Mailing List Archive: exim: users

conditional compound rewriting

Index | Next | Previous | View Threaded

paulgrogers at fastmail

Nov 19, 2009, 12:14 PM

Post #1 of 8 (894 views)
Permalink

conditional compound rewriting

First of all, I'm using exim-3.20 even if it's obsolete because I have
to keep as small a footprint as possible here. Bought the book, and
trying to follow that. I'm presuming the syntax parsing in 3.20 is the
same as you're currently using in 4.x. I'm having trouble getting the
syntax for the following rewrite rule correct. Trying to lookup a
replacement address for a listed user name IFF it's a user on this
machine. Actually my problem is I'm trying to rewrite things so I can
relay through my ISP out to the big wide world. I'm using SMTP header
rewriting, and need to masquerade my envelopes too with a general rule.
Any help here?

*@* "${if eq {$domain}{$primary_hostname}{lookup{$1}lsearch{REWRITE}\
{$value}fail}fail}" Ffrs

I've tried various versions of braces with the "fail" parts. No joy.

It just occurred to me perhaps I could change the lookup argument to
$1@$primary_hostname, with that small addition to the file, and remove
the if. Better? I think I'd still need to check that the recipient
domain isn't the local machine, which still leaves me getting this
general syntax right. Can anyone tell me what's worng? TIA
--
Paul Rogers
paulgrogers [at] fastmail
http://www.xprt.net/~pgrogers/
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)

--
http://www.fastmail.fm - IMAP accessible web-mail

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 20, 2009, 1:04 AM

Post #2 of 8 (866 views)
Permalink

Re: conditional compound rewriting [In reply to]

On 2009-11-19 at 12:14 -0800, Paul Rogers wrote:
> First of all, I'm using exim-3.20

*blink* Bear in mind I can't test any responses to be sure I remember
the details. It's been too many years since I admin'd an Exim 3 box to
be sure.

> *@* "${if eq {$domain}{$primary_hostname}{lookup{$1}lsearch{REWRITE}\
> {$value}fail}fail}" Ffrs

The value of each item inside {} in the branches is a string. So you
have a string starting "lookup".

You want a {...} for the TRUE-branch, inside which you want ${lookup...}
to do a substitution. I'd expect there to be logs of failures. If not,
exim -d<n> is your friend (numbers for increasing verbosity, instead of
areas to ask for extra debugging as in Exim 4).

ISTR some areas where Exim 3 was particular about whether or not
whitespace could appear; I don't recall if whitespace after the "eq" was
okay or not.

*@* "${if eq{$2}{$primary_hostname}\
{${lookup{$1}lsearch{REWRITE}{$value}fail}}fail}" Ffrs

and I no longer remember if the double-quotes there are a good or a bad
idea.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

paulgrogers at fastmail

Nov 20, 2009, 9:38 AM

Post #3 of 8 (852 views)
Permalink

Re: conditional compound rewriting [In reply to]

On Fri, 20 Nov 2009 01:04:18 -0800, "Phil Pennock" <exim-
users [at] spodhuis> said:
> *blink* Bear in mind I can't test any responses to be sure I remember
> the details. It's been too many years since I admin'd an Exim 3 box
> to be sure.

That's OK, although it seems like I have a fiddly syntax problem, that
may just be a symptom of taking a whole wrong approach to the ISP relay
problem. Thanks for considering it. Most ignore such requests.

So let's clarify whether I'm trying to write a doomed rule. Just the
lookup part will rewrite the headers/addresses and relay messages
through my ISP. But EVERYTHING ends up going there, like bounce
messages. What I'm trying to do now is "if the recipient is 'offsite'
then rewrite the headers & envelope, else fail" so local messages don't
get redirected. I know there's an unparsed string $recipient, which
could be a list and hard to parse in a rewrite rule. I'm trying to find
some other way, but it seems the rewrite rules, at least in 3.2,
consider recipient and sender addresses as virtually unrelated from a
rewriting perspective.

