X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/a0375fd97549cd5492cd879cc1fed9ae0e789a0b..8afec8982a03946c92b3bde00ac5776fed9bc197:/base.m4

diff --git a/base.m4 b/base.m4
index d64f7a6..c0dd892 100644
--- a/base.m4
+++ b/base.m4
@@ -105,7 +105,7 @@ SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
 
 SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.certlist
+tls_certificate = CONF_certlist
 tls_privatekey = CONF_sysconf_dir/server.key
 tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
 tls_dhparam = CONF_ca_dir/dh-param-2048.pem
@@ -287,6 +287,10 @@ SECTION(global, acl)m4_dnl
 acl_smtp_data = data
 SECTION(acl, data)m4_dnl
 data:
+	## Don't accept messages with overly-long lines.
+	deny	 message = line length exceeds SMTP permitted maximum: \
+			$max_received_linelength > 998
+		 condition = ${if >{$max_received_linelength}{998}}
 
 SECTION(acl, data-tail)m4_dnl
 	accept
@@ -410,6 +414,11 @@ m4_define(<:APPLY_HEADER_CHANGES:>,
 		<:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
 		$2:>):>)
 
+m4_define(<:SMTP_DELIVERY:>,
+	<:## Prevent sending messages with overly long lines.  The use of
+	## `message_size_limit' here is somewhat misleading.
+	message_size_limit = ${if >{$max_received_linelength}{998}{1}{0}}:>)
+
 SECTION(transports)m4_dnl
 ## A standard transport for remote delivery.  By default, try to do TLS, and
 ## don't worry too much if it's not very secure: the alternative is sending
@@ -426,6 +435,7 @@ smtp:
 
 m4_define(<:SMTP_TRANS_DHBITS:>,
 	<:driver = smtp
+	SMTP_DELIVERY
 	APPLY_HEADER_CHANGES
 	hosts_try_auth = *
 	hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
@@ -457,6 +467,7 @@ smtp_dhbits_2048:
 ## authentication.
 smtp_local:
 	driver = smtp
+	SMTP_DELIVERY
 	APPLY_HEADER_CHANGES
 	hosts_require_tls = *
 	tls_certificate = CONF_sysconf_dir/client.certlist