Re: [exim] "Ghost" user running exim?

Thu, 26 Oct 2006 14:28:46 -0700 

>1. turn up your logging ( -d +all, or log_selector = +all ) 

Here is logs of transaction with log_selector = +all

Oct 26 23:22:29 haven exim[25840]: 2006-10-26 23:22:29 SMTP connection from
[130.239.18.156]:47850 I=[82.193.185.25]:25 (TCP/IP connection count = 2)
Oct 26 23:22:29 haven exim[25840]: 2006-10-26 23:22:29 SMTP connection from
[130.239.18.156]:47851 I=[82.193.185.25]:25 (TCP/IP connection count = 3)
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix F=<[EMAIL PROTECTED]>
temporarily rejected RCPT <[EMAIL PROTECTED]>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix F=<[EMAIL PROTECTED]>
temporarily rejected RCPT <[EMAIL PROTECTED]>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix F=<[EMAIL PROTECTED]>
temporarily rejected RCPT <[EMAIL PROTECTED]>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix F=<[EMAIL PROTECTED]>
temporarily rejected RCPT <[EMAIL PROTECTED]>:
require_files: error for
/home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config:
Permission denied
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47850 I=[82.193.185.25]:25 U=postfix incomplete transaction
(RSET) from <[EMAIL PROTECTED]>
Oct 26 23:22:30 haven exim[25964]: 2006-10-26 23:22:30 SMTP connection from
mail.acc.umu.se [130.239.18.156]:47850 I=[82.193.185.25]:25 closed by QUIT
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 H=mail.acc.umu.se
[130.239.18.156]:47851 I=[82.193.185.25]:25 U=postfix incomplete transaction
(RSET) from <[EMAIL PROTECTED]>
Oct 26 23:22:30 haven exim[25965]: 2006-10-26 23:22:30 SMTP connection from
mail.acc.umu.se [130.239.18.156]:47851 I=[82.193.185.25]:25 closed by QUIT



>2. post your ACLs (or more pertinently, the full config where relevant)


#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########

log_selector = +all

.include /etc/xams/exim-custom.conf [included below]

hide mysql_servers = localhost/xams/xams/[deleted]
domainlist xams_domains = cdb;/etc/xams/localdomains.cdb
domainlist custom_local_domains =
domainlist custom_relay_to_domains =
hostlist custom_relay_from_hosts =
helo_try_verify_hosts = *
helo_lookup_domains = *
.ifdef EXISCAN_MODULE
    # This configuration variable defines the virus scanner that is used
with
    # the 'malware' ACL condition of the exiscan acl-patch. If you do not
use
    # virus scanning, leave it commented. Please read
doc/exiscan-acl-readme.txt
    # for a list of supported scanners.
    # Don't forget to add clamav UID to Debian-exim group.
    av_scanner = clamd:/var/run/clamav/clamd.ctl
.endif
[end of include]

syslog_facility = mail
log_file_path = syslog

trusted_users = root : mail : xams : www-data : sympa

domainlist ListDomains = listor.skyddsrummet.net

domainlist local_domains =
@:+xams_domains:+custom_local_domains:kkr.nu:tallaksen.net:+ListDomains
domainlist relay_to_domains = +custom_relay_to_domains
hostlist   relay_from_hosts = 127.0.0.1 : 10.4.3.2 :
+custom_relay_from_hosts

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mail = acl_check_helo_slow

never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 30s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

.ifdef TLS_ENCRYPTION
  tls_advertise_hosts = *
  tls_certificate = /usr/local/exim/exim.cert
  tls_privatekey = /usr/local/exim/exim.pem
.endif

.ifdef EXISCAN_MODULE
    acl_smtp_data = acl_check_content
.endif

.ifdef MAILSCANNER_INCOMING
  spool_directory = /var/spool/exim4_incoming
  queue_only = true
.elifdef MAILSCANNER_OUTGOING
  spool_directory = /var/spool/exim4
  pid_file_path = /var/run/exim/eximqr.pid
.else
  spool_directory = /var/spool/exim
.endif

.include /etc/xams/exim-global.conf [included below]
received_header_text = Received: \
  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
  {${if def:sender_ident {from $sender_ident }}\
  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
  by $primary_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_cipher {($tls_cipher)\n\t}}\
  (Exim $version_number and XAMS pre-0.0.16)\n\t\
  id $message_id\
  ${if def:received_for {\n\tfor $received_for}}

smtp_banner = $primary_hostname ESMTP Exim $version_number \
  (powered by XAMS pre-0.0.16) $tod_full
[end of include]

.include /etc/xams/exim-sql-macros.conf [included below]
# Global macros
##############################################################

SQL_XAMS_DOMAINS = mysql {\
  SELECT     pm_domains.name \
  FROM       pm_sites \
  INNER JOIN pm_domains \
  ON         pm_domains.siteid = pm_sites.id \
  WHERE      pm_sites.sitestate != 'lockedbounce'}

# Macros for routers
#########################################################
SQL_ALIASES_BOUNCEFORWARD_CONDITION = mysql {\
  SELECT     a.bounceforward \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}

SQL_ALIASES_BLACKHOLE_CONDITION = mysql {\
  SELECT     a.blackhole \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}

SQL_ALIASES_RIGHTPART = mysql {\
  SELECT     LOWER(a.rightpart) \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      '${quote_mysql:$local_part}' != '*' \
  AND        a.leftpart = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain' \
  AND        s.sitestate != 'lockedbounce'}

SQL_FORWARD_DATA = mysql {\
  SELECT     f.filter \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  INNER JOIN pm_exim_filters f \
  ON         u.id = f.userid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '${quote_mysql:$domain}' \
  AND        u.accountstate != 'lockedbounce' \
  AND        u.name = '${quote_mysql:$local_part}' \
  AND        f.active = 'true'}

SQL_LOCK = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      (s.sitestate = 'lockedbounce' OR u.accountstate =
'lockedbounce') \
  AND        d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}

SQL_AUTOREPLY_ROUTER = mysql {\
  SELECT     u.autoreply \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.name = '${quote_mysql:$local_part}' \
  AND        d.name = '$domain'}

SQL_USERS_CONDITION = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}' \
  AND        u.accountstate != 'lockedbounce'}

SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION = mysql {\
  SELECT     a.bounceforward \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}

SQL_CATCH_ALIASES_BLACKHOLE_CONDITION = mysql {\
  SELECT     a.blackhole \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}

SQL_CATCH_ALIASES_RIGHTPART = mysql {\
  SELECT     LOWER(a.rightpart) \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_aliases a \
  ON         s.id = a.siteid \
  WHERE      s.sitestate != 'lockedbounce' \
  AND        d.name = '$domain' \
  AND        a.leftpart = '*'}

# Macros for address_data
####################################################

SQL_GET_SITENAME = mysql {\
  SELECT     s.name \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}

SQL_QUOTA_SITENAME = mysql {\
  SELECT     CASE \
             WHEN u.quota = 0 THEN 1 \
             WHEN u.quota < 0 THEN 0 \
             ELSE concat(u.quota, 'K') \
             END AS quota, \
             s.name AS sitename \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}

SQL_SITENAME_AUTOREPLYTEXT = mysql {\
  SELECT     s.name AS sitename, \
             u.autoreplysubject, \
             u.autoreplytext \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '$domain' \
  AND        u.name = '${quote_mysql:$local_part}'}

# Macros for transports
######################################################

TXT_QUOTA_WARN_MESSAGE = "\
  To: [EMAIL PROTECTED]
  Subject: Your mailbox\n\n\
  This message is automatically created \
  by mail delivery software.\n\n\
  The size of your mailbox has exceeded \
  a warning threshold that is\n\
  set by the system administrator.\n"

TXT_AUTOREPLY_TRANS_SUBJECT = "[EMAIL PROTECTED] is not available to reply
to your mail"

# Authentication macros
######################################################

SQL_AUTH_PLAIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '${domain:$2}' \
  AND        u.relayonauth = 'true' \
  AND        u.name = '${local_part:$2}' \
  AND        password = '${md5:$3}'}

SQL_AUTH_UNIQUE_PLAIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.uniquename = '$2' \
  AND        u.relayonauth = 'true' \
  AND        password = '${md5:$3}'}

SQL_AUTH_LOGIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      d.name = '${domain:$1}' \
  AND        u.relayonauth = 'true' \
  AND        u.name = '${local_part:$1}' \
  AND        password = '${md5:$2}'}

SQL_AUTH_UNIQUE_LOGIN = mysql {\
  SELECT     u.id \
  FROM       pm_sites s \
  INNER JOIN pm_domains d \
  ON         s.id = d.siteid \
  INNER JOIN pm_users u \
  ON         s.id = u.siteid \
  WHERE      u.uniquename = '$1' \
  AND        u.relayonauth = 'true' \
  AND        password = '${md5:$2}'}
[end of include]


begin acl

acl_check_helo_slow:

accept  authenticated = *

  accept  condition     = ${if isip{$sender_helo_name}{yes}{no}}

  warn    condition     = ${if eq {$sender_host_name}{}{yes}{no}}
          set acl_m8    = ${lookup dnsdb{ptr=$sender_host_address}\
                           {${lc:$value}}{}}

  warn    condition     = ${if eq {$sender_host_name}{}{no}{yes}}
          set acl_m8    = $sender_host_name

  accept  condition     = ${if match {$acl_m8}\
                           {${lc:$sender_helo_name}}{yes}{no}}

warn    set acl_m9    = ${lookup dnsdb{a=$sender_helo_name}{$value}{}}

  warn    condition     = ${if eq {$acl_m9}{}{no}{yes}}
          set acl_m9    = ${tr{$acl_m9}{\n}{:}}

  accept  condition     = ${if eq {$acl_m9}{}{no}{yes}}
          condition     = ${if match {$sender_host_address}\
                          {($acl_m9)}{yes}{no}}

  deny    condition     = ${if eq {$acl_m9}{}{yes}{no}}
          condition     = ${if eq {$acl_m8}{}{yes}{no}}
          message       = Bad HELO: $sender_helo_name does not resolve\n\
                          Aditionally, $sender_host_address has no rDNS\n\
                          Please see RFC 2821 section 4.1.1.1,\n\
                          RFC 1123 section 6.1.1 and RFC 1912 section 2.1

accept  condition     = ${if eq {$acl_m8}{}{yes}{no}}

  deny    condition     = ${if eq {${lc:$sender_helo_name}}\
                          {${lc:$sender_address_domain}}{yes}{no}}
          message       = Forged HELO: you are $acl_m8\n\
                          please don't pretend to be $sender_helo_name
          log_message   = Forged HELO: Hostname does not match HELO

  deny    condition     = ${if match {$sender_helo_name}{yahoo}{yes}{no}}
          message       = Forged HELO: you are not $sender_helo_name
          log_message   = Forged HELO: Not a yahoo server

  warn    set acl_m9     = ${lookup{$sender_helo_name} \
                           partial-lsearch{/etc/exim4/helo-check} \
                          {${if eq{$value}{}{$sender_helo_name}{$value}}}{}}

  accept  condition      = ${if eq {$acl_m9}{}{yes}{no}}

  deny    condition      = ${if !match{$acl_m8}{$acl_m9}{yes}{no}}
          message        = Forged HELO: you are not $sender_helo_name
          log_message    = Forged HELO: Not a $acl_m9 server

  accept

acl_check_rcpt:

.ifdef MAILSCANNER_INCOMING
                defer
                message = Please try later.
                !hosts      = /etc/greylistd/whitelist-hosts
                !senders    = :
                log_message = greylisted.
                set acl_m9  = ${mask:$sender_host_address/24}
$sender_address [EMAIL PROTECTED]
                set acl_m9  =
${readsocket{/var/run/greylistd/socket}{$acl_m9}{5s}{}{}}
                condition   = ${if eq {$acl_m9}{grey}{true}{false}}
.endif

  accept  hosts = :
  accept  hosts = 10.4.3.2

  deny    domains       = +local_domains
          local_parts   = ^[.] : [EMAIL PROTECTED]/|]

  deny    domains       = !+local_domains
          local_parts   = ^[./|] : [EMAIL PROTECTED] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains

  require verify        = sender

  accept  domains       = +local_domains
          endpass
          verify        = recipient

deny    hosts           = ! animal.mupp.net
        message         = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
        dnslists        = http.dnsbl.sorbs.net :\
                        socks.dnsbl.sorbs.net :\
                        misc.dnsbl.sorbs.net :\
                        smtp.dnsbl.sorbs.net :\
                        web.dnsbl.sorbs.net :\
                        block.dnsbl.sorbs.net :\
                        zombie.dnsbl.sorbs.net :\
                        badconf.rhsbl.sorbs.net :\
                        nomail.rhsbl.sorbs.net

  accept  domains       = +relay_to_domains
          endpass
          verify        = recipient

  accept  hosts         = +relay_from_hosts

  accept  authenticated = *

  deny    message       = relay not permitted

.ifdef EXISCAN_MODULE

    acl_check_content:

        accept  hosts = +relay_from_hosts

        accept  authenticated = *

        .include /etc/xams/exim-content-acl.conf

        accept
.endif

begin routers

full_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = [EMAIL PROTECTED]/etc/full-aliases}}
  file_transport = address_file
  pipe_transport = address_pipe

.ifdef MAILSCANNER_INCOMING
defer_router:
  driver = redirect
  allow_defer
  data = :defer: All deliveries are deferred
  verify = false
.endif

Sympa_Robots:
        driver = accept
        domains = +ListDomains
        local_parts = sympa : listmaster
        transport = Sympa_Robots_Transport

Sympa_Robots_Request:
        driver = redirect
        domains = +ListDomains
        local_parts = sympa-request : sympa-owner
        data = [EMAIL PROTECTED]

Sympa_Robots_Bounce:
        driver = accept
        domains = +ListDomains
        local_part_prefix = bounce+
        transport = Sympa_Bounce_Transports

Sympa_Owner_Bounce:
        initgroups = true
        driver = accept
        domains = +ListDomains
        require_files = /home/sympa/expl/$domain/$local_part/config
        local_part_suffix = -owner
        user = sympa
        group = sympa
        transport = Sympa_Owner_Bounce_Transport

Sympa_Lists:
        initgroups = true
        driver = accept
        domains = +ListDomains
        require_files = /home/sympa/expl/$domain/$local_part/config
        transport = Sympa_Robots_Transport
        user = sympa
        group = sympa

Sympa_Lists_Suffixes:
        initgroups = true
        driver = accept
        domains = +ListDomains
        local_part_suffix = -request : -editor : -unsubscribe : -subscribe
        require_files = /home/sympa/expl/$domain/$local_part/config
        transport = Sympa_Robots_Transport_Suffixes
        user = sympa
        group = sympa

cookiemonster:
        driver = manualroute
        domains = cookiemonster.mupp.net
        transport = remote_smtp
        route_list = * 10.4.3.2
        host_find_failed = defer
        same_domain_copy_routing = yes
        no_more

kkr:
        driver = manualroute
        domains = kkr.nu : *.kkr.nu
        transport = remote_smtp
        route_list = * 10.4.3.2
        host_find_failed = defer
        same_domain_copy_routing = yes
        no_more

.include /etc/xams/exim-routers.conf [included below]

# handle normal (non-*) aliases - bounce on condition
xams_aliases_forward_before_bounce:
  driver = redirect
  condition = ${lookup SQL_ALIASES_BOUNCEFORWARD_CONDITION}
  allow_defer
  allow_fail
  data = ${lookup SQL_ALIASES_RIGHTPART}
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part
  unseen

# handle normal (non-*) aliases - bounce and forward on condition
xams_aliases_bounce:
  driver = redirect
  condition = ${lookup SQL_ALIASES_BOUNCEFORWARD_CONDITION}
  allow_defer
  allow_fail
  data = :fail: Unknown user
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# handle normal (non-*) aliases - do nothing, delete that mail
xams_aliases_ignore:
  driver = redirect
  condition = ${lookup SQL_ALIASES_BLACKHOLE_CONDITION}
  allow_defer
  allow_fail
  data = :blackhole: Move mail to blackhole
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# Handle normal (non-*) aliases
xams_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup SQL_ALIASES_RIGHTPART}
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# Forward the mail (via Exim/XAMS filter)?
xams_forward:
  driver = redirect
  address_data = ${lookup SQL_QUOTA_SITENAME}
  allow_filter
  check_ancestor
  user = mail
  directory_transport = xams_address_file
  no_expn
  data = ${lookup SQL_FORWARD_DATA{${value}}}
  domains = +xams_domains
  file_transport = xams_address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  retry_use_local_part
  no_verify
  router_home_directory = /var/mail/${lookup
SQL_GET_SITENAME{${value}}}/${lc:$local_part}
  transport_home_directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
#  forbid_filter_perl = true
  forbid_filter_readfile = true
  forbid_filter_readsocket = true
  forbid_filter_run = true
  forbid_pipe = true
  forbid_filter_existstest = true
  forbid_filter_logwrite = true
  forbid_filter_lookup = true
  forbid_include = true
# Does not yet work for errors in SIEVE filters!
# errors are skipped and a keep; is run instead.
  syntax_errors_to = [EMAIL PROTECTED]
  syntax_errors_text = \
               This is an automatically generated message.  An error has\n\
               been found in your .eximfilter file.  Details of the error
are\n\
               reported below.  While this error persists, you will
receive\n\
               a copy of this message for every message that is addressed
to\n\
               you.  A copy of each incoming message will be put in your
normal\n\
               mailbox.


# Fail if recipients mailbox (or his site) is set 'locked and bounced'
xams_lock:
  driver = redirect
  allow_defer
  allow_fail
  data = :fail: user not known to the system
  domains = +xams_domains
  condition = "${lookup SQL_LOCK}"
  retry_use_local_part

# Is auto reply set on user's mailbox?
xams_autoreply:
  driver = accept
  address_data = ${lookup SQL_SITENAME_AUTOREPLYTEXT}
  condition = ${lookup SQL_AUTOREPLY_ROUTER{${value}}}
  domains = +xams_domains
  transport = xams_autoreply_transport
  unseen

# Standard delivery of mail to user's mailbox
xams_users:
  driver = accept
  address_data = ${lookup SQL_QUOTA_SITENAME}
  condition = ${lookup SQL_USERS_CONDITION}
  domains = +xams_domains
  retry_use_local_part
  router_home_directory = /var/mail/${lookup
SQL_GET_SITENAME{${value}}}/${lc:$local_part}
  transport_home_directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
  transport = xams_delivery

# handle * aliases - bounce on condition
xams_catch_aliases_forward_before_bounce:
  driver = redirect
  condition = ${lookup SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION}
  allow_defer
  allow_fail
  data = ${lookup SQL_CATCH_ALIASES_RIGHTPART}
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part
  unseen

# handle * aliases - bounce and forward on condition
xams_catch_aliases_bounce:
  driver = redirect
  condition = ${lookup SQL_CATCH_ALIASES_BOUNCEFORWARD_CONDITION}
  allow_defer
  allow_fail
  data = :fail: Unknown user
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# handle * aliases - do nothing, delete that mail
xams_catch_aliases_ignore:
  driver = redirect
  condition = ${lookup SQL_CATCH_ALIASES_BLACKHOLE_CONDITION}
  allow_defer
  allow_fail
  data = :blackhole: Move mail to blackhole
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# handle * aliases - forward
xams_catch_aliases_forward:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup SQL_CATCH_ALIASES_RIGHTPART{$value}}
  domains = +xams_domains
  qualify_preserve_domain
  retry_use_local_part

