Re: [exim] Some LDA questions

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Фадеев Виталий Львович
CC: exim-users
Subject: Re: [exim] Some LDA questions
On Wed, Feb 12, 2014 at 8:26 PM, Фадеев Виталий Львович <fvl@???> wrote:
> Hi there!
> I have been setuped exim and dovecot.
> Exim uses dovecot-lda to deliver mails to mailbox.
>
> All works, but in headers of example message:
>
> Return-path: <"vitalyf@???>


The Return-Path header is generated from the Sender value. More on
that in a bit...

> Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77])
> by host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128)


"esmtpsa" as reported by Exim literally means Extended SMTP Secure
Authenticated. So that means you are using SMTP Auth, referred to in
Exim as "submission" mode.

> (envelope-from <"vitalyf@???>)
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0


This tells me that your MUA software (Thunderbird as indicated in the
headers) identified itself as user vitalyf@???. Exim, in standard
submission mode will append @hostname to that submitted username
because in olden days, the user that was submitted was a bare
username, not a full email address.

> Sender: "vitalyf@???


And this header is further evidence of this Sender value that is being
generated by Exim.

> I do not want to show host.aaa.com in headers. How can i disable this so headers looks like this:
> Return-path: <vitalyf@???> Which configuration i need to show you?


You likely have this somewhere in your RCPT acl:

  accept  authenticated  = *
          control        = submission
          control        = dkim_disable_verify
          add_header     = X-Authenticated-Sender: ${sender_address}


My suggestion is that you change it to this:

  accept  authenticated  = *
          control        = submission/sender_retain
          control        = dkim_disable_verify
          add_header     = X-Authenticated-Sender: ${sender_address}


Why is this? The docs at
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-message_processing.html
have this to say about it:

"By default, submission mode forces the return path to the same
address as is used to create the Sender: header. However, if
sender_retain is specified, the return path is also left unchanged. "

"Note: Whenever a Sender: header line is created, the return path for
the message (the envelope sender address) is changed to be the same
address, except in the case of submission mode when sender_retain is
specified. "

One last comment that I don't really like about this mode is a side effect:

"Specifying sender_retain has the effect of setting
local_sender_retain true and local_from_check false for the current
incoming message. The first of these allows an existing Sender: header
in the message to remain, and the second suppresses the check to
ensure that From: matches the authenticated sender. With this setting,
Exim still fixes up messages by adding Date: and Message-ID: header
lines if they are missing, but makes no attempt to check sender
authenticity in header lines. "

Basically all of that chapter (Chapter 46) in the exim doc link above
is worth reading as it provides a great amount of detail about
submission mode and how exim treats messages differently from your
standard transit processing (relaying mode, which includes local
delivery).

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine