From dbe252d56cbb87bf749c108299f99d831c388241 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Mar 2017 15:58:14 +0200 Subject: Configure routers and transports, with DKIM and SSL --- conf.d/010_main.conf | 12 +++++--- conf.d/030_routers.conf | 68 ++++++++++++++++++++++++++++------------------ conf.d/040_transports.conf | 33 ++++++++++++++-------- 3 files changed, 72 insertions(+), 41 deletions(-) (limited to 'conf.d') diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf index e693144..96e3674 100644 --- a/conf.d/010_main.conf +++ b/conf.d/010_main.conf @@ -8,8 +8,8 @@ # uname() function is called to obtain the name. In many cases this does # the right thing and you need not set anything explicitly. -# primary_hostname = - +primary_hostname = +SHORT_HOSTNAME = # The next three settings create two lists of domains and one list of hosts. # These lists are referred to later in this configuration using the syntax @@ -114,8 +114,8 @@ acl_smtp_dkim = acl_check_dkim # need the first setting, or in separate files, in which case you need both # options. -# tls_certificate = /etc/ssl/exim.crt -# tls_privatekey = /etc/ssl/exim.pem +tls_certificate = CERTDIR/$primary_hostname.crt +tls_privatekey = CERTDIR/$primary_hostname.pem # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in @@ -303,3 +303,7 @@ timeout_frozen_after = 7d # keep_environment = ^LDAP # add_environment = PATH=/usr/bin::/bin + + +# LMTP backend +LMTP_BACKENDS = diff --git a/conf.d/030_routers.conf b/conf.d/030_routers.conf index 28a7dd2..c88b94c 100644 --- a/conf.d/030_routers.conf +++ b/conf.d/030_routers.conf @@ -37,12 +37,10 @@ begin routers # setting, and consequently the address is unrouteable. dnslookup: - driver = dnslookup - domains = ! +local_domains - transport = remote_smtp - ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 -# if ipv6-enabled then instead use: -# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 + driver = dnslookup + domains = ! +local_domains + transport = remote_smtp + ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 no_more @@ -86,13 +84,22 @@ dnslookup: # to set up different ones for pipe and file deliveries from aliases. system_aliases: - driver = redirect + driver = redirect allow_fail allow_defer - data = ${lookup{$local_part}lsearch{/etc/mail/aliases}} -# user = exim - file_transport = address_file - pipe_transport = address_pipe + data = ${lookup{$local_part}lsearch{/etc/mail/aliases}} +# user = exim + file_transport = address_file + pipe_transport = address_pipe + + +mail_aliases: + driver = redirect + allow_fail + allow_defer + data = ${lookup{$local_part@$domain}lsearch{ALIASMAP}} + file_transport = address_file + pipe_transport = address_pipe # This router handles forwarding using traditional .forward files in users' @@ -121,19 +128,19 @@ system_aliases: # forwarding generates a direct delivery to a file, or to a pipe, or sets # up an auto-reply, respectively. -userforward: - driver = redirect - check_local_user +#userforward: +# driver = redirect +# check_local_user # local_part_suffix = +* : -* # local_part_suffix_optional - file = $home/.forward +# file = $home/.forward # allow_filter - no_verify - no_expn - check_ancestor - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply +# no_verify +# no_expn +# check_ancestor +# file_transport = address_file +# pipe_transport = address_pipe +# reply_transport = address_reply # This router matches local user mailboxes. If the router fails, the error @@ -144,10 +151,19 @@ userforward: # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated # in the same way as xxxx@your.domain by this router. -localuser: - driver = accept - check_local_user +#localuser: +# driver = accept +# check_local_user # local_part_suffix = +* : -* # local_part_suffix_optional - transport = local_delivery - cannot_route_message = Unknown user +# transport = local_delivery +# cannot_route_message = Unknown user + + +local_user: + transport = dovecot_lmtp + domains = +local_domains + driver = manualroute + route_list = "* LMTP_BACKENDS byname" + host_find_failed = ignore + host_all_ignored = defer diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index 3a885d4..af605d5 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf @@ -17,8 +17,13 @@ begin transports # enforce this is a red herring. remote_smtp: - driver = smtp + driver = smtp message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} + dkim_domain = $sender_address_domain + dkim_selector = SHORT_HOSTNAME + dkim_private_key = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem + dkim_canon = relaxed + dkim_strict = yes # This transport is used for local delivery to user mailboxes in traditional @@ -28,16 +33,22 @@ remote_smtp: # particular group instead of using the sticky bit. The commented options below # show how this can be done. -local_delivery: - driver = appendfile - file = /var/mail/$local_part - delivery_date_add - envelope_to_add - return_path_add +#local_delivery: +# driver = appendfile +# file = /var/mail/$local_part +# delivery_date_add +# envelope_to_add +# return_path_add # group = mail # mode = 0660 +dovecot_lmtp: + driver = smtp + protocol = lmtp + port = 24 + + # This transport is used for handling pipe deliveries generated by alias or # .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. Set return_fail_output @@ -47,7 +58,7 @@ local_delivery: # section above. address_pipe: - driver = pipe + driver = pipe return_output @@ -55,7 +66,7 @@ address_pipe: # generated by aliasing or forwarding. address_file: - driver = appendfile + driver = appendfile delivery_date_add envelope_to_add return_path_add @@ -64,5 +75,5 @@ address_file: # This transport is used for handling autoreplies generated by the filtering # option of the userforward router. -address_reply: - driver = autoreply +#address_reply: +# driver = autoreply -- cgit v1.2.3