exim4 utilisateur et domaines virtuels avec mysql

alexmath · Février 20, 2016, 6:56pm

ayant passé pas mal de temps pour mettre en place la gestion des utilisateurs et des domaines via une base mysql pour exim comme MTA et Dovecot comme MUA, voici les fichiers de config que j’utilise pour ces 2 outils ainsi que la structure des tables. a noter que les fichiers de config sont très dépouillé, peu voir aucun commentaire, et il n’y a aucun mécanisme de prévu pour le traitement du spam.
le fichier exim4.conf.template

[code]######################################################################

MAIN CONFIGURATION SETTINGS

######################################################################

MySQL defines

MYSQL_SERVER=localhost
MYSQL_USER= a completer
MYSQL_PASSWORD= a completer
MYSQL_DB= a completer
MYSQL_EMAILTABLE=emailtable
MYSQL_DOMAINTABLE=domaintable
MYSQL_DOMAINRTABLE=relaytable

MySQL queries

MYSQL_Q_ISAWAY=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND is_away=‘yes’
MYSQL_Q_AWAYTEXT=SELECT away_text FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_FORWARD=SELECT forward FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND forward != ‘‘
MYSQL_Q_CC=SELECT cc FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_LOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND box != ‘‘
MYSQL_Q_WCLOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’’ AND forward != ‘‘
MYSQL_Q_WCLOCFW=SELECT forward FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’’ AND forward != ‘‘
MYSQL_Q_LDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain=’$domain’
MYSQL_Q_RDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINRTABLE WHERE domain=’$domain’
MYSQL_Q_BOXNAME=SELECT box FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_DISABLED=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND is_enabled=‘no’
MYSQL_Q_AUTHPWD2=SELECT local_part FROM MYSQL_EMAILTABLE WHERE local_part=’$1’ AND password=MD5(’$2’)

MySQL connection

hide mysql_servers = “MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD”

starting ‘normal’ config

primary_hostname = mail.

domainlist local_domains = mysql;MYSQL_Q_LDOMAIN
domainlist relay_to_domains = mysql;MYSQL_Q_RDOMAIN
hostlist relay_from_hosts = 127.0.0.1

acl_smtp_rcpt = acl_check_rcpt

DCsmarthost = a completer

qualify_domain = a completer

qualify_recipient =

allow_domain_literals

never_users = root
#trusted_users = amavis : list

host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 15s

check_spool_space = 50M
check_log_space = 20M
return_size_limit = 20k
message_size_limit = 20M

sender_unqualified_hosts =

recipient_unqualified_hosts =

percent_hack_domains =

ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d

deliver_queue_load_max = 8
queue_only_load = 10
remote_max_parallel = 15

tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key
tls_advertise_hosts = *
UPEX4CmacrosUPEX4C = 1
######################################################################

ACL CONFIGURATION

Specifies access control lists for incoming SMTP mail

######################################################################

begin acl

acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.[@%!] : ^.*/\.\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted

######################################################################

ROUTERS CONFIGURATION

Specifies how addresses are handled

######################################################################

begin routers

fail_router:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_DISABLED}{$value}}
data = ":fail:"
allow_fail

smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = mailvirt
file_transport = address_file
pipe_transport = address_pipe

vacation_director:
driver = accept
domains = ${lookup mysql {MYSQL_Q_ISAWAY}{$value}}
transport = vacation_autoreply
unseen

virtual_cc_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_CC}{$value}}
unseen

virtual_forward_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_FORWARD}{$value}}

virtual_local_mailbox:
driver = accept
domains = ${lookup mysql {MYSQL_Q_LOCAL}{$value}}
transport = virtual_local_md_delivery

virtual_wclocal_redirect:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_WCLOCAL}{$value}}
data = ${lookup mysql {MYSQL_Q_WCLOCFW}{$value}}

