Hi all,
I have recently implimented IP accounting software that indicates to me that
any outbound email is being sent via 1 specific ip address, this address is
the servers main domain ip address. Since I am monitoring users bandwidth, I
would like to ensure that any outgoing email is sent via thier domain and
accounted for using thier IP address.
Up until this point, I thought this was setup correctly, but I was mistaken.
Does anyone have any hints, or suggestions to help me 'make it happen'?
Details:
5 Physical Servers,
Each Server using its own installation of Exim,
Each servers has ~ 300 domains,
Each domain has its own IP address,
Each domain has a ability to host Virtual Pop accounts and valiases.
Mail User = mail
Mail Group - mailnull
OS = FreeBSD 4.10, 5.4 6.0 .
Router and Transport config shown below. I am not asking for anyone to spend
time reviewing my configure file, but if someone wants to and let me know
what they think of it, and if there are any big problems with it, here it is
...
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = myservernamehere.com
domainlist local_domains = /etc/virtual/domains
domainlist relay_to_domains =
hostlist relay_from_hosts = /etc/virtual/domains
hostlist blacklisted_domains = /etc/virtual/blacklist
acl_smtp_rcpt = acl_check_rcpt
trusted_users = mailnull:root:webmail:www:majordom
exim_user = mailnull
exim_group = mail
never_users =
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
ignore_bounce_errors_after = 4h
timeout_frozen_after = 1d
return_path_remove
untrusted_set_sender = *
helo_allow_chars = _
daemon_smtp_ports = 25 : 109
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = rejected because $sender_host_address was \
found in our blacklist
log_message = domain found in $blacklisted_domains
hosts = +blacklisted_domains
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
majordomo_aliases:
driver = redirect
allow_defer
allow_fail
require_files = /home/$domain/majordomo/aliases.majordomo
data =
${lookup{$local_part}lsearch{/home/$domain/majordomo/aliases.majordomo}}
domains = /etc/virtual/domains
file_transport = address_file
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordom
spamcheck_router:
driver = accept
no_verify
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
transport = spamcheck
virtual_alias:
driver = redirect
allow_defer
allow_fail
data = ${lookup {$local_part} lsearch {/home/$domain/mail/aliases}}
domains = /etc/virtual/domains
require_files = /home/$domain/mail/aliases
qualify_preserve_domain
retry_use_local_part
check_ancestor
# one_time
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
autoreply_router:
driver = accept
require_files = /home/$domain/mail/auto-replies/$local_part
transport = autoreply_transport
unseen
virtual_localuser:
driver = accept
require_files = /etc/virtual/$domain/passwd
domains = /etc/virtual/domains
condition = ${lookup {$local_part} lsearch
{/etc/virtual/$domain/passwd}{$value}}
transport = virtual_localdelivery
virtual_catchall:
driver = redirect
allow_defer
allow_fail
data = ${lookup {catchall} lsearch {/home/$domain/mail/aliases}}
domains = /etc/virtual/domains
require_files = /home/$domain/mail/aliases
qualify_preserve_domain
retry_use_local_part
check_ancestor
one_time
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
condition = ${lookup {$sender_helo_name} lsearch
{/etc/virtual/domains}{YES}{NO}}
transport = local_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
remote_smtp:
driver = smtp
return_path_add = true
autoreply_transport:
driver = pipe
command = /usr/local/bin/autoreply.pl
/home/$domain/mail/auto-replies/$local_part
spamcheck:
driver = pipe
command = /usr/local/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/local/bin/spamc -u
${lookup{$domain}lsearch{/etc/virtual/domains_users}}
home_directory = "/tmp"
current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in!
user = mailnull
## user = ${lookup{$domain}lsearch{/etc/virtual/domains_users}}
group = mailnull
log_output = true
return_fail_output = false
return_path_add
message_prefix =
message_suffix =
virtual_localdelivery:
driver = appendfile
create_directory = true
directory_mode = 700
file = /var/spool/virtual/${domain}/${local_part}
headers_remove = "Bcc"
return_path_add
# user = mailnull
user = ${lookup{$domain}lsearch{/etc/virtual/domains_users}}
group = mail
mode = 660
#frontpage_forms:
# driver = appendfile
# file = /tmp/junkmail
# user = mailnull
local_delivery:
driver = appendfile
file = /$home/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
user = mailnull
group = mail
mode = 0660
address_pipe:
driver = pipe
return_output
user = aspecifiuser
# user = ${lookup{$domain}lsearch{/etc/virtual/domains_users}}
majordomo_pipe:
driver = pipe
return_fail_output
user = majordom
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; F,10h,30m; F,12h,60m
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# There are no authenticator specifications in this default configuration
file.
begin authenticators
# For Netscape/Mozilla
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if and{ {!eq{$2}{}}{!eq{$3}{}} \
{crypteq {$3} {${lookup {${local_part:$2}} lsearch \
{/etc/virtual/${domain:$2}/passwd}\
{$value} {*:*}}}} } {1}{0}}"
server_set_id = $2
# For Outlook/Outlook Express
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if and{ {!eq{$1}{}}{!eq{$2}{}} \
{crypteq {$2} {${lookup {${local_part:$1}} lsearch \
{/etc/virtual/${domain:$1}/passwd}\
{$value} {*:*}}}} } {1}{0}}"
server_set_id = $1
# End of Exim configuration file
