###################################################################### # Runtime configuration file for Exim 4 # ###################################################################### # $Cambridge: hermes/conf/exim/etc/etc.cam/configure,v 1.74 2005/03/07 12:20:19 fanf2 Exp $ # This is the Exim 4 configuration file I use on my workstation in the # Computing Service. It should be suitable for most systems in Cambridge # which operate as satellites of the CS's central email servers. I have # had positive feedback from a couple of users, and any other comments # and suggestions are welcome! # # The aim is to mostly operate as a normal Unix MTA, except that the # machine doesn't have a valid email domain of its own and has to use a # "smarthost" SMTP relay. Local email simply uses the machine's hostname # for its domain, but this doesn't work in the outside world so # rewriting is performed on outgoing email make the addresses valid. In # order to do this the configuration borrows an external domain in which # the machine's users (particularly its admin) have addresses. There's # also a "smartuser" feature, to make it possible to email other users # of the external domain as if they were local users. # # The configuration attempts to be as generic as possible. All the # Cambridge-specific stuff is in the macros below, and most # operating-system-specific stuff is assumed to be configured at # compile-time. Systems may vary in the location of the aliases file and # whether they have an appropriate wheel group. We also assume a BSD-style # /var/mail (drwxrwxr-x and group mail rather than drwxrwxrwt) and that # users have individual groups (we permit -rwxrwxr-x .forward files). # The configuration supports maildir which isn't part of the default # Exim compile-time configuration. # # Tony Finch http://www.cus.cam.ac.uk/~fanf2/ # The "smarthost" to use for outgoing SMTP. # RELAY = ppsw.cam.ac.uk # Users in this group are granted special privilege. # WHEEL = root # The location of the system aliases file on your computer. This should # contain aliases for all system users (especially root) and for special # local parts like postmaster and mailer-daemon, so that you don't end # up sending system email to the wrong person, e.g. root@DOMAIN. # ALIASES = /etc/aliases # The local-part of the admin's email address. We pull this out of the # aliases file so it only needs to be set in one place. It *must* be # a valid NONLOCAL user, and probably also a valid local user. # ADMIN = ${lookup{root}lsearch{ALIASES}} # This is the external domain that we use when rewriting outgoing email, # so that the local hostname isn't used as an (invalid) email domain on # externally-visible email. # DOMAIN = cam.ac.uk # This is a regex that matches the local parts of email addresses in # the external domain. It's used in two situations: firstly, when # rewriting local addresses on outgoing email, and secondly, when # doing a "smartuser" match on an invalid local address to see if it # should be redirected to the external domain. # # For Cambridge, a rough match for CRSIDs will do. # NONLOCAL = \N^([a-z]+[0-9]+)$\N # This is how we rewrite local addresses on outgoing email. If the local # user is not also a non-local user, then their address is rewritten to # the admin's externally-valid address. Otherwise only the domain needs # to be fixed. This macro must contain no white space. # REWRITE_TO = ${if!match{$local_part}{NONLOCAL}{ADMIN@DOMAIN}{$local_part@DOMAIN}} # Return paths are somewhat more tricky to deal with, because the # expansion must also check that the domain part is a local one. # REWRITE_FROM = ${if match_domain{$sender_address_domain}{+local} \ {${if !match{$sender_address_local_part}{NONLOCAL} \ {ADMIN@DOMAIN} {$1@DOMAIN} }} \ fail } ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # Which domains are local, i.e. the hostname and localhost # (the latter being for fetchmail users). # domainlist local = localhost : @ : @[] # Which ACL to use for SMTP RCPT commands. # acl_smtp_rcpt = acl_check_rcpt # Do lots of DNS lookups. # host_lookup = * helo_lookup_domains = * helo_try_verify_hosts = * # Don't do ident checks. # (they cause problems) # rfc1413_hosts = : rfc1413_query_timeout = 0s # Be verbose. # log_selector = +all # Unfreeze frozen bounce messages after two days, try once more to # deliver them, and ignore any delivery failures. # ignore_bounce_errors_after = 2d # Discard frozen messages that are older than a week. # timeout_frozen_after = 7d # Use all 8 bits of TCP. # accept_8bitmime = true # Privileged users. # admin_groups = WHEEL trusted_groups = WHEEL # Don't deliver email to root. # never_users = root ###################################################################### # ACL CONFIGURATION # ###################################################################### # This