Hi,
I recently changed to Exim from a Windows MTA, and I'm happy with it. It
will accept mail for everybody it should do and reject others. It will also
send mail from KMail, and happily relay from other machines on my LAN.
For the last few days, I've been trying to set up a Mailman installation.
Mail TO Mailman is handled correctly. However, mail FROM mailman is
rejected with the usual "Relaying not permitted" message. This despite
Mailman being on the same machine and exim properly handling mail from other
computers on the LAN.
If I temporarily add a domain to relay_to_domains, the mail goes through so
I know it's something in my configs, but I can't see what. Can anybody help
me?
The main domain is craybox.com and Mailman uses lists.craybox.com
Here is a sample of Exim's reject.log (the "naughty, naughty" waas added by
me to confirm it was Exim doing the rejecting.
2009-08-19 12:26:40 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:26:41 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:26:41 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:25 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+billnot=billnot.com@???> rejected RCPT <billnot@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:25 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:26 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:27 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:28 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:29 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+fairfax=cftb.net@???> rejected RCPT <fairfax@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:29 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
Here is my config; I've erred on the side of posting too much rather than
too little, and I've deleted most of the comments, and the commented out
settings (it's the default config, wityh me only changing a few lines, plus
the mailman parts as per the exim.org howto.
# $Cambridge: exim/exim-src/src/configure.default,v 1.13 2007/06/26 11:21:36 ph10 Exp $
# Home dir for your Mailman installation -- aka Mailman's prefix
# directory.
# By default this is set to "/usr/local/mailman"
# On a Red Hat/Fedora system using the RPM use "/var/mailman"
# On Debian using the deb package use "/var/lib/mailman"
# This is normally the same as ~mailman
MM_HOME=/var/lib/mailman
#
# User and group for Mailman, should match your --with-mail-gid
# switch to Mailman's configure script.
# Value is normally "mailman"
MM_UID=mailman
MM_GID=mailman
#
# Domains that your lists are in - colon separated list
# you may wish to add these into local_domains as well
domainlist mm_domains=lists.craybox.com
#
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# These values are derived from the ones above and should not need
# editing unless you have munged your mailman installation
#
# The path of the Mailman mail wrapper script
# MM_WRAP=MM_HOME/mail/mailman
MM_WRAP=/usr/lib/mailman/mail/mailman
#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = craybox.com
domainlist local_domains = @
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 172.26.0.2 : 172.26.0.3 : 172.26.0.4 : 172.26.0.5
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
# You should not change those settings until you understand how ACLs work.
# I haven't!
never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission
require message = Naughty naughty. Relaying not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept
acl_check_data:
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = exim
file_transport = address_file
pipe_transport = address_pipe
mailman_router:
driver = accept
domains = +mm_domains
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# Mailman transport
mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
# snipped as irrelevant
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
# everything else is commented out.
# End of Exim configuration file
--
Bill Hayles
http://www.digiboxes.org (sales@???)
groups@???