Table-driven mail delivery

1. Design

We wish to build a mail server where the users do not each have entries in /etc/passwd. Not only does this keep the password file small, but it should make our system more secure. Also, some Unixes have a limit of 65,535 entries in /etc/passwd.

All our mail directories will be owned by one user (exim). The instructions for where to deliver mail will be held in a database file, which says how to deliver mail for a given incoming address - either to store it in a Maildir, or to forward it elsewhere.

At this stage, we will also introduce quotas. Quotas ensure that users cannot use more than a certain amount of disk space - those users who have set 'leave mail on server' will eventually have to download old mail to make space for new messages. We will send them a warning to let them know.

Actually, we require three database files. One is used to configure local_domains; keeping this in a database rather than directly in the configure file lets us scale to thousands of domains efficiently. The second is used to map actual E-mail addresses to the physical directory location on the disk. The third maps the physical directory to a quota value, although this can be set as a global default and overridden for "special cases" only.

This fully "table-driven" approach gives a lot of flexibility, if you are happy to maintain these database files!

2. Create the mail spool and database files

The mail spool is easy. Let's choose /u/mail (our /u partition has lots of space), and change its ownership so that only exim can access it. Exim will create subdirectories under here when it needs to.

# mkdir /u/mail
# chown exim:exim /u/mail
# chmod 700 /u/mail

Now we need to create the three database files.

# cd /usr/exim
# vi vdomains


# vi valiases

*   /u/mail/00/fred/
*    /u/mail/01/jim/

# vi mquota

/u/mail/00/fred/:        25000000

# cd /usr/exim
# bin/exim_dbmbuild vdomains vdomains.db
1 entry written
# bin/exim_dbmbuild valiases valiases.db
2 entries written
# bin/exim_dbmbuild mquota mquota.db
1 entry written

(In a production environment you would write a script to do the above commands). Check that the appropriate files have been created:

# ls /usr/exim
bin             mquota          valiases        vdomains
configure       mquota.db       valiases.db     vdomains.db

3. Test the configuration

Copy the new configure file to /usr/exim/configure-mx, then test it is doing database lookups correctly, as well as still being able to deliver remotely.

# exim -C /usr/exim/configure-mx -bt -> /u/mail/00/fred/
# exim -C /usr/exim/configure-mx -bt -> /u/mail/01/jim/
# exim -C /usr/exim/configure-mx -bt
  deliver to
  router = lookuphost, transport = remote_smtp
  host [] MX=10

Now deliver a message. We will turn on a little debugging (-d1) so you can see some of what is happening.

# exim -C /usr/exim/configure-mx -v -d1
Exim version 3.22 debug level 1 uid=0 gid=0
probably Berkeley DB version 1.8x (native mode)
Subject: test

test message
  <= U=root P=local S=329
bash# delivering message 14wB9p-000CJJ-00
  => /u/mail/00/fred/ <> D=valiases T=maildir_internal
# ls -lR /u/mail/00/fred
total 3
drwx------  2 exim  wheel  512 May  5 23:08 cur
drwx------  2 exim  wheel  512 May  5 23:08 new
drwx------  2 exim  wheel  512 May  5 23:08 tmp


total 1
-rw-------  1 exim  exim  400 May  5 23:08,S=400


You can see that the Maildir and its subdirectories have been created, and the message has been delivered; use 'cat' to read it. Try using higher debug levels (-d2...-d9) for more information about exim internal operation.

4. Notes on the configuration

Database lookups have been introduced in this configuration.

local_domains = partial2-dbm;/usr/exim/vdomains.db : localhost : @

The domain part of the address is checked by doing a dbm lookup in vdomains.db, or if it is not there, see if it matches the string "localhost" or the hostname of this mailserver itself. "partial2-dbm" is a dbm lookup which allows partial matches on domains. For example, when looking up "" the following lookups are attempted:

The '2' means that at least two domain portions must remain, so that '*.com' does not match for example.

Another dbm lookup is done in the valiases director, this time using the aliasfile's lookup facility (search_type and file). The lookup type here is dbm*@, meaning "lookup in the dbm file, and if there is no match, replace everything to the left of @ with *".

  driver = aliasfile
  search_type = dbm*@
  file = /usr/exim/valiases.db

  # For alias entries /which/look/like/this/, we deliver directly to a
  # Maildir at this location. Hide this path in any bounce messages though.
  directory_transport = maildir_internal

Finally, there is a database lookup in the transport which drops the message into a maildir. We set the value of the 'quota' attribute using an expansion string which uses the ${lookup} operator, whose syntax for this type of lookup is ${lookup{key}type{file}{matchval}{failval}}

  maildir_tag = ,S=$message_size
  quota_size_regex = ,S=(\d+)

  # Quota handling
  quota = ${lookup{$address_file}dbm{/usr/exim/mquota.db}{$value}{DEFQUOTA}}

This last example gives an idea of how flexible Exim is, because there are many places in the configuration where expansion strings like this can be used to look up information from elsewhere.

We have also introduced a trick for efficient quota handling. 'maildir_tag' makes Exim encode the size of the file within the filename, as ,S=nnn, and 'quota_size_regex' tells Exim how to retrieve it from the filename. This saves Exim a lot of work when calculating quotas; it just has to do a readdir() to list the directory contents, without having to do a stat() on every single file to get its size. This only works because the users do not have accounts on the box (otherwise, they would be able to rename the files to get round the quota limits)