From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/78241 Path: news.gmane.org!not-for-mail From: Matthias Andree Newsgroups: gmane.emacs.gnus.general Subject: using Exim 4 w/ multiple smarthosts (was: making sendmail call to msmtp asynchronous?) Date: Wed, 30 Mar 2011 15:40:43 +0200 Message-ID: <20110330134043.GA1342@apollo.emma.line.org> References: <87k4ft9es7.fsf@ericabrahamsen.net> <8739m5juqt.fsf@ericabrahamsen.net> <20110330093608.GA22794@apollo.emma.line.org> <507hbgq0kg.fsf@news.eternal-september.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1301492476 4222 80.91.229.12 (30 Mar 2011 13:41:16 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 30 Mar 2011 13:41:16 +0000 (UTC) To: Richard Riley , ding@gnus.org Original-X-From: ding-owner+M26551@lists.math.uh.edu Wed Mar 30 15:41:12 2011 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q4ve2-00009D-Or for ding-account@gmane.org; Wed, 30 Mar 2011 15:41:11 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1Q4vdn-0002HP-Py; Wed, 30 Mar 2011 08:40:55 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1Q4vdm-0002H9-7C for ding@lists.math.uh.edu; Wed, 30 Mar 2011 08:40:54 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1Q4vdk-0005IX-Np for ding@lists.math.uh.edu; Wed, 30 Mar 2011 08:40:54 -0500 Original-Received: from krusty.dt.e-technik.uni-dortmund.de ([129.217.163.1] helo=krusty.dt.e-technik.tu-dortmund.de) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1Q4vdj-0000la-4p for ding@gnus.org; Wed, 30 Mar 2011 15:40:51 +0200 Original-Received: from mandree.no-ip.org (g226226002.adsl.alicedsl.de [92.226.226.2]) by mail.dt.e-technik.tu-dortmund.de (Postfix) with ESMTPSA id C1DC89878E; Wed, 30 Mar 2011 15:40:45 +0200 (CEST) Original-Received: from apollo.emma.line.org (apollo.emma.line.org [192.168.0.4]) by merlin.emma.line.org (Postfix) with ESMTP id 82AEA945B7; Wed, 30 Mar 2011 15:40:31 +0200 (CEST) Original-Received: by apollo.emma.line.org (Postfix, from userid 1000) id 38FBF25AE3C; Wed, 30 Mar 2011 15:40:44 +0200 (CEST) Content-Disposition: inline In-Reply-To: <507hbgq0kg.fsf@news.eternal-september.org> User-Agent: Mutt/1.5.20 (2009-06-14) X-MIME-Error: demime acl condition: uuencoded line length is not a multiple of 4 characters X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:78241 Archived-At: Am 30.03.2011 14:01, schrieb Richard Riley: > Matthias Andree writes: > >> On Wed, Mar 30, 2011 at 08:38:46AM +0200, Richard Riley wrote: >>> Not without pain. Of course. Exim4 is up there with the worst when it >>> comes to "simple tweaks" and enabling exim4 for multiple smarthosts >>> proved impossible (for me) give or take despite some old configs out >>> there in google land for exim1-3 but not 4. Why not use exim4s smtp send >>> facility? Its a pain if you travel : here I sit on holiday and smtp >>> ports for outgoing are blocked by the ISP and/or the hotel router. Gah! >> >> While I could offer you sample configs from my Cygwin installation, I've >> found out the hard way (this time on FreeBSD) that Exim4 has a very >> awkward lock-destination-sites behaviour that requires major manual >> interventions to purge the retry/site database to get mails unstuck, >> thus I decided I'm not going to install any more of that. >> >> While Postfix is a bit more of an effort to configure (enable >> sender-based authentication, enable sender-based relay, enable smtp (not >> smtpd)-side tls, enable smtp-side sasl, permit plaintext authentication >> on secure tls channels, set up all the maps, I find it's more >> transparent and has less magic special casing underneath that confuses >> the heck out of myself. >> > > Much as I dislike Exim4 docs, I have to stick up for it here. Using a > single smarthost as I described is pretty straightforward. The docs are quite detailed, however the hard-wired defaults and to a lesser extent the default configuration take you in for a few surprises. > Clearing frozen mails caused by a destination refusing your mail because > your IP is blacklisted or smtp ports are blocked is a google away. ...or just because the Exim4 host has been down for a while. BTST, and that takes users by surprise, so you need to figure out how to kick and purge /var/spool/exim/db/* so that exim actually tries again. It's not sufficient to use exim -qff in such situations. :-( The delay_after_cutoff=true default that can cause routers to get jammed and bounce all mail is quite unobvious... It's not Exim's TLS/SASL configuration or sender-dependent smarthost configuration, but exactly the retry-, wait- and delay_after_cutoff stuff. I haven't had such nasty effects as I've had with Exim's remote_smtp in a dozen years with Postfix. Anyways, here we go, a few comments inlined. Works for me with the default Exim configuration around it with Exim 4.70 on Cygwin 1.5 and 1.7 and Exim 4.75 on FreeBSD 8.2 (the original intent was to log everything while I had to use Outlook 2003 and didn't trust it and make sure that I know where the credentials are so that I could exclude them from or encrypt them for the networked backup). Note that Postfix supports per-sender authentication, too, not just per-smarthost authentication. In that case, Postfix figures out by itself that it can only reuse TLS connections for mail from the same sender. I wouldn't know how to tell Exim4 that. This snippet, however, probably would not exist had there been a Postfix port to Windows or Cygwin in 2007 :-) ######################################################################## # Exim 4 sender-dependent smarthosts: begin routers smarthost1: driver = manualroute domains = ! +local_domains senders = address1@example.org : address2@example.org transport = remote_smtp_ssl route_data = "mailhost1.example.net::587" # smarthost2 also for bounces (nothing between = and :) smarthost2: driver = manualroute domains = ! +local_domains senders = : domain2.example transport = remote_smtp_ssl route_data = "hermes2.example.org::587" # smarthost3 uses an autossh tunnel: smarthost_freebsd: driver = manualroute domains = ! +local_domains senders = FreeBSD.org transport = remote_smtp route_data = "localhost::1234" self = send # other stuff (forward, local delivery etc.) goes here. # the example configure file is quite sound. # ... begin transports # ... # note this is the simple way, all remote_smtp_ssl # routed mail requires TLS and AUTH and assumes # trusted certs in /etc/ssl/certs # remote_smtp_ssl: driver = smtp hosts_require_tls = * hosts_require_auth = * tls_verify_certificates = /etc/ssl/certs delay_after_cutoff = false # ... begin authenticators PLAIN: driver = plaintext server_set_id = $auth2 server_prompts = : server_condition = Authentication is not yet configured server_advertise_condition = ${if def:tls_cipher } client_send = "${extract{auth_plain}{${lookup{$host}lsearch{/usr/local/etc/exim/smtp_auth}{$value}fail}}}" ############################################################# ... the credentials are in the file /usr/local/etc/exim/smtp_auth (buried deep inside client_send) in the form mailhost1.example.net: auth_plain=^USERNAME^PASSWORD ######## HTH Matthias