diff options
Diffstat (limited to 'debian/debconf/conf.d')
34 files changed, 951 insertions, 0 deletions
diff --git a/debian/debconf/conf.d/acl/00_exim4-config_header b/debian/debconf/conf.d/acl/00_exim4-config_header new file mode 100644 index 0000000..76b017e --- /dev/null +++ b/debian/debconf/conf.d/acl/00_exim4-config_header @@ -0,0 +1,8 @@ + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + + diff --git a/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny b/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny new file mode 100644 index 0000000..7ff368f --- /dev/null +++ b/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny @@ -0,0 +1,29 @@ +# This access control list is used to determine whitelisted senders and +# hosts. It checks for CONFDIR/local_host_whitelist and +# CONFDIR/local_sender_whitelist. +# +# It is meant to be used from some other acl entry. +# +# For example, +# deny message = local blacklist example +# !acl = acl_whitelist +# dnslist = some.dns.list.example +# will allow messages with envelope sender listed in local_sender_whitelist +# or messages coming in from hosts listed in local_host_whitelist to be +# accepted even if the delivering host is listed in the dns list. +# +# Whitelisting can also be configured by including negative items in the +# black list. See /usr/share/doc/exim4-config/default_acl for details. +# +# If the files do not exist, the white list never matches, which is +# the desired behaviour. + +acl_whitelist_local_deny: + accept hosts = ${if exists{CONFDIR/local_host_whitelist}\ + {CONFDIR/local_host_whitelist}\ + {}} + accept senders = ${if exists{CONFDIR/local_sender_whitelist}\ + {CONFDIR/local_sender_whitelist}\ + {}} + + diff --git a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt new file mode 100644 index 0000000..13d5852 --- /dev/null +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt @@ -0,0 +1,118 @@ +# This access control list is used for every RCPT command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_rcpt: + # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by + # testing for an empty sending host field. + accept hosts = : + + # Deny if the local part contains @ or % or / or | or !. These are rarely + # found in genuine local parts, but are often tried by people looking to + # circumvent relaying restrictions. + # + # Also deny if the local part starts with a dot. Empty components aren't + # strictly legal in RFC 2822, but Exim allows them because this is common. + # However, actually starting with a dot may cause trouble if the local part + # is used as a file name (e.g. for a mailing list). + # + deny local_parts = ^.*[@%!/|] : ^\\. + + # Accept mail to postmaster in any local domain, regardless of the source, + # and without verifying the sender. + # + accept local_parts = postmaster + domains = +local_domains + + # Deny unless the sender address can be verified. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable the following line. + # deny !acl = acl_whitelist_local_deny + # !verify = sender + + # Warn if the sender host does not have valid reverse DNS. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable the following lines. + # warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address + # !verify = reverse_host_lookup + + # deny bad senders (envelope sender) + # CONFDIR/local_sender_blacklist holds a list of envelope senders that + # should have their access denied to the local host. Incoming messages + # with one of these senders are rejected at RCPT time. + # + # The explicit white lists are honored as well as negative items in + # the black list. See /usr/share/doc/exim4-config/default_acl for details. + deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_whitelist_local_deny + senders = ${if exists{CONFDIR/local_sender_blacklist}\ + {CONFDIR/local_sender_blacklist}\ + {}} + + # deny bad sites (IP address) + # CONFDIR/local_host_blacklist holds a list of host names, IP addresses + # and networks (CIDR notation) that should have their access denied to + # The local host. Messages coming in from a listed host will have all + # RCPT statements rejected. + # + # The explicit white lists are honored as well as negative items in + # the black list. See /usr/share/doc/exim4-config/default_acl for details. + deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_whitelist_local_deny + hosts = ${if exists{CONFDIR/local_host_blacklist}\ + {CONFDIR/local_host_blacklist}\ + {}} + + + ############################################################################# + # There are no checks on DNS "black" lists because the domains that contain + # these lists are changing all the time. You can find examples of + # how to use dnslists in /usr/share/doc/exim4-config/examples/acl + ############################################################################# + + # Accept if the address is in a local domain, but only if the recipient can + # be verified. Otherwise deny. The "endpass" line is the border between + # passing on to the next ACL statement (if tests above it fail) or denying + # access (if tests below it fail). + # + accept domains = +local_domains + endpass + message = unknown user + verify = recipient + + # Accept if the address is in a domain for which we are relaying, but again, + # only if the recipient can be verified. + # + accept domains = +relay_to_domains + endpass + message = unrouteable address + verify = recipient + + # If control reaches this point, the domain is neither in +local_domains + # nor in +relay_to_domains. + + # Accept if the message comes from one of the hosts for which we are an + # outgoing relay. Recipient verification is omitted here, because in many + # cases the clients are dumb MUAs that don't cope well with SMTP error + # responses. If you are actually relaying out from MTAs, you should probably + # add recipient verification here. + # + accept hosts = +relay_from_hosts + + # Accept if the message arrived over an authenticated connection, from + # any host. Again, these messages are usually from MUAs, so recipient + # verification is omitted. + # + accept authenticated = * + + # Reaching the end of the ACL causes a "deny", but we might as well give + # an explicit message. + # + deny message = relay not permitted + + + diff --git a/debian/debconf/conf.d/acl/40_exim4-config_check_data b/debian/debconf/conf.d/acl/40_exim4-config_check_data new file mode 100644 index 0000000..220a572 --- /dev/null +++ b/debian/debconf/conf.d/acl/40_exim4-config_check_data @@ -0,0 +1,29 @@ +# 40_exim4-config_check_data + +acl_check_data: + # Add Message-ID if missing + warn condition = ${if !def:h_Message-ID: {1}} + hosts = +relay_from_hosts + message = Message-ID: <E$message_id@$primary_hostname> + + # Deny unless the address list headers are syntactically correct. + # + # This is disabled by default because it might reject legitimate mail. + # If you want your system to insist on syntactically valid address + # headers, you might want to enable the following lines. + # deny message = Message headers fail syntax check + # !acl = acl_whitelist_local_deny + # !verify = header_syntax + + # require that there is a verifiable sender address in at least + # one of the "Sender:", "Reply-To:", or "From:" header lines. + # deny message = No verifiable sender address in message headers + # !acl = acl_whitelist_local_deny + # !verify = header_sender + + # enforce a message-size limit + # deny message = Message size $message_size is larger than limit of MESSAGE_SIZE_LIMIT + # condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{yes}{no}} + + # accept otherwise + accept diff --git a/debian/debconf/conf.d/auth/00_exim4-config_header b/debian/debconf/conf.d/auth/00_exim4-config_header new file mode 100644 index 0000000..c5f8fc1 --- /dev/null +++ b/debian/debconf/conf.d/auth/00_exim4-config_header @@ -0,0 +1,8 @@ + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### + +begin authenticators + + diff --git a/debian/debconf/conf.d/auth/30_exim4-config_examples b/debian/debconf/conf.d/auth/30_exim4-config_examples new file mode 100644 index 0000000..dbc3b9b --- /dev/null +++ b/debian/debconf/conf.d/auth/30_exim4-config_examples @@ -0,0 +1,102 @@ + +### auth/30_exim4-config_examples +################################# + +# The examples below are for server side authentication; they allow two +# styles of plain-text authentication against an CONFDIR/passwd file +# which should have user IDs in the first column and crypted passwords +# in the second. The columns need to be separated by ':'. For CRAM-MD5 +# exim needs access to the UNECRYPTED passwd - the example below assumes +# it is avalable in the third column of CONFDIR/passwd + +# plain_server: +# driver = plaintext +# public_name = PLAIN +# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" +# server_set_id = $2 +# server_prompts = : +# +# login_server: +# driver = plaintext +# public_name = LOGIN +# server_prompts = "Username:: : Password::" +# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" +# server_set_id = $1 +# +# cram_md5_server: +# driver = cram_md5 +# public_name = CRAM-MD5 +# server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}fail}}} +# server_set_id = $1 + +# Here is an example of CRAM-MD5 authentication against PostgreSQL: +# +# psqldb_auth: +# driver = cram_md5 +# public_name = CRAM-MD5 +# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$1}'}{$value}fail} +# server_set_id = $1 + +# Authenticate against local passwords using sasl2-bin +# +# plain_saslauthd: +# driver = plaintext +# public_name = PLAIN +# # don't send system passwords over unencrypted connections +# server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}} +# server_condition = ${if saslauthd{{$2}{$3}}{1}{0}} +# server_set_id = $2 +# server_prompts = : + +############## +# See /usr/share/doc/exim4-base/README.SMTP-AUTH +############## + +# These examples below are the equivalent for client side authentication. +# They get the passwords from CONFDIR/passwd.client. This file should have +# three columns separated by colons, the first contains the name of the +# mailserver to authenticate against, the