Re: [exim] Failed to get write lock for /var/spool/exim4/db/…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andreas Metzler
Datum:  
To: exim-users
CC: 360696-submitter
Betreff: Re: [exim] Failed to get write lock for /var/spool/exim4/db/retry.lockfile: timed out
On 2006-04-20 Philip Hazel <ph10@???> wrote:
> On Sat, 15 Apr 2006, Andreas Metzler wrote:


> > gets stuck with 100% CPU usage and the only way to get rid of it is to
> > kill it with signal 9. While the stuck process is there, the mainlog
> > keeps mentioning messages like these:
> > 2006-04-04 09:13:33 1FQfgD-0002kv-EZ Failed to get write lock for
> > /var/spool/exim4/db/retry.lockfile: timed out

[...]

Hello Philip,
I've asked the submitter (Michel Meyers), his answers follow, my
comments are in <angle brackets>
-------------quote-------------
> I found one bug when I first looked at this, but it isn't a processing
> bug. It is just that it would always say "Failed to get write lock",
> even when the failure was for a read lock. That was easily fixed.


> I tried to simulate this problem by patching the code to pretend it had
> failed to get a lock when trying to update the retry database while
> tidying up after a 451 failure. (It is, in fact, a write lock here.)


A little note there: I recently sent a message to a misconfigured domain
(their MX was pointing to an invalid hostname that didn't resolve) and
exim got into the same loop, so it doesn't only affect 451 failures but
also other messages deliveries that need to be retried.

> Needless to say, I did not get a 100% loop. It just did what it is
> supposed to do - that is, failed to update the hints. But of course I
> was using release 4.61, not 4.60.


<submitter has upgraded to 4.61 since, no changes>

> I suppose we'll have to look at the configuration that was being used.


Certainly, I have attached the config file template to this message
(hope it goes through OK). The mentioned alias files just have the format:
aliasname: realusername
aliasname2: realusername2

> The given log had this:


> > 2006-04-04 09:13:48 1FQfhL-00035E-Ay Failed to get write lock for
> > /var/spool/exim4/db/retry.lockfile: timed out
> > 2006-04-04 09:14:48 1FQfhL-00035E-Ay Failed to get write lock for
> > /var/spool/exim4/db/retry.lockfile: timed out


> which suggests two tries for the same message, one minute apart. How
> often was the OP starting queue runners?


<the usual -q30m>

Note that I get those for mails that are not stuck and it might be
normal as mail that comes in gets forwarded through Amavis and Spamcop
here.
The stuck message doesn't seem to appear in the log at all any more,
unless I try to remove it through eximon in which case I get:

2006-04-20 21:06:35 1FWeOO-000396-DP Spool file is locked (another
process is handling this message)

until I kill the hanging process with -9.
--------end quote -----------------

Thanks for you help,
         cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde


exim_path = /usr/sbin/exim4

.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif

MESSAGE_SIZE_LIMIT = 100M

.ifndef DC_minimaldns

.endif

.ifndef DC_visiblename
DC_visiblename=primarydomain.com
.endif

.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS = @:localhost:hostname2:hostname3:primarydomain.com:2nddomain.com:3rddomain.com
.endif
domainlist local_domains = MAIN_LOCAL_DOMAINS

.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS =
.endif
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS

.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS =
.endif
hostlist relay_from_hosts = 127.0.0.1 : ::::1 : MAIN_RELAY_NETS

.ifdef DC_visiblename
qualify_domain = DC_visiblename
.endif

.ifndef DCreadhost
DCreadhost =
.endif

.ifndef DCsmarthost
DCsmarthost =
.endif

.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.else
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025
.endif

.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=mail_spool
.endif

gecos_pattern = ^([^,:]*)
gecos_name = $1

.ifndef DCconfig_satellite
.ifndef DCconfig_internet
.ifndef DCconfig_local
.ifndef DCconfig_smarthost
DCconfig_internet = 1
.endif
.endif
.endif
.endif

.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\'`#&?]
.endif

.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./
.endif

.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT

.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA

.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif

.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif

.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif

.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif

.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER

.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER

.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL

.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR

.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif

log_selector = +tls_cipher +tls_peerdn

smtp_banner = "[TCN] ESMTP Service ready. NO UCE!"

