Add documentation for Exim integration

[racke]

This is missing and causing a 404: https://sympa-community.github.io/manual/install/configure-mail-server-exim.md.

[racke]

Started a branch: https://github.com/racke/sympa-community.github.io/tree/pr/exim-integration

[thegcat]

For reference, this is the exim setup we use:

SYMPA_EXPL    = /var/lib/sympa/list_data
SYMPA_ROBOT   = /etc/sympa
SYMPA_QUEUE   = /usr/lib/sympa/bin/queue
SYMPA_BOUNCE  = /usr/lib/sympa/bin/bouncequeue

SYMPA_DOMAINS = lists.example.com
domainlist sympa_domains = SYMPA_DOMAINS


begin routers

# These routers handle sympa mailinglist mails

sympa_command:
  debug_print = "R: sympa_command for $local_part@$domain"
  driver = accept
  domains = +sympa_domains
  local_parts = sympa : listmaster
  require_files = +SYMPA_ROBOT/${lc::$domain}/robot.conf
  retry_use_local_part
  transport = sympa_command

sympa_request_or_owner:
  debug_print = "R: sympa_request_or_owner for ${local_part}${local_part_suffix}@$domain"
  driver = redirect
  domains = +sympa_domains
  local_parts = sympa
  local_part_suffix = -request : -owner
  require_files = +SYMPA_ROBOT/${lc::$domain}/robot.conf
  retry_use_local_part
  data = postmaster@$domain

sympa_arf_or_bounce:
  debug_print = "R: sympa_arf_or_bounce for $local_part@$domain"
  driver = accept
  domains = +sympa_domains
  local_parts = abuse-feedback-report : bounce
  require_files = +SYMPA_ROBOT/${lc::$domain}/robot.conf
  retry_use_local_part
  transport = sympa_bounce

sympa_list_owner:
  debug_print = "R: sympa_list_owner for ${local_part}${local_part_suffix}@$domain"
  driver = accept
  domains = +sympa_domains
  local_part_suffix = -owner
  require_files = +SYMPA_EXPL/${lc::$domain}/${local_part}/config
  retry_use_local_part
  transport = sympa_bounce

sympa_list_bounce:
  debug_print = "R: sympa_list_bounce for ${local_part_prefix}${local_part}@$domain"
  driver = accept
  domains = +sympa_domains
  local_part_prefix = bounce+
  require_files = +SYMPA_ROBOT/${lc::$domain}/robot.conf
  retry_use_local_part
  transport = sympa_bounce

sympa_list_queue:
  debug_print = "R: sympa_list_queue for ${local_part}${local_part_suffix}@$domain"
  driver = accept
  domains = +sympa_domains
  local_part_suffix_optional
  local_part_suffix = -request : -editor : -subscribe : -unsubscribe
  require_files = +SYMPA_EXPL/${lc::$domain}/${local_part}/config
  retry_use_local_part
  transport = sympa_queue


begin transport

# These transports are used for passing messages to sympa

sympa_command:
  driver = pipe
  command = "SYMPA_QUEUE ${local_part}\@$domain"
  return_fail_output
  user = sympa

sympa_queue:
  driver = pipe
  command = "SYMPA_QUEUE ${local_part}${local_part_suffix}\@$domain"
  return_fail_output
  user = sympa

sympa_bounce:
  driver = pipe
  command = "SYMPA_BOUNCE ${local_part_prefix}${local_part}\@$domain"
  return_fail_output
  user = sympa

From what I understand of what sympa needs this should cover all the addresses also covered for example in https://sympa-community.github.io/manual/install/configure-mail-server-opensmtpd.html

Please note that the user exim runs as will need read access to different parts of the exim data tree for this to work, we achieved this by adding the user exim runs as to the sympa group.

[grizzlyfute]

Hello.
I have written a documentation for solving this issue. Exim configuration is simpler as suggested thegcat. Some point may be improved, but works on my Debian.
See pull request #90

[ikedas]

Just one point:

The manual page says that return_path_add in pipe transport should be set so that Return-Path field will be prepended to the message. I'd appreciate it if you could take this into consideration.

[racke]

@ikedas Thanks, I'm going to test that out.

