Differences between version 65 and predecessor to the previous major change of EximNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 65 | Last edited on Wednesday, August 23, 2006 4:18:00 pm | by CraigBox | Revert |
| Older page: | version 64 | Last edited on Friday, July 28, 2006 10:48:45 am | by CraigBox | Revert |
@@ -423,16 +423,58 @@
*** Error in setting up pipe, file, or autoreply:
file_transport unset in system_aliases router
</verbatim>
-There is a macro defined for the file_transport router, but its unset by default. To allow this behaivour, add to the bottom of
your /etc/exim4/conf.d/main/02_exim4-config_options.rul:
+There is a macro defined for the file_transport router, but its unset by default. To allow this behaivour, add this macro
to either
your /etc/exim4/conf.d/main/02_exim4-config_options.rul, or a local macros filw, such as /etc/exim4/conf.d/main/000_local_macros
:
<verbatim>
# allow writing to files in system aliases (potentially bad!)
-.ifndef SYSTEM_ALIASES_FILE_TRANSPORT
SYSTEM_ALIASES_FILE_TRANSPORT = address_file
-.endif
</verbatim>
A better answer is changing the destination using the [redirect router alias|http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch22.html#SECTspecitredli] <tt>:blackhole:</tt>.
+
+!!! Allow connections to the submission port (587) and the smtps port (465)
+
+SMTPS is easy, since 4.43:
+
+<pre>
+# wlug: listen on 25 (smtp), 465 (ssmtp for Outlook)
+daemon_smtp_port = 25:465
+tls_on_connect_ports = 465
+</pre>
+
+in your <tt>main</tt> section. Between 4.03 and 4.43, you can use [the -tls-on-connect command line parameter|http://exim.netmirror.org/exim-html-4.40/doc/html/FAQ_17.html#TOC322].
+
+587 is harder, because the rules are "either SMTP AUTH or SSL". [An Exim SSL/TLS recipe|http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20030210/msg00257.html] was posted to the list, which suggests (updated):
+
+<pre>
+# wlug: listen on 25 (smtp), 465 (ssmtp for Outlook) and 587 (submission)
+daemon_smtp_port = 25:465:587
+
+# uncomment to only allow auth if you're on by SSL
+# auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
+
+tls_advertise_hosts = *
+tls_try_verify_hosts = ${if eq{$interface_port}{587}{*}{}}
+tls_certificate = /etc/exim4/server-cert.pem
+tls_privatekey = /etc/exim4/server-key.pem
+tls_verify_certificates = /etc/exim/CA-file.pem
+</pre>
+
+..and in your RCPT ACL (near the top):
+
+<pre>
+ accept authenticated = *
+ encrypted = *
+
+ accept encrypted = *
+ verify = certificate
+
+ accept condition = ${if eq{$interface_port}{587}{1}{0}}
+ endpass
+ message = SMTP AUTH or client SSL certificate required for port 587
+ authenticated = *
+</pre>
+
----
Part of CategoryMailNotes
