Configure routers and transports, with DKIM and SSL

author: root 2017-03-28 15:58:14 +0200
committer: root 2017-03-28 15:59:59 +0200
commit: dbe252d56cbb87bf749c108299f99d831c388241 (patch)
tree: 04a0a7a559400e22fbd8d375ebd3d536d35f7fca
parent: 1bc70e549938fe8e3c4c33230726ac6cdacd575e (diff)
download: exim-dbe252d56cbb87bf749c108299f99d831c388241.tar.gz
6 files changed, 77 insertions, 43 deletions
diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf
index e693144..96e3674 100644
--- a/conf.d/010_main.conf
+++ b/conf.d/010_main.conf
@@ -8,8 +8,8 @@
 # uname() function is called to obtain the name. In many cases this does
 # the right thing and you need not set anything explicitly.
-# primary_hostname =
+primary_hostname =
+SHORT_HOSTNAME =
 # The next three settings create two lists of domains and one list of hosts.
 # These lists are referred to later in this configuration using the syntax
@@ -114,8 +114,8 @@ acl_smtp_dkim = acl_check_dkim
 # need the first setting, or in separate files, in which case you need both
 # options.
-# tls_certificate = /etc/ssl/exim.crt
+tls_certificate = CERTDIR/$primary_hostname.crt
-# tls_privatekey = /etc/ssl/exim.pem
+tls_privatekey = CERTDIR/$primary_hostname.pem
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -303,3 +303,7 @@ timeout_frozen_after = 7d
 # keep_environment = ^LDAP
 # add_environment = PATH=/usr/bin::/bin
+# LMTP backend
+LMTP_BACKENDS =
diff --git a/conf.d/030_routers.conf b/conf.d/030_routers.conf
index 28a7dd2..c88b94c 100644
--- a/conf.d/030_routers.conf
+++ b/conf.d/030_routers.conf
@@ -37,12 +37,10 @@ begin routers
 # setting, and consequently the address is unrouteable.
 dnslookup:
-  driver = dnslookup
+  driver              = dnslookup
-  domains = ! +local_domains
+  domains             = ! +local_domains
-  transport = remote_smtp
+  transport           = remote_smtp
-  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-# if ipv6-enabled then instead use:
-# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
  no_more
@@ -86,13 +84,22 @@ dnslookup:
 # to set up different ones for pipe and file deliveries from aliases.
 system_aliases:
-  driver = redirect
+  driver              = redirect
  allow_fail
  allow_defer
-  data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
+  data                = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
-# user = exim
+# user                = exim
-  file_transport = address_file
+  file_transport      = address_file
-  pipe_transport = address_pipe
+  pipe_transport      = address_pipe
+mail_aliases:
+  driver              = redirect
+  allow_fail
+  allow_defer
+  data                = ${lookup{$local_part@$domain}lsearch{ALIASMAP}}
+  file_transport      = address_file
+  pipe_transport      = address_pipe
 # This router handles forwarding using traditional .forward files in users'
@@ -121,19 +128,19 @@ system_aliases:
 # forwarding generates a direct delivery to a file, or to a pipe, or sets
 # up an auto-reply, respectively.
-userforward:
+#userforward:
-  driver = redirect
+# driver = redirect
-  check_local_user
+# check_local_user
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
-  file = $home/.forward
+# file = $home/.forward
 # allow_filter
-  no_verify
+# no_verify
-  no_expn
+# no_expn
-  check_ancestor
+# check_ancestor
-  file_transport = address_file
+# file_transport = address_file
-  pipe_transport = address_pipe
+# pipe_transport = address_pipe
-  reply_transport = address_reply
+# reply_transport = address_reply
 # This router matches local user mailboxes. If the router fails, the error
@@ -144,10 +151,19 @@ userforward:
 # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
 # in the same way as xxxx@your.domain by this router.
-localuser:
+#localuser:
-  driver = accept
+# driver = accept
-  check_local_user
+# check_local_user
 # local_part_suffix = +* : -*
 # local_part_suffix_optional
-  transport = local_delivery
+# transport = local_delivery
-  cannot_route_message = Unknown user
+# cannot_route_message = Unknown user
+local_user:
+  transport           = dovecot_lmtp
+  domains             = +local_domains
+  driver              = manualroute
+  route_list          = "* LMTP_BACKENDS byname"
+  host_find_failed    = ignore
+  host_all_ignored    = defer
diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf
index 3a885d4..af605d5 100644
--- a/conf.d/040_transports.conf
+++ b/conf.d/040_transports.conf
@@ -17,8 +17,13 @@ begin transports
 # enforce this is a red herring.
 remote_smtp:
-  driver = smtp
+  driver             = smtp
  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+  dkim_domain        = $sender_address_domain
+  dkim_selector      = SHORT_HOSTNAME
+  dkim_private_key   = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem
+  dkim_canon         = relaxed
+  dkim_strict        = yes
 # This transport is used for local delivery to user mailboxes in traditional
@@ -28,16 +33,22 @@ remote_smtp:
 # particular group instead of using the sticky bit. The commented options below
 # show how this can be done.
-local_delivery:
+#local_delivery:
-  driver = appendfile
+# driver = appendfile
-  file = /var/mail/$local_part
+# file = /var/mail/$local_part
-  delivery_date_add
+# delivery_date_add
-  envelope_to_add
+# envelope_to_add
-  return_path_add
+# return_path_add
 # group = mail
 # mode = 0660
+dovecot_lmtp:
+  driver             = smtp
+  protocol           = lmtp
+  port               = 24
 # This transport is used for handling pipe deliveries generated by alias or
 # .forward files. If the pipe generates any standard output, it is returned
 # to the sender of the message as a delivery error. Set return_fail_output
@@ -47,7 +58,7 @@ local_delivery:
 # section above.
 address_pipe:
-  driver = pipe
+  driver              = pipe
  return_output
@@ -55,7 +66,7 @@ address_pipe:
 # generated by aliasing or forwarding.
 address_file:
-  driver = appendfile
+  driver               = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
@@ -64,5 +75,5 @@ address_file:
 # This transport is used for handling autoreplies generated by the filtering
 # option of the userforward router.
-address_reply:
+#address_reply:
-  driver = autoreply
+# driver = autoreply
diff --git a/exim.conf b/exim.conf
index b61efd1..00385f8 100644
--- a/exim.conf
+++ b/exim.conf
@@ -38,8 +38,11 @@
 CONFDIR = /etc/exim
-USERLIST = CONFDIR/list.d/users.list
+CERTDIR = /etc/mail/ssl
-ALIASMAP = CONFDIR/list.d/aliases.map
+DKIMDIR = /etc/mail/dkim
+USERLIST = /etc/mail/list.d/users.list
+ALIASMAP = /etc/mail/list.d/aliases.map
 .include CONFDIR/conf.d/010_main.conf
 .include CONFDIR/conf.d/020_acl.conf
diff --git a/list.d/aliases.map b/list.d/aliases.map
deleted file mode 100644
index e69de29..0000000
--- a/list.d/aliases.map
+++ /dev/null
diff --git a/list.d/users.list b/list.d/users.list
deleted file mode 100644
index e69de29..0000000
--- a/list.d/users.list
+++ /dev/null
author	root	2017-03-28 15:58:14 +0200
committer	root	2017-03-28 15:59:59 +0200
commit	dbe252d56cbb87bf749c108299f99d831c388241 (patch)
tree	04a0a7a559400e22fbd8d375ebd3d536d35f7fca
parent	1bc70e549938fe8e3c4c33230726ac6cdacd575e (diff)
download	exim-dbe252d56cbb87bf749c108299f99d831c388241.tar.gz

diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf index e693144..96e3674 100644 --- a/conf.d/010_main.conf +++ b/conf.d/010_main.conf
@@ -8,8 +8,8 @@
8	# uname() function is called to obtain the name. In many cases this does	8	# uname() function is called to obtain the name. In many cases this does
9	# the right thing and you need not set anything explicitly.	9	# the right thing and you need not set anything explicitly.
10		10
11	# primary_hostname =	11	primary_hostname =
12		12	SHORT_HOSTNAME =
13		13
14	# The next three settings create two lists of domains and one list of hosts.	14	# The next three settings create two lists of domains and one list of hosts.
15	# These lists are referred to later in this configuration using the syntax	15	# These lists are referred to later in this configuration using the syntax
@@ -114,8 +114,8 @@ acl_smtp_dkim = acl_check_dkim
114	# need the first setting, or in separate files, in which case you need both	114	# need the first setting, or in separate files, in which case you need both
115	# options.	115	# options.
116		116
117	# tls_certificate = /etc/ssl/exim.crt	117	tls_certificate = CERTDIR/$primary_hostname.crt
118	# tls_privatekey = /etc/ssl/exim.pem	118	tls_privatekey = CERTDIR/$primary_hostname.pem
119		119
120	# In order to support roaming users who wish to send email from anywhere,	120	# In order to support roaming users who wish to send email from anywhere,
121	# you may want to make Exim listen on other ports as well as port 25, in	121	# you may want to make Exim listen on other ports as well as port 25, in
@@ -303,3 +303,7 @@ timeout_frozen_after = 7d
303		303
304	# keep_environment = ^LDAP	304	# keep_environment = ^LDAP
305	# add_environment = PATH=/usr/bin::/bin	305	# add_environment = PATH=/usr/bin::/bin
		306
		307
		308	# LMTP backend
		309	LMTP_BACKENDS =


