from whatever is set in Exim's
# build-time configuration. The default path is the traditional
/etc/aliases.
# If you install this configuration by hand, you need to specify the
correct
# path in the "data" setting below.
#
##### NB You must ensure that the alias file exists. It used to be the
case
##### NB that every Unix had that file, because it was the Sendmail
default.
##### NB These days, there are systems that don't have it. Your aliases
##### NB file should at least contain an alias for "postmaster".
#
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.
Alternatively, you
# can specify "user" on the transports that are used. Note that the
transports
# listed below are the same as are used for .forward files; you might
want
# to set up different ones for pipe and file deliveries from aliases.
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
user = exim
file_transport = address_file
pipe_transport = address_pipe
# This router handles forwarding using traditional .forward files in
users'
# home directories. If you want it also to allow mail filtering when a
forward
# file starts with the string "# Exim filter", uncomment the
"allow_filter"
# option.
# The no_verify setting means that this router is skipped when Exim is
# verifying addresses. Similarly, no_expn means that this router is
skipped if
# Exim is processing an EXPN command.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A.
# The three transports specified at the end are those that are used when
# forwarding generates a direct delivery to a file, or to a pipe, or
sets
# up an auto-reply, respectively.
# Vacation Router:
user_vacation:
driver = accept
check_local_user
# do not reply to errors or lists
condition = "${if or {{match {$h_precedence:} {(?i)junk|bulk|list}} {eq
{$sender_address} {}}} {no} {yes}}"
no_expn
require_files = $home/vacation.msg
# do not reply to errors and bounces or lists
senders = " ! ^.*-request@.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = vacation_reply
unseen
user = ${local_part}
no_verify
# This router matches local user mailboxes. If the router fails, the
error
# message is "Unknown user".
localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that
successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
create_directory = true
group = mail
# mode = 0660
# This transport is used for handling pipe deliveries generated by alias
or
# .forward files. If the pipe generates any standard output, it is
returned
# to the sender of the message as a delivery error. Set
return_fail_output
# instead of return_output if you want this to happen only when the pipe
fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the
routers
# section above.
address_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that
are
# generated by aliasing or forwarding.
# This transport is used for handling autoreplies generated by the
filtering
# option of the userforward router.
address_reply:
driver = autoreply
vacation_reply:
driver = autoreply
file = $home/vacation.msg
file_expand
from = Autoreply System <$original_local_part@$original_domain>
log = $home/vacation.log
once = $home/vacation.db
once_repeat = 7d
subject = ${if def:h_Subject: {Re:
${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {I am on
vacation} }
text = "\ Dear $h_from\n\n\
This is an automatic reply. Feel free to send additional\n\
mail, as only this one notice will be generated once every 7 days.\n\
The following is a prerecorded message, sent for
$original_local_part@$original_domain:\n\
====================================================\n\n\
"
to = "$sender_address"
# This single retry rule applies to all domains and all errors. It
specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to
16
# hours, then retries every 6 hours until 4 days have passed since the
first
# failed delivery.
# There are no rewriting specifications in this default configuration
file.
begin rewrite
# Rewrite outgoing email to someone@???
# user@*example.foo.org somebody@??? Fq
# Comment: changed the above line so that nobody will use my
email-address by accident Smile
# Rewrite all incoming mails on all domains to one single user: cat
#*@something.org user TQ
#*@something.foo.org user TQ
#*@some-thing.xxxxxx.net user TQ
#*@zssss-aaaaaaaa.aaaaaaaa.org user TQ
#*@interesting-atsomething.youwish.com user TQ
#*@yo-yo.yoyo.org user TQ
# If you have built Exim to include a local_scan() function that
contains
# tables for private options, you can define those options here.
Remember to
# uncomment the "begin" line. It is commented by default because it
provokes
# an error with Exim binaries that are not built with
LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.