Installation von Exim4 – Umstieg von Exim3

> apt-get remove exim

> apt-get install exim4-daemon-heavy

localhost meine-erste-domain.de meine-zweite-domain.de domain-vom-kumpel.de name.provider.tld

etc/exim4> mkdir domains
etc/exim4> chmod 755 domains

webmaster: fritz postmaster: fritz

*: fritz

webmaster: fritz postmaster: fritz fritz: fritz mein.bruder: blasius.oelig@web.de   # (Weiterleitung nach draußen) mail: trash info: trash trash: trash

fritz:passwort1 mein.bruder:passwort2

> chmod passwd 640
> chown Debian-exim.Debian-exim passwd

CONVERT4R4="I understand this is an unsupported tool" export CONVERT4R4

> . .profile

> /usr/sbin/exim_convert4r4  < /etc/exim/exim.conf  > /etc/exim4/myexim4.conf

#!!# This file is output from the convert4r4 script, which tries #!!# to convert Exim 3 configurations into Exim 4 configurations. #!!# However, it is not perfect, especially with non-simple #!!# configurations. You must check it before running it. #!!# These options specify the Access Control Lists (ACLs) that #!!# are used for incoming SMTP messages - after the RCPT and DATA #!!# commands, respectively. acl_smtp_rcpt = check_recipient acl_smtp_data = check_message #!!# These options specify the Access Control Lists (ACLs) that #!!# are used to control the ETRN, EXPN, and VRFY commands. #!!# Where no ACL is defined, the command is locked out. acl_smtp_vrfy = check_vrfy #!!# This setting defines a named domain list called #!!# local_domains, created from the old options that #!!# referred to local domains. It will be referenced #!!# later on by the syntax "+local_domains". #!!# Other domain and host lists may follow.

domainlist local_domains = @ : @[] : lsearch;/etc/exim4/localdomains hostlist relay_hosts = 127.0.0.1 : ::::1 hostlist auth_relay_hosts = * # This is the main exim configuration file. # It was originally generated by `eximconfig', part of the exim package # distributed with Debian, but it may edited by the mail system administrator. # This file originally generated by eximconfig at Mon Sep 13 09:40:30 UTC 2004 # See exim info section for details of the things that can be configured here. # Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. # This file is divided into several parts, all but the last of which are # terminated by a line containing the word "end". The parts must appear # in the correct order, and all must be present (even if some of them are # in fact empty). Blank lines, and lines starting with # are ignored. ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # Specify the domain you want to be added to all unqualified addresses # here. Unqualified addresses are accepted only from local callers by # default. See the receiver_unqualified_{hosts,nets} options if you want # to permit unqualified addresses from remote sources. If this option is # not set, the primary_hostname value is used for qualification. qualify_domain = name.provider.tld # If you want unqualified recipient addresses to be qualified with a different # domain to unqualified sender addresses, specify the recipient domain here. # If this option is not set, the qualify_domain value is used. # qualify_recipient = # Specify your local domains as a colon-separated list here. If this option # is not set (i.e. not mentioned in the configuration file), the # qualify_recipient value is used as the only local domain. If you do not want # to do any local deliveries, uncomment the following line, but do not supply # any data for it. This sets local_domains to an empty string, which is not # the same as not mentioning it at all. An empty string specifies that there # are no local domains; not setting it at all causes the default value (the # setting of qualify_recipient) to be used. # Allow mail addressed to our hostname, or to our IP address. # Domains we relay for; that is domains that aren't considered local but we # accept mail for them. #relay_domains = # If this is uncommented, we accept and relay mail for all domains we are # in the DNS as an MX for. #relay_domains_include_local_mx = true # No local deliveries will ever be run under the uids of these users (a colon- # separated list). An attempt to do so gets changed so that it runs under the # uid of "nobody" instead. This is a paranoic safety catch. Note the default # setting means you cannot deliver mail addressed to root as if it were a # normal user. This isn't usually a problem, as most sites have an alias for # root that redirects such mail to a human administrator. # However, you chose not to have such an alias, so this is commented out #never_users = root # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or # remove the setting entirely. host_lookup = * # The setting below would, if uncommented, cause Exim to check the syntax of # all the headers that are supposed to contain email addresses (To:, From:, # etc). This reduces the level of bounced bounces considerably. # headers_check_syntax # Exim contains support for the Realtime Blocking List (RBL), and the many # similar services that are being maintained as part of the DNS. See # http://www.mail-abuse.org/ for background. The line below, if uncommented, # will reject mail from hosts in the RBL, and add warning headers to mail # from hosts in a list of dynamic-IP dialups. Note that MAPS may charge # for this service. #rbl_domains = rbl.mail-abuse.org/reject : dialups.mail-abuse.org/warn # http://www.rfc-ignorant.org is another interesting site with a number of # services you can use with the rbl_domains option # The setting below allows your host to be used as a mail relay only by # localhost: it locks out the use of your host as a mail relay by any # other host. See the section of the manual entitled "Control of relaying" # for more info. # This setting allows anyone who has authenticated to use your host as a # mail relay. To use this you will need to set up some authenticators at # the end of the file # If you want Exim to support the "percent hack" for all your local domains, # uncomment the following line. This is the feature by which mail addressed # to x%y@z (where z is one of your local domains) is locally rerouted to # x@y and sent on. Otherwise x%y is treated as an ordinary local part # percent_hack_domains=* # If this option is set, then any process that is running as one of the # listed users may pass a message to Exim and specify the sender's # address using the "-f" command line option, without Exim's adding a # "Sender" header. trusted_users = mail:uucp:www-data #!!# untrusted_set_sender is now a list of what can be set #!!# The default is an empty list. untrusted_set_sender = * # If this option is true, the SMTP command VRFY is supported on incoming # SMTP connections; otherwise it is not. # Some operating systems use the "gecos" field in the system password file # to hold other information in addition to users' real names. Exim looks up # this field when it is creating "sender" and "from" headers. If these options # are set, exim uses "gecos_pattern" to parse the gecos field, and then # expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched # by the pattern. gecos_pattern = ^([^,:]*) gecos_name = $1 # This sets the maximum number of messages that will be accepted in one # connection and immediately delivered. If one connection sends more # messages than this, any further ones are accepted and queued but not # delivered. The default is 10, which is probably enough for most purposes, # but is too low on dialup SMTP systems, which often have many more mails # queued for them when they connect. smtp_accept_queue_per_connection = 100 # Send a mail to the postmaster when a message is frozen. There are many # reasons this could happen; one is if exim cannot deliver a mail with no # return address (normally a bounce) another that may be common on dialup # systems is if a DNS lookup of a smarthost fails. Read the documentation # for more details: you might like to look at the auto_thaw option

