Gentoo Archives: gentoo-user

From: Sergey Kobzar <tod.zullu@×××××.com>
To: gentoo-user@l.g.o
Subject: Re[6]: [gentoo-user] OT - Exim question
Date: Fri, 14 Mar 2008 09:25:21
Message-Id: 262295639.20080314112518@gmail.com
In Reply to: Re: Re[4]: [gentoo-user] OT - Exim question by Michael Sullivan
1 Hi Michael,
2
3 See comments below.
4
5
6 > Here's the config. I think I have my sed command correct to remove the
7 > commented lines from the listing:
8
9 > baby ~ # cat /etc/exim/exim.conf | sed /#/d
10 > domainlist local_domains = @ : espersunited.com :
11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Did you really spit domainlist on few
12 lines w/o backslashes at the end of each line or it's your MUA?
13
14
15 > baby.espersunited.com : localhost : localdomain :
16 > camille.espersunited.com : catherine.espersunited.com : camille :
17 > catherine
18
19 Did you really spit domainlist on few lines w/o backslashes at the
20 end of each line or it's your MUA?
21
22
23 > domainlist relay_to_domains =
24 > hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.2 : 192.168.1.3 :
25 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Same as domainlist local_domains above
26
27 > 192.168.1.4 : 192.168.0.2 192.168.1.100
28 > acl_smtp_rcpt = acl_check_rcpt
29 > acl_smtp_data = acl_check_data
30 > acl_smtp_mime = acl_check_mime
31 > av_scanner = clamd:/tmp/clamd
32 > spamd_address = 127.0.0.1 783
33 > qualify_domain = espersunited.com
34 > never_users = root
35 > host_lookup = *
36 ^^^^^^^^^^^^^^^^^^ - try change it to something like:
37 host_lookup = !192.168.0.0/24: !192.168.1.0/24
38
39
40 > rfc1413_hosts = *
41 > rfc1413_query_timeout = 5s
42 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ you can freely set it to 0s
43
44
45 > sender_unqualified_hosts = baby.espersunited.com :
46 ^^^^^^^^^^^^^^^^^^^^^^^^^^ - usually you don't need this in case of
47 correct MUA settings.
48
49
50 > camille.espersunited.com : catherine.espersunited.com :
51 > localhost.localdomain
52 > recipient_unqualified_hosts = baby.espersunited.com :
53 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - same as for sender_unqualified_hosts
54
55 > camille.espersunited.com : catherine.espersunited.com :
56 > localhost.localdomain
57 > ignore_bounce_errors_after = 2d
58 > timeout_frozen_after = 7d
59 > begin acl
60 > acl_check_rcpt:
61 > accept hosts = :
62 > deny message = Restricted characters in address
63 > domains = +local_domains
64 > local_parts = ^[.] : ^.*[@%!/|]
65
66
67 > deny message = Restricted characters in address
68 > domains = !+local_domains
69 > local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
70
71
72 > accept local_parts = postmaster
73 > domains = +local_domains
74
75
76 > require verify = sender
77 ^^^^^^^^^^^^^^^^^^ - are you sure you really need this in your case?
78 :)
79
80
81 > accept hosts = +relay_from_hosts
82 > control = submission
83
84
85 > accept authenticated = *
86 > control = submission
87
88
89 > require message = relay not permitted
90 > domains = +local_domains : +relay_to_domains
91
92
93 > require verify = recipient
94 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - this does not work as expected. Use
95 something like 'require verify = recipient/callout=60s,defer_ok'.