# None of the routers found an user, aliases or whatever - Unknown user
xams_fail:
  driver = redirect
  allow_fail
  domains = +xams_domains
  data = :fail: Unknown user
haven:/etc/xams#
[end of include]

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe

userforward:
  driver = redirect
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply

localuser:
  driver = accept
  check_local_user
  transport = local_delivery
  cannot_route_message = Unknown user

begin transports
.include /etc/xams/exim-transports.conf [included below]
xams_delivery:
  driver = appendfile
  check_string =
  delivery_date_add
  envelope_to_add
  group = mail
  maildir_format
  directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}
  maildir_tag = ,S=$message_size
  message_prefix =
  message_suffix =
  quota = ${extract{quota}{$address_data}}
  maildir_use_size_file
  quota_size_regex = S=(\d+):
  quota_warn_threshold = 75%
  quota_warn_message = TXT_QUOTA_WARN_MESSAGE
  return_path_add
  user = mail
  create_file = belowhome

xams_address_file:
  driver = appendfile
  check_string =
  delivery_date_add
  envelope_to_add
  group = mail
  maildir_format = true
  directory =
/var/mail/${extract{sitename}{$address_data}}/${lc:$local_part}/${sg{$addres
s_file}{^inbox}{}}
  maildir_tag = ,S=$message_size
  message_prefix =
  message_suffix =
  quota = ${extract{quota}{$address_data}}
  maildir_use_size_file
  quota_size_regex = S=(\d+):
  return_path_add
  user = mail
  create_file = belowhome

xams_autoreply_transport:
  driver = autoreply
  user = mail
  group = mail
  once =
/etc/xams/autoreply/${extract{sitename}{$address_data}}/${lc:$local_part}.on
ce
  once_repeat = 7d
  subject = ${rfc2047:${extract{autoreplysubject}{$address_data}}}
  to = $sender_address
  from = [EMAIL PROTECTED]
  text = ${from_utf8:${extract{autoreplytext}{$address_data}}}
  return_message = true
  # Do you want to log all sent replies?
  #log =
/etc/xams/autoreply/${extract{sitename}{$address_data}}/${lc:$local_part}.lo
g
[end of include]


Sympa_Robots_Transport:
        driver = pipe
        command = "/home/sympa/bin/queue [EMAIL PROTECTED]"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa

Sympa_Bounce_Transports:
        driver = pipe
        command = "/home/sympa/bin/bouncequeue [EMAIL PROTECTED]"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa

Sympa_Owner_Bounce_Transport:
        driver = pipe
        command = "/home/sympa/bin/bouncequeue [EMAIL PROTECTED]"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa

Sympa_Robots_Transport_Suffixes:
        driver = pipe
        command = "/home/sympa/bin/queue
[EMAIL PROTECTED]"
        return_path_add
        delivery_date_add
        envelope_to_add
        user = sympa
        group = sympa
        current_directory = /home/sympa
        home_directory = /home/sympa

remote_smtp:
  driver = smtp

local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if !eq {} \
    {${if eq {} {${domain:$2}} \
        {${lookup SQL_AUTH_UNIQUE_PLAIN{1}}} \
        {${lookup SQL_AUTH_PLAIN{1}}} \
    }} \
    {yes}{no} \
  }
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if !eq {} \
    {${if eq {} {${domain:$1}} \
        {${lookup SQL_AUTH_UNIQUE_LOGIN{1}}} \
        {${lookup SQL_AUTH_LOGIN{1}}} \
    }} \
    {yes}{no} \
  }
  server_set_id = $1




> 3. run in session test mode ( -bh ip.add.re.ss ) with debug ( -d +all ) 3.
try >another angle of attack such as strace

Does any of the above give any clue? If not, I'll try stracing.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to