| 1 | ### -*-m4-*- |
| 2 | ### |
| 3 | ### Transmission to remote hosts for distorted.org.uk Exim configuration. |
| 4 | ### |
| 5 | ### (c) 2012 Mark Wooding |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This program is free software; you can redistribute it and/or modify |
| 11 | ### it under the terms of the GNU General Public License as published by |
| 12 | ### the Free Software Foundation; either version 2 of the License, or |
| 13 | ### (at your option) any later version. |
| 14 | ### |
| 15 | ### This program is distributed in the hope that it will be useful, |
| 16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 18 | ### GNU General Public License for more details. |
| 19 | ### |
| 20 | ### You should have received a copy of the GNU General Public License |
| 21 | ### along with this program; if not, write to the Free Software Foundation, |
| 22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 23 | |
| 24 | ###-------------------------------------------------------------------------- |
| 25 | ### Listen for incoming connections. |
| 26 | |
| 27 | SECTION(global, daemon)m4_dnl |
| 28 | daemon_smtp_ports = CONF_smtp_port : CONF_submission_port |
| 29 | |
| 30 | DIVERT(null) |
| 31 | ###-------------------------------------------------------------------------- |
| 32 | ### Check source addresses for apparently local senders. |
| 33 | |
| 34 | SECTION(acl, mail-hooks)m4_dnl |
| 35 | ## Check that a submitted message's sender address is allowable. |
| 36 | require acl = mail_client_addr |
| 37 | |
| 38 | SECTION(acl, misc)m4_dnl |
| 39 | mail_client_addr: |
| 40 | |
| 41 | ## If this is a message submission then that's handled elsewhere. |
| 42 | accept condition = ${if eq{$acl_c_mode}{submission}} |
| 43 | |
| 44 | ## Make sure that the sender matches the client address. I feel like |
| 45 | ## I want to reject these, but that will break stuff. For example, |
| 46 | ## if I send mail to an externally hosted address which is really a |
| 47 | ## distribution list containing some local address, then we'll |
| 48 | ## (approximately legitimately) receive mail with an apparently-local |
| 49 | ## sender from a remote host. |
| 50 | warn !hosts = ${LOOKUP_DOMAIN($sender_address_domain, |
| 51 | {KV(hosts, {$value}{+allnets})}, |
| 52 | {${if match_domain {$sender_address_domain} \ |
| 53 | {+public} \ |
| 54 | {+allnets}{! +allnets}}})} |
| 55 | WARNING_HEADER(RCLNTLSNDR, |
| 56 | <:Apparently local sender, but received from remote \ |
| 57 | server.\n\t\ |
| 58 | sender=$sender_address \ |
| 59 | host=$sender_host_address:>) |
| 60 | |
| 61 | ## OK. |
| 62 | accept |
| 63 | |
| 64 | DIVERT(null) |
| 65 | ###-------------------------------------------------------------------------- |
| 66 | ### Rename locally-meaningful headers in mail from outside. |
| 67 | |
| 68 | m4_define(<:DISTORTED_HEADERS:>, |
| 69 | <:X-CONF_header_token-SpamAssassin-Score, |
| 70 | X-CONF_header_token-SpamAssassin-Status:>) |
| 71 | |
| 72 | SECTION(acl, data)m4_dnl |
| 73 | ## If this message is coming from outside then rename headers which |
| 74 | ## look like the ones we're likely to add. This is most relevant for |
| 75 | ## our spam-report headers, because I'm not sure I understand why |
| 76 | ## someone would want to fake an X-Distorted-Warning header. |
| 77 | warn !condition = ${if eq{$acl_c_mode}{submission}} |
| 78 | !hosts = +allnets |
| 79 | set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}}\ |
| 80 | RENAME_HEADERS_ADD(<:DISTORTED_HEADERS:>) |
| 81 | set acl_m_hdrrm = ${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\ |
| 82 | RENAME_HEADERS_REMOVE(<:DISTORTED_HEADERS:>) |
| 83 | |
| 84 | DIVERT(null) |
| 85 | ###-------------------------------------------------------------------------- |
| 86 | ### The obvious trivial router. |
| 87 | |
| 88 | SECTION(routers, remote)m4_dnl |
| 89 | ## Send mail on to a host in our own network. We must apply extra security. |
| 90 | local: |
| 91 | driver = dnslookup |
| 92 | domains = ${if bool {${LOOKUP_DOMAIN($domain, |
| 93 | {KV(service, {$value}{true})}, |
| 94 | {false})}} \ |
| 95 | {}{ ! +public : \ |
| 96 | CONF_master_domain : \ |
| 97 | *.CONF_master_domain }} |
| 98 | self = fail |
| 99 | same_domain_copy_routing = yes |
| 100 | ignore_target_hosts = +bogus |
| 101 | transport = smtp_local |
| 102 | no_more |
| 103 | |
| 104 | ## Send mail on to unknown hosts. |
| 105 | remote: |
| 106 | driver = dnslookup |
| 107 | domains = ${if bool {${LOOKUP_DOMAIN($domain, |
| 108 | {KV(service, {$value}{true})}, |
| 109 | {false})}} \ |
| 110 | {}{ ! +public }} |
| 111 | self = fail |
| 112 | same_domain_copy_routing = yes |
| 113 | ignore_target_hosts = +bogus_public |
| 114 | transport = smtp |
| 115 | no_more |
| 116 | |
| 117 | DIVERT(null) |
| 118 | ###----- That's all, folks -------------------------------------------------- |