96
97
98
99 > accept
100
101
102
103
104 > acl_check_data:
105
106
107 >
108
109
110
111 > warn message = X-SpamScore: $spam_score ($spam_bar)
112 > spam = nobody:true
113 > warn message = X-SpamReport: $spam_report
114 > spam = nobody:true
115 > warn message = X-Spam-Flag: ${if \
116 > >{$spam_score_int}{58}{Almost Certainly}\
117 > {${if >{$spam_score_int}{55}{Probably}\
118 > {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\
119 > }}}}}
120 > spam = nobody
121 > warn message = Subject: [*SPAM*] $h_Subject ${if \
122 > >{$spam_score_int}{58}{Almost Certainly}\
123 > {${if >{$spam_score_int}{55}{Probably}\
124 > {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\
125 > }}}}}
126 > spam = nobody
127
128 > deny message = Rejected: spam score $spam_score
129 > spam = nobody:true
130 > condition = ${if >{$spam_score_int}{60}{1}{0}}
131
132 Worth to set message size limit here for spam checking.
133
134
135 > accept
136
137 > acl_check_mime:
138 > warn decode = default
139
140 > deny message = Blacklisted file extension detected
141 > condition = ${if match \
142 > {${lc:$mime_filename}} \
143 > {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|.vbs)$\N} \
144 > {1}{0}}
145
146 > accept
147 > acl_check_content:
148 > deny message = Serious MIME defect detected ($demime_reason)
149 > demime = *
150 > condition = ${if >{$demime_errorlevel}{2}{1}{0}}
151
152 > deny message = This message contains malware ($malware_name)
153 > malware = *
154
155 > warn message = X-Spam-Score: $spam_score ($spam_bar)
156 > spam = nobody:true
157 > warn message = X-Spam-Report: $spam_report
158 > spam = nobody:true
159
160 > warn message = Subject: [*SPAM*] $h_Subject
161 > spam = nobody
162
163 > deny message = This message scored $spam_score points.
164 > Congratulations!
165 > spam = nobody:true
166 > condition = ${if >{$spam_score_int}{50}{1}{0}}
167
168 Why do you check message for spam twice? %)
169
170
171 > accept
172
173
174
175 > begin routers
176
177
178
179
180
181 > dnslookup:
182 > driver = dnslookup
183 > domains = ! +local_domains
184 > transport = remote_smtp
185 > ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
186 > no_more
187
188
189
190
191
192 > system_aliases:
193 > driver = redirect
194 > allow_fail
195 > allow_defer
196 > data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
197 > file_transport = address_file
198 > pipe_transport = address_pipe
199
200
201
202
203
204
205
206 > userforward:
207 > driver = redirect
208 > check_local_user
209 > file = $home/.forward
210 > no_verify
211 > no_expn
212 > check_ancestor
213 > file_transport = address_file
214 > pipe_transport = address_pipe
215 > reply_transport = address_reply
216
217
218
219
220 > localuser:
221 > driver = accept
222 > check_local_user
223 > transport = local_delivery
224 > cannot_route_message = Unknown user
225
226
227
228
229
230 > begin transports
231
232
233
234 > remote_smtp:
235 > driver = smtp
236
237
238
239 > local_delivery:
240 > driver = appendfile
241 > directory = /home/$local_part/.maildir
242 > maildir_format
243 > delivery_date_add
244 > envelope_to_add
245 > return_path_add
246
247
248
249 > address_pipe:
250 > driver = pipe
251 > return_output
252
253
254
255 > address_file:
256 > driver = appendfile
257 > delivery_date_add
258 > envelope_to_add
259 > return_path_add
260
261
262
263 > address_reply:
264 > driver = autoreply
265
266
267 > begin retry
268
269
270 > * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
271
272
273 > begin rewrite
274
275
276 > begin authenticators
277
278
279 > I'm not quite sure how to word the host_lookup option. I'm not sure how
280 > to tell it not to do host lookups for my network and subnetwork, but
281 > still do lookups for everyone else...
282
283 See above.
284
285 http://exim.org/exim-html-current/doc/html/spec_html/index.html - one
286 of the reasons why I like Exim very much :)
287
288
289
290 --
291 Sergey
292
293 --
294 gentoo-user@l.g.o mailing list