[dpc22]

A complication is that the following no longer works in Exim 4.96:

command = "SYMPA_QUEUE ${local_part}${local_part_suffix}\@$domain"

because Exim is paranoid about passing "tainted" values into shell commands. The solution is to use "dsearch" directory lookups to match ${local_part} against existing lists on the system. This populates an untainted variable $local_part_data.

Here is the configuration that I am successfully using with Exim 4.96 (which should also work with older versions of Exim):

SYMPA_EXPL      = /var/lib/sympa/list_data
SYMPA_QUEUE     = /usr/libexec/sympa/queue
SYMPA_BOUNCE    = /usr/libexec/sympa/bouncequeue

# Need to use dsearch to pass taint checks in Exim 4.96
# This lookup defines (untainted) $local_part_data when it matches.
SYMPA_DSEARCH    = ${lookup {$local_part} dsearch {SYMPA_EXPL}} 

begin routers
sympa_command:
  driver    = accept
  local_parts = sympa
  retry_use_local_part
  transport = sympa_command

# $local_part_suffix automatically untainted as matching against fixed list of values
sympa_queue:
  driver = accept
  local_parts = SYMPA_DSEARCH
  local_part_suffix_optional
  local_part_suffix = -request : -editor : -subscribe : -unsubscribe
  retry_use_local_part
  transport = sympa_queue

# NB: Vanilla Sympa uses -owner for return path
sympa_bounces:
  driver = accept
  local_parts       = SYMPA_DSEARCH
  local_part_suffix = -bounces
  retry_use_local_part
  transport = sympa_bounce

# VERP looks like: bounce+dpc22==a==cam.ac.uk==test-dpc22@lists.cam.ac.uk
# Can't sensibly detaint that. Fortunately we don't have to.
# See sympa_bounce_verp transport for detail.

sympa_prefix_bounce:
  driver = accept
  local_part_prefix = bounce+
  retry_use_local_part
  transport = sympa_bounce_verp

begin transports
sympa_command:
  driver = pipe
  command = SYMPA_QUEUE sympa@lists.cam.ac.uk
  return_fail_output
  user  = sympa
  group = sympa

sympa_queue:
  driver = pipe
  command = SYMPA_QUEUE ${local_part_data}${local_part_suffix}@lists.cam.ac.uk
  return_fail_output
  # MLM will break existing DKIM signature without ARC signing
  headers_remove = DKIM-Signature
  user  = sympa
  group = sympa

# SYMPA_BOUNCE is actually looking at the To: header in message body.
#
# argv[1] just assigns a convenient filename in /var/spool/sympa/bounce
# Only reason for listname is to group msgs in /var/spool/sympa/bounce/bad/
# Consequently we don't need detaint ${local_part} for VERP bounces.

sympa_bounce:
  driver = pipe
  command = SYMPA_BOUNCE ${local_part_data}@lists.cam.ac.uk
  return_fail_output
  user  = sympa
  group = sympa

sympa_bounce_verp:
  driver = pipe
  command = SYMPA_BOUNCE sympa@lists.cam.ac.uk
  return_fail_output
  user  = sympa
  group = sympa

[dpc22]

${domain} is also tainted. I don't have to worry about that as I only have a single domain to play with, lists.cam.ac.uk

[racke]

@dpc22 thanks for the update. Exim 4.94 is also affected.

[dpc22]

Tainting was first introduced in 4.94. The following still worked in 4.95:

command = "SYMPA_QUEUE ${local_part}${local_part_suffix}\@$domain"

but was broken by the following change in 4.96:

JH/25 Taint-check exec arguments for transport-initiated external processes.
      Previously, tainted values could be used.  This affects "pipe", "lmtp" and
      "queryprogram" transport, transport-filter, and ETRN commands.
      The ${run} expansion is also affected: in "preexpand" mode no part of
      the command line may be tainted, in default mode the executable name
      may not be tainted.

as I discovered (the hard way!) on upgrading to 4.96 earlier this week:

2022-07-11 06:32:30 +0100 1oAm22-000DXm-0O
        ** test-dpc22@lists.cam.ac.uk
        F=<dpc22@cam.ac.uk> P=<dpc22@cam.ac.uk>
        R=sympa_queue T=sympa_queue: Tainted arg 1
        for sympa_queue
            transport
            command:
            'test-dpc22@lists.cam.ac.uk'
            DT=0s

[ikedas]

PR #90 has been merged. Thank you for infomation!