X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/b1d083dd44e29fb51a158787a4b298d9c90bfbd7..8fca6182bd0b3b877ccca2e90b75c99e75f1008e:/base.m4 diff --git a/base.m4 b/base.m4 index 9182a7c..f8b2901 100644 --- a/base.m4 +++ b/base.m4 @@ -59,11 +59,12 @@ gecos_pattern = ([^,:]*) SECTION(global, incoming)m4_dnl received_header_text = Received: \ - ${if def:sender_rcvhost {from $sender_rcvhost\n\t} \ - {${if def:sender_ident \ - {from ${quote_local_part:$sender_ident} }}\ + ${if def:sender_rcvhost \ + {from $sender_rcvhost\ ${if def:sender_helo_name \ - {(helo=$sender_helo_name)\n\t}}}}\ + { (helo=$sender_helo_name)}}\n\t} \ + {${if def:sender_ident \ + {from ${quote_local_part:$sender_ident} }}}}\ by $primary_hostname \ (Exim $version_number)\ ${if def:tls_cipher {\n\t} { }}\ @@ -71,7 +72,7 @@ received_header_text = Received: \ {with $received_protocol \ ${if def:tls_cipher {(cipher=$tls_cipher)}}}}\n\t\ ${if def:sender_address \ - {(envelope-from <$sender_address>\ + {(envelope-from $sender_address\ ${if def:authenticated_id \ {; auth=$authenticated_id}})\n\t}}\ id $message_exim_id\ @@ -98,8 +99,23 @@ SECTION(global, acl)m4_dnl acl_smtp_helo = helo SECTION(acl, misc)m4_dnl helo: - require message = The other one has bells on - verify = helo + ## Check that the caller's claimed identity is actually plausible. + ## This seems like it's a fairly effective filter on spamminess, but + ## it's too blunt a tool. Rather than reject, add a warning header. + ## Only we can't do this the easy way, so save it up for use in MAIL. + ## Also, we're liable to get a subsequent HELO (e.g., after STARTTLS) + ## and we should only care about the most recent one. + warn set acl_c_helo_warning = false + !condition = \ + ${if exists {CONF_sysconf_dir/helo.conf} \ + {${lookup {$sender_helo_name} \ + partial0-lsearch \ + {CONF_sysconf_dir/helo.conf} \ + {${if match_ip \ + {$sender_host_address} \ + {$value}}}}}} + !verify = helo + set acl_c_helo_warning = true accept @@ -108,6 +124,15 @@ acl_smtp_mail = mail SECTION(acl, mail)m4_dnl mail: + ## If we stashed a warning header about HELO from earlier, we should + ## add it now. + warn condition = $acl_c_helo_warning + add_header = :after_received:X-Distorted-Warning: \ + BADHELO \ + Client's HELO doesn't match its IP address.\n\t\ + HELO name=$sender_helo_name, \ + address=$sender_host_address + ## Always allow the empty sender, so that we can receive bounces. accept senders = : @@ -222,6 +247,15 @@ m4_define(<:FILTER_TRANSPORTS:>, pipe_transport = pipe reply_transport = reply:>) +m4_define(<:FILTER_ROUTER:>, +<:$1_vrf: + $2 + FILTER_VERIFY<::>$3 +$1: + $2 + verify = no + FILTER_TRANSPORTS<::>$4:>) + DIVERT(null) ###-------------------------------------------------------------------------- ### Some standard transports.