.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS

.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY

.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
                                    {/etc/ssl/certs/ca-certificates.crt}\
                    {/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES


.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif

.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

.endif

begin acl

acl_whitelist_local_deny:
  accept
    hosts = ${if exists{CONFDIR/local_host_whitelist}\
                 {CONFDIR/local_host_whitelist}\
                 {}}
  accept
    senders = ${if exists{CONFDIR/local_sender_whitelist}\
                   {CONFDIR/local_sender_whitelist}\
                   {}}


.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif

acl_check_rcpt:
  defer
    message        = $sender_host_address is not yet authorized to deliver \
                     mail from <$sender_address> to <$local_part@$domain>. \
                     Please try later.
    log_message    = greylisted.
    !senders       = :
    !hosts         = : +relay_from_hosts : \
                     ${if exists {/etc/greylistd/whitelist-hosts}\
                                 {/etc/greylistd/whitelist-hosts}{}} : \
                     ${if exists {/var/lib/greylistd/whitelist-hosts}\
                                 {/var/lib/greylistd/whitelist-hosts}{}}
    !authenticated = *
    !acl           = acl_whitelist_local_deny
    domains        = +local_domains : +relay_to_domains
    verify         = recipient/callout=20s,use_sender,defer_ok
    condition      = ${readsocket{/var/run/greylistd/socket}\
                                 {--grey \
                                  ${mask:$sender_host_address/24} \
                                  $sender_address \
                                  $local_part@$domain}\
                                 {5s}{}{false}}


  accept
    hosts = :


  warn
    hosts = +relay_from_hosts
    control = submission/sender_retain


  .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
  deny
    domains = +local_domains
    local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
    message = restricted characters in address
  .endif


  .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
  deny
    domains = !+local_domains
    local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
    message = restricted characters in address
  .endif


  accept
    .ifndef CHECK_RCPT_POSTMASTER
    local_parts = postmaster
    .else
    local_parts = CHECK_RCPT_POSTMASTER
    .endif
    domains = +local_domains : +relay_to_domains


  deny
    message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_whitelist_local_deny
    senders = ${if exists{CONFDIR/local_sender_blacklist}\
                   {CONFDIR/local_sender_blacklist}\
                   {}}


  deny
    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_whitelist_local_deny
    hosts = ${if exists{CONFDIR/local_host_blacklist}\
                 {CONFDIR/local_host_blacklist}\
                 {}}


  .ifdef CHECK_RCPT_VERIFY_SENDER
  deny
    message = Sender verification failed
    !acl = acl_whitelist_local_deny
    !verify = sender
  .endif


  deny
    !acl = acl_whitelist_local_deny
    senders = ${if exists{CONFDIR/local_sender_callout}\
                         {CONFDIR/local_sender_callout}\
                   {}}
    !verify = sender/callout


  deny
    !acl = acl_whitelist_local_deny
    recipients = ${if exists{CONFDIR/local_rcpt_callout}\
                            {CONFDIR/local_rcpt_callout}\
                      {}}
    !verify = recipient/callout


  .ifdef CHECK_RCPT_REVERSE_DNS
  warn
    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
                      {yes}{no}}
  .endif


  .ifdef CHECK_RCPT_IP_DNSBLS
  warn
    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    dnslists = CHECK_RCPT_IP_DNSBLS
  .endif
    dnslists = sbl-xbl.spamhaus.org


  .ifdef CHECK_RCPT_DOMAIN_DNSBLS
  warn
    message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                    {CONFDIR/local_domain_dnsbl_whitelist}\
                    {}}
    dnslists = CHECK_RCPT_DOMAIN_DNSBLS/$sender_address_domain
  .endif


.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif

  accept
    domains = +local_domains
    endpass
    message = unknown user
    verify = recipient


  accept
    domains = +relay_to_domains
    endpass
    .ifdef CHECK_RCPT_GIVE_UNKNOWN_USER
    message = ${if eq{$acl_verify_message}{Unrouteable address}{unknown user}{$acl_verify_message}}
    .else
    message = unrouteable address
    .endif
    verify = recipient


  accept
    hosts = +relay_from_hosts


  accept
    authenticated = *


  deny
    message = relay not permitted


acl_check_data:
  defer
    message        = $sender_host_address is not yet authorized to deliver \
                     mail from <$sender_address> to <$recipients>. \
                     Please try later.
    log_message    = greylisted.
    senders        = :
    !hosts         = : +relay_from_hosts : \
                     ${if exists {/etc/greylistd/whitelist-hosts}\
                                 {/etc/greylistd/whitelist-hosts}{}} : \
                     ${if exists {/var/lib/greylistd/whitelist-hosts}\
                                 {/var/lib/greylistd/whitelist-hosts}{}}
    !authenticated = *
    !acl           = acl_whitelist_local_deny
    condition      = ${readsocket{/var/run/greylistd/socket}\
                                 {--grey \
                                  ${mask:$sender_host_address/24} \
                                  $recipients}\
                                  {5s}{}{false}}


   warn condition = ${if !def:h_Message-ID: {1}}
        hosts = +relay_from_hosts
        message = Message-ID: <E$message_id@$primary_hostname>


