Open rimas-kudelis opened 8 years ago
Udera
commented
8 years ago Didn't we already simplify the documentation where the exim user for local deliveries isn't set by default any more. And we only enable the use of /etc/aliases to forward system mails to virtual users?
Mail to local users is probably not used by many people so we don't need that enabled by default. However, your problem shouldn't have happened either. We shouldn't accept mails from external where not valid domain is used.
rimas-kudelis
commented
8 years ago This is not about setting the exim user. The issue was that if you have a local user joe, and domain example.org configured in Vexim, Exim would accept emails to joe@example.org even if there is no such virtual user, and route them to the local user's mailbox.
Udera
commented
8 years ago So if local users are used, we probably want to use a dedicated domain for local users?
rimas-kudelis
commented
8 years ago in my config, the domainlist for such users is @ : localhost. I think this is a good choice
Udera
commented
8 years ago You have this in the localuser router?
rimas-kudelis
commented
8 years ago yes
Udera
commented
8 years ago Let's put it in there. If someone decides to use a specific domain for this, he must add this domain manually.
rimas-kudelis
commented
7 years ago Hm, I've created a separate domainlist called local_user_domains for this, but at least on Debian, this requires editing all stock Debian routers to replace domains = +local_domains with domains = local_user_domains.
I've got another idea: perhaps it would be better for us to create a separate new domainlist for the domains Vexim serves, and leave local_domains alone. In such case, it seems the only thing the user would have to edit is the acl_check_rcpt section, which is put in a single file both in split and non-split config modes. And even there, the only place the user would really have to amend is the following block:
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
I had an issue previously where emails for users which weren't specified for a particular domain, but existed in local system, were delivered to these local users. I think this is quite unexpected and we should not do this. Objections?