SECTION(global, resource)m4_dnl
deliver_queue_load_max = 8
+message_size_limit = 500M
queue_only_load = 12
smtp_accept_max = 16
smtp_accept_queue = 32
gecos_pattern = ([^,:]*)
SECTION(global, incoming)m4_dnl
+rfc1413_hosts = *
+rfc1413_query_timeout = 10s
received_header_text = Received: \
${if def:sender_rcvhost \
{from $sender_rcvhost\n\t} \
${if def:sender_address \
{(envelope-from $sender_address\
${if def:authenticated_id \
- {; auth=$authenticated_id}})\n\t}}\
+ {; auth=${quote_local_part:$authenticated_id}} \
+ {${if and {{def:authenticated_sender} \
+ {match_address{$authenticated_sender} \
+ {*@CONF_master_domain}}} \
+ {; auth=${quote_local_part:\
+ ${local_part:\
+ $authenticated_sender}}}}}})\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}
SECTION(global, smtp)m4_dnl
smtp_return_error_details = true
accept_8bitmime = true
+chunking_advertise_hosts =
+
+SECTION(global, env)m4_dnl
+keep_environment =
SECTION(global, process)m4_dnl
extract_addresses_remove_arguments = false
delay_warning = 1h : 24h : 2d
SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.certlist
+tls_certificate = CONF_certlist
tls_privatekey = CONF_sysconf_dir/server.key
tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
tls_dhparam = CONF_ca_dir/dh-param-2048.pem
acl_smtp_helo = helo
SECTION(acl, misc)m4_dnl
helo:
+ ## Don't worry if this is local submission. MUAs won't necessarily
+ ## have a clear idea of their hostnames. (For some reason.)
+ accept condition = ${if eq{$acl_c_mode}{submission}}
+
## Check that the caller's claimed identity is actually plausible.
## This seems like it's a fairly effective filter on spamminess, but
## it's too blunt a tool. Rather than reject, add a warning header.
not_smtp_start:
## Record the user's name.
warn set acl_c_user = $sender_ident
+ set acl_m_user = $sender_ident
## Done.
accept
## See whether there's a special exception for this sender domain.
accept senders = ${LOOKUP_DOMAIN($sender_address_domain,
- {KV(senders, {$value}{})},
- {})}
+ {KV(senders)})}
## Ensure that the sender is routable. This is important to prevent
## undeliverable bounces.
## Remember to apply submission controls.
warn set acl_c_mode = submission
+ control = no_enforce_sync
## Done.
accept
## we're the correct place to send this mail.
## Known clients and authenticated users are OK.
- accept hosts = CONF_relay_clients
- accept authenticated = *
+ accept hosts = CONF_relay_clients
+ accept authenticated = *
## Known domains are OK.
- accept domains = +public
+ accept domains = +public
## Finally, domains in our table are OK, unless they say they aren't.
- accept domains = \
- ${if exists{CONF_sysconf_dir/domains.conf} \
+ accept domains = \
+ ${if exists{CONF_sysconf_dir/domains.conf} \
{partial0-lsearch; CONF_sysconf_dir/domains.conf}}
- condition = DOMKV(service, {$value}{true})
+ condition = DOMKV(service, {$value}{true})
## Nope, that's not allowed.
deny
acl_smtp_data = data
SECTION(acl, data)m4_dnl
data:
+ ## Don't accept messages with overly-long lines.
+ deny message = line length exceeds SMTP permitted maximum: \
+ $max_received_linelength > 998
+ condition = ${if >{$max_received_linelength}{998}}
SECTION(acl, data-tail)m4_dnl
accept
deny message = Sender not authenticated
condition = ${if !def:acl_c_user}
+ ## Set the per-message authentication flag, since we now know that
+ ## there's a sensible value.
+ warn set acl_m_user = $acl_c_user
+
## All done.
accept
<:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
$2:>):>)
+m4_define(<:DKIM_SIGN_P:>,
+ <:and {{exists{CONF_sysconf_dir/dkim-sign.conf}} \
+ {!def:h_DKIM-Signature:} \
+ {!def:h_List-ID:} \
+ {or {{def:authenticated_id} \
+ {def:authenticated_sender}}}}:>)
+
+m4_define(<:DKIM_KEYS_INSTANCE:>,
+ <:${lookup {${domain:$h_From:}} partial0-lsearch \
+ {CONF_sysconf_dir/dkim-sign.conf} \
+ _LOOKUP_ARGS(<:$1:>, <:$2:>)}:>)
+m4_define(<:DKIM_KEYS_STATE:>, <:${lookup {$1} lsearch \
+ {DKIM_KEYS_INSTANCE(<:{CONF_dkim_keys_dir/$value/active/dkim-keys.state}:>)} \
+ _LOOKUP_ARGS(<:$2:>, <:$3:>, <:fail:>)}:>)
+m4_define(<:DKIM_KEYS_INFO:>, <:DKIM_KEYS_STATE(<:params:>,
+ <:{${if and {{>={$tod_epoch}{KV(t0)}} \
+ {<{$tod_epoch}{${eval:KV(t0) + KV(n)*KV(step)}}}} \
+ {DKIM_KEYS_STATE(<:info.${eval:($tod_epoch - KV(t0))/KV(step)}:>,
+ <:$1:>, <:$2:>)} \
+ m4_ifelse(<:$2:>, <::>, <:fail:>, <:$2:>)}}:>,
+ m4_ifelse(<:$2:>, <::>, <:fail:>, <:$2:>)):>)
+
+m4_define(<:DKIM_SIGN:>,
+ <:dkim_domain = \
+ ${if DKIM_SIGN_P \
+ {DKIM_KEYS_INSTANCE({${domain:$h_From:}})}}
+ dkim_selector = DKIM_KEYS_INFO(<:{KV(k)}:>)
+ dkim_private_key = \
+ DKIM_KEYS_INSTANCE(<:m4_dnl
+ {CONF_dkim_keys_dir/$value/active/$dkim_selector.priv}:>)
+ dkim_canon = relaxed
+ dkim_strict = true
+ ## The following ridiculous stunt does two important jobs. Firstly,
+ ## and more obviously, it arranges to include one more copy of each
+ ## header name than the message actually contains, thereby causing
+ ## the signature to fail if another header with the same name is
+ ## added. And secondly, and far more subtly, it also trims the
+ ## spaces from the header names so that they're in the format that
+ ## the signing machinery secretly wants.
+ dkim_sign_headers = \
+ ${sg {${map {CONF_dkim_headers : \
+ X-CONF_header_token-DKIM-Key-Publication} \
+ {$item${sg {${expand:\$h_$item:}\n} \
+ {((?:[^\n]+|\n\\s+)*)\n} \
+ {:$item}}}}} \
+ {::}{:}}
+ headers_add = \
+ ${if DKIM_SIGN_P \
+ {DKIM_KEYS_INFO(<:m4_dnl
+ {X-CONF_header_token-DKIM-Key-Publication: \
+ DKIM signature not suitable \
+ as evidence after delivery;\n\t\
+ DKIM private key KV(k) will be \
+ published\n\t\
+ at KV(u)\n\t\
+ on or before KV(tpub)}:>)}}:>)
+
+
+m4_define(<:SMTP_DELIVERY:>,
+ <:## Prevent sending messages with overly long lines. The use of
+ ## `message_size_limit' here is somewhat misleading.
+ message_size_limit = ${if >{$max_received_linelength}{998}{1}{0}}:>)
+
SECTION(transports)m4_dnl
## A standard transport for remote delivery. By default, try to do TLS, and
## don't worry too much if it's not very secure: the alternative is sending
## it into the transport name. This is very unpleasant, of course.
smtp:
driver = smtp
+ SMTP_DELIVERY
APPLY_HEADER_CHANGES
+ DKIM_SIGN
tls_require_ciphers = CONF_acceptable_ciphers
- tls_dh_min_bits = 1020
+ tls_dh_min_bits = 508
tls_tempfail_tryclear = true
m4_define(<:SMTP_TRANS_DHBITS:>,
<:driver = smtp
+ SMTP_DELIVERY
APPLY_HEADER_CHANGES
+ DKIM_SIGN
hosts_try_auth = *
hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
hosts_require_auth = \
{CONF_acceptable_ciphers})
tls_dh_min_bits = $1
tls_tempfail_tryclear = true:>)m4_dnl
+smtp_dhbits_512:
+ SMTP_TRANS_DHBITS(508)
+smtp_dhbits_768:
+ SMTP_TRANS_DHBITS(764)
smtp_dhbits_1024:
SMTP_TRANS_DHBITS(1020)
smtp_dhbits_2048:
- SMTP_TRANS_DHBITS(2046)
+ SMTP_TRANS_DHBITS(2044)
## Transport to a local SMTP server; use TLS and perform client
## authentication.
smtp_local:
driver = smtp
+ SMTP_DELIVERY
APPLY_HEADER_CHANGES
hosts_require_tls = *
tls_certificate = CONF_sysconf_dir/client.certlist
tls_require_ciphers = CONF_good_ciphers
tls_dh_min_bits = 2046
tls_tempfail_tryclear = false
- authenticated_sender = ${if def:authenticated_id \
- {$authenticated_id@CONF_master_domain} \
- fail}
+ authenticated_sender_force = true
+ authenticated_sender = \
+ ${if def:acl_m_user {$acl_m_user@CONF_master_domain} \
+ {${if def:authenticated_sender {$authenticated_sender} \
+ fail}}}
## A standard transport for local delivery.
deliver:
### Retry configuration.
SECTION(retry, default)m4_dnl
+## Be persistent when sending to the site relay. It ought to work, but
+## particularly satellites such as laptops often encounter annoying temporary
+## failures due to network unavailability, and the usual gradual policy can
+## leave mail building up for no good reason.
+CONF_smarthost * \
+ F,4d,15m
+
## Default.
* * \
F,2h,15m; G,16h,2h,1.5; F,4d,6h
~mdw / exim-config / blobdiff