This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Wed, 24 Jul 2002 14:43:09 -0700
From: J C Lawrence <claw@kanga.nu>
To: svlug@lists.svlug.org
Subject: [svlug] TMDA, Exim, and nmh
Those using or interested in using TMDA might be interested in my notes
on using nmh under TMDA (http://tmda.net/).
Using TMDA under nmh atop Postfix or Exim is problemic.
Reasons:
nmh, like MH, by default delivers outbound mail via SMTP to port 25 on
a defined host. The port number cannot be configured (it calls
getservbyname() which does a lookup against "smtp" in /etc/services).
Ergo, you are constrained to use tell nmh to use tmda-sendmail instead
of SMTP.
Using sendmail as the delivery method under MH instead of SMTP is not
recommended as is loses a number of useful bits of robustness in mail
delivery failure modes. Further, when nmh is configured to use
sendmail instead of SMTP nmh's whom tool calls sendmail as follows:
.../sendmail/ -m -t -i -bv
which creates problems:
Postfix does not support "-bv" and returns in error
Exim does not support "-t" with "-bv" and returns in error
Don't mention Qmail. I won't use it.
"whom" is far too useful as a component tool in MH to lose.
I've worked out a hack to use TMDA with Exim while retaining nmh's
"whom" support using Exim's system filter:
0) Make sure that the following options are set in ~/.tmda/config:
DATADIR
ALLOW_MODE_640
CRYPT_KEY_FILE
FINGERPRINT
1) chgrp everything in and under ~/.tmda to group "mail".
2) Configure Exim as per the current TMDA HOW-TO.
3) Set the following options in exim.conf:
message_filter = "/etc/exim/filter"
message_filter_pipe_transport = address_pipe
4) /etc/exim/filter reads:
# Exim filter
testprint "local_part: ${local_part: $h_From:}"
testprint "domain: ${domain: $h_From:}"
if "$h_X-tmda-fingerprint:" is "" and
"${domain: $h_From:}" is "kanga.nu" and
"${if exists {/home/${local_part:$h_From:}/.tmda} {true}{false}}" is "true"
then
pipe "/usr/bin/tmda-inject -c /home/${local_part:$h_From:}/.tmda/config"
finish
endif
Yes, that assumes that all user directories are under /home and that
they use ~/.tmda/config instead of ~/.tmdarc. Hack appropriately for
your setup.
Basic explanation:
Exim sends all outbound mail thru the system filter (if one is
configured) before attempting delivery. The above system filter
extracts the user from the From: address and pipes the message thru
that user's TMDA setup via tmda-inject.
The system filter runs as the same user as Exim, thus the requirement
for the chgrp mail. If your Exim installation runs as a different
user, chgrp as appropriate.
Notes:
This requires that all outbound mail that is to be processed with TMDA
has a From: header which references a local user (suffixes are fine),
and that the From: address is fully qualified with a known domain. If
you're vhosting the above setup would be fairly trivial to extend for
other domains and $HOME paths. I'm not vhosting on my desktop and so
don't care. You could also qualify on envelope or other headers if
you wish.
Caveat Emptor.
ObNote: I've also written a small patch against TMDA 0.58 to add a
"hold" delivery method (identical to "confirm" except it sends no
confirmation requests -- very useful for testing configs or doing
silent sidetracking of mail).
===