لطفا منتظر باشید ...
Basic Exim
Configuration
As the mail server that's the default for
Debian GNU/Linux and its derivatives, Exim is moderately popular in the Linux
world. You can also use Exim with other distributions, and in fact it ships
with the PowerTools extensions for Red Hat, so it's fairly easy to install on
Red Hat and related distributions. Like sendmail, Exim is a monolithic program,
but the Exim configuration file format is relatively simple. Exim is capable of
doing many of the same things as is sendmail, and this section describes some
of these things, such as address masquerading, accepting mail addressed to
multiple domains, and setting various relay options.NOTE
align=left border=0> Because Exim is the default MTA only for Debian among those
distributions discussed in this book, this section uses Exim as shipped with
Debian as a reference. Other Exim installations may be configured differently
by default.
Exim's Configuration Files
The main Exim configuration file is called exim.conf , and it's usually located in /etc . This file consists of lines of the
form: option = value
The file may also contain comments, which are lines that begin
with a pound sign ( # ). In fact,
a standard Debian Exim installation uses an exim.conf
file that's mostly comments documenting what the configuration lines do. This
fact can help greatly when you want to modify an Exim installation, because you
can often figure out what needs to be changed by reading the comments in the
configuration file.TIP
align=left border=0> When Debian installs Exim, the installer runs a script
called eximconfig that
generates the exim.conf file.
You can run this script after the fact to reconfigure Exim without directly
editing the exim.conf file.
For small changes it's usually easier to edit the file yourself, because eximconfig requires you to respond to
all its questions again. Nonetheless, eximconfig
can be a useful tool if you're unfamiliar with Exim configuration, because it
generates a configuration file with options that are appropriate for your
system.
In addition to the main exim.conf
file, Exim may use other files as sources of supplemental information. In
particular, a default Debian Exim configuration uses these files: /etc/aliases
This file serves the same function in Exim as in sendmail: It associates two
accounts so that mail addressed to one user is delivered to another. For
instance, the line root: amelia
causes mail addressed to root to
be delivered to amelia instead.
You can also specify a nonlocal account; for instance, root: amelia@pangaea.edu
causes local mail for root to be
sent to amelia@pangaea.edu .
Unlike the sendmail file of this name, the Exim file doesn't need to be
compiled into a binary format to be used. /etc/email-addresses
This file causes From: addresses in outgoing mail to be rewritten. For
instance, ben: bfranklin@pangaea.edu
causes mail from ben on the
local system to appear to come from bfranklin@pangaea.edu .The eximconf
script creates an /etc/aliases
file that directs mail addressed to postmaster
to root , and in turn directs root 's mail to a user you specify. You can
add, delete, or modify this file as you see fit. The standard Debian /etc/email-addresses file is empty except
for some comments.
Exim
Address Masquerading
As described earlier, in "
to use a particular hostname or domain name instead of the one that's returned
by the hostname command. The
most basic level of address masquerading is accomplished through the qualify_domain option. This sets the
domain that's used for locally generated mail if the mail program does not set
an address itself. For instance, suppose your exim.conf
file includes the following line: qualify_domain = threeroomco.com
If ben sends
mail from a program that doesn't specify a From: domain, Exim will add the threeroomco.com domain to the
address or replace an address that doesn't match this domain name, so that
From: headers and the like will read ben@threeroomco.com .Another option you might want to use is primary_hostname . You set this much like
you do qualify_domain , and in
fact the value of primary_hostname
is used as the default for qualify_domain .
The primary_hostname value is
used in initial handshakes between Exim and the remote mail server, and the
name also appears in Received: e-mail headers.A more sophisticated address masquerading option is provided
by the /etc/email-addresses
file, described earlier. More precisely, this file is referenced by a line near
the end of the exim.conf file.
