From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/78242 Path: news.gmane.org!not-for-mail From: Richard Riley Newsgroups: gmane.emacs.gnus.general Subject: Re: using Exim 4 w/ multiple smarthosts Date: Wed, 30 Mar 2011 15:30:05 +0200 Organization: aich tea tea pea dicky riley dot net Message-ID: <7fhbak20te.fsf@news.eternal-september.org> References: <87k4ft9es7.fsf@ericabrahamsen.net> <8739m5juqt.fsf@ericabrahamsen.net> <20110330093608.GA22794@apollo.emma.line.org> <507hbgq0kg.fsf@news.eternal-september.org> <20110330134043.GA1342@apollo.emma.line.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1301496031 27675 80.91.229.12 (30 Mar 2011 14:40:31 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 30 Mar 2011 14:40:31 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M26552@lists.math.uh.edu Wed Mar 30 16:40:27 2011 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q4wZM-0002h2-Hp for ding-account@gmane.org; Wed, 30 Mar 2011 16:40:25 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1Q4wYm-0002iZ-4g; Wed, 30 Mar 2011 09:39:48 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1Q4wYk-0002iL-Hv for ding@lists.math.uh.edu; Wed, 30 Mar 2011 09:39:46 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1Q4wYi-0005c8-Ge for ding@lists.math.uh.edu; Wed, 30 Mar 2011 09:39:46 -0500 Original-Received: from mail-fx0-f44.google.com ([209.85.161.44]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1Q4wYh-0002np-Ix for ding@gnus.org; Wed, 30 Mar 2011 16:39:43 +0200 Original-Received: by fxm15 with SMTP id 15so1781300fxm.17 for ; Wed, 30 Mar 2011 07:39:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:from:to:subject:in-reply-to:date:organization :message-id:references:user-agent:mime-version:content-type :content-transfer-encoding; bh=1rIK/ObSAjdXGKW3axxbOC6C5nc8NdrtUZn+LoSa0rs=; b=XkCQuh5gN7QEQ5hBPJYqwdPT+4w1AA8Tg2GTrRTiTJRsIb8QqmzYkjjTegHAdQugXC w/LTrLjwli8+kX7q3O+26TiKCmzVbAsPl2VSXIIdtmXBqaiX4P56xVU/4cxk3szWurKO fDCIWLOtfmBsXgkd7K4mr/hkObVGeZYQBYvwU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:subject:in-reply-to:date:organization:message-id:references :user-agent:mime-version:content-type:content-transfer-encoding; b=v6fGRudDeFc7TaqqXXiYvI5wqrCPyeM0o84xle+vhMLQbz/4mJ8uoLyQBkVKuXgpsE SxDtamWox7fWDhxZWPpBPv8Dqp1xZt+ItmTETh4UV7fmZ/jdw9WPihtaa3aU6n6r4+f2 LiPCS613/j67UAg3wpeacxup5ei9/kkgWp0wA= Original-Received: by 10.223.26.205 with SMTP id f13mr1396158fac.49.1301495976938; Wed, 30 Mar 2011 07:39:36 -0700 (PDT) Original-Received: from asus1015pem (254.Red-83-39-155.dynamicIP.rima-tde.net [83.39.155.254]) by mx.google.com with ESMTPS id j12sm72476fax.9.2011.03.30.07.39.33 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 30 Mar 2011 07:39:34 -0700 (PDT) Original-Received: from shamrock by asus1015pem with local (Exim 4.72) (envelope-from ) id 1Q4vd4-0003ux-VH for ding@gnus.org; Wed, 30 Mar 2011 15:40:11 +0200 In-Reply-To: <20110330134043.GA1342@apollo.emma.line.org> (Matthias Andree's message of "Wed, 30 Mar 2011 15:40:43 +0200") User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/23.2 (gnu/linux) X-Spam-Score: -3.0 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:78242 Archived-At: Matthias Andree writes: > Am 30.03.2011 14:01, schrieb Richard Riley: >> Matthias Andree writes: >>=20 >>> On Wed, Mar 30, 2011 at 08:38:46AM +0200, Richard Riley wrote: >>>> Not without pain. Of course. Exim4 is up there with the worst when it >>>> comes to "simple tweaks" and enabling exim4 for multiple smarthosts >>>> proved impossible (for me) give or take despite some old configs out >>>> there in google land for exim1-3 but not 4. Why not use exim4s smtp se= nd >>>> facility? Its a pain if you travel : here I sit on holiday and smtp >>>> ports for outgoing are blocked by the ISP and/or the hotel router. Gah! >>> >>> While I could offer you sample configs from my Cygwin installation, I've >>> found out the hard way (this time on FreeBSD) that Exim4 has a very >>> awkward lock-destination-sites behaviour that requires major manual >>> interventions to purge the retry/site database to get mails unstuck, >>> thus I decided I'm not going to install any more of that. >>> >>> While Postfix is a bit more of an effort to configure (enable >>> sender-based authentication, enable sender-based relay, enable smtp (not >>> smtpd)-side tls, enable smtp-side sasl, permit plaintext authentication >>> on secure tls channels, set up all the maps, I find it's more >>> transparent and has less magic special casing underneath that confuses >>> the heck out of myself. >>> >>=20 >> Much as I dislike Exim4 docs, I have to stick up for it here. Using a >> single smarthost as I described is pretty straightforward. > > The docs are quite detailed, however the hard-wired defaults and to a > lesser extent the default configuration take you in for a few surprises. > >> Clearing frozen mails caused by a destination refusing your mail because >> your IP is blacklisted or smtp ports are blocked is a google away. > > ...or just because the Exim4 host has been down for a while. BTST, and > that takes users by surprise, so you need to figure out how to kick and > purge /var/spool/exim/db/* so that exim actually tries again. It's not > sufficient to use exim -qff in such situations. :-( > > The delay_after_cutoff=3Dtrue default that can cause routers to get jammed > and bounce all mail is quite unobvious... > > It's not Exim's TLS/SASL configuration or sender-dependent smarthost > configuration, but exactly the retry-, wait- and delay_after_cutoff > stuff. I haven't had such nasty effects as I've had with Exim's > remote_smtp in a dozen years with Postfix. Anyways, here we go, a few > comments inlined. Works for me with the default Exim configuration > around it with Exim 4.70 on Cygwin 1.5 and 1.7 and Exim 4.75 on FreeBSD > 8.2 (the original intent was to log everything while I had to use > Outlook 2003 and didn't trust it and make sure that I know where the > credentials are so that I could exclude them from or encrypt them for > the networked backup). > > Note that Postfix supports per-sender authentication, too, not just > per-smarthost authentication. In that case, Postfix figures out by > itself that it can only reuse TLS connections for mail from the same > sender. I wouldn't know how to tell Exim4 that. > > This snippet, however, probably would not exist had there been a Postfix > port to Windows or Cygwin in 2007 :-) > > ######################################################################## > # Exim 4 sender-dependent smarthosts: > > begin routers > > smarthost1: > driver =3D manualroute > domains =3D ! +local_domains > senders =3D address1@example.org : address2@example.org > transport =3D remote_smtp_ssl > route_data =3D "mailhost1.example.net::587" > > # smarthost2 also for bounces (nothing between =3D and :) > smarthost2: > driver =3D manualroute > domains =3D ! +local_domains > senders =3D : domain2.example > transport =3D remote_smtp_ssl > route_data =3D "hermes2.example.org::587" > > # smarthost3 uses an autossh tunnel: > smarthost_freebsd: > driver =3D manualroute > domains =3D ! +local_domains > senders =3D FreeBSD.org > transport =3D remote_smtp > route_data =3D "localhost::1234" > self =3D send > > # other stuff (forward, local delivery etc.) goes here. > # the example configure file is quite sound. > > # ... > > begin transports > > # ... > > # note this is the simple way, all remote_smtp_ssl > # routed mail requires TLS and AUTH and assumes > # trusted certs in /etc/ssl/certs > # > remote_smtp_ssl: > driver =3D smtp > hosts_require_tls =3D * > hosts_require_auth =3D * > tls_verify_certificates =3D /etc/ssl/certs > delay_after_cutoff =3D false > > # ... > > begin authenticators > > PLAIN: > driver =3D plaintext > server_set_id =3D $auth2 > server_prompts =3D : > server_condition =3D Authentication is not yet configured > server_advertise_condition =3D ${if def:tls_cipher } > client_send =3D > "${extract{auth_plain}{${lookup{$host}lsearch{/usr/local/etc/exim/smtp_au= th}{$value}fail}}}" > > ############################################################# > > ... the credentials are in the file /usr/local/etc/exim/smtp_auth > (buried deep inside client_send) in the form > > mailhost1.example.net: auth_plain=3D^USERNAME^PASSWORD > > ######## > > HTH > Matthias Interesting post, but I think this doesnt work with multiple gmail smtp servers since they are all keyed by the same smtp server name. It needs to be keyed by the from address. Hairy stuff all in all. I am surprised its not a default config example to be honest. I do have a set up in emacs for dynamically channging he smtp server and credentials based on from/posting style in emacs but of course this isnt asynchronous and causes an "intolerable" (aren't we spoiled these days? ;)) delay. --=20 =E2=98=98 http://www.shamrockirishbar.com, http://splash-of-open-sauce.blog= spot.com/ http://www.richardriley.net