#!!# freeze_tell_mailmaster replaced by freeze_tell # freeze_tell = postmaster # This string defines the contents of the \`Received' message header that # is added to each message, except for the timestamp, which is automatically # added on at the end, preceded by a semicolon. The string is expanded each # time it is used. received_header_text = "Received: \ ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\ {${if def:sender_ident {from ${sender_ident} }}\ ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\ by ${primary_hostname} \ ${if def:received_protocol {with ${received_protocol}}} \ (Exim ${version_number} #${compile_number} (Debian))\n\t\ id ${message_id}\ ${if def:received_for {\n\tfor <$received_for>}}" # Attempt to verify recipient address before receiving mail, so that mails # to invalid addresses are rejected rather than accepted and then bounced. # Apparently some spammers are abusing servers that accept and then bounce # to send bounces containing their spam to people. # This would make exim advertise the 8BIT-MIME option. According to # RFC1652, this means it will take an 8bit message, and ensure it gets # delivered correctly. exim won't do this: it is entirely 8bit clean # but won't do any conversion if the next hop isn't. Therefore, if you # set this option you are asking exim to lie and not be RFC # compliant. But some people want it. #accept_8bitmime = true # This will cause it to accept mail only from the local interface #local_interfaces = 127.0.0.1 # If this next line is uncommented, any user can see the mail queue # by using the mailq command or exim -bp. #queue_list_requires_admin = false # The errors_copy line will cause the specified address to receive a copy # of bounces generated on the system. #errors_copy = *@* postmaster@yourdomain

# loescht Bounces an unerreichbare Absender: ignore_bounce_errors_after = 2d timeout_frozen_after = 3d #!!#######################################################!!# #!!# This new section of the configuration contains ACLs #!!# #!!# (Access Control Lists) derived from the Exim 3 #!!# #!!# policy control options. #!!# #!!#######################################################!!# #!!# These ACLs are crudely constructed from Exim 3 options. #!!# They are almost certainly not optimal. You should study #!!# them and rewrite as necessary. begin acl #!!# ACL that is used after the RCPT command check_recipient: # Exim 3 had no checking on -bs messages, so for compatibility # we accept if the source is local SMTP (i.e. not over TCP/IP). # We do this by testing for an empty sending host field. accept hosts = : accept domains = +local_domains accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted #!!# ACL that is used after the DATA command check_message: accept #!!# ACL that is used after the VRFY command check_vrfy: accept ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### # Look in the documentation (in package exim-doc or exim-doc-html for # information on how to set up authenticated connections. # The examples below are for server side authentication; they allow two # styles of plain-text authentication against an /etc/exim/passwd file # which should have user IDs in the first column and crypted passwords # in the second.

