I run Exim as part of Ubuntu that I installed on my community''s web site (Pinecam.com). It''s a volunterr-run site for our local mountain community. I''m the server and sysadmin guy. I normally run qmail (no rotten fruit, please, it''s what I''m familiar with from long ago) but I felt it was best to stick with the distro''s preferred MTA to try to keep the system clean and ''stock'' for any future admins who come after me. We have a forum (phpBB) and a bulk-email notifier that is used in times of emergency to blast weather alerts to users who have signed up for them. For simplicity, during the most recent server rebuild (over a year ago), I set them up using Google Apps Standard GMail. This way, non-tech admin types can create and manage email accounts, and everybody has access the webmail interface. It works great. GMail''s SMTP servers are the listed MX records for the domain. But, herein lies my trouble. The forum still sends out e-mails, and sometimes the emails go to email accounts @pinecam.com. If I setup Exim using the basic template for a conventional MTA, then it delivers outbound messages for most users just fine. But, any messages generated locally for @pinecam.com addresses it tries to deliver locally, instead of forwarding them to GMail. As a work-around, I setup Exim as a dumb "smarterhost" forwarder, dumping every outbound email onto GMail''s SMTP servers (they use authentication to decide if they will relay for you). This too works fine, to a point. However, GMail has statistical limits on outbound mail. If we get a busy day with lots of forum traffic triggering Watched Thread and Private Message notifications, GMail will suspend delivering outbound mail for us for a period. Exactly what their metrics are, I don''t know. I do know that we can''t use the email blaster because it would totally trigger the quota limit. I''d like to setup Exim properly as a real full-fledged MTA. I have plenty of CPU power and bandwidth to deliver our own mail, thanks. But, I know basically ZERO about Exim configuration, and even less about Debian''s style of managing Exim''s config files. If anyone could point me to a template example of how I would accomplish this, I''d be very grateful, and so would the ten thousand or so members of our local community. Thanks in advance. -- Chris ''Xenon'' Hanson, omo sanza lettere Xenon AlphaPixel.com PixelSense Landsat processing now available! http://www.alphapixel.com/demos/ "There is no Truth. There is only Perception. To Perceive is to Exist." - Xen
Hello Chris, First of all, you should really take a look at the (ample) documentation under /usr/share/doc/exim4-base. At the very least, read the file README.Debian.gz in its entirety. Debian''s exim4-config will surely satisfy your needs if your hosting a single domain and using the system user database. Now, assuming that you want to handle email for pinecam.com only, Exim''s configuration could be very simple: Just use the system''s (NSS & PAM) user database with tools like adduser/deluser or even something like Webmin... Exim''s configuration in this case would consist of "echo pinecam.com > /etc/mailname" I would suggest you enable delivery to maildirs for improved speed and data safery. Optionally, you can enable TLS and SASL authenticators so that your server can act as a relay for your users; working examples can be found in /etc/exim4/conf.d/auth/. Another way to go about this would be using OpenLDAP for the user database, and something like GOsa or phpLDAPadmin to add/delete users. After that, you can either integrate the LDAP-based user database with the system database using libnss-ldap and Exim will happily play along. libpam-ldap will help with the authenticators in this case. Alternatively you can write your routers/authenticators so that Exim accesses LDAP directly (this would be a requirement if you''re hosting multiple (virtual) domains.) A third way would be to use an SQL database for users. For antispam measures, Spamassassin''s spamd with sa-exim and clamd with clamav-unofficial-sigs do a terrific job here with no need for teergrubing or other antisocial behaviour. Lastly, for Webmail/IMAP4/POP3 access, Dovecot/imapproxyd/Roundcube is what works for me at the moment. All relevant packages can be found in Lenny/volatile/backports: exim4-daemon-heavy exim4-config clamav clamav-freshclam clamav-unofficial-sigs spamassassin sa-exim dovecot-imapd imapproxyd roundcube Optionally if you go for the second route: slapd ldap-utils phpldapadmin I think the above should get you going for starters. As for configuration templates, if the one provided by exim4-config and its assorted documentation in /usr/share/doc/exim4-base doesn''t cut it for you, googling for "exim howto" reveals countless examples. ;-P Cheers, Antonio
On 8/9/2010 8:52 PM, Antonis Kanouras wrote:> Hello Chris, > First of all, you should really take a look at the (ample) documentation > under /usr/share/doc/exim4-base. At the very least, read the file > README.Debian.gz in its entirety. Debian''s exim4-config will surely satisfy > your needs if your hosting a single domain and using the system user > database.I don''t think i explained what I was attempting well enough. If I wanted to do mail for system-level users, that would be easy enough. Exim pretty much does that right out of the box. But the mail accounts are not system-level users. In fact, there are really only about 4 system users accounts for various tech/admin roles. The real e-mail accounts are all managed through GMail. So, basically I want Exim to NOT try to deliver @pinecam.com mail to local, system mailboxes, but rather, know enough to forward them to GMail (which is the defined MX for the domain). We don''t even have an SMTPd listening on port 25 accessible to the outside world, as the server simply does not accept inbound mail. I suspect what I need, in Exim terms, is a pair of rules. One to handle @pinecam.com addresses -- this should relay the messages to GMail as a smarterhost as it being done now. The second rule would be for all other (outbound) mail to any address, and it would instruct Exim to deliver it as normal. I can find simple setups to do either one of these, but I don''t know how to combine them into one system. -- Chris ''Xenon'' Hanson, omo sanza lettere Xenon AlphaPixel.com PixelSense Landsat processing now available! http://www.alphapixel.com/demos/ "There is no Truth. There is only Perception. To Perceive is to Exist." - Xen
