[exim] "Relaying not permitted" with Mailman.

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Bill Hayles
Dátum:  
Címzett: Exim-users
Tárgy: [exim] "Relaying not permitted" with Mailman.
Hi,

I recently changed to Exim from a Windows MTA, and I'm happy with it. It
will accept mail for everybody it should do and reject others. It will also
send mail from KMail, and happily relay from other machines on my LAN.

For the last few days, I've been trying to set up a Mailman installation.
Mail TO Mailman is handled correctly. However, mail FROM mailman is
rejected with the usual "Relaying not permitted" message. This despite
Mailman being on the same machine and exim properly handling mail from other
computers on the LAN.

If I temporarily add a domain to relay_to_domains, the mail goes through so
I know it's something in my configs, but I can't see what. Can anybody help
me?

The main domain is craybox.com and Mailman uses lists.craybox.com

Here is a sample of Exim's reject.log (the "naughty, naughty" waas added by
me to confirm it was Exim doing the rejecting.

2009-08-19 12:26:40 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:26:41 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:26:41 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:25 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+billnot=billnot.com@???> rejected RCPT <billnot@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:25 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:26 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:27 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:28 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:29 H=localhost ([127.0.0.1]) [::1] F=<testlist-bounces+fairfax=cftb.net@???> rejected RCPT <fairfax@???>: Naughty naughty. Relaying not permitted
2009-08-19 12:27:29 H=localhost ([127.0.0.1]) [::1] F=<mailman-bounces+groups=billnot.com@???> rejected RCPT <groups@???>: Naughty naughty. Relaying not permitted

Here is my config; I've erred on the side of posting too much rather than
too little, and I've deleted most of the comments, and the commented out
settings (it's the default config, wityh me only changing a few lines, plus
the mailman parts as per the exim.org howto.

# $Cambridge: exim/exim-src/src/configure.default,v 1.13 2007/06/26 11:21:36 ph10 Exp $


# Home dir for your Mailman installation -- aka Mailman's prefix
# directory.
# By default this is set to "/usr/local/mailman"
# On a Red Hat/Fedora system using the RPM use "/var/mailman"
# On Debian using the deb package use "/var/lib/mailman"
# This is normally the same as ~mailman
MM_HOME=/var/lib/mailman
#
# User and group for Mailman, should match your --with-mail-gid
# switch to Mailman's configure script.
# Value is normally "mailman"
MM_UID=mailman
MM_GID=mailman
#
# Domains that your lists are in - colon separated list
# you may wish to add these into local_domains as well
domainlist mm_domains=lists.craybox.com
#
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# These values are derived from the ones above and should not need
# editing unless you have munged your mailman installation
#
# The path of the Mailman mail wrapper script
# MM_WRAP=MM_HOME/mail/mailman
MM_WRAP=/usr/lib/mailman/mail/mailman

#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck


######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################



primary_hostname = craybox.com


domainlist local_domains = @
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 172.26.0.2 : 172.26.0.3 : 172.26.0.4 : 172.26.0.5



acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

# You should not change those settings until you understand how ACLs work.
# I haven't!


never_users = root


# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *




rfc1413_hosts = *
rfc1413_query_timeout = 5s





######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl


acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = :



  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]



  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./



  accept  local_parts   = postmaster
          domains       = +local_domains


# Deny unless the sender address can be verified.

  require verify        = sender




  accept  hosts         = +relay_from_hosts
          control       = submission




  accept  authenticated = *
          control       = submission



  require message = Naughty naughty. Relaying not permitted
          domains = +local_domains : +relay_to_domains



require verify = recipient



accept



acl_check_data:



accept



######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #



begin routers



dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more



system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = exim
file_transport = address_file
pipe_transport = address_pipe

 mailman_router:
    driver = accept
    domains = +mm_domains
    require_files = MM_LISTCHK
    local_part_suffix_optional
    local_part_suffix = -admin     : \
 -bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
 -join      : -leave     : \
 -owner    : -request   : \
 -subscribe : -unsubscribe
    transport = mailman_transport



userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply


localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user



######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports
# Mailman transport

 mailman_transport:
    driver = pipe
    command = MM_WRAP \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              $local_part
    current_directory = MM_HOME
    home_directory = MM_HOME
    user = MM_UID
    group = MM_GID



# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp


local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660



address_pipe:
driver = pipe
return_output



address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.

address_reply:
driver = autoreply



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


# snipped as irrelevant


######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


begin authenticators
# everything else is commented out.




# End of Exim configuration file



--
Bill Hayles
http://www.digiboxes.org (sales@???)
groups@???