[vhffs-dev] [654] That was funny, really, let's put usable config file. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 654
Author: gradator
Date: 2007-07-03 14:39:58 +0000 (Tue, 03 Jul 2007)
Log Message:
-----------
That was funny, really, let's put usable config file.
Added Paths:
-----------
trunk/vhffs-doc/config/exim4-mx1/exim4.conf
trunk/vhffs-doc/config/exim4-mx2/exim4.conf
Removed Paths:
-------------
trunk/vhffs-doc/config/exim4-mx1/conf.d/
trunk/vhffs-doc/config/exim4-mx1/exim4.conf
trunk/vhffs-doc/config/exim4-mx1/exim4.conf.hash
trunk/vhffs-doc/config/exim4-mx1/exim4.conf.template
trunk/vhffs-doc/config/exim4-mx1/host
trunk/vhffs-doc/config/exim4-mx1/passwd.client
trunk/vhffs-doc/config/exim4-mx1/update-exim4.conf.conf
trunk/vhffs-doc/config/exim4-mx2/conf.d/
trunk/vhffs-doc/config/exim4-mx2/exim4.conf
trunk/vhffs-doc/config/exim4-mx2/exim4.conf.template
trunk/vhffs-doc/config/exim4-mx2/passwd.client
trunk/vhffs-doc/config/exim4-mx2/update-exim4.conf.conf
Deleted: trunk/vhffs-doc/config/exim4-mx1/exim4.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/exim4.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/exim4.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,405 +0,0 @@
-hide pgsql_servers = DBHOST/vhffs/vhffs/DBPASS
-MAIL_HOME=/data/mail/boxes
-PGSQL_LOCAL_DOMAINS = ${lookup pgsql{SELECT DISTINCT domain FROM vhffs_mxdomain WHERE domain = '$domain'}}
-PGSQL_VIRTUAL_LOCAL_DOMAINS = ${lookup pgsql{select vhffs_boxes.domain from vhffs_boxes, vhffs_mxdomain where local_part = '$local_part' and vhffs_boxes.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
-PGSQL_VIRTUAL_LOCAL_DIR = MAIL_HOME/${lookup pgsql{select boxes_path from vhffs_mxdomain where domain = '$domain'}{$value}fail}/${lookup pgsql{select mbox_name from vhffs_boxes where domain = '$domain' and local_part = '$local_part'}{$value}fail}/Maildir
-PGSQL_VIRTUAL_FORWARD_DATA = ${lookup pgsql{select remote_name from vhffs_forward, vhffs_mxdomain where local_part = '$local_part' and vhffs_forward.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
-PGSQL_ML_EXIST = ${lookup pgsql{select domain from vhffs_ml where local_part='$local_part' and domain='$domain'}}
-PGSQL_VIRTUAL_CATCHALL = ${lookup pgsql{select catchall from vhffs_mxdomain where domain = '$domain' and catchall != ''}}
-PGSQL_GET_TX_USER = ${lookup pgsql{select mail from vhffs_users where username='$local_part' and 'tuxfamily.org'='$domain'}}
-#PGSQL_VIRTUAL_LOCAL_QUOTA = ${lookup pgsql{select quota from popbox where local_part = "$local_part" and domaine = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_QFILE = ${lookup pgsql{select quota_f from popbox where local_part = "$local_part" and domain = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_Q_WARN = ${lookup pgsql{select quota_warn from popbox where local_part = "$local_part" and domain = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_UP_QUOTA = ${lookup pgsql{update popbox set quota_f_used = "$quota_total_fcount", quota_used = "$quota_total_used" where local_part = "$local_part" and domain_name = "$domain"}}
-#PGSQL_VIRTUAL_SPAMCHECK = ${lookup pgsql{select domain_name from mxdomain where mxdomain.domain_name = "$domain" and scan = "1"}}
-
-LISTENGINE_HOME=/usr/lib/vhffs/listengine/
-LISTENGINE_QUEUE=LISTENGINE_HOME/listengine
-LISTENGINE_UID=Debian-exim
-LISTENGINE_GID=Debian-exim
-
-exim_path = /usr/sbin/exim4
-
-CONFDIR = /etc/exim4
-
-domainlist local_domains = PGSQL_LOCAL_DOMAINS:localhost:mx1.tuxfamily.net:tuxfamily.net:tuxfamily.com:mx1.tuxfamily.org
-
-domainlist relay_to_domains =
-
-hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/24
-
-#av_scanner = clamd:192.168.3.50 7777 stream
-
-qualify_domain = staff.tuxfamily.org
-
-LOCAL_DELIVERY=mail_spool
-
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-acl_smtp_rcpt = acl_check_rcpt
-
-#acl_smtp_data = acl_check_data
-
-message_size_limit = 10M
-
-smtp_accept_max = 120
-
-host_lookup = *
-
-primary_hostname = mx1.tuxfamily.net
-
-rfc1413_query_timeout = 0s
-
-ignore_bounce_errors_after = 2d
-
-timeout_frozen_after = 7d
-
-freeze_tell = postmaster
-
-spool_directory = /var/spool/exim4
-
-trusted_users = Debian-exim
-
-smtp_banner = "${primary_hostname} ESMTP Vhffs4 Mailer ${tod_full}"
-
-begin acl
-
-acl_whitelist_local_deny:
- accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
- accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
- {}}
-
-acl_check_rcpt:
- accept hosts = : 127.0.0.1 : 192.168.1.0/24 : 213.246.36.36
-
- deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-
- deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
- {CONFDIR/local_host_blacklist}\
- {}}
-
- drop condition = ${if eq{$sender_helo_name}{}{yes}{no}}
- message = \
- HELO/EHLO required by SMTP RFC.\n\
- Bye dude!
-
- accept senders = ${if exists{CONFDIR/whitelist_sender}\
- {CONFDIR/whitelist_sender}\
- {}}
-
- accept hosts = ${if exists{CONFDIR/whitelist_host}\
- {CONFDIR/whitelist_host}\
- {}}
-
- drop !verify = sender/no_details
- message = \
- Unrouteable sender address.\n\
- Bye dude!
-
- drop !verify = sender/callout=45s
- message = \
- Your email address is rejected by your mail server.\n\
- You can't send mail here with a fake address.\n\
- Bye dude!
-
- deny domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- message = restricted characters in address
-
- deny domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- message = restricted characters in address
-
- accept local_parts = postmaster
- domains = +local_domains
-
- warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
- !verify = reverse_host_lookup
-
- accept domains = +local_domains
- endpass
- message = unknown user
- verify = recipient
-
- accept domains = +relay_to_domains
- endpass
- message = unrouteable address
- verify = recipient
-
- accept hosts = +relay_from_hosts
-
- accept authenticated = *
-
- deny message = relay not permitted
-
-#acl_check_data:
-
-# deny message = Message contains malware or a virus ($malware_name).
-# log_message = $sender_host_address tried sending $malware_name
-# demime = *
-# malware = *
-# warn condition = ${if !def:h_Message-ID: {1}}
-# hosts = +relay_from_hosts
-# message = Message-ID: <E$message_id@$primary_hostname>
-
-
-# accept
-
-begin routers
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
- no_more
-#spamcheck_router:
-# driver = accept
-# no_verify
-# domains = PGSQL_VIRTUAL_SPAMCHECK
-# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
-# transport = spamcheck
-virtual_local:
- driver = accept
- domains = PGSQL_VIRTUAL_LOCAL_DOMAINS
- transport = virtual_local
-virtual_forward:
- driver = redirect
- qualify_preserve_domain = true
- data = PGSQL_VIRTUAL_FORWARD_DATA
-list_director:
- driver = accept
- domains = PGSQL_ML_EXIST
- transport = list_transport
-
-#list_sub:
-# driver = accept
-# local_part_suffix = -subscribe
-# condition = PGSQL_ML_EXIST
-# transport = list_sub_transport
-
-#list_unsub:
-# driver = accept
-# local_part_suffix = -unsubscribe
-# condition = PGSQL_ML_EXIST
-# transport = list_unsub_transport
-
-#list_confirm:
-# driver = accept
-# local_part_suffix = -confirm
-# condition = PGSQL_ML_EXIST
-# transport = list_confirm_transport
-virtual_catchall:
- driver = redirect
- qualify_preserve_domain = true
- data = PGSQL_VIRTUAL_CATCHALL
-virtual_tf_users:
- driver = redirect
- data = PGSQL_GET_TX_USER
-
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- condition = ${if or { {eq {$domain} {$primary_hostname}} {eq {$domain} {$qualify_domain}}} {1} {0}}
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- file_transport = address_file
-
-begin transports
-
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-#spamcheck:
-# debug_print = "T: spamassassin_pipe for $local_part@$domain"
-# driver = pipe
-# command = /usr/sbin/exim4 -oMr spam-scanned -bS
-# use_bsmtp
-# transport_filter = /usr/bin/spamc -d 192.168.3.50 -p 783
-# home_directory = "/tmp"
-# current_directory = "/tmp"
-# user = Debian-exim
-# group = Debian-exim
-# return_fail_output
-# headers_remove = X-Spam-Flag : X-Spam-Status : X-Spam-Level : X-Spam-Scanned
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- envelope_to_add = true
- return_path_add = true
- check_string = ""
- escape_string = ""
- maildir_format
-
-virtual_local:
- driver = appendfile
- directory = PGSQL_VIRTUAL_LOCAL_DIR
- maildir_format
- user = Debian-exim
- group = Debian-exim
- mode = 0666
- directory_mode = 0700
- maildir_use_size_file
-# quota = PGSQL_VIRTUAL_LOCAL_QUOTA
-# quota_filecount = PGSQL_VIRTUAL_LOCAL_QFILE
- maildir_quota_directory_regex = ^(?:cur|new|\..*)$
-# quota_update = PGSQL_VIRTUAL_LOCAL_UP_QUOTA
-# quota_warn_threshold = PGSQL_VIRTUAL_LOCAL_Q_WARN%
-# quota_warn_message = "\
-# To: $local_part@$domain\n\
-# Subject: Important Votre Boite Mail\n\n\
-# Votre seuil d'alerte est atteint.\n \
-# Une fois que votre limire sera atteinte \
-# tout nouveau message sera sauvegard\xE9 pendant jours tant\n \
-# que vous n'aurez pas augment\xE9 votre quota ou supprim\xE9 quelques messages.\n \
-# Pass\xE9 ce d\xE9lais, tout nouveau message \xE0 votre intention sera \
-# automatiquement retourn\xE9 \xE0 son exp\xE9diteur.\n\n \
-# Cordialement\n \
-# Votre gestionnaire de courier"
-list_transport:
- driver = pipe
- command = LISTENGINE_QUEUE ${lc:$local_part} ${lc:$domain}
- current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
- user = LISTENGINE_UID
-
-#list_master_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-#
-#list_sub_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action subscribe ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_unsub_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action unsubscribe ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_info_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action info ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_confirm_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action confirm ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-begin retry
-
-* quota_7d
-* quota F,2h,15m; F,3d,1h
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-begin rewrite
-
-*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail} Ffrs
-
-*@+local_domains "${if exists {CONFDIR/email-addresses}\
- {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
- {$value}fail}}fail}" Ffrs
-
-begin authenticators
-
- plain_server:
- driver = plaintext
- public_name = PLAIN
- server_condition = ${if and {{!eq{$2}{}}{!eq{$3}{}}{eq {$3} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$2}' and domain = '${domain:$2}'} {$value}fail}}}}{1}{0}}
- server_set_id = $2
- server_prompts = :
-
- login_server:
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ${if and {{!eq{$1}{}}{!eq{$2}{}}{eq {$2} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$1}' and domain = '${domain:$1}'} {$value}fail}}}}{1}{0}}
- server_set_id = $1
-
Added: trunk/vhffs-doc/config/exim4-mx1/exim4.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/exim4.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/exim4.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -0,0 +1,432 @@
+hide pgsql_servers = PGHOST/PGDB/PGUSER/PGPASS
+MAIL_HOME=/data/mail/boxes
+PGSQL_LOCAL_DOMAINS = ${lookup pgsql{SELECT DISTINCT domain FROM vhffs_mxdomain WHERE domain = '$domain'}}
+PGSQL_VIRTUAL_LOCAL_DOMAINS = ${lookup pgsql{select vhffs_boxes.domain from vhffs_boxes, vhffs_mxdomain where local_part = '$local_part' and vhffs_boxes.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
+PGSQL_VIRTUAL_LOCAL_DIR = MAIL_HOME/${lookup pgsql{select boxes_path from vhffs_mxdomain where domain = '$domain'}{$value}fail}/${lookup pgsql{select mbox_name from vhffs_boxes where domain = '$domain' and local_part = '$local_part'}{$value}fail}/Maildir
+PGSQL_VIRTUAL_FORWARD_DATA = ${lookup pgsql{select remote_name from vhffs_forward, vhffs_mxdomain where local_part = '$local_part' and vhffs_forward.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
+PGSQL_ML_EXIST = ${lookup pgsql{select domain from vhffs_ml where local_part='$local_part' and domain='$domain'}}
+PGSQL_VIRTUAL_CATCHALL = ${lookup pgsql{select catchall from vhffs_mxdomain where domain = '$domain' and catchall != ''}}
+#PGSQL_GET_TX_USER = ${lookup pgsql{select vhffs_user_info.mail from vhffs_user_info, vhffs_users where vhffs_users.uid=vhffs_user_info.uid and vhffs_users.username='$local_part' and 'vhffs.org'='$domain'}}
+#PGSQL_VIRTUAL_LOCAL_QUOTA = ${lookup pgsql{select quota from popbox where local_part = "$local_part" and domaine = "$domain"}}
+#PGSQL_VIRTUAL_LOCAL_QFILE = ${lookup pgsql{select quota_f from popbox where local_part = "$local_part" and domain = "$domain"}}
+#PGSQL_VIRTUAL_LOCAL_Q_WARN = ${lookup pgsql{select quota_warn from popbox where local_part = "$local_part" and domain = "$domain"}}
+#PGSQL_VIRTUAL_LOCAL_UP_QUOTA = ${lookup pgsql{update popbox set quota_f_used = "$quota_total_fcount", quota_used = "$quota_total_used" where local_part = "$local_part" and domain_name = "$domain"}}
+#PGSQL_VIRTUAL_SPAMCHECK = ${lookup pgsql{select domain_name from mxdomain where mxdomain.domain_name = "$domain" and scan = "1"}}
+
+LISTENGINE_HOME=/usr/lib/vhffs/listengine/
+LISTENGINE_QUEUE=LISTENGINE_HOME/listengine.pl
+LISTENGINE_UID=www-data
+LISTENGINE_GID=www-data
+
+exim_path = /usr/sbin/exim4
+
+CONFDIR = /etc/exim4
+
+domainlist local_domains = PGSQL_LOCAL_DOMAINS:localhost
+
+domainlist relay_to_domains =
+
+hostlist relay_from_hosts = 127.0.0.1
+
+#av_scanner = clamd:192.168.3.50 7777 stream
+
+qualify_domain = mx1.vhffs.org
+
+LOCAL_DELIVERY=mail_spool
+
+gecos_pattern = ^([^,:]*)
+gecos_name = $1
+
+acl_smtp_rcpt = acl_check_rcpt
+
+#acl_smtp_data = acl_check_data
+
+message_size_limit = 10M
+
+smtp_accept_max = 120
+
+smtp_accept_queue_per_connection = 100
+
+smtp_load_reserve = 50.0
+
+deliver_queue_load_max = 20.0
+
+queue_only_load = 20.0
+
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 0s
+
+primary_hostname = mx1.vhffs.org
+
+ignore_bounce_errors_after = 4h
+
+timeout_frozen_after = 7d
+
+remote_max_parallel = 35
+#freeze_tell = postmaster
+
+spool_directory = /var/spool/exim4
+
+trusted_users = Debian-exim
+
+smtp_banner = "${primary_hostname} ESMTP Vhffs4 Mailer ${tod_full}"
+
+begin acl
+
+#acl_whitelist_local_deny:
+# accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
+# {CONFDIR/local_host_whitelist}\
+# {}}
+# accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
+# {CONFDIR/local_sender_whitelist}\
+# {}}
+
+acl_check_rcpt:
+ accept hosts = :
+
+# deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+# !acl = acl_whitelist_local_deny
+# senders = ${if exists{CONFDIR/local_sender_blacklist}\
+# {CONFDIR/local_sender_blacklist}\
+# {}}
+
+# deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+# !acl = acl_whitelist_local_deny
+# hosts = ${if exists{CONFDIR/local_host_blacklist}\
+# {CONFDIR/local_host_blacklist}\
+# {}}
+
+ drop condition = ${if eq{$sender_helo_name}{}{yes}{no}}
+ message = HELO/EHLO required by SMTP RFC.\n\
+ Bye dude!
