Re: [exim] problem with smarthost setup

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Niels Dettenbach
CC: exim-users
Betreff: Re: [exim] problem with smarthost setup
On 2009-12-01 at 16:41 +0100, Niels Dettenbach wrote:
> I have a smarthost configuration and several email adresses in the same domain
> are locally - others on the smarthost (not locally).
>
> This means if someone on the local host writes an email to a recipient in a
> local domain, exim has to check if he can deliver it locally (to cyrus by
> LMTP) - otherwise the address must be at the smarthost (providers mailserver).


> #remoteuser:
> # driver = manualroute
> # domains = +local_domains
> # condition = "${if !eq{$header_X-Virus-Scanned} {1}{0}}"
> # transport = remote_smtp
> # route_list = * syndicat.com
>
> # This router matches local user mailboxes.
> localuser:
> driver = accept
> #check_local_user
> transport = local_delivery


> If i place "remoteuser" after "localuser" localuser matches anytime but leads
> to the LTMP error from cyrus in cases the postbox is not local.
>
> Can anyone help here? Any ide is very welcome here.


You do want "remoteuser" after "localuser". But you want to make sure
that localuser does not accept the non-local addresses; if the Router
does not accept them, they're declined and fall through to the next
Router. If the Router's preconditions pass, but message delivery fails,
then you have a "fail" instead of a "decline". See:
3.10 Running an individual router

Do all your LMTP addresses correspond to local users? If so,
uncommenting check_local_user should be sufficient. Otherwise, you want
to combine other preconditions such that they only accept addresses
valid via LMTP.

Eg, I have something like this:
----------------------------8< cut here >8------------------------------
### Routers

imap_user:
  driver        = accept
  domains       = +local_domains
  transport     = imap_inject
  local_part_suffix = +*
  local_part_suffix_optional
# This one handles generic case, but relies on Cyrus imapd.conf containing
# "umask 027" instead of default 077, and the Exim user having read-access,
# by being a member of the same group that Cyrus uses for the mail storage
# area, since address verification doesn't do setuid() stuff:
  require_files = IMAP_MAIL_BASE/${length_1::$local_part}/user/${tr{$local_part}{.}{^}}
# that has a restriction that the main usercode can't contain a space or a '/'


### Transports

imap_inject:
driver = lmtp
socket = IMAP_LMTP_SOCKETPATH
envelope_to_add
user = cyrus
group = cyrus
rcpt_include_affixes
headers_remove = "lines"
headers_add = "Lines: $body_linecount"

----------------------------8< cut here >8------------------------------

with appropriate definitions of the macros for IMAP_MAIL_BASE and
IMAP_LMTP_SOCKETPATH. Note that the :: after "${length_1" is because
require_files takes a list of files, colon-separated, so the colon is
doubled to pass through to the individual item. It would probably be
clearer to write:

require_files = <; IMAP_MAIL_BASE/${length_1:$local_part}/user/${tr{$local_part}{.}{^}}

instead.

Oh, and I don't guarantee that I'm doing all the transformations needed
to work in the directory mapping, especially in the event of non-ASCII
characters encountered. This whole approach is Evil and Wrong because
it violates the encapsulation that is provided by Cyrus. If you can
instead verify that the recipient exists as a key in LDAP or your SASL
DB or whatever, that would be cleaner; I do it this way since I'm also
doing magic on various list addresses.

But if your accounts aren't local users, aren't in LDAP or some other
place that's convenient to look up, Evil and Wrong may suffice.

-Phil