debian-edu-config 1.702 / etc / exim4 / exim-ldap-server-v4.conf

This file is indexed.

/etc/exim4/exim-ldap-server-v4.conf is in debian-edu-config 1.702.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
# $Id: exim-ldap-server.conf 63 2004-01-17 17:40:27Z pere $
#
# /etc/exim4/exim-ldap-server-v4.conf
#
# This is the Debian EDU version of exim4.conf
#
# Upgrade from v3 version by Maximilian Wilhelm <max@rfc2324.org>
#  -- Sat, 11 Jun 2005 02:44:08 +0200
#

##
# LDAP Server info
LDAPBASE = dc=skole,dc=skolelinux,dc=no
LDAPSERVER = ldap

LOCALHOST = 127.0.0.1/8

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

# These options specify the Access Control Lists (ACLs) that
# are used to control the ETRN, EXPN, and VRFY commands.
# Where no ACL is defined, the command is locked out.

acl_smtp_expn = check_expn
acl_smtp_vrfy = check_vrfy

# This setting defines a named domain list called
# local_domains, created from the old options that
# referred to local domains. It will be referenced
# later on by the syntax "+local_domains".
# Other domain and host lists may follow.

domainlist local_domains = postoffice.intern : \
    intern.intern : \
    tjener.intern : \
    intern :\
    localhost

hostlist relay_hosts = LOCALHOST : \
    *.intern


######################################################################
#
# General variables

print_topbitchars

# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

qualify_domain = postoffice.intern

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient = 

# receiver_unqualified_hosts renamed recipient_unqualified_hosts
recipient_unqualified_hosts = LOCALHOST
sender_unqualified_hosts = LOCALHOST

# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.


# Allow mail addressed to our hostname, or to our IP address.

#local_domains_include_host = true
#local_domains_include_host_literals = true

# Domains we relay for; that is domains that aren't considered local but we 
# accept mail for them.

# relay_domains =

# If this is uncommented, we accept and relay mail for all domains we are 
# in the DNS as an MX for.

#relay_domains_include_local_mx = true

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

#never_users = root

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *

# The setting below allows your host to be used as a mail relay only by
# localhost: it locks out the use of your host as a mail relay by any
# other host. See the section of the manual entitled "Control of relaying" 
# for more info.

# host_auth_accept_relay = *

# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.

trusted_users = mail

# If this option is true, the SMTP command VRFY is supported on incoming
# SMTP connections; otherwise it is not.


# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched
# by the pattern.

gecos_pattern = ^([^,:]*)
gecos_name = $1

# This sets the maximum number of messages that will be accepted in one
# connection. The default is 10, which is probably enough for most purposes,
# but is too low on dialup SMTP systems, which often have many more mails
# queued for them when they connect.

smtp_accept_queue_per_connection = 100

# Send a mail to the postmaster when a message is frozen. There are many
# reasons this could happen; one is if exim cannot deliver a mail with no
# return address (normally a bounce) another that may be common on dialup
# systems is if a DNS lookup of a smarthost fails. Read the documentation
# for more details: you might like to look at the auto_thaw option

# freeze_tell_mailmaster replaced by freeze_tell
freeze_tell = postmaster


# This cancel (remove) frozen messages that are older than a week.

timeout_frozen_after = 7d


# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.

received_header_text = "Received: \
         ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
         {${if def:sender_ident {from ${sender_ident} }}\
         ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
         by ${primary_hostname} \
         ${if def:received_protocol {with ${received_protocol}}} \
         (Exim ${version_number} #${compile_number} (Debian))\n\t\
         id ${message_id}\
         ${if def:received_for {\n\tfor <$received_for>}}"

#######################################################
# This new section of the configuration contains ACLs #
# (Access Control Lists) derived from the Exim 3      #
# policy control options.                             #
#######################################################

# These ACLs are crudely constructed from Exim 3 options.
# They are almost certainly not optimal. You should study
# them and rewrite as necessary.

begin acl

# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  deny  !authenticated = *
        message = SMTP server requires authentication. Check your SMTP client configuration.
  deny condition = ${if eq{$authenticated_id}{$sender_address_local_part@INTERN}{false}{true}}
        message = Sender address $sender_address conflicts with authentication $authenticated_id. 
  accept  hosts = :
  accept  domains = +local_domains
  accept  hosts = +relay_hosts
  deny    message = relay not permitted

# ACL that is used after the DATA command
check_message:
  require verify = header_syntax
  accept

# ACL that is used after the EXPN command
check_expn:
  accept  hosts = "LOCALHOST"

# ACL that is used after the VRFY command
check_vrfy:
  accept


######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

begin authenticators

auth_gssapi:
  driver = cyrus_sasl
  server_hostname = tjener
  server_realm = INTERN
  server_mech = gssapi
  public_name = GSSAPI
  server_set_id = $auth1 

######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


#######################################################
# Here follow routers created from the old routers,   #
# for handling non-local domains.                     #
#######################################################

begin routers



######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  no_more


#######################################################
# Here follow routers created from the old directors, #
# for handling local domains.                         #
#######################################################


######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

aliasfile:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  retry_use_local_part

root:
  driver = accept
  check_local_user
  local_parts = root
  transport = rootmail

ldapuser:
  driver = accept
  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?(uid=${local_part})}}}{no}{yes}}
  cannot_route_message = Recipent ${local_part} unknown.
  retry_use_local_part
  transport = ldap_delivery



######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

begin transports

ldap_delivery:
# prefix renamed message_prefix
# suffix renamed message_suffix
  driver = appendfile
  check_string = ""
  create_directory
  delivery_date_add
  directory = /var/mail/$local_part
  directory_mode = 0700
  envelope_to_add
  group = mail
  maildir_format
  message_prefix = ""
  message_suffix = ""
  mode = 0660
  no_mode_fail_narrower
  return_path_add
  user = $local_part

remote_smtp:
  driver = smtp

rootmail:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  file = /var/mail/root
  no_maildir_format
  mode = 0600
  no_mode_fail_narrower
  return_path_add
  user = mail
  current_directory = /

######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 2 hours and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry

*                      *           F,2h,15m; G,16h,2h,1.5; F,4d,8h


# End of Exim 4 configuration

APT Browse - Built by Thomas Orozco.