This line resembles the following: *@threeroomco.com ${lookup{$1}lsearch{/etc/email-addresses}\ {$value}fail} bcfrF
This is one of exim.conf 's
least transparent configuration lines, and you shouldn't need to adjust it,
except perhaps to alter the domain at the beginning of the line. This line
matches any address that falls in the threeroomco.com domain, and causes Exim to check /etc/email-addresses for a more precise
match. If the first field (before the colon) of a line in email-addresses matches that in an e-mail
address, the second field (after the colon) is substituted. This tool allows
you to perform address masquerading on a user-by-user basis; you need only edit
the email-addresses file, as
described earlier. If your mail server processes mail from multiple domains,
you could duplicate the exim.conf
entry for each domain, specifying a different substitution file for each domain
or even using one file for all of them.These descriptions cover only a fraction of the address
masquerading features available in Exim. For more information, consult the
"Address Rewriting" chapter of the Exim documentation at
Configuring
Exim to Accept Mail
Exim provides several exim.conf
options that determine whether it should treat an address as local, and deliver
it as such. These include: local_domains
You can set this option to a colon-delimited list of hostnames that Exim will
treat as local. For instance, local_domains
= localhost:threeroomco.com causes Exim to accept mail addressed to
users at localhost or threeroomco.com as local, and
deliver that mail to local users. This value defaults to the value of the qualify_recipient option, which sets the
hostname on incoming mail that lacks a hostname. local_domains_include_host
If this option is set to true ,
Exim accepts mail addressed to the computer's current hostname. You can achieve
a similar effect by adding the hostname to the local_domains
list. local_domains_include_host_literals
If this option is set to true ,
Exim accepts mail that's addressed to the system by IP address rather than by
name. For instance, if Exim is running on a computer with the 172.24.98.2 IP
address, and if the user ben
exists, Exim will accept mail addressed to ben@[172.24.98.2] .
If you don't want to accept such mail, set this value to false .The eximconfig
script sets some of these options based upon your responses to questions about
domains for which you should accept mail, so if you've run this script and
answered the questions appropriately, you should find reasonable default values
already set.
Exim
Relay Configuration
Like sendmail, Exim has several relay options, relating to
both relaying mail from other systems and relaying outgoing mail through
another SMTP system. The eximconfig
script asks questions about relays, and so should configure Exim properly in
many situations. You can change or fine-tune this configuration by directly
editing exim.conf .
Configuring
Exim to Relay Mail
The most important exim.conf
options relating to mail relaying are as follows: host_accept_relay
To have Exim relay mail for specific computers, you should list them using this
option (separating the names by colons). Most systems use at least host_accept_relay = localhost , which lets
Exim relay mail that originates locally. Expanding this list by specifying all
the hostnames, IP addresses, or wildcards that match the desired hosts expands
Exim's relaying options. For instance, host_accept_relay
= localhost:192.168.99.0/24:*.pangaea.edu allows localhost , all computers in the
192.168.99.0/24 network, and all computers in the pangaea.edu domain to relay mail. Using this
feature to specify the IP addresses of your local domain is probably the safest
way to permit relaying for most installations. relay_domains
You can list one or more domains with this option (separated by colons). Exim
will relay mail from any system in the specified domains. This option is most
useful if your mail server should relay mail for several different domains, or
even just one very large domain. You can accomplish much the same goal by using
an asterisk ( * ) wildcard as the
machine name in a hostname with the host_accept_relay
option. relay_domains_include_local_mx
If you want to have Exim automatically adjust its relaying policy to allow new
domains, you can use this option. If you set it to yes , it permits computers whose DNS servers have an MX
record that point to your system to relay mail. This can be convenient, because
it eliminates the need to adjust Exim if you routinely change domain
configurations. It's potentially risky, though, because a spammer could set up
a domain with an MX entry that points to your Exim server and use your system
as an effectively open relay. sender_address_relay
You can provide a colon-delimited list of e-mail addresses that are allowed to
relay with this option. Ordinarily, if you use this option, a mail must match both this and a host-based option, such as host_accept_relay . (You can change this
behavior to use either by specifying relay_match_host_or_sender = yes , but this
configuration is potentially very dangerous because e-mail addresses are
trivial to forge.) You can use this feature to limit who from a given system
may relay mail through Exim.These options permit you to configure Exim to relay mail for
only some systems, such as those on your local network or any remote domains
for which Exim should be a relay. These options are sufficient for many
purposes. For more exotic needs, Exim supports some additional options, such as
host_auth_accept_relay (which
requires that remote systems authenticate themselves before relaying) and tls_host_accept_relay (which requires that
remote systems use an authentication and encryption system known as TLS).
Configuring
Exim to Send Through a Relay
If your system must use an outgoing relay, you need to
configure Exim to direct all outgoing mail through that system. Unfortunately,
there is no single Exim configuration option to handle this situation. The eximconfig utility, though, can generate a
series of configuration lines that have the desired effect. These lines
resemble the following: smarthost: driver = domainlist transport = remote_smtp route_list = "* franklin.threeroomco.com bydns_a" end
These lines tell Exim to send all external mail via franklin.threeroomco.com . You
can change this system's name if your mail relay system ever changes.
