Bug#1081253: exim4-config: Upgrage exim4-config (4.96-15+deb12u5) reset dc_local_interfaces
Graeme Vetterlein
graeme.reportbug at vetterlein.com
Mon Sep 9 16:29:13 BST 2024
Package: exim4-config
Version: 4.96-15+deb12u5
Severity: normal
Dear Maintainer,
I ran synantic , which applied the update: exim4-config (4.96-15+deb12u5)
then rebooted the system
I had previously REMOVED all settings of dc_local_interfaces in /etc/exim4/update-exim4.conf.conf
Following a the reboot, SMTP was only listening on the localhost interface
Examining the files , I discovered the line:
dc_local_interfaces='127.0.0.1 ; ::1'
Had been added to /etc/exim4/update-exim4.conf.conf ( and a regen run)
FYI: I had previously set dc_local_interfaces . However I needed the file to be portable
between 2 systems ( the mail gateway is xbox.home which is a CNAME for ybox.home or zbox.home...alternates
on Debian releases) the interface names differ between these 2 systems.
-- Package-specific info:
Exim version 4.96 #2 built 09-Jul-2024 08:53:35
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS TLS_resume move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR PROXY Queue_Ramp SOCKS SPF SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot external plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
#
# GPV notes:
# 1: Not set /etc/mailname (still says zbox.home) because we use dc_readhost (below) to rewite it
# 2: Need to run update-exim4.conf
# 3: The syntax of the dc_local_interfaces is poorly documented (lots of trial & error) (lsof confirms it's listening)
#
# Who When What
# GPV 27feb19 Copied dreamplug version, chnaged 116 to 117
# GPV 01Mar19 Changed to 0.0.0.0 to ensure it listens on all the interfaces (can do better, some ports on some)
# GPV 03Mar19 0.0.0.0 is too dangerous, because guys coming in from outside can access SMTP
# GPV 29MAr20 New VIGOR DSL router can send email (SMTP) so also allow just this one device on the 192.168 LAN (web suggests both ; and : as seperator..using :)
# GPV 28Jan22 Merged into ybox default, looks like it's identical to zbox file
# GPV 13Aug22 Changed everything from 151 to 152 and from zbox to ybox
# GPV 15Mar23 Made a guess that adding received_headers_max = 50 would add it to /var/lib/exim4/config.autogenerated (and in turn have an effect)
# GPV 15Mar23 That does not work, try ading to a files under /etc/exim4/conf.d/ (in fact add that line here prevents regeneration)
# GPV 12Apr24 Moved back to zbox...annoyingly dc_local_interfaces cannot use actaul interface names (which would wold great) but must use IP addresses
dc_eximconfig_configtype='smarthost'
dc_other_hostnames='ybox.home;home;wellesleydrive;xbox.home;zbox.home'
#dc_local_interfaces='[10.117.128.152]:587;[10.117.0.152]:587;[127.0.0.1]:587;[10.117.0.152]:25;[127.0.0.1]:25;[192.168.1.152]:25'
#dc_local_interfaces='[10.117.0.152]:587;[127.0.0.1]:587;[10.117.0.152]:25;[127.0.0.1]:25;[192.168.1.152]:25;[192.168.1.152]:587'
# We are using a tempory address for the moment, it will need to move
#dc_local_interfaces='[0.0.0.0]:587 # Missed out so it listens on all IF
dc_readhost='vetterlein.com'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='10.117.0.0/16 : 192.168.1.254/32'
dc_smarthost='smtp.forwardemail.net'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:zbox.home
# /etc/default/exim4
EX4DEF_VERSION=''
# who when what
# GPV 11aug didn't copy the zbox version OR the installed version, instead followed advice in comments
#
# 'combined' - one daemon running queue and listening on SMTP port
# 'no' - no daemon running the queue
# 'separate' - two separate daemons
# 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
# GPV 22Feb24
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
#SMTPLISTENEROPTIONS=''
SMTPLISTENEROPTIONS='-oX 25:587:10025 -oP /run/exim4/exim.pid'
-- System Information:
Debian Release: 12.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-25-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages exim4-config depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
Versions of packages exim4-config recommends:
ii ca-certificates 20230311
exim4-config suggests no packages.
-- Configuration Files:
/etc/exim4/conf.d/acl/30_exim4-config_check_mail changed:
acl_check_mail:
warn
log_message = GPV SMTP mail log ( $recipients )
message = GPV SMTP mail message ( $recipients )
accept
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt changed:
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
acl_check_rcpt:
warn
# testing for an empty sending host field. (see the following rule)
# hosts = :
# This writes to log e.g. /var/log/exim4/mainlog
log_message = GPV acl_check_rcpt will do DKIM check soon [ host=X recipients=$recipients ]
# This creates header ==> X-ACL-Warn:
message = GPV acl_check_rcpt will do DKIM check soon [ host=X recipients=$recipients ]
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept
hosts = :
control = dkim_disable_verify
# Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
# or DISABLE_DKIM_VERIFY are set.
.ifdef DC_minimaldns
warn
control = dkim_disable_verify
.else
.ifdef DISABLE_DKIM_VERIFY
warn
control = dkim_disable_verify
.endif
.endif
# The following section of the ACL is concerned with local parts that contain
# certain non-alphanumeric characters. Dots in unusual places are
# handled by this ACL as well.
#
# Non-alphanumeric characters other than dots are rarely found in genuine
# local parts, but are often tried by people looking to circumvent
# relaying restrictions. Therefore, although they are valid in local
# parts, these rules disallow certain non-alphanumeric characters, as
# a precaution.
#
# Empty components (two dots in a row) are not valid in RFC 2822, but Exim
# allows them because they have been encountered. (Consider local parts
# constructed as "firstinitial.secondinitial.familyname" when applied to
# a name without a second initial.) However, a local part starting
# with a dot or containing /../ can cause trouble if it is used as part of a
# file name (e.g. for a mailing list). This is also true for local parts that
# contain slashes. A pipe symbol can also be troublesome if the local part is
# incorporated unthinkingly into a shell command line.
#
# These ACL components will block recipient addresses that are valid
# from an RFC5322 point of view. We chose to have them blocked by
# default for security reasons.
#
# If you feel that your site should have less strict recipient
# checking, please feel free to change the default values of the macros
# defined in main/01_exim4-config_listmacrosdefs or override them from a
# local configuration file.
#
# Two different rules are used. The first one has a quite strict
# default, and is applied to messages that are addressed to one of the
# local domains handled by this host.
# The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined
# at the top of this file.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# The second rule applies to all other domains, and its default is
# considerably less strict.
# The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
# It allows local users to send outgoing messages to sites
# that use slashes and vertical bars in their local parts. It blocks
# local parts that begin with a dot, slash, or vertical bar, but allows
# these characters within the local part. However, the sequence /../ is
# barred. The use of some other non-alphanumeric characters is blocked.
# Single quotes might probably be dangerous as well, but they're
# allowed by the default regexps to avoid rejecting mails to Ireland.
# The motivation here is to prevent local users (or local users' malware)
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable this feature.
#
# This feature does not work in smarthost and satellite setups as
# with these setups all domains pass verification. See spec.txt section
# "Access control lists" subsection "Address verification" with the added
# information that a smarthost/satellite setup routes all non-local e-mail
# to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
!acl = acl_local_deny_exceptions
!verify = sender
message = Sender verification failed
.endif
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
.ifndef CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT
# Reject all RCPT commands after too many bad recipients
# This is partly a defense against spam abuse and partly attacker abuse.
# Real senders should manage, by the time they get to 10 RCPT directives,
# to have had at least half of them be real addresses.
#
# This is a lightweight check and can protect you against repeated
# invocations of more heavy-weight checks which would come after it.
deny condition = ${if and {\
{>{$rcpt_count}{10}}\
{<{$recipients_count}{${eval:$rcpt_count/2}}} }}
message = Rejected for too many bad recipients
logwrite = REJECT [$sender_host_address]: bad recipient count high [${eval:$rcpt_count-$recipients_count}]
.endif
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. It is assumed that such hosts are most likely to be MUAs,
# so we set control=submission to make Exim treat the message as a
# submission. It will fix up various errors in the message, for example, the
# lack of a Date: header line. If you are actually relaying out out from
# MTAs, you may want to disable this. If you are handling both relaying from
# MTAs and submissions from MUAs you should probably split them into two
# lists, and handle them differently.
# Recipient verification is omitted here, because in many cases the clients
# are dumb MUAs that don't cope well with SMTP error responses. If you are
# actually relaying out from MTAs, you should probably add recipient
# verification here.
# Note that, by putting this test before any DNS black list checks, you will
# always accept from these hosts, even if they end up on a black list. The
# assumption is that they are your friends, and if they get onto black
# list, it is a mistake.
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
# Insist that a HELO/EHLO was accepted.
require
condition = ${if def:sender_helo_name}
message = nice hosts say HELO first
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains.
require
verify = recipient
# Verify recipients listed in local_rcpt_callout with a callout.
# This is especially handy for forwarding MX hosts (secondary MX or
# mail hubs) of domains that receive a lot of spam to non-existent
# addresses. The only way to check local parts for remote relay
# domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
# should have their access denied to the local host. Incoming messages
# with one of these senders are rejected at RCPT time.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
log_message = sender envelope address is locally blacklisted.
# deny bad sites (IP address)
# CONFDIR/local_host_blacklist holds a list of host names, IP addresses
# and networks (CIDR notation) that should have their access denied to
# The local host. Messages coming in from a listed host will have all
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
log_message = sender IP address is locally blacklisted.
# Warn if the sender host does not have valid reverse DNS.
#
# If your system can do DNS lookups without delay or cost, you might want
# to enable this.
# If sender_host_address is defined, it's a remote call. If
# sender_host_name is not defined, then reverse lookup failed. Use
# this instead of !verify = reverse_host_lookup to catch deferrals
# as well as outright failures.
.ifdef CHECK_RCPT_REVERSE_DNS
warn
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
.endif
# Use spfquery to perform a pair of SPF checks.
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
# install "spf-tools-perl" which provides the spfquery command.
# Missing spf-tools-perl will trigger the "Unexpected error in
# SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
${quote:$sender_host_address} --identity \
${if def:sender_address_domain \
{--scope mfrom --identity ${quote:$sender_address}}\
{--scope helo --identity ${quote:$sender_helo_name}}}}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}
message = [SPF] $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.
log_message = SPF check failed.
defer
!acl = acl_local_deny_exceptions
condition = ${if eq {$runrc}{5}{yes}{no}}
message = Temporary DNS error while checking SPF record. Try again later.
warn
condition = ${if <={$runrc}{6}{yes}{no}}
add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}\
{${if eq {$runrc}{4}{permerror}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}\
} client-ip=$sender_host_address; \
${if def:sender_address_domain \
{envelope-from=${sender_address}; }{}}\
helo=$sender_helo_name
warn
condition = ${if >{$runrc}{6}{yes}{no}}
log_message = Unexpected error in SPF check.
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
warn
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################
# Accept if the address is in a domain for which we are an incoming relay,
# but again, only if the recipient can be verified.
accept
domains = +relay_to_domains
endpass
verify = recipient
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
/etc/exim4/conf.d/auth/30_exim4-config_examples [Errno 2] No such file or directory: '/etc/exim4/conf.d/auth/30_exim4-config_examples'
/etc/exim4/conf.d/main/90_exim4-config_log_selector changed:
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
/etc/exim4/conf.d/router/600_exim4-config_userforward changed:
userforward:
debug_print = "R: GPV userforward for $local_part@$domain"
local_part_suffix=.*
local_part_suffix_optional
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part_data:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
errors_to = postmaster at vetterlein.com
syntax_errors_text = \
GPV:edit This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.
/etc/exim4/conf.d/router/900_exim4-config_local_user changed:
local_user:
debug_print = "R: GPV local_user for $local_part@$domain"
local_part_suffix=.*
local_part_suffix_optional
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp changed:
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef REMOTE_SMTP_INTERFACE
interface = REMOTE_SMTP_INTERFACE
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef DKIM_TIMESTAMPS
dkim_timestamps = DKIM_TIMESTAMPS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost changed:
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
multi_domain
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif
/etc/exim4/exim4.conf.template [Errno 2] No such file or directory: '/etc/exim4/exim4.conf.template'
/etc/exim4/passwd.client changed:
smtp.forwardemail.net:*@vetterlein.com:yews^Otdin5.wildcard
-- debconf information:
exim4/dc_minimaldns: false
exim4/use_split_config: true
exim4/dc_readhost: vetterlein.com
exim4/no_config: true
exim4/hide_mailname: true
exim4/dc_local_interfaces: 127.0.0.1 ; ::1
exim4/dc_eximconfig_configtype: mail sent by smarthost; received via SMTP or fetchmail
exim4/exim4-config-title:
exim4/dc_localdelivery: mbox format in /var/mail/
exim4/dc_postmaster: owner
exim4/mailname: zbox.home
exim4/dc_other_hostnames: ybox.home;home;wellesleydrive;xbox.home;zbox.home
exim4/dc_smarthost: smtp.forwardemail.net
exim4/dc_relay_domains:
exim4/dc_relay_nets: 10.117.0.0/16 : 192.168.1.254/32
More information about the Pkg-exim4-maintainers
mailing list