|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : dmitry a. frolov 2:550/2.2 13 Aug 2007 15:17:22
To : Alexander Titaev
Subject : exim+ldap
--------------------------------------------------------------------------------
Mon, 13 Aug 2007 17:27, Alexander Titaev => Dmitry a. frolov:
daf>> что я делаю не так?
daf>> поставил экзим, Courier-authlib, Courier-imap.
daf>> Can't contact LDAP server
daf>> Aug 10 13:38:47 mail authdaemond: ldap_simple_bind_s failed:
daf>> Can't contact LDAP server
daf>> Aug 10 13:38:47 mail imapd-ssl: LOGIN FAILED, method=PLAIN,
daf>> ip=[192.168.10.100]
daf>> Aug 10 13:38:47 mail imapd-ssl: authentication error:
daf>> Input/output error
AT> а причем тут exim?
ну экзим к слову пpишелся :))
так как PDC Samba + ldap + ddns + dhcp (все в ладпе) pаботает на уpа =)
daf>> итого: он решил что не знает такое адреса у себя, судя по конифгу
daf>> экзима:
daf>> Код:
daf>> accept domains = +local_domains
daf>> endpass
daf>> message = "User unknown."
daf>> verify = recipient
AT> замечательно, те домен mail.artpaint в local_domains описан?
да.
AT> В явном виде или посредством any lookup?
AT> А в днс соответсвующий MX имеется в приватном view?
нет
если pечь пpо artpaint.spb.ru, то МХ лежит у пpовайдеpа моего ссылвается на мой
айпи. я его юзаю как pелей. что касается локального mail.artpaint - нет, МХ не
писал. mail.artpaint - это та тачка на котоpой и стоит экзим.
[f0s@mail] /home/f0s/> dig @127.0.0.1 artpaint. axfr
; <<>> DiG 9.3.3 <<>> @127.0.0.1 artpaint. axfr
; (1 server found)
;; global options: printcmd
artpaint. 178600 IN SOA mail.artpaint.
root.mail.artpaint. 1 28800 7200 604800 86400
artpaint. 178600 IN NS mail.artpaint.
/[..]/
localhost.artpaint. 178600 IN A 127.0.0.1
/[..]/
mail.artpaint. 178600 IN A 192.168.10.8
artpaint. 178600 IN SOA mail.artpaint.
root.mail.artpaint. 1 28800 7200 604800 86400
;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 13 15:18:39 2007
;; XFR size: 55 records (messages 1)
[f0s@mail] /home/f0s/>
daf>> вот что пишут логи:
daf>> Код:
daf>> Aug 10 13:02:55 mail exim[1448]: DNS list lookup defer
daf>> (probably timeout) for 1.0.0.127.opm.blitzed.org: assumed not in
daf>> list
AT> ну это ты не угадал, причем дважды
AT> 1) лупбэк хорошо бы отнести к trusted hosts, а trusted hosts на dnsbl
AT> чекать не надо 2) blitzed.org давно мертв
AT> для того что бы понять где бага делаешь
AT> exim -bh 127.0.0.1
AT> эмулируешь сессию и смотришь результат, если данных покажется мало
AT> добавь еще -d -v
[f0s@mail] /home/f0s/> exim -d -bhc 127.0.0.1
Exim version 4.67 (FreeBSD 6.2) uid=0 gid=0 pid=1061 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
Support for: crypteq iconv() use_setclassresources PAM Perl Expand_dlfunc
OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch
ldap ldapdn ldapm nis nis0 passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=1061
auxiliary group list: 0
seeking password data for user "mailnull": using cached result
getpwnam() succeeded uid=26 gid=26
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
configuration file is /usr/local/etc/exim/configure
log selectors = 0000cefe 00233821
trusted user
admin user
changed uid/gid: privilege not needed
uid=26 gid=6 pid=1061
auxiliary group list: 6 6
originator: uid=0 gid=0 login=root name=Charlie Root
sender address = root@mail.artpaint
sender_fullhost = [127.0.0.1]
sender_rcvhost = [127.0.0.1]
