X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/2f0841cefa225400a5ccaf5afbeb1766b11ab9cf..9aa166fac07cb57f22009739b609e9a64041310f:/base.m4

diff --git a/base.m4 b/base.m4
index 8f962bb..cb0f7a6 100644
--- a/base.m4
+++ b/base.m4
@@ -81,11 +81,16 @@ SECTION(global, smtp)m4_dnl
 smtp_return_error_details = true
 accept_8bitmime = true
 
+SECTION(global, env)m4_dnl
+keep_environment =
+
 SECTION(global, process)m4_dnl
 extract_addresses_remove_arguments = false
 headers_charset = utf-8
 qualify_domain = CONF_master_domain
 untrusted_set_sender = *
+local_from_check = false
+local_sender_retain = true
 
 SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
@@ -142,6 +147,7 @@ SECTION(acl, misc)m4_dnl
 not_smtp_start:
 	## Record the user's name.
 	warn	 set acl_c_user = $sender_ident
+		 set acl_m_user = $sender_ident
 
 	## Done.
 	accept
@@ -160,11 +166,10 @@ mail:
 	warn	 condition = $acl_c_helo_warning
 		!condition = ${if eq{$acl_c_mode}{submission}}
 		!hosts = +allnets
-		 add_header = :after_received:X-Distorted-Warning: \
-			BADHELO \
-			Client's HELO doesn't match its IP address.\n\t\
-			helo-name=$sender_helo_name \
-			address=$sender_host_address
+		 WARNING_HEADER(BADHELO,
+				<:Client's HELO doesn't match its IP address.\n\t\
+				  helo-name=$sender_helo_name \
+				  address=$sender_host_address:>)
 
 	## Always allow the empty sender, so that we can receive bounces.
 	accept	 senders = :
@@ -308,6 +313,10 @@ mail_check_auth:
 	deny	 message = Sender not authenticated
 		 condition = ${if !def:acl_c_user}
 
+	## Set the per-message authentication flag, since we now know that
+	## there's a sensible value.
+	warn	 set acl_m_user = $acl_c_user
+
 	## All done.
 	accept
 
@@ -382,6 +391,16 @@ m4_define(<:USER_DELIVERY:>,
 	envelope_to_add = true
 	return_path_add = true:>)
 
+m4_define(<:APPLY_HEADER_CHANGES:>,
+	<:headers_add = m4_ifelse(<:$1:>, <::>,
+		<:$acl_m_hdradd:>,
+		<:${if def:acl_m_hdradd{$acl_m_hdradd\n}}\
+		$1:>)
+	headers_remove = m4_ifelse(<:$2:>, <::>,
+		<:$acl_m_hdrrm:>,
+		<:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
+		$2:>):>)
+
 SECTION(transports)m4_dnl
 ## A standard transport for remote delivery.  By default, try to do TLS, and
 ## don't worry too much if it's not very secure: the alternative is sending
@@ -391,12 +410,14 @@ SECTION(transports)m4_dnl
 ## it into the transport name.  This is very unpleasant, of course.
 smtp:
 	driver = smtp
+	APPLY_HEADER_CHANGES
 	tls_require_ciphers = CONF_acceptable_ciphers
 	tls_dh_min_bits = 1020
 	tls_tempfail_tryclear = true
 
 m4_define(<:SMTP_TRANS_DHBITS:>,
 	<:driver = smtp
+	APPLY_HEADER_CHANGES
 	hosts_try_auth = *
 	hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
 	hosts_require_auth = \
@@ -423,6 +444,7 @@ smtp_dhbits_2048:
 ## authentication.
 smtp_local:
 	driver = smtp
+	APPLY_HEADER_CHANGES
 	hosts_require_tls = *
 	tls_certificate = CONF_sysconf_dir/client.certlist
 	tls_privatekey = CONF_sysconf_dir/client.key
@@ -437,6 +459,7 @@ smtp_local:
 ## A standard transport for local delivery.
 deliver:
 	driver = appendfile
+	APPLY_HEADER_CHANGES
 	file = /var/mail/$local_part
 	group = mail
 	mode = 0600
@@ -446,17 +469,20 @@ deliver:
 ## Transports for user filters.
 mailbox:
 	driver = appendfile
+	APPLY_HEADER_CHANGES
 	initgroups = true
 	USER_DELIVERY
 
 maildir:
 	driver = appendfile
+	APPLY_HEADER_CHANGES
 	maildir_format = true
 	initgroups = true
 	USER_DELIVERY
 
 pipe:
 	driver = pipe
+	APPLY_HEADER_CHANGES
 	path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
 		/usr/local/bin:/usr/local/sbin:\
 		/usr/bin:/usr/sbin:/bin:/sbin