base.m4: Allow arbitrary claimed envelope and header senders.

[exim-config] / exchange.m4

### -*-m4-*-
###
### Transmission to remote hosts for distorted.org.uk Exim configuration.
###
### (c) 2012 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### This program is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with this program; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

###--------------------------------------------------------------------------
### Listen for incoming connections.

SECTION(global, daemon)m4_dnl
daemon_smtp_ports = CONF_smtp_port : CONF_submission_port

DIVERT(null)
###--------------------------------------------------------------------------
### Check source addresses for apparently local senders.

SECTION(acl, mail-hooks)m4_dnl
        ## Check that a submitted message's sender address is allowable.
        require  acl = mail_client_addr

SECTION(acl, misc)m4_dnl
mail_client_addr:

        ## If this is a message submission then that's handled elsewhere.
        accept   condition = ${if eq{$acl_c_mode}{submission}}

        ## Make sure that the sender matches the client address.  I feel like
        ## I want to reject these, but that will break stuff.  For example,
        ## if I send mail to an externally hosted address which is really a
        ## distribution list containing some local address, then we'll
        ## (approximately legitimately) receive mail with an apparently-local
        ## sender from a remote host.
        warn    !hosts = ${LOOKUP_DOMAIN($sender_address_domain,
                           {KV(hosts, {$value}{+allnets})},
                           {${if match_domain {$sender_address_domain} \
                                              {+public} \
                                 {+allnets}{! +allnets}}})}
                 add_header = :after_received:X-Distorted-Warning: \
                        RCLNTLSNDR \
                        Apparently local sender, but received from remote \
                        server.\n\t\
                        sender=$sender_address \
                        host=$sender_host_address

        ## OK.
        accept

DIVERT(null)
###--------------------------------------------------------------------------
### The obvious trivial router.

SECTION(routers, remote)m4_dnl
## Send mail on to a host in our own network.  We must apply extra security.
local:
        driver = dnslookup
        domains = ${if bool {${LOOKUP_DOMAIN($domain,
                               {KV(service, {$value}{true})},
                               {false})}} \
                       {}{ ! +public : \
                           CONF_master_domain : \
                           *.CONF_master_domain }}
        self = fail
        transport = smtp_local
        no_more

## Send mail on to unknown hosts.
remote:
        driver = dnslookup
        domains = ${if bool {${LOOKUP_DOMAIN($domain,
                               {KV(service, {$value}{true})},
                               {false})}} \
                       {}{ ! +public }}
        self = fail
        transport = smtp
        no_more

DIVERT(null)
###----- That's all, folks --------------------------------------------------