From 06b25c81f94c65d1a7ea5a2aaf8c0be470e998ce Mon Sep 17 00:00:00 2001 From: "root@deleuze.hcoop.net" <> Date: Sat, 27 Jan 2007 04:27:37 -0500 Subject: [PATCH] mwolson: Initial migration of exim4 settings to deleuze * exim4/update-exim4.conf.conf: Set up. Configure dc_visiblename here, which is used to set qualify_domain later on. [other files are relative to exim4/conf.d/] * acl/30_exim4-config_check_rcpt: Add recommended lines from /usr/share/doc/mailman/README.EXIM.gz so that bounce messages get through, even if they are from a malformed address * acl/40_exim4-config_check_data: Use built-in spam checker rather than running email through spamc. This should make the configuration much simpler. * auth/30_exim4-config_examples: Migrate userdb_plain. Disable plain. * main/01_exim4-config_listmacrosdefs: Don't define domains here -- we will do that in a separate file to make things easier for domtool. Add tls_cipher to MAIN_LOG_SELECTOR as per old config. Use file_transport=address_file for /etc/aliases delivery, as per old configuration * main/10_domtool-domains: New file where the domain list will be written to by domtool. * main/20_mailman-macros: Migrate mailman configuration settings here. Use the longer option names for clarity. * router/310_exim4-config_virtual_user: New file that routes mail for hosted domains. From old config. * router/320_exim4-config_mailman: New file that routes mail for mailing lists. From old config. * router/450_exim4-config_default_aliases: New file containing default_aliases rule for various domains; mostly seems to be used by Adam. From old config. * transport/10_exim4-config_mailman: New file containing the transport for mailman lists. From old config. Use the aforementioned longer option names. * transport/40_exim4-config_virtual_delivery: New file containing transport used to deliver mail to virtual mailboxes. From old config. Should we be using a postgresql/mysql database here? It's what most other sites seem to do, according to Google. --- conf.d/acl/30_exim4-config_check_mail | 16 +++++++ conf.d/acl/30_exim4-config_check_rcpt | 16 +++++++ conf.d/acl/40_exim4-config_check_data | 9 ++++ conf.d/auth/30_exim4-config_examples | 44 +++++++++++++------ conf.d/main/01_exim4-config_listmacrosdefs | 25 +++++++---- conf.d/main/20_mailman-macros | 30 +++++++++++++ conf.d/main/90_exim4-config_log_selector | 10 +++++ conf.d/router/310_exim4-config_virtual_user | 6 +++ conf.d/router/320_exim4-config_mailman | 15 +++++++ .../router/450_exim4-config_default_aliases | 24 ++++++++++ conf.d/transport/10_exim4-config_mailman | 13 ++++++ .../40_exim4-config_virtual_delivery | 20 +++++++++ update-exim4.conf.conf | 9 +++- 13 files changed, 212 insertions(+), 25 deletions(-) create mode 100644 conf.d/acl/30_exim4-config_check_mail create mode 100644 conf.d/main/20_mailman-macros create mode 100644 conf.d/main/90_exim4-config_log_selector create mode 100644 conf.d/router/310_exim4-config_virtual_user create mode 100644 conf.d/router/320_exim4-config_mailman create mode 100644 conf.d/router/450_exim4-config_default_aliases create mode 100644 conf.d/transport/10_exim4-config_mailman create mode 100644 conf.d/transport/40_exim4-config_virtual_delivery diff --git a/conf.d/acl/30_exim4-config_check_mail b/conf.d/acl/30_exim4-config_check_mail new file mode 100644 index 0000000..7a6a3e7 --- /dev/null +++ b/conf.d/acl/30_exim4-config_check_mail @@ -0,0 +1,16 @@ + +### acl/30_exim4-config_check_mail +################################# + +# This access control list is used for every MAIL command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_mail: + .ifdef CHECK_MAIL_HELO_ISSUED + deny + message = no HELO given before MAIL command + condition = ${if