X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/9384ef4f973dc22ca7e65b1710f1c486c4efad0c..4ff4ad42f953b335fd5006fe5965cd3e871f601d:/base.m4

diff --git a/base.m4 b/base.m4
index 62b46ab..c9c04ff 100644
--- a/base.m4
+++ b/base.m4
@@ -105,6 +105,11 @@ helo:
 	## and we should only care about the most recent one.
 	warn	 set acl_c_helo_warning = false
 		!condition = \
+			${if and {{match_ip {$sender_host_address} \
+					    {<; 127.0.0.0/8 ; ::1}} \
+				  {match_domain {$sender_helo_name} \
+						{localhost : +thishost}}}}
+		!condition = \
 			${if exists {CONF_sysconf_dir/helo.conf} \
 			     {${lookup {$sender_helo_name} \
 				       partial0-lsearch \
@@ -180,7 +185,7 @@ SECTION(acl, connect-tail)m4_dnl
 
 check_submission:
 	## See whether this message needs hacking on.
-	accept	!hosts = +localnet
+	accept	!hosts = +thishost
 		!condition = ${if ={$received_port}{CONF_submission_port}}
 		 set acl_c_mode = relay
 
@@ -241,13 +246,13 @@ mail_check_auth:
 	## loopback connection, then we can trust identd to tell us the right
 	## answer.  So we should stash the right name somewhere consistent.
 	warn	 set acl_c_user = $authenticated_id
-		 hosts = +localnet
+		 hosts = +thishost
 		!authenticated = *
 		 set acl_c_user = $sender_ident
 
 	## User must be authenticated.
 	deny	 message = Sender not authenticated
-		!hosts = +localnet
+		!hosts = +thishost
 		!authenticated = *
 
 	## Make sure that the local part is one that the authenticated sender