spam.m4: Allow virtual domains to opt out of spam checking.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 204be0a..e74803d 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -128,7 +128,7 @@ helo:
                                       {CONF_sysconf_dir/helo.conf} \
                                       {${if match_ip \
                                             {$sender_host_address} \
-                                            {$value}}}}}}
+                                            {<; $value}}}}}}
                !verify = helo
                 set acl_c_helo_warning = true
 
@@ -214,16 +214,35 @@ rcpt:
 
        ## Reject if the client isn't allowed to relay and the recipient
        ## isn't in one of our known domains.
-       deny     message = Relaying not permitted
-               !hosts = CONF_relay_clients
-               !authenticated = *
-               !domains = +known
+       require  message = Relaying not permitted
+                acl = check_relay
 
        ## Ensure that the recipient is routable.
        require  message = Invalid recipient \
                        ($recipient_verify_failure; $acl_verify_message)
                 verify = recipient
 
+SECTION(acl, misc)m4_dnl
+check_relay:
+       ## Accept either if the client is allowed to relay through us, or if
+       ## we're the correct place to send this mail.
+
+       ## Known clients and authenticated users are OK.
+       accept    hosts = CONF_relay_clients
+       accept    authenticated = *
+
+       ## Known domains are OK.
+       accept    domains = +public
+
+       ## Finally, domains in our table are OK, unless they say they aren't.
+       accept    domains = \
+               ${if exists{CONF_sysconf_dir/domains.conf} \
+                    {partial0-lsearch; CONF_sysconf_dir/domains.conf}}
+                 condition = DOMKV(service, {$value}{true})
+
+       ## Nope, that's not allowed.
+       deny
+
 SECTION(acl, rcpt-tail)m4_dnl
        ## Everything checks out OK: let this one go through.
        accept
@@ -260,16 +279,25 @@ mail_check_auth:
        warn     set acl_c_user = $authenticated_id
                 hosts = +thishost
                !authenticated = *
+                condition = ${if def:sender_ident}
                 set acl_c_user = $sender_ident
 
-       ## User must be authenticated.
+       ## User must be authenticated by now.
        deny     message = Sender not authenticated
-               !hosts = +thishost
-               !authenticated = *
+                condition = ${if !def:acl_c_user}
 
        ## Make sure that the local part is one that the authenticated sender
        ## is allowed to claim.
        deny     message = Sender address forbidden to calling user
+               !condition = \
+                       ${if exists {CONF_sysconf_dir/auth-sender.conf} \
+                            {${lookup {$acl_c_user} \
+                                      lsearch \
+                                      {CONF_sysconf_dir/auth-sender.conf} \
+                                      {${if match_address \
+                                            {$sender_address} \
+                                            {+value}}} \
+                                      {false}}}}
                !condition = ${LOOKUP_DOMAIN($sender_address_domain,
                               {${if and {{match_local_part \
                                            {$acl_c_user} \