--- a/.hgsubstate Fri May 09 13:36:29 2014 +0200
+++ b/.hgsubstate Fri May 09 16:55:18 2014 +0200
@@ -1,2 +1,2 @@
-d284a1beb267de3a87c9d766bea7c7360a01fda1 emig
-327049f04783e46ded8c8cc5ad62fd6927aba594 smart-config
+04b3ed996d32a360a3f680391d4b265ea3b9e7dc emig
+947cbd7e455c104678e33af49ada30e3f9fb47a3 smart-config
--- a/Makefile Fri May 09 13:36:29 2014 +0200
+++ b/Makefile Fri May 09 16:55:18 2014 +0200
@@ -3,7 +3,7 @@
DIA = $(wildcard dia/*.dia)
TT = $(wildcard *.tt)
-CONF = $(wildcard *.conf)
+CONF = $(wildcard conf/*.conf)
FRAMES = $(wildcard frames/*tex)
IMAGES = $(notdir $(DIA:.dia=.pdf))
@@ -12,7 +12,7 @@
all: $(ALL)
clean:
rubber -d --clean mk2014.tex
- -rm -f *.vrb $(PDF)
+ -rm -f *.vrb $(IMAGES)
mk2014.pdf: mk2014.tex $(IMAGES) $(FRAMES) $(TT) $(CONF)
--- a/acl.conf Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-begin acl
-
- acl_check_connect:
-
- deny ratelimit = 10/1m
- log_message = $sender_rate/$sender_rate_period > $sender_rate_limit
-
- accept
-
- acl_check_rcpt:
-
- accept domains = +local_domains
- local_parts = postmaster
-
- require message = sender verification failed
- verify = sender
-
- accept authenticated = *
-
- require message = relaying denied
- domains = +local_domains
-
- require message = recipient verification failed
- verify = recipient
-
- accept
-
- acl_check_data:
-
- deny message = sorry, $malware_name
- malware = *
-
- deny message = sorry, filtered
- spam = nobody
- condition = ${if >={$spam_score_int}{60}}
-
- accept
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/acl.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,39 @@
+begin acl
+
+ acl_check_connect:
+
+ deny ratelimit = 10/1m
+ log_message = $sender_rate/$sender_rate_period > $sender_rate_limit
+
+ accept
+
+ acl_check_rcpt:
+
+ accept domains = +local_domains
+ local_parts = postmaster
+
+ require message = sender verification failed
+ verify = sender
+
+ accept authenticated = *
+
+ require message = relaying denied
+ domains = +local_domains
+
+ require message = recipient verification failed
+ verify = recipient
+
+ accept
+
+ acl_check_data:
+
+ deny message = sorry, $malware_name
+ malware = *
+
+ deny message = sorry, filtered
+ spam = nobody
+ condition = ${if >={$spam_score_int}{60}}
+
+ accept
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/emig-transport.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,6 @@
+begin transports
+
+ remote_smtp:
+ driver = smtp
+ hosts_require_tls = dsearch;/etc/exim4/emig.d/certs
+ tls_verify_certificates = /etc/exim4/emig.d/certs/$host
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/global.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,2 @@
+ALIASES = /etc/aliases
+domainlist local_domains = localhost : @[]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/minimal.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,26 @@
+begin routers
+
+ remote:
+ driver = dnslookup
+ domains = !+local_domains
+ transport = remote_smtp
+ more = no
+
+ alias:
+ driver = redirect
+ require_files = ALIASES
+ data = ${lookup{$local_part}lsearch{ALIASES}}
+
+ mbox:
+ driver = accept
+ check_local_user
+ transport = mbox
+
+begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ mbox:
+ driver = appendfile
+ file = /var/mail/$local_part
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/routers.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,18 @@
+
+begin routers
+
+ remote:
+ driver = dnslookup
+ domains = !+local_domains
+ transport = remote_smtp
+ more = no
+
+ alias:
+ driver = redirect
+ require_files = ALIASES
+ data = ${lookup{$local_part}lsearch{ALIASES}}
+
+ mbox:
+ driver = accept
+ check_local_user = yes
+ transport = local_mbox
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/transports.conf Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,8 @@
+begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ local_mbox:
+ driver = appendfile
+ file = /var/mail/$local_part
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/frames/emig.tex Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,18 @@
+\subsection{EmiG}
+\begin{frame}[<+->][fragile]{Beispiel}{Emig}
+\begin{block}{Aufgabenstellung}
+Es existiere ein JSON-File, in dem je MX-Host die
+SSL-Zertifikatsinformation liegt. Nun soll Exim, wenn er sich mit einem
+dieser Hosts verbindet, prüfen, ob das korrekte Zertifikat präsentiert
+wird.
+\end{block}
+\begin{block}{Lösung}
+\begin{itemize}
+ \item Perl-Script generiert aus dem mxinfra.json-File eine Ordnerstruktur
+ mit Zertifikaten \verb=emig.d/certs/<hostname>=
+ \item Transport prüft das Zertifikat zum aktuellen Ziel-Host
+ \verbatiminput{conf/emig-transport.conf}
+\item Bitte? Ja, ich glaube, das ist Very Poor Mans DANE.
+\end{itemize}
+\end{block}
+\end{frame}
--- a/frames/konfiguration.tex Fri May 09 13:36:29 2014 +0200
+++ b/frames/konfiguration.tex Fri May 09 16:55:18 2014 +0200
@@ -8,9 +8,9 @@
\item Beispiel-Konfig \verb=example.conf.gz= als Ausgangspunkt
\item \verb=exim -bV= listet die verwendete Konfigurationsdatei und
einkompilierte Features
- \begin{scriptsize}
+ \begin{small}
\ttinput{exim_bV.tt}
- \end{scriptsize}
+ \end{small}
\end{itemize}
\end{frame}
@@ -21,7 +21,7 @@
miteinander verlinkt (Router referenziert Tranports, globaler Teil
referenziert ACL)
\pause
-\begin{scriptsize}
+\begin{small}
\begin{verbatim}
…
begin acl
@@ -29,7 +29,8 @@
begin routers
…
\end{verbatim}
-\end{scriptsize}
+\end{small}
+\pause
\begin{description}
\item[global] knapp 240 allgemeine Direktiven
\item[acl] Access Control Lists für SMTP
@@ -44,7 +45,7 @@
\subsection{Syntax}
\begin{frame}[fragile]{Konfiguration}{Syntax}
-\begin{exampleblock}{Macros, Kommentar, lange Zeilen}
+\begin{block}{Macros, Kommentar, lange Zeilen}
\begin{verbatim}
# Super!
CF = /etc/exim4/
@@ -55,7 +56,7 @@
…
def:received_for {\n\tfor $received_for}}
\end{verbatim}
-\end{exampleblock}
+\end{block}
\pause
Der Rest ist einfach :)
\begin{alltt}
@@ -83,8 +84,8 @@
\item[Operatoren] \verb=${md5:$local_part}=, \verb=${uc:$domain}=
\item[Manipulation] \verb=${sg{$local_part}{.laus}{XXX}}=
\item[Bedingungen] \verb=${if eq{$local_part}{x}{~/mbox}{~/.mail}}=
-\item[Lookup/Key] \verb=${lookup{$local_part}lsearch{/etc/aliases}}=
-\item[Lookup/Query] \verb+${lookup dnsdb{mx=example.com}}+
+\item[Key-Lookup] \verb=${lookup{$local_part}lsearch{/etc/aliases}}=
+\item[Query-Lookup] \verb+${lookup dnsdb{mx=example.com}}+
\end{description}
\end{frame}
@@ -98,7 +99,7 @@
${perl{<sub>}[{<arg>}…]}
\end{verbatim}
\pause
-\begin{exampleblock}{Greylisting}
+\begin{block}{Greylisting}
\begin{verbatim}
GREYKEY = $sender_address/$local_part@$domain
perl_startup = do '/etc/exim4/exim-exigrey.pl'
@@ -110,7 +111,7 @@
defer condition = ${perl{unseen}{GREYKEY}{1d}}
…
\end{verbatim}
-\end{exampleblock}
+\end{block}
\end{frame}
--- a/frames/routing.tex Fri May 09 13:36:29 2014 +0200
+++ b/frames/routing.tex Fri May 09 16:55:18 2014 +0200
@@ -36,8 +36,8 @@
host example.com [2606:2800:220:6d:26bf:1447:1097:aa7]
host example.com [93.184.216.119]
\pause
-\begin{scriptsize}
+\scriptsize{
\input{routingremote.tt}
-\end{scriptsize}
+}
\end{alltt}
\end{frame}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/frames/smart.tex Fri May 09 16:55:18 2014 +0200
@@ -0,0 +1,92 @@
+\subsection{Viele Smarthosts}
+
+\begin{frame}[<+->][fragile]{Beispiel}{Smarthost - Vorversuche}
+\begin{block}{Aufgabe}
+Wir haben mehrere Smarthosts und müssen je nach Sender-Adresse über
+einen anderen Smarthost versenden.
+\end{block}
+\begin{scriptsize}
+\verbatiminput{smart-config/smarthosts.example}
+\end{scriptsize}
+\begin{block}{Lösung}
+Wir müssen beim Routing die Sender-Adresse als Kriterium verwenden, nicht die Zieladresse!
+\begin{alltt}
+ $ exim -be\pause
+ > $\{lookup\{foo@example.org\}lsearch*@\{smarthosts\}\{$value\}\}
+ smtp.km21.com km433221 zecrit\pause
+ > $\{sg\{smtp.km21.com km433221 zecrit\}\{\BS\BS{}s+\}\{\BS{}t\}\}
+ smtp.km21.com km433221 secrit\pause
+ > $\{extract\{1\}\{\BS{}t\}\{smtp.km21.com km433221 secrit\}\}
+ smtp.km21.com\pause
+\pause
+\end{alltt}
+\end{block}
+\end{frame}
+
+\begin{frame}[<+->][fragile]{Beispiel}{Viele Smarthosts - Config}
+Das kann jetzt schön in Macros verpackt werden, damit es übersichtlich
+wird:
+\begin{verbatim}
+ ADDRESS_DATA = ${lookup{foo@example.org}\
+ lsearch*@{smarthosts}\
+ {${sg{$value}{\\s+}{\t}}}}
+ SMARTHOST = ${extract{1}{\t}{$address_data}}
+ USER = ${extract{2}{\t}{$address_data}}
+ PASS = ${extract{3}{\t}{$address_data}}
+\end{verbatim}
+\end{frame}
+
+\begin{frame}[<+->][fragile]{Beispiel}{Viele Smarthosts - Config 2}
+\begin{small}
+\begin{verbatim}
+ begin routers
+
+ smarthosts:
+ driver = manualroute
+ address_data = ADDRESS_DATA
+ route_data = SMARTHOST
+ transport = smtpa
+ no_more
+
+ begin transports
+
+ smtpa:
+ driver = smtp
+ port = submission
+ hosts_require_auth = *
+
+ begin authenticators
+
+ plain:
+ driver = plaintext
+ public_name = PLAIN
+ client_send = ^USER^PASS
+\end{verbatim}
+\end{small}
+\end{frame}
+
+\begin{frame}[<+->][fragile]{Beispiel}{Viele Smarthosts - Test}
+Das Routing können wir wieder relativ einfach testen:
+\pause
+\begin{alltt}
+$ exim -f hans@example.com -t nobody@discworld.com
+nobody@discworld.com
+ router = smarthosts, transport = smtpa
+ host mx.freenet.de [2001:748:100:40::8:112] port=25
+ host mx.freenet.de [195.4.92.212] port=25
+\pause
+$ exim -f fred@example.com -t …
+nobody@nowhere
+ router = smarthosts, transport = smtpa
+ host ssl.schlittermann.de [212.80.235.130]
+\pause
+$ exim -f fred@foobar.com -t …
+nobody@nowhere
+ router = smarthosts, transport = smtpa
+ host smtp.km21.com [54.209.129.218]
+\end{alltt}
+
+Und natürlich haben wir die ganzen Debug-Optionen noch, für
+Expansion, DNS, …
+
+\end{frame}
--- a/frames/smarthost.tex Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-\section{Beispiel}
-\subsection{Viele Smarthosts}
-
-\begin{frame}{Beispiel}{Smarthost}
-\begin{block}{Aufgabe}
-Wir haben mehrere Smarthosts und müssen je nach Sender-Adresse über
-einen anderen Smarthost versenden.
-\end{block}
-\begin{scriptsize}
-\verbatiminput{smart-config/smarthosts.example}
-\end{scriptsize}
-
-\begin{block}{Routing}
-Wir müssen beim Routing die Sender-Adresse als Kriterium
-verwenden, nicht die Zieladresse!
-\end{block}
-\end{frame}
-
-
-# some macros to ease the understanding
-ADDRESS_DATA = ${sg{${lookup{$sender_address}lsearch*@{SMARTHOSTS}}}{\\s+}{\t}}
-SMARTHOST = ${extract{1}{\t}{$address_data}}
-USER = ${extract{2}{\t}{$address_data}}
-PASS = ${extract{3}{\t}{$address_data}}
-
-domainlist local_domains = @
-
-begin router
-
-# the first router routes according the sender_address
-smarthosts:
- driver = manualroute
- address_data = ADDRESS_DATA
- route_data = SMARTHOST
- transport = smtp_auth
-
-# in case you don't have a '*' line in your smarthosts file
-
-dnslookup:
- driver = dnslookup
- domains = !+local_domains
- transport = smtp
- no_more
-
-begin transport
-
-smtp_auth:
- driver = smtp
- port = submission
- hosts_require_auth = *
-
-smtp:
- driver = smtp
-
-begin authenticators
-
-plain:
- driver = plaintext
- public_name = PLAIN
- client_send = ^USER^PASS
-
-login:
- driver = plaintext
- public_name = LOGIN
- client_send = :USER:PASS
--- a/global.conf Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-ALIASES = /etc/aliases
-domainlist local_domains = localhost : @[]
-
-acl_smtp_connect = acl_check_connect
-acl_smtp_rcpt = acl_check_rcpt
-acl_smtp_data = acl_check_data
--- a/minimal.conf Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-begin routers
-
- remote:
- driver = dnslookup
- domains = !+local_domains
- transport = remote_smtp
- more = no
-
- alias:
- driver = redirect
- require_files = ALIASES
- data = ${lookup{$local_part}lsearch{ALIASES}}
-
- mbox:
- driver = accept
- check_local_user
- transport = mbox
-
-begin transports
-
- remote_smtp:
- driver = smtp
-
- mbox:
- driver = appendfile
- file = /var/mail/$local_part
--- a/mk2014.tex Fri May 09 13:36:29 2014 +0200
+++ b/mk2014.tex Fri May 09 16:55:18 2014 +0200
@@ -12,6 +12,7 @@
\author[H. Schlittermann]{Heiko Schlittermann}
\institute{schlittermann - internet \& unix support, Dresden}
+\newcommand{\BS}{$\backslash$}
\newcommand{\B}{$\hookleftarrow$}
\newcommand{\ttinput}[1]{%
\begin{alltt}%
@@ -48,7 +49,9 @@
% \input{frames/acl.tex}
% -- Example Emil
-\input{frames/emil.tex}
+\section{Beispiele}
+\input{frames/emig.tex}
+\input{frames/smart.tex}
% -- Example multiple smarthosts
% \input{frames/smarthost.tex}
--- a/routers.conf Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-
-begin routers
-
- remote:
- driver = dnslookup
- domains = !+local_domains
- transport = remote_smtp
- more = no
-
- alias:
- driver = redirect
- require_files = ALIASES
- data = ${lookup{$local_part}lsearch{ALIASES}}
-
- mbox:
- driver = accept
- check_local_user = yes
- transport = local_mbox
--- a/transports.conf Fri May 09 13:36:29 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-begin transports
-
- remote_smtp:
- driver = smtp
-
- local_mbox:
- driver = appendfile
- file = /var/mail/$local_part