Re[6]: [gentoo-user] OT - Exim question - gentoo-user

From:	Sergey Kobzar <tod.zullu@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re[6]: [gentoo-user] OT - Exim question
Date:	Fri, 14 Mar 2008 09:25:21
Message-Id:	`262295639.20080314112518@gmail.com`
In Reply to:	Re: Re[4]: [gentoo-user] OT - Exim question by Michael Sullivan

1

Hi Michael,

2

3

See comments below.

4

5

6

> Here's the config.  I think I have my sed command correct to remove the

7

> commented lines from the listing:

8

9

> baby ~ # cat /etc/exim/exim.conf | sed /#/d

10

> domainlist local_domains = @ : espersunited.com :

11

^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Did you really spit domainlist on few

12

lines w/o backslashes at the end of each line or it's your MUA?

13

14

15

> baby.espersunited.com : localhost : localdomain :

16

> camille.espersunited.com : catherine.espersunited.com : camille :

17

> catherine

18

19

Did you really spit domainlist on few lines w/o backslashes at the

20

end of each line or it's your MUA?

21

22

23

> domainlist relay_to_domains =

24

> hostlist   relay_from_hosts = 127.0.0.1 : 192.168.1.2 : 192.168.1.3 :

25

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Same as domainlist local_domains above

26

27

> 192.168.1.4 : 192.168.0.2 192.168.1.100

28

> acl_smtp_rcpt = acl_check_rcpt

29

> acl_smtp_data = acl_check_data

30

> acl_smtp_mime = acl_check_mime

31

> av_scanner = clamd:/tmp/clamd

32

> spamd_address = 127.0.0.1 783

33

> qualify_domain = espersunited.com

34

> never_users = root

35

> host_lookup = *

36

^^^^^^^^^^^^^^^^^^ - try change it to something like:

37

host_lookup = !192.168.0.0/24: !192.168.1.0/24

38

39

40

> rfc1413_hosts = *

41

> rfc1413_query_timeout = 5s

42

^^^^^^^^^^^^^^^^^^^^^^^^^^^^ you can freely set it to 0s

43

44

45

> sender_unqualified_hosts = baby.espersunited.com :

46

^^^^^^^^^^^^^^^^^^^^^^^^^^ - usually you don't need this in case of

47

correct MUA settings.

48

49

50

> camille.espersunited.com : catherine.espersunited.com :

51

> localhost.localdomain

52

> recipient_unqualified_hosts = baby.espersunited.com :

53

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - same as for sender_unqualified_hosts

54

55

> camille.espersunited.com : catherine.espersunited.com :

56

> localhost.localdomain

57

> ignore_bounce_errors_after = 2d

58

> timeout_frozen_after = 7d

59

> begin acl

60

> acl_check_rcpt:

61

>   accept  hosts = :

62

>   deny    message       = Restricted characters in address

63

>          domains       = +local_domains

64

>           local_parts   = ^[.] : ^.*[@%!/|]

65

66

67

>   deny    message       = Restricted characters in address

68

>           domains       = !+local_domains

69

>           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

70

71

72

>   accept  local_parts   = postmaster

73

>           domains       = +local_domains

74

75

76

>   require verify        = sender

77

^^^^^^^^^^^^^^^^^^ - are you sure you really need this in your case?

78

:)

79

80

81

>   accept  hosts         = +relay_from_hosts

82

>           control       = submission

83

84

85

>   accept  authenticated = *

86

>           control       = submission

87

88

89

>   require message = relay not permitted

90

>           domains = +local_domains : +relay_to_domains

91

92

93

>   require verify = recipient

94

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - this does not work as expected. Use

95

something like 'require verify = recipient/callout=60s,defer_ok'.

>   accept

> acl_check_data:

105

106

107

>

> warn    message    = X-SpamScore: $spam_score ($spam_bar)

112

>         spam       = nobody:true

113

> warn    message    = X-SpamReport: $spam_report

114

>         spam       = nobody:true

115

> warn    message    = X-Spam-Flag: ${if \

116

>                      >{$spam_score_int}{58}{Almost Certainly}\

117

>                      {${if >{$spam_score_int}{55}{Probably}\

118

>                      {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\

119

>                      }}}}}

120

>         spam       = nobody

121

> warn message = Subject: [*SPAM*] $h_Subject ${if \

122

>                      >{$spam_score_int}{58}{Almost Certainly}\

123

>                      {${if >{$spam_score_int}{55}{Probably}\

124

>                      {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\

125

>                      }}}}}

126

>         spam       = nobody

127

128

> deny    message    = Rejected: spam score $spam_score

129

>         spam       = nobody:true

130

>         condition  = ${if >{$spam_score_int}{60}{1}{0}}

131

132

Worth to set message size limit here for spam checking.