def:sender_helo_name {no}{yes}} + .endif + + accept diff --git a/conf.d/acl/30_exim4-config_check_rcpt b/conf.d/acl/30_exim4-config_check_rcpt index cb4b73b..870ed29 100644 --- a/conf.d/acl/30_exim4-config_check_rcpt +++ b/conf.d/acl/30_exim4-config_check_rcpt @@ -112,6 +112,22 @@ acl_check_rcpt: !verify = sender .endif + # hcoop-change: Add recommended lines from + # /usr/share/doc/mailman/README.EXIM.gz so that bounce messages + # get through, even if they are from a malformed address + + # Accept bounces to lists even if callbacks or other checks would fail + warn + message = X-WhitelistedRCPT-nohdrfromcallback: Yes + condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \ + {exists {MAILMAN_LISTCHK}}} \ + {yes}{no}} + + accept + condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \ + {exists {MAILMAN_LISTCHK}}} \ + {yes}{no}} + # Verify senders listed in local_sender_callout with a callout. # # In smarthost and satellite setups, this causes the callout to be diff --git a/conf.d/acl/40_exim4-config_check_data b/conf.d/acl/40_exim4-config_check_data index fb219a0..5f8f25b 100644 --- a/conf.d/acl/40_exim4-config_check_data +++ b/conf.d/acl/40_exim4-config_check_data @@ -61,6 +61,15 @@ acl_check_data: # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report + # hcoop-change: Our more-competent solution + warn + # Only run through spamassassin if the user wants this + condition = ${if exists{/etc/spamassassin/addrs/${local_part}@${domain}}\ + {yes}{no}} + spam = nobody:true + add_header = X-Spam-Score: $spam_score ($spam_bar) + add_header = X-Spam-Report: $spam_report + # This hook allows you to hook in your own ACLs without having to # modify this file. If you do it like we suggest, you'll end up with diff --git a/conf.d/auth/30_exim4-config_examples b/conf.d/auth/30_exim4-config_examples index 24d52d1..e696ad1 100644 --- a/conf.d/auth/30_exim4-config_examples +++ b/conf.d/auth/30_exim4-config_examples @@ -210,22 +210,38 @@ cram_md5: client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} -plain: +# hcoop-change: Authenticate against /etc/courier/exim.dat +userdb_plain: driver = plaintext public_name = PLAIN -.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS - client_send = "${if !eq{$tls_cipher}{}{\ - ^${extract{1}{::}\ - {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ - ^${extract{2}{::}\ - {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ - }fail}" -.else - client_send = "^${extract{1}{::}\ - {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ - ^${extract{2}{::}\ - {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}" -.endif + server_condition = \ + ${if \ + crypteq {$3} \ + {${extract{systempw}{${tr{${lookup{$2} \ + dbm{/etc/courier/exim.dat} \ + }}{|}{ }}}}} \ + {yes} \ + {no} \ + } + server_set_id = $2 + +# hcoop-change: Comment out plain authenticator +# plain: +# driver = plaintext +# public_name = PLAIN +# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS +# client_send = "${if !eq{$tls_cipher}{}{\ +# ^${extract{1}{::}\ +# {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ +# ^${extract{2}{::}\ +# {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ +# }fail}" +# .else +# client_send = "^${extract{1}{::}\ +# {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}\ +# ^${extract{2}{::}\ +# {${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}" +# .endif login: driver = plaintext diff --git a/conf.d/main/01_exim4-config_listmacrosdefs b/conf.d/main/01_exim4-config_listmacrosdefs index 0f9f637..fec1059 100644 --- a/conf.d/main/01_exim4-config_listmacrosdefs +++ b/conf.d/main/01_exim4-config_listmacrosdefs @@ -49,17 +49,19 @@ DC_visiblename=DEBCONFvisiblenameDEBCONF # List of domains considered