[svlug] TMDA, Exim, and nmh

J C Lawrence claw at kanga.nu
Wed Jul 24 14:43:09 PDT 2002


Those using or interested in using TMDA might be interested in my notes
on using nmh under TMDA (http://tmda.net/).

Using TMDA under nmh atop Postfix or Exim is problemic.  

Reasons:

  nmh, like MH, by default delivers outbound mail via SMTP to port 25 on
  a defined host.  The port number cannot be configured (it calls
  getservbyname() which does a lookup against "smtp" in /etc/services).
  Ergo, you are constrained to use tell nmh to use tmda-sendmail instead
  of SMTP.

  Using sendmail as the delivery method under MH instead of SMTP is not
  recommended as is loses a number of useful bits of robustness in mail
  delivery failure modes.  Further, when nmh is configured to use
  sendmail instead of SMTP nmh's whom tool calls sendmail as follows:

    .../sendmail/ -m -t -i -bv

  which creates problems:

    Postfix does not support "-bv" and returns in error

    Exim does not support "-t" with "-bv" and returns in error

    Don't mention Qmail.  I won't use it.

 "whom" is far too useful as a component tool in MH to lose.  

I've worked out a hack to use TMDA with Exim while retaining nmh's
"whom" support using Exim's system filter:

  0) Make sure that the following options are set in ~/.tmda/config:

    DATADIR
    ALLOW_MODE_640
    CRYPT_KEY_FILE
    FINGERPRINT

  1) chgrp everything in and under ~/.tmda to group "mail".

  2) Configure Exim as per the current TMDA HOW-TO.

  3) Set the following options in exim.conf:

    message_filter = "/etc/exim/filter"
    message_filter_pipe_transport = address_pipe

  4) /etc/exim/filter reads:

    # Exim filter
    testprint "local_part: ${local_part: $h_From:}"
    testprint "domain: ${domain: $h_From:}"
    if "$h_X-tmda-fingerprint:" is "" and 
       "${domain: $h_From:}" is "kanga.nu" and
       "${if exists {/home/${local_part:$h_From:}/.tmda} {true}{false}}" is "true"
    then
      pipe "/usr/bin/tmda-inject -c /home/${local_part:$h_From:}/.tmda/config"
      finish
    endif

  Yes, that assumes that all user directories are under /home and that
  they use ~/.tmda/config instead of ~/.tmdarc.  Hack appropriately for
  your setup.

Basic explanation:

  Exim sends all outbound mail thru the system filter (if one is
  configured) before attempting delivery.  The above system filter
  extracts the user from the From: address and pipes the message thru
  that user's TMDA setup via tmda-inject.

  The system filter runs as the same user as Exim, thus the requirement
  for the chgrp mail.  If your Exim installation runs as a different
  user, chgrp as appropriate.

Notes:

  This requires that all outbound mail that is to be processed with TMDA
  has a From: header which references a local user (suffixes are fine),
  and that the From: address is fully qualified with a known domain.  If
  you're vhosting the above setup would be fairly trivial to extend for
  other domains and $HOME paths.  I'm not vhosting on my desktop and so
  don't care.  You could also qualify on envelope or other headers if
  you wish.

Caveat Emptor.  

  ObNote: I've also written a small patch against TMDA 0.58 to add a
  "hold" delivery method (identical to "confirm" except it sends no
  confirmation requests -- very useful for testing configs or doing
  silent sidetracking of mail).

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw at kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.




More information about the svlug mailing list