On Wed, Dec 05, 2007 at 01:47:33PM -0600, Bob Goldberg wrote:
> running debian etch w/ exim 4.
>
> I want to setup exim to receive internet email, and accept/relay ONLY emails
> to a recipient listed in a text file, on to my exchange server. It will not
> send any outbound email.
I think I've figured out how to do this. more below.
>
> I've been having a heck of a time getting this to work. been trying to edit
> config files, make my own router etc...
> I'm thinking I shouldn't need to make my own router, just mod an existing
> one, but not sure which to use for sure....
you're close. you can do this all with ACL's and then one simple router and
one simple transport for everything.
> (1) i'm dpkg-reconfig 'g and I'm being asked "should this machine consider
> itself the final destination".
> I'm not even 100% sure how to answer this stupid question. What EXACTLY IS
> the final destination?
"final destination" means that exim should take that mail and actually
stick it in users mailboxes.
> is my debian box the final destination even though it will relay all email
> to an exchange server, and have NO "localhost" email boxes???
no
[snipping poor frustrated Bob...]
> So then, if I go to mod the exim.conf.template file - I have NO IDEA what to
> do in here, because it references all kinds of variables I know nothing (or
> next to) about!
exim.conf.template is a template file that debian's exim uses to build
a exim4.conf form on the fly. That's why there are all those wacky
variables. They get expanded into other variables in an actual
exim4.conf file (not really a file, I don't think, because it never
really exists on the system) that exim reads at startup. I think. heh.
I think you should stay away from dpkg-reconfigure for this one. Use
the example file /usr/share/doc/exim4/examples/example.conf.gz, unzip
it somewhere and look through it.
here are the parts I think apply to your setup.
sorry about the wrap
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Specify your host's canonical name here. This should normally be the
fully
# qualified "official" name of your host. If this option is not set,
the
# uname() function is called to obtain the name. In many cases this
does
# the right thing and you need not set anything explicitly.
primary_hostname = <name of your machine here: some.domain.com, or
leave it blank and let it look up itself>
# The next three settings create two lists of domains and one list of
hosts.
# These lists are referred to later in this configuration using the
syntax
# +local_domains, +relay_to_domains, and +relay_from_hosts,
respectively. They
# are all colon-separated lists:
domainlist local_domains = <leave this blank, no local delivery>
domainlist relay_to_domains = <in here put your domains: *.myco.com,
that is, the ones you are recieving mail from>
hostlist relay_from_hosts = <leave this blank, you're not relaying
from any hosts>
then scroll down to the acl's and look for
accept local_parts = postmaster
domains = +local_domains
you're going to make one similar to it:
accept local_parts = ${lookup{$local_part}lsearch{/path/to/recipient-file}}
domains = +relay_to_domains
That says, accept the message if the local_parts (parts before the @)
are in the recipient-file AND the domain (part after the @) is in the
variable relay_to_domains you set above. So to accept mail for
bob@myco.com you need 'bob' in that file and relay_to_domains =
myco.com : fooco.com : barco.com etc...
then put in a big fat deny for everything else:
deny message = relay not permitted
You can probably delete most of the other ACL stuff, but the comments
are good, so read them over. I would suggest you comment out the other
accept ones. Note, I have *NOT* tested that local_parts expression
above. I don't actually know if that works, but I think it does. You
will need a simple flat text file with the local_parts of your
recipients listed out. Make sure that exim4 can read it (chown
root:Debian-exim should do it).
That should take care of it on the acl side.
Then you need a router and a transport. This gets tricky because I
don't know what you need (if anything) to authenticate to the exchange
server, but I'm going to assume its an unauthenticated smtp connection
on your secure lan.
begin routers
# this router, the only router, sends all accepted mail to the
# exchange_smtp transport
exchange_router:
driver = manual
domains = *
transport = exchange_smtp
begin transports
# this transport, the only transport, sends all routed mail to the
# exchange server.
exchange_smtp:
driver = smtp
hosts = <your exchange server's name or IP>
This is heavily *NOT* tested, but maybe it helps you get going.
> So - while I'm on my rant - what email server do SMART people run on debian
> (what should I be using)?
I'm told I'm smart and I run exim, but that's not necessarily a good
indicator.
;-)
A
Attachment:
signature.asc
Description: Digital signature