warn condition = $acl_c_helo_warning
!condition = ${if eq{$acl_c_mode}{submission}}
!hosts = +allnets
- add_header = :after_received:X-CONF_header_token-Warning: \
+ ADD_HEADER(<:X-CONF_header_token-Warning: \
BADHELO \
Client's HELO doesn't match its IP address.\n\t\
helo-name=$sender_helo_name \
- address=$sender_host_address
+ address=$sender_host_address:>)
## Always allow the empty sender, so that we can receive bounces.
accept senders = :
envelope_to_add = true
return_path_add = true:>)
+m4_define(<:APPLY_HEADER_CHANGES:>,
+ <:headers_add = m4_ifelse(<:$1:>, <::>,
+ <:$acl_m_hdradd:>,
+ <:${if def:acl_m_hdradd{$acl_m_hdradd\n}}\
+ $1:>)
+ headers_remove = m4_ifelse(<:$2:>, <::>,
+ <:$acl_m_hdrrm:>,
+ <:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
+ $2:>):>)
+
SECTION(transports)m4_dnl
## A standard transport for remote delivery. By default, try to do TLS, and
## don't worry too much if it's not very secure: the alternative is sending
## it into the transport name. This is very unpleasant, of course.
smtp:
driver = smtp
+ APPLY_HEADER_CHANGES
tls_require_ciphers = CONF_acceptable_ciphers
tls_dh_min_bits = 1020
tls_tempfail_tryclear = true
m4_define(<:SMTP_TRANS_DHBITS:>,
<:driver = smtp
+ APPLY_HEADER_CHANGES
hosts_try_auth = *
hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
hosts_require_auth = \
## authentication.
smtp_local:
driver = smtp
+ APPLY_HEADER_CHANGES
hosts_require_tls = *
tls_certificate = CONF_sysconf_dir/client.certlist
tls_privatekey = CONF_sysconf_dir/client.key
## A standard transport for local delivery.
deliver:
driver = appendfile
+ APPLY_HEADER_CHANGES
file = /var/mail/$local_part
group = mail
mode = 0600
## Transports for user filters.
mailbox:
driver = appendfile
+ APPLY_HEADER_CHANGES
initgroups = true
USER_DELIVERY
maildir:
driver = appendfile
+ APPLY_HEADER_CHANGES
maildir_format = true
initgroups = true
USER_DELIVERY
pipe:
driver = pipe
+ APPLY_HEADER_CHANGES
path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
/usr/local/bin:/usr/local/sbin:\
/usr/bin:/usr/sbin:/bin:/sbin
m4_ifdef(<:_head:$1/$2:>, <:<:##:> m4_indir(<:_head:$1/$2:>)
:>)m4_define(<:_done:$1/$2:>):>):>):>)
+## ADD_HEADER(hdrs)
+##
+## An ACL action to add the given HDRS, which are a `\n'-terminated list of
+## new header lines.
+m4_define(<:ADD_HEADER:>, <:m4_dnl
+ set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}{}}$1\n:>)
+
## RENAME_HEADERS_ADD(list)
##
## Return a newline-separated list of message header additions of the form
{${if match_domain {$sender_address_domain} \
{+public} \
{+allnets}{! +allnets}}})}
- add_header = :after_received:X-CONF_header_token-Warning: \
+ ADD_HEADER(<:X-CONF_header_token-Warning: \
RCLNTLSNDR \
Apparently local sender, but received from remote \
server.\n\t\
sender=$sender_address \
- host=$sender_host_address
+ host=$sender_host_address:>)
## OK.
accept
set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}}
## Insert the headers.
- add_header = X-CONF_header_token-SpamAssassin-Score: \
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Score: \
$spam_score/$acl_m_spam_limit_presentation \
- ($spam_bar)
- add_header = X-CONF_header_token-SpamAssassin-Status: \
+ ($spam_bar):>)
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Status: \
score=$spam_score, \
limit=$acl_m_spam_limit_presentation, \n\t\
- tests=$acl_m_spam_tests
+ tests=$acl_m_spam_tests:>)
## We're good.
accept