Re: Exim relaying and DNS questions (for small mail server)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 19 January 2002 4:07 pm, Rory Campbell-Lange wrote:
> I've setup a machine in a little office to allow people in the office to
> send each other email, and to download and parcel out incoming mail from
> the isp using using fetchmail, exim and procmail. This all works fine.
> The clients, all running macs, all can pick up pop3 mail served via
> ipopd.
>
> I'd like to be able to allow clients to send mail to other people on our
> internal network, or to the isp, via the mail server. Clients presently
> get a "relaying is denied" message from exim.
>
> What I would like to do:
>
> 1. Setup bind so that they can pickup and send mail via
> myname@mail.local.domain.com. I don't know the first thing about
> setting this up in small network. Pointers gratefully received.
Can you be more specific here. Is some variant of domain.com actually yours?
What do people external to the office mail you on?
I am going to give you how I do it for my house. I "own"
chandlerfamily.org.uk and an external company sets up the DNS records to
point mail requests (in DNS speak the MX record) at its own mail server which
then forwards mail to my ISP. It also sets up a dns records for
www.chandlerfamily.org.uk to its own web server which then creates a frame
and forwards the frame to my web space at the ISP. Since my ISP does not
allow me to set up services on my end of the line, I didn't want to use
chandlerfamily.org.uk for the internal network of machines. So after some
thought I created an "internal domain" for the home called .home
Here is some of my named .conf I have created an internal network with
winnie the pooh machine names on the .home domain (I sometimes have the two
forwarders lines in, sometimes I leave them out - they are the ip addresses
of my ISPs DNS service - I find it can be unreliable and so I just avoid
him). Also, my main gateway (roo.home) has a number of other ip addresses
and names (mail.home www.home news.home etc)
============================named.conf
...
options {
directory "/var/cache/bind";
listen-on {127.0.0.1; 10.0.10/24; };
query-source address * port 53;
notify no;
//forwarders {
// 62.30.112.121;
// 62.30.112.122;
};
};
... (standard stuff for db.root db.localhost db.127 and db.0 set up by
debian)
zone "home" {
type master;
file "/etc/bind/db.home";
};
zone "10.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.10.0.10";
};
========================db.home
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA home. root.home. (
8 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS roo.home.
@ IN MX 10 mail.home.
kanger IN A 10.0.10.1
pooh IN A 10.0.10.2
tigger IN A 10.0.10.3
eeyore IN A 10.0.10.4
;
;
piglet IN A 10.0.10.20
rabbit IN A 10.0.10.30
;
;
; 50-99 allocated to dhcpd clients
;
; Default gateway
;
roo IN A 10.0.10.100
www IN A 10.0.10.101
home IN CNAME www
mail IN A 10.0.10.102
fetchmail IN CNAME mail
news IN CNAME mail
cvs IN CNAME roo
apps IN A 10.0.10.103
============================ db.10.0.10
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA home. root.home. (
8 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS roo.home.
1 IN PTR kanger.home.
2 IN PTR pooh.home.
3 IN PTR tigger.home.
4 IN PTR eeyore.home.
;
; From this point on we allocate IP addresses for visiting devices which
require a fixed IP
;
20 IN PTR piglet.home.
30 IN PTR rabbit.home.
;
; Note the range 50-99 is reserve for dhcpd to dynamically allocate
;
; Default Gateway has several names and addresses
;
100 IN PTR roo.home.
101 IN PTR www.home.
102 IN PTR mail.home.
103 IN PTR apps.home.
============================
>
> 2. Fix the relaying issue
> I've read the "Control of Relaying" section in the exim docs.
> It appears that I need to:
> a) set host_accept_relay to accept mail on
> 192.168.181.0/255.255.255.0:localhost
Exactly (I actually use the other notation and resolve local host - ie
10.0.10.0/24:127.0.0.1)
> b) set the local_domain so that local mail is put into local email
> boxes
> is localdomains = localhost:mail:192.168.181.0 ok here?
I think your middle entry could be *.mail.local.domain.com (from what you
said about the domain you want to use - what names are you going to give your
other local machines)
In my example above I put localhost:*.home:chandlerfamily.org.uk
You don't need the ip address. I orginally did that so that fetchmail would
work (by default it puts the mail over as localuser@localhost) I now put
"smtpaddress fetchmail.home" at the end of each "user" line in my fetchmailrc
file so that the headers tells me more specifically how the mail is delivered
> c) set a smarthost (the isp) who gets all the other mail
> authentication settings for _server side authentication_ (is
> this right, to allow client to attatch to this mail server).
Not sure I understand what your are saying here. My users send outgoing mail
via my mailserver at mail.home this means exim can tell whether its internal
mail or external - for outgoing mail I have a router
smarthost:
driver = domainlist
transport = remote_smtp
route_list = "* smtp.blueyonder.co.uk bydns_a"
which sends everything via my isp (blueyonder.co.uk)
and a transport
remote_smtp:
driver = smtp
headers_rewrite = *@*home $1@chandlerfamily.org.uk
return_path = ${lc:${sender_address_local_part}}@chandlerfamily.org.uk
# authenticate_hosts = smarthost.isp.com
The authenticate_hosts option of for exim to authenticate itself to your isps
mail server when it send the outgoing mail. I think this depends on what
your isp needs (mine doesn't as it knows who I am from the ip address being
in its block). You can see I am rewriting all home addresses into
chandlerfamily.org.uk ones as they go out.
> I can use the plaintext drivers to auth aagainst /etc/exim/passwd.
Again I am confused about what you mean here. Mail destined for your users
will be put into a mail file (probably /var/spool/mail/$user) using the
appendfile transport. The director that sends via this transport may need to
check which users are local (to your office). In my case I do not use
/etc/passwd but list the users who are allowed to receive mail in a file
(this is because I have more accounts than mail users, and I want to do
catchall addresses and not send them to the spool file - you do this via a
line in the director
local_parts = /etc/exim/localusers
HOWEVER, when users come to get their mail they are going to use POP3 or IMAP
to connect to your machine. The software that is acting as the POP3 or IMAP
server will need to validate the connection and one way of doing that is to
look it up in /etc/passwd (there are other ways too)
> Have I left anything out?
There are lots of other things you could do - like filtering for spam -
allowing people to sent out of the office messages - mailing lists for
specific topics in the office (I use mailman for this - but exim can be set
up to do simple versions of it).
Get the basics up and then worry about the rest later.
Feel free to ask any more questions
- --
Alan - alan@chandlerfamily.org.uk
http://www.chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8Sa081mf3M5ZDr2kRAv9QAKCC082HuObk5t3DbA47T6+59yGoOgCeP3jE
YBxyrq5XBGQMr7le+IBU2Hk=
=6m2s
-----END PGP SIGNATURE-----
Reply to: