Is there some a document that lists the steps in getting Exim4/Sarge working in the following manner: o Exim4 with the heavy daemon o Using Windows AD/2k as the means to determine valid email accounts o Verifying the sender at smtp time o Setting up clamav/spam tools o A means of uses ldap for the alias control, so that some email accounts could be one a secondary box. This would be mostly for load balancing. And you could perhaps want the alias bit in the AD or it could be in a separate LDAP server. It seems like this would be a rather common scenario. I have found some Active Directory bits and pieces and I have done the sender verify before. And there are some bits available about the spam and antivirus tools. But is there a document that would put this all in perspective? Or does a document need to be created? :) Thanks for a great product :) -- respectfully, Joseph ==============- ---------------------= ********** -- +--------------------------------+ = respectfully, = Joseph - IT tech@ekn.com = East Kentucky Network, LLC = (606) 477-2355 x 140 = Gpg Key: E9E8D38C +-------------------= ********** =
On Thu, Dec 29, 2005 at 08:24:55AM -0500, Joseph wrote:> Is there some a document that lists the steps in getting Exim4/Sarge > working in the following manner: > > o Exim4 with the heavy daemonaptitude install exim4-daemon-heavy> o Using Windows AD/2k as the means to determine valid email accountsThere should be something in the exim wiki or in the exim-users archives.> o Verifying the sender at smtp timeSet the CHECK_RCPT_VERIFY_SENDER macro and/or put domains in question in CONFDIR/local_sender_callout. These two are Debian specific.> o Setting up clamav/spam toolsThat is in the exim wiki for sure.> o A means of uses ldap for the alias control, so that some email > accounts could be one a secondary box. This would be mostly for load > balancing. And you could perhaps want the alias bit in the AD or it > could be in a separate LDAP server.That sounds so specific that the solution is an exercise to the reader.> But is there a document that would put this all in perspective?One nice thing about exim is that it''s so modular. So the things you intend to do hardly influence each other.> Or does a document need to be created? :)Probably. But don''t overestimate the number of mixed installations, there are relatively few. Generally, running an MTA is a complex endeavour that shouldn''t be left to a novice. This is the reason why I am generally opposed to cut&waste HOWTO-type instructions as they leave the clueless admin alone with the first breakage, which is a MUCH bigger problem than setting things up to run. I think, that if you have set it up yourself, then you have accumulated the necessary knowledge to fix it yourself if it breaks, and _that_ important in non-play setups. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Marc Haber wrote:> On Thu, Dec 29, 2005 at 08:24:55AM -0500, Joseph wrote: > >>o Using Windows AD/2k as the means to determine valid email accounts > > > There should be something in the exim wiki or in the exim-users > archives.I have found some information on it but thought it might be documented somewhere. The info I found seemed to indicate you might need Exchange in the mix :( And surely would not want that.> >>o Verifying the sender at smtp time > > > Set the CHECK_RCPT_VERIFY_SENDER macro and/or put domains in question > in CONFDIR/local_sender_callout. These two are Debian specific.Is this considered to be a good tool/setup? We currently get quite a few requests to whitelist ip/domains that fail the test. I love all the spam that gets dropped like this tho.> >>But is there a document that would put this all in perspective? > > > One nice thing about exim is that it''s so modular. So the things you > intend to do hardly influence each other.I agree.> > >>Or does a document need to be created? :) > > > Probably. But don''t overestimate the number of mixed installations, > there are relatively few. > > Generally, running an MTA is a complex endeavour that shouldn''t be > left to a novice. This is the reason why I am generally opposed to > cut&waste HOWTO-type instructions as they leave the clueless admin > alone with the first breakage, which is a MUCH bigger problem than > setting things up to run. I think, that if you have set it up > yourself, then you have accumulated the necessary knowledge to fix it > yourself if it breaks, and _that_ important in non-play setups.I agree there too. I have just have lots of irons in the fire, and wanted to redo our exim with having to spend a lot of research on it. :)> > Greetings > Marc >PS Why does a normal reply to this list attempt to go back to the sender instead of the list (Thunderbird)? -- respectfully, Joseph ==============- ---------------------= ********** =
On Thu, Dec 29, 2005 at 04:46:14PM -0500, Joseph wrote:> Marc Haber wrote: > > Set the CHECK_RCPT_VERIFY_SENDER macro and/or put domains in question > > in CONFDIR/local_sender_callout. These two are Debian specific. > > Is this considered to be a good tool/setup?Expand "this". exim is an excellent tool, and being one of the package''s makers, I am slightly opinionated about the quality and flexibility of our default configuration. But a hunch tells me that you mean something different with "this".> We currently get quite a few requests to whitelist ip/domains that fail > the test.A whitelist is available. Please read the comments in the config file and the available documentation.> I love all the spam that gets dropped like this tho.Explain.> PS Why does a normal reply to this list attempt to go back to the sender > instead of the list (Thunderbird)?Because the list is configured that way. http://marc.merlins.org/netrants/listreplyto.html Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Marc Haber wrote:> On Thu, Dec 29, 2005 at 04:46:14PM -0500, Joseph wrote: > >>Marc Haber wrote: >> >>>Set the CHECK_RCPT_VERIFY_SENDER macro and/or put domains in question >>>in CONFDIR/local_sender_callout. These two are Debian specific. >> >>Is this considered to be a good tool/setup? > > > Expand "this". exim is an excellent tool, and being one of the > package''s makers, I am slightly opinionated about the quality and > flexibility of our default configuration. > > But a hunch tells me that you mean something different with "this".Yes, the CHECK_RCPT_VERIFY_SENDER part.> > >>We currently get quite a few requests to whitelist ip/domains that fail >>the test. > > > A whitelist is available. Please read the comments in the config file > and the available documentation.I assume you mean a whitelist for CHECK_RCPT_VERIFY_SENDER or did you mean for something else?> > >>I love all the spam that gets dropped like this tho. > >This is still in relation to CHECK_RCPT_VERIFY_SENDER. It certainly seems to block a lot of spam, at least for us.> > Greetings > Marc >Thanks Marc. -- respectfully, Joseph --------------------
On Fri, Dec 30, 2005 at 05:20:12AM -0500, Joseph wrote:> Marc Haber wrote: > > On Thu, Dec 29, 2005 at 04:46:14PM -0500, Joseph wrote: > >>Marc Haber wrote: > >>>Set the CHECK_RCPT_VERIFY_SENDER macro and/or put domains in question > >>>in CONFDIR/local_sender_callout. These two are Debian specific. > >> > >>Is this considered to be a good tool/setup? > > > > > > Expand "this". exim is an excellent tool, and being one of the > > package''s makers, I am slightly opinionated about the quality and > > flexibility of our default configuration. > > > > But a hunch tells me that you mean something different with "this". > > Yes, the CHECK_RCPT_VERIFY_SENDER part.You need to decide for yourself whether to use a check or not. It is disable by default since it might be rejecting legitimate mail.> >>We currently get quite a few requests to whitelist ip/domains that fail > >>the test. > > > > A whitelist is available. Please read the comments in the config file > > and the available documentation. > > I assume you mean a whitelist for CHECK_RCPT_VERIFY_SENDER or did you > mean for something else?There is a whitelist mechanism that is honored in most ACL checks. Please take a look at the configuration itself and at the docs. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835