Installation
apt-get install exim4-heavy cyrus-imapd amavisd-new greylistd
In der Datei exim4.conf.template bzw. in conf.d/ werden die Anpassungen für den exim Daemon vorgenommen. Damit diese dem daemon bei Dienststart zur Verfügung stehen, ist dpkg-reconfigure exim4-config aufzurufen, welches die Konfiguration erstellt.
virtuelle Aliase für lokale User
mkdir -p /etc/exim4/virtual/{tiri.li,x-euro.com}
cd /etc/exim4/virtual
ls -1 > domains
for i in $(cat domains)
do
touch $i/aliases
done
echo "postmaster: localpostadmin" >> tiri.li/aliases
/etc/exim4/conf.d/transport/01_exim4-config_amavis
amavis: driver = smtp port = 10024 allow_localhost
/etc/exim4/conf.d/transport/30_exim4-config_lmtp_cyrus
local_delivery_lmtp:
headers_add = "X-added: local_lmtp ${tod_log}\n"
driver = smtp
protocol = lmtp
hosts_override
hosts = 127.0.0.1
allow_localhost
return_path_add
local_delivery_cyrus:
driver = pipe
command = /usr/sbin/cyrdeliver \
-r ${sender_address} \
-m ${substr_1:$local_part_suffix} -- $local_part
group = Debian-exim
headers_add = "X-added: local_cyrus ${tod_log}\n"
log_output
message_prefix = ""
message_suffix = ""
return_output
user = cyrus
# -r ${sender_address} zufuegen wegen sieve (hier wird der returnpath falsch gesetzt!)
#command = /usr/cyrus/bin/deliver \
# -m ${substr_1:$local_part_suffix} -- ${substr_1:$local_part_prefix}
#return_path_add
/etc/exim4/conf.d/router/01_exim4-config_amavis
amavis:
driver = manualroute
condition = "${if eq {$interface_port}{10025} {0}{1}}"
# if scanning incoming mails, uncomment the following line and
# change local_domains accordingly
domains = +local_domains
transport = amavis
route_list = "* localhost byname"
self = send
/etc/exim4/conf.d/router/301_exim4-config_virtual_aliases
virtual_aliases:
debug_print = "R: virtual_aliases for $local_part@$domain"
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch*{/etc/exim4/virtual/${domain}/aliases}}
domains = partial-lsearch;/etc/exim4/virtual/domains
qualify_preserve_domain
retry_use_local_part
user = Debian-exim
/etc/exim4/conf.d/router/701_exim4-config_local_user_cyrus
local_user_cyrus: driver = accept local_part_suffix = +* local_part_suffix_optional retry_use_local_part # cyrus-subfolder-posting enable transport = local_delivery_cyrus # via lmtp funktioniert subfolder-posting nicht #transport = local_delivery_lmtp
Um den greylistd unter debian mit exim zum Laufen zu bringen, sind folgende Schritte notwendig:
If you prefer to configure Exim 4 for greylistd by hand, please see /usr/share/doc/greylistd/README.Debian.
/etc/greylistd/config
[timeouts] retryMin = 3600 # sollte angepasst werden, ca. 10min retryMax = 28800 expire = 5184000 [socket] path = /var/run/greylistd/socket mode = 0660 [data] update = 600 statefile = /var/lib/greylistd/states tripletfile = /var/lib/greylistd/triplets savetriplets = true
greylist add --white {relayhost}
greylist add --whitelist 217.160.20.73 greylist add --whitelist 87.106.38.111 greylist delete 195.226.126.82 greylist list
greylist stats
Statistics since Wed Jun 7 07:46:53 2006 (30 minutes and 47 seconds ago) ------------------------------------------------------------------------- 2 items, matching 2 requests, are currently whitelisted 0 items, matching 0 requests, are currently blacklisted 9 items, matching 11 requests, are currently greylisted
acl sektion
acl_whitelist_local_deny:
accept
hosts = ${if exists{/etc/exim/local_host_whitelist}\
{/etc/exim/local_host_whitelist}\
{}}
accept
senders = ${if exists{/etc/exim/local_sender_whitelist}\
{/etc/exim/local_sender_whitelist}\
{}}
acl_check_rcpt:
defer
message = $sender_host_address is not yet authorized to deliver \
mail from <$sender_address> to <$local_part@$domain>. \
Please try later.
log_message = greylisted.
!senders = :
!hosts = : +relay_from_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
!authenticated = *
!acl = acl_whitelist_local_deny
domains = +local_domains : +relay_to_domains
verify = recipient/callout=20s,use_sender,defer_ok
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey \
$sender_host_address \
$sender_address \
$local_part@$domain}\
{5s}{}{false}}
/etc/cyrus.conf
# Debian defaults for Cyrus IMAP server/cluster implementation
# see cyrus.conf(5) for more information
#
# All the tcp services are tcpd-wrapped. see hosts_access(5)
# $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $
START {
# do not delete this entry!
recover cmd="/usr/sbin/ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# this is NOT to be enabled right now in Debian builds
#idled cmd="idled"
# this is useful on backend nodes of a Murder cluster
# it causes the backend to syncronize its mailbox list with
# the mupdate master upon startup
#mupdatepush cmd="/usr/sbin/ctl_mboxlist -m"
# this is recommended if using duplicate delivery suppression
delprune cmd="/usr/sbin/ctl_deliver -E 3"
# this is recommended if caching TLS sessions
tlsprune cmd="/usr/sbin/tls_prune"
}
# UNIX sockets start with a slash and are absolute paths
# you can use a maxchild=# to limit the maximum number of forks of a service
# you can use babysit=true and maxforkrate=# to keep tight tabs on the service
# most services also accept -U (limit number of reuses) and -T (timeout)
SERVICES {
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
#imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
#nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
# At least one form of LMTP is required for delivery
# (you must keep the Unix socket name in sync with imap.conf)
lmtp cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0 maxchild=20
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
# ----------------------------------------------
# useful if you need to give users remote access to sieve
# by default, we limit this to localhost in Debian
sieve cmd="timsieved" listen="127.0.0.1:sieve" prefork=0 maxchild=100
# this one is needed for the notification services
notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
# --- Murder frontends -------------------------
# enable these and disable the matching services above,
# except for sieve (which deals automatically with Murder)
# mupdate database service - must prefork at least 1
# (mupdate slaves)
#mupdate cmd="mupdate" listen=3905 prefork=1
# (mupdate master, only one in the entire cluster)
#mupdate cmd="mupdate -m" listen=3905 prefork=1
# proxies that will connect to the backends
#imap cmd="proxyd" listen="imap" prefork=0 maxchild=100
#imaps cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
#pop3 cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
#lmtp cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
# ----------------------------------------------
}
EVENTS {
# this is required
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401
# this is only necessary if caching TLS sessions
tlsprune cmd="/usr/sbin/tls_prune" at=0401
squatter cmd="/usr/sbin/squatter -r *" period=30
}