Pkg exim4 users - Jan 2009 - Configuring Exim for home network

Hello,

   Is my understanding correct that this list is for user-level 
problems, and not for developer and package maintainer issues?

   During the holiday, I wanted to configure Exim to serve the machine 
on my home network, which consists of 3 self-built PCs, a DLink 4-port 
home gateway/switch, a DSL modem, and AT&T/Yahoo as my ISP.

   My current arrangement is to connect all 3 PCs to the DLink, which
prevents connections initiated from outside.  Later, I will be placing 
one PC into a DMZ between the modem and the gateway, and keeping the 
other two behind the gateway.
   Looking ahead to that later arrangement, I wanted to experiment 
with  configuring my home network to handle mail this way:

1) mail headed outside the home network has to use the ISP SMTP server 
(ISP policy), and the ISP uses SMTPS -- all transactions encrypted 
using SSL over port 465 -- which is not supported by exim4 when used 
as a client

2) incoming mail should be stored on a single machine so that I have 
only one inbox (and set of folders for saved message) that can be 
accessed from any of the 3 home network machines using any OS

3) the common inbox/saved-folders should be served up via IMAP

4) mail sent outside the network must have headers rewritten to match 
my ISP account username

5) mail between the 3 home network machines must not have their 
headers rewritten

   To accomplish this:

- I decided to let one machine be a smarthost for the others; I set up 
this machine to send all email headed toward the internet to my ISP''s 
SMTP server as a smarthost

- I used the ''stunnel4'' package to make it possible to use
exim4 to
send outgoing messages to my ISP

- I had to write a new router to handle the machines on my network: 
the default debconf setup when selecting smarthost is to send it all
messages, but I wanted email headed toward one of _my_ machines to 
_not_ be sent to the smarthost

- I had to modify the default "smarthost:" router and the default 
transport "remote_smtp_smarthost:" to interact well with the SSL 
tunnel -- including allowing cleartext username and password 
transactions (AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS in exim4.conf. 
localmacros) and sending to the newly-configured port on localhost 
instead of default port 25 (with the tunnel encrypting everything, so 
that nothing actually ends up being sent in the clear)

- I had to modify the header-rewriting macros, REMOTE_SMTP_HEADERS_-
REWRITE and REMOTE_SMTP_RETURN_PATH, so that messages staying inside 
of my home network did not get rewritten

- since one of my machines acts as a local smarthost for the other 2, 
I used ''dpkg-reconfigure exim4-config'' on each of those client
machines to set the third machine as their smarthost; on that third 
machine I listed those 2 client machines as both relay-to domains and 
as relay-from machines, and I configured
''/etc/email-addresses'' so
that headers would be rewritten correctly for the purpose of avoiding 
rejections from the ISP server.

- I used Courier IMAP to serve the Maildir inbox and saved-message 
dirs to all 3 machines (though ''mutt'' and
''mail'' can access the inbox
without using IMAP on the internal smarthost machine)

   After many days of Googling, reading local documents and man pages, 
and finally reading quite of bit of

     /usr/share/doc/exim4-base/spec.txt.gz

I was able to get everything working the way I planned.  But, I am 
still uncertain about whether I have done things "The Right Way," and 
was wondering whether this list is a place where I could find people 
who are experienced with exim4 and willing to look at my changes and 
tell me if I''ve done things in ways that are wrong, bad, or stupid.

   So, can I get help here?  Or should I go elsewhere?


Dave W.

Dear David,


Am Samstag, den 10.01.2009, 13:36 -0500 schrieb David Witbrodt:
>    Is my understanding correct that this list is for user-level 
> problems, and not for developer and package maintainer issues?
[?]
>    After many days of Googling, reading local documents and man pages, 
> and finally reading quite of bit of
> 
>      /usr/share/doc/exim4-base/spec.txt.gz
> 
> I was able to get everything working the way I planned.  But, I am 
> still uncertain about whether I have done things "The Right Way,"
and
> was wondering whether this list is a place where I could find people 
> who are experienced with exim4 and willing to look at my changes and 
> tell me if I''ve done things in ways that are wrong, bad, or
stupid.
> 
>    So, can I get help here?  Or should I go elsewhere?
I cannot help you, but I think your question was not so focused on
Debian, so it is probably better to ask on the official Exim list. And
since you do not have configuration-file specific question ? I think
they have something against split config ? you do not have to be that
much careuful about not telling them, that you are using Debian.

So I would post it to the other list.


Thanks,

Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url :
http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20090201/5befa6ae/attachment.pgp

Robert Steinmetz wrote:
> I''m not able to help at this time either. But if your changes are 
> working and performing without significant  problems for you, I suggest 
> you break your changes down in to simpler more easily understood 
> components and  provide the context and code for each element you 
> changed. Some may be beyond this list but others may be both beneficial 
> to the readers and provide useful feedback to you.
   Actually, the purpose of my original post was to find out whether 
asking for help/advice was even appropriate on this list.  I didn''t 
provide any details in my OP because I wasn''t sure whether it would be 
spam here.

   If someone would let me know whether it _is_ OK to ask userland 
questions on this list, I would probably ask about issues like:

   - The Right Way (or The Debian Way) to allow exim4 for to connect
     (as a client) to my ISP''s SMTP server, using the very non-standard
     SMTPS protocol.  In bug 430057 on the BTS, Marc Haber disagreed
     with the configuration details chosen by a Debian user to get it
     working, but I was forced to use a very similar hack.  I seek
     assistance to configure exim4 a better way, and hoped to provide
     some of the discussion requested by Marc toward the end of that
     bug report thread.

   - I was confused about the differences between domain names and
     hosts, as that terminology is used in the documentation and the
     ''exim4-config'' debconf questions.  My home network is
tiny (only
     3 machines) so I don''t use a DNS server, and rely instead on
     /etc/hosts.  Being new to exim4 configuration, even when I got my
     setup working as desired I was left wondering whether my
     configuration really is totally wrong and I''m just getting lucky!
     ;)

   - To get headers rewritten (or not rewritten) correctly, depending
     on whether a message was heading for one of the 3 local machines
     or outside my home network, I had to:  modify some routers and
     transports, alter the header rewrite rules, and write a new router
     for my local machines.  Having ZERO experience with exim4
     configuration before the holiday break, there must be mistakes
     (or, at least, poor choices) that need to be addressed.

   So, Robert (or anyone), are any of these topics something that you 
know about and are willing to provide advice or commentary on?

   Is this list even FOR userland questions, or is it just for package 
maintainer issues?  (I would like this question answered first! ;)


Thanks,
Dave W.

Quoth Dave Witbrodt <dawitbro at sbcglobal.net>:
> Is this list even FOR userland questions, or is it just for package
> maintainer issues?  (I would like this question answered first! ;)
This list is definitely for userland questions.

At least, no one has told me to get lost, yet!

Sebastian
-- 
Emacs'' AlsaPlayer - Music Without Jolts
Lightweight, full-featured and mindful of your idyllic happiness.
http://home.gna.org/eap

On Sun, Feb 01, 2009 at 06:10:48PM -0500, Dave Witbrodt
wrote:
> Robert Steinmetz wrote:
> > I''m not able to help at this time either. But if your changes
are
> > working and performing without significant  problems for you, I
suggest
> > you break your changes down in to simpler more easily understood 
> > components and  provide the context and code for each element you 
> > changed. Some may be beyond this list but others may be both
beneficial
> > to the readers and provide useful feedback to you.
> 
>    Actually, the purpose of my original post was to find out whether 
> asking for help/advice was even appropriate on this list.
It is, absolutely. Can I improve the list''s decription to make this
more clear?
>    - The Right Way (or The Debian Way) to allow exim4 for to connect
>      (as a client) to my ISP''s SMTP server, using the very
non-standard
>      SMTPS protocol.  In bug 430057 on the BTS, Marc Haber disagreed
#>      with the configuration details chosen by a Debian user to get
it
>      working, but I was forced to use a very similar hack.  I seek
>      assistance to configure exim4 a better way, and hoped to provide
>      some of the discussion requested by Marc toward the end of that
>      bug report thread.
the way outlined in the bug report is IMO fine for a local
modification, but it is in no way clean enough to include it in the
package.

