Re: [exim] Routers question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Routers question
Phill Harvey-Smith wrote:
> Ok, this is the comment removed version of my current routers file :-
>
> mysql_alias:
>          driver = redirect
>          data = ${lookup mysql{select alias from alias where 
> address='$local_part@$domain'}}
>          allow_fail
>          allow_defer
>          file_transport = address_file
>          pipe_transport = address_pipe

>
> # bio maintained maillists to get round ITS exchange restriction.
>
> mysql_maillist_alias:
>          driver = redirect
>          data = ${lookup mysql{select listmembers from 
> personel.maillists where listname='$local_part'}}
>          allow_fail
>          allow_defer
>          file_transport = address_file
>          pipe_transport = address_pipe

>
>
> #Route directly mail to user@??? to 
> template.bio.warwick.ac.uk,
> #Ignore MX !!!! 24/04/2002 PHS.
> #this *IS* still required even though we have control of MX now, otherwise
> #exim tries to relay bio mail to itself.....
> # all mail for bio.warwick.ac.uk get sent to host at end....
> # unless it has been sent elsewhere by the alias driver above.
> #
> # Cell/Mercury retired as of 2007-10-09
> #
> send_to_cell:
>     driver = manualroute
>       transport = remote_smtp    
>     route_list = bio.warwick.ac.uk template.bio.warwick.ac.uk    

>
> send_to_matterhorn:
>     driver = manualroute
>     transport = remote_smtp
>     route_list = matterhorn.bio.warwick.ac.uk matterhorn.bio.warwick.ac.uk

>
> send_to_oikos:    
>     driver = manualroute     
>     transport = remote_smtp    
>     route_list = oikos.warwick.ac.uk thunnus.bio.warwick.ac.uk

>
> send_to_globin:    
>     driver = manualroute     
>     transport = remote_smtp
>     route_list = globin.bio.warwick.ac.uk globin.bio.warwick.ac.uk

>
>
> dnslookup:
>    driver = dnslookup
>    domains = ! +local_domains
>    transport = remote_smtp
>    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>    no_more

>
> system_aliases:
>    driver = redirect
>    allow_fail
>    allow_defer
>    data = ${lookup{$local_part}lsearch{/etc/aliases}}
>    file_transport = address_file
>    pipe_transport = address_pipe

>
> #
> # handle aliases for mailman mailing list system.
> #     2007-09-28, PHS.
> #

>
> mailman_aliases:
>    driver = redirect
>    allow_fail
>    allow_defer
>    data = ${lookup{$local_part}lsearch{/var/lib/mailman/data/aliases}}
>    file_transport = address_file
>    pipe_transport = address_pipe

>
>
> userforward:
>    driver = redirect
>    check_local_user
>    file = $home/.forward
>    no_verify
>    no_expn
>    check_ancestor
>    file_transport = address_file
>    pipe_transport = address_pipe
>    reply_transport = address_reply

>
> localuser:
>    driver = accept
>    check_local_user
>    transport = local_delivery
>    cannot_route_message = Unknown user

>
>
> This is for our departmental mailserver which is the primary mx for our
> domain bio.warwick.ac.uk, this machine can also accept mail for local
> delivery to protein.bio.warwick.ac.uk. Historically the internal
> departmental mail was handled by our mercury email system running on
> cell, but when most of our users where moved onto the campus email
> system I implemented a mysql driven alias system to re-direct all of
> their @bio mail->@warwick, these are the mysql based routers, the
> send_to_cell would handle anyone that wanted to still use mercury,
> however we now want to discontinue this.
>
> What I would like to do is arrange so that any mail to
> user@??? would either be redirected by an alias in the
> mysql table or thrown away, so ideally send_to_cell should be replaced
> with something that drops any further @bio addresses on the floor.
> However, I still need anything that is not @bio to be passed on to the
> routers below e.g. sent_to_materhorn, _oikos and _globin etc.
>
> Can this be done ?


I haven't looked *rallly* close, so presume that a simple re-ordering of the
existing routers isn't good enough..

in which case... (postgreSQL driven here, but same logic..)

Two ways:

You could put a router just ahead of the one that 'finds' the mercury aliases,
with the SQL logic reversed. i.e it succeeds exim-wise when it FAILS SQL-wise
to find a valid alias, then selects a transport on the failure. Said transport
delivers to /dev/null.

But that leaves the sender in the dark.. Fine they have degenerated to naufght
but 'bots and that is what you want..

Othrwise..

We don't do a 'router walk' for verify = recipient.

Instead, we do an SQL lookup in the RECPT TO acl.

Downside is that ALL valid recipients - and aliases - have to be in the DB -
even 'postmaster' 'abuse' et al.

Upside is that there is exactly ONE place where ALL address and domains are
maintained.

That doesn't mean we cannot still use conventional *routers* driven off, for
example, /etc/aliases. We can. They just aren't used for verification.

That's been in production for some years.


CAVEAT: Not tested here, but you should be able to get the same effect w/o the
extra DB lookup in RECPT-TO by flagging the 'designed to fail' mercury router to
no verify, at which point those with a valid alias accept, others reject.

And the sender - if not a deaf-dumb-and-blind spambot - get an in-session
message that the address is not valid.

HTH,

Bill Hacker

> Every time I have tried so far, whatever I have replaced send_to_cell
> with has ended up with messages being defered with a message such as :-
>
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 <= phill@???
> H=jane.bio.warwick.ac.uk [137.205.155.235] P=esmtp S=832
> id=470CF701.2040001@???
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 lowest numbered MX record points to
> local host: bio.warwick.ac.uk
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 == sjdavis@???
> R=dnslookup defer (-1): lowest numbered MX record points to local host
> 2007-10-10 17:00:03 1Ifdyd-00066F-K1 Frozen
>
>
> Cheers.
>
> Phill.
>