######################################################################

TRANSPORTS CONFIGURATION

######################################################################

begin transports

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists{CONFDIR/passwd.client}
{
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}
}
{}
}

devnull_delivery:
driver = appendfile
file = /dev/null
group = mail

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

virtual_local_md_delivery:
driver = appendfile
directory = /home/mailvirt/$domain/${lookup mysql {MYSQL_Q_BOXNAME}{$value}}
maildir_format
user = 1001
group = 1001
mode = 0660
directory_mode = 0770

vacation_autoreply:
driver = autoreply
to = ${sender_address}
from = "vacation@${domain}"
subject = "Message absence ${local_part}@${domain}"
text = ${lookup mysql {MYSQL_Q_AWAYTEXT}{$value}}

devnull_transport:
driver = appendfile
file = /dev/null
user = mailvirt

######################################################################

RETRY CONFIGURATION

######################################################################

begin retry

Domain Error Retries

------ ----- -------

                 *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

######################################################################

REWRITE CONFIGURATION

######################################################################

There are no rewriting specifications in this default configuration file.

begin rewrite

######################################################################

AUTHENTICATION CONFIGURATION

######################################################################

There are no authenticator specifications in this default configuration file.

begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD1}{1}fail}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD2}{1}fail}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
[/code] Notez que l’usage de la conf avec ce fichier ne prend pas en compte ce qui est configuré via debconf (dpkg-reconfigure exim4-config). Notez aussi que j’utilise un relais smarthost pour l’envoi des mails.
Pour dovecot, le fichier dovecot.conf [code]## Dovecot configuration file

If you’re in a hurry, see http://wiki.dovecot.org/QuickConfiguration

#protocols = imap imaps
protocols = imap imaps

listen = *

disable_plaintext_auth = yes

Log file to use for error messages, instead of sending them to syslog.

/dev/stderr can be used to log into stderr.

log_path = /var/log/dovecot/dovecot.log

Log file to use for informational and debug messages.

Default is the same as log_path.

#info_log_path =

Prefix for each line written to log file. % codes are in strftime(3)

format.

#log_timestamp = "%b %d %H:%M:%S "
log_timestamp = "%Y-%m-%d %H:%M:%S "

ssl_disable = no

mail_location = maildir:/home/mailvirt/%d/%n

mail_privileged_group = mail

protocol imap {
mail_plugins = quota imap_quota
}

protocol managesieve {
sieve_storage=~/sieve
}

auth_verbose = yes

auth default {
mechanisms = plain

SQL database <doc/wiki/AuthDatabase.SQL.txt>

passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}

static settings generated from template <doc/wiki/UserDatabase.Static.txt>

userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
args = uid=1001 gid=1001 home=/home/mailvirt/%d/%n/
}

SQL database <doc/wiki/AuthDatabase.SQL.txt>

userdb sql {
# Path for SQL configuration file
args = /etc/dovecot/dovecot-sql.conf
}
user = root
}

dict {
#quota = mysql:/etc/dovecot-dict-quota.conf
}

Plugin settings

plugin {
quota = maildir
}[/code]
le fichier dovecot-sql.conf [code]# Database driver: mysql, pgsql, sqlite
driver = mysql

connect = host=localhost dbname=a-completer user=a-completer password=a-completer

default_pass_scheme = PLAIN-MD5

password_query = SELECT password FROM emailtable WHERE local_part = ‘%n’ AND domain = '%d’
user_query = SELECT concat(email, ‘@’, domain) AS user CONCAT(‘maildir:storage=’, quota) AS quota FROM emailtable WHERE local_part = ‘%n’[/code] et la structure des tables : [code]CREATE TABLE IF NOT EXISTS blacklist (
address varchar(50) NOT NULL default ‘’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE IF NOT EXISTS domaintable (
domain varchar(30) NOT NULL default ‘’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE IF NOT EXISTS emailtable (
local_part varchar(30) NOT NULL default ‘’,
domain varchar(30) NOT NULL default ‘’,
cc varchar(50) NOT NULL default ‘’,
forward varchar(50) NOT NULL default ‘’,
box varchar(7) NOT NULL default ‘’,
is_away enum(‘yes’,‘no’) NOT NULL default ‘no’,
away_text tinytext NOT NULL,
password varchar(32) NOT NULL,
is_enabled enum(‘yes’,‘no’) NOT NULL default ‘yes’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE IF NOT EXISTS relaytable (
domain varchar(50) NOT NULL default ‘’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

[/code]les mdp doivent etre hachés en md5 avant d’etre inséré dans la base. Je me suis basé la dessus :
xmn-berlin.de/~marte/exim/ex … sasin.html

fran.b · Février 20, 2016, 6:56pm

2 questions:

Sais tu comment limiter un scan par clamav aux mails entrant destinés à une liste de comptes donnés?
Idem pour le passage par spamassassin

Sous exim3, cela se faisait par un wrapper à clamav qui était appelé par exiscan et laq configuration

[code]# Spam Assassin
spamcheck_director:

do not use this director when verifying a local-part at SMTP-time

no_verify

When to scan a message :

- it isn’t already flagged as spam

- it isn’t already scanned

- it didn’t originate locally (as long as I don’t harbor spammers :-))

condition = “${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-s
canned}} {!eq {$received_protocol}{local}} } {1}{0}}”

et le compte est un compte local

require_files = /var/filtrespam/$local_part
driver = smartuser
transport = spamcheck

Fin de SpamAssassin

[/code]

alexmath · Février 20, 2016, 6:57pm

jusqu’à présent je ne me suis pas penché sur tout ce qui concerne le filtrage du spam et des virus dans les mails reçus par les domaines locaux, mais le sujet m’intéresse. Je vais te répondre par une voir plusieurs questions :
par rapport à ta première question, tu veux limiter le scan à une liste défini par toi, Sais -tu faire un scan sur tout ce qui entre ? si oui, il devrait suffire de créer un couple routeur transport qui vérifie si les mails qui arrive match la ou les conditions préalablement défini.

Autre possibilité, as-tu regardé du coté d’amavis pour faire la liaison entre le MTA et antispam/antivirus ? dans ce fichier de conf xmn-berlin.de/~marte/exim/exim4.conf.php ils utilisent amavis pour si j’ai bien compris scanner seulement si l’adresse de destination est dans la liste prédéfini. Peut-être une piste.

alexmath · Février 20, 2016, 8:17pm

mise à jour du fichier de conf principal d’exim, avec cette fois ci prise en compte de certaines valeurs renseignés dans le fichier update-exim4.conf.conf, via debconf ou à la main, notemment:
dc_eximconfig_configtype qui definit si on utilise un smarthost, ou si ou envoi directement sur le net
dc_smarthost l’adresse du smarthost. Le fichier complet : [code]######################################################################

MAIN CONFIGURATION SETTINGS

######################################################################

MySQL defines

MYSQL_SERVER=localhost
MYSQL_USER= a completer
MYSQL_PASSWORD= a completer
MYSQL_DB= a completer
MYSQL_EMAILTABLE=emailtable
MYSQL_DOMAINTABLE=domaintable
MYSQL_DOMAINRTABLE=relaytable

MySQL queries

MYSQL_Q_ISAWAY=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND is_away=‘yes’
MYSQL_Q_AWAYTEXT=SELECT away_text FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_FORWARD=SELECT forward FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND forward != ‘‘
MYSQL_Q_CC=SELECT cc FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_LOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND box != ‘‘
MYSQL_Q_WCLOCAL=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’’ AND forward != ‘‘
MYSQL_Q_WCLOCFW=SELECT forward FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’’ AND forward != ‘‘
MYSQL_Q_LDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain=’$domain’
MYSQL_Q_RDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINRTABLE WHERE domain=’$domain’
MYSQL_Q_BOXNAME=SELECT box FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}‘
MYSQL_Q_DISABLED=SELECT domain FROM MYSQL_EMAILTABLE WHERE domain=’${quote_mysql:$domain}’ AND local_part=’${quote_mysql:$local_part}’ AND is_enabled=‘no’
MYSQL_Q_AUTHPWD1=SELECT local_part FROM MYSQL_EMAILTABLE WHERE local_part=’$2’ AND password=MD5(’$3’)
MYSQL_Q_AUTHPWD2=SELECT local_part FROM MYSQL_EMAILTABLE WHERE local_part=’$1’ AND password=MD5(’$2’)

MySQL connection

hide mysql_servers = “MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD”

starting ‘normal’ config

primary_hostname = mail.

UPEX4CmacrosUPEX4C = 1
domainlist local_domains = mysql;MYSQL_Q_LDOMAIN
domainlist relay_to_domains = mysql;MYSQL_Q_RDOMAIN
hostlist relay_from_hosts = MAIN_RELAY_NETS

acl_smtp_rcpt = acl_check_rcpt

.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif

qualify_recipient =

allow_domain_literals

never_users = root
#trusted_users = amavis : list

host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 15s

check_spool_space = 50M
check_log_space = 20M
return_size_limit = 20k
message_size_limit = 20M

sender_unqualified_hosts =

recipient_unqualified_hosts =

percent_hack_domains =

ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d

deliver_queue_load_max = 8
queue_only_load = 10
remote_max_parallel = 15

tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key
tls_advertise_hosts = *
######################################################################

ACL CONFIGURATION

Specifies access control lists for incoming SMTP mail

######################################################################

begin acl

acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.[@%!] : ^.*/\.\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted

######################################################################

ROUTERS CONFIGURATION

Specifies how addresses are handled

######################################################################

begin routers

fail_router:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_DISABLED}{$value}}
data = ":fail:"
allow_fail

.ifdef DCconfig_internet

dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes

ignore private rfc1918 and APIPA addresses

ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :
255.255.255.255
no_more

.endif

.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more

.endif

.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more
.endif

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = mailvirt
file_transport = address_file
pipe_transport = address_pipe

vacation_director:
driver = accept
domains = ${lookup mysql {MYSQL_Q_ISAWAY}{$value}}
transport = vacation_autoreply
unseen

virtual_cc_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_CC}{$value}}
unseen

virtual_forward_director:
driver = redirect
data = ${lookup mysql {MYSQL_Q_FORWARD}{$value}}

virtual_local_mailbox:
driver = accept
domains = ${lookup mysql {MYSQL_Q_LOCAL}{$value}}
transport = virtual_local_md_delivery

virtual_wclocal_redirect:
driver = redirect
domains = ${lookup mysql {MYSQL_Q_WCLOCAL}{$value}}
data = ${lookup mysql {MYSQL_Q_WCLOCFW}{$value}}

######################################################################

TRANSPORTS CONFIGURATION

######################################################################

begin transports

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif

remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists{CONFDIR/passwd.client}
{
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}
}
{}
}

devnull_delivery:
driver = appendfile
file = /dev/null
group = mail

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

virtual_local_md_delivery:
driver = appendfile
directory = /home/mailvirt/$domain/${lookup mysql {MYSQL_Q_BOXNAME}{$value}}
maildir_format
user = 1006
group = 1006
mode = 0660
directory_mode = 0770

vacation_autoreply:
driver = autoreply
to = ${sender_address}
from = "vacation@${domain}"
subject = "Message absence ${local_part}@${domain}"
text = ${lookup mysql {MYSQL_Q_AWAYTEXT}{$value}}

devnull_transport:
driver = appendfile
file = /dev/null
user = mailvirt

######################################################################

RETRY CONFIGURATION

######################################################################

begin retry

Domain Error Retries

------ ----- -------

                 *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

######################################################################

REWRITE CONFIGURATION

######################################################################

There are no rewriting specifications in this default configuration file.

begin rewrite

######################################################################

AUTHENTICATION CONFIGURATION

######################################################################

There are no authenticator specifications in this default configuration file.

begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD1}{1}fail}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{MYSQL_Q_AUTHPWD2}{1}fail}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
######################################################################

CONFIGURATION FOR local_scan()

######################################################################

begin local_scan

End of Exim configuration file[/code]