On 2010-10-22 at 16:39 -0700, [email protected] wrote: > > On Oct 22, 2010, at 6:01 PM, Jim Hickstein wrote: > >> Whatever happened to ETRN? > >> > >> http://en.wikipedia.org/wiki/Extended_SMTP#ETRN
> this definantly sounds like an option (and the possibility of this is why > I was asking for other options besides UUCP) > > so does anyone have a pointer to a cookbook configuration for this? [sorry for late reply, catching up on mail] I'd avoid fetchmail, which is rather prone to silently losing mail on the slightest misconfiguration. ETRN is doable. I'll walk through an example of it in Exim. [nb: I'm seeing more and more people believe that Exim uses M4 for configuration. It doesn't, but Debian construct a baroque system of M4 stuff themselves, to let debs add mail-handling with no user configuration. If you're not on Debian/Ubuntu/whatever, Exim's as easy as MTAs get; if you are, take a look at the README.debian to see how to bypass their system if you want to avoid learning it] http://www.exim.org/exim-html-current/doc/html/spec_html/ch45.html#SECTETRN You'd give: ETRN #foo in the client. In the server, you set smtp_etrn_command and probably use something similar to the documentation example, which uses $sender_host_address to talk back to the source IP of the current connection. By default, ETRN is rejected (sensible), so when you define the ACL which you point acl_smtp_etrn to, you'd do something like require that the session be authenticated. So, ----------------------------8< cut here >8------------------------------ # main section localpartlist etrn_users = david : fred smtp_etrn_command = /usr/local/libexec/etrn_deliver $domain $sender_host_address acl_smtp_etrn = acl_check_etrn begin acl acl_check_etrn: # this means any authenticated user can invoke delivery ##accept authenticated = * # or user is in a pre-defined list of users, defined above; alas, # the authenticated = foo value matches authentication mechanism, not # the $authenticated_id. ##accept authenticated = * ## condition = ${if match_local_part{$authenticated_id}{+etrn_users}{yes}{no}} # can place authenticated condition on an accept which also validates # the argument, or alternatively, require authentication and then # validate require authenticated = * # if /etc/mail/etrn_users lists something like: # example.com: david, fred accept condition = ${if \ forany{<, ${lookup{$smtp_command_argument}lsearch{/etc/mail/etrn_users}}}\ {eq{$item}{$authenticated_id}}\ } deny ----------------------------8< cut here >8------------------------------ In this example, I assume that the ETRN command looks like: ETRN example.com with no # tag. If you want to do substring operations, that changes the $smtp_command_argument of the above. The authentication is the normal Exim SMTP AUTH config, there are many examples, I'm happy to help if you want more pointers there. For debugging these things, I like gnutls-cli, which takes a --starttls option, so that you can send STARTTLS, get the go-ahead response, then type Ctrl-D and have TLS be negotiated. In this, it's entirely up to your "etrn_deliver" command to take care of sending mail for that domain to the given address. To achieve this, you might, eg, have an sqlite DB (or flat-file, or anything else supported, which includes LDAP, MySQL, Postgres, CDB, etc) which maps domains to IP addresses, have the external command inject an entry into that, then force a queue-run for the domain (exim -Rf example.net), and then remove the IP from the DB. You'd then have an Exim Router, before the normal dnslookup one, which uses manualroute, getting the target IP from that same DB. Something like: ----------------------------8< cut here >8------------------------------ # after: begin routers etrn_deliver: driver = manualroute transport = remote_smtp condition = ${lookup sqlite{/etc/mail/var/etrn_ips \ select ip from etrns where domain='${quote_sqlite:$domain}';} {yes}{no}} route_data = ${lookup sqlite{/etc/mail/var/etrn_ips \ select ip from etrns where domain='${quote_sqlite:$domain}';}} ----------------------------8< cut here >8------------------------------ There's more than one way to do that, and there's only one external lookup happening there, as the second lookup will be cached. Races on accessing the sqlite file result in Exim hanging for a 5 seconds before giving up; adjust that timeout with sqlite_lock_timeout. Philosophically, Exim is not geared towards maintaining large queues (at present), so if you expect large amounts of mail to build up, you probably want to deliver in batch-SMTP format to a folder and then invoke a separate delivery command instead, but the in-queue system is less work, at a cost of having delayed delivery notifications sent. Again, you can fiddle with that. Exim has a mode to take messages as batch-SMTP on stdin, so it's fairly trivial to get Exim to do the onward deliveries for you. [email protected] has a number of clueful contributors who can help with problems (plus the usual eclectic mix you find on the 'net). -Phil _______________________________________________ Discuss mailing list [email protected] http://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
