Re: [Exim] lmtp transport: verifying address (LMTP callout)

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
M+\Tor Slettnes en <-
MMMAndrzej Filip en ->
Delete this message
Reply to this message
Autor: Andrzej Filip
Data:  
A: exim-users
CC: Tor Slettnes
Assumpte: Re: [Exim] lmtp transport: verifying address (LMTP callout)
Tor Slettnes wrote:
>
> On Apr 24, 2004, at 07:59, Andrzej Filip wrote:
>
>> Is it possible to make exim verify recipient addresses delivered via
>> lmtp (socket) transport ? [LMTP callout]
>>
>> I would like to make exim verify addresses delivered to Cyrus IMAP when
>> accepting "RCPT TO:" command.
>
> It is possible. You need to:
> - use an SMTP transport ("smtp" driver), and set "protocol = lmtp"
> - setup client authentication in Exim, authenticate as "cyrus" user
> - use "verify = recipient/callout,defer_ok" in the appropriate ACL

PLUS:
- use manualroute router to select the transport
- set "self = accept" for the router when you use
"route_list = * localhost"

I received the first hint via exim-users at exim dot org, but had to
"dig out" the second myself :-)

It seems that exim 4.30 can not run callouts over unix sockets
[transport lmtp (socket)]

> However, I found it easier to deliver to a separate transport using the
> "lmtp" driver (i.e. a local socket delivery), and then set up a
> condition in the router as follows:
>
>   cyrus_lmtp_router:
>     debug_print   = "R: cyrus_lmtp for $local_part@$domain"
>     driver        = accept
>     domains       = +local_domains
>     local_parts   = !root
>     require_files = /var/spool/cyrus/mail/user/${lc::$local_part}
>     transport     = cyrus_lmtp_transport

>
> Two notes:
>   - The user running Exim needs to have read/execute access in
>     the directory /var/spool/cyrus/mail/user (in this example).
>     On my Debian box, I do that by "adduser Debian-exim mail",
>     ensuring that the directory belongs to the group "mail" and
>     has "r" and "x" bits.

>
>   - I presume that Cyrus is configured with "lmtp_downcase_rcpt: yes",
>     and "hashimapspool: no".  If you DO hash the IMAP spool, as shipped,
>     then change the condition above to:

>
>        require_files =
> /var/spool/cyrus/mail/${lc::${substr_0_1::$local_part}}/user/
> ${lc::$local_part}

It is exim's version of my over a year old idea for sendmail
http://anfi.homeunix.net/sendmail/rtcyrus-fstat.html 

> It is a bit hackish.  If you prefer, you ought to be able to use the
> "mbpath" command provided with Cyrus, in a manner similar to:
>     condition     = ${run {/usr/sbin/mbpath -q -s
> user.${lc::$local_part}}{1}{0}}

>
> This introduces a process overhead for each local delivery. Also
> ensure that the Exim user indeed can run 'mbpath'.

I think that adding exim to cyrus group is going to fix it.

Would it be safe ?

--
Andrzej [en:Andrew] Adam Filip anfi@??? anfi@???
http://anfi.homeunix.net/ http://slashdot.org/~anfi


Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-[Exim] Re: exim : inbound attack , please help.Re: [Exim] lmtp transport: verifying address (LMTP callout)->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)