section specifies access control lists for deciding whether to # accept incoming SMTP commands. The ACL to call for each command is # defined in the main configuration section above. begin acl # This is the access control list used for every RCPT command in an incoming # SMTP message. It is a stripped down version of the one from the default # configuration. # acl_check_rcpt: # Accept if the source is the local machine, either not over TCP/IP, # or with a source address that's one of this machine's interfaces. # accept hosts = : @[] # Accept all email to the local postmaster. # accept recipients = postmaster@+local # Deny unless the sender address can be verified. # require verify = sender # Accept if the address is for this machine and the # recipient can be verified. # accept domains = +local verify = recipient # Otherwise deny. # deny message = Relaying is not permitted ###################################################################### # ROUTERS CONFIGURATION # ###################################################################### # Routers specify how addresses are handled. An address is passed to # each router in turn until it is accepted. The order of the routers # in this section is important. begin routers # A special case for postmaster email directed to the local host, # to allow automated systems to contact postmaster. # postmaster: driver = redirect domains = @ : @[] local_parts = postmaster data = postmaster@${qualify_domain} # Route addresses that are not at this machine to the central email relay. # route_remote: driver = manualroute domains = !+local route_data = RELAY no_more transport = remote_smtp # This router handles aliasing using a traditional aliases file. # # If any of your aliases expand to pipes or files, they will run as # ${exim_user} unless you change that here or in the appropriate # transport. Note that the transports listed below are the same as are # used for .forward files; you might want to set up different ones for # pipe and file deliveries from aliases. # system_aliases: driver = redirect data = ${lookup{$local_part}lsearch{ALIASES}} allow_defer allow_fail directory_transport = address_directory file_transport = address_file pipe_transport = address_pipe # This router handles forwarding using .forward files in users' home # directories (either traditional ones or Exim filters). # userforward: driver = redirect local_part_suffix = +* local_part_suffix_optional no_verify no_expn check_local_user file = ${home}/.forward check_ancestor allow_filter modemask = 002 directory_transport = address_directory file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply # Email for local users without .forward files is delivered to their mailboxes. # localuser: driver = accept local_part_suffix = +* local_part_suffix_optional check_local_user transport = local_delivery # Email for unrecognized users is sent to an @DOMAIN address if their # username is non-local. # smartuser: driver = redirect local_parts = NONLOCAL data = $local_part@DOMAIN ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # A transport is used only when referenced from a router that # successfully handles an address. One transport is called for # each delivery. The order of the transports in this section # does not matter. begin transports # We rewrite addresses on outgoing messages so that responses are # directed to the central email machines rather than to here. # remote_smtp: driver = smtp return_path = REWRITE_FROM headers_rewrite = *@+local REWRITE_TO # This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. It will be run under the uid of the local user and gid # mail so that it can write to /var/mail/. # local_delivery: driver = appendfile file = /var/mail/${local_part} delivery_date_add envelope_to_add return_path_add group = mail mode = 0660 # This transport is used for handling pipe deliveries generated by alias or # .forward files. If the pipe generates any standard output, it is returned # to the sender of the message as a delivery error. # address_pipe: driver = pipe return_output # This transport is used for handling deliveries directly to files that are # generated by aliasing or forwarding. # address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add # This transport is used for handling deliveries to directories that are # generated by aliasing or forwarding. # address_directory: driver = appendfile maildir_format delivery_date_add envelope_to_add return_path_add # This transport is used for handling autoreplies generated by the filtering # option of the userforward router. # address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # This single retry rule applies to all domains and all errors. # Domain Error Retries # ------ ----- ------- * * F,2h,15m; G,4h,15m,2; F,1w,4h # End of Exim configuration file