diff --git a/conf.d/030_routers.conf b/conf.d/030_routers.conf index 28a7dd2..c88b94c 100644 --- a/conf.d/030_routers.conf +++ b/conf.d/030_routers.conf
@@ -37,12 +37,10 @@ begin routers
37	# setting, and consequently the address is unrouteable.	37	# setting, and consequently the address is unrouteable.
38		38
39	dnslookup:	39	dnslookup:
40	driver = dnslookup	40	driver = dnslookup
41	domains = ! +local_domains	41	domains = ! +local_domains
42	transport = remote_smtp	42	transport = remote_smtp
43	ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8	43	ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
44	# if ipv6-enabled then instead use:
45	# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
46	no_more	44	no_more
47		45
48		46
@@ -86,13 +84,22 @@ dnslookup:
86	# to set up different ones for pipe and file deliveries from aliases.	84	# to set up different ones for pipe and file deliveries from aliases.
87		85
88	system_aliases:	86	system_aliases:
89	driver = redirect	87	driver = redirect
90	allow_fail	88	allow_fail
91	allow_defer	89	allow_defer
92	data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}	90	data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
93	# user = exim	91	# user = exim
94	file_transport = address_file	92	file_transport = address_file
95	pipe_transport = address_pipe	93	pipe_transport = address_pipe
		94
		95
		96	mail_aliases:
		97	driver = redirect
		98	allow_fail
		99	allow_defer
		100	data = ${lookup{$local_part@$domain}lsearch{ALIASMAP}}
		101	file_transport = address_file
		102	pipe_transport = address_pipe
96		103
97		104
98	# This router handles forwarding using traditional .forward files in users'	105	# This router handles forwarding using traditional .forward files in users'
@@ -121,19 +128,19 @@ system_aliases:
121	# forwarding generates a direct delivery to a file, or to a pipe, or sets	128	# forwarding generates a direct delivery to a file, or to a pipe, or sets
122	# up an auto-reply, respectively.	129	# up an auto-reply, respectively.
123		130
124	userforward:	131	#userforward:
125	driver = redirect	132	# driver = redirect
126	check_local_user	133	# check_local_user
127	# local_part_suffix = +* : -*	134	# local_part_suffix = +* : -*
128	# local_part_suffix_optional	135	# local_part_suffix_optional
129	file = $home/.forward	136	# file = $home/.forward
130	# allow_filter	137	# allow_filter
131	no_verify	138	# no_verify
132	no_expn	139	# no_expn
133	check_ancestor	140	# check_ancestor
134	file_transport = address_file	141	# file_transport = address_file
135	pipe_transport = address_pipe	142	# pipe_transport = address_pipe
136	reply_transport = address_reply	143	# reply_transport = address_reply
137		144
138		145
139	# This router matches local user mailboxes. If the router fails, the error	146	# This router matches local user mailboxes. If the router fails, the error
@@ -144,10 +151,19 @@ userforward:
144	# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated	151	# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
145	# in the same way as xxxx@your.domain by this router.	152	# in the same way as xxxx@your.domain by this router.
146		153
147	localuser:	154	#localuser:
148	driver = accept	155	# driver = accept
149	check_local_user	156	# check_local_user
150	# local_part_suffix = +* : -*	157	# local_part_suffix = +* : -*
151	# local_part_suffix_optional	158	# local_part_suffix_optional
152	transport = local_delivery	159	# transport = local_delivery
153	cannot_route_message = Unknown user	160	# cannot_route_message = Unknown user
		161
		162
		163	local_user:
		164	transport = dovecot_lmtp
		165	domains = +local_domains
		166	driver = manualroute
		167	route_list = "* LMTP_BACKENDS byname"
		168	host_find_failed = ignore
		169	host_all_ignored = defer


diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index 3a885d4..af605d5 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf
@@ -17,8 +17,13 @@ begin transports
17	# enforce this is a red herring.	17	# enforce this is a red herring.
18		18
19	remote_smtp:	19	remote_smtp:
20	driver = smtp	20	driver = smtp
21	message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}	21	message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
		22	dkim_domain = $sender_address_domain
		23	dkim_selector = SHORT_HOSTNAME
		24	dkim_private_key = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem
		25	dkim_canon = relaxed
		26	dkim_strict = yes
22		27
23		28
24	# This transport is used for local delivery to user mailboxes in traditional	29	# This transport is used for local delivery to user mailboxes in traditional
@@ -28,16 +33,22 @@ remote_smtp:
28	# particular group instead of using the sticky bit. The commented options below	33	# particular group instead of using the sticky bit. The commented options below
29	# show how this can be done.	34	# show how this can be done.
30		35
31	local_delivery:	36	#local_delivery:
32	driver = appendfile	37	# driver = appendfile
33	file = /var/mail/$local_part	38	# file = /var/mail/$local_part
34	delivery_date_add	39	# delivery_date_add
35	envelope_to_add	40	# envelope_to_add
36	return_path_add	41	# return_path_add
37	# group = mail	42	# group = mail
38	# mode = 0660	43	# mode = 0660
39		44
40		45
		46	dovecot_lmtp:
		47	driver = smtp
		48	protocol = lmtp
		49	port = 24
		50
		51
41	# This transport is used for handling pipe deliveries generated by alias or	52	# This transport is used for handling pipe deliveries generated by alias or
42	# .forward files. If the pipe generates any standard output, it is returned	53	# .forward files. If the pipe generates any standard output, it is returned
43	# to the sender of the message as a delivery error. Set return_fail_output	54	# to the sender of the message as a delivery error. Set return_fail_output
@@ -47,7 +58,7 @@ local_delivery:
47	# section above.	58	# section above.
48		59
49	address_pipe:	60	address_pipe:
50	driver = pipe	61	driver = pipe
51	return_output	62	return_output
52		63
53		64
@@ -55,7 +66,7 @@ address_pipe:
55	# generated by aliasing or forwarding.	66	# generated by aliasing or forwarding.
56		67
57	address_file:	68	address_file:
58	driver = appendfile	69	driver = appendfile
59	delivery_date_add	70	delivery_date_add
60	envelope_to_add	71	envelope_to_add
61	return_path_add	72	return_path_add
@@ -64,5 +75,5 @@ address_file:
64	# This transport is used for handling autoreplies generated by the filtering	75	# This transport is used for handling autoreplies generated by the filtering
65	# option of the userforward router.	76	# option of the userforward router.
66		77
67	address_reply:	78	#address_reply:
68	driver = autoreply	79	# driver = autoreply


diff --git a/exim.conf b/exim.conf index b61efd1..00385f8 100644 --- a/exim.conf +++ b/exim.conf
@@ -38,8 +38,11 @@
38		38
39	CONFDIR = /etc/exim	39	CONFDIR = /etc/exim
40		40
41	USERLIST = CONFDIR/list.d/users.list	41	CERTDIR = /etc/mail/ssl
42	ALIASMAP = CONFDIR/list.d/aliases.map	42	DKIMDIR = /etc/mail/dkim
		43
		44	USERLIST = /etc/mail/list.d/users.list
		45	ALIASMAP = /etc/mail/list.d/aliases.map
43		46
44	.include CONFDIR/conf.d/010_main.conf	47	.include CONFDIR/conf.d/010_main.conf
45	.include CONFDIR/conf.d/020_acl.conf	48	.include CONFDIR/conf.d/020_acl.conf


diff --git a/list.d/aliases.map b/list.d/aliases.map deleted file mode 100644 index e69de29..0000000 --- a/list.d/aliases.map +++ /dev/null


diff --git a/list.d/users.list b/list.d/users.list deleted file mode 100644 index e69de29..0000000 --- a/list.d/users.list +++ /dev/null