second the username and the third +# contains the password. + +### # example for CONFDIR/passwd.client +### mail.server:blah:secret +### # default entry: +### *:bar:foo + +cram_md5: + driver = cram_md5 + public_name = CRAM-MD5 + client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} + client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} + +# Because AUTH PLAIN sends the password in clear, per default we only allow it +# over encrypted connections. If you want to change this disable the existing +# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}" +# by removing the hash-mark (#) at the beginning of the line. +plain: + driver = plaintext + public_name = PLAIN + client_send = "${if !eq{$tls_cipher}{}{\ + ^${extract{1}{::}\ + {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\ + ^${extract{2}{::}\ + {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\ + }fail}" +# client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" + +# Because AUTH LOGIN sends the password in clear, per default we only allow it +# over encrypted connections. If you want to change this disable the existing +# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}" +# by removing the hash-mark (#) at the beginning of the line. +login: + driver = plaintext + public_name = LOGIN + client_send = "${if !eq{$tls_cipher}{}{}fail}\ + : ${extract{1}{::}\ + {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \ + : ${extract{2}{::}\ + {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" +# client_send = ": ${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} : ${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" + + + diff --git a/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs new file mode 100644 index 0000000..5b29ed0 --- /dev/null +++ b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs @@ -0,0 +1,72 @@ + +###################################################################### +# Runtime configuration file for Exim # +###################################################################### + +###################################################################### +# MAIN CONFIGURATION SETTINGS # +###################################################################### + +# Just for reference and scripts, on debian, the main binary is +# installed as exim4 +exim_path = /usr/sbin/exim4 + +# Macro defining the main configuration directory, we use no abolute +# paths. +CONFDIR = /etc/exim4 + +# Macro defining the message size limit. This is not enabled by default +# in CONFDIR/conf.d/acl/40_exim4-config_check_data +MESSAGE_SIZE_LIMIT = 10M + +# Define a macro DC_minimaldns if dc_minimaldns=true, to use in +# .ifdef-statements otherwise this expands to an empty line +DEBCONFminimaldnsDEBCONF + +# The next three settings create two lists of domains and one list of hosts. +# These lists are referred to later in this configuration using the syntax +# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They +# are all colon-separated lists: + +# '@' refers to 'the name of the local host' + +### EXPANSION-begins ###################### +domainlist local_domains = DEBCONFlocal_domainsDEBCONF + +domainlist relay_to_domains = DEBCONFrelay_domainsDEBCONF + +hostlist relay_from_hosts = 127.0.0.1 : ::::1 : DEBCONFrelay_netsDEBCONF + + +# Specify the domain you want to be added to all unqualified addresses +# here. An unqualified address is one that does not contain an "@" character +# followed by a domain. For example, "caesar@rome.example" is a fully qualified +# address, but the string "caesar" (i.e. just a login name) is an unqualified +# email address. Unqualified addresses are accepted only from local callers by +# default. See the recipient_unqualified_hosts option if you want to permit +# unqualified addresses from remote sources. If this option is not set, the +# primary_hostname value is used for qualification. +qualify_domain = DEBCONFvisiblenameDEBCONF + +# only used for satellite-system +DCreadhost = DEBCONFreadhostDEBCONF + +#for satellite and smarthost-systems +DCsmarthost = DEBCONFsmarthostDEBCONF + +# listen on all all interfaces? +DEBCONFlistenonpublicDEBCONF +### EXPANSION-ends ###################### + +# The default delivery method. See CONFDIR/conf.d/transports/ for other +# possibilities +LOCAL_DELIVERY=mail_spool + +# The gecos field in /etc/passwd holds not only the name. see passwd(5). +gecos_pattern = ^([^,:]*) +gecos_name = $1 + + +# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this +# for .ifdef ... .endif +DCconfig_DEBCONFconfigtypeDEBCONF = 1 diff --git a/debian/debconf/conf.d/main/02_exim4-config_options b/debian/debconf/conf.d/main/02_exim4-config_options new file mode 100644 index 0000000..1a85e8e --- /dev/null +++ b/debian/debconf/conf.d/main/02_exim4-config_options @@ -0,0 +1,103 @@ + +### main/02_exim4-config_options +################################# + +# This option defines the access control list that is run when an +# SMTP RCPT command is received. +# +acl_smtp_rcpt = acl_check_rcpt + +# This option defines the access control list that is run