+
+# accept senders = ${if exists{CONFDIR/whitelist_sender}\
+# {CONFDIR/whitelist_sender}\
+# {}}
+
+# accept hosts = ${if exists{CONFDIR/whitelist_host}\
+# {CONFDIR/whitelist_host}\
+# {}}
+
+ drop !verify = sender/no_details
+ message = Unrouteable sender address.\n\
+ Bye dude!
+
+ deny local_parts = ^[.] : ^.*[@%!/|]
+ message = Restricted characters in address
+
+ accept hosts = +relay_from_hosts
+
+# deny domains = +local_domains
+# local_parts = ^[.] : ^.*[@%!/|]
+# message = Restricted characters in address
+
+# deny domains = !+local_domains
+# local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+# message = Restricted characters in address
+
+# drop !verify = sender/callout=45s
+# message = \
+# Your email address is rejected by your mail server.\n\
+# You can't send mail here with a fake address.\n\
+# Bye dude!
+
+# accept local_parts = postmaster
+# domains = +local_domains : +relay_to_domains
+
+# warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
+# !verify = reverse_host_lookup
+
+# accept authenticated = *
+
+ require message = Relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ deny message = Unknown user
+ domains = +local_domains : +relay_to_domains
+ !verify = recipient
+
+# deny message = Unrouteable address
+# domains = +relay_to_domains
+# !verify = recipient
+
+# accept domains = +local_domains
+# endpass
+# message = unknown user
+# verify = recipient
+
+# accept domains = +relay_to_domains
+# endpass
+# message = unrouteable address
+# verify = recipient
+
+# deny message = relay not permitted
+
+#acl_check_data:
+
+# deny message = Message contains malware or a virus ($malware_name).
+# log_message = $sender_host_address tried sending $malware_name
+# demime = *
+# malware = *
+# warn condition = ${if !def:h_Message-ID: {1}}
+# hosts = +relay_from_hosts
+# message = Message-ID: <E$message_id@$primary_hostname>
+
+ accept
+
+begin routers
+
+dnslookup_relay_to_domains:
+ debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains : +relay_to_domains
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ no_more
+
+dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+ 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
+ no_more
+
+#spamcheck_router:
+# driver = accept
+# no_verify
+# domains = PGSQL_VIRTUAL_SPAMCHECK
+# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
+# transport = spamcheck
+
+virtual_local:
+ driver = accept
+ domains = PGSQL_VIRTUAL_LOCAL_DOMAINS
+ transport = virtual_local
+
+virtual_forward:
+ driver = redirect
+ qualify_preserve_domain = true
+ data = PGSQL_VIRTUAL_FORWARD_DATA
+
+list_director:
+ driver = accept
+ domains = PGSQL_ML_EXIST
+ transport = list_transport
+
+list_sub:
+ driver = accept
+ local_part_suffix = -request
+ condition = PGSQL_ML_EXIST
+ transport = list_sub_transport
+
+#list_unsub:
+# driver = accept
+# local_part_suffix = -unsubscribe
+# condition = PGSQL_ML_EXIST
+# transport = list_unsub_transport
+
+#list_confirm:
+# driver = accept
+# local_part_suffix = -confirm
+# condition = PGSQL_ML_EXIST
+# transport = list_confirm_transport
+
+virtual_catchall:
+ driver = redirect
+ qualify_preserve_domain = true
+ data = PGSQL_VIRTUAL_CATCHALL
+
+#virtual_tf_users:
+# driver = redirect
+# data = PGSQL_GET_TX_USER
+
+system_aliases:
+ debug_print = "R: system_aliases for $local_part@$domain"
+ driver = redirect
+ condition = ${if or { {eq {$domain} {$primary_hostname}} {eq {$domain} {$qualify_domain}}} {1} {0}}
+ allow_fail
+ allow_defer
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
+ file_transport = address_file
+
+begin transports
+
+address_file:
+ debug_print = "T: address_file for $local_part@$domain"
+ driver = appendfile
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+address_pipe:
+ debug_print = "T: address_pipe for $local_part@$domain"
+ driver = pipe
+ return_fail_output
+
+address_reply:
+ debug_print = "T: autoreply for $local_part@$domain"
+ driver = autoreply
+
+mail_spool:
+ debug_print = "T: appendfile for $local_part@$domain"
+ driver = appendfile
+ file = /var/mail/$local_part
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ group = mail
+ mode = 0660
+ mode_fail_narrower = false
+
+maildrop_pipe:
+ debug_print = "T: maildrop_pipe for $local_part@$domain"
+ driver = pipe
+ path = "/bin:/usr/bin:/usr/local/bin"
+ command = "/usr/bin/maildrop"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+
+procmail_pipe:
+ debug_print = "T: procmail_pipe for $local_part@$domain"
+ driver = pipe
+ path = "/bin:/usr/bin:/usr/local/bin"
+ command = "/usr/bin/procmail"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+
+remote_smtp:
+ debug_print = "T: remote_smtp for $local_part@$domain"
+ driver = smtp
+
+#spamcheck:
+# debug_print = "T: spamassassin_pipe for $local_part@$domain"
+# driver = pipe
+# command = /usr/sbin/exim4 -oMr spam-scanned -bS
+# use_bsmtp
+# transport_filter = /usr/bin/spamc -d 192.168.3.50 -p 783
+# home_directory = "/tmp"
+# current_directory = "/tmp"
+# user = Debian-exim
+# group = Debian-exim
+# return_fail_output
+# headers_remove = X-Spam-Flag : X-Spam-Status : X-Spam-Level : X-Spam-Scanned
+
+address_directory:
+ debug_print = "T: address_directory for $local_part@$domain"
+ driver = appendfile
+ envelope_to_add = true
+ return_path_add = true
+ check_string = ""
+ escape_string = ""
+ maildir_format
+
+virtual_local:
+ driver = appendfile
+ directory = PGSQL_VIRTUAL_LOCAL_DIR
+ maildir_format
+ user = Debian-exim
+ group = Debian-exim
+ mode = 0666
+ directory_mode = 0700
+ maildir_use_size_file
+# quota = PGSQL_VIRTUAL_LOCAL_QUOTA
+# quota_filecount = PGSQL_VIRTUAL_LOCAL_QFILE
+ maildir_quota_directory_regex = ^(?:cur|new|\..*)$
+# quota_update = PGSQL_VIRTUAL_LOCAL_UP_QUOTA
+# quota_warn_threshold = PGSQL_VIRTUAL_LOCAL_Q_WARN%
+# quota_warn_message = "\
+# To: $local_part@$domain\n\
+# Subject: Important Votre Boite Mail\n\n\
+# Votre seuil d'alerte est atteint.\n \
+# Une fois que votre limire sera atteinte \
+# tout nouveau message sera sauvegard\xE9 pendant jours tant\n \
+# que vous n'aurez pas augment\xE9 votre quota ou supprim\xE9 quelques messages.\n \
+# Pass\xE9 ce d\xE9lais, tout nouveau message \xE0 votre intention sera \
+# automatiquement retourn\xE9 \xE0 son exp\xE9diteur.\n\n \
+# Cordialement\n \
+# Votre gestionnaire de courier"
+
+list_transport:
+ driver = pipe
+ command = LISTENGINE_QUEUE bounce ${lc:$local_part} ${lc:$domain}
+ current_directory = LISTENGINE_HOME
+# home_directory = LISTENGINE_HOME
+ user = LISTENGINE_UID
+
+#list_master_transport:
+# driver = pipe
+# command = LISTENGINE_QUEUE
+# current_directory = LISTENGINE_HOME
+# home_directory = LISTENGINE_HOME
+# user = LISTENGINE_UID
+# group = LISTENGINE_GID
+#
+
+list_sub_transport:
+ driver = pipe
+ command = LISTENGINE_QUEUE request ${lc:$local_part} ${lc:$domain}
+ current_directory = LISTENGINE_HOME
+ home_directory = LISTENGINE_HOME
+ user = LISTENGINE_UID
+ group = LISTENGINE_GID
+
+#list_unsub_transport:
+# driver = pipe
+# command = LISTENGINE_QUEUE action unsubscribe ${lc:$local_part}_${lc:$domain}
+# current_directory = LISTENGINE_HOME
+# home_directory = LISTENGINE_HOME
+# user = LISTENGINE_UID
+# group = LISTENGINE_GID
+
+#list_info_transport:
+# driver = pipe
+# command = LISTENGINE_QUEUE action info ${lc:$local_part}_${lc:$domain}
+# current_directory = LISTENGINE_HOME
+# home_directory = LISTENGINE_HOME
+# user = LISTENGINE_UID
+# group = LISTENGINE_GID
+
+#list_confirm_transport:
+# driver = pipe
+# command = LISTENGINE_QUEUE action confirm ${lc:$local_part}_${lc:$domain}
+# current_directory = LISTENGINE_HOME
+# home_directory = LISTENGINE_HOME
+# user = LISTENGINE_UID
+# group = LISTENGINE_GID
+
+begin retry
+
+#* quota_7d
+#* quota F,2h,15m; F,3d,1h
+* * F,4h,1h; G,20h,1h,1.5; F,3d,12h
+
+begin rewrite
+
+#*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
+# {$value}fail} Ffrs
+
+#*@+local_domains "${if exists {CONFDIR/email-addresses}\
+# {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
+# {$value}fail}}fail}" Ffrs
+
+begin authenticators
+
+# plain_server:
+# driver = plaintext
+# public_name = PLAIN
+# server_condition = ${if and {{!eq{$2}{}}{!eq{$3}{}}{eq {$3} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$2}' and domain = '${domain:$2}'} {$value}fail}}}}{1}{0}}
+# server_set_id = $2
+# server_prompts = :
+
+# login_server:
+# driver = plaintext
+# public_name = LOGIN
+# server_prompts = "Username:: : Password::"
+# server_condition = ${if and {{!eq{$1}{}}{!eq{$2}{}}{eq {$2} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$1}' and domain = '${domain:$1}'} {$value}fail}}}}{1}{0}}
+# server_set_id = $1
Deleted: trunk/vhffs-doc/config/exim4-mx1/exim4.conf.hash
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/exim4.conf.hash 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/exim4.conf.hash 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,405 +0,0 @@
-hide pgsql_servers = DBHOST/vhffs/vhffs/DBPASS
-MAIL_HOME=/data/mail/boxes/
-PGSQL_LOCAL_DOMAINS = ${lookup pgsql{SELECT DISTINCT domain FROM vhffs_mxdomain WHERE domain = '$domain'}}
-PGSQL_VIRTUAL_LOCAL_DOMAINS = ${lookup pgsql{select vhffs_boxes.domain from vhffs_boxes, vhffs_mxdomain where local_part = '$local_part' and vhffs_boxes.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
-PGSQL_VIRTUAL_LOCAL_DIR = MAIL_HOME/${lookup pgsql{select domain_hash from vhffs_boxes where domain = '$domain'}{$value}fail}/${lookup pgsql{select mbox_name from vhffs_boxes where domain = '$domain' and local_part = '$local_part'}{$value}fail}/Maildir
-PGSQL_VIRTUAL_FORWARD_DATA = ${lookup pgsql{select remote_name from vhffs_forward, vhffs_mxdomain where local_part = '$local_part' and vhffs_forward.domain = vhffs_mxdomain.domain and vhffs_mxdomain.domain = '$domain'}}
-PGSQL_ML_EXIST = ${lookup pgsql{select domain from mail_list where listname = '$local_part' and domain = '$domain'}}
-PGSQL_VIRTUAL_CATCHALL = ${lookup pgsql{select catchall from vhffs_mxdomain where domain = '$domain' and catchall != ''}}
-PGSQL_GET_TX_USER = ${lookup pgsql{select mail from vhffs_users where username='$local_part' and 'tuxfamily.org'='$domain'}}
-#PGSQL_VIRTUAL_LOCAL_QUOTA = ${lookup pgsql{select quota from popbox where local_part = "$local_part" and domaine = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_QFILE = ${lookup pgsql{select quota_f from popbox where local_part = "$local_part" and domain = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_Q_WARN = ${lookup pgsql{select quota_warn from popbox where local_part = "$local_part" and domain = "$domain"}}
-#PGSQL_VIRTUAL_LOCAL_UP_QUOTA = ${lookup pgsql{update popbox set quota_f_used = "$quota_total_fcount", quota_used = "$quota_total_used" where local_part = "$local_part" and domain_name = "$domain"}}
-#PGSQL_VIRTUAL_SPAMCHECK = ${lookup pgsql{select domain_name from mxdomain where mxdomain.domain_name = "$domain" and scan = "1"}}
-
-LISTENGINE_HOME=/vhffs/mail/listengine
-LISTENGINE_QUEUE=LISTENGINE_HOME/listengine.pl
-LISTENGINE_UID=Debian-exim
-LISTENGINE_GID=vhffs
-
-exim_path = /usr/sbin/exim4
-
-CONFDIR = /etc/exim4
-
-domainlist local_domains = PGSQL_LOCAL_DOMAINS:localhost:mx1.tuxfamily.net
-
-domainlist relay_to_domains =
-
-hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/24
-
-#av_scanner = clamd:192.168.3.50 7777 stream
-
-qualify_domain = tuxfamily.org
-
-LOCAL_DELIVERY=mail_spool
-
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-acl_smtp_rcpt = acl_check_rcpt
-
-#acl_smtp_data = acl_check_data
-
-message_size_limit = 10M
-
-smtp_accept_max = 120
-
-host_lookup = *
-
-primary_hostname = mx1.tuxfamily.net
-
-rfc1413_query_timeout = 0s
-
-ignore_bounce_errors_after = 2d
-
-timeout_frozen_after = 7d
-
-freeze_tell = postmaster
-
-spool_directory = /var/spool/exim4
-
-trusted_users = Debian-exim
-
-smtp_banner = "${primary_hostname} ESMTP Vhffs4 Mailer ${tod_full}"
-
-begin acl
-
-acl_whitelist_local_deny:
- accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
- accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
- {}}
-
-acl_check_rcpt:
- accept hosts = : 127.0.0.1 : 192.168.1.0/24 : 213.246.36.36
-
- deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-
- deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
- {CONFDIR/local_host_blacklist}\
- {}}
-
- drop condition = ${if eq{$sender_helo_name}{}{yes}{no}}
- message = \
- HELO/EHLO required by SMTP RFC.\n\
- Bye dude!