Should I take what I've got and live with it? Or do I just need a
different strategy?
--
Paul Rogers
paulgrogers [at] fastmail
http://www.xprt.net/~pgrogers/
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)

--
http://www.fastmail.fm - Accessible with your email software
or over the web

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 20, 2009, 4:07 PM

Post #4 of 8 (855 views)
Permalink

Re: conditional compound rewriting [In reply to]

On 2009-11-20 at 09:38 -0800, Paul Rogers wrote:
> On Fri, 20 Nov 2009 01:04:18 -0800, "Phil Pennock" <exim-
> users [at] spodhuis> said:
> > *blink* Bear in mind I can't test any responses to be sure I remember
> > the details. It's been too many years since I admin'd an Exim 3 box
> > to be sure.
>
> That's OK, although it seems like I have a fiddly syntax problem, that
> may just be a symptom of taking a whole wrong approach to the ISP relay
> problem. Thanks for considering it. Most ignore such requests.
>
> So let's clarify whether I'm trying to write a doomed rule. Just the
> lookup part will rewrite the headers/addresses and relay messages
> through my ISP. But EVERYTHING ends up going there, like bounce
> messages. What I'm trying to do now is "if the recipient is 'offsite'
> then rewrite the headers & envelope, else fail" so local messages don't
> get redirected. I know there's an unparsed string $recipient, which
> could be a list and hard to parse in a rewrite rule. I'm trying to find
> some other way, but it seems the rewrite rules, at least in 3.2,
> consider recipient and sender addresses as virtually unrelated from a
> rewriting perspective.
>
> Should I take what I've got and live with it? Or do I just need a
> different strategy?

Using rewrites for routing is doomed to failure in Exim.

Using Exim 4, you'd use headers_rewrite on your SMTP transport. Exim 4
should be buildable in a version as small as Exim 3, unless you're stuck
using packages built by an OS packager and they don't provide a minimal
Exim 4 build, just a kitchen-sink one. (Debian provide
exim4-daemon-light).

That said, you might try using a regexp for matching the addresses
you're filtering and using a negative lookahead assertion.

^([^@]+)@((?!example\.com).+)

That will only match if the domain is not example.com and might get you
closer to what you're trying to achieve.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

paulgrogers at fastmail

Nov 20, 2009, 8:05 PM

Post #5 of 8 (854 views)
Permalink

Re: conditional compound rewriting [In reply to]

On Fri, 20 Nov 2009 16:07:39 -0800, "Phil Pennock"
<exim-users [at] spodhuis> said:
> Using Exim 4, you'd use headers_rewrite on your SMTP transport. Exim 4

That was introduced with v3.20, the reason I chose it. I'm using
header rewriting, but it's not enough for my ISP relay. I need to
rewrite the envelope also.

> should be buildable in a version as small as Exim 3, unless you're stuck
> using packages built by an OS packager and they don't provide a minimal
> Exim 4 build, just a kitchen-sink one. (Debian provide exim4-daemon-
> light).

This is a Linux I built from scratch using LFS. Using a package
manager,
Ingo Brueckl's git (not Linus'!), but it's no impediment.

> That said, you might try using a regexp for matching the addresses
> you're filtering and using a negative lookahead assertion.
>
> ^([^@]+)@((?!example\.com).+)
>
> That will only match if the domain is not example.com and might get you
> closer to what you're trying to achieve.

The book gives this example, but I'm also trying to keep such constants
out of configuration files. I may have to do something like that
though.
--
Paul Rogers
paulgrogers [at] fastmail
http://www.xprt.net/~pgrogers/
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)

--
http://www.fastmail.fm - mmm... Fastmail...

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 21, 2009, 6:30 PM

Post #6 of 8 (831 views)
Permalink

Re: conditional compound rewriting [In reply to]

On 2009-11-20 at 20:05 -0800, Paul Rogers wrote:
> On Fri, 20 Nov 2009 16:07:39 -0800, "Phil Pennock"
> <exim-users [at] spodhuis> said:
> > Using Exim 4, you'd use headers_rewrite on your SMTP transport. Exim 4
>
> That was introduced with v3.20, the reason I chose it. I'm using
> header rewriting, but it's not enough for my ISP relay. I need to
> rewrite the envelope also.

Then you use return_path to control the SMTP Envelope Sender and you use
routing to adjust the recipients before it hits the transport.