when an +# SMTP DATA command is received. +# +acl_smtp_data = acl_check_data + +# If you want unqualified recipient addresses to be qualified with a different +# domain to unqualified sender addresses, specify the recipient domain here. +# If this option is not set, the qualify_domain value is used. +# +# qualify_recipient = + +# The following line must be uncommented if you want Exim to recognize +# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" +# (an IP address) instead of a named domain. The RFCs still require this form, +# but it makes little sense to permit mail to be sent to specific hosts by +# their IP address in the modern Internet. This ancient format has been used +# by those seeking to abuse hosts by using them for unwanted relaying. If you +# really do want to support domain literals, uncomment the following line, and +# see also the "domain_literal" router. +# +# allow_domain_literals + +.ifndef DC_minimaldns +# The setting below causes Exim to do a reverse DNS lookup on all incoming +# IP calls, in order to get the true host name. If you feel this is too +# expensive, you can specify the networks for which a lookup is done, or +# remove the setting entirely. +# +host_lookup = * +.endif + +# The settings below, which are actually the same as the defaults in the +# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP +# calls. You can limit the hosts to which these calls are made, and/or change +# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls +# are disabled. RFC 1413 calls are cheap and can provide useful information +# for tracing problem messages, but some hosts and firewalls have problems +# with them. This can result in a timeout instead of an immediate refused +# connection, leading to delays on starting up an SMTP session. +# +rfc1413_hosts = * +rfc1413_query_timeout = 30s + +# By default, Exim expects all envelope addresses to be fully qualified, that +# is, they must contain both a local part and a domain. If you want to accept +# unqualified addresses (just a local part) from certain hosts, you can specify +# these hosts by setting one or both of +# +# sender_unqualified_hosts = +# recipient_unqualified_hosts = +# +# to control sender and recipient addresses, respectively. When this is done, +# unqualified addresses are qualified using the settings of qualify_domain +# and/or qualify_recipient (see above). + +# If you want Exim to support the "percent hack" for certain domains, +# uncomment the following line and provide a list of domains. The "percent +# hack" is the feature by which mail addressed to x%y@z (where z is one of +# the domains listed) is locally rerouted to x@y and sent on. If z is not one +# of the "percent hack" domains, x%y is treated as an ordinary local part. This +# hack is rarely needed nowadays; you should not enable it unless you are sure +# that you really need it. +# +# percent_hack_domains = + +# When Exim can neither deliver a message nor return it to sender, it "freezes" +# the delivery error message (aka "bounce message"). There are also other +# circumstances in which messages get frozen. They will stay on the queue for +# ever unless one of the following options is set. + +# This option unfreezes frozen bounce messages after two days, tries +# once more to deliver them, and ignores any delivery failures. +# +ignore_bounce_errors_after = 2d + +# This option cancels (removes) frozen messages that are older than a week. +# +timeout_frozen_after = 7d + +freeze_tell = postmaster + +# Only for interacting with other packages, to make it possible to use +# -DSPOOLDIR to override it on the command line +.ifndef SPOOLDIR +SPOOLDIR = /var/spool/exim4 +.endif +spool_directory = SPOOLDIR + +# uucp should be able to set envelope-from to arbitrary values +trusted_users = uucp + +# uncomment this to get the Debian version in the SMTP dialog +# smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}" + diff --git a/debian/debconf/conf.d/main/03_exim4-config_tlsoptions b/debian/debconf/conf.d/main/03_exim4-config_tlsoptions new file mode 100644 index 0000000..d462ff9 --- /dev/null +++ b/debian/debconf/conf.d/main/03_exim4-config_tlsoptions @@ -0,0 +1,46 @@ +# Example for TLS/SSL configuration. + +# See /usr/share/doc/exim4-base/README.TLS* for explanations. + +# Defines that you want to log what cipher your exim and the peer's mailer +# uses to encrypt the transaction. It also defines you want to log the 'DN' +# (Distinguished Name) of the certificate of the peer. +# +# log_selector = +tls_cipher +tls_peerdn + +# Defines what hosts to 'advertise' STARTTLS functionality to. Setting this +# to * will advertise to all hosts that connect with EHLO, and this is a +# good default +# +# tls_advertise_hosts = * + +# Defines where your SSL-certificate and SSL-Private Key are located. +# This requires a full path. The files pointed to must be kept 'secret' +# and should be owned my root.Debian-exim mode 640 (-rw-r-----). Usually the +# exim-gencert script takes care of these prerequisites. +# +# tls_certificate = CONFDIR/exim.crt +# tls_privatekey = CONFDIR/exim.key + +# A file which contains the certificates of the trusted CAs (Certification +# Authorities) against which host certificates can be checked (through the +# `tls_verify_hosts' and `tls_try_verify_hosts' lists below). +# /etc/ssl/certs/ca-certificates.crt is generated by +# the "ca-certificates" package's update-ca-certificates(8) command. +# +#tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt + +# A list of hosts which are constrained by `tls_verify_certificates'. A host +# that matches `tls_verify_host' must present a certificate that's +# verifyable through `tls_verify_certificates' in order to be accepted as an +# SMTP client. If it does not, the connection is aborted. +# +#tls_verify_hosts = + +# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but +# not `tls_verify_hosts'), request a certificate and check it against +# `tls_verify_certificates' but do not abort the connection if there is no +# certificate or if the certificate presented does not match. (This +# condition can be tested for in ACLs through `verify = certificate') +# +#tls_try_verify_hosts = * diff --git a/debian/debconf/conf.d/retry/00_exim4-config_header b/debian/debconf/conf.d/retry/00_exim4-config_header new file mode 100644 index 0000000..e2bb4a4 --- /dev/null +++ b/debian/debconf/conf.d/retry/00_exim4-config_header @@ -0,0 +1,7 @@ + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### + +begin retry + diff --git a/debian/debconf/conf.d/retry/30_exim4-config b/debian/debconf/conf.d/retry/30_exim4-config new file mode 100644 index 0000000..0ade295 --- /dev/null +++ b/debian/debconf/conf.d/retry/30_exim4-config @@ -0,0 +1,14 @@ + +# This single retry rule applies to all domains and all errors. It specifies +# retries every 15 minutes for 2 hours, then increasing retry intervals, +# starting at 1 hour and increasing each time by a factor of 1.5, up to 16 +# hours, then retries every 6 hours until 4 days have passed since the first +# failed delivery. + +# Domain Error Retries +# ------ ----- ------- + +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + diff --git a/debian/debconf/conf.d/rewrite/00_exim4-config_header b/debian/debconf/conf.d/rewrite/00_exim4-config_header new file mode 100644 index 0000000..a32db17 --- /dev/null +++ b/debian/debconf/conf.d/rewrite/00_exim4-config_header @@ -0,0 +1,7 @@ + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### + +begin rewrite + diff --git a/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting b/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting new file mode 100644 index 0000000..e5944dc --- /dev/null +++ b/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting @@ -0,0 +1,23 @@ + +### rewrite/31_exim4-config_rewriting +################################# + +# This rewriting rule is particularily useful for dialup users who +# don't have their own domain, but could be useful for anyone. +# It looks up the real address of all local users in a file +*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\ + {$value}fail} Ffrs + +# The same as above, using outdated /etc/exim4/email-addresses, please +# move its contents to /etc/email-addresses and delete +# /etc/exim4/email-addresses +*@+local_domains "${if exists {CONFDIR/email-addresses}\ + {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\ + {$value}fail}}fail}" Ffrs + + + +# hide mailname for satellite system and masqerade as DCreadhost instead +.ifdef DCconfig_satellite +*@+local_domains ${local_part}@DCreadhost Ffr +.endif diff --git a/debian/debconf/conf.d/router/00_exim4-config_header b/debian/debconf/conf.d/router/00_exim4-config_header new file mode 100644 index 0000000..531e21f --- /dev/null +++ b/debian/debconf/conf.d/router/00_exim4-config_header @@ -0,0 +1,11 @@ + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # +# An address is passed to each router in turn until it is accepted. # +###################################################################### + +begin routers + diff --git a/debian/debconf/conf.d/router/100_exim4-config_domain_literal b/debian/debconf/conf.d/router/100_exim4-config_domain_literal new file mode 100644 index 0000000..c07a354 --- /dev/null +++ b/debian/debconf/conf.d/router/100_exim4-config_domain_literal @@ -0,0 +1,16 @@ + +# This router routes to remote hosts over SMTP by explicit IP address, +# when an email address is given in "domain literal" form, for example, +# <user@[192.168.35.64]>. The RFCs require this facility. However, it is +# little-known these days, and has been exploited by evil people seeking +# to abuse SMTP relays. Consequently it is commented out in the default +# configuration. If you uncomment this router, you also need to uncomment +# allow_domain_literals above, so that Exim can recognize the syntax of +# domain literal addresses. + +# domain_literal: +# debug_print = "R: domain_literal for $local_part@$domain" +# driver = ipliteral +# domains = ! +local_domains +# transport = remote_smtp + diff --git a/debian/debconf/conf.d/router/200_exim4-config_primary b/debian/debconf/conf.d/router/200_exim4-config_primary new file mode 100644 index 0000000..0a64829 --- /dev/null +++ b/debian/debconf/conf.d/router/200_exim4-config_primary @@ -0,0 +1,72 @@ + +### router/200_exim4-config_primary +################################# +# This file holds the primary router, responsible for nonlocal mails + +.ifdef DCconfig_internet +# configtype=internet +# +# deliver mail to the recipient if recipient domain is a domain we +# relay for. We do not ignore any target hosts here since delivering to +# a site local or even a link local address might be wanted here, and if +# such an address has found its way into the MX record of such a domain, +# the local admin is probably in a place where that broken MX record +# could be fixed. + +dnslookup_relay_to_domains: + driver = dnslookup + domains = ! +local_domains : +relay_to_domains + transport = remote_smtp + same_domain_copy_routing = yes + no_more + +# deliver mail directly to the recipient. This router is only reached +# for domains that we do not relay for. Since we most probably can't +# have broken MX records pointing to site local or link local IP +# addresses fixed, we ignore target hosts pointing to these addresses. + +dnslookup: + driver = dnslookup + domains = ! +local_domains + transport = remote_smtp + same_domain_copy_routing = yes + # ignore private rfc1918 and APIPA addresses + ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\ + 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 + no_more + +.endif + + +.ifdef DCconfig_local +# configtype=local +# +# Stand-alone system, so generate an error for mail to a non-local domain +nonlocal: + driver = redirect + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + domains = ! +local_domains + +.endif + + +.ifdef DCconfig_smarthost DCconfig_satellite +# configtype=smarthost or configtype=satellite +# +# Send all non-local mail to a single other machine (smarthost). +smarthost: + driver = manualroute + domains = ! +local_domains + transport = remote_smtp + route_list = * DCsmarthost + host_find_failed = defer + same_domain_copy_routing = yes + no_more + +.endif + + +# The "no_more" above means that all later routers are for +# domains in the local_domains list, i.e. just like Exim 3 directors. diff --git a/debian/debconf/conf.d/router/300_exim4-config_real_local b/debian/debconf/conf.d/router/300_exim4-config_real_local new file mode 100644 index 0000000..1703d7d --- /dev/null +++ b/debian/debconf/conf.d/router/300_exim4-config_real_local @@ -0,0 +1,9 @@ + +real_local: + debug_print = "R: real_local for $local_part@$domain" + driver = accept + domains = +local_domains + local_part_prefix = real- + check_local_user + transport = LOCAL_DELIVERY + diff --git a/debian/debconf/conf.d/router/400_exim4-config_system_aliases b/debian/debconf/conf.d/router/400_exim4-config_system_aliases new file mode 100644 index 0000000..c663570 --- /dev/null +++ b/debian/debconf/conf.d/router/400_exim4-config_system_aliases @@ -0,0 +1,29 @@ + +# This router handles aliasing using a traditional /etc/aliases file. +# +##### NB You must ensure that /etc/aliases exists. It used to be the case +##### NB that every Unix had that file, because it was the Sendmail default. +##### NB These days, there are systems that don't have it. Your aliases +##### NB file should at least contain an alias for "postmaster". +# +# Piping to programs in /etc/aliases is disabled per default. +# If that is a problem for you, see +# /usr/share/doc/exim4-config/README.system_aliases +# or explanation and some workarounds. +# +# Note that the transports listed below are the same as are used for +# .forward files; you might want to set up different ones for pipe and +# file deliveries from aliases. + +system_aliases: + debug_print = "R: system_aliases for $local_part@$domain" + driver = redirect + domains = +local_domains + allow_fail + allow_defer + data = ${lookup{$local_part}lsearch{/etc/aliases}} +# user = list +# group = mail + file_transport = address_file +# pipe_transport = address_pipe +# directory_transport = address_directory diff --git a/debian/debconf/conf.d/router/500_exim4-config_hubuser b/debian/debconf/conf.d/router/500_exim4-config_hubuser new file mode 100644 index 0000000..1e2a179 --- /dev/null +++ b/debian/debconf/conf.d/router/500_exim4-config_hubuser @@ -0,0 +1,19 @@ + +### router/500_exim4-config_hubuser +################################# + +.ifdef DCconfig_satellite +# This router is only used for configtype=satellite. +# It takes care to route all mail targetted to <somelocaluser@this.machine> +# to the host where we read our mail +# +hub_user: + debug_print = "R: hub_user for $local_part@$domain" + driver = redirect + domains = +local_domains + data = ${local_part}@DCreadhost + check_local_user + +.endif + + diff --git a/debian/debconf/conf.d/router/600_exim4-config_userforward b/debian/debconf/conf.d/router/600_exim4-config_userforward new file mode 100644 index 0000000..2b71cc0 --- /dev/null +++ b/debian/debconf/conf.d/router/600_exim4-config_userforward @@ -0,0 +1,48 @@ + +# router/600_exim4-config_userforward +################################# + +# This router handles forwarding using traditional .forward files in users' +# home directories and filtering with exim's builtin filter language. +# +# The no_verify setting means that this router is skipped when Exim is +# verifying addresses. Similarly, no_expn means that this router is skipped if +# Exim is processing an EXPN command. +# +# The check_ancestor option means that if the forward file generates an +# address that is an ancestor of the current one, the current one gets +# passed on instead. This covers the case where A is aliased to B and B +# has a .forward file pointing to A. +# +# The four transports specified at the end are those that are used when +# forwarding generates a direct delivery to a directory, or a file, or to a +# pipe, or sets up an auto-reply, respectively. +# +userforward: + debug_print = "R: userforward for $local_part@$domain" + driver = redirect + domains = +local_domains + check_local_user + file = $home/.forward + no_verify + no_expn + check_ancestor + allow_filter + directory_transport = address_directory + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + skip_syntax_errors + syntax_errors_to = real-$local_part@$domain + syntax_errors_text = \ + This is an automatically generated message. An error has\n\ + been found in your .forward file. Details of the error are\n\ + reported below. While this error persists, you will receive\n\ + a copy of this message for every message that is addressed\n\ + to you. If your .forward file is a filter file, or if it is\n\ + a non-filter file containing no valid forwarding addresses,\n\ + a copy of each incoming message will be put in your normal\n\ + mailbox. If a non-filter file contains at least one valid\n\ + forwarding address, forwarding to the valid addresses will\n\ + happen, and those will be the only deliveries that occur. + diff --git a/debian/debconf/conf.d/router/700_exim4-config_procmail b/debian/debconf/conf.d/router/700_exim4-config_procmail new file mode 100644 index 0000000..8c829c5 --- /dev/null +++ b/debian/debconf/conf.d/router/700_exim4-config_procmail @@ -0,0 +1,11 @@ + +procmail: + debug_print = "R: procmail for $local_part@$domain" + driver = accept + domains = +local_domains + check_local_user + transport = procmail_pipe + require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail + no_verify + no_expn + diff --git a/debian/debconf/conf.d/router/800_exim4-config_maildrop b/debian/debconf/conf.d/router/800_exim4-config_maildrop new file mode 100644 index 0000000..0c57fc6 --- /dev/null +++ b/debian/debconf/conf.d/router/800_exim4-config_maildrop @@ -0,0 +1,14 @@ + +### router/800_exim4-config_maildrop +################################# + +maildrop: + debug_print = "R: maildrop for $local_part@$domain" + driver = accept + domains = +local_domains + check_local_user + transport = maildrop_pipe + require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop + no_verify + no_expn + diff --git a/debian/debconf/conf.d/router/900_exim4-config_local_user b/debian/debconf/conf.d/router/900_exim4-config_local_user new file mode 100644 index 0000000..52e1897 --- /dev/null +++ b/debian/debconf/conf.d/router/900_exim4-config_local_user @@ -0,0 +1,14 @@ + +### router/900_exim4-config_local_user +################################# + +local_user: + debug_print = "R: local_user for $local_part@$domain" + driver = accept + domains = +local_domains + check_local_user + local_parts = ! root + transport = LOCAL_DELIVERY + + + diff --git a/debian/debconf/conf.d/router/mmm_mail4root b/debian/debconf/conf.d/router/mmm_mail4root new file mode 100644 index 0000000..88017ba --- /dev/null +++ b/debian/debconf/conf.d/router/mmm_mail4root @@ -0,0 +1,17 @@ + +### router/mmm_mail4root +################################# +# deliver mail addressed to root to /var/mail/mail as user mail:mail +# if it was not redirected in /etc/aliases or by other means +# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS) + +mail4root: + debug_print = "R: mail4root for $local_part@$domain" + driver = redirect + domains = +local_domains + data = /var/mail/mail + file_transport = address_file + local_parts = root + user = mail + group = mail + diff --git a/debian/debconf/conf.d/transport/00_exim4-config_header b/debian/debconf/conf.d/transport/00_exim4-config_header new file mode 100644 index 0000000..48e45da --- /dev/null +++ b/debian/debconf/conf.d/transport/00_exim4-config_header @@ -0,0 +1,13 @@ + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +# ORDER DOES NOT MATTER # +# Only one appropriate transport is called for each delivery. # +###################################################################### + +# A transport is used only when referenced from a router that successfully +# handles an address. + +begin transports + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_file b/debian/debconf/conf.d/transport/30_exim4-config_address_file new file mode 100644 index 0000000..82b55e2 --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_address_file @@ -0,0 +1,11 @@ + +# This transport is used for handling deliveries directly to files that are +# generated by aliasing or forwarding. +# +address_file: + debug_print = "T: address_file for $local_part@$domain" + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_pipe b/debian/debconf/conf.d/transport/30_exim4-config_address_pipe new file mode 100644 index 0000000..cb01c37 --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_address_pipe @@ -0,0 +1,12 @@ + +# This transport is used for handling pipe deliveries generated by alias or +# .forward files. If the commands fails and produces any output on standard +# output or standard error streams, the output is returned to the sender +# of the message as a delivery error. +# You can set different transports for aliases and forwards if you want to +# - see the references to address_pipe in the routers section above. +address_pipe: + debug_print = "T: address_pipe for $local_part@$domain" + driver = pipe + return_fail_output + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_reply b/debian/debconf/conf.d/transport/30_exim4-config_address_reply new file mode 100644 index 0000000..b2b8862 --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_address_reply @@ -0,0 +1,8 @@ + +# This transport is used for handling autoreplies generated by the filtering +# option of the userforward router. +# +address_reply: + debug_print = "T: autoreply for $local_part@$domain" + driver = autoreply + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_mail_spool b/debian/debconf/conf.d/transport/30_exim4-config_mail_spool new file mode 100644 index 0000000..21dfae4 --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_mail_spool @@ -0,0 +1,17 @@ + +### transport/30_exim4-config_mail_spool + +# This transport is used for local delivery to user mailboxes in traditional +# BSD mailbox format. +# +mail_spool: + debug_print = "T: appendfile for $local_part@$domain" + driver = appendfile + file = /var/mail/$local_part + delivery_date_add + envelope_to_add + return_path_add + group = mail + mode = 0660 + mode_fail_narrower = false + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_maildir_home b/debian/debconf/conf.d/transport/30_exim4-config_maildir_home new file mode 100644 index 0000000..3d25c30 --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_maildir_home @@ -0,0 +1,17 @@ + +### transport/30_exim4-config_maildir_home + +# Use this instead of mail_spool if you want to to deliver to Maildir in +# home-directory - change the definition of LOCAL_DELIVERY +# +maildir_home: + debug_print = "T: maildir_home for $local_part@$domain" + driver = appendfile + directory = $home/Maildir + delivery_date_add + envelope_to_add + return_path_add + maildir_format + mode = 0600 + mode_fail_narrower = false + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe b/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe new file mode 100644 index 0000000..0ba27bc --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe @@ -0,0 +1,10 @@ + +maildrop_pipe: + debug_print = "T: maildrop_pipe for $local_part@$domain" + driver = pipe + path = "/bin:/usr/bin:/usr/local/bin" + command = "/usr/bin/maildrop" + return_path_add + delivery_date_add + envelope_to_add + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe b/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe new file mode 100644 index 0000000..5fb03ff --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe @@ -0,0 +1,10 @@ + +procmail_pipe: + debug_print = "T: procmail_pipe for $local_part@$domain" + driver = pipe + path = "/bin:/usr/bin:/usr/local/bin" + command = "/usr/bin/procmail" + return_path_add + delivery_date_add + envelope_to_add + diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp new file mode 100644 index 0000000..62ab68e --- /dev/null +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp @@ -0,0 +1,14 @@ + +### transport/30_exim4-config_remote_smtp +################################# +# This transport is used for delivering messages over SMTP connections. +remote_smtp: + debug_print = "T: remote_smtp for $local_part@$domain" + driver = smtp +# hosts_try_auth = DCsmarthost + +# To use SMTP AUTH when sending to your smarthost, uncomment the above line, +# "hosts_try_auth = DCsmarthost" and add the necessary information (password, +# etc.) to the passwd.client file. +# /usr/share/doc/exim4-base/README.SMTP-AUTH + diff --git a/debian/debconf/conf.d/transport/35_exim4-config_address_directory b/debian/debconf/conf.d/transport/35_exim4-config_address_directory new file mode 100644 index 0000000..94541a4 --- /dev/null +++ b/debian/debconf/conf.d/transport/35_exim4-config_address_directory @@ -0,0 +1,13 @@ +# This transport is used for handling file addresses generated by alias +# or .forward files if the path ends in "/", which causes it to be treated +# as a directory name rather than a file name. + +address_directory: + debug_print = "T: address_directory for $local_part@$domain" + driver = appendfile + envelope_to_add = true + return_path_add = true + check_string = "" + escape_string = "" + maildir_format + |