Xamime/Exim Howto:

For those users that prefer using the exim MTA with Xamime, these are the procedures to follow with exim-4.* versions:

1. Install "two" copies of exim on your system using different "spool", "log" and "binary" directories.

  The first instance of exim can be installed using default values , changing only the EXIM_USER to xamime

  The second instance of exim need the following entries changed in the Local/Makefile :

       a: BIN_DIRECTORY=/usr/local/exim/bin

       b: CONFIGURE_FILE=/usr/local/exim/configure

       c: SPOOL_DIRECTORY=/usr/local/exim/spool

       d: EXIM_USER=xamime

       e: LOG_FILE_PATH=/usr/local/exim/log/%slog

2.  Once both instances of  exim has been installed the configure file for the first instance of exim need to be updated to cater for the Xamime scans.

    a: Example configure file for the first instance of exim , where the system is used both as a Relay - and a MX server .

    The second instance of the exim configure file then need to be updated:

    b. Example configure file for the second instance of exim , where the system routes mail to different servers.
    c: Example configure file for the second instance of exim , where the system handles the local deliveries.

3. Xamime is installed as usual (sendmail way) but the following is changed in the Main Configuration:

       a. MTA Binary Location : /usr/local/exim/bin/exim

       b. MTA Flags : /usr/local/exim/configure

   Also make sure the startup script for exim is changed back to normal ie: the first instance of exim should be used with the configure file for the

   first instance.

4. If the server acts as a gateway ( routing to other servers ) it is also a good idea to clear the queue of the second exim instance ( in case any 

  of the remote servers has been down , suffer from load etc.)

  example script: 

     #!/bin/sh
    lockfile=/tmp/.exilock
    if [ -f $lockfile ]
    then
    exit 0
    else
    > $lockfile
    /usr/local/exim/bin/exim -C /usr/local/exim/configure -q
    rm $lockfile
    fi

Cron entry:

    0,30 * * * * /opt/email/flush.sh

 

a:  This is an example configure file for the first instance of exim , where the system is used both as a Relay - and a MX server :

######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################

system_filter = /usr/exim/filter.exim

smtp_banner = "${primary_hostname} ESMTP Mailer"

smtp_accept_queue_per_connection = 100

smtp_accept_max_per_host = 20

no_local_from_check

helo_allow_chars = _

primary_hostname = "server.domain"

domainlist local_domains = @ : lsearch;/usr/exim/local_domains

hostlist relay_from_hosts = 127.0.0.1 :: *."domain"

acl_smtp_rcpt = acl_check_rcpt

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 4d

######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################

begin acl

acl_check_rcpt:

accept hosts = :

deny local_parts = ^.*[@%!/|] : ^\\.

accept local_parts = postmaster : abuse
domains = +local_domains

require verify = sender

accept domains = +local_domains
endpass

accept hosts = +relay_from_hosts

deny message = relay not permitted

######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers

# xamime forced scans for outgoing mail - replaces dnslookup
xamime:
driver = dnslookup
domains = ! +local_domains
transport = xamime_scan
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

system_aliases:
domains = "server.domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe

# This router matches local user mailboxes.

localuser:
domains = "server.domain"
driver = accept
check_local_user
transport = local_delivery
no_more

# fake a local delivery to get xamime to scan
virtualuser:
domains = lsearch;/usr/exim/local_domains # list of our domains
driver = accept
transport = xamime_scan
no_more

######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports

xamime_scan:
driver = pipe
user = root
command = "/usr/local/xamime/xamime /usr/local/xamime/xamime.cfg ${sender_address} ${local_part}@${domain}"
return_path_add = false
delivery_date_add = false
envelope_to_add = false

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

######################################################################
# RETRY CONFIGURATION #
######################################################################

begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------

* * F,2h,15m; G,16h,1h,1.5; F,4d,6h


######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators


# End of Exim configuration file

 

b:  Example for the second instance of exim where the server acts as a gateway (routing email to different servers based on domains):

######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
#log_selector = +all
no_local_from_check
extract_addresses_remove_arguments = true
trusted_users = root : xamime

primary_hostname = "server.domain"

domainlist local_domains = @
hostlist relay_from_hosts = 127.0.0.1

acl_smtp_rcpt = acl_check_rcpt

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 4d

######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################

begin acl

accept hosts = :

deny local_parts = ^.*[@%!/|] : ^\\.

accept local_parts = postmaster : abuse
domains = +local_domains

require verify = sender

accept domains = +local_domains
endpass

accept hosts = +relay_from_hosts

deny message = relay not permitted


######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers

send_to_thatserver:
driver = manualroute
domains = lsearch;/usr/exim/thatserver_domains
transport = remote_smtp
route_list = * thatserver.domain byname
ignore_target_hosts = 127.0.0.0/8
no_more

send_to_anotherserver:
driver = manualroute
domains = lsearch;/usr/exim/anotherserver_domains
transport = remote_smtp
route_list = * anotherserver.domain byname
ignore_target_hosts = 127.0.0.0/8
no_more

send_to_smtpq:
driver = manualroute
transport = remote_smtp
route_list = * smtpq.domain byname
ignore_target_hosts = 127.0.0.0/8
no_more

system_aliases:
domains = "server.domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe

localuser:
driver = accept
check_local_user
transport = local_delivery

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

######################################################################
# RETRY CONFIGURATION #
######################################################################

begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------

* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite


######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators


# End of Exim configuration file

 

c: Example for the second instance of exim where the server handles local deliveries:


######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################

primary_hostname = "server.domain"

hostlist relay_from_hosts = 127.0.0.1

domainlist local_domains = @ : /usr/exim/local_domains

acl_smtp_rcpt = acl_check_rcpt

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 4d

######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################

begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = :

# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

deny local_parts = ^.*[@%!/|]

# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.

accept local_parts = postmaster
domains = +local_domains

# Deny unless the sender address can be verified.

require verify = sender

# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
# access (if tests below it fail).

accept domains = +local_domains
endpass
message = unknown user
verify = recipient

accept hosts = +relay_from_hosts

deny message = relay not permitted


######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers

smtp_smarthost:
domains = ! +local_domains
driver = manualroute
transport = remote_smtp
route_list = * "smtpserver.domain"

# aliases for the virtual domains
virtual_aliases:
domains = lsearch;/usr/exim/local_domains
driver = redirect
data = ${lookup{$local_part@$domain}lsearch{/usr/exim/virtual_aliases}}
file_transport = address_file
pipe_transport = address_pipe

# aliases for this server
system_aliases:
domains = "server.domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe

virtual:
driver = accept
transport = procmail_pipe
domains = /usr/exim/local_domains
no_more

localuser:
driver = accept
check_local_user
transport = local_delivery
domains = "server.domain"
no_more

######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

# show how this can be done.

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660

procmail_pipe:
driver = pipe
user = popuser
path = "/usr/bin:/usr/local/bin:/usr/local/etc"
command = "procmail -t -f $header_from -m VIRTUSER=${local_part}@${domain} /usr/local/etc/procmailrc"
delivery_date_add = true
envelope_to_add = true


address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

######################################################################
# RETRY CONFIGURATION #
######################################################################

begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------

* * F,2h,15m; G,16h,1h,1.5; F,4d,6h



######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators


# End of Exim configuration file