-
- accept senders = ${if exists{CONFDIR/whitelist_sender}\
- {CONFDIR/whitelist_sender}\
- {}}
-
- accept hosts = ${if exists{CONFDIR/whitelist_host}\
- {CONFDIR/whitelist_host}\
- {}}
-
- drop !verify = sender/no_details
- message = \
- Unrouteable sender address.\n\
- Bye dude!
-
- drop !verify = sender/callout=45s
- message = \
- Your email address is rejected by your mail server.\n\
- You can't send mail here with a fake address.\n\
- Bye dude!
-
- deny domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- message = restricted characters in address
-
- deny domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- message = restricted characters in address
-
- accept local_parts = postmaster
- domains = +local_domains
-
- warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
- !verify = reverse_host_lookup
-
- accept domains = +local_domains
- endpass
- message = unknown user
- verify = recipient
-
- accept domains = +relay_to_domains
- endpass
- message = unrouteable address
- verify = recipient
-
- accept hosts = +relay_from_hosts
-
- accept authenticated = *
-
- deny message = relay not permitted
-
-#acl_check_data:
-
-# deny message = Message contains malware or a virus ($malware_name).
-# log_message = $sender_host_address tried sending $malware_name
-# demime = *
-# malware = *
-# warn condition = ${if !def:h_Message-ID: {1}}
-# hosts = +relay_from_hosts
-# message = Message-ID: <E$message_id@$primary_hostname>
-
-
-# accept
-
-begin routers
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
- no_more
-#spamcheck_router:
-# driver = accept
-# no_verify
-# domains = PGSQL_VIRTUAL_SPAMCHECK
-# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
-# transport = spamcheck
-virtual_local:
- driver = accept
- domains = PGSQL_VIRTUAL_LOCAL_DOMAINS
- transport = virtual_local
-virtual_forward:
- driver = redirect
- qualify_preserve_domain = true
- data = PGSQL_VIRTUAL_FORWARD_DATA
-#list_director:
-# driver = accept
-# domains = PGSQL_ML_EXIST
-# transport = list_transport
-
-#list_sub:
-# driver = accept
-# local_part_suffix = -subscribe
-# condition = PGSQL_ML_EXIST
-# transport = list_sub_transport
-
-#list_unsub:
-# driver = accept
-# local_part_suffix = -unsubscribe
-# condition = PGSQL_ML_EXIST
-# transport = list_unsub_transport
-
-#list_confirm:
-# driver = accept
-# local_part_suffix = -confirm
-# condition = PGSQL_ML_EXIST
-# transport = list_confirm_transport
-virtual_catchall:
- driver = redirect
- qualify_preserve_domain = true
- data = PGSQL_VIRTUAL_CATCHALL
-virtual_tf_users:
- driver = redirect
- data = PGSQL_GET_TX_USER
-
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- condition = ${if or { {eq {$domain} {$primary_hostname}} {eq {$domain} {$qualify_domain}}} {1} {0}}
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- file_transport = address_file
-
-begin transports
-
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-#spamcheck:
-# debug_print = "T: spamassassin_pipe for $local_part@$domain"
-# driver = pipe
-# command = /usr/sbin/exim4 -oMr spam-scanned -bS
-# use_bsmtp
-# transport_filter = /usr/bin/spamc -d 192.168.3.50 -p 783
-# home_directory = "/tmp"
-# current_directory = "/tmp"
-# user = Debian-exim
-# group = Debian-exim
-# return_fail_output
-# headers_remove = X-Spam-Flag : X-Spam-Status : X-Spam-Level : X-Spam-Scanned
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- envelope_to_add = true
- return_path_add = true
- check_string = ""
- escape_string = ""
- maildir_format
-
-virtual_local:
- driver = appendfile
- directory = PGSQL_VIRTUAL_LOCAL_DIR
- maildir_format
- user = Debian-exim
- group = Debian-exim
- mode = 0666
- directory_mode = 0700
- maildir_use_size_file
-# quota = PGSQL_VIRTUAL_LOCAL_QUOTA
-# quota_filecount = PGSQL_VIRTUAL_LOCAL_QFILE
- maildir_quota_directory_regex = ^(?:cur|new|\..*)$
-# quota_update = PGSQL_VIRTUAL_LOCAL_UP_QUOTA
-# quota_warn_threshold = PGSQL_VIRTUAL_LOCAL_Q_WARN%
-# quota_warn_message = "\
-# To: $local_part@$domain\n\
-# Subject: Important Votre Boite Mail\n\n\
-# Votre seuil d'alerte est atteint.\n \
-# Une fois que votre limire sera atteinte \
-# tout nouveau message sera sauvegard\xE9 pendant jours tant\n \
-# que vous n'aurez pas augment\xE9 votre quota ou supprim\xE9 quelques messages.\n \
-# Pass\xE9 ce d\xE9lais, tout nouveau message \xE0 votre intention sera \
-# automatiquement retourn\xE9 \xE0 son exp\xE9diteur.\n\n \
-# Cordialement\n \
-# Votre gestionnaire de courier"
-#list_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-
-#list_master_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-#
-#list_sub_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action subscribe ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_unsub_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action unsubscribe ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_info_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action info ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-#list_confirm_transport:
-# driver = pipe
-# command = LISTENGINE_QUEUE action confirm ${lc:$local_part}_${lc:$domain}
-# current_directory = LISTENGINE_HOME
-# home_directory = LISTENGINE_HOME
-# user = LISTENGINE_UID
-# group = LISTENGINE_GID
-
-begin retry
-
-* quota_7d
-* quota F,2h,15m; F,3d,1h
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-begin rewrite
-
-*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail} Ffrs
-
-*@+local_domains "${if exists {CONFDIR/email-addresses}\
- {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
- {$value}fail}}fail}" Ffrs
-
-begin authenticators
-
- plain_server:
- driver = plaintext
- public_name = PLAIN
- server_condition = ${if and {{!eq{$2}{}}{!eq{$3}{}}{eq {$3} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$2}' and domain = '${domain:$2}'} {$value}fail}}}}{1}{0}}
- server_set_id = $2
- server_prompts = :
-
- login_server:
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ${if and {{!eq{$1}{}}{!eq{$2}{}}{eq {$2} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$1}' and domain = '${domain:$1}'} {$value}fail}}}}{1}{0}}
- server_set_id = $1
-
Deleted: trunk/vhffs-doc/config/exim4-mx1/exim4.conf.template
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/exim4.conf.template 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/exim4.conf.template 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,1289 +0,0 @@
-#####################################################
-### main/01_exim4-config_listmacrosdefs
-#####################################################
-
-######################################################################
-# Runtime configuration file for Exim #
-######################################################################
-
-######################################################################
-# MAIN CONFIGURATION SETTINGS #
-######################################################################
-
-# Just for reference and scripts, on debian, the main binary is
-# installed as exim4
-exim_path = /usr/sbin/exim4
-
-# Macro defining the main configuration directory, we use no abolute
-# paths.
-CONFDIR = /etc/exim4
-
-# Define a macro DC_minimaldns if dc_minimaldns=true, to use in
-# .ifdef-statements otherwise this expands to an empty line
-DEBCONFminimaldnsDEBCONF
-
-# The next three settings create two lists of domains and one list of hosts.
-# These lists are referred to later in this configuration using the syntax
-# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
-# are all colon-separated lists:
-
-# '@' refers to 'the name of the local host'
-
-### EXPANSION-begins ######################
-domainlist local_domains = DEBCONFlocal_domainsDEBCONF
-
-domainlist relay_to_domains = DEBCONFrelay_domainsDEBCONF
-
-hostlist relay_from_hosts = 127.0.0.1 : ::::1 : DEBCONFrelay_netsDEBCONF
-
-
-# Specify the domain you want to be added to all unqualified addresses
-# here. An unqualified address is one that does not contain an "@" character
-# followed by a domain. For example, "caesar@rome.example" is a fully qualified
-# address, but the string "caesar" (i.e. just a login name) is an unqualified
-# email address. Unqualified addresses are accepted only from local callers by
-# default. See the recipient_unqualified_hosts option if you want to permit
-# unqualified addresses from remote sources. If this option is not set, the
-# primary_hostname value is used for qualification.
-qualify_domain = DEBCONFvisiblenameDEBCONF
-
-# only used for satellite-system
-.ifndef DCreadhost
-DCreadhost = DEBCONFreadhostDEBCONF
-.endif
-
-#for satellite and smarthost-systems
-.ifndef DCsmarthost
-DCsmarthost = DEBCONFsmarthostDEBCONF
-.endif
-
-# listen on all all interfaces?
-DEBCONFlistenonpublicDEBCONF
-### EXPANSION-ends ######################
-
-# The default transport, set in /etc/exim4/update-exim4.conf.conf. See
-# CONFDIR/conf.d/transport/ for possibilities
-LOCAL_DELIVERY=DEBCONFlocaldeliveryDEBCONF
-
-# The gecos field in /etc/passwd holds not only the name. see passwd(5).
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-
-# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this
-# for .ifdef ... .endif
-DCconfig_DEBCONFconfigtypeDEBCONF = 1
-#####################################################
-### end main/01_exim4-config_listmacrosdefs
-#####################################################
-#####################################################
-### main/02_exim4-config_options
-#####################################################
-
-### main/02_exim4-config_options
-#################################
-
-# This option defines the access control list that is run when an
-# SMTP RCPT command is received.
-#
-acl_smtp_rcpt = acl_check_rcpt
-
-# This option defines the access control list that is run when an
-# SMTP DATA command is received.
-#
-acl_smtp_data = acl_check_data
-
-# Define a message size limit. You can either change it here, or set the
-# MESSAGE_SIZE_LIMIT macro. The default (used when MESSAGE_SIZE_LIMIT
-# is unset and/or message_size_limit is unset) is 50 MB
-.ifdef MESSAGE_SIZE_LIMIT
-message_size_limit = MESSAGE_SIZE_LIMIT
-.endif
-
-# If you want unqualified recipient addresses to be qualified with a different
-# domain to unqualified sender addresses, specify the recipient domain here.
-# If this option is not set, the qualify_domain value is used.
-#
-# qualify_recipient =
-
-# The following line must be uncommented if you want Exim to recognize
-# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
-# (an IP address) instead of a named domain. The RFCs still require this form,
-# but it makes little sense to permit mail to be sent to specific hosts by
-# their IP address in the modern Internet. This ancient format has been used
-# by those seeking to abuse hosts by using them for unwanted relaying. If you
-# really do want to support domain literals, uncomment the following line, and
-# see also the "domain_literal" router.
-#
-# allow_domain_literals
-
-.ifndef DC_minimaldns
-# The setting below causes Exim to do a reverse DNS lookup on all incoming
-# IP calls, in order to get the true host name. If you feel this is too
-# expensive, you can specify the networks for which a lookup is done, or
-# remove the setting entirely.
-#
-host_lookup = *
-.endif
-
-# For minimaldns try to guess the primary_hostname only once at startup, when
-# running update-exim4.conf
-DEBCONF_hardcode_primary_hostname_DEBCONF
-
-# The settings below, which are actually the same as the defaults in the
-# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
-# calls. You can limit the hosts to which these calls are made, and/or change
-# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
-# are disabled. RFC 1413 calls are cheap and can provide useful information
-# for tracing problem messages, but some hosts and firewalls have problems
-# with them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up an SMTP session.
-#
-rfc1413_hosts = *
-rfc1413_query_timeout = 30s
-
-# By default, exim forces a Sender: header containing the local
-# account name at the local host name in all locally submitted messages
-# that don't have the local account name at the local host name in the
-# From: header, deletes any Sender: header present in the submitted
-# message and forces the envelope sender of all locally submitted
-# messages to the local account name at the local host name.
-# The following settings allow local users to specify their own envelope sender
-# in a locally submitted message. Sender: headers existing in a locally
-# submitted message are not removed, and no automatic Sender: headers
-# are added. These settings are fine for most hosts.
-# If you run exim on a classical multi-user systems where all users
-# have local mailboxes that can be reached via SMTP from the Internet
-# with the local FQDN as the domain part of the address, you might want
-# to disable the following three lines for traceability reasons.
-local_from_check = false
-local_sender_retain = true
-untrusted_set_sender = *
-
-# By default, Exim expects all envelope addresses to be fully qualified, that
-# is, they must contain both a local part and a domain. If you want to accept
-# unqualified addresses (just a local part) from certain hosts, you can specify
-# these hosts by setting one or both of
-#
-# sender_unqualified_hosts =
-# recipient_unqualified_hosts =
-#
-# to control sender and recipient addresses, respectively. When this is done,
-# unqualified addresses are qualified using the settings of qualify_domain
-# and/or qualify_recipient (see above).
-
-# If you want Exim to support the "percent hack" for certain domains,
-# uncomment the following line and provide a list of domains. The "percent
-# hack" is the feature by which mail addressed to x%y@z (where z is one of
-# the domains listed) is locally rerouted to x@y and sent on. If z is not one
-# of the "percent hack" domains, x%y is treated as an ordinary local part. This
-# hack is rarely needed nowadays; you should not enable it unless you are sure
-# that you really need it.
-#
-# percent_hack_domains =
-
-# When Exim can neither deliver a message nor return it to sender, it "freezes"
-# the delivery error message (aka "bounce message"). There are also other
-# circumstances in which messages get frozen. They will stay on the queue for
-# ever unless one of the following options is set.
-
-# This option unfreezes frozen bounce messages after two days, tries
-# once more to deliver them, and ignores any delivery failures.
-#
-ignore_bounce_errors_after = 2d
-
-# This option cancels (removes) frozen messages that are older than a week.
-#
-timeout_frozen_after = 7d
-
-freeze_tell = postmaster
-
-# Only for interacting with other packages, to make it possible to use
-# -DSPOOLDIR to override it on the command line
-.ifndef SPOOLDIR
-SPOOLDIR = /var/spool/exim4
-.endif
-spool_directory = SPOOLDIR
-
-# uucp should be able to set envelope-from to arbitrary values
-trusted_users = uucp
-
-# uncomment this to get the Debian version in the SMTP dialog
-# smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}"
-
-#####################################################
-### end main/02_exim4-config_options
-#####################################################
-#####################################################
-### main/03_exim4-config_tlsoptions
-#####################################################
-# Example for TLS/SSL configuration.
-
-# See /usr/share/doc/exim4-base/README.TLS* for explanations.
-
-# Defines that you want to log what cipher your exim and the peer's mailer
-# uses to encrypt the transaction. It also defines you want to log the 'DN'
-# (Distinguished Name) of the certificate of the peer.
-#
-# log_selector = +tls_cipher +tls_peerdn
-
-# Defines what hosts to 'advertise' STARTTLS functionality to. Setting this
-# to * will advertise to all hosts that connect with EHLO, and this is a
-# good default
-#
-# tls_advertise_hosts = *
-
-# Defines where your SSL-certificate and SSL-Private Key are located.
-# This requires a full path. The files pointed to must be kept 'secret'
-# and should be owned my root.Debian-exim mode 640 (-rw-r-----). Usually the
-# exim-gencert script takes care of these prerequisites.
-#
-# tls_certificate = CONFDIR/exim.crt
-# tls_privatekey = CONFDIR/exim.key
-
-# A file which contains the certificates of the trusted CAs (Certification
-# Authorities) against which host certificates can be checked (through the
-# `tls_verify_hosts' and `tls_try_verify_hosts' lists below).
