Re: [exim] "Ghost" user running exim?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jan Johansson
Dátum:  
Címzett: Graeme Fowler, exim users
Tárgy: Re: [exim] "Ghost" user running exim?
>1. turn up your logging ( -d +all, or log_selector = +all )

Here is logs of transaction with log_selector = +all

Oct 26 23:22:29 haven exim[25840]: 2006-10-26 23:22:29 SMTP connection from
[130.239.18.156]:47850 I=[82.193.185.25]:25 (TCP/IP connection count = 2)
Oct 26 23:22:29 haven exim[25840]: 2006-10-26 23:22:29 SMTP connection from
[130.239.18.156]:47851 I=[82.193.185.25]:25 (TCP/IP connection count = 3)
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix F=<dak@???>
temporarily rejected RCPT <bjorkriset-styrelse@???>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix F=<dak@???>
temporarily rejected RCPT <bjorkriset-styrelse@???>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix F=<dak@???>
temporarily rejected RCPT <bjorkriset-styrelse@???>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix F=<dak@???>
temporarily rejected RCPT <bjorkriset-styrelse@???>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix incomplete transaction
(RSET) from <dak@???>
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 SMTP connection from
mail.acc.umu.se [130.239.18.156]:47850 I=[82.193.185.25]:25 closed by QUIT
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix incomplete transaction
(RSET) from <dak@???>
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 SMTP connection from
mail.acc.umu.se [130.239.18.156]:47851 I=[82.193.185.25]:25 closed by QUIT



>2. post your ACLs (or more pertinently, the full config where relevant)



#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########

log_selector = +all

.include /etc/xams/exim-custom.conf [included below]

hide mysql_servers = localhost/xams/xams/[deleted]
domainlist xams_domains = cdb;/etc/xams/localdomains.cdb
domainlist custom_local_domains =
domainlist custom_relay_to_domains =
hostlist custom_relay_from_hosts =
helo_try_verify_hosts = *
helo_lookup_domains = *
.ifdef EXISCAN_MODULE
    # This configuration variable defines the virus scanner that is used
with
    # the 'malware' ACL condition of the exiscan acl-patch. If you do not
use
    # virus scanning, leave it commented. Please read
doc/exiscan-acl-readme.txt
    # for a list of supported scanners.
    # Don't forget to add clamav UID to Debian-exim group.
    av_scanner = clamd:/var/run/clamav/clamd.ctl
.endif
[end of include]


syslog_facility = mail
log_file_path = syslog

trusted_users = root : mail : xams : www-data : sympa

domainlist ListDomains = listor.skyddsrummet.net

domainlist local_domains =
@:+xams_domains:+custom_local_domains:kkr.nu:tallaksen.net:+ListDomains
domainlist relay_to_domains = +custom_relay_to_domains
hostlist relay_from_hosts = 127.0.0.1 : 10.4.3.2 :
+custom_relay_from_hosts

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mail = acl_check_helo_slow

never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 30s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

.ifdef TLS_ENCRYPTION
tls_advertise_hosts = *
tls_certificate = /usr/local/exim/exim.cert
tls_privatekey = /usr/local/exim/exim.pem
.endif

.ifdef EXISCAN_MODULE
    acl_smtp_data = acl_check_content
.endif


.ifdef MAILSCANNER_INCOMING
spool_directory = /var/spool/exim4_incoming
queue_only = true
.elifdef MAILSCANNER_OUTGOING
spool_directory = /var/spool/exim4
pid_file_path = /var/run/exim/eximqr.pid
.else
spool_directory = /var/spool/exim
.endif

.include /etc/xams/exim-global.conf [included below]
received_header_text = Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
{${if def:sender_ident {from $sender_ident }}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}} \
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim $version_number and XAMS pre-0.0.16)\n\t\
id $message_id\
${if def:received_for {\n\tfor $received_for}}

smtp_banner = $primary_hostname ESMTP Exim $version_number \
(powered by XAMS pre-0.0.16) $tod_full
[end of include]

.include /etc/xams/exim-sql-macros.conf [included below]
# Global macros
##############################################################

SQL_XAMS_DOMAINS = mysql {\
  SELECT     pm_domains.name \
  FROM       pm_sites \
  INNER JOIN pm_domains \
  ON         pm_domains.siteid = pm_sites.id \
  WHERE      pm_sites.sitestate != 'lockedbounce'}


# Macros for routers
#########################################################
SQL_ALIASES_BOUNCEFORWARD_CONDITION = mysql {\
  SELECT     a.bounceforward \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}


SQL_ALIASES_BLACKHOLE_CONDITION = mysql {\
  SELECT     a.blackhole \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}


SQL_ALIASES_RIGHTPART = mysql {\
  SELECT     LOWER(a.rightpart) \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}


SQL_FORWARD_DATA = mysql {\
  SELECT     f.filter \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  INNER JOIN pm_exim_filters f \
  ON         u.id = f.userid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '${quote_mysql:$domain}' \
  AND        u.accountstate != 'lockedbounce' \
  AND        u.name = '${quote_mysql:$local_part}' \
  AND        f.active = 'true'}


SQL_LOCK = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      (s.sitestate = 'lockedbounce' OR u.accountstate =
'lockedbounce') \
  AND        d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}


SQL_AUTOREPLY_ROUTER = mysql {\
  SELECT     u.autoreply \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.name = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain'}


SQL_USERS_CONDITION = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}' \
  AND        u.accountstate != 'lockedbounce'}


SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION = mysql {\
  SELECT     a.bounceforward \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}


SQL_CATCH_ALIASES_BLACKHOLE_CONDITION = mysql {\
  SELECT     a.blackhole \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}


SQL_CATCH_ALIASES_RIGHTPART = mysql {\
  SELECT     LOWER(a.rightpart) \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}


# Macros for address_data
####################################################

SQL_GET_SITENAME = mysql {\
  SELECT     s.name \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}


SQL_QUOTA_SITENAME = mysql {\
  SELECT     CASE \
             WHEN u.quota = 0 THEN 1 \
             WHEN u.quota < 0 THEN 0 \
             ELSE concat(u.quota, 'K') \
             END AS quota, \
             s.name AS sitename \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}


SQL_SITENAME_AUTOREPLYTEXT = mysql {\
  SELECT     s.name AS sitename, \
             u.autoreplysubject, \
             u.autoreplytext \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}


# Macros for transports
######################################################

TXT_QUOTA_WARN_MESSAGE = "\
To: $local_part@$domain\n\
Subject: Your mailbox\n\n\
This message is automatically created \
by mail delivery software.\n\n\
The size of your mailbox has exceeded \
a warning threshold that is\n\
set by the system administrator.\n"

TXT_AUTOREPLY_TRANS_SUBJECT = "$local_part@$domain is not available to reply
to your mail"

# Authentication macros
######################################################

SQL_AUTH_PLAIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '${domain:$2}' \
  AND        u.relayonauth = 'true' \
  AND        u.name = '${local_part:$2}' \
  AND        password = '${md5:$3}'}


SQL_AUTH_UNIQUE_PLAIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.uniquename = '$2' \
  AND        u.relayonauth = 'true' \
  AND        password = '${md5:$3}'}


SQL_AUTH_LOGIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '${domain:$1}' \
  AND        u.relayonauth = 'true' \
  AND        u.name = '${local_part:$1}' \
  AND        password = '${md5:$2}'}


SQL_AUTH_UNIQUE_LOGIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.uniquename = '$1' \
  AND        u.relayonauth = 'true' \
  AND        password = '${md5:$2}'}
[end of include]



begin acl

acl_check_helo_slow:

accept authenticated = *

  accept  condition     = ${if isip{$sender_helo_name}{yes}{no}}


  warn    condition     = ${if eq {$sender_host_name}{}{yes}{no}}
          set acl_m8    = ${lookup dnsdb{ptr=$sender_host_address}\
                           {${lc:$value}}{}}


  warn    condition     = ${if eq {$sender_host_name}{}{no}{yes}}
          set acl_m8    = $sender_host_name


  accept  condition     = ${if match {$acl_m8}\
                           {${lc:$sender_helo_name}}{yes}{no}}


warn    set acl_m9    = ${lookup dnsdb{a=$sender_helo_name}{$value}{}}


  warn    condition     = ${if eq {$acl_m9}{}{no}{yes}}
          set acl_m9    = ${tr{$acl_m9}{\n}{:}}


  accept  condition     = ${if eq {$acl_m9}{}{no}{yes}}
          condition     = ${if match {$sender_host_address}\
                          {($acl_m9)}{yes}{no}}