  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_whitelist_local_deny
    !verify = header_syntax
  .endif


  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_whitelist_local_deny
    !verify = header_sender
  .endif


.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif

accept

begin routers

virtual_alias_2nddomain:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/exim4/aliases.virtual.2nddomain}}
domains = 2nddomain.com
qualify_preserve_domain
retry_use_local_part

virtual_alias_3rddomain:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/exim4/aliases.virtual.3rddomain}}
domains = 3rddomain.com
qualify_preserve_domain
retry_use_local_part

amavis:
    no_verify
  local_part_suffix= -*                                                
  local_part_suffix_optional
  check_local_user
    driver = manualroute
       condition = "${if or {{eq {$interface_port}{10025}} \
                         {eq {$received_protocol}{spam-scanned}} \
                         {eq {$sender_address}{}} \
                        }{0}{1}}"
    domains = +local_domains
    transport = amavis
    route_list = "* localhost byname"
    self = send


spamcheck_router:
  no_verify
  local_part_suffix= -*                                                   
  local_part_suffix_optional
  check_local_user
  condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
  driver = accept
  transport = spamcheck


.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif

hubbed_hosts:
  debug_print = "R: hubbed_hosts for $domain"
  driver = manualroute
  domains = "${if exists{CONFDIR/hubbed_hosts}\
                   {partial-lsearch;CONFDIR/hubbed_hosts}\
              fail}"
  same_domain_copy_routing = yes
  route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
  transport = remote_smtp


.ifdef DCconfig_internet

dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
            255.255.255.255
  no_more


.endif

.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more

.endif

.ifdef DCconfig_smarthost DCconfig_satellite

smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more

.endif

real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = list
file_transport = address_file
pipe_transport = address_pipe

.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user

hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
check_local_user
.endif

userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  local_part_suffix= -*
  local_part_suffix_optional
  check_ancestor
  allow_filter
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.


procmail:
  debug_print = "R: procmail for $local_part@$domain"
  driver = accept
  domains = +local_domains
  check_local_user
  transport = procmail_pipe
  require_files = ${local_part}:\
                  ${if exists{/etc/procmailrc}\
                    {/etc/procmailrc}{${home}/.procmailrc}}:\
                  +/usr/bin/procmail
  no_verify
  no_expn


maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
local_part_suffix = -*
local_part_suffix_optional

mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

begin transports

amavis:
    driver = smtp
    port = 10024
    allow_localhost


spamcheck:
    driver = pipe
    command = /usr/sbin/exim4 -oMr spam-scanned -bS
    use_bsmtp = true
    transport_filter = /usr/bin/spamc
    home_directory = "/tmp"
    current_directory = "/tmp"
    user = Debian-exim
    group = Debian-exim
    log_output = true
    return_fail_output = true
    return_path_add = false
    message_prefix =
    message_suffix =


address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
  debug_print = "T: address_pipe for $local_part@$domain"
  driver = pipe
  return_fail_output
  return_path_add
  environment = EXTENSION=${substr_1:$local_part_suffix}:\
                RECIPIENT=$local_part$local_part_suffix@$domain


address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false

maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add

procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
tls_tempfail_tryclear = false



address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail}" Ffrs
*@primarydomain.com "${lookup {${local_part}} lsearch {/etc/email-addresses} {$value} fail }" Ffrs


begin authenticators

cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
               {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
             ^${extract{2}{::}\
               {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
           }fail}"
.else
  client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif


login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq\
                              {${lookup{$host}lsearch*{CONFDIR/passwd.client}\
                                 {$value}fail}}\
                              {}}\
                         }\
                      {}fail}\
                 : ${extract{1}{::}\
                {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
         : ${extract{2}{::}\
             {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.else
  client_send = "${if !eq\
                          {${lookup\
                            {$host}lsearch*{CONFDIR/passwd.client}\
                            {$value}fail}}\
                          {}\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif