initial commit

4 files changed, 141 insertions, 0 deletions

diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf
new file mode 100644
index 0000000..c2f4835
--- /dev/null
+++ b/cd-system/cd-exim.conf
@@ -0,0 +1,133 @@
+RETIOLUM_HOSTNAME = cd.retiolum
+
+primary_hostname = RETIOLUM_HOSTNAME
+
+HOST_REDIR = /etc/exim4/host_redirect
+INTERNET_ALIASES = /etc/exim4/internet_aliases
+
+
+# Domains not listed in local_domains need to be deliverable remotely.
+# XXX We abuse local_domains to mean "domains, we're the gateway for".
+domainlist local_domains    = @ : localhost
+domainlist relay_to_domains =
+hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
+
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+never_users = root
+
+host_lookup = *
+
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+
+
+log_selector = -queue_run +address_rewrite +all_parents +queue_time
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+begin acl
+
+acl_check_rcpt:
+  accept  hosts = :
+          control = dkim_disable_verify
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  accept  local_parts   = postmaster
+          domains       = +local_domains
+
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+          # debian: control = submission/sender_retain
+          # arch & debian:
+          control       = dkim_disable_verify
+
+  accept  authenticated = *
+          control       = submission
+          control       = dkim_disable_verify
+
+  accept message = relay not permitted 2
+          recipients = lsearch;INTERNET_ALIASES
+
+  require message = relay not permitted
+          domains = +local_domains : +relay_to_domains
+
+  require
+    message = unknown user
+    verify = recipient/callout
+
+  accept
+
+
+acl_check_data:
+  accept
+
+
+begin routers
+
+retiolum:
+  debug_print = "R: retiolum for $local_part@$domain"
+  driver = manualroute
+  domains = ! RETIOLUM_HOSTNAME : *.retiolum
+  transport = retiolum_smtp
+  route_list = ^.* $0 byname
+  no_more
+
+internet_aliases:
+  debug_print = "R: internet_aliases for $local_part@$domain"
+  driver = redirect
+  data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}}
+
+dnslookup:
+  debug_print = "R: dnslookup for $local_part@$domain"
+  driver = dnslookup
+  domains = ! +local_domains
+  transport = remote_smtp
+  ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1
+  no_more
+
+
+begin transports
+
+retiolum_smtp:
+  driver = smtp
+  retry_include_ip_address = false
+
+remote_smtp:
+  driver = smtp
+
+
+home_maildir:
+  driver = appendfile
+
+  #file = /var/mail/$local_part
+  maildir_format
+  maildir_use_size_file
+  directory = $home/Maildir
+  directory_mode = 0700
+
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+
+
+begin retry
+
+*.retiolum             *           F,42d,1m
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin rewrite
+
+begin authenticators 
diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules
new file mode 100644
index 0000000..c9af7d5
--- /dev/null
+++ b/cd-system/cd-iptables.rules
@@ -0,0 +1,5 @@
+...
+
+-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT
+
+...
diff --git a/cd-system/host_redirect b/cd-system/host_redirect
new file mode 100644
index 0000000..5cdf180
--- /dev/null
+++ b/cd-system/host_redirect
@@ -0,0 +1 @@
+oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum
diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases
new file mode 100644
index 0000000..f07559c
--- /dev/null
+++ b/cd-system/internet_aliases
@@ -0,0 +1,2 @@
+me@mypublicdomain.com: me@myretiolumdomain.retiolum
+me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum