[Pkg-exim4-users] Still have recipient verification with Sympa mailing list manager

Paul Menzel paulepanter at users.sourceforge.net
Tue Apr 26 14:43:52 UTC 2011 

Dear Exim experts,


[I posted this message over two years ago on exim-users [0] but did not
get any answer. I am reposting it here in hope for better luck and just
update this message to have up to date links.]

Situation
---------

The system is running Debian Lenny with Exim 4.69-9+lenny4. I set up
Sympa [1] (5.3.4-6.1) and used this configuration [2] as the basis for
setup with virtual hosts. This setup does not use
`/etc/mail/sympa.aliases` with pipes, but defines routers and transports
instead.

The thing is, there is no dedicated domain for the lists. It is the same
for the users as for the lists. For example the domain is <example.org>,
user joe has her/his address

        joe at example.org

and the list stuff has the address

        stuff at example.org


Problem
-------

Now if recipient verification is turned on, exim does not run as root
and therefore is not allowed to check the list directory for certain
files and it rejects with the error message “Unrouteable address” if the
sender is *not* from the local machine.¹

The added routers are pasted after these notes.

1. sympa_domains is currently the same as local_domains

2. Permissions.

        $ ls -l /var/lib/
        […]
        drwxrwx--x 6 sympa      sympa      4096 2009-01-17 18:15 sympa
        […]
        $ sudo ls -l /var/lib/sympa
        total 16
        drwxr-x--- 6 sympa sympa 4096 2009-01-26 13:44 expl
        drwxrwxr-x 3 sympa sympa 4096 2009-01-17 22:31 static_content
        drwxrwx--x 4 sympa sympa 4096 2009-02-01 12:12 wwsarchive
        drwxrwx--x 2 sympa sympa 4096 2008-10-19 21:13 x509-user-certs
        $ sudo ls -l /var/lib/sympa/expl
        drwxr-x--- 6 sympa sympa 4096 2009-01-29 00:00 domain.org
        $ sudo ls -l /var/lib/sympa/expl/domain.org
        drwxr-x--- 4 sympa sympa 4096 2009-01-29 08:43 list
        $ sudo ls -l /var/lib/sympa/expl/domain.org/list/config
        -rw-r----- 1 sympa sympa 942 2009-01-29 08:30 /var/lib/sympa/expl/domain.org/list/config

3. In case the list does not exist, I added a + in the require_file
directives and deleted no_more at the end of the last three routers.
Maybe an if exist file statement would be more beneficial.

        ### Sympa
        sympa_aliases:
          debug_print = "R: sympa_aliases for $local_part@$domain"
          driver = accept
          domains = +sympa_domains:+local_domains
          local_parts = sympa : listmaster
          transport = sympa_transport
          no_more
        
        sympa_router:
          driver = accept
          domains = +sympa_domains
          require_files = +SYMPA_HOME/expl/$domain/$local_part/config
          condition = ${if eqi{${lookup{status}lsearch{SYMPA_HOME/expl/$domain/$local_part/config}}}{open}{yes}{no}}
          user = sympa
          local_part_suffix_optional
          local_part_suffix = -request : -editor : \
                              -subscribe : -unsubscribe
          transport = sympa_transport
        
        sympaowner_router:
          driver = accept
          domains = +sympa_domains
          require_files = +SYMPA_HOME/expl/$domain/$local_part/config
          condition = ${if eqi{${lookup{status}lsearch{SYMPA_HOME/expl/$domain/$local_part/config}}}{open}{yes}{no}}
          user = sympa
          local_part_suffix_optional
          local_part_suffix = -owner : -owner+*
          transport = sympaowner_transport
        
        sympabounce_router:
          driver = accept
          domains = +sympa_domains
          user = sympa
          local_part_prefix = bounce+
          transport = sympabounce_transport
        
        sympaabuse_router:
          driver = accept
          domains = +sympa_domains
          user = sympa
          local_parts = abuse-feedback-report : abuse : postmaster
          transport = sympabounce_transport


Possible Solutions?
-------------------

So recipient verification fails, due to that the directory cannot be
read/checked. So I the following solutions came to my mind.

1. Disable recipient verification.

2. Add exim to the sympa group.

3. Can one change the group in the recipient verification state?

4. Adapt the permissions of the /var/lib/sympa directories and
sub-directories.

Could you think of something else, something simple or elegant to check
those config files in the beginning to use recipient verification? I
looked at the hints for Mailman [3], but it did not work.


Thanks in advance. Bests,

Paul


¹ sudo exim4 -bt list at dom.org finds the correct router, since it is
running as root(?). You need to run sudo exim4 -bh [external ip] to find
out that it is rejected.

[0] http://www.exim.org/lurker/message/20090201.180217.5d08c44e.el.html
[1] https://www.sympa.org/
[2] https://listes.cru.fr/sympa/arc/sympa-users/2008-01/msg00086.html
[3] http://svn.debian.org/wsvn/pkg-mailman/trunk/debian/README.Exim4.Debian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110426/45f31059/attachment.pgp>

More information about the Pkg-exim4-users mailing list