Re: Automatically creating user accounts from exim
On Qua, 17 Jun 2009, David wrote: Okay, this is kind of a weird question, but it came up at work. I'm a complete exim newbie (I've never configured it before, beyond 'dpkg-reconfigure exim4-config'), but a project came up where the manager wants to use exim in a weird way. Basically, this needs to happen: 1) Exim receives a mail, from a trusted IP address 2) If the mail is to a non-existant user account, then create the system account, deliver the mail to the new account's mail file I'd strongly recommend against creating system users for unknown accounts. With the amount of spam we get today, you'd be flooded with new accounts. It would probably be better to create virtual users, storing the mails in something like /var/vmail/recipient . And this is easier to do, by the way. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
On Wed, Jun 17, 2009 at 3:34 PM, Eduardo M KALINOWSKIedua...@kalinowski.com.br wrote: I'd strongly recommend against creating system users for unknown accounts. With the amount of spam we get today, you'd be flooded with new accounts. It would probably be better to create virtual users, storing the mails in something like /var/vmail/recipient . And this is easier to do, by the way. That's why in point 1, I said the source is trusted. Basically, another app (on a different server) which generates the mails, and then forwards them to exim. As for virtual users, I asked the manager about using those at the start, but he doesn't like the idea because they're not the way that exim normally runs, so we'd probably have to use some weird non-standard exim config. Could you point me to docs where I can read more about virtual users? Most of the Google results are for Virtual Domains, or for Exim in combination with other software. David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
On Wed, Jun 17, 2009 at 03:26:41PM +0200, David wrote: Okay, this is kind of a weird question, but it came up at work. I'm a complete exim newbie (I've never configured it before, beyond 'dpkg-reconfigure exim4-config'), but a project came up where the manager wants to use exim in a weird way. Basically, this needs to happen: 1) Exim receives a mail, from a trusted IP address 2) If the mail is to a non-existant user account, then create the system account, deliver the mail to the new account's mail file Since this mail is coming from a trusted server, why not have a script on that server first check (via ssh) if the user exists? Or, have it send the mail blindly. If the user doesn't exist, exim bounces it back. the sending script then uses ssh to create the user on the target system. 3) And always, after delivering a mail (for new or existing users): Call an external script, so that our custom logic can see the new mails immediately after they appear, and do some further handling. Are you sure that email is the best route at all for this traffic? Mail to non-existant user so that a script on a remote box can read the mail? Why not just rsync (or scp) over ssh a file containing the information? Or, have programmes at each end running with a socket between them? Or use have the target script put the output to stdout, pipe it through ssh to the receiving script taking it from stdin via a pipe from ssh? Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
On Qua, 17 Jun 2009, David wrote: Could you point me to docs where I can read more about virtual users? Most of the Google results are for Virtual Domains, or for Exim in combination with other software. Exim doesn't really make a distinction between real users and local users. It can check /etc/passwd (or some other database) for users, but it can also check a text file, a database, check for the existence of a file... For example, this is a very simple router that checks if the destination is a local user, and if it is, calls the transport to store mail in a local file: localuser: driver = accept check_local_user transport = local_delivery Here's the said transport: local_delivery: driver = appendfile file = /var/mail/$local_part delivery_date_add envelope_to_add return_path_add If check_local_user is removed, then all mail that reaches the localuser router is accepted, and will be stored in /var/mail/destination. (A few more settings in the transport might be necessary.) A user account is not created, though. This part is complicated, what I can think of is a sending the e-mail (via a pipe transport) that creates the account. Then it stored the mail, or sends it back to exim to be processed again. As for docs, there's the extensive exim manual at http://www.exim.org/exim-html-current/doc/html/spec_html/ . You'll certainly need to take a look at the sections about routers and transports. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