133

134

135

> accept

136

137

> acl_check_mime:

138

>    warn decode = default

139

140

>    deny message = Blacklisted file extension detected

141

>    condition = ${if match \

142

>        {${lc:$mime_filename}} \

143

>        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|.vbs)$\N} \

144

>        {1}{0}}

145

146

>    accept

147

> acl_check_content:

148

>    deny  message = Serious MIME defect detected ($demime_reason)

149

>    demime = *

150

>    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

151

152

>    deny  message = This message contains malware ($malware_name)

153

>    malware = *

154

155

>    warn  message = X-Spam-Score: $spam_score ($spam_bar)

156

>    spam = nobody:true

157

>    warn  message = X-Spam-Report: $spam_report

158

>    spam = nobody:true

159

160

>    warn message = Subject: [*SPAM*] $h_Subject

161

>    spam = nobody

162

163

>    deny  message = This message scored $spam_score points.

164

> Congratulations!

165

>    spam = nobody:true

166

>    condition = ${if >{$spam_score_int}{50}{1}{0}}

167

168

Why do you check message for spam twice? %)

169

170

171

>    accept

> begin routers

> dnslookup:

182

>   driver = dnslookup

183

>   domains = ! +local_domains

184

>   transport = remote_smtp

185

>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

186

>   no_more

> system_aliases:

193

>   driver = redirect

194

>   allow_fail

195

>   allow_defer

196

>   data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}

197

>   file_transport = address_file

198

>   pipe_transport = address_pipe

> userforward:

207

>   driver = redirect

208

>   check_local_user

209

>   file = $home/.forward

210

>   no_verify

211

>   no_expn

212

>   check_ancestor

213

>   file_transport = address_file

214

>   pipe_transport = address_pipe

215

>   reply_transport = address_reply

> localuser:

221

>   driver = accept

222

>   check_local_user

223

>   transport = local_delivery

224

>   cannot_route_message = Unknown user

> begin transports

> remote_smtp:

235

>   driver = smtp

> local_delivery:

240

>   driver = appendfile

241

>   directory = /home/$local_part/.maildir

242

>   maildir_format

243

>   delivery_date_add

244

>   envelope_to_add

245

>   return_path_add

> address_pipe:

250

>   driver = pipe

251

>   return_output

> address_file:

256

>   driver = appendfile

257

>   delivery_date_add

258

>   envelope_to_add

259

>   return_path_add

> address_reply:

264

>   driver = autoreply

265

266

267

> begin retry

268

269

270

> *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

271

272

273

> begin rewrite

274

275

276

> begin authenticators

277

278

279

> I'm not quite sure how to word the host_lookup option.  I'm not sure how

280

> to tell it not to do host lookups for my network and subnetwork, but

281

> still do lookups for everyone else...

282

283

See above.

284

285

http://exim.org/exim-html-current/doc/html/spec_html/index.html - one

286

of the reasons why I like Exim very much :)