The problem with changing the recipient address with rewriting is that
each time an address is generated by a Director or Router, it's subject
to rewriting (unless the rewriting is explicitly SMTP-time).

The Exim way is to generate the recipient addresses in the correct form
in the Routers.

BTW, Exim has had security issues in the past. They're rare, but have
happened. ISTR there was at least one issue somewhere between 3.20 and
3.36 but the details escape me.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

paulgrogers at fastmail

Nov 21, 2009, 11:53 PM

Post #7 of 8 (830 views)
Permalink

Re: conditional compound rewriting [In reply to]

On Sat, 21 Nov 2009 18:30:07 -0800, "Phil Pennock" <exim-
users [at] spodhuis> said:
> Then you use return_path to control the SMTP Envelope Sender and you
> use routing to adjust the recipients before it hits the transport.

That's not enough, at least for my ISP. I tried just transport
rewriting. (They're clueless about Linux. Well, that's not entirely
correct--they have some Debian on their mail server it seems.) I have
to rewrite envelopes too so they look like what would have come from my
ISP's mail server.

> The problem with changing the recipient address with rewriting is that
> each time an address is generated by a Director or Router, it's
> subject to rewriting (unless the rewriting is explicitly SMTP-time).

It's not the recipients that's a problem. It's the sender, reply-to,
from, et al. They check validity of those, and "...@pika.lan" or
"...@localhost" just don't cut it for them. This is a home machine &
LAN. I got no official DNS identity. I setup a special user for this,
and I was hoping I could make the rewriting rules smart enough that it
could still send mail locally, e.g. errors, but that's not working out
so good. My lookup rewrite works, a bit too good. Guess I've got to
live with it.

> BTW, Exim has had security issues in the past. They're rare, but have
> happened. ISTR there was at least one issue somewhere between
> 3.20 and 3.36 but the details escape me.

This runs on a 32MB 486/33, kernel-2.2.26, ipchains, diald, pppd, and is
just dialing in, sending some email to a select group, and hanging up.
I'm sure there are more than just exim's security issues. I'm relying
on being there and disappearing fast, at least in part.

Thanks for trying, anyhow.
--
Paul Rogers
paulgrogers [at] fastmail
http://www.xprt.net/~pgrogers/
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)

--
http://www.fastmail.fm - The professional email service

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

richard at highwayman

Nov 22, 2009, 4:58 AM

Post #8 of 8 (825 views)
Permalink

Re: conditional compound rewriting [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <1258876416.1772.1346434315 [at] webmail>,
Paul Rogers <paulgrogers [at] fastmail> writes

>It's not the recipients that's a problem. It's the sender, reply-to,
>from, et al. They check validity of those, and "...@pika.lan" or
>"...@localhost" just don't cut it for them.

They're probably interested in reducing outgoing spam -- these sorts of
checks improve their chances of blocking junk; albeit they will prevent
perfectly sensible configurations from working :(

You may need to change to another provider if your view of sensible
fails to accord with theirs.

... that said, you certainly want to have (and it is reasonable for an
ISP to insist upon) a routeable address for the SMTP sender because
otherwise it's impossible to send you any delivery status notifications
(or other bounces).

It's also pretty unwise to have the Reply-To: unrouteable! though that's
your problem rather than that of worldwide mail systems!

>> BTW, Exim has had security issues in the past. They're rare, but have
>> happened. ISTR there was at least one issue somewhere between
>> 3.20 and 3.36 but the details escape me.
>
>This runs on a 32MB 486/33, kernel-2.2.26, ipchains, diald, pppd, and is
>just dialing in, sending some email to a select group, and hanging up.
>I'm sure there are more than just exim's security issues.

Then let us hope that you never stay online for more than a few seconds
(so you cannot pollute the Internet for the rest of us) or have any
personal data on your machine that you'd be loth to pass on to others :(

- --
richard Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSwk1hJoAxkTY1oPiEQJh6ACfYU1s5sbgQWzD1hc5W6o47449dr8AoKTi
fphuJ8iXYA1kbTJk3AbkoQXL
=FRJW
-----END PGP SIGNATURE-----

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads