Differences between version 55 and predecessor to the previous major change of EximNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 55 | Last edited on Thursday, March 24, 2005 10:20:38 am | by GreigMcGill | Revert |
Older page: | version 53 | Last edited on Monday, March 21, 2005 12:26:30 am | by PilLe | Revert |
@@ -288,7 +288,79 @@
http://www.meini.org/spf/ contains [Debian] [Package]s for the [Mail::SPF::Query | http://search.cpan.org/dist/Mail-SPF-Query/] and [Net::CIDR::Lite | http://search.cpan.org/dist/Net-CIDR-Lite/] modules and for [libspf | http://www.libspf.org/]. The packaged libspf version is pretty old though, you might consider installing from SourceCode. You'll also need [Net::DNS | http://search.cpan.org/dist/Net-DNS/], for which a [Debian] package can be found at [http://www.proesdorf.de/debian/].
Alternatively you could use [Evan's deb packages|http://evanjones.ca/software/libspf-alt-debian.html] but the newer code of [libspf2|http://libspf2.org/download.html] and build some new libspf2 packages.
+
+!!! Useful Exim4 Mail Proxy tweaks.
+
+If you have Exim4 configured as a mail proxy in front of, say, MS Exchange, or another Active Directory based email server, you may find the following useful to either limit spam, or transition from a "catchall" domain setup. Note that these two configurations are mutually exclusive.
+
+This first config fragment provides the ability to reject nonexistent email addresses at SMTP time.
+
+This first stanza belongs in the main configuration, and simply defines the LDAP lookup macro.
+You will need to create the "MTA Auth" user in AD. Copy Guest and enable it.
+Don't forget to set the IP address of the AD server correctly.
+
+Note that port 3268 is used. AD geeks will recognise this as the Global Catalog port, and means you are asking the AD Forest, rather than just a particular server. If you don't want this, or your server isn't a GC server, just use port 389.
+
+<verbatim>
+
+ITP_LDAP_AD_MAIL_RCPT = \
+ user="CN=MTA\ Auth,CN=Users,DC=site,DC=example,DC=co,DC=nz" \
+ pass=gand4lf \
+ ldap://10.7.31.10:3268/DC=site,DC=example,DC=co,DC=nz\
+ ?mail?sub?\
+ (&\
+ (objectClass=*)\
+ (proxyAddresses=SMTP:${quote_ldap:${local_part}@${domain}})\
+ )
+</verbatim>
+
+This belongs as the first router in the routers section.
+Change the domains to match ALL domains we accept mail for.
+
+<verbatim>
+
+adsi_itp_check:
+ driver = redirect
+ domains = *example.co.nz
+ allow_fail
+ allow_defer
+ forbid_file
+ forbid_pipe
+ redirect_router = spam_redirect
+ data = ${lookup ldap {ITP_LDAP_AD_MAIL_RCPT}\
+ {${local_part}@${domain}}{:fail: User unknown}}
+</verbatim>
+
+The second fragment provides a "catchall" function for a domain. If an email address is not defined within a site, mail will be accepted and routed to the provided address (catchall@example.co.nz in this case). Please do not use this except as a transitory measure, as catchalls are inherently bad IMHO.
+
+First, the lookup macro, as before.
+
+<verbatim>
+
+ITP_LDAP_AD_MAIL_RCPT = \
+ user="CN=MTA\ Auth,CN=Users,DC=site,DC=example,DC=co,DC=nz" \
+ pass=gand4lf \
+ ldap://10.7.31.10:3268/DC=site,DC=example,DC=co,DC=nz\
+ ?mail?sub?\
+ (&\
+ (objectClass=*)\
+ (proxyAddresses=SMTP:${quote_ldap:${local_part}@${domain}})\
+ )
+</verbatim>
+
+Now the catchall router:
+
+<verbatim>
+
+adsi_itp_catchall:
+ driver = redirect
+ domains = *example.co.nz
+ redirect_router = spam_redirect
+ condition = ${if eq{${lookup ldap {ITP_LDAP_AD_MAIL_RCPT}{${local_part}@${domain}}}}{} {yes}{no}}
+ data = catchall@example.co.nz
+</verbatim>
+
----
Part of CategoryMailNotes