--

291

Sergey

292

293

--

294

gentoo-user@l.g.o mailing list

1	Hi Michael,
2
3	See comments below.
4
5
6	> Here's the config. I think I have my sed command correct to remove the
7	> commented lines from the listing:
8
9	> baby ~ # cat /etc/exim/exim.conf \| sed /#/d
10	> domainlist local_domains = @ : espersunited.com :
11	^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Did you really spit domainlist on few
12	lines w/o backslashes at the end of each line or it's your MUA?
13
14
15	> baby.espersunited.com : localhost : localdomain :
16	> camille.espersunited.com : catherine.espersunited.com : camille :
17	> catherine
18
19	Did you really spit domainlist on few lines w/o backslashes at the
20	end of each line or it's your MUA?
21
22
23	> domainlist relay_to_domains =
24	> hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.2 : 192.168.1.3 :
25	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Same as domainlist local_domains above
26
27	> 192.168.1.4 : 192.168.0.2 192.168.1.100
28	> acl_smtp_rcpt = acl_check_rcpt
29	> acl_smtp_data = acl_check_data
30	> acl_smtp_mime = acl_check_mime
31	> av_scanner = clamd:/tmp/clamd
32	> spamd_address = 127.0.0.1 783
33	> qualify_domain = espersunited.com
34	> never_users = root
35	> host_lookup = *
36	^^^^^^^^^^^^^^^^^^ - try change it to something like:
37	host_lookup = !192.168.0.0/24: !192.168.1.0/24
38
39
40	> rfc1413_hosts = *
41	> rfc1413_query_timeout = 5s
42	^^^^^^^^^^^^^^^^^^^^^^^^^^^^ you can freely set it to 0s
43
44
45	> sender_unqualified_hosts = baby.espersunited.com :
46	^^^^^^^^^^^^^^^^^^^^^^^^^^ - usually you don't need this in case of
47	correct MUA settings.
48
49
50	> camille.espersunited.com : catherine.espersunited.com :
51	> localhost.localdomain
52	> recipient_unqualified_hosts = baby.espersunited.com :
53	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - same as for sender_unqualified_hosts
54
55	> camille.espersunited.com : catherine.espersunited.com :
56	> localhost.localdomain
57	> ignore_bounce_errors_after = 2d
58	> timeout_frozen_after = 7d
59	> begin acl
60	> acl_check_rcpt:
61	> accept hosts = :
62	> deny message = Restricted characters in address
63	> domains = +local_domains
64	> local_parts = ^[.] : ^.*[@%!/\|]
65
66
67	> deny message = Restricted characters in address
68	> domains = !+local_domains
69	> local_parts = ^[./\|] : ^.[@%!] : ^./\\.\\./
70
71
72	> accept local_parts = postmaster
73	> domains = +local_domains
74
75
76	> require verify = sender
77	^^^^^^^^^^^^^^^^^^ - are you sure you really need this in your case?
78	:)
79
80
81	> accept hosts = +relay_from_hosts
82	> control = submission
83
84
85	> accept authenticated = *
86	> control = submission
87
88
89	> require message = relay not permitted
90	> domains = +local_domains : +relay_to_domains
91
92
93	> require verify = recipient
94	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - this does not work as expected. Use
95	something like 'require verify = recipient/callout=60s,defer_ok'.
96
97
98
99	> accept
100
101
102
103
104	> acl_check_data:
105
106
107	>
108
109
110
111	> warn message = X-SpamScore: $spam_score ($spam_bar)
112	> spam = nobody:true
113	> warn message = X-SpamReport: $spam_report
114	> spam = nobody:true
115	> warn message = X-Spam-Flag: ${if \
116	> >{$spam_score_int}{58}{Almost Certainly}\
117	> {${if >{$spam_score_int}{55}{Probably}\
118	> {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\
119	> }}}}}
120	> spam = nobody
121	> warn message = Subject: [SPAM] $h_Subject ${if \
122	> >{$spam_score_int}{58}{Almost Certainly}\
123	> {${if >{$spam_score_int}{55}{Probably}\
124	> {${if >{$spam_score_int}{50}{Possibly}{Doubtful}\
125	> }}}}}
126	> spam = nobody
127
128	> deny message = Rejected: spam score $spam_score
129	> spam = nobody:true
130	> condition = ${if >{$spam_score_int}{60}{1}{0}}
131
132	Worth to set message size limit here for spam checking.
133
134
135	> accept
136
137	> acl_check_mime:
138	> warn decode = default
139
140	> deny message = Blacklisted file extension detected
141	> condition = ${if match \
142	> {${lc:$mime_filename}} \
143	> {\N(\.exe\|\.pif\|\.bat\|\.scr\|\.lnk\|\.com\|.vbs)$\N} \
144	> {1}{0}}
145
146	> accept
147	> acl_check_content:
148	> deny message = Serious MIME defect detected ($demime_reason)
149	> demime = *
150	> condition = ${if >{$demime_errorlevel}{2}{1}{0}}
151
152	> deny message = This message contains malware ($malware_name)
153	> malware = *
154
155	> warn message = X-Spam-Score: $spam_score ($spam_bar)
156	> spam = nobody:true
157	> warn message = X-Spam-Report: $spam_report
158	> spam = nobody:true
159
160	> warn message = Subject: [SPAM] $h_Subject
161	> spam = nobody
162
163	> deny message = This message scored $spam_score points.
164	> Congratulations!
165	> spam = nobody:true
166	> condition = ${if >{$spam_score_int}{50}{1}{0}}
167
168	Why do you check message for spam twice? %)
169
170
171	> accept
172
173
174
175	> begin routers
176
177
178
179
180
181	> dnslookup:
182	> driver = dnslookup
183	> domains = ! +local_domains
184	> transport = remote_smtp
185	> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
186	> no_more
187
188
189
190
191
192	> system_aliases:
193	> driver = redirect
194	> allow_fail
195	> allow_defer
196	> data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
197	> file_transport = address_file
198	> pipe_transport = address_pipe
199
200
201
202
203
204
205
206	> userforward:
207	> driver = redirect
208	> check_local_user
209	> file = $home/.forward
210	> no_verify
211	> no_expn
212	> check_ancestor
213	> file_transport = address_file
214	> pipe_transport = address_pipe
215	> reply_transport = address_reply
216
217
218
219
220	> localuser:
221	> driver = accept
222	> check_local_user
223	> transport = local_delivery
224	> cannot_route_message = Unknown user
225
226
227
228
229
230	> begin transports
231
232
233
234	> remote_smtp:
235	> driver = smtp
236
237
238
239	> local_delivery:
240	> driver = appendfile
241	> directory = /home/$local_part/.maildir
242	> maildir_format
243	> delivery_date_add
244	> envelope_to_add
245	> return_path_add
246
247
248
249	> address_pipe:
250	> driver = pipe
251	> return_output
252
253
254
255	> address_file:
256	> driver = appendfile
257	> delivery_date_add
258	> envelope_to_add
259	> return_path_add
260
261
262
263	> address_reply:
264	> driver = autoreply
265
266
267	> begin retry
268
269
270	> * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
271
272
273	> begin rewrite
274
275
276	> begin authenticators
277
278
279	> I'm not quite sure how to word the host_lookup option. I'm not sure how
280	> to tell it not to do host lookups for my network and subnetwork, but
281	> still do lookups for everyone else...
282
283	See above.
284
285	http://exim.org/exim-html-current/doc/html/spec_html/index.html - one
286	of the reasons why I like Exim very much :)
287
288
289
290	--
291	Sergey
292
293	--
294	gentoo-user@l.g.o mailing list

Gentoo Archives: gentoo-user