ImperialViolet

Spent all day configuring... (09 Jan 2004)

Spent all day configuring the new mail servers at DoC. Some useful Exim snippets for future reference are below.

Oh, and someone dug through a very important London backbone fibre this morning which took IV off the face of the net.

This weekend is going to involve a few trial runs of the Union webserver move that I'm doing on Monday for real.

Virtual hosting

domainlist local_domains = @ : cdb;VHOSTCONFIG
# Vhost routing
vhost_aliases:
  driver = redirect
  allow_fail
  allow_defer
  domains = cdb;VHOSTCONFIG
  data = ${lookup{$local_part}nwildlsearch{${lookup{$domain}cdb{VHOSTCONFIG}}}}
  file_transport = address_file
  pipe_transport = address_pipe
  no_more

Spam Checking with spamd

spamcheck_router:
  driver = accept
  # ! already spam AND ! already scanned AND from offsite AND !SMTP AUTHed
  condition = "${if and { {!def:authenticated_id} {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} {!match{$sender_host_address}{^(146\.169\.|155\.198\.4\.76)}} } {1}{0}}"
  transport = spamcheck
  no_verify
## Spam Assassin
spamcheck:
    driver = pipe
    command = /usr/sbin/exim -i -oMr spam-scanned -f "${if eq {${sender_address}}{} {mailer-daemon} {${sender_address}} }" -- ${local_part}
    transport_filter = /usr/bin/spamc
    home_directory = "/tmp"
    current_directory = "/tmp"
    # must use a privileged user to set $received_protocol on the way back in!
    user = exim
    group = exim
    log_output = true
    return_fail_output = true

SMTP AUTH over TLS using Kerberos via PAM

# SMTP AUTH Settings (see also Authenticators at the bottom)

auth_advertise_hosts = *
received_header_text = "Received: ${if def:sender_fullhost {from ${sender_fullhost} ${if def:sender_ident {(${sender_ident})}}} {${if def:sender_ident {from ${sender_ident} }}}} \n\t by ${primary_hostname} ${if def:received_protocol {with ${received_protocol}}} \n\t ${if def:tls_cipher {(tls_cipher ${tls_cipher})}} ${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}} (Exim ${version_number} ${compile_number} (DoC)) \n\t id ${message_id} ${if def:authenticated_id { \n\t from user $authenticated_id}}"
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
  server_set_id = $2
#  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
  server_set_id = $1
#  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}