begin authenticators plain: driver = plaintext public_name = PLAIN server_condition = "\ ${if and {{!eq{$2}{}}{!eq{$3}{}} \ {eq{$3}{${extract{1}{:} \ {${lookup{$2}lsearch{/etc/exim4/passwd}{$value}{*:*}}}}}}}{1}{0}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "\ ${if and {{!eq{$1}{}}{!eq{$2}{}} \ {eq{$2}{${extract{1}{:} \ {${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{*:*}}}}}}}{1}{0}}" server_set_id = $1 # These examples below are the equivalent for client side authentication. # They assume that you only use client side authentication to connect to # one host (such as a smarthost at your ISP), or else use the same user # name and password everywhere # plain: # driver = plaintext # public_name = PLAIN # client_send = "^username^password" # # login: # driver = plaintext # public_name = LOGIN # client_send = ": username : password" # # cram_md5: # driver = cram_md5 # public_name = CRAM-MD5 # client_name = username # client_secret = password ###################################################################### # REWRITE CONFIGURATION # ###################################################################### # This rewriting rule is particularly useful for dialup users who # don't have their own domain, but could be useful for anyone. # It looks up the real address of all local users in a file begin rewrite *@name.provider.tld ${lookup{$1}lsearch{/etc/email-addresses}\ {$value}fail} frFs #!!#######################################################!!# #!!# Here follow routers created from the old routers, #!!# #!!# for handling non-local domains. #!!# #!!#######################################################!!# begin routers ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### # Remote addresses are those with a domain that does not match any item # in the "local_domains" setting above. # This router routes to remote hosts over SMTP using a DNS lookup with # default options. lookuphost: driver = dnslookup domains = ! +local_domains transport = remote_smtp # This router routes to remote hosts over SMTP by explicit IP address, # given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs # require this facility, which is why it is enabled by default in Exim. # If you want to lock it out, set forbid_domain_literals in the main # configuration section above. literal: driver = ipliteral domains = ! +local_domains transport = remote_smtp no_more #!!#######################################################!!# #!!# Here follow routers created from the old directors, #!!# #!!# for handling local domains. #!!# #!!#######################################################!!# ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ######################################################################

# SpamAssassin spamcheck_director: driver = accept condition = "${if and { \ {!def:h_X-Spam-Flag:} \ {!eq {$received_protocol}{spam-scanned}} \ {!eq {$received_protocol}{local}} } {1}{0}}" retry_use_local_part transport = spamcheck no_verify # do not use this director when verifying a local-part at SMTP-time # When to scan a message : # - it isn't already flagged as spam # - it isn't already scanned # - it didn't originate locally (as long as I don't harbor spammers :-)) spamkill_director: driver = accept check_local_user condition = "${if def:h_X-Spam-Flag: {1}{0}}" transport = spamkill no_verify

virtuals: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain}} domains = /etc/exim4/localdomains retry_use_local_part # no_more # This allows local delivery to be forced, avoiding alias files and # forwarding. real_local: #!!# prefix renamed local_part_prefix driver = accept check_local_user local_part_prefix = real- transport = local_delivery # This director handles aliasing using a traditional /etc/aliases file. # If any of your aliases expand to pipes or files, you will need to set # up a user and a group for these deliveries to run under. You can do # this by uncommenting the "user" option below (changing the user name # as appropriate) and adding a "group" option if necessary. system_aliases: driver = redirect allow_defer allow_fail data = ${lookup{$local_part}lsearch{/etc/aliases}} file_transport = address_file pipe_transport = address_pipe retry_use_local_part # user = list # Uncomment the above line if you are running smartlist # This director handles forwarding using traditional .forward files. # It also allows mail filtering when a forward file starts with the # string "# Exim filter": to disable filtering, uncomment the "filter" # option. The check_ancestor option means that if the forward file # generates an address that is an ancestor of the current one, the # current one gets passed on instead. This covers the case where A is # aliased to B and B has a .forward file pointing to A. # For standard debian setup of one group per user, it is acceptable---normal # even---for .forward to be group writable. If you have everyone in one # group, you should comment out the "modemask" line. Without it, the exim # default of 022 will apply, which is probably what you want. userforward: #!!# filter renamed allow_filter driver = redirect allow_filter check_ancestor check_local_user file = $home/.forward file_transport = address_file modemask = 002 pipe_transport = address_pipe reply_transport = address_reply no_verify # This director runs procmail for users who have a .procmailrc file procmail: driver = accept check_local_user require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail transport = procmail_pipe no_verify # This director matches local user mailboxes. localuser: driver = accept check_local_user transport = local_delivery ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ######################################################################

