Commit | Line | Data |
---|---|---|
185b5456 MW |
1 | ### -*-m4-*- |
2 | ### | |
3 | ### Transmission to remote hosts for distorted.org.uk Exim configuration. | |
4 | ### | |
5 | ### (c) 2012 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This program is free software; you can redistribute it and/or modify | |
11 | ### it under the terms of the GNU General Public License as published by | |
12 | ### the Free Software Foundation; either version 2 of the License, or | |
13 | ### (at your option) any later version. | |
14 | ### | |
15 | ### This program is distributed in the hope that it will be useful, | |
16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ### GNU General Public License for more details. | |
19 | ### | |
20 | ### You should have received a copy of the GNU General Public License | |
21 | ### along with this program; if not, write to the Free Software Foundation, | |
22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
23 | ||
24 | ###-------------------------------------------------------------------------- | |
25 | ### Listen for incoming connections. | |
26 | ||
d411be33 MW |
27 | SECTION(global, daemon)m4_dnl |
28 | daemon_smtp_ports = CONF_smtp_port : CONF_submission_port | |
29 | ||
185b5456 MW |
30 | DIVERT(null) |
31 | ###-------------------------------------------------------------------------- | |
32 | ### Check source addresses for apparently local senders. | |
33 | ||
34 | SECTION(acl, mail-hooks)m4_dnl | |
35 | ## Check that a submitted message's sender address is allowable. | |
36 | require acl = mail_client_addr | |
37 | ||
185b5456 MW |
38 | SECTION(acl, misc)m4_dnl |
39 | mail_client_addr: | |
40 | ||
41 | ## If this is a message submission then that's handled elsewhere. | |
42 | accept condition = ${if eq{$acl_c_mode}{submission}} | |
43 | ||
fd37fad5 MW |
44 | ## Make sure that the sender matches the client address. I feel like |
45 | ## I want to reject these, but that will break stuff. For example, | |
46 | ## if I send mail to an externally hosted address which is really a | |
47 | ## distribution list containing some local address, then we'll | |
48 | ## (approximately legitimately) receive mail with an apparently-local | |
49 | ## sender from a remote host. | |
50 | warn !hosts = ${LOOKUP_DOMAIN($sender_address_domain, | |
185b5456 MW |
51 | {KV(hosts, {$value}{+allnets})}, |
52 | {${if match_domain {$sender_address_domain} \ | |
53 | {+public} \ | |
54 | {+allnets}{! +allnets}}})} | |
61295d9c MW |
55 | WARNING_HEADER(RCLNTLSNDR, |
56 | <:Apparently local sender, but received from remote \ | |
57 | server.\n\t\ | |
58 | sender=$sender_address \ | |
59 | host=$sender_host_address:>) | |
185b5456 MW |
60 | |
61 | ## OK. | |
62 | accept | |
63 | ||
64 | DIVERT(null) | |
65 | ###-------------------------------------------------------------------------- | |
9a361f76 MW |
66 | ### Rename locally-meaningful headers in mail from outside. |
67 | ||
68 | m4_define(<:DISTORTED_HEADERS:>, | |
61295d9c | 69 | <:X-CONF_header_token-SpamAssassin-Score, |
9a361f76 MW |
70 | X-CONF_header_token-SpamAssassin-Status:>) |
71 | ||
72 | SECTION(acl, data)m4_dnl | |
73 | ## If this message is coming from outside then rename headers which | |
74 | ## look like the ones we're likely to add. This is most relevant for | |
75 | ## our spam-report headers, because I'm not sure I understand why | |
76 | ## someone would want to fake an X-Distorted-Warning header. | |
77 | warn !condition = ${if eq{$acl_c_mode}{submission}} | |
78 | !hosts = +allnets | |
79 | set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}}\ | |
80 | RENAME_HEADERS_ADD(<:DISTORTED_HEADERS:>) | |
81 | set acl_m_hdrrm = ${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\ | |
82 | RENAME_HEADERS_REMOVE(<:DISTORTED_HEADERS:>) | |
83 | ||
84 | DIVERT(null) | |
85 | ###-------------------------------------------------------------------------- | |
185b5456 MW |
86 | ### The obvious trivial router. |
87 | ||
88 | SECTION(routers, remote)m4_dnl | |
89 | ## Send mail on to a host in our own network. We must apply extra security. | |
90 | local: | |
91 | driver = dnslookup | |
4806403d MW |
92 | domains = ${if bool {${LOOKUP_DOMAIN($domain, |
93 | {KV(service, {$value}{true})}, | |
94 | {false})}} \ | |
95 | {}{ ! +public : \ | |
96 | CONF_master_domain : \ | |
97 | *.CONF_master_domain }} | |
185b5456 | 98 | self = fail |
b96f02cf MW |
99 | same_domain_copy_routing = yes |
100 | ignore_target_hosts = +bogus | |
185b5456 MW |
101 | transport = smtp_local |
102 | no_more | |
103 | ||
104 | ## Send mail on to unknown hosts. | |
105 | remote: | |
106 | driver = dnslookup | |
4806403d MW |
107 | domains = ${if bool {${LOOKUP_DOMAIN($domain, |
108 | {KV(service, {$value}{true})}, | |
109 | {false})}} \ | |
110 | {}{ ! +public }} | |
185b5456 | 111 | self = fail |
b96f02cf MW |
112 | same_domain_copy_routing = yes |
113 | ignore_target_hosts = +bogus_public | |
185b5456 MW |
114 | transport = smtp |
115 | no_more | |
116 | ||
117 | DIVERT(null) | |
118 | ###----- That's all, folks -------------------------------------------------- |