Exim 4.x and Majordomo 1.94.5

This page outlines how to configure Majordomo 1.94.5 and Exim 4.x to work together. It is not the only method for doing so.

Contents

Changes

Version 0.1, 2 October 2002

Typo cleanup, move virtual domains out of basic configuration section, add demime information.

Version 0.0, 1 October 2002

Rough Draft

Prerequisites

You should be generally familiar with the basic features of Exim 4.x. You should be working with Majordomo 1.94.5, which will probably be the last released version of Majordomo 1 (Majordomo 2 is a completely different piece of software from Majordomo 1). You will need root access on the server to perform this installation. You should familiarize yourself with the Majordomo FAQ and the installation procedures. The differences between the stock Majordomo installation using Sendmail as the MTA and an installation using Exim as the MTA are small, and the basic instructions for installing Majordomo should be followed.

Exim Configuration Details

This section details things that are to be set up in the Exim configuration file, and the setup of the alias files.

Main Configuration

In the main configuration section, add the majordomo user to trusted users (this is usually "majordomo"):

trusted_users = exim : majordomo

You may also want to add some other tuning parameters in the main configuration section. Note that these are only suggestions; you should familiarize yourself with these parameters and adjust them to suit.

delay_warning = 0s
deliver_queue_load_max = 99
ignore_bounce_errors_after = 0s
return_size_limit = 10000
queue_only_load = 3
queue_run_max = 5
smtp_accept_queue = 10
strip_trailing_dot
split_spool_directory
remote_max_parallel = 40

Router Configuration

Exim's router mechanism is very powerful, and we can use it to hide the -out/-outgoing aliases from external users. Exposure of the outgoing aliases has been a significant security problem with Majordomo 1.x installations, and I strongly recommend setting it up this way. First, we set up the publically visible addresses using a redirect driver. The domain in this case is example.com, and we are placing the file of public aliases in "/usr/share/exim/aliases/example.com". The transport majordomo_pipe is discussed later; it is not a standard exim transport and we will have to create it in the transport section of the configuration file.

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/usr/local/share/exim/aliases/example.com}}
  domains = example.com
  file_transport = address_file
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

A basic alias file entry is as follows. This alias file entry assumes that majordomo is installed in /usr/majordomo/1.94.5.

sample:         "|/usr/majordomo/1.94.5/wrapper resend -l sample -h example.com -f owner-sample sample-out@example.com"
sample-digest: sample@example.com
sample-request:  "|/usr/majordomo/1.94.5/wrapper majordomo -l sample"
sample-digest-request:  "|/usr/majordomo/1.94.5/wrapper majordomo -l sample-digest"

owner-sample-out:   listadmin@example.com
sample-approval: listadmin@example.com
sample-digest-approval: listadmin@example.com
owner-sample-digest-outgoing: listadmin@example.com

owner-sample: listadmin@example.com
owner-sample-digest: listadmin@example.com
sample-owner: listadmin@example.com
sample-digest-owner: listadmin@example.com

Experienced majordomo admins will recognize that there are no outgoing aliases here. This is what the next router is for. Note the condition, the purpose of which is to restrict access to local, non-tcp access.

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  condition = "${if eq {$received_protocol} {local} \
                {true} {false} }"
  data = ${lookup{$local_part}lsearch{/usr/local/share/exim/aliases/example.com-private}}
  domains = example.com
  file_transport = address_file
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

The alias file entry for the -outgoing aliases is as follows.

sample-out:  "|/usr/majordomo/1.94.5/wrapper digest -r -C -l sample-digest sample-digest-outgoing@example.com",:include:/tools/majordomo/install/lists/sample
sample-digest-outgoing:     :include:/tools/majordomo/install/lists/sample-digest

Transport Configuration

The stock pipe transport can certainly be used, but it will send the list admin annoying messages whenever majordomo operates successfully. Instead of using it, create the following transport, which only sends output to the admin when the operation fails.

majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

Extras

This section will eventually contain additional instructions on how to use demime and mhonarc with majordomo and exim.

Virtual Domains

What follows are alias file entries modified to use an alternate .cf file for majordomo. This alternate .cf file tells majordomo what domain to use in representing itself to the outside world. The first block of entries is from the public alias file, and resend and majordomo both take -C options followed by the path to the alternate .cf file:

sample:         "|/usr/majordomo/1.94.5/wrapper resend -C /usr/majordomo/1.94.5/example.com.cf -l sample -h example.com -f owner-sample sample-out@example.com"
sample-digest: sample@example.com
sample-request:  "|/usr/majordomo/1.94.5/wrapper majordomo -C /usr/majordomo/1.94.5/example.com.cf -l sample"
sample-digest-request:  "|/usr/majordomo/1.94.5/wrapper majordomo -C /usr/majordomo/1.94.5/example.com.cf -l sample-digest"

The changed alias file entry for the -outgoing aliases is as follows. Note that the digest perl script is funky; the option for a non-default config file is -c, not -C.

sample-out:  "|/usr/majordomo/1.94.5/wrapper digest -r -C -c example.com.cf -l sample-digest sample-digest-outgoing@example.com",:include:/tools/majordomo/install/lists/sample
sample-digest-outgoing:     :include:/tools/majordomo/install/lists/sample-digest

Demime

Demime is a useful tool for removing attachments and html email from postings and administrative requests. Demime may be found at http://scifi.squawk.com/demime.html. Use of the current version of Demime is recommended; earlier versions require slightly different setup in the Exim configuration file and the alias file.

While it is possible to use Demime in an Exim transport filter, the current version of Demime functions best in the aliases file. In our example, Demime is used both to clean postings being sent to the lists and to clean postings being sent to the -request address. By adding Demime to the -request alias, we can clean out html email so that users who have difficulties sending text-only email can still send majordomo commands and have them work.

The following is what a public alias file might contain if Demime is in use:

sample:         "|/usr/local/share/demime '|/usr/majordomo/1.94.5/wrapper resend -l sample -h example.com -f owner-sample sample-out@example.com'"
sample-digest: sample@example.com
sample-request:  "|/usr/local/share/demime '|/usr/majordomo/1.94.5/wrapper majordomo -l sample'"
sample-digest-request:  "|/usr/local/share/demime '|/usr/majordomo/1.94.5/wrapper majordomo -l sample-digest'"

MHonArc

A section on MHonArc is in preparation.