Oh well... The following assumes Exim runs on the same host as the web application. The web application should use "localhost:25" to contact Exim (preferred in your case), or directly run /usr/sbin/sendmail. First of all, run # dpkg-reconfigure -plow exim4-config On the following prompts: - General type of mail configuration: internet site; mail is sent and received directly using SMTP - System mail name: (your server''s hostname, NOT pinecam.com Note: make sure it''s resolvable by public DNS) - IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 - Other destinations for which mail is accepted: (none) - Domains to relay mail for: (none) - Machines to relay mail for: (none) - Other prompts: (just hit enter) ...and you''re done. Also, don''t forget to check your server''s IP against a mass blacklist checker such as the one found at http://www.mxtoolbox.com/blacklists.aspx Lastly, keep in mind that emails from your server will be scored higher as spam if they''re originating from a @pinecam.com email address, as Google has published SPF records with such instructions for your domain. Cheers, Antonio
I''m finally getting back to being able to work on this, since I''ve been traveling for work a lot lately. i had a few questions. On 8/10/2010 12:18 AM, Antonis Kanouras wrote:> Oh well... > > The following assumes Exim runs on the same host as the web application. The > web application should use "localhost:25" to contact Exim (preferred in your > case), or directly run /usr/sbin/sendmail. > > First of all, run > > # dpkg-reconfigure -plow exim4-config > > On the following prompts: > > - General type of mail configuration: > internet site; mail is sent and received directly using SMTP > > - System mail name: > (your server''s hostname, NOT pinecam.com > Note: make sure it''s resolvable by public DNS)So, I assume by NOT putting Pinecam.com here, it will prevent attempts at local delivery of pinecam.com addresses. The trouble is, the server really IS named pinecam.com, so it sounds like I''ll need to add a CNAME entry for something else, so I can use the CNAME here, right? how different does the CNAME need to be, could it be mail.pinecam.com, or does it have to be fully out of the pinecam.com domain? I don''t know how exim performs its local delivery matching here.> Also, don''t forget to check your server''s IP against a mass blacklist > checker such as the one found at http://www.mxtoolbox.com/blacklists.aspxWe seem to be ok there.> Lastly, keep in mind that emails from your server will be scored higher as > spam if they''re originating from a @pinecam.com email address, as Google has > published SPF records with such instructions for your domain.I don''t think that''s accurate, is it? Google doesn''t control the pinecam.com domain, so there''s no way it can publish SPF records under it. I control the SPF records, and I have added both Google''s outbound MX''es and our own internal server as permitted senders.> Cheers, > Antonio-- Chris ''Xenon'' Hanson, omo sanza lettere Xenon AlphaPixel.com PixelSense Landsat processing now available! http://www.alphapixel.com/demos/ "There is no Truth. There is only Perception. To Perceive is to Exist." - Xen
Chris ''Xenon'' Hanson wrote: <snip>>> On the following prompts: >> >> - General type of mail configuration: >> internet site; mail is sent and received directly using SMTP >> >> - System mail name: >> (your server''s hostname, NOT pinecam.com >> Note: make sure it''s resolvable by public DNS) > > So, I assume by NOT putting Pinecam.com here, it will prevent attempts > at local delivery > of pinecam.com addresses.Exactly.> The trouble is, the server really IS named > pinecam.com, so it sounds like I''ll need to add a CNAME entry for > something else, so I can use the CNAME here, right? how different does the > CNAME need to be, could it be mail.pinecam.com, or does it have to be > fully out of the pinecam.com domain? I don''t know how exim performs its > local delivery matching here.In that case, do put pinecam.com as the System mail name (so that unqualified addresses get "@pinecam.com" appended). After that, create the file /etc/exim4/hubbed_hosts with the following contents: pinecam.com: aspmx5.googlemail.com:aspmx3.googlemail.com:... The exact format of this file is detailed in the exim4-config_files man page. Another way which I''m not sure would work is this: Set pinecam.com as the system mail name, add it to the relay domains list (but not to the "other hostnames" list), and set dc_mailname_in_oh=''false'' in /etc/exim4/update-exim4.conf.conf . YMMV with this method though as I haven''t tested it.>> Lastly, keep in mind that emails from your server will be scored higher >> as spam if they''re originating from a @pinecam.com email address, as >> Google has published SPF records with such instructions for your domain. > > I don''t think that''s accurate, is it? Google doesn''t control the > pinecam.com domain, so > there''s no way it can publish SPF records under it. > > I control the SPF records, and I have added both Google''s outbound MX''es > and our own > internal server as permitted senders.IIRC, I just did a ''host -t txt pinecam.com'' at the time and assumed this was a fully managed domain (not really familiar with Google''s offerings). Cheers, Antonio