Dear list,
(Please CC me, as I am not subscribed.)
Situation
---------
I set up Sympa [1] and used this configuration [2] as the basis for
setup with virtual hosts. This setup does not
use /etc/mail/sympa.aliases with pipes, but defines routers and
transports instead.
The thing is, there is no dedicated domain for the lists. It is the same
for the users as for the lists. For example the domain is dom.org, user
user has her/his address
user@???
and the list list has the address
list@???
Problem
-------
Now if recipient verification is turned on, exim does not run as root
and therefore is not allowed to check the list directory for certain
files and it rejects with the error message “Unrouteable address” if the
sender is *not* from the local machine.¹
The added routers are pasted after these notes.
1. sympa_domains is currently the same as local_domains
2. Permissions.
$ ls -l /var/lib/
[…]
drwxrwx--x 6 sympa sympa 4096 2009-01-17 18:15 sympa
[…]
$ sudo ls -l /var/lib/sympa
total 16
drwxr-x--- 6 sympa sympa 4096 2009-01-26 13:44 expl
drwxrwxr-x 3 sympa sympa 4096 2009-01-17 22:31 static_content
drwxrwx--x 4 sympa sympa 4096 2009-02-01 12:12 wwsarchive
drwxrwx--x 2 sympa sympa 4096 2008-10-19 21:13 x509-user-certs
$ sudo ls -l /var/lib/sympa/expl
drwxr-x--- 6 sympa sympa 4096 2009-01-29 00:00 domain.org
$ sudo ls -l /var/lib/sympa/expl/domain.org
drwxr-x--- 4 sympa sympa 4096 2009-01-29 08:43 list
$ sudo ls -l /var/lib/sympa/expl/domain.org/list/config
-rw-r----- 1 sympa sympa 942 2009-01-29 08:30 /var/lib/sympa/expl/domain.org/list/config
3. In case the list does not exist, I added a + in the require_file
directives and deleted no_more at the end of the last three routers.
Maybe an if exist file statement would be more beneficial.
### Sympa
sympa_aliases:
debug_print = "R: sympa_aliases for $local_part@$domain"
driver = accept
domains = +sympa_domains:+local_domains
local_parts = sympa : listmaster
transport = sympa_transport
no_more
sympa_router:
driver = accept
domains = +sympa_domains
require_files = +SYMPA_HOME/expl/$domain/$local_part/config
condition = ${if eqi{${lookup{status}lsearch{SYMPA_HOME/expl/$domain/$local_part/config}}}{open}{yes}{no}}
user = sympa
local_part_suffix_optional
local_part_suffix = -request : -editor : \
-subscribe : -unsubscribe
transport = sympa_transport
sympaowner_router:
driver = accept
domains = +sympa_domains
require_files = +SYMPA_HOME/expl/$domain/$local_part/config
condition = ${if eqi{${lookup{status}lsearch{SYMPA_HOME/expl/$domain/$local_part/config}}}{open}{yes}{no}}
user = sympa
local_part_suffix_optional
local_part_suffix = -owner : -owner+*
transport = sympaowner_transport
sympabounce_router:
driver = accept
domains = +sympa_domains
user = sympa
local_part_prefix = bounce+
transport = sympabounce_transport
sympaabuse_router:
driver = accept
domains = +sympa_domains
user = sympa
local_parts = abuse-feedback-report : abuse : postmaster
transport = sympabounce_transport
Possible Solutions?
-------------------
So recipient verification fails, due to that the directory cannot be
read/checked. So I this came to my mind.
1. Disable recipient verification.
2. Add exim to the sympa group.
3. Can one change the group in the recipient verification state?
4. Adapt the permissions of the /var/lib/sympa directories and
sub-directories.
Could you think of something else, something simple or elegant to check
those config files in the beginning to use recipient verification? I
looked at the hints for Mailman [4], but it did not work.
Thanks in advance. Bests,
Paul
¹ sudo exim4 -bt list@??? finds the correct router, since it is
running as root(?). You need to run sudo exim4 -bh [external ip] to find
out that it is rejected.
[1]
https://www.sympa.org/
[2]
https://listes.cru.fr/sympa/arc/sympa-users/2008-01/msg00086.html
[3]
http://dmail.zsi.at/cgi-bin/dwww/usr/share/doc/mailman/README.Exim4.Debian