-# /etc/ssl/certs/ca-certificates.crt is generated by
-# the "ca-certificates" package's update-ca-certificates(8) command.
-#
-#tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
-
-# A list of hosts which are constrained by `tls_verify_certificates'. A host
-# that matches `tls_verify_host' must present a certificate that's
-# verifyable through `tls_verify_certificates' in order to be accepted as an
-# SMTP client. If it does not, the connection is aborted.
-#
-#tls_verify_hosts =
-
-# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
-# not `tls_verify_hosts'), request a certificate and check it against
-# `tls_verify_certificates' but do not abort the connection if there is no
-# certificate or if the certificate presented does not match. (This
-# condition can be tested for in ACLs through `verify = certificate')
-#
-#tls_try_verify_hosts = *
-#####################################################
-### end main/03_exim4-config_tlsoptions
-#####################################################
-#####################################################
-### acl/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ACL CONFIGURATION #
-# Specifies access control lists for incoming SMTP mail #
-######################################################################
-begin acl
-
-
-#####################################################
-### end acl/00_exim4-config_header
-#####################################################
-#####################################################
-### acl/20_exim4-config_whitelist_local_deny
-#####################################################
-# This access control list is used to determine whitelisted senders and
-# hosts. It checks for CONFDIR/local_host_whitelist and
-# CONFDIR/local_sender_whitelist.
-#
-# It is meant to be used from some other acl entry.
-#
-# For example,
-# deny message = local blacklist example
-# !acl = acl_whitelist
-# dnslist = some.dns.list.example
-# will allow messages with envelope sender listed in local_sender_whitelist
-# or messages coming in from hosts listed in local_host_whitelist to be
-# accepted even if the delivering host is listed in the dns list.
-#
-# Whitelisting can also be configured by including negative items in the
-# black list. See /usr/share/doc/exim4-config/default_acl for details.
-#
-# If the files do not exist, the white list never matches, which is
-# the desired behaviour.
-
-acl_whitelist_local_deny:
- accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
- accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
- {}}
-
-
-#####################################################
-### end acl/20_exim4-config_whitelist_local_deny
-#####################################################
-#####################################################
-### acl/30_exim4-config_check_rcpt
-#####################################################
-# This access control list is used for every RCPT command in an incoming
-# SMTP message. The tests are run in order until the address is either
-# accepted or denied.
-#
-acl_check_rcpt:
- # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
- # testing for an empty sending host field.
- accept hosts = :
-
- # The following section of the ACL is concerned with local parts that contain
- # @ or % or ! or / or | or dots in unusual places.
- #
- # The characters other than dots are rarely found in genuine local parts, but
- # are often tried by people looking to circumvent relaying restrictions.
- # Therefore, although they are valid in local parts, these rules lock them
- # out, as a precaution.
- #
- # Empty components (two dots in a row) are not valid in RFC 2822, but Exim
- # allows them because they have been encountered. (Consider local parts
- # constructed as "firstinitial.secondinitial.familyname" when applied to
- # someone like me, who has no second initial.) However, a local part starting
- # with a dot or containing /../ can cause trouble if it is used as part of a
- # file name (e.g. for a mailing list). This is also true for local parts that
- # contain slashes. A pipe symbol can also be troublesome if the local part is
- # incorporated unthinkingly into a shell command line.
- #
- # Two different rules are used. The first one is stricter, and is applied to
- # messages that are addressed to one of the local domains handled by this
- # host. It blocks local parts that begin with a dot or contain @ % ! / or |.
- # If you have local accounts that include these characters, you will have to
- # modify this rule.
- deny domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- message = restricted characters in address
-
- # The second rule applies to all other domains, and is less strict. This
- # allows your own users to send outgoing messages to sites that use slashes
- # and vertical bars in their local parts. It blocks local parts that begin
- # with a dot, slash, or vertical bar, but allows these characters within the
- # local part. However, the sequence /../ is barred. The use of @ % and ! is
- # blocked, as before. The motivation here is to prevent your users (or
- # your users' viruses) from mounting certain kinds of attack on remote sites.
-
- deny domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- message = restricted characters in address
-
- # Accept mail to postmaster in any local domain, regardless of the source,
- # and without verifying the sender.
- #
- accept local_parts = postmaster
- domains = +local_domains
-
- # deny bad senders (envelope sender)
- # CONFDIR/local_sender_blacklist holds a list of envelope senders that
- # should have their access denied to the local host. Incoming messages
- # with one of these senders are rejected at RCPT time.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See /usr/share/doc/exim4-config/default_acl for details.
- deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-
- # deny bad sites (IP address)
- # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
- # and networks (CIDR notation) that should have their access denied to
- # The local host. Messages coming in from a listed host will have all
- # RCPT statements rejected.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See /usr/share/doc/exim4-config/default_acl for details.
- deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
- {CONFDIR/local_host_blacklist}\
- {}}
-
-
- # Deny unless the sender address can be verified.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable the following line.
- # deny message = Sender verification failed
- # !acl = acl_whitelist_local_deny
- # !verify = sender
-
- # Warn if the sender host does not have valid reverse DNS.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable the following lines.
- # warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
- # !verify = reverse_host_lookup
-
-
- #############################################################################
- # There are no checks on DNS "black" lists because the domains that contain
- # these lists are changing all the time. You can find examples of
- # how to use dnslists in /usr/share/doc/exim4-config/examples/acl
- #############################################################################
-
- # Accept if the address is in a local domain, but only if the recipient can
- # be verified. Otherwise deny. The "endpass" line is the border between
- # passing on to the next ACL statement (if tests above it fail) or denying
- # access (if tests below it fail).
- #
- accept domains = +local_domains
- endpass
- message = unknown user
- verify = recipient
-
- # Accept if the address is in a domain for which we are relaying, but again,
- # only if the recipient can be verified.
- #
- accept domains = +relay_to_domains
- endpass
- message = unrouteable address
- verify = recipient
-
- # If control reaches this point, the domain is neither in +local_domains
- # nor in +relay_to_domains.
-
- # Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. Recipient verification is omitted here, because in many
- # cases the clients are dumb MUAs that don't cope well with SMTP error
- # responses. If you are actually relaying out from MTAs, you should probably
- # add recipient verification here.
- #
- accept hosts = +relay_from_hosts
-
- # Accept if the message arrived over an authenticated connection, from
- # any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted.
- #
- accept authenticated = *
-
- # Reaching the end of the ACL causes a "deny", but we might as well give
- # an explicit message.
- #
- deny message = relay not permitted
-
-
-
-#####################################################
-### end acl/30_exim4-config_check_rcpt
-#####################################################
-#####################################################
-### acl/40_exim4-config_check_data
-#####################################################
-# 40_exim4-config_check_data
-
-acl_check_data:
- # Add Message-ID if missing
- warn condition = ${if !def:h_Message-ID: {1}}
- hosts = +relay_from_hosts
- message = Message-ID: <E$message_id@$primary_hostname>
-
- # Deny unless the address list headers are syntactically correct.
- #
- # This is disabled by default because it might reject legitimate mail.
- # If you want your system to insist on syntactically valid address
- # headers, you might want to enable the following lines.
- # deny message = Message headers fail syntax check
- # !acl = acl_whitelist_local_deny
- # !verify = header_syntax
-
- # require that there is a verifiable sender address in at least
- # one of the "Sender:", "Reply-To:", or "From:" header lines.
- # deny message = No verifiable sender address in message headers
- # !acl = acl_whitelist_local_deny
- # !verify = header_sender
-
- # accept otherwise
- accept
-#####################################################
-### end acl/40_exim4-config_check_data
-#####################################################
-#####################################################
-### router/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ROUTERS CONFIGURATION #
-# Specifies how addresses are handled #
-######################################################################
-# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
-# An address is passed to each router in turn until it is accepted. #
-######################################################################
-
-begin routers
-
-#####################################################
-### end router/00_exim4-config_header
-#####################################################
-#####################################################
-### router/100_exim4-config_domain_literal
-#####################################################
-
-# This router routes to remote hosts over SMTP by explicit IP address,
-# when an email address is given in "domain literal" form, for example,
-# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
-# little-known these days, and has been exploited by evil people seeking
-# to abuse SMTP relays. Consequently it is commented out in the default
-# configuration. If you uncomment this router, you also need to uncomment
-# allow_domain_literals above, so that Exim can recognize the syntax of
-# domain literal addresses.
-
-# domain_literal:
-# debug_print = "R: domain_literal for $local_part@$domain"
-# driver = ipliteral
-# domains = ! +local_domains
-# transport = remote_smtp
-
-#####################################################
-### end router/100_exim4-config_domain_literal
-#####################################################
-#####################################################
-### router/150_exim4-config_hubbed_hosts
-#####################################################
-
-# router/150_exim4-config_hubbed_hosts
-#################################
-
-# route specific domains manually.
-#
-# The most common application of this router is to handle relaying to nonlocal
-# domains that the local host is primary MX for. That means that local
-# information needs to be present for a domain to be handled correctly.
-#
-# That information is put into the optional file /etc/exim4/hubbed_hosts
-# which contains key-value pairs of domain pattern and route data.
-#
-# foo.example: internal.mail.example.com
-# bar.example: 192.168.183.3
-#
-# will cause mail for foo.example to be sent to the host
-# internal.mail.example (IP address derived from A record only), and
-# mail to bar.example to be sent to 192.168.183.3.
-#
-# If the file /etc/exim4/hubbed_hosts does not exist, this router is a
-# no-op.
-
-hubbed_hosts:
- debug_print = "R: hubbed_hosts for $domain"
- driver = manualroute
- domains = "${if exists{CONFDIR/hubbed_hosts}\
- {partial-lsearch;CONFDIR/hubbed_hosts}\
- fail}"
- route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
- transport = remote_smtp
-#####################################################
-### end router/150_exim4-config_hubbed_hosts
-#####################################################
-#####################################################
-### router/200_exim4-config_primary
-#####################################################
-
-### router/200_exim4-config_primary
-#################################
-# This file holds the primary router, responsible for nonlocal mails
-
-.ifdef DCconfig_internet
-# configtype=internet
-#
-# deliver mail to the recipient if recipient domain is a domain we
-# relay for. We do not ignore any target hosts here since delivering to
-# a site local or even a link local address might be wanted here, and if
-# such an address has found its way into the MX record of such a domain,
-# the local admin is probably in a place where that broken MX record
-# could be fixed.
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-# deliver mail directly to the recipient. This router is only reached
-# for domains that we do not relay for. Since we most probably can't
-# have broken MX records pointing to site local or link local IP
-# addresses fixed, we ignore target hosts pointing to these addresses.
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- # ignore private rfc1918 and APIPA addresses
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
- no_more
-
-.endif
-
-
-.ifdef DCconfig_local
-# configtype=local
-#
-# Stand-alone system, so generate an error for mail to a non-local domain
-nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
-.endif
-
-
-.ifdef DCconfig_smarthost DCconfig_satellite
-# configtype=smarthost or configtype=satellite
-#
-# Send all non-local mail to a single other machine (smarthost).
-#
-# This means _ALL_ non-local mail goes to the smarthost. This will most
-# probably not do what you want for domains that are listed in
-# relay_domains. The most typical use for relay_domains is to control
-# relaying for incoming e-mail on secondary MX hosts. In that case,
-# it doesn't make sense to send the mail to the smarthost since the
-# smarthost will probably send the message right back here, causing a
-# loop.
-#
-# If you want to use a smarthost while being secondary MX for some
-# domains, you'll need to copy the dnslookup_relay_to_domains router
-# here so that mail to relay_domains is handled separately.
-
-smarthost:
- debug_print = "R: smarthost for $local_part@$domain"
- driver = manualroute
- domains = ! +local_domains
- transport = remote_smtp_smarthost
- route_list = * DCsmarthost byname
- host_find_failed = defer
- same_domain_copy_routing = yes
- no_more
-
-.endif
-
-
-# The "no_more" above means that all later routers are for
-# domains in the local_domains list, i.e. just like Exim 3 directors.
-#####################################################
-### end router/200_exim4-config_primary
-#####################################################
-#####################################################
-### router/300_exim4-config_real_local
-#####################################################
-
-real_local:
- debug_print = "R: real_local for $local_part@$domain"
- driver = accept
- domains = +local_domains
- local_part_prefix = real-
- check_local_user
- transport = LOCAL_DELIVERY
-
-#####################################################
-### end router/300_exim4-config_real_local
-#####################################################
-#####################################################
-### router/400_exim4-config_system_aliases
-#####################################################
-
-# This router handles aliasing using a traditional /etc/aliases file.
-#
-##### NB You must ensure that /etc/aliases exists. It used to be the case
-##### NB that every Unix had that file, because it was the Sendmail default.
-##### NB These days, there are systems that don't have it. Your aliases
-##### NB file should at least contain an alias for "postmaster".
-#
-# Piping to programs in /etc/aliases is disabled per default.
-# If that is a problem for you, see
-# /usr/share/doc/exim4-config/README.system_aliases
-# or explanation and some workarounds.
-#
-# Note that the transports listed below are the same as are used for
-# .forward files; you might want to set up different ones for pipe and
-# file deliveries from aliases.
-
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
-# user = list
-# group = mail
- file_transport = address_file
-# pipe_transport = address_pipe
-# directory_transport = address_directory
-#####################################################
-### end router/400_exim4-config_system_aliases
-#####################################################
-#####################################################
-### router/500_exim4-config_hubuser
-#####################################################
-
-### router/500_exim4-config_hubuser
-#################################
-
-.ifdef DCconfig_satellite
-# This router is only used for configtype=satellite.
-# It takes care to route all mail targetted to <somelocaluser@this.machine>
-# to the host where we read our mail
-#
-hub_user:
- debug_print = "R: hub_user for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = ${local_part}@DCreadhost
- check_local_user
-
-.endif
-
-
-#####################################################
-### end router/500_exim4-config_hubuser
-#####################################################
-#####################################################
-### router/600_exim4-config_userforward
-#####################################################
-
-# router/600_exim4-config_userforward
-#################################
-
-# This router handles forwarding using traditional .forward files in users'
-# home directories and filtering with exim's builtin filter language.
-#
-# The no_verify setting means that this router is skipped when Exim is
-# verifying addresses. Similarly, no_expn means that this router is skipped if
-# Exim is processing an EXPN command.
-#
-# The check_ancestor option means that if the forward file generates an
-# address that is an ancestor of the current one, the current one gets
-# passed on instead. This covers the case where A is aliased to B and B
-# has a .forward file pointing to A.
-#
-# The four transports specified at the end are those that are used when
-# forwarding generates a direct delivery to a directory, or a file, or to a
-# pipe, or sets up an auto-reply, respectively.
-#
-userforward:
- debug_print = "R: userforward for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- check_local_user
- file = $home/.forward
- no_verify
- no_expn
- check_ancestor
- allow_filter
- directory_transport = address_directory
- file_transport = address_file
- pipe_transport = address_pipe
- reply_transport = address_reply
- skip_syntax_errors
- syntax_errors_to = real-$local_part@$domain
- syntax_errors_text = \
- This is an automatically generated message. An error has\n\
- been found in your .forward file. Details of the error are\n\
- reported below. While this error persists, you will receive\n\
- a copy of this message for every message that is addressed\n\
- to you. If your .forward file is a filter file, or if it is\n\
- a non-filter file containing no valid forwarding addresses,\n\
- a copy of each incoming message will be put in your normal\n\
- mailbox. If a non-filter file contains at least one valid\n\
- forwarding address, forwarding to the valid addresses will\n\
- happen, and those will be the only deliveries that occur.
