Господа, помогите!
есть: exim+dovecot+mysql, очень нужно настроить таким образом что бы пользователи могли использовать smtp снаружи, используя те же учетные данные что и на pop.mail# exim -bV
Exim version 4.69 #4 (FreeBSD 7.1) built 11-Nov-2009 23:58:18
Copyright (c) University of Cambridge 2006
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch mysql nis nis0 passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure
изнутри все работает как вы хотите?
> изнутри все работает как вы хотите?да
>> изнутри все работает как вы хотите?
> датогда и снаружи должно работать, если вы откроете доступ
>>> изнутри все работает как вы хотите?
>> да
> тогда и снаружи должно работать, если вы откроете доступПростите, я наверное не понял Вашего вопроса, внутри все работает без авторизации smtp
:)
оставайтесь на линии, скоро наши штатные телепаты догадаются о содержании вашего конфигурационного файла
> оставайтесь на линии, скоро наши штатные телепаты догадаются о содержании вашего конфигурационного
> файлаИ охота вам в чужих конфигах копаться
Вот ссылка по настройке. Может поможет.
http://www.lissyara.su/articles/freebsd/mail/exim+dovecot+po.../
>> оставайтесь на линии, скоро наши штатные телепаты догадаются о содержании вашего конфигурационного
>> файла
> И охота вам в чужих конфигах копаться
> Вот ссылка по настройке. Может поможет.
> http://www.lissyara.su/articles/freebsd/mail/exim+dovecot+po.../добавил в аторизацию последнюю секцию, если ее раскоментить то у большенства пользователей проблем с авторизацией не возникает, но у нескольких пароль не проходит.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################primary_hostname = mail.xxx.su
hide mysql_servers = localhost/exim/exim/exim
#domainlist local_domains = @
domainlist local_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}} : lsearch;/etc/stuff_ddomainlist relay_to_domains = ${lookup mysql{SELECT `domain` FROM `domain` WHERE `domain`='${domain}' AND `active`='1'}}
hostlist relay_from_hosts = localhost : 127.0.0.0/8 : 10.0.0.0/24
acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data#
qualify_domain = xxx.su
exim_user = mailnull
exim_group = mail
never_users = root#rfc1413_hosts = *
rfc1413_query_timeout = 0ssender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 2d# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
# split_spool_directory = truesmtp_banner = "NKarvenov wuzz here :)"
smtp_accept_max = 20
#default value = 20smtp_accept_max_per_host = 2
smtp_receive_timeout = 25s
recipients_max = 10
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################begin acl
acl_check_helo:
drop condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message ="you are spammer!"accept
acl_check_rcpt:
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
############################################################################## Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.accept local_parts = postmaster
domains = +local_domains# Deny unless the sender address can be verified.
require verify = sender
accept hosts = +relay_from_hosts
control = submission# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.accept authenticated = *
control = submission# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.require message = relay not permitted
domains = +local_domains : +relay_to_domains# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains. The only way to check local parts for the remote
# relay domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.require verify = recipient
#############################################################################
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
# point. The first one denies, whereas the second just warns.
#
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
#
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
##########################################################################################################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################accept domains = +local_domains
endpass
message = "no such user"
verify = recipientaccept domains = +relay_to_domains
endpass
message = "dont know how to relay"
verify = recipientaccept hosts = +relay_from_hosts
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.# accept
deny message = "Relay not permitted"acl_check_data:
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
# deny malware = *
# message = This message contains a virus ($malware_name).# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option above.
#
# warn spam = nobody
# add_header = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report# Accept the message.
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################begin routers
system_aliases:
driver = redirect
allow_fail
allow_defer
# data = ${lookup{$local_part}lsearch{/etc/aliases}}
data = ${lookup mysql{SELECT `goto` FROM `alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}}
user = mailnull
group = mail
file_transport = address_file
pipe_transport = address_pipe#localuser:
# driver = accept
# check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
# transport = local_delivery
# cannot_route_message = Unknown userdovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM \
`alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_deliverystuff:
driver = accept
domains = lsearch;/etc/stuff_d
condition = ${lookup {$local_part}lsearch{/etc/stuff_u}{yes}{no}}
# condition = ${lookup{$domain}lsearch{/etc/stuff_d}} and ${lookup{$local_part}lsearch{/etc/stuff_u}}
# condition = ${lookup{$local_part}lsearch{/etc/stuff_u}}
transport = dovecot_deliverydnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more#smarthost:
# driver = manualroute
# transport = smarthost
# route_list = * exchange.consaltex.local######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
####################################################################### A transport is used only when referenced from a router that successfully
# handles an address.begin transports
# This transport is used for delivering messages over SMTP connections.remote_smtp:
driver = smtpdovecot_delivery:
driver = pipe
command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = mailnulllocal_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
user = $local_part
mode = 0660
no_mode_fail_narroweraddress_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.address_reply:
driver = autoreply#smarthost:
# driver = smtp
# hosts = exchange.consaltex.local######################################################################
# RETRY CONFIGURATION #
######################################################################begin retry
# Address or Domain Error Retries
# ----------------- ----- -------* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
####################################################################### There are no rewriting specifications in this default configuration file.
begin rewrite
#nagios@consaltex.ru null@consaltex.ru Ffw
nagios@consaltex.ru /dev/null@consaltex.ru Ehw
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.#PLAIN:
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.#LOGIN:
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }#auth_login:
# driver = plaintext
# public_name = LOGIN
# server_prompts = Username:: : Password::
# server_condition = "${if crypteq{$2}{${lookup mysql{SELECT `password` FROM `mailbox` WHERE `username` = '${quote_mysql:$1}'}}}{yes}{no}}"
# server_set_id = $1######################################################################
# CONFIGURATION FOR local_scan() #
####################################################################### If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.# begin local_scan
# End of Exim configuration file