Differences between version 66 and revision by previous author of EximNotes.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
Newer page: | version 66 | Last edited on Wednesday, August 23, 2006 5:58:00 pm | by CraigBox | Revert |
Older page: | version 61 | Last edited on Friday, December 16, 2005 7:16:11 am | by JohnMcPherson | Revert |
@@ -1,7 +1,7 @@
-!!! Careful
about editing the configuration
+!!! Be careful
about editing the configuration
-Since [Exim] (version 3) rereads its configuration on every delivery attempt, it is unadvisable to edit a live configuration file.
+Since [Exim] (version 3) rereads its configuration on every delivery attempt, it is unadvisable to edit a live configuration file. If you're using [Debian] and 4.x, the config it uses isn't the one you edit (it gets generated on init-script-reload), so you're OK
.
!!! Removing all frozen messages in an [Exim] queue
Lots of bounce messages to fake [Email] addresses from spam?
@@ -105,9 +105,8 @@
query = "ldap://127.0.0.1/ou=Aliases,o=$domain,ou=Domains,BASEDN?mailAlias?sub?cn=$local_part"
</verbatim>
but there are probably other ways of doing this too :)
-
!!! Delivering to [Cyrus]21 from [Exim] 3.3 ([Woody])
The mighty Cuchulain's config:
@@ -160,12 +159,20 @@
cyrus_ltcp:
debug_print = "T: cyrus_ltcp for $local_part@$domain"
driver = smtp
protocol = lmtp
- hosts = carbon.meta.net.nz
+ hosts = localhost
allow_localhost
</verbatim>
+!!! LMTP callbacks
+
+Another thing you can do with Exim and Cyrus-IMAP integration is described at [Cyrus Imap page of Exim Wiki | http://www.exim.org/eximwiki/CyrusImap]. It allows Cyrus to check the existence of mailboxes *before* replying to "RCPT TO:" or "MAIL FROM:". Exim does not have to send back bounces in reply to
+"dictionary recipient" spam.
+
+It is best suited for integration with [Cyrus-IMAP virtual domains | http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html].
+
+See also [LMTPNotes].
!!! Using MailDir format instead of [MBox]
This is for version 3.35 (the version with [Debian] [Woody]).
@@ -294,24 +301,8 @@
!!! Testing a new transport on a live system
<tt>prefix = test-</tt> is your friend
-
-!!! See also
-
-* EximSmtpAuth
-* EximFilter
-* [INBOX Autocreate Cyrus Patch | http://email.uoa.gr/projects/cyrus/autocreate/]
-
-!!! Alternative Method
-
-Another method of Exim and Cyrus-IMAP integration is described at [Exim and LMTP callouts to Cyrus | http://anfi.homeunix.net/exim/rtvcyrus.html]. It allows cyrus to check existence of cyrus mailbox
-*before* replying to "RCPT TO:" or "MAIL FROM:". Exim does not have to send back bounces in reply to
-"dictionary recipient" spam.
-
-It is best suited for integration with [Cyrus-IMAP virtual domains | http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html].
-
-The method is also described in [Cyrus Imap page of Exim Wiki | http://www.exim.org/eximwiki/CyrusImap]
!!! Implementing [SPF] in [Exim] 4 using [exiscan-acl | http://duncanthrax.net/exiscan-acl/]
Section 8 of the [exiscan-acl patch documentation | http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt] explains how to do it if you've compiled [SPF] into [Exim]. Otherwise, you can do so so via the [Mail::SPF::Query | http://search.cpan.org/dist/Mail-SPF-Query/] [Perl] module. [Appending A.7 | http://slett.net/spam-filtering-for-mx/exim-spf.html] of [Spam Filtering for Mail Exchangers | http://slett.net/spam-filtering-for-mx/] shows both approaches.
@@ -411,7 +402,76 @@
)
</verbatim>
One issue I found was that I wasn't able to query the whole forest using port 389. I needed to use port 3268 (GC). If you're having problems, there's a high chance you haven't got the DN correct. Use adsiedit to check (found in the Windows Support Tools). More information can be found at http://www.exim.org/eximwiki/MsExchangeAddressVerification.
+
+!!! /dev/null or other file alias doesn't work (Exim 4.5)
+
+<verbatim>
+root@firewall.tla:/etc # exim4 -bv -v junk@firewall.tla
+R: spam_redirect for firewall.tla
+R: system_aliases for junk@firewall.tla
+junk@firewall.tla -> /dev/null
+*** Error in setting up pipe, file, or autoreply:
+file_transport unset in system_aliases router
+</verbatim>
+
+There is a macro defined for the file_transport router, but its unset by default. To allow this behaivour, add this macro to either your /etc/exim4/conf.d/main/02_exim4-config_options.rul, or a local macros filw, such as /etc/exim4/conf.d/main/000_local_macros:
+<verbatim>
+# allow writing to files in system aliases (potentially bad!)
+SYSTEM_ALIASES_FILE_TRANSPORT = address_file
+</verbatim>
+
+A better answer is changing the destination using the [redirect router alias|http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch22.html#SECTspecitredli] <tt>:blackhole:</tt>.
+
+!!! Allow connections to the submission port (587) and the smtps port (465)
+
+SMTPS is easy, since 4.43:
+
+<pre>
+# wlug: listen on 25 (smtp), 465 (ssmtp for Outlook)
+daemon_smtp_port = 25:465
+tls_on_connect_ports = 465
+</pre>
+
+in your <tt>main</tt> section. Between 4.03 and 4.43, you can use [the -tls-on-connect command line parameter|http://exim.netmirror.org/exim-html-4.40/doc/html/FAQ_17.html#TOC322].
+
+587 is harder, because the rules are "either SMTP AUTH or SSL". [An Exim SSL/TLS recipe|http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20030210/msg00257.html] was posted to the list, which suggests (updated):
+
+<pre>
+# wlug: listen on 25 (smtp), 465 (ssmtp for Outlook) and 587 (submission)
+daemon_smtp_port = 25:465:587
+
+# uncomment to only allow auth if you're on by SSL
+# auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
+
+tls_advertise_hosts = *
+tls_try_verify_hosts = ${if eq{$interface_port}{587}{*}{}}
+tls_certificate = /etc/exim4/server-cert.pem
+tls_privatekey = /etc/exim4/server-key.pem
+tls_verify_certificates = /etc/exim/CA-file.pem
+</pre>
+
+..and in your RCPT ACL (near the top):
+
+<pre>
+ accept authenticated = *
+ encrypted = *
+
+ accept encrypted = *
+ verify = certificate
+
+ accept condition = ${if eq{$interface_port}{587}{1}{0}}
+ endpass
+ message = SMTP AUTH or client SSL certificate required for port 587
+ authenticated = *
+</pre>
+
+
+!!! See also
+
+* EximSmtpAuth
+* EximFilter
+* [INBOX Autocreate Cyrus Patch | http://email.uoa.gr/projects/cyrus/autocreate/]
----
Part of CategoryMailNotes