Zarafa Exim4 integration
From Zarafa wiki
(Difference between revisions)
Ynypokizek (Talk | contribs) |
Ddebyttere (Talk | contribs) m (Reverted edits by Ynypokizek (talk) to last revision by Jneumann) |
||
| Line 1: | Line 1: | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
The following Exim configuration will integrate Exim with the internal Zarafa user database for alias checking and SMTP authentication. | The following Exim configuration will integrate Exim with the internal Zarafa user database for alias checking and SMTP authentication. | ||
| Line 17: | Line 9: | ||
Create the file /etc/exim4/conf.d/auth/40_zarafa_smtp and add the following lines: | Create the file /etc/exim4/conf.d/auth/40_zarafa_smtp and add the following lines: | ||
| - | + | <code> | |
# authenticators for SMTP AUTH with zarafa db | # authenticators for SMTP AUTH with zarafa db | ||
# | # | ||
| Line 37: | Line 29: | ||
server_condition = ${lookup mysql{ZARAFA_LOGIN}{1}{0}} | server_condition = ${lookup mysql{ZARAFA_LOGIN}{1}{0}} | ||
server_set_id = $auth1 | server_set_id = $auth1 | ||
| - | + | </code> | |
Create the file /etc/exim4/conf.d/main/100_zarafa_mysql and add the following lines: | Create the file /etc/exim4/conf.d/main/100_zarafa_mysql and add the following lines: | ||
| - | + | <code> | |
# mysql settings for recipient verify and authentication | # mysql settings for recipient verify and authentication | ||
# | # | ||
| Line 69: | Line 61: | ||
# | # | ||
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASS | hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASS | ||
| - | + | </code> | |
Create the file /etc/exim4/conf.d/router/700_zarafa_dagent and add the following lines: | Create the file /etc/exim4/conf.d/router/700_zarafa_dagent and add the following lines: | ||
| - | + | <code> | |
# router for delivery via zarafa-dagent | # router for delivery via zarafa-dagent | ||
# | # | ||
| Line 99: | Line 91: | ||
#no_verify | #no_verify | ||
#no_expn | #no_expn | ||
| - | + | </code> | |
Create the file /etc/exim4/conf.d/transport/30_zarafa_dagent and add the following lines: | Create the file /etc/exim4/conf.d/transport/30_zarafa_dagent and add the following lines: | ||
| - | + | <code> | |
# transport for delivery via zarafa-dagent | # transport for delivery via zarafa-dagent | ||
# | # | ||
| Line 116: | Line 108: | ||
delivery_date_add | delivery_date_add | ||
envelope_to_add | envelope_to_add | ||
| - | + | </code> | |
| Line 125: | Line 117: | ||
== Local part affixes and LMTP == | == Local part affixes and LMTP == | ||
| - | As mentioned above in the | + | As mentioned above in the <tt>zarafa_user</tt> router, if the local part contains affixes (either suffixes or prefixes), we want these to be stripped from the 'real' part of the <tt>local_part</tt>. Especially for LMTP, which requires an RCPT TO command followed with a real local user. ''Luckily, this is default behaviour for LMTP in Exim 4.40.'' |
| - | If you encounter any problems in the zarafa-dagent not accepting | + | If you encounter any problems in the zarafa-dagent not accepting <tt>prefix-username+suffix</tt> recipient addresses, check the <tt>rcpt_include_affixes</tt> setting in your SMTP/LMTP transport: [http://www.exim.org/exim-html-4.40/doc/html/spec_24.html Exim 4.40 generic transport options] (see <tt>rcpt_include_affixes</tt>). |
Latest revision as of 09:11, 24 November 2010
The following Exim configuration will integrate Exim with the internal Zarafa user database for alias checking and SMTP authentication.
Please note this setup only works when using the DB user plugin. Unix and LDAP plugin will not correctly work with this config.
Configure Exim as a server by the following command and define domains we host and make sure to select "split" method for config files.
dpkg-reconfigure exim4-config
Create the file /etc/exim4/conf.d/auth/40_zarafa_smtp and add the following lines:
# authenticators for SMTP AUTH with zarafa db
#
auth_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
# don't send password over unencrypted connections
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_condition = ${lookup mysql{ZARAFA_PLAIN}{1}{0}}
server_set_id = $auth2
#
auth_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send password over unencrypted connections
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_condition = ${lookup mysql{ZARAFA_LOGIN}{1}{0}}
server_set_id = $auth1
Create the file /etc/exim4/conf.d/main/100_zarafa_mysql and add the following lines:
# mysql settings for recipient verify and authentication
#
MYSQL_SERVER = localhost
MYSQL_DB = zarafa
MYSQL_USER = root
MYSQL_PASS =
#
ZARAFA_USER = SELECT DISTINCT `value` FROM `objectproperty` WHERE \
propname = 'loginname' \
AND objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
value = '${quote_mysql:$local_part@$domain}')
#
ZARAFA_PLAIN = SELECT DISTINCT `objectid` FROM `objectproperty` WHERE \
objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
`propname` = 'loginname' AND `value` = '$auth2') \
AND `propname` = 'password' \
AND `value` = CONCAT(SUBSTR(`value`, 1, 8), \
MD5(CONCAT(SUBSTR(`value`, 1, 8), '$auth3')))
#
ZARAFA_LOGIN = SELECT DISTINCT `objectid` FROM `objectproperty` WHERE \
objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
`propname` = 'loginname' AND `value` = '$auth1') \
AND `propname` = 'password' \
AND `value` = CONCAT(SUBSTR(`value`, 1, 8), \
MD5(CONCAT(SUBSTR(`value`, 1, 8), '$auth2')))
#
hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASS
Create the file /etc/exim4/conf.d/router/700_zarafa_dagent and add the following lines:
# router for delivery via zarafa-dagent
#
zarafa_user:
debug_print = "R: zarafa for $local_part@$domain"
cannot_route_message = no such user
driver = accept
# In order to deliver messages to a recipient with a suffix like for example user+suffix@zarafa.com,
# (used in VERP) we need to tell Exim that everything after the plus-sign has to be stripped.
# After the definition of 'local_part_suffix' 'local_part' does not contain the suffix anymore.
# Uncomment the next two lines to enable this behaviour.
#local_part_suffix = +*
#local_part_suffix_optional
condition = ${lookup mysql{ZARAFA_USER} {1}{0}}
local_parts = !root
# specify your local domains which should be delivered to zarafa
# with "domainlist local_domains = localhost : yourdomain.com"
# in main section of exim4.conf
domains = +local_domains
transport = zarafa_pipe
require_files = +/usr/bin/zarafa-dagent
# !! if you use "verify = recipient" in any ACLs
# you have to leave "no_verify" and "no_expn" disabled
# otherwise your ACL will always fail
#no_verify
#no_expn
Create the file /etc/exim4/conf.d/transport/30_zarafa_dagent and add the following lines:
# transport for delivery via zarafa-dagent
#
zarafa_pipe:
debug_print = "T: zarafa_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
#command = "/usr/bin/zarafa-dagent -s $local_part"
#if (zarafa_usernames != $local_part) - you have to use this command instead
command = /usr/bin/zarafa-dagent -s "${lookup mysql{ZARAFA_USER} {$value}}
return_path_add
delivery_date_add
envelope_to_add
Execute the following commands to activate your configuration.
update-exim4.conf /etc/init.d/exim4 restart
Local part affixes and LMTP
As mentioned above in the zarafa_user router, if the local part contains affixes (either suffixes or prefixes), we want these to be stripped from the 'real' part of the local_part. Especially for LMTP, which requires an RCPT TO command followed with a real local user. Luckily, this is default behaviour for LMTP in Exim 4.40.
If you encounter any problems in the zarafa-dagent not accepting prefix-username+suffix recipient addresses, check the rcpt_include_affixes setting in your SMTP/LMTP transport: Exim 4.40 generic transport options (see rcpt_include_affixes).
