Phill Harvey-Smith wrote:
> Ok, this is the comment removed version of my current routers file :-
>
> mysql_alias:
> driver = redirect
> data = ${lookup mysql{select alias from alias where
> address='$local_part@$domain'}}
> allow_fail
> allow_defer
> file_transport = address_file
> pipe_transport = address_pipe
>
> # bio maintained maillists to get round ITS exchange restriction.
>
> mysql_maillist_alias:
> driver = redirect
> data = ${lookup mysql{select listmembers from
> personel.maillists where listname='$local_part'}}
> allow_fail
> allow_defer
> file_transport = address_file
> pipe_transport = address_pipe
>
>
> #Route directly mail to user@??? to
> template.bio.warwick.ac.uk,
> #Ignore MX !!!! 24/04/2002 PHS.
> #this *IS* still required even though we have control of MX now, otherwise
> #exim tries to relay bio mail to itself.....
> # all mail for bio.warwick.ac.uk get sent to host at end....
> # unless it has been sent elsewhere by the alias driver above.
> #
> # Cell/Mercury retired as of 2007-10-09
> #
> send_to_cell:
> driver = manualroute
> transport = remote_smtp
> route_list = bio.warwick.ac.uk template.bio.warwick.ac.uk
>
> send_to_matterhorn:
> driver = manualroute
> transport = remote_smtp
> route_list = matterhorn.bio.warwick.ac.uk matterhorn.bio.warwick.ac.uk
>
> send_to_oikos:
> driver = manualroute
> transport = remote_smtp
> route_list = oikos.warwick.ac.uk thunnus.bio.warwick.ac.uk
>
> send_to_globin:
> driver = manualroute
> transport = remote_smtp
> route_list = globin.bio.warwick.ac.uk globin.bio.warwick.ac.uk
>
>
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
>
> system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
>
> #
> # handle aliases for mailman mailing list system.
> # 2007-09-28, PHS.
> #
>
> mailman_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part}lsearch{/var/lib/mailman/data/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
>
>
> userforward:
> driver = redirect
> check_local_user
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
>
> localuser:
> driver = accept
> check_local_user
> transport = local_delivery
> cannot_route_message = Unknown user
>
>
> This is for our departmental mailserver which is the primary mx for our
> domain bio.warwick.ac.uk, this machine can also accept mail for local
> delivery to protein.bio.warwick.ac.uk. Historically the internal
> departmental mail was handled by our mercury email system running on
> cell, but when most of our users where moved onto the campus email
> system I implemented a mysql driven alias system to re-direct all of
> their @bio mail->@warwick, these are the mysql based routers, the
> send_to_cell would handle anyone that wanted to still use mercury,
> however we now want to discontinue this.
>
> What I would like to do is arrange so that any mail to
> user@??? would either be redirected by an alias in the
> mysql table or thrown away, so ideally send_to_cell should be replaced
> with something that drops any further @bio addresses on the floor.
> However, I still need anything that is not @bio to be passed on to the
> routers below e.g. sent_to_materhorn, _oikos and _globin etc.
>
> Can this be done ?
I haven't looked *rallly* close, so presume that a simple re-ordering of the
existing routers isn't good enough..
in which case... (postgreSQL driven here, but same logic..)
Two ways:
You could put a router just ahead of the one that 'finds' the mercury aliases,
with the SQL logic reversed. i.e it succeeds exim-wise when it FAILS SQL-wise
to find a valid alias, then selects a transport on the failure. Said transport
delivers to /dev/null.
But that leaves the sender in the dark.. Fine they have degenerated to naufght
but 'bots and that is what you want..
Othrwise..
We don't do a 'router walk' for verify = recipient.
Instead, we do an SQL lookup in the RECPT TO acl.
Downside is that ALL valid recipients - and aliases - have to be in the DB -
even 'postmaster' 'abuse' et al.
Upside is that there is exactly ONE place where ALL address and domains are
maintained.
That doesn't mean we cannot still use conventional *routers* driven off, for
example, /etc/aliases. We can. They just aren't used for verification.
That's been in production for some years.
CAVEAT: Not tested here, but you should be able to get the same effect w/o the
extra DB lookup in RECPT-TO by flagging the 'designed to fail' mercury router to
no verify, at which point those with a valid alias accept, others reject.
And the sender - if not a deaf-dumb-and-blind spambot - get an in-session
message that the address is not valid.
HTH,
Bill Hacker
> Every time I have tried so far, whatever I have replaced send_to_cell
> with has ended up with messages being defered with a message such as :-
>
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 <= phill@???
> H=jane.bio.warwick.ac.uk [137.205.155.235] P=esmtp S=832
> id=470CF701.2040001@???
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 lowest numbered MX record points to
> local host: bio.warwick.ac.uk
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 == sjdavis@???
> R=dnslookup defer (-1): lowest numbered MX record points to local host
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 Frozen
>
>
> Cheers.
>
> Phill.
>