  deny    condition     = ${if eq {$acl_m9}{}{yes}{no}}
          condition     = ${if eq {$acl_m8}{}{yes}{no}}
          message       = Bad HELO: $sender_helo_name does not resolve\n\
                          Aditionally, $sender_host_address has no rDNS\n\
                          Please see RFC 2821 section 4.1.1.1,\n\
                          RFC 1123 section 6.1.1 and RFC 1912 section 2.1


accept  condition     = ${if eq {$acl_m8}{}{yes}{no}}


  deny    condition     = ${if eq {${lc:$sender_helo_name}}\
                          {${lc:$sender_address_domain}}{yes}{no}}
          message       = Forged HELO: you are $acl_m8\n\
                          please don't pretend to be $sender_helo_name
          log_message   = Forged HELO: Hostname does not match HELO


  deny    condition     = ${if match {$sender_helo_name}{yahoo}{yes}{no}}
          message       = Forged HELO: you are not $sender_helo_name
          log_message   = Forged HELO: Not a yahoo server


  warn    set acl_m9     = ${lookup{$sender_helo_name} \
                           partial-lsearch{/etc/exim4/helo-check} \
                          {${if eq{$value}{}{$sender_helo_name}{$value}}}{}}


  accept  condition      = ${if eq {$acl_m9}{}{yes}{no}}


  deny    condition      = ${if !match{$acl_m8}{$acl_m9}{yes}{no}}
          message        = Forged HELO: you are not $sender_helo_name
          log_message    = Forged HELO: Not a $acl_m9 server


accept

acl_check_rcpt:

.ifdef MAILSCANNER_INCOMING
                defer
                message = Please try later.
                !hosts      = /etc/greylistd/whitelist-hosts
                !senders    = :
                log_message = greylisted.
                set acl_m9  = ${mask:$sender_host_address/24}
$sender_address $local_part@$domain
                set acl_m9  =
${readsocket{/var/run/greylistd/socket}{$acl_m9}{5s}{}{}}
                condition   = ${if eq {$acl_m9}{grey}{true}{false}}
.endif


accept hosts = :
accept hosts = 10.4.3.2

  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  accept  local_parts   = postmaster
          domains       = +local_domains


  require verify        = sender


  accept  domains       = +local_domains
          endpass
          verify        = recipient


deny    hosts           = ! animal.mupp.net
        message         = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
        dnslists        = http.dnsbl.sorbs.net :\
                        socks.dnsbl.sorbs.net :\
                        misc.dnsbl.sorbs.net :\
                        smtp.dnsbl.sorbs.net :\
                        web.dnsbl.sorbs.net :\
                        block.dnsbl.sorbs.net :\
                        zombie.dnsbl.sorbs.net :\
                        badconf.rhsbl.sorbs.net :\
                        nomail.rhsbl.sorbs.net


  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient


  accept  hosts         = +relay_from_hosts


accept authenticated = *

  deny    message       = relay not permitted


.ifdef EXISCAN_MODULE

    acl_check_content:


        accept  hosts = +relay_from_hosts


        accept  authenticated = *


        .include /etc/xams/exim-content-acl.conf


        accept
.endif


begin routers

full_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/full-aliases}}
file_transport = address_file
pipe_transport = address_pipe

.ifdef MAILSCANNER_INCOMING
defer_router:
driver = redirect
allow_defer
data = :defer: All deliveries are deferred
verify = false
.endif

Sympa_Robots:
        driver = accept
        domains = +ListDomains
        local_parts = sympa : listmaster
        transport = Sympa_Robots_Transport


Sympa_Robots_Request:
        driver = redirect
        domains = +ListDomains
        local_parts = sympa-request : sympa-owner
        data = postmaster@$domain


Sympa_Robots_Bounce:
        driver = accept
        domains = +ListDomains
        local_part_prefix = bounce+
        transport = Sympa_Bounce_Transports


Sympa_Owner_Bounce:
        initgroups = true
        driver = accept
        domains = +ListDomains
        require_files = /home/sympa/expl/$domain/$local_part/config
        local_part_suffix = -owner
        user = sympa
        group = sympa
        transport = Sympa_Owner_Bounce_Transport


Sympa_Lists:
        initgroups = true
        driver = accept
        domains = +ListDomains
        require_files = /home/sympa/expl/$domain/$local_part/config
        transport = Sympa_Robots_Transport
        user = sympa
        group = sympa


Sympa_Lists_Suffixes:
        initgroups = true
        driver = accept
        domains = +ListDomains
        local_part_suffix = -request : -editor : -unsubscribe : -subscribe
        require_files = /home/sympa/expl/$domain/$local_part/config
        transport = Sympa_Robots_Transport_Suffixes
        user = sympa
        group = sympa


cookiemonster:
        driver = manualroute
        domains = cookiemonster.mupp.net
        transport = remote_smtp
        route_list = * 10.4.3.2
        host_find_failed = defer
        same_domain_copy_routing = yes
        no_more


kkr:
        driver = manualroute
        domains = kkr.nu : *.kkr.nu
        transport = remote_smtp
        route_list = * 10.4.3.2
        host_find_failed = defer
        same_domain_copy_routing = yes
        no_more


.include /etc/xams/exim-routers.conf [included below]

# handle normal (non-*) aliases - bounce on condition
xams_aliases_forward_before_bounce:
driver = redirect
condition = ${lookup SQL_ALIASES_BOUNCEFORWARD_CONDITION}
allow_defer
allow_fail
data = ${lookup SQL_ALIASES_RIGHTPART}
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part
unseen

# handle normal (non-*) aliases - bounce and forward on condition
xams_aliases_bounce:
driver = redirect
condition = ${lookup SQL_ALIASES_BOUNCEFORWARD_CONDITION}
allow_defer
allow_fail
data = :fail: Unknown user
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# handle normal (non-*) aliases - do nothing, delete that mail
xams_aliases_ignore:
driver = redirect
condition = ${lookup SQL_ALIASES_BLACKHOLE_CONDITION}
allow_defer
allow_fail
data = :blackhole: Move mail to blackhole
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# Handle normal (non-*) aliases
xams_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup SQL_ALIASES_RIGHTPART}
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# Forward the mail (via Exim/XAMS filter)?
xams_forward:
  driver = redirect
  address_data = ${lookup SQL_QUOTA_SITENAME}
  allow_filter
  check_ancestor
  user = mail
  directory_transport = xams_address_file
  no_expn
  data = ${lookup SQL_FORWARD_DATA{${value}}}
  domains = +xams_domains
  file_transport = xams_address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  retry_use_local_part
  no_verify
  router_home_directory = /var/mail/${lookup
SQL_GET_SITENAME{${value}}}/${lc:$local_part}
  transport_home_directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
#  forbid_filter_perl = true
  forbid_filter_readfile = true
  forbid_filter_readsocket = true
  forbid_filter_run = true
  forbid_pipe = true
  forbid_filter_existstest = true
  forbid_filter_logwrite = true
  forbid_filter_lookup = true
  forbid_include = true
# Does not yet work for errors in SIEVE filters!
# errors are skipped and a keep; is run instead.
  syntax_errors_to = $local_part@$domain
  syntax_errors_text = \
               This is an automatically generated message.  An error has\n\
               been found in your .eximfilter file.  Details of the error
are\n\
               reported below.  While this error persists, you will
receive\n\
               a copy of this message for every message that is addressed
to\n\
               you.  A copy of each incoming message will be put in your
normal\n\
               mailbox.



# Fail if recipients mailbox (or his site) is set 'locked and bounced'
xams_lock:
driver = redirect
allow_defer
allow_fail
data = :fail: user not known to the system
domains = +xams_domains
condition = "${lookup SQL_LOCK}"
retry_use_local_part

# Is auto reply set on user's mailbox?
xams_autoreply:
driver = accept
address_data = ${lookup SQL_SITENAME_AUTOREPLYTEXT}
condition = ${lookup SQL_AUTOREPLY_ROUTER{${value}}}
domains = +xams_domains
transport = xams_autoreply_transport
unseen

# Standard delivery of mail to user's mailbox
xams_users:
driver = accept
address_data = ${lookup SQL_QUOTA_SITENAME}
condition = ${lookup SQL_USERS_CONDITION}
domains = +xams_domains
retry_use_local_part
router_home_directory = /var/mail/${lookup
SQL_GET_SITENAME{${value}}}/${lc:$local_part}
transport_home_directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
transport = xams_delivery

# handle * aliases - bounce on condition
xams_catch_aliases_forward_before_bounce:
driver = redirect
condition = ${lookup SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION}
allow_defer
allow_fail
data = ${lookup SQL_CATCH_ALIASES_RIGHTPART}
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part
unseen

# handle * aliases - bounce and forward on condition
xams_catch_aliases_bounce:
driver = redirect
condition = ${lookup SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION}
allow_defer
allow_fail
data = :fail: Unknown user
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# handle * aliases - do nothing, delete that mail
xams_catch_aliases_ignore:
driver = redirect
condition = ${lookup SQL_CATCH_ALIASES_BLACKHOLE_CONDITION}
allow_defer
allow_fail
data = :blackhole: Move mail to blackhole
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# handle * aliases - forward
xams_catch_aliases_forward:
driver = redirect
allow_defer
allow_fail
data = ${lookup SQL_CATCH_ALIASES_RIGHTPART{$value}}
domains = +xams_domains
qualify_preserve_domain
retry_use_local_part

# None of the routers found an user, aliases or whatever - Unknown user
xams_fail:
driver = redirect
allow_fail
domains = +xams_domains
data = :fail: Unknown user
haven:/etc/xams#
[end of include]

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe

userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply

localuser:
driver = accept
check_local_user
transport = local_delivery
cannot_route_message = Unknown user

begin transports
.include /etc/xams/exim-transports.conf [included below]
xams_delivery:
driver = appendfile
check_string =
delivery_date_add
envelope_to_add
group = mail
maildir_format
directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
maildir_tag = ,S=$message_size
message_prefix =
message_suffix =
quota = ${extract{quota}{$address_data}}
maildir_use_size_file
quota_size_regex = S=(\d+):
quota_warn_threshold = 75%
quota_warn_message = TXT_QUOTA_WARN_MESSAGE
return_path_add
user = mail
create_file = belowhome

xams_address_file:
driver = appendfile
check_string =
delivery_date_add
envelope_to_add
group = mail
maildir_format = true
directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}/${sg{$addres
s_file}{^inbox}{}}
maildir_tag = ,S=$message_size
message_prefix =
message_suffix =
quota = ${extract{quota}{$address_data}}
maildir_use_size_file
quota_size_regex = S=(\d+):
return_path_add
user = mail
create_file = belowhome

xams_autoreply_transport:
driver = autoreply
user = mail
group = mail
once =
/etc/xams/autoreply/${extract{sitename}{$address_data}}/${lc:$local_part}.on
ce
once_repeat = 7d
subject = ${rfc2047:${extract{autoreplysubject}{$address_data}}}
to = $sender_address
from = $local_part@$domain
text = ${from_utf8:${extract{autoreplytext}{$address_data}}}
return_message = true
# Do you want to log all sent replies?
#log =
/etc/xams/autoreply/${extract{sitename}{$address_data}}/${lc:$local_part}.lo
g
[end of include]


Sympa_Robots_Transport:
        driver = pipe
        command = "/home/sympa/bin/queue $local_part@$domain"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa


Sympa_Bounce_Transports:
        driver = pipe
        command = "/home/sympa/bin/bouncequeue sympa@$domain"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa


Sympa_Owner_Bounce_Transport:
        driver = pipe
        command = "/home/sympa/bin/bouncequeue $local_part@$domain"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa


Sympa_Robots_Transport_Suffixes:
        driver = pipe
        command = "/home/sympa/bin/queue
$local_part$local_part_suffix@$domain"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa


remote_smtp:
driver = smtp

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

begin authenticators

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if !eq {} \
    {${if eq {} {${domain:$2}} \
        {${lookup SQL_AUTH_UNIQUE_PLAIN{1}}} \
        {${lookup SQL_AUTH_PLAIN{1}}} \
    }} \
    {yes}{no} \
  }
  server_set_id = $2


login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if !eq {} \
    {${if eq {} {${domain:$1}} \
        {${lookup SQL_AUTH_UNIQUE_LOGIN{1}}} \
        {${lookup SQL_AUTH_LOGIN{1}}} \
    }} \
    {yes}{no} \
  }
  server_set_id = $1





> 3. run in session test mode ( -bh ip.add.re.ss ) with debug ( -d +all ) 3.

try >another angle of attack such as strace

Does any of the above give any clue? If not, I'll try stracing.