X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/ceb81bc4d616ce4412606bf91949312cdfcfa7f9..8afec8982a03946c92b3bde00ac5776fed9bc197:/base.m4

diff --git a/base.m4 b/base.m4
index 03dc4aa..c0dd892 100644
--- a/base.m4
+++ b/base.m4
@@ -88,6 +88,7 @@ received_header_text = Received: \
 SECTION(global, smtp)m4_dnl
 smtp_return_error_details = true
 accept_8bitmime = true
+chunking_advertise_hosts =
 
 SECTION(global, env)m4_dnl
 keep_environment =
@@ -104,7 +105,7 @@ SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
 
 SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.certlist
+tls_certificate = CONF_certlist
 tls_privatekey = CONF_sysconf_dir/server.key
 tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
 tls_dhparam = CONF_ca_dir/dh-param-2048.pem
@@ -263,17 +264,17 @@ check_relay:
 	## we're the correct place to send this mail.
 
 	## Known clients and authenticated users are OK.
-	accept	  hosts = CONF_relay_clients
-	accept	  authenticated = *
+	accept	 hosts = CONF_relay_clients
+	accept	 authenticated = *
 
 	## Known domains are OK.
-	accept	  domains = +public
+	accept	 domains = +public
 
 	## Finally, domains in our table are OK, unless they say they aren't.
-	accept	  domains = \
-		${if exists{CONF_sysconf_dir/domains.conf} \
+	accept	 domains = \
+		 ${if exists{CONF_sysconf_dir/domains.conf} \
 		     {partial0-lsearch;	CONF_sysconf_dir/domains.conf}}
-		  condition = DOMKV(service, {$value}{true})
+		 condition = DOMKV(service, {$value}{true})
 
 	## Nope, that's not allowed.
 	deny
@@ -286,6 +287,10 @@ SECTION(global, acl)m4_dnl
 acl_smtp_data = data
 SECTION(acl, data)m4_dnl
 data:
+	## Don't accept messages with overly-long lines.
+	deny	 message = line length exceeds SMTP permitted maximum: \
+			$max_received_linelength > 998
+		 condition = ${if >{$max_received_linelength}{998}}
 
 SECTION(acl, data-tail)m4_dnl
 	accept
@@ -409,6 +414,11 @@ m4_define(<:APPLY_HEADER_CHANGES:>,
 		<:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
 		$2:>):>)
 
+m4_define(<:SMTP_DELIVERY:>,
+	<:## Prevent sending messages with overly long lines.  The use of
+	## `message_size_limit' here is somewhat misleading.
+	message_size_limit = ${if >{$max_received_linelength}{998}{1}{0}}:>)
+
 SECTION(transports)m4_dnl
 ## A standard transport for remote delivery.  By default, try to do TLS, and
 ## don't worry too much if it's not very secure: the alternative is sending
@@ -425,6 +435,7 @@ smtp:
 
 m4_define(<:SMTP_TRANS_DHBITS:>,
 	<:driver = smtp
+	SMTP_DELIVERY
 	APPLY_HEADER_CHANGES
 	hosts_try_auth = *
 	hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
@@ -456,6 +467,7 @@ smtp_dhbits_2048:
 ## authentication.
 smtp_local:
 	driver = smtp
+	SMTP_DELIVERY
 	APPLY_HEADER_CHANGES
 	hosts_require_tls = *
 	tls_certificate = CONF_sysconf_dir/client.certlist