X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/11f6fa6e1c39dcc27fb7da0d77ac11589ddf9139..45b7d61ea2adcc366813f5c72565da054158b5f2:/base.m4

diff --git a/base.m4 b/base.m4
index 22f6852..8f962bb 100644
--- a/base.m4
+++ b/base.m4
@@ -85,6 +85,7 @@ SECTION(global, process)m4_dnl
 extract_addresses_remove_arguments = false
 headers_charset = utf-8
 qualify_domain = CONF_master_domain
+untrusted_set_sender = *
 
 SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
@@ -151,8 +152,14 @@ SECTION(acl, mail)m4_dnl
 mail:
 
 	## If we stashed a warning header about HELO from earlier, we should
-	## add it now.
+	## add it now.  Only don't bother if the client has authenticated
+	## successfully for submission (because we can't expect mobile
+	## clients to be properly set up knowing their names), or it's one of
+	## our own satellites (because they're either properly set up anyway,
+	## or satellites using us as a smarthost).
 	warn	 condition = $acl_c_helo_warning
+		!condition = ${if eq{$acl_c_mode}{submission}}
+		!hosts = +allnets
 		 add_header = :after_received:X-Distorted-Warning: \
 			BADHELO \
 			Client's HELO doesn't match its IP address.\n\t\
@@ -167,7 +174,7 @@ mail:
 
 	## If this is directly from a client then hack on it for a while.
 	warn	 condition = ${if eq{$acl_c_mode}{submission}}
-		 control = submission
+		 control = submission/sender_retain
 
 	## Insist that a local client connect through TLS.
 	deny	 message = Hosts within CONF_master_domain must use TLS