Re: [exim] Exim used as a filter - want some hosts to be del…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: John Schmerold
CC: exim-users
Subject: Re: [exim] Exim used as a filter - want some hosts to be deliveredon alternative ports
On 2008-01-12 at 09:49 -0600, John Schmerold wrote:
> It seems, I'm not being clear, what I'm looking for is functionality
> similar to that provided by Postfix's transport file as documented
> here:
>        http://www.postfix.org/transport.5.html

>
> The example I am looking to duplicate is:
>        In the case of delivery via SMTP, one  may  specify  host-
>        name:service instead of just a host:

>
>             example.com      smtp:bar.example:2025

>
> Is this available in Exim?


Yes. I provided in my original reply an explanation of how to do this
in the Exim way, which would have the config file read:
example.com: host=bar.example port=2025

For example, my laptop has a file named "smarthosts" in which I, uhm,
will obfuscate (!) the gmail email address used:
----------------------------8< cut here >8------------------------------
gmail.com:      host=smtp.gmail.com     submission=yes  tls=yes user=no@???
googlemail.com: host=smtp.gmail.com     submission=yes  tls=yes user=no@???
*:              host=redoubt.spodhuis.org submission=yes tls=yes
----------------------------8< cut here >8------------------------------


Driver and Transport are below; prerequisites are macros defining
RUNCONFDIR (a directory) and MYHELO_TO_SMARTHOST (a default) together
with domainlist local_domains (standard config) and a hostlist
special_ipv4_bad which are those that I never want to try do deliver to
(RFC 3330 stuff).

These are a little more complex than you asked for, which is why I just
told you how to do things before.

In fact, since I'm posting all this I might as well include one of the
authenticators to actually use the "user=" field; I have a couple of
authenticators, not just the PLAIN one, but the PLAIN one shows off the
"client_condition" feature introduced in Exim 4.68, used to protect against
leaking passwords over cleartext channels. This adds the macro
dependency RUNAUTHDIR (defining a directory) which has the file
"user-passwords" used by Exim as a server and "client-passwords" used by
Exim as a client. Client-passwords contains data of the form:

----------------------------8< cut here >8------------------------------
spodhuis.org    user=laptop1   password=gobbledygook
no@???      password=my_sekret_passw0rd
----------------------------8< cut here >8------------------------------


# after "begin routers":

smarthost:
driver = manualroute
domains = ! +local_domains
transport = smarthost_smtp
ignore_target_hosts = +special_ipv4_bad
route_data = ${extract{host}{${lookup{$domain}partial()lsearch*{RUNCONFDIR/smarthosts}}}}
address_data = ${lookup{$domain}partial()lsearch*{RUNCONFDIR/smarthosts}}
same_domain_copy_routing
no_verify
no_more

# after "begin transports":

smarthost_smtp:
  driver = smtp
  port = ${extract{port}{$address_data}{$value}{\
          ${extract{submission}{$address_data}{587}{25}}\
          }}
  hosts_require_tls = ${extract{tls}{$address_data}{*}{+tls_required_to}}
  hosts_require_auth = ${extract{user}{$address_data}{*}{+authenticate_required_to}}
  helo_data = ${extract{helo}{$address_data}{$value}{MYHELO_TO_SMARTHOST}}


# after "begin authenticators":

auth_plain:
  driver        = plaintext
  public_name   = PLAIN
  server_advertise_condition = ${if def:tls_cipher}
  server_prompts        = :
  server_condition      = ${lookup{$2}lsearch{RUNAUTHDIR/user-passwords}\
                                {${if eq{$value}{$3}{yes}{no}}}{no}}
  server_set_id         = ${quote:$2}
  client_condition      = ${if def:tls_cipher}
  client_send = ^${extract{user}{$address_data}{$value}{\
           ${extract{user}{${lookup{$host}partial()lsearch{RUNAUTHDIR/client-passwords}}}{$value}fail}}}\
        ^${extract{password}{${lookup{\
           ${extract{user}{$address_data}{$value}{$host}}\
           }partial()lsearch{RUNAUTHDIR/client-passwords}}}{$value}fail}



# -Phil