-
-#####################################################
-### end router/600_exim4-config_userforward
-#####################################################
-#####################################################
-### router/700_exim4-config_procmail
-#####################################################
-
-procmail:
- debug_print = "R: procmail for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = procmail_pipe
- # emulate OR with "if exists"-expansion
- require_files = ${local_part}:\
- ${if exists{/etc/procmailrc}\
- {/etc/procmailrc}{${home}/.procmailrc}}:\
- +/usr/bin/procmail
- no_verify
- no_expn
-
-#####################################################
-### end router/700_exim4-config_procmail
-#####################################################
-#####################################################
-### router/800_exim4-config_maildrop
-#####################################################
-
-### router/800_exim4-config_maildrop
-#################################
-
-maildrop:
- debug_print = "R: maildrop for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = maildrop_pipe
- require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
- no_verify
- no_expn
-
-#####################################################
-### end router/800_exim4-config_maildrop
-#####################################################
-#####################################################
-### router/900_exim4-config_local_user
-#####################################################
-
-### router/900_exim4-config_local_user
-#################################
-
-local_user:
- debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- local_parts = ! root
- transport = LOCAL_DELIVERY
-
-
-
-#####################################################
-### end router/900_exim4-config_local_user
-#####################################################
-#####################################################
-### router/mmm_mail4root
-#####################################################
-
-### router/mmm_mail4root
-#################################
-# deliver mail addressed to root to /var/mail/mail as user mail:mail
-# if it was not redirected in /etc/aliases or by other means
-# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
-
-mail4root:
- debug_print = "R: mail4root for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = /var/mail/mail
- file_transport = address_file
- local_parts = root
- user = mail
- group = mail
-
-#####################################################
-### end router/mmm_mail4root
-#####################################################
-#####################################################
-### transport/00_exim4-config_header
-#####################################################
-
-######################################################################
-# TRANSPORTS CONFIGURATION #
-######################################################################
-# ORDER DOES NOT MATTER #
-# Only one appropriate transport is called for each delivery. #
-######################################################################
-
-# A transport is used only when referenced from a router that successfully
-# handles an address.
-
-begin transports
-
-#####################################################
-### end transport/00_exim4-config_header
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_file
-#####################################################
-
-# This transport is used for handling deliveries directly to files that are
-# generated by aliasing or forwarding.
-#
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-#####################################################
-### end transport/30_exim4-config_address_file
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_pipe
-#####################################################
-
-# This transport is used for handling pipe deliveries generated by alias or
-# .forward files. If the commands fails and produces any output on standard
-# output or standard error streams, the output is returned to the sender
-# of the message as a delivery error.
-# You can set different transports for aliases and forwards if you want to
-# - see the references to address_pipe in the routers section above.
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-#####################################################
-### end transport/30_exim4-config_address_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_reply
-#####################################################
-
-# This transport is used for handling autoreplies generated by the filtering
-# option of the userforward router.
-#
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-#####################################################
-### end transport/30_exim4-config_address_reply
-#####################################################
-#####################################################
-### transport/30_exim4-config_mail_spool
-#####################################################
-
-### transport/30_exim4-config_mail_spool
-
-# This transport is used for local delivery to user mailboxes in traditional
-# BSD mailbox format.
-#
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-#####################################################
-### end transport/30_exim4-config_mail_spool
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildir_home
-#####################################################
-
-### transport/30_exim4-config_maildir_home
-
-# Use this instead of mail_spool if you want to to deliver to Maildir in
-# home-directory - change the definition of LOCAL_DELIVERY
-#
-maildir_home:
- debug_print = "T: maildir_home for $local_part@$domain"
- driver = appendfile
- directory = $home/Maildir
- delivery_date_add
- envelope_to_add
- return_path_add
- maildir_format
- mode = 0600
- mode_fail_narrower = false
-
-#####################################################
-### end transport/30_exim4-config_maildir_home
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildrop_pipe
-#####################################################
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_maildrop_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_procmail_pipe
-#####################################################
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_procmail_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp
-#####################################################
-
-### transport/30_exim4-config_remote_smtp
-#################################
-# This transport is used for delivering messages over SMTP connections.
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-#####################################################
-### end transport/30_exim4-config_remote_smtp
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-
-### transport/30_exim4-config_remote_smtp_smarthost
-#################################
-
-# This transport is used for delivering messages over SMTP connections
-# to a smarthost. The local host tries to authenticate and does some
-# modification in headers and return-path.
-# This transport is used for smarthost and satellite configurations.
-
-remote_smtp_smarthost:
- debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
- driver = smtp
- hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
- tls_tempfail_tryclear = false
- DEBCONFheaders_rewriteDEBCONF
- DEBCONFreturn_pathDEBCONF
-#####################################################
-### end transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-#####################################################
-### transport/35_exim4-config_address_directory
-#####################################################
-# This transport is used for handling file addresses generated by alias
-# or .forward files if the path ends in "/", which causes it to be treated
-# as a directory name rather than a file name.
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- envelope_to_add = true
- return_path_add = true
- check_string = ""
- escape_string = ""
- maildir_format
-
-#####################################################
-### end transport/35_exim4-config_address_directory
-#####################################################
-#####################################################
-### retry/00_exim4-config_header
-#####################################################
-
-######################################################################
-# RETRY CONFIGURATION #
-######################################################################
-
-begin retry
-
-#####################################################
-### end retry/00_exim4-config_header
-#####################################################
-#####################################################
-### retry/30_exim4-config
-#####################################################
-
-# This single retry rule applies to all domains and all errors. It specifies
-# retries every 15 minutes for 2 hours, then increasing retry intervals,
-# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
-# hours, then retries every 6 hours until 4 days have passed since the first
-# failed delivery.
-
-# Please note that these rules only limit the frequenzy of retries, the
-# effective retry-time depends on the frequenzy of queue-running, too.
-# See QUEUEINTERVAL in /etc/default/exim4.
-
-# Domain Error Retries
-# ------ ----- -------
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-
-
-#####################################################
-### end retry/30_exim4-config
-#####################################################
-#####################################################
-### rewrite/00_exim4-config_header
-#####################################################
-
-######################################################################
-# REWRITE CONFIGURATION #
-######################################################################
-
-begin rewrite
-
-#####################################################
-### end rewrite/00_exim4-config_header
-#####################################################
-#####################################################
-### rewrite/31_exim4-config_rewriting
-#####################################################
-
-### rewrite/31_exim4-config_rewriting
-#################################
-
-# This rewriting rule is particularily useful for dialup users who
-# don't have their own domain, but could be useful for anyone.
-# It looks up the real address of all local users in a file
-*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail} Ffrs
-
-# The same as above, using outdated /etc/exim4/email-addresses, please
-# move its contents to /etc/email-addresses and delete
-# /etc/exim4/email-addresses
-*@+local_domains "${if exists {CONFDIR/email-addresses}\
- {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
- {$value}fail}}fail}" Ffrs
-
-
-#####################################################
-### end rewrite/31_exim4-config_rewriting
-#####################################################
-#####################################################
-### auth/00_exim4-config_header
-#####################################################
-
-######################################################################
-# AUTHENTICATION CONFIGURATION #
-######################################################################
-
-begin authenticators
-
-
-#####################################################
-### end auth/00_exim4-config_header
-#####################################################
-#####################################################
-### auth/30_exim4-config_examples
-#####################################################
-
-### auth/30_exim4-config_examples
-#################################
-
-# The examples below are for server side authentication; they allow two
-# styles of plain-text authentication against an CONFDIR/passwd file
-# which should have user names in the first column and crypted passwords
-# in the second. The columns need to be separated by ':'. For CRAM-MD5
-# exim needs access to the UNECRYPTED passwd - the example below assumes
-# it is available in the third column of CONFDIR/passwd
-
-# plain_server:
-# driver = plaintext
-# public_name = PLAIN
-# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $2
-# server_prompts = :
-#
-# login_server:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = "Username:: : Password::"
-# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $1
-#
-# cram_md5_server:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}fail}}}
-# server_set_id = $1
-
-# Here is an example of CRAM-MD5 authentication against PostgreSQL:
-#
-# psqldb_auth:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$1}'}{$value}fail}
-# server_set_id = $1
-
-# Authenticate against local passwords using sasl2-bin
-# Requires exim_uid to be a member of sasl group, see README.SMTP-AUTH
-# plain_saslauthd:
-# driver = plaintext
-# public_name = PLAIN
-# # don't send system passwords over unencrypted connections
-# server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
-# server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
-# server_set_id = $2
-# server_prompts = :
-#
-# login_saslauthd:
-# driver = plaintext
-# public_name = LOGIN
-# # don't send system passwords over unencrypted connections
-# server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
-# server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
-# server_set_id = $1
-
-##############
-# See /usr/share/doc/exim4-base/README.SMTP-AUTH
-##############
-
-# These examples below are the equivalent for client side authentication.
-# They get the passwords from CONFDIR/passwd.client. This file should have
-# three columns separated by colons, the first contains the name of the
-# mailserver to authenticate against, the second the username and the third
-# contains the password.
-
-### # example for CONFDIR/passwd.client
-### mail.server:blah:secret
-### # default entry:
-### *:bar:foo
-
-cram_md5:
- driver = cram_md5
- public_name = CRAM-MD5
- client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
- client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
-
-# Because AUTH PLAIN sends the password in clear, per default we only allow it
-# over encrypted connections. If you want to change this disable the existing
-# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
-# by removing the hash-mark (#) at the beginning of the line.
-plain:
- driver = plaintext
- public_name = PLAIN
- client_send = "${if !eq{$tls_cipher}{}{\
- ^${extract{1}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
- ^${extract{2}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
- }fail}"
-# client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-
-# Because AUTH LOGIN sends the password in clear, per default we only allow it
-# over encrypted connections. If you want to change this disable the existing
-# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
-# by removing the hash-mark (#) at the beginning of the line.
-login:
- driver = plaintext
- public_name = LOGIN
- client_send = "${if !eq{$tls_cipher}{}{}fail}\
- : ${extract{1}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
- : ${extract{2}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-# client_send = ": ${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} : ${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-
-
-
-#####################################################
-### end auth/30_exim4-config_examples
-#####################################################
Deleted: trunk/vhffs-doc/config/exim4-mx1/host
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/host 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/host 2007-07-03 14:39:58 UTC (rev 654)
@@ -1 +0,0 @@
-#empty file
Deleted: trunk/vhffs-doc/config/exim4-mx1/passwd.client
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/passwd.client 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/passwd.client 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,7 +0,0 @@
-### CONFDIR/passwd.client
-#
-# Format:
-#targetmailserver.example:login:password
-#
-# default entry:
-### *:bar:foo
Deleted: trunk/vhffs-doc/config/exim4-mx1/update-exim4.conf.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx1/update-exim4.conf.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx1/update-exim4.conf.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,16 +0,0 @@
-# /etc/exim4/update-exim4.conf.conf
-#
-# Edit this file and /etc/mailname by hand and execute update-exim4.conf
-# yourself or use 'dpkg-reconfigure exim4-config'
-
-dc_eximconfig_configtype='internet'
-dc_other_hostnames=''
-dc_local_interfaces='127.0.0.1'
-dc_readhost=''
-dc_relay_domains=''
-dc_minimaldns='false'
-dc_relay_nets=''
-dc_smarthost=''
-CFILEMODE='640'
-dc_use_split_config='false'
-dc_hide_mailname=''
Deleted: trunk/vhffs-doc/config/exim4-mx2/exim4.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx2/exim4.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx2/exim4.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,247 +0,0 @@
-hide pgsql_servers = DBHOST/vhffs/vhffs/DBPASS
-RELAY_DOMAINS = ${lookup pgsql{SELECT DISTINCT domain FROM vhffs_mxdomain WHERE domain = '$domain'}}
-RELAY_LIST_DOMAINS = ${lookup pgsql{SELECT domain from vhffs_ml where local_part='$local_part' and domain='$domain'}}
-
-exim_path = /usr/sbin/exim4
-
-CONFDIR = /etc/exim4
-
-domainlist local_domains = localhost:mx2.tuxfamily.net:mx2.tuxfamily.org:mx2.tuxfamily.com
-
-domainlist relay_to_domains = RELAY_DOMAINS:staff.tuxfamily.org:tuxfamily.net:tuxfamily.net:tuxfamily.org:tuxfamily.com
-
-hostlist relay_from_hosts = 127.0.0.1
-
-#av_scanner = clamd:192.168.3.50 7777 stream
-
-qualify_domain = mx2.tuxfamily.net
-
-
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-acl_smtp_rcpt = acl_check_rcpt
-
-#acl_smtp_data = acl_check_data
-
-message_size_limit = 10M
-
-smtp_accept_max = 120
-
-host_lookup = *
-
-primary_hostname = mx2.tuxfamily.net
-
-rfc1413_query_timeout = 0s
-
-ignore_bounce_errors_after = 2d
-
-timeout_frozen_after = 7d
-
-freeze_tell = postmaster
-
-spool_directory = /var/spool/exim4
-
-trusted_users = Debian-exim
-
-smtp_banner = "${primary_hostname} ESMTP Vhffs4 Mailer ${tod_full}"
-
-begin acl
-acl_whitelist_local_deny:
- accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
-accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
-{}}
-
-acl_check_rcpt:
- accept hosts = : 127.0.0.1
-
- deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
-
- !acl = acl_whitelist_local_deny
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
-{CONFDIR/local_host_blacklist}\
- {}}
-
-drop condition = ${if eq{$sender_helo_name}{}{yes}{no}}
-message = \
-HELO/EHLO required by SMTP RFC.\n\
-Bye dude!
-
-accept senders = ${if exists{CONFDIR/whitelist_sender}\
- {CONFDIR/whitelist_sender}\
- {}}
-
-accept hosts = ${if exists{CONFDIR/whitelist_host}\
-{CONFDIR/whitelist_host}\
-{}}
-
-drop !verify = sender/no_details
-message = \
-Unrouteable sender address.\n\
-Bye dude!
-
-drop !verify = sender/callout=45s
-message = \
-Your email address is rejected by your mail server.\n\
-You can't send mail here with a fake address.\n\
-Bye dude!