The Right Way is, of couse, to bug the ISP to offer access to their
mail services in a RFC-conform way which can be offered as an addition
to what they already have and is thus quite painless to introduce.
otoh, the ISP being yahoo/att, I don''t have much hope that
they''ll
ever see the light.
>    - I was confused about the differences between domain names and
>      hosts, as that terminology is used in the documentation and the
>      ''exim4-config'' debconf questions.  My home network
is tiny (only
>      3 machines) so I don''t use a DNS server, and rely instead on
>      /etc/hosts.  Being new to exim4 configuration, even when I got my
>      setup working as desired I was left wondering whether my
>      configuration really is totally wrong and I''m just getting
lucky!
>      ;)
A host name is simply a special case of a domain name. Using
/etc/hosts is IMO deprecated and I would like to suggest running a
local DNS server. And I really don''t see a question in this paragraph.
>    - To get headers rewritten (or not rewritten) correctly, depending
>      on whether a message was heading for one of the 3 local machines
>      or outside my home network, I had to:  modify some routers and
>      transports, alter the header rewrite rules, and write a new router
>      for my local machines.  Having ZERO experience with exim4
>      configuration before the holiday break, there must be mistakes
>      (or, at least, poor choices) that need to be addressed.
Again, no question here that I could answer. Generally, I''d try to
avoid rewriting, but that''s a matter of personal style. There is more
than one way to do it.
>    Is this list even FOR userland questions, or is it just for package 
> maintainer issues?  (I would like this question answered first! ;)
This list, by virtue of being named pkg-exim4-_users_, is for userland
questions. The "pkg" prefix is mandated by the list host. List
description
(http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users):
"This public, unmoderated list is dedicated for User-level discussion
and support for the Debian exim 4 packages. You can ask questions
about both exim upstream and the Debian exim 4 packaging here."

For package maintainer issues, we have the pkg-exim4-devel and
pkg-exim4-maintainers mailing list (both of which are unfortunately
rather low traffic these days, but they''re public and open).

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Bitte beachten Sie, da? dem [m.E. grundgesetzwidrigen] Gesetz zur
Vorratsdatenspeicherung zufolge, seit dem 1. Januar 2008 jeglicher
elektronische Kontakt (E-Mail, Telefongespr?che, SMS, Internet-
Telefonie, Mobilfunk, Fax) mit mir oder anderen Nutzern verdachts-
unabh?ngig f?r den automatisierten geheimen Zugriff durch Strafver-
folgungs- u. Polizeivollzugsbeh?rden, die Bundesanstalt f?r Finanz-
dienstleistungsaufsicht, Zollkriminal- und Zollfahndungs?mter,die
Zollverwaltung zur Schwarzarbeitsbek?mpfung, Notrufabfragestellen,
Verfassungsschutzbeh?rden, den Milit?rischen Abschirmdienst, Bundes-
nachrichtendienst sowie 52 Staaten wie beispielsweise Aserbeidschan
oder die USA sechs Monate lang gespeichert wird, einschlie?lich der
Kommunikation mit Berufsgeheimnistr?gern wie ?rzten, Journalisten und
Anw?lten. Mehr Infos zur totalen Protokollierung Ihrer Kommunikations-
daten auf www.vorratsdatenspeicherung.de. (leicht ver?ndert ?bernommen
kopiert von www.lawblog.de)