local for exim. Domains not listed here # need to be deliverable remotely. -.ifndef MAIN_LOCAL_DOMAINS -MAIN_LOCAL_DOMAINS = DEBCONFlocal_domainsDEBCONF -.endif -domainlist local_domains = MAIN_LOCAL_DOMAINS +# hcoop-change: comment out +#.ifndef MAIN_LOCAL_DOMAINS +#MAIN_LOCAL_DOMAINS = DEBCONFlocal_domainsDEBCONF +#.endif +#domainlist local_domains = MAIN_LOCAL_DOMAINS # List of recipient domains to relay _to_. Use this list if you're - # for example - fallback MX or mail gateway for domains. -.ifndef MAIN_RELAY_TO_DOMAINS -MAIN_RELAY_TO_DOMAINS = DEBCONFrelay_domainsDEBCONF -.endif -domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS +# hcoop-change: comment out +#.ifndef MAIN_RELAY_TO_DOMAINS +#MAIN_RELAY_TO_DOMAINS = DEBCONFrelay_domainsDEBCONF +#.endif +#domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS # List of sender networks (IP addresses) to _unconditionally_ relay # _for_. If you intend to be SMTP AUTH server, you do not need to enter @@ -143,6 +145,11 @@ CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ .endif # always log tls_peerdn as we use TLS for outgoing connects by default +# hcoop-change: add +tls_ciper .ifndef MAIN_LOG_SELECTOR -MAIN_LOG_SELECTOR = +tls_peerdn +MAIN_LOG_SELECTOR = +tls_cipher +tls_peerdn .endif + +# hcoop-change: use file_transport = address_file for /etc/aliases +# delivery, as per old configuration +SYSTEM_ALIASES_FILE_TRANSPORT = address_file diff --git a/conf.d/main/20_mailman-macros b/conf.d/main/20_mailman-macros new file mode 100644 index 0000000..ce99f83 --- /dev/null +++ b/conf.d/main/20_mailman-macros @@ -0,0 +1,30 @@ +# Home dir for your Mailman installation -- aka Mailman's prefix +# directory. +# By default this is set to "/usr/local/mailman" +# On a Red Hat/Fedora system using the RPM use "/var/mailman" +# On Debian using the deb package use "/var/lib/mailman" +# This is normally the same as ~mailman +MAILMAN_HOME=/var/lib/mailman + +# The path of the Mailman mail wrapper script +MAILMAN_WRAP=MAILMAN_HOME/mail/mailman + +# User and group for Mailman, should match your --with-mail-gid +# switch to Mailman's configure script. +# Value is normally "mailman" +MAILMAN_USER=mail +MAILMAN_GROUP=mail + +# Domains that your lists are in - colon separated list +# you may wish to add these into local_domains as well +# +# These are auto-generated by domtool. +# +# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +# These values are derived from the ones above and should not need +# editing unless you have munged your mailman installation + +# The path of the list config file (used as a required file when +# verifying list addresses) +MAILMAN_LISTCHK=MAILMAN_HOME/lists/${lc::$local_part}/config.pck diff --git a/conf.d/main/90_exim4-config_log_selector b/conf.d/main/90_exim4-config_log_selector new file mode 100644 index 0000000..685c404 --- /dev/null +++ b/conf.d/main/90_exim4-config_log_selector @@ -0,0 +1,10 @@ + +### main/90_exim4-config_log_selector +################################# + +# uncomment this for debugging +# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments + +.ifdef MAIN_LOG_SELECTOR +log_selector = MAIN_LOG_SELECTOR +.endif diff --git a/conf.d/router/310_exim4-config_virtual_user b/conf.d/router/310_exim4-config_virtual_user new file mode 100644 index 0000000..ecd010a --- /dev/null +++ b/conf.d/router/310_exim4-config_virtual_user @@ -0,0 +1,6 @@ +# hcoop-change: Route mail for hosted domains + +virtual_user: + driver = accept + transport = virtual_delivery + require_files = /home/vmail/${domain}/${local_part} diff --git a/conf.d/router/320_exim4-config_mailman b/conf.d/router/320_exim4-config_mailman new file mode 100644 index 0000000..b7c60bd --- /dev/null +++ b/conf.d/router/320_exim4-config_mailman @@ -0,0 +1,15 @@ +# hcoop-change: Route mail for mailing lists +mailman_router: + driver = accept + domains = +mm_domains + require_files = MAILMAN_LISTCHK + condition = ${run{/bin/sh -c \"/usr/local/sbin/checklist ${local_part} ${doma\ +in}\""}{1}{0}} + local_part_suffix_optional + local_part_suffix = -admin : \ + -bounces : -bounces+* : \ + -confirm : -confirm+* : \ + -join : -leave : \ + -owner : -request : \ + -subscribe : -unsubscribe + transport = mailman_transport diff --git a/conf.d/router/450_exim4-config_default_aliases b/conf.d/router/450_exim4-config_default_aliases new file mode 100644 index 0000000..cbcd515 --- /dev/null +++ b/conf.d/router/450_exim4-config_default_aliases @@ -0,0 +1,24 @@ +# hcoop-change: default_aliases rule for various domains; mostly seems +# to be used by Adam +default_aliases: + debug_print = "R: default_aliases for $local_part@$domain" + driver = redirect + domains = +local_domains + allow_fail + allow_defer + data = ${lookup{$local_part@$domain}lsearch*@{/etc/aliases.default}} + .ifdef SYSTEM_ALIASES_USER + user = SYSTEM_ALIASES_USER + .endif + .ifdef SYSTEM_ALIASES_GROUP + group = SYSTEM_ALIASES_GROUP + .endif + .ifdef SYSTEM_ALIASES_FILE_TRANSPORT + file_transport = SYSTEM_ALIASES_FILE_TRANSPORT + .endif + .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT + pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT + .endif + .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT + directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT + .endif diff --git a/conf.d/transport/10_exim4-config_mailman b/conf.d/transport/10_exim4-config_mailman new file mode 100644 index 0000000..f6ddf40 --- /dev/null +++ b/conf.d/transport/10_exim4-config_mailman @@ -0,0 +1,13 @@ +# hcoop-change: Transport for mailman lists +mailman_transport: + debug_print = "T: mailman for $local_part@$domain" + driver = pipe + command = MAILMAN_WRAP \ + '${if def:local_part_suffix \ + {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ + {post}}' \ + $local_part + current_directory = MAILMAN_HOME + home_directory = MAILMAN_HOME + user = MAILMAN_USER + group = MAILMAN_GROUP diff --git a/conf.d/transport/40_exim4-config_virtual_delivery b/conf.d/transport/40_exim4-config_virtual_delivery new file mode 100644 index 0000000..255a9b1 --- /dev/null +++ b/conf.d/transport/40_exim4-config_virtual_delivery @@ -0,0 +1,20 @@ +# hcoop-change: This transport is used to deliver mail to virtual +# mailboxes (i.e. email accounts which have been granted to non-hcoop +# members by the owner of the domain) + +# Warning: This is currently known to not work for some domains. +# Perhaps we should be using a postgresql/mysql lookup here. + +virtual_delivery: + debug_print = "T: virtual_delivery for $local_part@$domain" + driver = appendfile + user = ${extract{uid}{${tr{${lookup{$local_part@$domain} \ + dbm{/etc/courier/exim.dat} \ + }}{|}{ }}}} + group = mail + mode = 0660 + mode_fail_narrower = false + envelope_to_add + return_path_add + directory = /home/vmail/${domain}/${local_part} + maildir_format diff --git a/update-exim4.conf.conf b/update-exim4.conf.conf index 96c6c09..4f2ce20 100644 --- a/update-exim4.conf.conf +++ b/update-exim4.conf.conf @@ -17,8 +17,8 @@ # This is a Debian specific file dc_eximconfig_configtype='internet' -dc_other_hostnames='localhost.localdomain' -dc_local_interfaces='127.0.0.1' +dc_other_hostnames='hcoop.net:deleuze.hcoop.net' +dc_local_interfaces='' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' @@ -29,3 +29,8 @@ dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='maildir_home' + +# hcoop-change: Additional nonstandard items + +# sets qualify_domain +dc_visiblename='hcoop.net' -- 2.20.1