Exim

De Blogx Populi - Wiki Hispano

Contenido 1 Funciones implementadas con exim 2 Servidores con exim en producción 3 Estado de desarrollo 4 Administrar 5 Cola de correos 5.1 Ejecutar la cola de correos congelados 5.2 Borrar la cola de correos congelados 5.3 Borrar la cola de correos rebotados 6 Implementación 7 Filtros Exim 8 Ejemplos de uso 9 Comentarios 9.1 Instalación de exim 3 en modo Maildir 9.2 Configuración de exim 3 en formato Maildir (copiado de noDreams): 9.3 Cambios en el address_pipe transport 9.4 Logs 9.5 Evitar que mailblogs en desuso reciban correo

[editar] Funciones implementadas con exim

• MTA del dominio
• monitorización de sistemas vía email informativos

[editar] Servidores con exim en producción

[editar] Estado de desarrollo

En este momento somos capaces de configurar un MTA para gestionar cuentas de correo electrónico locales o gestionadas por un servidor LDAP; podemos automatizar la ejecución de código a la entrada de determinados correos electrónicos y estamos estudiando el procesamiento detallado de emails a su entrada en el MTA a través de los directors, transports y filtros de exim; dada la complejidad del proceso de correos electrónicos y el aumento brutal de correo no deseado, el tema del MTA y sus herramientas antispam y antivirus es uno de los más importantes mientras mantengamos la gestión de un dominio de internet; queda mucho por probar en exim u otro MTA para poder decir que estamos explotando sus capacidades.

[editar] Administrar

Arrancar como demonio

exim -bd

Path del demonio:

/usr/lib/exim/exim3 start|stop|restart|reload|forece-reload

[editar] Cola de correos

[editar] Ejecutar la cola de correos congelados

exim -qff

[editar] Borrar la cola de correos congelados

for a in `mailq | grep frozen | cut -c11-26` ; do exim -Mrm $a; done

[editar] Borrar la cola de correos rebotados

for a in `mailq | grep '<>'| cut -c11-26` ; do exim -Mrm $a; done

[editar] Implementación

• hemos instalado Exim en orwell con apt
• los valores de configuración actuales en orwell -obtenidos con exim -bP- son:

no_accept_8bitmime
accept_timeout = 0s
admin_groups =
no_allow_mx_to_ip
no_always_bcc
auth_always_advertise
auth_hosts =
auto_thaw = 0s
bi_command =
check_log_inodes = 0
check_log_space = 0
check_spool_inodes = 0
check_spool_space = 0
no_collapse_source_routes
daemon_smtp_port =
debug_level = -1
delay_warning = 1d
delay_warning_condition = ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}
deliver_load_max =
deliver_queue_load_max =
delivery_date_remove
dns_again_means_nonexist =
dns_check_names
dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$
no_dns_ipv4_lookup
dns_retrans = 0s
dns_retry = 0
envelope_to_remove
errmsg_file =
errmsg_text =
errors_address = postmaster
errors_copy =
errors_reply_to =
exim_group = mail
exim_path = /usr/sbin/exim
exim_user = mail
extract_addresses_remove_arguments
finduser_retries = 0
no_forbid_domain_literals
freeze_tell_mailmaster
gecos_name = $1
gecos_pattern = ^([^,:]*)
no_headers_check_syntax
headers_checks_fail
no_headers_sender_verify
no_headers_sender_verify_errmsg
helo_accept_junk_hosts =
no_helo_strict_syntax
helo_verify =
hold_domains =
host_accept_relay = 127.0.0.1 : ::::1
host_auth_accept_relay = *
host_lookup = *
host_reject =
host_reject_recipients =
hosts_treat_as_local =
no_ignore_errmsg_errors
ignore_errmsg_errors_after = 0s
ignore_fromline_hosts =
no_ignore_fromline_local
no_ipv4_address_lookup
keep_malformed = 4d
kill_ip_options
ldap_default_servers =
local_domains = orwell.blogmail.cc:blogmail.cc : blogxpopuli.org:[192.168.0.2]:[fe80::::240::f4ff::fe6a::d7ac]
local_domains_include_host
local_domains_include_host_literals
local_from_check
local_from_prefix =
local_from_suffix =
local_interfaces =
localhost_number =
locally_caseless
no_log_all_parents
no_log_arguments
log_file_path = /var/log/exim/%slog
no_log_incoming_port
log_ip_options
log_level = 5
log_queue_run_level = 0
no_log_received_recipients
no_log_received_sender
no_log_refused_recipients
no_log_rewrites
no_log_sender_on_delivery
no_log_smtp_confirmation
no_log_smtp_connections
no_log_smtp_syntax_errors
no_log_subject
lookup_open_max = 25
max_username_length = 0
message_body_visible = 500
message_filter =
message_filter_directory2_transport =
message_filter_directory_transport =
message_filter_file_transport =
message_filter_group =
message_filter_pipe_transport =
message_filter_reply_transport =
message_filter_user =
message_id_header_text =
message_size_limit = 0
no_message_size_limit_count_recipients
never_users = 
nobody_group =
nobody_user =
percent_hack_domains =
pid_file_path = /var/run/exim/exim%s.pid
no_preserve_message_logs
primary_hostname = orwell.blogmail.cc
no_print_topbitchars
prod_requires_admin
prohibition_message =
qualify_domain = blogmail.cc
qualify_recipient = blogmail.cc
queue_list_requires_admin
no_queue_only
queue_only_file =
queue_only_load =
queue_remote_domains =
no_queue_run_in_order
queue_run_max = 5
queue_smtp_domains =
rbl_domains =
rbl_hosts = *
no_rbl_log_headers
no_rbl_log_rcpt_count
rbl_reject_recipients
rbl_warn_header
received_header_text = Received: ${if def:sender_rcvhost {from ${sender_rcvhost}\n }
 {${if  def:sender_ident {from ${sender_ident} }}${if def:sender_helo_name 
 {(helo=${sender_helo_name})\n    }}}}by ${primary_hostname} ${if def:received_protocol 
 {with ${received_protocol}}} (Exim ${version_number} #${compile_number} (Debian))\n  id 
 ${message_id}${if def:received_for {\n  for <$received_for>}}
received_headers_max = 30
receiver_try_verify
receiver_unqualified_hosts =
no_receiver_verify
receiver_verify_addresses =
receiver_verify_hosts = *
receiver_verify_senders =
recipients_max = 0
no_recipients_max_reject
recipients_reject_except =
recipients_reject_except_senders =
refuse_ip_options
relay_domains =
no_relay_domains_include_local_mx
no_relay_match_host_or_sender
remote_max_parallel = 1
remote_sort =
retry_data_expire = 1w
retry_interval_max = 1d
return_path_remove
return_size_limit = 100K
rfc1413_hosts = *
rfc1413_query_timeout = 30s
security = setuid+seteuid
sender_address_relay =
sender_address_relay_hosts = *
sender_reject =
sender_reject_recipients =
no_sender_try_verify
sender_unqualified_hosts =
no_sender_verify
no_sender_verify_batch
sender_verify_callback_domains =
sender_verify_callback_timeout = 30s
no_sender_verify_fixup
sender_verify_hosts = *
sender_verify_hosts_callback =
sender_verify_max_retry_rate = 12
sender_verify_reject
smtp_accept_keepalive
smtp_accept_max = 20
smtp_accept_max_per_host = 0
smtp_accept_queue = 0
smtp_accept_queue_per_connection = 100
smtp_accept_reserve = 0
smtp_banner = ${primary_hostname} ESMTP Exim ${version_number} #${compile_number} ${tod_full}
smtp_check_spool_space
smtp_connect_backlog = 5
smtp_etrn_command =
smtp_etrn_hosts =
smtp_etrn_serialize
smtp_expn_hosts =
smtp_load_reserve =
smtp_receive_timeout = 5m
smtp_reserve_hosts =
no_smtp_verify
no_split_spool_directory
spool_directory = /var/spool/exim
no_strip_excess_angle_brackets
no_strip_trailing_dot
syslog_timestamp
timeout_frozen_after = 0s
no_timestamps_utc
timezone =
trusted_groups =
trusted_users = mail:uucp
unknown_login =
unknown_username =
no_untrusted_set_sender
uucp_from_pattern = ^From\s+(\S+)\s+(?:[a-zA-Z]{3},?\s+)?
 (?:[a-zA-Z]{3}\s+\d?\d|\d?\d\s+[a-zA-Z]{3}\s+\d\d(?:\d\d)?)\s+\d\d?:\d\d?
uucp_from_sender = $1
warnmsg_file =

[editar] Filtros Exim

• Transports

blogmail_proc:
  driver = pipe
  command = "echo 'Mensaje para:'${local_part} > /home/blogmail/depaso.txt"
  return_path_add
  delivery_date_add
  envelope_to_add==Filtros Spamassassin==

rescatados del syslog de orwell

FORGED_RCVD_HELO
HTML_60_70
HTML_MESSAGE
MIME_HTML_ONLY
TRACKER_ID
INFO_TLD
RCVD_BY_IP
  return_fail_output
  suffix = ""

• Directors

bm_proc:
 driver = localuser
 transport = blogmail_proc
 no_verify

• .forward

[editar] Ejemplos de uso

versión de exim ...................: exim -bV 
test de direcciones de correo .....: exim - bt domingo@smen.es
volcado de valores de configuración: exim -bP valor_de_configuracion
procesar mensaje ..................: exim -M id_mensaje
borrar mensajes ...................: exim -Mrm lista_mensajes
editar mensajes ...................: exim -Meb id_mensaje

[editar] Comentarios

[editar] Instalación de exim 3 en modo Maildir

configuración por defecto de exim 3 en modo /var/mail
   local_delivery:
    driver = appendfile
    group = mail
    mode = 0660
    mode_fail_narrower = false
    envelope_to_add = true
    return_path_add = true
    file = /var/mail/${local_part}

[editar] Configuración de exim 3 en formato Maildir (copiado de noDreams):

   local_delivery:
    driver = appendfile
    maildir_format = true
    directory = /home/${local_part}/Maildir
    delivery_date_add
    envelope_to_add
    return_path_add
    group = mail
    mode = 0660
    check_string = ""
    escape_string = ""
    create_directory = yes

[editar] Cambios en el address_pipe transport

el log de exim devolvía el siguiente mensaje al intentar ejecutar wp-mail.php:

   Neither the system_aliases director nor the address_pipe transport set a uid for local
   delivery of |GET http://publicar.blogmail.cc/wp-mail.php

añado la línea user en el address_pipe transport:

   address_pipe:
    driver = pipe
    path = /usr/bin:/bin:/usr/local/bin
    return_fail_output
    user = ${local_part}

[editar] Logs

/var/log/exim/mail
/var/log/exim/mainlog
/var/log/exim/rejectlog

[editar] Evitar que mailblogs en desuso reciban correo

• En /etc/aliases:

usuaria: /dev/null