Professional Documents
Culture Documents
Stephen Bee
The main section Routers ACL definitions Transports Retry Rules Authenticators Rewrite Rules
Note: Other than the main section, all sections are headed with begin section_name
List variables
Contain domains, hosts, addesses, or local parts Colon separated, type based
Static Lists:
hostlist bad_hosts = 192.168.99.123 : 192.168.87.243 domainlist trusted_domains = foo.example : bar.example addresslist spammers = foo@bar.example : bar@example.com localpartlist sysusers = foo : bar : root
Dynamic Lists:
hostlist trustedmailhosts = lsearch;/etc/trustedmailhosts domainlist local_domains = lsearch;/etc/localdomains
Comprehensive documentation on list variables can be found at: http://exim.org/exim-html-current/doc/html/spec_html/ch10.html
Tuesday, October 27, 2009
The decision makers for how a message is handled Routers result in message delivery, directors do not
Router
remote_delivery: driver = dnslookup domains = ! +local_domains transport = remote_smtp
Director
fail_remote_domains: driver = redirect domains = ! +local_domains : ! localhost : ! localhost.localdomain allow_fail data = "remote deliveries are not permitted from this server"
Tuesday, October 27, 2009
Transports
What are they? The executioners of the actual message delivery
remote_smtp: driver = smtp interface = 1.2.3.4 local_delivery: driver = appendfile file = /home/foo/mail/foo.example/joe/inbox
ACLs
Used for validation, scanning, whitelisting, etc. Only called during the SMTP reception process Conditions consist of the following - An action (accept, deny, drop, defer) - Criteria that if evaluated true, triggers the action
acl_connect: accept hosts = +trustedmailhosts deny
Comprehensive documentation on ACLs can be found at: http://exim.org/exim-html-current/doc/html/spec_html/ch40.html
Tuesday, October 27, 2009
All of the available ACL selection options are documented at: http://exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECID189
Tuesday, October 27, 2009
Half-time Q&A
Log Files
/var/log/exim_rejectlog /var/log/exim_paniclog
=> indicates message arrival <= indicates successful message delivery == indicates message delivery has been deferred ** indicates that a delivery failure has occurred
Successful Message Delivery
2009-09-30 12:23:40 1Mt2tw-0003vE-Ea <= stephen@cpanel.net H=(cpanel.net) [127.0.0.1] P=esmtpa A=fixed_login:stephen@cpanel.net S=745 id=0373931685581ab29f56199c78755f1a.squirrel@techdump.net 2009-09-30 12:23:42 1Mt2tw-0003vE-Ea => stephenbee@gmail.com R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.211.67] 2009-09-30 12:23:42 1Mt2tw-0003vE-Ea Completed 2009-10-03 23:47:33 1MuEK5-0008S6-Io == stephen@cpanel.net R=smarthost T=remote_smtp defer (111): Connection refused 2009-09-30 18:33:00 1Mt8fH-0005xJ-Oe ** user@bar.example R=fail_remote_domains: The mail server could not deliver mail to user@bar.example. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
Tuesday, October 27, 2009
Written specifically for searching exim log files Returns all entries for matching messages Takes input via STDIN, or by specifying a file name
root@foo [~]# exigrep foo@example.com /var/log/exim_mainlog 2009-09-30 12:38:12 1Mt37t-000405-4r <= foo@example.com H=(cpanel.net) [10.1.1.2] U=root P=esmtp S=1423 2009-09-30 12:38:12 1Mt37t-000405-4r => /home/foo/mail/ <bar@example.com> R=central_filter T=address_directory 2009-09-30 12:38:12 1Mt37t-000405-4r Completed
Launches a fake SMTP session from the provided IP Provides a verbose amount of debugging output No DNS lookups or callouts will occur
root@gibson [~]# exim -bh 1.2.3.4 **** SMTP testing session as if from host 1.2.3.4 **** but without any ident (RFC 1413) callback. **** This is not for real! ...TRUNCATED... >>> check condition = ${if eq {$interface_port}{25}{no}{yes}} >>> = yes >>> accept: condition test succeeded 220-gibson.steve.cpanel.net ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 10:22:59 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
root@gibson [~]# exim -bs 220-gibson.steve.cpanel.net ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 10:28:58 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. root@gibson [~]#
exim -oMa [host-ip] -bs Allows you to forge the messages host origin
root@gibson [~]# exim -oMa 1.2.3.4 -bs 220-gibson.steve.cpanel.net ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 10:28:58 -0400
Tuesday, October 27, 2009
root@gibson [~]# exim -bt stephen@cpanel.net stephen@cpanel.net router = lookuphost, transport = remote_smtp host mx1.cpanel.net [208.74.121.68] MX=0 host mx3.cpanel.net [208.74.121.69] MX=5 host mx2.cpanel.net [208.74.123.60] MX=10 root@gibson [~]#
Queue Management
Meant to be used in a pipe from exim -bp -a flag causes statistics to sort by message age -c flag causes statistics to sort by message count
root@mx1 [~]# exim -bp | exiqsumm Count Volume Oldest Newest Domain ----- ------ ------ ------ -----1 2252 9m 9m foobar.example.com 1 1843 19h 19h mail3.local.example 1 1331 19h 19h mx.example.com 122 266KB 69h 3h cpanel.net --------------------------------------------------------------125 266KB 69h 9m TOTAL
Queued Messages
Why would a message be queued?
Its frozen!
A non-permanent error occurred (e.g. host down) during message delivery, and delivery has been deferred. This occurs when the load average surpasses the value of queue_only_load in exim.conf
exiqgrep
exiqgrep [frsyozq] [expression] Uses regular expressions to search the mail queue
root@gibson [~]# exiqgrep -f 'meow@kittens.com' 20m 355 1MufOA-0003EF-Nh <meow@kittens.com> user@foo.example root@gibson [~]#
Useful application of: exiqgrep -i -f user@foo.bar | xargs exim -Mrm Remove all messages with selected criteria
-Mrm removes the specified message from queue -Mvl displays a log of all previous delivery attempts
2009-10-05 04:41:44 Received from meow@kittens.foo U=root P=local-esmtp S=355 2009-10-05 04:41:44 192.168.99.232 [192.168.99.232] Connection refused 2009-10-05 04:41:44 user@foo.example R=dumbhost T=remote_smtp defer (111): Connection refused
exinext
exinext <user@domain.com> determines next scheduled delivery attempt
root@gibson [~]# exinext user@foo.example Transport: 192.168.99.232 [192.168.99.232/NULL] error 111: Connection refused first failed: 05-Oct-2009 04:41:44 last tried: 05-Oct-2009 04:41:44 next try at: 05-Oct-2009 04:56:44 root@gibson [~]#
-qi only processes initial delivery attempts -qf forces delivery of all non-frozen messages -qff forces delivery of all messages, frozen or not -qfl forces delivery of locally destined messages
exim -R [email-address] Same as above, except based on the recipient(s) rather than the message sender.
The Debugger
exim -d+all
Enables for all components of delivery process
Examples:
exim -d-all+router+transport
Enables only for router and transport logic
exim -d-all+verify
Enables only sender verification logic