Re: [exim] SOLVED - Re: verify = recipient, using virtual do…

Top Page
Delete this message
Reply to this message
Author: Phillip Carroll
Date:  
To: Exim-users
Subject: Re: [exim] SOLVED - Re: verify = recipient, using virtual domains, rejects all local recipients
Todd, Lena,

Todd Lyons wrote:
> Any chance you can show us the directories all the way from / up to
> /etc/virtuals/$domain/aliases, and the file aliases as well?


Lena wrote:
> Directories (folders) need to have 755 permissions instead of 644.


Bingo! By focusing my attention on the aliases files, and their
permissions, I had heretofore managed to overlook the fact that some of
the "$domain" directories that hold those files had 744 permissions.
(All of the other directories on the path had 755 permissions.) After
changing the permissions to 755, the -bv test cases now work on the
files in their previously normal location.

I wrote:
> ...know even less about *nix than I ever thought I did.


Actually, it seems it wasn't my knowledge lacking so much as attention
to ALL the details. (Senior lapses?) Thank you both for restoring my sanity.

My latest configuration now has the following verify statements in the
RCPT acl:
>   require message = Unknown recipient $local_part
>           hosts = ! +relay_from_hosts
>           domains = +local_domains
>           verify = recipient/success_on_redirect


I have also rewritten the entire set of exim routers for both efficiency
and readability. If you see something I could improve, I would
appreciate any advice:
> begin routers
>
> # -------------------------
> dnslookup:
> # -------------------------
> driver = dnslookup
> #run this router only for mail addressed to outside domains.
> domains = ! +local_domains
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> transport = remote_smtp
> no_more
>
> # -------------------------
> verify_system_aliases:
> # -------------------------
> driver = redirect
> allow_fail
> allow_defer
> verify_only
> verify_recipient
> domains = +virtual_domains
> data = ${lookup{$local_part} lsearch {/etc/aliases}}
>
> # -------------------------
> verify_virtual_domain__aliases:
> # -------------------------
> driver = redirect
> allow_fail
> allow_defer
> verify_only
> verify_recipient
> domains = +virtual_domains
> require_files = VIRTUALS
> data = ${lookup{$local_part} lsearch {VIRTUALS}}
>
> # -------------------------
> route_system_aliases:
> # -------------------------
> driver = redirect
> no_verify
> allow_fail
> allow_defer
> domains = +virtual_domains
> data = ${lookup{$local_part} lsearch {/etc/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
> #
>
> # -------------------------
> route_virtual_domain_aliases:
> # -------------------------
> driver = redirect
> no_verify
> allow_defer
> allow_fail
> domains = +virtual_domains
> require_files = VIRTUALS
> data = ${lookup{$local_part} lsearch* {VIRTUALS}}
> file_transport = address_file
> group = mail
> pipe_transport = virtual_address_pipe
> retry_use_local_part
> # -------------------------
>
> # -------------------------
> route_local_users:
> # -------------------------
> driver = accept
> check_local_user
> transport = local_delivery
> cannot_route_message = Unknown user






On 10/30/2014 5:44 AM, Todd Lyons wrote:
> On Wed, Oct 29, 2014 at 3:41 PM, Phillip Carroll
> <postmaster@???> wrote:
>> require_files = VIRTUALS
>> ...where in the main configuration, the macro was defined as
>> VIRTUALS = /etc/virtuals/$domain/aliases
>>
>> When this change was tested, the require_files statement produced a
>> permissions failure when the router was run in verify mode! (I presume this
>> permissions failure is also what caused exists{file} to return false,
>> although the debug output does not reveal this.)
>>
>> I don't understand the reason for the permissions failure. /etc/virtuals,
>> and all descendants, are owned by user "mail". User exim is a member of the
>> "mail" group. All of the folders, and all of the aliases files have 644
>> permissions, which means they are both group readable and world readable by
>> user exim. If not, then I know even less about *nix than I ever thought I
>> did.
>
> Any chance you can show us the directories all the way from / up to
> /etc/virtuals/$domain/aliases, and the file aliases as well? You can
> obfuscate the domain, that's fine. I just want to see the permissions
> and ownership of each directory up to and including the aliases file.
>
> ...Todd
>