Operations/Server Documentation/Configuration/Exim

From Habari Project

Jump to: navigation, search



Exim is the MTA that runs on the Habari server. Its primary role is sending outbound mail generated by habariproject.org services (Trac notifications, SVN commits, etc.). It is also configured as a relay for the security@habariproject.org contact address.

Configuration Files

None of the configuration files have been modified manually, all configuration has been done via dpkg-reconfigure exim4-config.

Configuration Type

The 'internet' configuration profile was used - the server is a site that sends and receives mail directly via SMTP.

Accepted Domains

Only messages bound for the following domains will be accepted. All others will be rejected immediately during the initial connection.

  • habari (the local hostname)
  • localhost
  • localhost.localdomain
  • habari.us (the domain used for testing and server migration)
  • habariproject.org

Relay Domains

Email is only accepted for the domains listed above. No relaying is permitted.

Configured Aliases

Aliases are configured in the /etc/aliases file.

  • postmaster -> root
  • hostmaster -> root
  • webmaster -> root
  • abuse -> root
  • root -> root, ringmaster, chrismeller
  • habari -> habari, chrismeller

User Forwards

Individual users can forward any messages directed to their account to an external regularly-checked mailbox by creating a $HOME/.forward file - the only contents should be the email address to forward to.

Security Relay

All messages to the security@habariproject.org mailbox are parsed and relayed to the private Habari Cabal mailing list for handling. The mailing list address is restricted so that only members of the group may post, so a normal redirect box is not sufficient.

Security User Account

A physical security user exists on the server. Its sole purpose is to provide a .forward file. The Debian package of Exim (and as a result the Ubuntu package, which the server runs) does not allow messages to be piped to an external script or program in the /etc/aliases file. The easiest way around this is to create a physical user account and pipe its messages to a script in the .forward file.

The security user is denied login access (its shell is set to /bin/false and it has no password) and it should not be used for any other purposes.

Email Relay Script

The email relay script is located at /home/habari/tools/email-relay.php. It accepts the message (headers + body) via stdin, parses out the headers, and re-sends the message to the private list. It also CC's the original sender a copy of the message to confirm receipt.

Personal tools