**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!
host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [127.0.0.1]
host in host_lookup? no (option unset)
set_process_info: 1061 handling incoming connection from [127.0.0.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (end of list)
SMTP>> 220 artpaint.spb.ru, ESMTP Microsoft Windows 2003 R2
220 artpaint.spb.ru, ESMTP Microsoft Windows 2003 R2
smtp_setup_msg entered
helo localhost
SMTP<< helo localhost
localhost in helo_lookup_domains? no (end of list)
sender_fullhost = (localhost) [127.0.0.1]
sender_rcvhost = [127.0.0.1] (helo=localhost)
set_process_info: 1061 handling incoming connection from (localhost)
[127.0.0.1]
250 artpaint.spb.ru Hello localhost [127.0.0.1]
SMTP>> 250 artpaint.spb.ru Hello localhost [127.0.0.1]
mail from: test@artpaint.spb.ru
SMTP<< mail from: test@artpaint.spb.ru
SMTP>> 250 OK
250 OK
rcpt to: test@mail.artpaint
SMTP<< rcpt to: test@mail.artpaint
using ACL "acl_check_rcpt"
processing "accept"
check hosts = :
host in ":"? no (end of list)
accept: condition test failed
processing "deny"
check domains = +local_domains
mail.artpaint in "mail.artpaint : artpaint.spb.ru"? yes (matched
"mail.artpaint")
mail.artpaint in "+local_domains"? yes (matched "+local_domains")
check local_parts = ^[.] : ^.*[@%!/|]
test in "^[.] : ^.*[@%!/|]"? no (end of list)
deny: condition test failed
processing "deny"
check domains = !+local_domains
cached yes match for +local_domains
cached lookup data = NULL
mail.artpaint in "!+local_domains"? no (matched "!+local_domains" - cached)
deny: condition test failed
processing "deny"
check condition = ${if eq{$sender_helo_name}{}{yes}{no}}
= no
deny: condition test failed
processing "deny"
check hosts = *:!+relay_from_hosts
host in "*:!+relay_from_hosts"? yes (matched "*")
check condition = ${if eq{$sender_helo_name}{$sender_host_address}{true}{false}}
= false
deny: condition test failed
processing "deny"
check condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
= no
deny: condition test failed
processing "deny"
check condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
= no
deny: condition test failed
processing "deny"
looking up host name for 127.0.0.1
DNS lookup of 1.0.0.127.in-addr.arpa (PTR) succeeded
IP address lookup yielded localhost.artpaint
gethostbyname looked up these IP addresses:
name=localhost.artpaint address=127.0.0.1
checking addresses for localhost.artpaint
127.0.0.1 OK
sender_fullhost = localhost.artpaint (localhost) [127.0.0.1]
sender_rcvhost = localhost.artpaint ([127.0.0.1] helo=localhost)
check condition = ${if
match{$sender_host_name}{adsl|dialup|pool|peer|dhcp}{yes}{no}}
= no
deny: condition test failed
processing "accept"
check authenticated = *
accept: condition test failed
processing "deny"
check dnslists = opm.blitzed.org : proxies.blackholes.easynet.nl :
cbl.abuseat.org : bl.spamcop.net : bl.csma.biz : dynablock.njabl.org :
DNS list check: opm.blitzed.org
new DNS lookup for 1.0.0.127.opm.blitzed.org
DNS lookup of 1.0.0.127.opm.blitzed.org (A) gave TRY_AGAIN
1.0.0.127.opm.blitzed.org in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: dnslist_defer MAIN
DNS list lookup defer (probably timeout) for 1.0.0.127.opm.blitzed.org:
assumed not in list
DNS list check: proxies.blackholes.easynet.nl
new DNS lookup for 1.0.0.127.proxies.blackholes.easynet.nl
DNS lookup of 1.0.0.127.proxies.blackholes.easynet.nl (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.0.0.127.proxies.blackholes.easynet.nl failed
=> that means 127.0.0.1 is not listed at proxies.blackholes.easynet.nl
DNS list check: cbl.abuseat.org
new DNS lookup for 1.0.0.127.cbl.abuseat.org
DNS lookup of 1.0.0.127.cbl.abuseat.org (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.0.0.127.cbl.abuseat.org failed
=> that means 127.0.0.1 is not listed at cbl.abuseat.org
DNS list check: bl.spamcop.net
new DNS lookup for 1.0.0.127.bl.spamcop.net
DNS lookup of 1.0.0.127.bl.spamcop.net (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.0.0.127.bl.spamcop.net failed
=> that means 127.0.0.1 is not listed at bl.spamcop.net
DNS list check: bl.csma.biz
new DNS lookup for 1.0.0.127.bl.csma.biz
DNS lookup of 1.0.0.127.bl.csma.biz (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.0.0.127.bl.csma.biz failed
=> that means 127.0.0.1 is not listed at bl.csma.biz
DNS list check: dynablock.njabl.org
new DNS lookup for 1.0.0.127.dynablock.njabl.org
DNS lookup of 1.0.0.127.dynablock.njabl.org (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.0.0.127.dynablock.njabl.org failed
=> that means 127.0.0.1 is not listed at dynablock.njabl.org
deny: condition test failed
processing "warn"
check set acl_m0 = 25s
warn: condition test succeeded
processing "warn"
check hosts = +relay_from_hosts
gethostbyname looked up these IP addresses:
name=localhost.artpaint address=127.0.0.1
host in "localhost.artpaint : localhost : 127.0.0.0/8"? yes (matched
"localhost.artpaint")
host in "+relay_from_hosts"? yes (matched "+relay_from_hosts")
check set acl_m0 = 0s
warn: condition test succeeded
processing "warn"
check logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address] with
HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain. delay
= $acl_m0
= Delay 0s for localhost.artpaint [127.0.0.1] with
HELO=localhost. Mail from test@artpaint.spb.ru to test@mail.artpaint. delay = 0s
LOG: MAIN
Delay 0s for localhost.artpaint [127.0.0.1] with HELO=localhost. Mail from
test@artpaint.spb.ru to test@mail.artpaint. delay = 0s
warn: condition test succeeded
processing "accept"
check domains = +local_domains
cached yes match for +local_domains
cached lookup data = NULL
mail.artpaint in "+local_domains"? yes (matched "+local_domains" - cached)
check verify = recipient
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Verifying test@mail.artpaint
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering test@mail.artpaint
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing test@mail.artpaint
--------> dnslookup router <--------
local_part=test domain=mail.artpaint
checking domains
cached yes match for +local_domains
cached lookup data = NULL
mail.artpaint in "! +local_domains"? no (matched "! +local_domains" - cached)
dnslookup router skipped: domains mismatch
--------> system_aliases router <--------
local_part=test domain=mail.artpaint
calling system_aliases router
rda_interpret (string): ${lookup ldapm{user="cn=root,dc=artpaint,dc=spb,dc=ru"
pass="my_password" ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail?sub?(&(account
Status=active)(mail AlternateAddress=${quote_ldap:$local_part}${quote_ldap:@}${
quote_ldap:$domain}) )}}
search_open: ldapm "NULL"
search_find: file="NULL"
key="user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail?sub?(&(accountStatus=active)(mail
AlternateAddress=test%40mail.artpaint))" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldapm key="user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail?sub?(&(accountStatus=active)(mail
AlternateAddress=test%40mail.artpaint))"
database lookup required for user="cn=root,dc=artpaint,dc=spb,dc=ru"
pass="my_password" ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail?sub?(&(account
Status=active)(mail AlternateAddress=test%40mail.artpaint))
LDAP parameters: user=cn=root,dc=artpaint,dc=spb,dc=ru pass=my_password size=0
time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapm URL = "ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail
?sub?(&(accountStatus=active)(mai lAlternateAddress=test%40mail.artpaint))"
server=192.168.10.8 port=389 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=192.168.10.8 port=389
ldap_initialize with URL ldap://192.168.10.8:389/
initialized for LDAP (v3) server 192.168.10.8:389
LDAP_OPT_X_TLS_TRY set
binding with user=cn=root,dc=artpaint,dc=spb,dc=ru password=my_password
Start search
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: no results
lookup failed
expanded:
file is not a filter file
parse_forward_list:
system_aliases router declined for test@mail.artpaint
--------> ldapuser router <--------
local_part=test domain=mail.artpaint
checking "condition"
search_open: ldapdn "NULL"
search_find: file="NULL"
key="user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStatus=active)(mail=tes
t%40mail.artpaint))" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldapdn key="user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStatus=active)(mail=tes
t%40mail.artpaint))"
database lookup required for user="cn=root,dc=artpaint,dc=spb,dc=ru"
pass="my_password" ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStat
us=active)(mail=tes t%40mail.artpaint))
LDAP parameters: user=cn=root,dc=artpaint,dc=spb,dc=ru pass=my_password size=0
time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapdn URL = "ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??su
b?(&(accountStatus=active)(mail=te st%40mail.artpaint))" server=192.168.10.8
port=389 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=192.168.10.8 port=389
re-using cached connection to LDAP server 192.168.10.8:389
Start search
ldap_result loop
LDAP entry loop
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: returning: mail=test@mail.artpaint,ou=mail.artpaint,ou=mail,dc=art
paint,dc=spb,dc=ru
lookup yielded: mail=test@mail.artpaint,ou=mail.artpaint,ou=mail,dc=artpaint,dc
=spb,dc=ru
calling ldapuser router
ldapuser router called for test@mail.artpaint
domain = mail.artpaint
set transport ldap_delivery
queued for ldap_delivery transport: local_part = test
domain = mail.artpaint
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by ldapuser router
envelope to: test@mail.artpaint
transport: ldap_delivery
----------- end verify ------------
accept: condition test succeeded
SMTP>> 250 Accepted
250 Accepted
data
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
354 Enter message, ending with "." on a line by itself
search_tidyup called
unbind LDAP connection to 192.168.10.8:389
test
.
host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
>>Headers after rewriting and local additions:
Data file written for message 1IKXO3-0000H7-Ns
>>Generated Received: header line
P Received: from localhost.artpaint ([127.0.0.1] helo=localhost)
by artpaint.spb.ru with smtp (Exim 4.67 (FreeBSD))
(envelope-from <test@artpaint.spb.ru>)
id 1IKXO3-0000H7-Ns
for test@mail.artpaint; Mon, 13 Aug 2007 14:43:08 +0400
using ACL "acl_check_data"
processing "deny"
check malware = *
waiting for data on socket
deny: condition test failed
processing "accept"
accept: condition test succeeded
unspool_mbox(): unlinking
'/var/spool/exim/scan/1IKXO3-0000H7-Ns/1IKXO3-0000H7-Ns.eml'
calling local_scan(); timeout=300
local_scan() returned 0 NULL
LOG: MAIN
<= test@artpaint.spb.ru H=localhost.artpaint (localhost) [127.0.0.1] P=smtp
S=239
SMTP>> 250 OK id=1IKXO3-0000H7-Ns
250 OK id=1IKXO3-0000H7-Ns
**** SMTP testing: that is not a real message id!
smtp_setup_msg entered
quit
SMTP<< quit
SMTP>> 221 artpaint.spb.ru closing connection
221 artpaint.spb.ru closing connection
LOG: smtp_connection MAIN
SMTP connection from localhost.artpaint (localhost) [127.0.0.1] closed by QUIT
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=1061 terminating with rc=0 >>>>>>>>>>>>>>>>
в логах при обычном тест на 25 порт такое:
Aug 13 14:28:57 mail exim[950]: 1IKX5o-0000Et-4t == test@mail.artpaint
R=ldapuser T=ldap_delivery defer (-1): Expansion of "${lookup
ldap{user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?homeDirectory?sub?(&(accountStatus=act
ive)mail=${quote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain}))}{/mail
/$value/Maildir/}}" (file or directory name for ldap_delivery transport) failed:
lookup of "user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?homeDirectory?sub?(&(accountStatus=act
ive)mail=test%40mail.artpaint))" gave DEFER: ldap_search failed: -7, Bad search
filter
daf>> как я в блэк листе... попытался составить письмо на дарес
daf>> отправителя, и опять таки - unroutebale address
AT> а ты уже проверл работу соответсвующего роутера, который судя по всему
AT> должен к LDAP бегать?
не понял вопpоса. лдап стоит на этом же сеpвеpе, если ты об этом.
daf>> кусок конфига экзима:
daf>> Код:
daf>> domainlist local_domains = mail.artpaint : artpaint.spb.ru
daf>> domainlist relay_to_domains = mail.artpaint : artpaint.spb.ru
AT> здорово, так exim должен считать эти домены своими или нет?
AT> разницу между local_domains and relay_to_domains ощущаешь?
да,
local_domains - список локальных доменов, котоpый будет фигурировать в виде
+local_domains
relay_to_domains - список доменов с которых разрешены релеи.
если не пpав, то попpавьте меня. так как возможно не доконца pазобpался в
теpминах.
вот конфиг экзима:
=== configure ===
primary_hostname = artpaint.spb.ru
ldap_default_servers = 192.168.10.8::389
LDAP_AUTH = user="cn=root,dc=artpaint,dc=spb,dc=ru" pass="my_password"
domainlist local_domains = mail.artpaint : artpaint.spb.ru
domainlist relay_to_domains = mail.artpaint : artpaint.spb.ru
hostlist relay_from_hosts = localhost.artpaint : localhost : 127.0.0.0/8
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
av_scanner = clamd:/var/run/clamav/clamd
tls_advertise_hosts = *
tls_certificate = /usr/local/etc/ssl/mail.pem
tls_privatekey = /usr/local/etc/ssl/mail.pem
qualify_domain = mail.artpaint
qualify_recipient = mail.artpaint
allow_domain_literals = false
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 7d
freeze_tell = root@mail.artpaint
helo_accept_junk_hosts = 192.168.10.0/24
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP PREVED"
smtp_accept_max = 100
smtp_accept_max_per_connection = 100
smtp_connect_backlog = 30
smtp_accept_max_per_host = 100
split_spool_directory = true
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 3M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no
begin acl
acl_check_rcpt:
accept hosts = :
deny message = "Restricted characters in address."
