Re: Sending mail takes ages.
#You sure it's the authentication that's taking the time? A delay of a
#minute sounds suspiciously like a DNS timeout of some kind. Is the
#server able to resolve the hostname(s) of the connecting clients?
I thought that, so I turned off host lookups in the exim config - same thing
happens.
If I've missed anything, please let me know...
I have included my exim4 config file below, I am by no means an expert with
exim, so please forgive the state of the file :-)
This was originally running as exim 3 on Woody, but migrated when Sarge went
stable...
--------------------------------------------------------------
pclarke@cholet:~$ cat /etc/exim4/exim4.conf.template
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.
domainlist local_domains = @ : \
@[] : \
localhost : \
wimbledon : \
*.wimbledon : \
an.other.domain : \
and.an.other
hostlist relay_hosts = 127.0.0.1 : \
::::1 : \
192.168.0.0/24
hostlist auth_relay_hosts = *
# This is the main exim configuration file.
# It was originally generated by `eximconfig', part of the exim package
# distributed with Debian, but it may edited by the mail system
administrator.
# This file originally generated by eximconfig at Tue Mar 16 00:28:47 GMT
2004
# See exim info section for details of the things that can be configured
here.
# Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
#qualify_domain = wimbledon
# If you want unqualified recipient addresses to be qualified with a
different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not
want
# to do any local deliveries, uncomment the following line, but do not
supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
# Allow mail addressed to our hostname, or to our IP address.
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
# If this is uncommented, we accept and relay mail for all domains we are
# in the DNS as an MX for.
#relay_domains_include_local_mx = true
# No local deliveries will ever be run under the uids of these users (a
colon-
# separated list). An attempt to do so gets changed so that it runs under
the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = !192.168.0.0/24 : *
# The setting below would, if uncommented, cause Exim to check the syntax of
# all the headers that are supposed to contain email addresses (To:, From:,
# etc). This reduces the level of bounced bounces considerably.
# Exim contains support for the Realtime Blocking List (RBL), and the many
# similar services that are being maintained as part of the DNS. See
# http://www.mail-abuse.org/ for background. The line below, if uncommented,
# will reject mail from hosts in the RBL, and add warning headers to mail
# from hosts in a list of dynamic-IP dialups. Note that MAPS may charge
# for this service.
#rbl_domains = rbl.mail-abuse.org/reject : dialups.mail-abuse.org/warn
#rbl_domains = blackholes.mail-abuse.org/reject : \
# dialups.mail-abuse.org/reject : \
# relays.mail-abuse.org/warn
#rbl_hosts = !192.168.0.0/24:0.0.0.0/0
# but allow mail to postmaster@my.dom.ain even from rejected host
# change some logging actions (collect more data)
# http://www.rfc-ignorant.org is another interesting site with a number of
# services you can use with the rbl_domains option
# The setting below allows your host to be used as a mail relay by only
# the hosts in the specified networks. See the section of the manual
# entitled "Control of relaying" for more info.
# This setting allows anyone who has authenticated to use your host as a
# mail relay. To use this you will need to set up some authenticators at
# the end of the file
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part
# percent_hack_domains=*
# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.
trusted_users = mail:www-data
# This tells what virus scanner to user
av_scanner = clamd:/var/run/clamav/clamd.ctl
# SA-Exim hook...
local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
#
# SPAM message filter...
#
system_filter = /etc/exim4/system_filter.exim
message_body_visible = 5000
system_filter_reply_transport = address_reply
# this spam transport compliments spamassassin...
system_filter_file_transport = spam_transport
# If this option is true, the SMTP command VRFY is supported on incoming
# SMTP connections; otherwise it is not.
# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these
options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields
matched
# by the pattern.
gecos_pattern = ^([^,:]*)
gecos_name = $1
# This sets the maximum number of messages that will be accepted in one
# connection and immediately delivered. If one connection sends more
# messages than this, any further ones are accepted and queued but not
# delivered. The default is 10, which is probably enough for most purposes,
# but is too low on dialup SMTP systems, which often have many more mails
# queued for them when they connect.
smtp_accept_queue_per_connection = 100
# Send a mail to the postmaster when a message is frozen. There are many
# reasons this could happen; one is if exim cannot deliver a mail with no
# return address (normally a bounce) another that may be common on dialup
# systems is if a DNS lookup of a smarthost fails. Read the documentation
# for more details: you might like to look at the auto_thaw option
errors_copy = "*@* postmaster"
freeze_tell = postmaster
ignore_bounce_errors_after = 12h
auto_thaw = 60s
# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
(Exim ${version_number} #${compile_number} (Debian))\n\t\
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
# Attempt to verify recipient address before receiving mail, so that mails
# to invalid addresses are rejected rather than accepted and then bounced.
# Apparently some spammers are abusing servers that accept and then bounce
# to send bounces containing their spam to people.
# This would make exim advertise the 8BIT-MIME option. According to
# RFC1652, this means it will take an 8bit message, and ensure it gets
# delivered correctly. exim won't do this: it is entirely 8bit clean
# but won't do any conversion if the next hop isn't. Therefore, if you
# set this option you are asking exim to lie and not be RFC
# compliant. But some people want it.
#accept_8bitmime = true
# This will cause it to accept mail only from the local interface
#local_interfaces = 127.0.0.1
# If this next line is uncommented, any user can see the mail queue
# by using the mailq command or exim -bp.
#queue_list_requires_admin = false
#
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
accept domains = +local_domains
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# Reject file extensions used by worms.
# Note that the extension list may be incomplete.
deny message = This domain has a policy of not accepting certain types of
attachments \
in mail as they may contain a virus. This mail has a file
with a .$found_extension \
attachment and is not accepted. If you have a legitimate
need to send \
this particular attachment, send it in a compressed archive,
and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# Reject messages containing malware.
deny message = This message contains a virus ($malware_name) and has been
rejected
malware = *
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
accept
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.
begin authenticators
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name =
"${extract{auth_name}{${lookup{$sender_address}lsearch{/etc/exim4/smtp_users}{$value}fail}}}"
client_secret =
"${extract{auth_pass}{${lookup{$sender_address}lsearch{/etc/exim4/smtp_users}{$value}fail}}}"
plain:
driver = plaintext
public_name = PLAIN
client_send =
"${extract{auth_plain}{${lookup{$sender_address}lsearch{/etc/exim4/smtp_users}{$value}fail}}}"
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
begin rewrite
*@* "${extract{user}
{${lookup{$0}lsearch{/etc/exim4/smtp_users}{$value}fail}} {$value}
fail}@localhost" T
#!!#######################################################!!#
#!!# Here follow routers created from the old routers, #!!#
#!!# for handling non-local domains. #!!#
#!!#######################################################!!#
begin routers
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# Send all mail to a smarthost
smarthost_auto:
driver = manualroute
condition =
${extract{smart_host}{${lookup{$sender_address}lsearch{/etc/exim4/smtp_users}{$value}fail}}}
domains = ! +local_domains
route_list = *
${extract{smart_host}{${lookup{$sender_address}lsearch{/etc/exim4/smtp_users}{$value}fail}}}
byname
transport = remote_smtp
smarthost_directly:
driver = manualroute
domains = ! +local_domains
route_list = * $domain byname
transport = remote_smtp
no_more
# SpamAssassin
#spamcheck_router:
# no_verify
# check_local_user
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
# driver = accept
# transport = spamcheck
# This allows local delivery to be forced, avoiding alias files and
# forwarding.
real_local:
driver = accept
check_local_user
local_part_prefix = real-
transport = local_delivery
# This router handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = list
# Uncomment the above line if you are running smartlist
# the following router uses the nis mail aliases file to do
# alias expansion if it is present.
#nis_aliases:
# driver = redirect
# allow_defer
# allow_fail
# data = ${lookup{$local_part}nis{mail.aliases}}
# file_transport = address_file
# pipe_transport = address_pipe
# retry_use_local_part
# This router handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.
# For standard debian setup of one group per user, it is acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the exim
# default of 022 will apply, which is probably what you want.
userforward:
#!!# filter renamed allow_filter
driver = redirect
allow_filter
check_ancestor
check_local_user
directory_transport = address_directory
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
# modemask = 002
# This router runs procmail for users who have a .procmailrc file
procmail:
driver = accept
check_local_user
require_files =
${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
transport = procmail_pipe
no_verify
# This router matches local user mailboxes.
localuser:
driver = accept
check_local_user
transport = local_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# This transport is used for local delivery to user mailboxes. On debian
# systems group mail is used so we can write to the /var/spool/mail
# directory. (The alternative, which most other unixes use, is to deliver
# as the user's own group, into a sticky-bitted directory)
begin transports
local_delivery:
driver = appendfile
directory = ${home}/Maildir
envelope_to_add
group = mail
maildir_format
message_prefix = ""
mode = 0660
no_mode_fail_narrower
return_path_add
# This transport is used for handling pipe addresses generated by
# alias or .forward files. If the pipe generates any standard output,
# it is returned to the sender of the message as a delivery error. Set
# return_fail_output instead if you want this to happen only when the
# pipe fails to complete normally.
address_pipe:
driver = pipe
path = /usr/bin:/bin:/usr/local/bin
return_output
# This transport is used for handling file addresses generated by alias
# or .forward files.
address_file:
driver = appendfile
envelope_to_add
return_path_add
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name. Each message is then
delivered
# to a unique file in the directory. If instead you want all such deliveries
to
# be in the "maildir" format that is used by some other mail software,
# uncomment the final option below. If this is done, the directory specified
# in the .forward or alias file is the base maildir directory.
#
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another transport,
# called address_directory2. This is used if the path ends in "//" so should
# be the one used for maildir, as the double slash suggests another level
# of directory. In the absence of address_directory2, paths ending in //
# are passed to address_directory.
address_directory:
driver = appendfile
check_string =
maildir_format
message_prefix = ""
message_suffix = ""
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
# This transport is used for procmail
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail"
delivery_date_add
envelope_to_add
message_suffix = ""
return_path_add
# check_string = "From "
# escape_string = ">From "
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
# To use SMTP AUTH when sending to a particular host, such as your ISP's
# smarthost, uncomment and edit the above line, and also the example
# client-side authenticators at the bottom of the file
spam_transport:
driver = appendfile
delivery_date_add
envelope_to_add
group = mail
user = mailadmin
# SpamAssassin
#spamcheck:
# driver = pipe
# command = /usr/sbin/exim4 -oMr spam-scanned -bS
# use_bsmtp = true
# transport_filter = /usr/bin/spamc
# home_directory = "/tmp"
# current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back
in!
# user = mail
# group = mail
# log_output = true
# return_fail_output = true
# return_path_add = false
# message_prefix =
# message_suffix =
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 2 hours and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
begin retry
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
# End of Exim 4 configuration
Reply to: