summaryrefslogtreecommitdiffstats
path: root/cd-system
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2014-08-21 13:28:19 +0200
committertv <tv@shackspace.de>2014-08-21 13:28:19 +0200
commit3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 (patch)
tree77cc15d9b1ce1e0f82120dd4c85550b1a992b6bb /cd-system
initial commit
Diffstat (limited to 'cd-system')
-rw-r--r--cd-system/cd-exim.conf133
-rw-r--r--cd-system/cd-iptables.rules5
-rw-r--r--cd-system/host_redirect1
-rw-r--r--cd-system/internet_aliases2
4 files changed, 141 insertions, 0 deletions
diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf
new file mode 100644
index 0000000..c2f4835
--- /dev/null
+++ b/cd-system/cd-exim.conf
@@ -0,0 +1,133 @@
+RETIOLUM_HOSTNAME = cd.retiolum
+
+primary_hostname = RETIOLUM_HOSTNAME
+
+HOST_REDIR = /etc/exim4/host_redirect
+INTERNET_ALIASES = /etc/exim4/internet_aliases
+
+
+# Domains not listed in local_domains need to be deliverable remotely.
+# XXX We abuse local_domains to mean "domains, we're the gateway for".
+domainlist local_domains = @ : localhost
+domainlist relay_to_domains =
+hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
+
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+never_users = root
+
+host_lookup = *
+
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+
+
+log_selector = -queue_run +address_rewrite +all_parents +queue_time
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+begin acl
+
+acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ # debian: control = submission/sender_retain
+ # arch & debian:
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ accept message = relay not permitted 2
+ recipients = lsearch;INTERNET_ALIASES
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require
+ message = unknown user
+ verify = recipient/callout
+
+ accept
+
+
+acl_check_data:
+ accept
+
+
+begin routers
+
+retiolum:
+ debug_print = "R: retiolum for $local_part@$domain"
+ driver = manualroute
+ domains = ! RETIOLUM_HOSTNAME : *.retiolum
+ transport = retiolum_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+internet_aliases:
+ debug_print = "R: internet_aliases for $local_part@$domain"
+ driver = redirect
+ data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}}
+
+dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1
+ no_more
+
+
+begin transports
+
+retiolum_smtp:
+ driver = smtp
+ retry_include_ip_address = false
+
+remote_smtp:
+ driver = smtp
+
+
+home_maildir:
+ driver = appendfile
+
+ #file = /var/mail/$local_part
+ maildir_format
+ maildir_use_size_file
+ directory = $home/Maildir
+ directory_mode = 0700
+
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+
+
+begin retry
+
+*.retiolum * F,42d,1m
+* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin rewrite
+
+begin authenticators
diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules
new file mode 100644
index 0000000..c9af7d5
--- /dev/null
+++ b/cd-system/cd-iptables.rules
@@ -0,0 +1,5 @@
+...
+
+-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT
+
+...
diff --git a/cd-system/host_redirect b/cd-system/host_redirect
new file mode 100644
index 0000000..5cdf180
--- /dev/null
+++ b/cd-system/host_redirect
@@ -0,0 +1 @@
+oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum
diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases
new file mode 100644
index 0000000..f07559c
--- /dev/null
+++ b/cd-system/internet_aliases
@@ -0,0 +1,2 @@
+me@mypublicdomain.com: me@myretiolumdomain.retiolum
+me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum