Spent all day configuring the new mail servers at DoC. Some useful Exim snippets for future reference are below.
Oh, and someone dug through a very important London backbone fibre this morning which took IV off the face of the net.
This weekend is going to involve a few trial runs of the Union webserver move that I'm doing on Monday for real.
Virtual hosting
domainlist local_domains = @ : cdb;VHOSTCONFIG
# Vhost routing
vhost_aliases:
driver = redirect
allow_fail
allow_defer
domains = cdb;VHOSTCONFIG
data = ${lookup{$local_part}nwildlsearch{${lookup{$domain}cdb{VHOSTCONFIG}}}}
file_transport = address_file
pipe_transport = address_pipe
no_more
Spam Checking with spamd
spamcheck_router:
driver = accept
# ! already spam AND ! already scanned AND from offsite AND !SMTP AUTHed
condition = "${if and { {!def:authenticated_id} {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} {!match{$sender_host_address}{^(146\.169\.|155\.198\.4\.76)}} } {1}{0}}"
transport = spamcheck
no_verify
## Spam Assassin
spamcheck:
driver = pipe
command = /usr/sbin/exim -i -oMr spam-scanned -f "${if eq {${sender_address}}{} {mailer-daemon} {${sender_address}} }" -- ${local_part}
transport_filter = /usr/bin/spamc
home_directory = "/tmp"
current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in!
user = exim
group = exim
log_output = true
return_fail_output = true
SMTP AUTH over TLS using Kerberos via PAM
# SMTP AUTH Settings (see also Authenticators at the bottom)
auth_advertise_hosts = *
received_header_text = "Received: ${if def:sender_fullhost {from ${sender_fullhost} ${if def:sender_ident {(${sender_ident})}}} {${if def:sender_ident {from ${sender_ident} }}}} \n\t by ${primary_hostname} ${if def:received_protocol {with ${received_protocol}}} \n\t ${if def:tls_cipher {(tls_cipher ${tls_cipher})}} ${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}} (Exim ${version_number} ${compile_number} (DoC)) \n\t id ${message_id} ${if def:authenticated_id { \n\t from user $authenticated_id}}"
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
# server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
server_set_id = $1
# server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}