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "Restricted characters in address."
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = "IP address not accepted as HELO!"
hosts = *:!+relay_from_hosts
condition = ${if
eq{$sender_helo_name}{$sender_host_address}{true}{false}}
deny condition = ${if
eq{$sender_helo_name}{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "Main IP in your HELO. Access denied."
deny condition = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1:!localhost:*
message = "HELO/EHLO not found."
accept authenticated = *
deny message = "host in blacklist - $dnslist_domain \n $dnslist_text"
dnslists = opm.blitzed.org : \
proxies.blackholes.easynet.nl : \
cbl.abuseat.org : \
bl.spamcop.net : \
bl.csma.biz : \
dynablock.njabl.org : \
warn
set acl_m0 = 25s
warn
hosts = +relay_from_hosts
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address]
with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "User unknown."
verify = recipient
accept domains = +relay_to_domains
endpass
message = "No route to host."
verify = recipient
accept hosts = +relay_from_hosts
deny message = "It's not open-relay. Sorry."
acl_check_data:
deny malware = *
message = "In e-mail found VIRUS - $malware_name"
accept
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup ldapm{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mail?sub?(&(accountStatus=active)(mail
AlternateAddress=${quote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain})
)}}
ldapuser:
driver = accept
condition = ${if eq{}{${lookup ldapdn{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStatus=active)(mail=${q
uote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain}))}}}{no}{yes}}
transport = ldap_delivery
begin transports
remote_smtp:
driver = smtp
ldap_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup ldap{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?homeDirectory?sub?(&(accountStatus=act
ive)mail=${quote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain}))}{/mail
/$value/Maildir/}}
directory_mode = 770
envelope_to_add
maildir_use_size_file
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
quota = ${lookup ldap{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?mailQuotaSize?sub?(&(accountStatus=act
ive)(mail=${quote_ldap:$local_part}${quote_ldap:@}${quote_ldap:$domain}))}{$val
ue}fail}
quota_warn_message = "\
To: $local_part@$domain\n\
From: postmaster@$domain\n\
Subject: Your maildir is going full\n\
This message is automaticaly gnerated by your mail server.\n\
This means, that your mailbox is 80% full. If you would \n\
override this limit new mail would not be delivered to you!\n\n\
Please, clean your mailbox."
quota_warn_threshold = 80%
return_path_add
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
begin retry
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup ldapdn{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStatus=active)(mail=${q
uote_ldap:$2})(clearPassword=${quote_ldap:$3}))}{yes}{no}}
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup ldapdn{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru??sub?(&(accountStatus=active)(mail=${q
uote_ldap:$1})(clearPassword=${quote_ldap:$2}))}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup ldap{LDAP_AUTH
ldap:///ou=mail,dc=artpaint,dc=spb,dc=ru?clearPassword?sub?(&(accountStatus=act
ive)(mail=${quote_ldap:$1}))}{$value}fail}
server_set_id = $1
[f0s@mail] /usr/local/etc/exim/>
--
dmitry a. frolov (f0s)
2:550/2 && 2:5030/4441
http://f0s.livejournal.com
--- GoldED+/W32-MSVC 1.1.5-20070114 (WinNT 5.2.3790-SP1 iP-IV)
* Origin: Зубила 2.2i 147л.с. АКПП сине-зеленый [c068ep|98] (2:550/2.2)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
exim+ldap |
dmitry a. frolov |
10 Aug 2007 14:10:04 |
 Re: exim+ldap |
Alexander Titaev |
13 Aug 2007 17:27:56 |
 exim+ldap |
dmitry a. frolov |
13 Aug 2007 15:17:22 |
|
Re: exim+ldap |
Alexander Titaev |
14 Aug 2007 16:03:44 |
|
exim+ldap |
dmitry a. frolov |
14 Aug 2007 16:17:20 |
|
Re: exim+ldap |
Alexander Titaev |
15 Aug 2007 11:11:20 |
|
exim+ldap |
dmitry a. frolov |
15 Aug 2007 09:08:22 |
|
Re: exim+ldap |
Alexander Titaev |
15 Aug 2007 16:52:15 |
|
exim+ldap |
dmitry a. frolov |
16 Aug 2007 08:57:38 |
|
Re: exim+ldap |
Alexander Titaev |
16 Aug 2007 17:50:18 |
|
|