On Wed, Jun 17, 2009 at 3:53 PM, Douglas A. Tuttydtu...@vianet.ca wrote: Since this mail is coming from a trusted server, why not have a script on that server first check (via ssh) if the user exists? Or, have it send the mail blindly. If the user doesn't exist, exim bounces it back. the sending script then uses ssh to create the user on the target system. These would be other ways of adding accounts, yes. My main assumption is that exim gives a simple way to hook arbitrary scripts into it's logic at various points. Something like: /etc/exim4/incoming_mail.d/ And then I could drop a shell script in that directory, which would be called as the mail is received, to create the new accounts as needed, and then after calling the script, exim would see the user account it needs (so that it doesn't bounce the mail, and stores it instead). Or, if not the above, then something similar, where I could hook arbitrary logic into various points of the mail receiving logic. From your reply, I take it that there is no simple mechanism like that? We're exim newbies, so we don't really know the usual methods of tying external logic into exim. Are you sure that email is the best route at all for this traffic? Mail to non-existant user so that a script on a remote box can read the mail? Why not just rsync (or scp) over ssh a file containing the information? Or, have programmes at each end running with a socket between them? Or use have the target script put the output to stdout, pipe it through ssh to the receiving script taking it from stdin via a pipe from ssh? The overall system, is basically a messaging system (that doesn't only use email, so it's also a kind of gateway), where users send each other messages, and exim and the mail protocols provides a lot of logic that we'd otherwise need to re-implement, either ourselves from scratch, or by rigging various existing tools together (like, queuing messages when servers are temporarily offline, relaying, etc). The messaging system isn't a duck, but it walks and quacks a lot like one _. On Wed, Jun 17, 2009 at 3:53 PM, Eduardo M KALINOWSKIedua...@kalinowski.com.br wrote: Exim doesn't really make a distinction between real users and local users. It can check /etc/passwd (or some other database) for users, but it can also check a text file, a database, check for the existence of a file... Thanks for that info. I think the main idea with automatically adding users, is so that a standard exim config (which we don't really understand), will be able to deliver the mails instead of bouncing them. There isn't really a need for user accounts beyond that afaict. I'll see if I can get your example config to work. A few more questions: 1. Is there a way for external programs to determine immediately when a mail was just delivered into the mail files? 2. How can external programs manipulate the mail files (read the messages, delete, etc), and avoid race conditions with the exim process which also uses those files? This info is needed, because our software needs to hook into the exim mail life cycle at various points. Mainly for things like converting between email and non-email messaging systems. Basically, the idea is to use exim as the core engine which drives the rest of the logic, based on email received/forwarded/etc events. Thanks, David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
On Wed Jun 17, 2009 at 16:51:33 +0200, David wrote: This info is needed, because our software needs to hook into the exim mail life cycle at various points. Mainly for things like converting between email and non-email messaging systems. Basically, the idea is to use exim as the core engine which drives the rest of the logic, based on email received/forwarded/etc events. Have you considered using qpsmtpd instead? It is a plugin-based SMTP-server which would allow a lot more simple extensibility to fit into your non-standard usage. http://smtpd.develooper.com/ http://en.wikipedia.org/wiki/Qpsmtpd Steve -- Managed Anti-Spam Service http://mail-scanning.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
In 18c1e6480906170751s1156138ep8d3002b2528c3...@mail.gmail.com, David wrote: On Wed, Jun 17, 2009 at 3:53 PM, Douglas A. Tuttydtu...@vianet.ca wrote: Since this mail is coming from a trusted server, why not have a script on that server first check (via ssh) if the user exists? Or, have it send the mail blindly. If the user doesn't exist, exim bounces it back. the sending script then uses ssh to create the user on the target system. These would be other ways of adding accounts, yes. My main assumption is that exim gives a simple way to hook arbitrary scripts into it's logic at various points. That would be mostly wrong. What you *can* do is add custom routers (routers in exim are processed in order) that call weird transports (which are only called based on router evaluation) to perform some action based on the contents of the email and possibly feed the mail back into exim. (If you feed it back into exim, you'll probably want to add some header to prevent the mail from being processed by the same router/transport again.) Exim can certainly *do* what you want it to, but it will quite quite a bit of fairly advanced configuration. For that, you'll need to really learn exim. I suggest you join pkg-exim4-us...@lists.alioth.debian.org (LOW traffic) and ask your question there. While waiting for a reply, begin reading the exim4 documentation along-side the configuration generated by exim4-config. I recommend pkg-exim4-users because the standard exim4 list doesn't really like some of the Debianizations. I recommend reading the documentation along-side the Debian configuration because the Debian configuration is quite sizable.[1] You'll need to understand it to add to it, and it can also serve as an example of what you are reading about. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ [1] That's part of what allows exim4 on Debian to be so easy to configure via debconf. It's also what can *seem* to make Debian so hard to configure outside of debconf. (It's actually easy once you know the tricks the packagers provided.) signature.asc Description: This is a digitally signed message part.
Re: Automatically creating user accounts from exim
Thanks for the replies. I think what I'm going to do next is take a closer look at Qpsmtpd, since we'll probably need to do a fair amount of non-standard things on the mail servers, and it sounds like configuring exim to do those kinds of things could get very complicated. David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Automatically creating user accounts from exim
2009/6/17 David wizza...@gmail.com On Wed, Jun 17, 2009 at 3:53 PM, Douglas A. Tuttydtu...@vianet.ca wrote: Since this mail is coming from a trusted server, why not have a script on that server first check (via ssh) if the user exists? Or, have it send the mail blindly. If the user doesn't exist, exim bounces it back. the sending script then uses ssh to create the user on the target system. These would be other ways of adding accounts, yes. My main assumption is that exim gives a simple way to hook arbitrary scripts into it's logic at various points. Something like: /etc/exim4/incoming_mail.d/ And then I could drop a shell script in that directory, which would be called as the mail is received, to create the new accounts as needed, and then after calling the script, exim would see the user account it needs (so that it doesn't bounce the mail, and stores it instead). Or, if not the above, then something similar, where I could hook arbitrary logic into various points of the mail receiving logic. From your reply, I take it that there is no simple mechanism like that? We're exim newbies, so we don't really know the usual methods of tying external logic into exim. Are you sure that email is the best route at all for this traffic? Mail to non-existant user so that a script on a remote box can read the mail? Why not just rsync (or scp) over ssh a file containing the information? Or, have programmes at each end running with a socket between them? Or use have the target script put the output to stdout, pipe it through ssh to the receiving script taking it from stdin via a pipe from ssh? The overall system, is basically a messaging system (that doesn't only use email, so it's also a kind of gateway), where users send each other messages, and exim and the mail protocols provides a lot of logic that we'd otherwise need to re-implement, either ourselves from scratch, or by rigging various existing tools together (like, queuing messages when servers are temporarily offline, relaying, etc). The messaging system isn't a duck, but it walks and quacks a lot like one _. On Wed, Jun 17, 2009 at 3:53 PM, Eduardo M KALINOWSKIedua...@kalinowski.com.br wrote: Exim doesn't really make a distinction between real users and local users. It can check /etc/passwd (or some other database) for users, but it can also check a text file, a database, check for the existence of a file... Thanks for that info. I think the main idea with automatically adding users, is so that a standard exim config (which we don't really understand), will be able to deliver the mails instead of bouncing them. There isn't really a need for user accounts beyond that afaict. I'll see if I can get your example config to work. A few more questions: 1. Is there a way for external programs to determine immediately when a mail was just delivered into the mail files? 2. How can external programs manipulate the mail files (read the messages, delete, etc), and avoid race conditions with the exim process which also uses those files? This info is needed, because our software needs to hook into the exim mail life cycle at various points. Mainly for things like converting between email and non-email messaging systems. Basically, the idea is to use exim as the core engine which drives the rest of the logic, based on email received/forwarded/etc events. Thanks, David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org hi all, Exim should be able do what you want. i have a setup that does what you want with some differences. in my setup the users are stored in LDAP and the mail is actually stored and delivered using Cyrus IMAP. in my system, the user's Cyrus mailbox is created when they are sent mail and the following conditions exist, when the user exists in LDAP, the email has a special subject and the sender of the email has a special secure address. i don't see why the setup couldn't be changed to create the user and then deliver it to the mailbox with a bit of testing. if you want to continue trying it using Exim, contact me on list. bill
Re: Automatically creating user accounts from exim
On Wed, Jun 17, 2009 at 04:51:33PM +0200, David wrote: 1. Is there a way for external programs to determine immediately when a mail was just delivered into the mail files? You can monitor files for changes in timestamps or size, which is essentially what shells do to notify users of new email. Or you can use a dedicated tool like fileschanged, dnotify, or incron. 2. How can external programs manipulate the mail files (read the messages, delete, etc), and avoid race conditions with the exim process which also uses those files? If you want to avoid race conditions, all your tools either need to use locking, or you need to use a mailbox format like Maildir which is designed to prevent them without locking in the first place. Postfix and procmail can deliver to Maildir; I'm pretty sure exim can, too. -- Oh, look: rocks! -- Doctor Who, Destiny of the Daleks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
