Mailscanner + Exim >= 4.73

Fri Feb 18 13:47:19 GMT 2011

> > This is really an Exim question so feel free to tell me to ask
elsewhere...
> ;-) It is
> > related to my MailScanner configuration though.
> >
> > Apparently Exim 4.73 will not allow any "-D" options by default and
> eventually
> > the functionality will be removed. From mailing list post:
> >
> >
http://lists.exim.org/lurker/message/20101215.161702.fcdb3f77.gl.html
> > ---
> > +# By contrast, you might be maintaining a system which relies upon
the
> > ability
> > +# to override values with -D and assumes that these will be passed
> > through to
> > +# the delivery processes.  As of Exim 4.73, this is no longer the
case
> > +by # default.  Going forward, we strongly recommend that you use a
shim
> > +Exim # configuration file owned by root stored under
> > TRUSTED_CONFIG_PREFIX_LIST.
> > +# That shim can set macros before .include'ing your main
configuration
> > file.
> > +#
> > +# As a strictly transient measure to ease migration to 4.73, the #
> > +WHITELIST_D_MACROS value definies a colon-separated list of
macro-names
> > +# which are permitted to be overriden from the command-line which
will
> > +be # honoured by the Exim user.  So these are macros that can
persist
> > +to
> > delivery
> > +# time.
> > +# Examples might be -DTLS or -DSPOOL=/some/dir.  The values on the
#
> > +command-line are filtered to only permit: [A-Za-z0-9_/.-]* # # This
> > +option is highly likely to be removed in a future release.  It
> > exists
> > +# only to make 4.73 as easy as possible to migrate to.  If you use
it,
> > +we # encourage you to schedule time to rework your configuration to
not
> > +depend # upon it.  Most people should not need to use this.
> > ---
> >
> > I think I am already seeing symptoms of this on my Debian Squeeze
box which
> > relies (as per documentation of the rather old Debian MailScanner
> > package) on the "-DOUTGING" option for the split pool configuration:
> > ---
> > scruffy:~# exim4 -bP -DOUTGOING spool_directory macros_trusted
overriden
> > to true by whitelisting spool_directory = /var/spool/exim4
> >
> > vs
> >
> > scruffy:~# exim4 -bP spool_directory
> > spool_directory = /var/spool/exim4_incoming
> > ---
> >
> > I have only just noticed this an I am looking for some advice on how
to
> "future-
> > proof" my Mailscanner + Exim4 implementation.
> >
> > The message above talks about a "shim configuration file" but I
don't really
> > understand what they are talking about there and how to use it for
split
> pool
> > configuration. :-(
> >
> > Any pointers would be greatly appreciated.
> >
> 
> I'm not sure I have any pointers yet, I'm still on Debian Lenny and
its
> patched exim 4.69.

As I understand it, the idea is to use a "shim" exim config file that
sets your macro, and then includes the main exim config file.

So, in you MailScanner.conf file, instead of having:
Sendmail2 = /usr/sbin/exim4 -DOUTGOING

You can have something like this:
Sendmail2 = /usr/sbin/exim4 -c /etc/exim4/exim.outgoing.conf

Then, you have to add this new "shim" configuration file into your exim
trusted_configs file.

# cat /etc/exim4/trusted_configs
/etc/exim4/exim.outgoing.conf

And finally, in your exim4.outgoing.conf file, you should define your
macro and then include the standard exim config file.  For Debian, it
might look something like this:

# cat /etc/exim4/exim.outgoing.conf
OUTGOING = 1
.include /var/lib/exim4/config.autogenerated

This way, you're still only modifying the one main exim4 configuration
file for all of your needs.  I've done it this way (I even use a
different macro name), and it works with the patched exim4 in Lenny.
And I expect it to work as is in Squeeze.

Jase

-
This message is intended only for the addressee and may contain information that is company confidential or privileged.  Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. 
-                                                                                                                                                                                                                                                       