[TAG] A couple of questions regarding Mail policy

Thu Jun 24 03:18:24 MSD 2004

Quoting Kapil Hari Paranjape (kapil at imsc.res.in):

> Upon reading some documentation at www.exim.org, I got the impression
> that such verification is possible with exim4 running at "mailex". Is
> there a workaround with exim3?

1.  I really don't know.  You might check to see if there's a
possibility of LDAP integration with Exim3, and then have mailex (the
bastion MTA host) glean user information from inside.  

2.  However, you might consider over the longer term the fact that Exim3
is no longer being developed, and that it might be time to bite the
bullet and rebuild mailex's MTA system using Exim4.

I would speculate that the bulk of the Linux Internet hosts still
running Exim3 got that way because a pre-sarge installer for Debian 
defaulted to that MTA, and such hosts have been incrementally maintained
since then, without the admin quite realising that Exim3 became a
dead-end when he wasn't watching.

In addition to the basic fact that it's still being developed, Exim4
introduced a marvellous ACL system and a set of "callout" hooks, which
one can use to conduct automated test checks during the SMTP session,
e.g., to ensure that claimed sender's domain accepts mail to the
required postmaster@ and abuse@ addresses, that it accepts mail as
required from sender "<>", and that the alleged sender's e-mail address
is deliverable -- all prior to (programmatically) deciding whether to
accept the mail under delivery or not.

Thus, your system can conduct those (in my experience _highly_ useful)
checks and issue a meaningful Delivery Status Notification (SMTP error
code and text message), accordingly.  Something like:

550  Delivery refused, because the alleged sender domain lacks a postmaster
550  address as required by RFC2821.

The bitter pill you have to swallow, in migrating from 3.x to 4.x is
that the configuration files don't migrate.  They just don't.
Therefore, you end up having to recreate your local configuration -- not
necessarily from scratch, but not fully programmatically, in any event.

Further, Debian's package maintainer (I'm mentioning this in case that's
what you run) has made his Exim4 package default to a configuration mode
in which there's a tree of configuration fragments inside /etc/exim4, 
from which /etc/exim4/exim.conf gets assembled by a script.  The idea is
that such as structure is more friendly to automatic upgrading and
maintenance routines -- and it is.  It's just a little difficult to get
used to, at first.

On the other hand, if you'd rather not get used to that, it's easy to
override it and use just a monolithic /etc/exim4/exim.conf file, which
you maintain manually.

-- 
Cheers,               Everything is gone;
Rick Moen             Your life's work has been destroyed.
rick at linuxmafia.com   Squeeze trigger (yes/no)?
                       -- David Carlson (winner, haiku error message contest)