# SpamAssassin begin transports spamcheck: #!!# prefix renamed message_prefix #!!# suffix renamed message_suffix driver = pipe batch_max = 100 command = /usr/sbin/exim -oMr spam-scanned -bS current_directory = "/tmp" group = mail home_directory = "/tmp" log_output message_prefix = message_suffix = return_fail_output no_return_path_add transport_filter = /usr/bin/spamc use_bsmtp user = mail # must use a privileged user to set $received_protocol # in the second exim process! spamkill: driver = appendfile envelope_to_add file = /var/mail/trash group = mail mode = 0660 no_mode_fail_narrower return_path_add user = trash # This transport is used for local delivery to user mailboxes. On debian # systems group mail is used so we can write to the /var/mail # directory. (The alternative, which most other unixes use, is to deliver # as the user's own group, into a sticky-bitted directory) local_delivery: driver = appendfile envelope_to_add file = /var/mail/${local_part} group = mail mode = 0660 no_mode_fail_narrower return_path_add # This transport is used for handling pipe addresses generated by # alias or .forward files. If the pipe generates any standard output, # it is returned to the sender of the message as a delivery error. Set # return_fail_output instead if you want this to happen only when the # pipe fails to complete normally. address_pipe: driver = pipe path = /usr/bin:/bin:/usr/local/bin return_fail_output # This transport is used for handling file addresses generated by alias # or .forward files. address_file: driver = appendfile envelope_to_add return_path_add # This transport is used for handling file addresses generated by alias # or .forward files if the path ends in "/", which causes it to be treated # as a directory name rather than a file name. Each message is then delivered # to a unique file in the directory. If instead you want all such deliveries to # be in the "maildir" format that is used by some other mail software, # uncomment the final option below. If this is done, the directory specified # in the .forward or alias file is the base maildir directory. # # Should you want to be able to specify either maildir or non-maildir # directory-style deliveries, then you must set up yet another transport, # called address_directory2. This is used if the path ends in "//" so should # be the one used for maildir, as the double slash suggests another level # of directory. In the absence of address_directory2, paths ending in // # are passed to address_directory. address_directory: #!!# prefix renamed message_prefix #!!# suffix renamed message_suffix #!!# no_from_hack replaced by check_string driver = appendfile check_string = message_prefix = "" message_suffix = "" # maildir_format # This transport is used for handling autoreplies generated by the filtering # option of the forwardfile director. address_reply: driver = autoreply # This transport is used for procmail procmail_pipe: #!!# suffix renamed message_suffix driver = pipe command = "/usr/bin/procmail" delivery_date_add envelope_to_add message_suffix = "" return_path_add # check_string = "From " # escape_string = ">From " # This transport is used for delivering messages over SMTP connections. remote_smtp: driver = smtp # authenticate_hosts = smarthost.isp.com # To use SMTP AUTH when sending to a particular host, such as your ISP's # smarthost, uncomment and edit the above line, and also the example # client-side authenticators at the bottom of the file ###################################################################### # RETRY CONFIGURATION # ###################################################################### # This single retry rule applies to all domains and all errors. It specifies # retries every 15 minutes for 2 hours, then increasing retry intervals, # starting at 2 hours and increasing each time by a factor of 1.5, up to 16 # hours, then retries every 8 hours until 4 days have passed since the first # failed delivery. # Domain Error Retries # ------ ----- ------- begin retry * * F,2h,15m; G,16h,2h,1.5; F,4d,8h # End of Exim 4 configuration

59 * * * * root rm /var/mail/trash 2> /dev/null

/etc/exim4> cp myexim4.conf exim4.conf.template
/etc/exim4> update-exim4.conf -v
using non-split configuration scheme from /etc/exim4/exim4.conf.template
/etc/exim4> /etc/init.d/exim4 restart