-
-deny domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-message = restricted characters in address
-
-deny domains = !+local_domains
-local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-message = restricted characters in address
-
-accept local_parts = postmaster
-domains = +local_domains
-warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
-!verify = reverse_host_lookup
-
-
- accept domains = +local_domains
- endpass
- message = unknown user
- verify = recipient
-
- accept domains = +relay_to_domains
- endpass
- message = unrouteable address
- verify = recipient
-
- accept hosts = +relay_from_hosts
-
- accept authenticated = *
-
- deny message = relay not permitted
-
-
-begin routers
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
- no_more
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- condition = ${if or { {eq {$domain} {$primary_hostname}} {eq {$domain} {$qualify_domain}}} {1} {0}}
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- file_transport = address_file
-
-begin transports
-
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- envelope_to_add = true
- return_path_add = true
- check_string = ""
- escape_string = ""
- maildir_format
-
-begin retry
-
-* quota_7d
-* quota F,2h,15m; F,3d,1h
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-begin rewrite
-
-*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail} Ffrs
-
-*@+local_domains "${if exists {CONFDIR/email-addresses}\
- {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
- {$value}fail}}fail}" Ffrs
-
-begin authenticators
-
- plain_server:
- driver = plaintext
- public_name = PLAIN
- server_condition = ${if and {{!eq{$2}{}}{!eq{$3}{}}{eq {$3} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$2}' and domain = '${domain:$2}'} {$value}fail}}}}{1}{0}}
- server_set_id = $2
- server_prompts = :
-
- login_server:
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ${if and {{!eq{$1}{}}{!eq{$2}{}}{eq {$2} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$1}' and domain = '${domain:$1}'} {$value}fail}}}}{1}{0}}
- server_set_id = $1
-
Added: trunk/vhffs-doc/config/exim4-mx2/exim4.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx2/exim4.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx2/exim4.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -0,0 +1,309 @@
+hide pgsql_servers = PGHOST/PGDB/PGUSER/PGPASS
+PGSQL_RELAY_DOMAIN = ${lookup pgsql{SELECT DISTINCT domain FROM vhffs_mxdomain WHERE domain = '$domain'}}
+PGSQL_RELAY_CHECKLOCALPART = ${lookup pgsql{SELECT d.domain FROM vhffs_mxdomain d WHERE d.domain = '$domain' AND (d.catchall != '' OR EXISTS (SELECT domain FROM vhffs_boxes WHERE domain = '$domain' AND local_part = '$local_part') OR EXISTS (SELECT domain FROM vhffs_forward WHERE domain = '$domain' AND local_part = '$local_part') OR EXISTS (SELECT domain FROM vhffs_ml WHERE domain = '$domain' AND (local_part = '$local_part' OR local_part || '-request' = '$local_part')))}}
+
+exim_path = /usr/sbin/exim4
+
+CONFDIR = /etc/exim4
+
+domainlist local_domains = localhost
+
+domainlist relay_to_domains =
+
+domainlist relay_this_domain = PGSQL_RELAY_DOMAIN
+
+hostlist relay_from_hosts = 127.0.0.1
+
+#av_scanner = clamd:192.168.3.50 7777 stream
+
+qualify_domain = mx2.vhffs.org
+
+gecos_pattern = ^([^,:]*)
+gecos_name = $1
+
+acl_smtp_rcpt = acl_check_rcpt
+
+#acl_smtp_data = acl_check_data
+
+message_size_limit = 10M
+
+smtp_accept_max = 120
+
+smtp_accept_queue_per_connection = 100
+
+smtp_load_reserve = 40.0
+
+deliver_queue_load_max = 2.0
+
+queue_only_load = 2.0
+
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 0s
+
+primary_hostname = mx2.vhffs.org
+
+ignore_bounce_errors_after = 4h
+
+timeout_frozen_after = 30d
+
+remote_max_parallel = 35
+#freeze_tell = postmaster
+
+spool_directory = /var/spool/exim4
+
+trusted_users = Debian-exim
+
+smtp_banner = "${primary_hostname} ESMTP Vhffs4 Mailer ${tod_full}"
+
+begin acl
+
+#acl_whitelist_local_deny:
+# accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
+# {CONFDIR/local_host_whitelist}\
+# {}}
+# accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
+# {CONFDIR/local_sender_whitelist}\
+# {}}
+
+acl_check_rcpt:
+ accept hosts = :
+
+# deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+# !acl = acl_whitelist_local_deny
+# senders = ${if exists{CONFDIR/local_sender_blacklist}\
+# {CONFDIR/local_sender_blacklist}\
+# {}}
+
+# deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+# !acl = acl_whitelist_local_deny
+# hosts = ${if exists{CONFDIR/local_host_blacklist}\
+# {CONFDIR/local_host_blacklist}\
+# {}}
+
+ drop condition = ${if eq{$sender_helo_name}{}{yes}{no}}
+ message = HELO/EHLO required by SMTP RFC.\n\
+ Bye dude!
+
+# accept senders = ${if exists{CONFDIR/whitelist_sender}\
+# {CONFDIR/whitelist_sender}\
+# {}}
+
+# accept hosts = ${if exists{CONFDIR/whitelist_host}\
+# {CONFDIR/whitelist_host}\
+# {}}
+
+ drop !verify = sender/no_details
+ message = Unrouteable sender address.\n\
+ Bye dude!
+
+ deny local_parts = ^[.] : ^.*[@%!/|]
+ message = Restricted characters in address
+
+ accept hosts = +relay_from_hosts
+
+# deny domains = +local_domains
+# local_parts = ^[.] : ^.*[@%!/|]
+# message = Restricted characters in address
+
+# deny domains = !+local_domains
+# local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+# message = Restricted characters in address
+
+# drop !verify = sender/callout=45s
+# message = \
+# Your email address is rejected by your mail server.\n\
+# You can't send mail here with a fake address.\n\
+# Bye dude!
+
+# accept local_parts = postmaster
+# domains = +local_domains : +relay_to_domains : +relay_this_domain
+
+# warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
+# !verify = reverse_host_lookup
+
+# accept authenticated = *
+
+ require message = Relay not permitted
+ domains = +local_domains : +relay_to_domains : +relay_this_domain
+
+ deny message = Unknown user
+ domains = +local_domains : +relay_to_domains : +relay_this_domain
+ !verify = recipient
+
+# deny message = Unrouteable address
+# domains = +relay_to_domains : +relay_this_domain
+# !verify = recipient
+
+# accept domains = +local_domains
+# endpass
+# message = unknown user
+# verify = recipient
+
+# accept domains = +relay_to_domains : +relay_this_domain
+# endpass
+# message = unrouteable address
+# verify = recipient
+
+# deny message = relay not permitted
+
+#acl_check_data:
+
+# deny message = Message contains malware or a virus ($malware_name).
+# log_message = $sender_host_address tried sending $malware_name
+# demime = *
+# malware = *
+# warn condition = ${if !def:h_Message-ID: {1}}
+# hosts = +relay_from_hosts
+# message = Message-ID: <E$message_id@$primary_hostname>
+
+ accept
+
+begin routers
+
+dnslookup_relay_to_domains:
+ debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains : +relay_to_domains
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ no_more
+
+dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains : ! +relay_this_domain
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+ 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
+ no_more
+
+dnslookup_relay_this_domain:
+ debug_print = "R: dnslookup_relay_this_domain for $local_part@$domain"
+ driver = dnslookup
+ domains = PGSQL_RELAY_CHECKLOCALPART
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ ignore_target_hosts = !212.85.158.8 : *
+ no_more
+
+#spamcheck_router:
+# driver = accept
+# no_verify
+# domains = PGSQL_VIRTUAL_SPAMCHECK
+# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
+# transport = spamcheck
+
+system_aliases:
+ debug_print = "R: system_aliases for $local_part@$domain"
+ driver = redirect
+ condition = ${if or { {eq {$domain} {$primary_hostname}} {eq {$domain} {$qualify_domain}}} {1} {0}}
+ allow_fail
+ allow_defer
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
+ file_transport = address_file
+
+begin transports
+
+address_file:
+ debug_print = "T: address_file for $local_part@$domain"
+ driver = appendfile
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+address_pipe:
+ debug_print = "T: address_pipe for $local_part@$domain"
+ driver = pipe
+ return_fail_output
+
+address_reply:
+ debug_print = "T: autoreply for $local_part@$domain"
+ driver = autoreply
+
+mail_spool:
+ debug_print = "T: appendfile for $local_part@$domain"
+ driver = appendfile
+ file = /var/mail/$local_part
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ group = mail
+ mode = 0660
+ mode_fail_narrower = false
+
+maildrop_pipe:
+ debug_print = "T: maildrop_pipe for $local_part@$domain"
+ driver = pipe
+ path = "/bin:/usr/bin:/usr/local/bin"
+ command = "/usr/bin/maildrop"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+
+procmail_pipe:
+ debug_print = "T: procmail_pipe for $local_part@$domain"
+ driver = pipe
+ path = "/bin:/usr/bin:/usr/local/bin"
+ command = "/usr/bin/procmail"
+ return_path_add
+ delivery_date_add
+ envelope_to_add
+
+remote_smtp:
+ debug_print = "T: remote_smtp for $local_part@$domain"
+ driver = smtp
+
+#spamcheck:
+# debug_print = "T: spamassassin_pipe for $local_part@$domain"
+# driver = pipe
+# command = /usr/sbin/exim4 -oMr spam-scanned -bS
+# use_bsmtp
+# transport_filter = /usr/bin/spamc -d 192.168.3.50 -p 783
+# home_directory = "/tmp"
+# current_directory = "/tmp"
+# user = Debian-exim
+# group = Debian-exim
+# return_fail_output
+# headers_remove = X-Spam-Flag : X-Spam-Status : X-Spam-Level : X-Spam-Scanned
+
+address_directory:
+ debug_print = "T: address_directory for $local_part@$domain"
+ driver = appendfile
+ envelope_to_add = true
+ return_path_add = true
+ check_string = ""
+ escape_string = ""
+ maildir_format
+
+begin retry
+
+#* quota_7d
+#* quota F,2h,15m; F,3d,1h
+* * F,4h,1h; G,20h,1h,1.5; F,6d,12h; F,24d,1d
+
+begin rewrite
+
+#*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
+# {$value}fail} Ffrs
+
+#*@+local_domains "${if exists {CONFDIR/email-addresses}\
+# {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
+# {$value}fail}}fail}" Ffrs
+
+begin authenticators
+
+# plain_server:
+# driver = plaintext
+# public_name = PLAIN
+# server_condition = ${if and {{!eq{$2}{}}{!eq{$3}{}}{eq {$3} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$2}' and domain = '${domain:$2}'} {$value}fail}}}}{1}{0}}
+# server_set_id = $2
+# server_prompts = :
+
+# login_server:
+# driver = plaintext
+# public_name = LOGIN
+# server_prompts = "Username:: : Password::"
+# server_condition = ${if and {{!eq{$1}{}}{!eq{$2}{}}{eq {$2} {${lookup pgsql{select password from vhffs_boxes where local_part = '${local_part:$1}' and domain = '${domain:$1}'} {$value}fail}}}}{1}{0}}
+# server_set_id = $1
Deleted: trunk/vhffs-doc/config/exim4-mx2/exim4.conf.template
===================================================================
--- trunk/vhffs-doc/config/exim4-mx2/exim4.conf.template 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx2/exim4.conf.template 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,1297 +0,0 @@
-#####################################################
-### main/01_exim4-config_listmacrosdefs
-#####################################################
-
-######################################################################
-# Runtime configuration file for Exim #
-######################################################################
-
-######################################################################
-# MAIN CONFIGURATION SETTINGS #
-######################################################################
-
-# Just for reference and scripts, on debian, the main binary is
-# installed as exim4
-exim_path = /usr/sbin/exim4
-
-# Macro defining the main configuration directory, we use no abolute
-# paths.
-CONFDIR = /etc/exim4
-
-# Define a macro DC_minimaldns if dc_minimaldns=true, to use in
-# .ifdef-statements otherwise this expands to an empty line
-DEBCONFminimaldnsDEBCONF
-
-# The next three settings create two lists of domains and one list of hosts.
-# These lists are referred to later in this configuration using the syntax
-# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
-# are all colon-separated lists:
-
-# '@' refers to 'the name of the local host'
-
-### EXPANSION-begins ######################
-domainlist local_domains = DEBCONFlocal_domainsDEBCONF
-
-domainlist relay_to_domains = DEBCONFrelay_domainsDEBCONF
-
-hostlist relay_from_hosts = 127.0.0.1 : ::::1 : DEBCONFrelay_netsDEBCONF
-
-
-# Specify the domain you want to be added to all unqualified addresses
-# here. An unqualified address is one that does not contain an "@" character
-# followed by a domain. For example, "caesar@rome.example" is a fully qualified
-# address, but the string "caesar" (i.e. just a login name) is an unqualified
-# email address. Unqualified addresses are accepted only from local callers by
-# default. See the recipient_unqualified_hosts option if you want to permit
-# unqualified addresses from remote sources. If this option is not set, the
-# primary_hostname value is used for qualification.
-qualify_domain = DEBCONFvisiblenameDEBCONF
-
-# only used for satellite-system
-.ifndef DCreadhost
-DCreadhost = DEBCONFreadhostDEBCONF
-.endif
-
-#for satellite and smarthost-systems
-.ifndef DCsmarthost
-DCsmarthost = DEBCONFsmarthostDEBCONF
-.endif
-
-# listen on all all interfaces?
-DEBCONFlistenonpublicDEBCONF
-### EXPANSION-ends ######################
-
-# The default transport, set in /etc/exim4/update-exim4.conf.conf. See
-# CONFDIR/conf.d/transport/ for possibilities
-LOCAL_DELIVERY=DEBCONFlocaldeliveryDEBCONF
-
-# The gecos field in /etc/passwd holds not only the name. see passwd(5).
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-
-# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this
-# for .ifdef ... .endif
-DCconfig_DEBCONFconfigtypeDEBCONF = 1
-#####################################################
-### end main/01_exim4-config_listmacrosdefs
-#####################################################
-#####################################################
-### main/02_exim4-config_options
-#####################################################
-
-### main/02_exim4-config_options
-#################################
-
-# This option defines the access control list that is run when an
-# SMTP RCPT command is received.
-#
-acl_smtp_rcpt = acl_check_rcpt
-
-# This option defines the access control list that is run when an
-# SMTP DATA command is received.
-#
-acl_smtp_data = acl_check_data
-
-# Define a message size limit. You can either change it here, or set the
-# MESSAGE_SIZE_LIMIT macro. The default (used when MESSAGE_SIZE_LIMIT
-# is unset and/or message_size_limit is unset) is 50 MB
-.ifdef MESSAGE_SIZE_LIMIT
-message_size_limit = MESSAGE_SIZE_LIMIT
-.endif
-
-# If you want unqualified recipient addresses to be qualified with a different
-# domain to unqualified sender addresses, specify the recipient domain here.
-# If this option is not set, the qualify_domain value is used.
-#
-# qualify_recipient =
-
-# The following line must be uncommented if you want Exim to recognize
-# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
-# (an IP address) instead of a named domain. The RFCs still require this form,
-# but it makes little sense to permit mail to be sent to specific hosts by
-# their IP address in the modern Internet. This ancient format has been used
-# by those seeking to abuse hosts by using them for unwanted relaying. If you
-# really do want to support domain literals, uncomment the following line, and
-# see also the "domain_literal" router.
-#
-# allow_domain_literals
-
-.ifndef DC_minimaldns
-# The setting below causes Exim to do a reverse DNS lookup on all incoming
-# IP calls, in order to get the true host name. If you feel this is too
-# expensive, you can specify the networks for which a lookup is done, or
-# remove the setting entirely.
-#
-host_lookup = *
-.endif
-
-# For minimaldns try to guess the primary_hostname only once at startup, when
-# running update-exim4.conf
-DEBCONF_hardcode_primary_hostname_DEBCONF
-
-# The settings below, which are actually the same as the defaults in the
-# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
-# calls. You can limit the hosts to which these calls are made, and/or change
-# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
-# are disabled. RFC 1413 calls are cheap and can provide useful information
-# for tracing problem messages, but some hosts and firewalls have problems
-# with them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up an SMTP session.
-#
-rfc1413_hosts = *
-rfc1413_query_timeout = 30s
-
-# By default, exim forces a Sender: header containing the local
-# account name at the local host name in all locally submitted messages
-# that don't have the local account name at the local host name in the
-# From: header, deletes any Sender: header present in the submitted
-# message and forces the envelope sender of all locally submitted
-# messages to the local account name at the local host name.
-# The following settings allow local users to specify their own envelope sender
-# in a locally submitted message. Sender: headers existing in a locally
-# submitted message are not removed, and no automatic Sender: headers
-# are added. These settings are fine for most hosts.
-# If you run exim on a classical multi-user systems where all users
-# have local mailboxes that can be reached via SMTP from the Internet
-# with the local FQDN as the domain part of the address, you might want
-# to disable the following three lines for traceability reasons.
-local_from_check = false
-local_sender_retain = true
-untrusted_set_sender = *
-
-# By default, Exim expects all envelope addresses to be fully qualified, that
-# is, they must contain both a local part and a domain. If you want to accept
-# unqualified addresses (just a local part) from certain hosts, you can specify
-# these hosts by setting one or both of
-#
-# sender_unqualified_hosts =
-# recipient_unqualified_hosts =
-#
-# to control sender and recipient addresses, respectively. When this is done,
-# unqualified addresses are qualified using the settings of qualify_domain
-# and/or qualify_recipient (see above).
-
-# If you want Exim to support the "percent hack" for certain domains,
-# uncomment the following line and provide a list of domains. The "percent
-# hack" is the feature by which mail addressed to x%y@z (where z is one of
-# the domains listed) is locally rerouted to x@y and sent on. If z is not one
-# of the "percent hack" domains, x%y is treated as an ordinary local part. This
-# hack is rarely needed nowadays; you should not enable it unless you are sure
-# that you really need it.
-#
-# percent_hack_domains =
-
-# When Exim can neither deliver a message nor return it to sender, it "freezes"
-# the delivery error message (aka "bounce message"). There are also other
-# circumstances in which messages get frozen. They will stay on the queue for
-# ever unless one of the following options is set.
-
-# This option unfreezes frozen bounce messages after two days, tries
-# once more to deliver them, and ignores any delivery failures.
-#
-ignore_bounce_errors_after = 2d
-
-# This option cancels (removes) frozen messages that are older than a week.
-#
-timeout_frozen_after = 7d
-
-freeze_tell = postmaster
-
-# Only for interacting with other packages, to make it possible to use
-# -DSPOOLDIR to override it on the command line
-.ifndef SPOOLDIR
-SPOOLDIR = /var/spool/exim4
-.endif
-spool_directory = SPOOLDIR
-
-# uucp should be able to set envelope-from to arbitrary values
-trusted_users = uucp
-
-# uncomment this to get the Debian version in the SMTP dialog
-# smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}"
-
-#####################################################
-### end main/02_exim4-config_options
-#####################################################
-#####################################################
-### main/03_exim4-config_tlsoptions
-#####################################################
-# Example for TLS/SSL configuration.
-
-# See /usr/share/doc/exim4-base/README.TLS* for explanations.
-
-# Defines that you want to log what cipher your exim and the peer's mailer
-# uses to encrypt the transaction. It also defines you want to log the 'DN'
-# (Distinguished Name) of the certificate of the peer.
-#
-# log_selector = +tls_cipher +tls_peerdn
-
-# Defines what hosts to 'advertise' STARTTLS functionality to. Setting this
-# to * will advertise to all hosts that connect with EHLO, and this is a
-# good default
-#
-# tls_advertise_hosts = *
-
-# Defines where your SSL-certificate and SSL-Private Key are located.
-# This requires a full path. The files pointed to must be kept 'secret'
-# and should be owned my root.Debian-exim mode 640 (-rw-r-----). Usually the
-# exim-gencert script takes care of these prerequisites.
-#
-# tls_certificate = CONFDIR/exim.crt
-# tls_privatekey = CONFDIR/exim.key
-
-# A file which contains the certificates of the trusted CAs (Certification
-# Authorities) against which host certificates can be checked (through the
-# `tls_verify_hosts' and `tls_try_verify_hosts' lists below).
-# /etc/ssl/certs/ca-certificates.crt is generated by
-# the "ca-certificates" package's update-ca-certificates(8) command.
-#
-#tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
-
-# A list of hosts which are constrained by `tls_verify_certificates'. A host
-# that matches `tls_verify_host' must present a certificate that's
-# verifyable through `tls_verify_certificates' in order to be accepted as an
-# SMTP client. If it does not, the connection is aborted.
-#
-#tls_verify_hosts =
-
-# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
-# not `tls_verify_hosts'), request a certificate and check it against
-# `tls_verify_certificates' but do not abort the connection if there is no
-# certificate or if the certificate presented does not match. (This
-# condition can be tested for in ACLs through `verify = certificate')
-#
-#tls_try_verify_hosts = *
-#####################################################
-### end main/03_exim4-config_tlsoptions
-#####################################################
-#####################################################
-### acl/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ACL CONFIGURATION #
-# Specifies access control lists for incoming SMTP mail #
-######################################################################
-begin acl
-
-
-#####################################################
-### end acl/00_exim4-config_header
-#####################################################
-#####################################################
-### acl/20_exim4-config_whitelist_local_deny
-#####################################################
-# This access control list is used to determine whitelisted senders and
-# hosts. It checks for CONFDIR/local_host_whitelist and
-# CONFDIR/local_sender_whitelist.
-#
-# It is meant to be used from some other acl entry.
-#
-# For example,
-# deny message = local blacklist example
-# !acl = acl_whitelist
-# dnslist = some.dns.list.example
-# will allow messages with envelope sender listed in local_sender_whitelist
-# or messages coming in from hosts listed in local_host_whitelist to be
-# accepted even if the delivering host is listed in the dns list.
-#
-# Whitelisting can also be configured by including negative items in the
-# black list. See /usr/share/doc/exim4-config/default_acl for details.
-#
-# If the files do not exist, the white list never matches, which is
-# the desired behaviour.
-
-acl_whitelist_local_deny:
- accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
- accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
- {}}
-
-
-#####################################################
-### end acl/20_exim4-config_whitelist_local_deny
-#####################################################
-#####################################################
-### acl/30_exim4-config_check_rcpt
-#####################################################
-# This access control list is used for every RCPT command in an incoming
-# SMTP message. The tests are run in order until the address is either
-# accepted or denied.
-#
-acl_check_rcpt:
- # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
- # testing for an empty sending host field.
- accept hosts = :
-
- # The following section of the ACL is concerned with local parts that contain
- # @ or % or ! or / or | or dots in unusual places.
- #
- # The characters other than dots are rarely found in genuine local parts, but
- # are often tried by people looking to circumvent relaying restrictions.
- # Therefore, although they are valid in local parts, these rules lock them
- # out, as a precaution.
- #
- # Empty components (two dots in a row) are not valid in RFC 2822, but Exim
- # allows them because they have been encountered. (Consider local parts
- # constructed as "firstinitial.secondinitial.familyname" when applied to
- # someone like me, who has no second initial.) However, a local part starting
- # with a dot or containing /../ can cause trouble if it is used as part of a
- # file name (e.g. for a mailing list). This is also true for local parts that
- # contain slashes. A pipe symbol can also be troublesome if the local part is
- # incorporated unthinkingly into a shell command line.
- #
- # Two different rules are used. The first one is stricter, and is applied to
- # messages that are addressed to one of the local domains handled by this
- # host. It blocks local parts that begin with a dot or contain @ % ! / or |.
- # If you have local accounts that include these characters, you will have to
- # modify this rule.
- deny domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
- message = restricted characters in address
-
- # The second rule applies to all other domains, and is less strict. This
- # allows your own users to send outgoing messages to sites that use slashes
- # and vertical bars in their local parts. It blocks local parts that begin
- # with a dot, slash, or vertical bar, but allows these characters within the
- # local part. However, the sequence /../ is barred. The use of @ % and ! is
- # blocked, as before. The motivation here is to prevent your users (or
- # your users' viruses) from mounting certain kinds of attack on remote sites.
-
- deny domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- message = restricted characters in address
-
- # Accept mail to postmaster in any local domain, regardless of the source,
- # and without verifying the sender.
- #
- accept local_parts = postmaster
- domains = +local_domains
-
- # deny bad senders (envelope sender)
- # CONFDIR/local_sender_blacklist holds a list of envelope senders that
- # should have their access denied to the local host. Incoming messages
- # with one of these senders are rejected at RCPT time.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See /usr/share/doc/exim4-config/default_acl for details.
- deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-
- # deny bad sites (IP address)
- # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
- # and networks (CIDR notation) that should have their access denied to
- # The local host. Messages coming in from a listed host will have all
- # RCPT statements rejected.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See /usr/share/doc/exim4-config/default_acl for details.
- deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
- {CONFDIR/local_host_blacklist}\
- {}}
-
-
- # Deny unless the sender address can be verified.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable the following line.
- # deny message = Sender verification failed
- # !acl = acl_whitelist_local_deny
- # !verify = sender
-
- # Warn if the sender host does not have valid reverse DNS.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable the following lines.
- # warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
- # !verify = reverse_host_lookup
-
-
- #############################################################################
- # There are no checks on DNS "black" lists because the domains that contain
- # these lists are changing all the time. You can find examples of
- # how to use dnslists in /usr/share/doc/exim4-config/examples/acl
- #############################################################################
-
- # Accept if the address is in a local domain, but only if the recipient can
- # be verified. Otherwise deny. The "endpass" line is the border between
- # passing on to the next ACL statement (if tests above it fail) or denying
- # access (if tests below it fail).
- #
- accept domains = +local_domains
- endpass
- message = unknown user
- verify = recipient
-
- # Accept if the address is in a domain for which we are relaying, but again,
- # only if the recipient can be verified.
- #
- accept domains = +relay_to_domains
- endpass
- message = unrouteable address
- verify = recipient
-
- # If control reaches this point, the domain is neither in +local_domains
- # nor in +relay_to_domains.
-
- # Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. Recipient verification is omitted here, because in many
- # cases the clients are dumb MUAs that don't cope well with SMTP error
- # responses. If you are actually relaying out from MTAs, you should probably
- # add recipient verification here.
- #
- accept hosts = +relay_from_hosts
-
- # Accept if the message arrived over an authenticated connection, from
- # any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted.
- #
- accept authenticated = *
-
- # Reaching the end of the ACL causes a "deny", but we might as well give
- # an explicit message.
- #
- deny message = relay not permitted
-
-
-
-#####################################################
-### end acl/30_exim4-config_check_rcpt
-#####################################################
-#####################################################
-### acl/40_exim4-config_check_data
-#####################################################
-# 40_exim4-config_check_data
-
-acl_check_data:
- # Add Message-ID if missing
- warn condition = ${if !def:h_Message-ID: {1}}
- hosts = +relay_from_hosts
- message = Message-ID: <E$message_id@$primary_hostname>
-
- # Deny unless the address list headers are syntactically correct.
- #
- # This is disabled by default because it might reject legitimate mail.
- # If you want your system to insist on syntactically valid address
- # headers, you might want to enable the following lines.
- # deny message = Message headers fail syntax check
- # !acl = acl_whitelist_local_deny
- # !verify = header_syntax
-
- # require that there is a verifiable sender address in at least
- # one of the "Sender:", "Reply-To:", or "From:" header lines.
- # deny message = No verifiable sender address in message headers
- # !acl = acl_whitelist_local_deny
- # !verify = header_sender
-
- # accept otherwise
- accept
-#####################################################
-### end acl/40_exim4-config_check_data
-#####################################################
-#####################################################
-### router/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ROUTERS CONFIGURATION #
-# Specifies how addresses are handled #
-######################################################################
-# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
-# An address is passed to each router in turn until it is accepted. #
-######################################################################
-
-begin routers
-
-#####################################################
-### end router/00_exim4-config_header
-#####################################################
-#####################################################
-### router/100_exim4-config_domain_literal
-#####################################################
-
-# This router routes to remote hosts over SMTP by explicit IP address,
-# when an email address is given in "domain literal" form, for example,
-# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
-# little-known these days, and has been exploited by evil people seeking
-# to abuse SMTP relays. Consequently it is commented out in the default
-# configuration. If you uncomment this router, you also need to uncomment
-# allow_domain_literals above, so that Exim can recognize the syntax of
-# domain literal addresses.
-
-# domain_literal:
-# debug_print = "R: domain_literal for $local_part@$domain"
-# driver = ipliteral
-# domains = ! +local_domains
-# transport = remote_smtp
-
-#####################################################
-### end router/100_exim4-config_domain_literal
-#####################################################
-#####################################################
-### router/150_exim4-config_hubbed_hosts
-#####################################################
-
-# router/150_exim4-config_hubbed_hosts
-#################################
-
-# route specific domains manually.
-#
-# The most common application of this router is to handle relaying to nonlocal
-# domains that the local host is primary MX for. That means that local
-# information needs to be present for a domain to be handled correctly.
-#
-# That information is put into the optional file /etc/exim4/hubbed_hosts
-# which contains key-value pairs of domain pattern and route data.
-#
-# foo.example: internal.mail.example.com
-# bar.example: 192.168.183.3
-#
-# will cause mail for foo.example to be sent to the host
-# internal.mail.example (IP address derived from A record only), and
-# mail to bar.example to be sent to 192.168.183.3.
-#
-# If the file /etc/exim4/hubbed_hosts does not exist, this router is a
-# no-op.
-
-hubbed_hosts:
- debug_print = "R: hubbed_hosts for $domain"
- driver = manualroute
- domains = "${if exists{CONFDIR/hubbed_hosts}\
- {partial-lsearch;CONFDIR/hubbed_hosts}\
- fail}"
- route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
- transport = remote_smtp
-#####################################################
-### end router/150_exim4-config_hubbed_hosts
-#####################################################
-#####################################################
-### router/200_exim4-config_primary
-#####################################################
-
-### router/200_exim4-config_primary
-#################################
-# This file holds the primary router, responsible for nonlocal mails
-
-.ifdef DCconfig_internet
-# configtype=internet
-#
-# deliver mail to the recipient if recipient domain is a domain we
-# relay for. We do not ignore any target hosts here since delivering to
-# a site local or even a link local address might be wanted here, and if
-# such an address has found its way into the MX record of such a domain,
-# the local admin is probably in a place where that broken MX record
-# could be fixed.
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-# deliver mail directly to the recipient. This router is only reached
-# for domains that we do not relay for. Since we most probably can't
-# have broken MX records pointing to site local or link local IP
-# addresses fixed, we ignore target hosts pointing to these addresses.
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- # ignore private rfc1918 and APIPA addresses
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
- no_more
-
-.endif
-
-
-.ifdef DCconfig_local
-# configtype=local
-#
-# Stand-alone system, so generate an error for mail to a non-local domain
-nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
-.endif
-
-
-.ifdef DCconfig_smarthost DCconfig_satellite
-# configtype=smarthost or configtype=satellite
-#
-# Send all non-local mail to a single other machine (smarthost).
-#
-# This means _ALL_ non-local mail goes to the smarthost. This will most
-# probably not do what you want for domains that are listed in
-# relay_domains. The most typical use for relay_domains is to control
-# relaying for incoming e-mail on secondary MX hosts. In that case,
-# it doesn't make sense to send the mail to the smarthost since the
-# smarthost will probably send the message right back here, causing a
-# loop.
-#
-# If you want to use a smarthost while being secondary MX for some
-# domains, you'll need to copy the dnslookup_relay_to_domains router
-# here so that mail to relay_domains is handled separately.
-
-smarthost:
- debug_print = "R: smarthost for $local_part@$domain"
- driver = manualroute
- domains = ! +local_domains
- transport = remote_smtp_smarthost
- route_list = * DCsmarthost byname
- host_find_failed = defer
- same_domain_copy_routing = yes
- no_more
-
-.endif
-
-
-# The "no_more" above means that all later routers are for
-# domains in the local_domains list, i.e. just like Exim 3 directors.
-#####################################################
-### end router/200_exim4-config_primary
-#####################################################
-#####################################################
-### router/300_exim4-config_real_local
-#####################################################
-
-real_local:
- debug_print = "R: real_local for $local_part@$domain"
- driver = accept
- domains = +local_domains
- local_part_prefix = real-
- check_local_user
- transport = LOCAL_DELIVERY
-
-#####################################################
-### end router/300_exim4-config_real_local
-#####################################################
-#####################################################
-### router/400_exim4-config_system_aliases
-#####################################################
-
-# This router handles aliasing using a traditional /etc/aliases file.
-#
-##### NB You must ensure that /etc/aliases exists. It used to be the case
-##### NB that every Unix had that file, because it was the Sendmail default.
-##### NB These days, there are systems that don't have it. Your aliases
-##### NB file should at least contain an alias for "postmaster".
-#
-# Piping to programs in /etc/aliases is disabled per default.
-# If that is a problem for you, see
-# /usr/share/doc/exim4-config/README.system_aliases
-# or explanation and some workarounds.
-#
-# Note that the transports listed below are the same as are used for
-# .forward files; you might want to set up different ones for pipe and
-# file deliveries from aliases.
-
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
-# user = list
-# group = mail
- file_transport = address_file
-# pipe_transport = address_pipe
-# directory_transport = address_directory
-#####################################################
-### end router/400_exim4-config_system_aliases
-#####################################################
-#####################################################
-### router/500_exim4-config_hubuser
-#####################################################
-
-### router/500_exim4-config_hubuser
-#################################
-
-.ifdef DCconfig_satellite
-# This router is only used for configtype=satellite.
-# It takes care to route all mail targetted to <somelocaluser@this.machine>
-# to the host where we read our mail
-#
-hub_user:
- debug_print = "R: hub_user for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = ${local_part}@DCreadhost
- check_local_user
-
-# Grab the redirected mail and deliver it.
-# This is a duplicate of the smarthost router, needed because
-# DCreadhost might end up as part of +local_domains
-hub_user_smarthost:
- debug_print = "R: hub_user_smarthost for $local_part@$domain"
- driver = manualroute
- domains = DCreadhost
- transport = remote_smtp_smarthost
- route_list = * DCsmarthost byname
- host_find_failed = defer
- same_domain_copy_routing = yes
- check_local_user
-.endif
-
-
-#####################################################
-### end router/500_exim4-config_hubuser
-#####################################################
-#####################################################
-### router/600_exim4-config_userforward
-#####################################################
-
-# router/600_exim4-config_userforward
-#################################
-
-# This router handles forwarding using traditional .forward files in users'
-# home directories and filtering with exim's builtin filter language.
-#
-# The no_verify setting means that this router is skipped when Exim is
-# verifying addresses. Similarly, no_expn means that this router is skipped if
-# Exim is processing an EXPN command.
-#
-# The check_ancestor option means that if the forward file generates an
-# address that is an ancestor of the current one, the current one gets
-# passed on instead. This covers the case where A is aliased to B and B
-# has a .forward file pointing to A.
-#
-# The four transports specified at the end are those that are used when
-# forwarding generates a direct delivery to a directory, or a file, or to a
-# pipe, or sets up an auto-reply, respectively.
-#
-userforward:
- debug_print = "R: userforward for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- check_local_user
- file = $home/.forward
- no_verify
- no_expn
- check_ancestor
- allow_filter
- directory_transport = address_directory
- file_transport = address_file
- pipe_transport = address_pipe
- reply_transport = address_reply
- skip_syntax_errors
- syntax_errors_to = real-$local_part@$domain
- syntax_errors_text = \
- This is an automatically generated message. An error has\n\
- been found in your .forward file. Details of the error are\n\
- reported below. While this error persists, you will receive\n\
- a copy of this message for every message that is addressed\n\
- to you. If your .forward file is a filter file, or if it is\n\
- a non-filter file containing no valid forwarding addresses,\n\
- a copy of each incoming message will be put in your normal\n\
- mailbox. If a non-filter file contains at least one valid\n\
- forwarding address, forwarding to the valid addresses will\n\
- happen, and those will be the only deliveries that occur.
-
-#####################################################
-### end router/600_exim4-config_userforward
-#####################################################
-#####################################################
-### router/700_exim4-config_procmail
-#####################################################
-
-procmail:
- debug_print = "R: procmail for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = procmail_pipe
- # emulate OR with "if exists"-expansion
- require_files = ${local_part}:\
- ${if exists{/etc/procmailrc}\
- {/etc/procmailrc}{${home}/.procmailrc}}:\
- +/usr/bin/procmail
- no_verify
- no_expn
-
-#####################################################
-### end router/700_exim4-config_procmail
-#####################################################
-#####################################################
-### router/800_exim4-config_maildrop
-#####################################################
-
-### router/800_exim4-config_maildrop
-#################################
-
-maildrop:
- debug_print = "R: maildrop for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = maildrop_pipe
- require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
- no_verify
- no_expn
-
-#####################################################
-### end router/800_exim4-config_maildrop
-#####################################################
-#####################################################
-### router/900_exim4-config_local_user
-#####################################################
-
-### router/900_exim4-config_local_user
-#################################
-
-local_user:
- debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- local_parts = ! root
- transport = LOCAL_DELIVERY
-
-
-
-#####################################################
-### end router/900_exim4-config_local_user
-#####################################################
-#####################################################
-### router/mmm_mail4root
-#####################################################
-
-### router/mmm_mail4root
-#################################
-# deliver mail addressed to root to /var/mail/mail as user mail:mail
-# if it was not redirected in /etc/aliases or by other means
-# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
-
-mail4root:
- debug_print = "R: mail4root for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = /var/mail/mail
- file_transport = address_file
- local_parts = root
- user = mail
- group = mail
-
-#####################################################
-### end router/mmm_mail4root
-#####################################################
-#####################################################
-### transport/00_exim4-config_header
-#####################################################
-
-######################################################################
-# TRANSPORTS CONFIGURATION #
-######################################################################
-# ORDER DOES NOT MATTER #
-# Only one appropriate transport is called for each delivery. #
-######################################################################
-
-# A transport is used only when referenced from a router that successfully
-# handles an address.
-
-begin transports
-
-#####################################################
-### end transport/00_exim4-config_header
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_file
-#####################################################
-
-# This transport is used for handling deliveries directly to files that are
-# generated by aliasing or forwarding.
-#
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-#####################################################
-### end transport/30_exim4-config_address_file
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_pipe
-#####################################################
-
-# This transport is used for handling pipe deliveries generated by alias or
-# .forward files. If the commands fails and produces any output on standard
-# output or standard error streams, the output is returned to the sender
-# of the message as a delivery error.
-# You can set different transports for aliases and forwards if you want to
-# - see the references to address_pipe in the routers section above.
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-#####################################################
-### end transport/30_exim4-config_address_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_reply
-#####################################################
-
-# This transport is used for handling autoreplies generated by the filtering
-# option of the userforward router.
-#
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-#####################################################
-### end transport/30_exim4-config_address_reply
-#####################################################
-#####################################################
-### transport/30_exim4-config_mail_spool
-#####################################################
-
-### transport/30_exim4-config_mail_spool
-
-# This transport is used for local delivery to user mailboxes in traditional
-# BSD mailbox format.
-#
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-#####################################################
-### end transport/30_exim4-config_mail_spool
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildir_home
-#####################################################
-
-### transport/30_exim4-config_maildir_home
-
-# Use this instead of mail_spool if you want to to deliver to Maildir in
-# home-directory - change the definition of LOCAL_DELIVERY
-#
-maildir_home:
- debug_print = "T: maildir_home for $local_part@$domain"
- driver = appendfile
- directory = $home/Maildir
- delivery_date_add
- envelope_to_add
- return_path_add
- maildir_format
- mode = 0600
- mode_fail_narrower = false
-
-#####################################################
-### end transport/30_exim4-config_maildir_home
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildrop_pipe
-#####################################################
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_maildrop_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_procmail_pipe
-#####################################################
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_procmail_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp
-#####################################################
-
-### transport/30_exim4-config_remote_smtp
-#################################
-# This transport is used for delivering messages over SMTP connections.
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-#####################################################
-### end transport/30_exim4-config_remote_smtp
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-
-### transport/30_exim4-config_remote_smtp_smarthost
-#################################
-
-# This transport is used for delivering messages over SMTP connections
-# to a smarthost. The local host tries to authenticate and does some
-# modification in headers and return-path.
-# This transport is used for smarthost and satellite configurations.
-
-remote_smtp_smarthost:
- debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
- driver = smtp
- hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
- tls_tempfail_tryclear = false
- DEBCONFheaders_rewriteDEBCONF
- DEBCONFreturn_pathDEBCONF
-#####################################################
-### end transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-#####################################################
-### transport/35_exim4-config_address_directory
-#####################################################
-# This transport is used for handling file addresses generated by alias
-# or .forward files if the path ends in "/", which causes it to be treated
-# as a directory name rather than a file name.
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- envelope_to_add = true
- return_path_add = true
- check_string = ""
- escape_string = ""
- maildir_format
-
-#####################################################
-### end transport/35_exim4-config_address_directory
-#####################################################
-#####################################################
-### retry/00_exim4-config_header
-#####################################################
-
-######################################################################
-# RETRY CONFIGURATION #
-######################################################################
-
-begin retry
-
-#####################################################
-### end retry/00_exim4-config_header
-#####################################################
-#####################################################
-### retry/30_exim4-config
-#####################################################
-
-# This single retry rule applies to all domains and all errors. It specifies
-# retries every 15 minutes for 2 hours, then increasing retry intervals,
-# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
-# hours, then retries every 6 hours until 4 days have passed since the first
-# failed delivery.
-
-# Please note that these rules only limit the frequenzy of retries, the
-# effective retry-time depends on the frequenzy of queue-running, too.
-# See QUEUEINTERVAL in /etc/default/exim4.
-
-# Domain Error Retries
-# ------ ----- -------
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-
-
-#####################################################
-### end retry/30_exim4-config
-#####################################################
-#####################################################
-### rewrite/00_exim4-config_header
-#####################################################
-
-######################################################################
-# REWRITE CONFIGURATION #
-######################################################################
-
-begin rewrite
-
-#####################################################
-### end rewrite/00_exim4-config_header
-#####################################################
-#####################################################
-### rewrite/31_exim4-config_rewriting
-#####################################################
-
-### rewrite/31_exim4-config_rewriting
-#################################
-
-# This rewriting rule is particularily useful for dialup users who
-# don't have their own domain, but could be useful for anyone.
-# It looks up the real address of all local users in a file
-*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail} Ffrs
-# identical rewriting rule for /etc/mailname
-DEBCONFrewriteemailaddresses_mailnameDEBCONF
-
-
-#####################################################
-### end rewrite/31_exim4-config_rewriting
-#####################################################
-#####################################################
-### auth/00_exim4-config_header
-#####################################################
-
-######################################################################
-# AUTHENTICATION CONFIGURATION #
-######################################################################
-
-begin authenticators
-
-
-#####################################################
-### end auth/00_exim4-config_header
-#####################################################
-#####################################################
-### auth/30_exim4-config_examples
-#####################################################
-
-### auth/30_exim4-config_examples
-#################################
-
-# The examples below are for server side authentication; they allow two
-# styles of plain-text authentication against an CONFDIR/passwd file
-# which should have user names in the first column and crypted passwords
-# in the second. The columns need to be separated by ':'. For CRAM-MD5
-# exim needs access to the UNECRYPTED passwd - the example below assumes
-# it is available in the third column of CONFDIR/passwd
-
-# plain_server:
-# driver = plaintext
-# public_name = PLAIN
-# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $2
-# server_prompts = :
-#
-# login_server:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = "Username:: : Password::"
-# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $1
-#
-# cram_md5_server:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}fail}}}
-# server_set_id = $1
-
-# Here is an example of CRAM-MD5 authentication against PostgreSQL:
-#
-# psqldb_auth:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$1}'}{$value}fail}
-# server_set_id = $1
-
-# Authenticate against local passwords using sasl2-bin
-# Requires exim_uid to be a member of sasl group, see README.SMTP-AUTH
-# plain_saslauthd:
-# driver = plaintext
-# public_name = PLAIN
-# # don't send system passwords over unencrypted connections
-# server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
-# server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
-# server_set_id = $2
-# server_prompts = :
-#
-# login_saslauthd:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = "Username:: : Password::"
-# # don't send system passwords over unencrypted connections
-# server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
-# server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
-# server_set_id = $1
-
-##############
-# See /usr/share/doc/exim4-base/README.SMTP-AUTH
-##############
-
-# These examples below are the equivalent for client side authentication.
-# They get the passwords from CONFDIR/passwd.client. This file should have
-# three columns separated by colons, the first contains the name of the
-# mailserver to authenticate against, the second the username and the third
-# contains the password.
-
-### # example for CONFDIR/passwd.client
-### mail.server:blah:secret
-### # default entry:
-### *:bar:foo
-
-cram_md5:
- driver = cram_md5
- public_name = CRAM-MD5
- client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
- client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
-
-# Because AUTH PLAIN sends the password in clear, per default we only allow it
-# over encrypted connections. If you want to change this disable the existing
-# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
-# by removing the hash-mark (#) at the beginning of the line.
-plain:
- driver = plaintext
- public_name = PLAIN
- client_send = "${if !eq{$tls_cipher}{}{\
- ^${extract{1}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
- ^${extract{2}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
- }fail}"
-# client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-
-# Because AUTH LOGIN sends the password in clear, per default we only allow it
-# over encrypted connections. If you want to change this disable the existing
-# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
-# by removing the hash-mark (#) at the beginning of the line.
-login:
- driver = plaintext
- public_name = LOGIN
- client_send = "${if !eq{$tls_cipher}{}{}fail}\
- : ${extract{1}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
- : ${extract{2}{::}\
- {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-# client_send = ": ${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} : ${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
-
-
-
-#####################################################
-### end auth/30_exim4-config_examples
-#####################################################
Deleted: trunk/vhffs-doc/config/exim4-mx2/passwd.client
===================================================================
--- trunk/vhffs-doc/config/exim4-mx2/passwd.client 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx2/passwd.client 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,7 +0,0 @@
-### CONFDIR/passwd.client
-#
-# Format:
-#targetmailserver.example:login:password
-#
-# default entry:
-### *:bar:foo
Deleted: trunk/vhffs-doc/config/exim4-mx2/update-exim4.conf.conf
===================================================================
--- trunk/vhffs-doc/config/exim4-mx2/update-exim4.conf.conf 2007-07-03 14:17:18 UTC (rev 653)
+++ trunk/vhffs-doc/config/exim4-mx2/update-exim4.conf.conf 2007-07-03 14:39:58 UTC (rev 654)
@@ -1,17 +0,0 @@
-# /etc/exim4/update-exim4.conf.conf
-#
-# Edit this file and /etc/mailname by hand and execute update-exim4.conf
-# yourself or use 'dpkg-reconfigure exim4-config'
-
-dc_eximconfig_configtype='internet'
-dc_other_hostnames='tetsuo'
-dc_local_interfaces=''
-dc_readhost=''
-dc_relay_domains='mx1.tuxfamily.net:mx1.tuxfamily.org:localost'
-dc_minimaldns='false'
-dc_relay_nets=''
-dc_smarthost=''
-CFILEMODE='644'
-dc_use_split_config='false'
-dc_hide_mailname=''
-dc_mailname_in_oh='true'