Exim
Anti-Spam Configuration
One of Exim's strengths is its extensive set of filtering
rules. You can use these to specify hosts for which you'll refuse delivery,
specify users from whom you'll refuse delivery, or perform more sophisticated
checks on a per-user basis. The major filtering options are as follows: host_reject
This exim.conf option takes a
colon-delimited list of hostnames, domain names, or IP addresses as its
argument, and blocks all mail that originates from these systems. For instance,
host_reject = *.badspammer.net:10.16.8.0/24
blocks all mail from the badspammer.net
domain, and from the 10.16.8.0/24 network block. This rejection occurs as soon
as the remote system attempts to make a connection. This sometimes causes
repeated attempts to connect to your server, thus consuming small amounts of
network resources over an extended period of time. host_reject_recipients
This option works much like host_reject ,
except that messages are rejected after the remote system begins the
transaction, and more precisely, after it's sent the RCPT TO: command. The result is more
likely to be an immediate cessation of attempts to send the messages. sender_reject
This option rejects mail that originates from certain senders. A sender may be
either an entire domain or an individual user at a domain. For instance, sender_reject = spammer@abigisp.com: badspammer.net
blocks mail from the badspammer.net
domain and from the user spammer@abigisp.com .
Exim refuses to receive mail as soon as it learns the sender's identity. This
quick rejection causes some sending systems to try repeatedly to send the same
message. sender_reject_recipients
This option works much like sender_reject ,
but it waits to reject the mail until the sender has entered a recipient
address with the RCPT TO:
command. This approach is more effective than sender_reject 's
approach at getting the sending MTA to stop attempting to send the messages. User-specific filters Exim
supports filters that individual users can design. These reside in the .forward files in users' own home
directories. This facility is extremely powerful and flexible. It's similar in
many ways to Procmail filters, which are described shortly in the section
"
in some detail in the filter.txt.gz
documentation file that comes with Exim, in the /usr/doc/exim directory in Debian GNU/Linux (you'll need to
uncompress this file with gunzip
to read it).If you want to create a large list of senders
or sender hostnames you want to reject, you can place them in a separate file,
and reference that filename with the appropriate rejection options. In addition
to custom filters, Exim includes several options related to support for
blackhole lists. These are controlled through several exim.conf options: rbl_domains Provide a colon-delimited list of blackhole list server addresses,
such as those shown in
have Exim use those lists. You can append these entries with /warn or /reject to
specify that Exim add a warning header (which might be used by a subsequent
Procmail filter, for instance) or reject the mail outright, respectively. Two
additional options are /accept (to use a blackhole-like mechanism to provide a limited "white
list") and /skiprelay (which bypasses the blackhole list check if the sender's domain is
listed in the host_accept_relay option). rbl_hosts The default for this option is * , which causes Exim to
check all hosts against the blackhole lists specified by rbl_domains . You
might want to exempt certain senders from these checks, though, and to do so,
you add their names, preceded by exclamation marks, prior to the asterisk in a
colon-delimited list. For instance, rbl_hosts = !ok.pangaea.edu:* exempts ok.pangaea.edu from the blackhole list checks. rbl_reject_recipients You can use the /warn or /reject features of the rbl_domains option to specify whether to add a warning or reject a suspected
spam, as noted earlier. When you've not specified explicitly what to do, Exim
defaults to rejecting the affected mail. You can change this behavior to merely
add a warning header by setting rbl_reject_recipients = no . recipients_reject_except This option lets you specify blackhole list exceptions in terms of
recipients. For instance, recipients_reject_except
= postmaster@your.domain causes Exim to
accept mail addressed to postmaster@your.domain , even from sites included on a blackhole list.There are a few additional blackhole list
options in Exim; consult the package's documentation for details. In addition
to pattern matching and blackhole lists, Exim provides a few additional options
that may be used to help cut down on spam. These include the following: headers_check_syntax Exim can check message headers for bogus syntax, such as a message
addressed to user@ , and reject messages that fail these checks. This is normally a
sanity check on the veracity of the data, but some spam uses poorly constructed
mail headers that will fail such checks. To use this option, set it to true . helo_verify During initial connections, a calling SMTP server identifies
itself with a HELO or EHLO command. Normally, Exim doesn't require this, but you can set it to
be more strict by providing a list of hosts that must use this handshake. (You
can set helo_verify = * to require all senders to pass this test.) In addition to requiring
use of HELO or EHLO , helo_verify requires that the IP address and DNS entries on the host match one
another. Spammers often use misconfigured systems for which this isn't true,
but unfortunately, many legitimate mail server systems are also misconfigured
in such a way that they'll fail this test. message_size_limit This option is another that's not strictly a spam-fighting tool,
but that might catch some spam. It defaults to 0 , which translates into
no size limit. If you set this option to a positive value, that's the maximum
message size that Exim will accept. This might be useful in limiting the impact
of inconsiderate or accidental delivery of overly large messages to your
system.In all, Exim's spam filtering capabilities
are extremely capable, particularly if you're willing to delve into the
creation of user-specific filter files.
