Re: [exim] A Forwarding Exim4-Server

Top Page
Delete this message
Reply to this message
Author: Carlo Wood
Date:  
To: Erwin Ambrosch|XHOSTPLUS
CC: exim-users
Subject: Re: [exim] A Forwarding Exim4-Server
On Sat, May 05, 2007 at 11:19:34AM +0200, Erwin Ambrosch|XHOSTPLUS wrote:
> is it possible to set up Exim4 to meet the following requirement:
>
> Exim4 should not deliver Mails locally (i call it Forwarding-Exim),
> but just forwarding all the mails to an Exim4 server on a different
> machine (i call it Target-Exim).


Since you are using debian, I will answer for that case.
I have my Forwarding-Exim forward all mail to the Target-Exim
by adding:

alinoe.com: taryn

to /etc/exim4/hubbed_hosts, where 'taryn' is listed in /etc/hosts
as usual is the machine running the Target-Exim. "alinoe.com" is
the domain that mail is sent to.

I am using the 'split out' configuration
(/etc/exim4/update-exim4.conf.conf contains the
line dc_use_split_config='true'), thus the files in
/etc/exim4/conf.d are relevant rather than
/etc/exim4/exim4.conf.template

You probably don't want to edit /etc/exim4/update-exim4.conf.conf
directly, but instead run dpkg-reconfigure exim4-config,
so that any changes/updates will be merged with what you
put in there. However, in the end you will need to end up
with dc_relay_domains='alinoe.com' in order for the
Forwarding-Exim to accept mail to 'alinoe.com'.
Personally, I use dc_relay_nets='192.168.0.0/16' and
dc_smarthost='smtp.chello.nl', but really I don't sent
mail from Forwarding-Exim, nor do I really use it to
forward mail from Target-Exim (that host sends mail directly
to my ISPs smarthost). The dc_eximconfig_configtype that
I start with (when running dpkg-reconfigure exim4-config)
is 'smarthost'. Although local delivery is not important,
I have dc_localdelivery='maildir_home'.

Finally, you need to add a file /etc/exim4/conf.d/main/02_local_options

with the content:

primary_hostname = mx.yourdomain.com

where mx.yourdomain.com is the MX record used for your domain.

> If the mail is not accepted by the Target-Exim the mail should
> not be queued by the Forwarding-Exim, but just dropped.


You can have Forwarding-Exim check if the address exists (and
thus is accepted) by adding a file /etc/exim4/local_rcpt_callout
with the content:

*@+relay_to_domains

> For the Target-Exim the sender should not be the Forwarding-Exim
> but the original sending Email-Server.


Nothing is changed to the headers - Forwarding-Exim is added
in a "Received: .." line of course - but that should hurt anything.
The "From ..." line and "Sender: ..." header lines etc are left
alone.

> Original-Mail-Server <---> Forwarding-Exim <---> Target-Exim (delivers locally or rejects the Email ex. Grey-Listing)


I have more configuration stuff that took me some effort to
figure out regarding spam filtering: I have this set up especially
so that Forwarding-Exim can do the spam filtering, without loading
the final Target-Exim's cpu with that task.

Nevertheless, you probably want to add your own ACL's anyway (for
other things and/or spamassassin). In order to do that without
editting a debian providided file (so that updating will go
seemless), you could add a file /etc/exim4/local.acl_smtp_data
and add a file /etc/exim4/conf.d/main/00_local_localmacros with
the content:

CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/local.acl_smtp_data

In my case, /etc/exim4/local.acl_smtp_data then contains (as
example):

# Disallow attachments with certain extensions.
deny
demime =
bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url:zip
message = .$found_extension attachments are not accepted by this recipient

etc.

The spam filter specific part in this file is at the bottom and
reads:

deny
spam = Debian-exim:true
condition = ${if >={$spam_score_int}{100}}
delay = 15s
message = Your message is rejected because it is classified as spam. Go away.
logwrite = :main: Classified as spam (score $spam_score)
logwrite = :reject: SPAM10: $spam_report

# Using X-TMP-Spam-* here; this will be translated back in system.filter.
warn
  condition = ${if >={$spam_score_int}{50}}
  message = X-TMP-Spam-Status: Yes, score=$spam_score required=5.0\n\
            X-TMP-Spam-Report: $spam_report
  delay = 15s
  control = fakereject
  logwrite = :main: Classified as spam (score $spam_score)
  logwrite = :reject: SPAM5: $spam_report


warn
  condition = ${if <{$spam_score_int}{50}}
  message = X-TMP-Spam-Status: No, score=$spam_score required=5.0\n\
            X-TMP-Spam-Report: $spam_report


The 'delay' lines are to annoy spammers. Spam with a level of 10.0
and higher is outright rejected. The advantage over /dev/null-ing is
that if it was legit mail, then the sender will get the bounce and
knows it was not delivered. Another advantage is that you won't be
bouncing to fake addresses given in a 'From:' line.

In order for this spam filtering to work, you need to have the
package exim4-daemon-heavy installed.

Also, as you see, I add headers "X-TMP-Spam-*". In order to
change that back to "X-Spam-*" you need to add another line to
/etc/exim4/conf.d/main/02_local_options, namely:

system_filter = /etc/exim4/system.filter

and then add /etc/exim4/system.filter with the following content:

# Exim filter
if first_delivery
then
headers remove X-Spam-Checker-Version:X-Spam-Level:X-Spam-Status:X-Spam-bar:X-Spam-Report:X-Spam-Score:X-Spam-Flag:X-Content-Filtered-By:X-SA-Exim-Connect-IP:X-SA-Exim-Mail-From:X-SA-Exim-Scanned:X-Scanned-By:X-Greylist
headers add "X-Spam-Status: $header_X-TMP-Spam-Status:"
headers add "X-Spam-report: $header_X-TMP-Spam-Report:"
headers remove X-TMP-Spam-Status:X-TMP-Spam-Report
endif

The result is that any previously existing X-Spam-* headers are removed
and only our new X-Spam-* headers remain.

--
Carlo Wood <carlo@???>