Don't use the `add_header' ACL control any more. Instead, just
accumulate the desired header additions and removals in variables, and
apply them at transport time.
This way, the headers we see in the message are the unmodified ones, as
the message was originally given to us. We can therefore apply header
/removals/ (which aren't allowed in ACLs, so have to be delayed to
routing/transport time) coherently, without the risk of clobbering
the headers we've added ourselves.
warn condition = $acl_c_helo_warning
!condition = ${if eq{$acl_c_mode}{submission}}
!hosts = +allnets
warn condition = $acl_c_helo_warning
!condition = ${if eq{$acl_c_mode}{submission}}
!hosts = +allnets
- add_header = :after_received:X-CONF_header_token-Warning: \
+ ADD_HEADER(<:X-CONF_header_token-Warning: \
BADHELO \
Client's HELO doesn't match its IP address.\n\t\
helo-name=$sender_helo_name \
BADHELO \
Client's HELO doesn't match its IP address.\n\t\
helo-name=$sender_helo_name \
- address=$sender_host_address
+ address=$sender_host_address:>)
## Always allow the empty sender, so that we can receive bounces.
accept senders = :
## Always allow the empty sender, so that we can receive bounces.
accept senders = :
envelope_to_add = true
return_path_add = true:>)
envelope_to_add = true
return_path_add = true:>)
+m4_define(<:APPLY_HEADER_CHANGES:>,
+ <:headers_add = m4_ifelse(<:$1:>, <::>,
+ <:$acl_m_hdradd:>,
+ <:${if def:acl_m_hdradd{$acl_m_hdradd\n}}\
+ $1:>)
+ headers_remove = m4_ifelse(<:$2:>, <::>,
+ <:$acl_m_hdrrm:>,
+ <:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
+ $2:>):>)
+
SECTION(transports)m4_dnl
## A standard transport for remote delivery. By default, try to do TLS, and
## don't worry too much if it's not very secure: the alternative is sending
SECTION(transports)m4_dnl
## A standard transport for remote delivery. By default, try to do TLS, and
## don't worry too much if it's not very secure: the alternative is sending
## it into the transport name. This is very unpleasant, of course.
smtp:
driver = smtp
## it into the transport name. This is very unpleasant, of course.
smtp:
driver = smtp
tls_require_ciphers = CONF_acceptable_ciphers
tls_dh_min_bits = 1020
tls_tempfail_tryclear = true
m4_define(<:SMTP_TRANS_DHBITS:>,
<:driver = smtp
tls_require_ciphers = CONF_acceptable_ciphers
tls_dh_min_bits = 1020
tls_tempfail_tryclear = true
m4_define(<:SMTP_TRANS_DHBITS:>,
<:driver = smtp
hosts_try_auth = *
hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
hosts_require_auth = \
hosts_try_auth = *
hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
hosts_require_auth = \
## authentication.
smtp_local:
driver = smtp
## authentication.
smtp_local:
driver = smtp
hosts_require_tls = *
tls_certificate = CONF_sysconf_dir/client.certlist
tls_privatekey = CONF_sysconf_dir/client.key
hosts_require_tls = *
tls_certificate = CONF_sysconf_dir/client.certlist
tls_privatekey = CONF_sysconf_dir/client.key
## A standard transport for local delivery.
deliver:
driver = appendfile
## A standard transport for local delivery.
deliver:
driver = appendfile
file = /var/mail/$local_part
group = mail
mode = 0600
file = /var/mail/$local_part
group = mail
mode = 0600
## Transports for user filters.
mailbox:
driver = appendfile
## Transports for user filters.
mailbox:
driver = appendfile
initgroups = true
USER_DELIVERY
maildir:
driver = appendfile
initgroups = true
USER_DELIVERY
maildir:
driver = appendfile
maildir_format = true
initgroups = true
USER_DELIVERY
pipe:
driver = pipe
maildir_format = true
initgroups = true
USER_DELIVERY
pipe:
driver = pipe
path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
/usr/local/bin:/usr/local/sbin:\
/usr/bin:/usr/sbin:/bin:/sbin
path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
/usr/local/bin:/usr/local/sbin:\
/usr/bin:/usr/sbin:/bin:/sbin
m4_ifdef(<:_head:$1/$2:>, <:<:##:> m4_indir(<:_head:$1/$2:>)
:>)m4_define(<:_done:$1/$2:>):>):>):>)
m4_ifdef(<:_head:$1/$2:>, <:<:##:> m4_indir(<:_head:$1/$2:>)
:>)m4_define(<:_done:$1/$2:>):>):>):>)
+## ADD_HEADER(hdrs)
+##
+## An ACL action to add the given HDRS, which are a `\n'-terminated list of
+## new header lines.
+m4_define(<:ADD_HEADER:>, <:m4_dnl
+ set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}{}}$1\n:>)
+
## RENAME_HEADERS_ADD(list)
##
## Return a newline-separated list of message header additions of the form
## RENAME_HEADERS_ADD(list)
##
## Return a newline-separated list of message header additions of the form
{${if match_domain {$sender_address_domain} \
{+public} \
{+allnets}{! +allnets}}})}
{${if match_domain {$sender_address_domain} \
{+public} \
{+allnets}{! +allnets}}})}
- add_header = :after_received:X-CONF_header_token-Warning: \
+ ADD_HEADER(<:X-CONF_header_token-Warning: \
RCLNTLSNDR \
Apparently local sender, but received from remote \
server.\n\t\
sender=$sender_address \
RCLNTLSNDR \
Apparently local sender, but received from remote \
server.\n\t\
sender=$sender_address \
- host=$sender_host_address
+ host=$sender_host_address:>)
set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}}
## Insert the headers.
set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}}
## Insert the headers.
- add_header = X-CONF_header_token-SpamAssassin-Score: \
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Score: \
$spam_score/$acl_m_spam_limit_presentation \
$spam_score/$acl_m_spam_limit_presentation \
- ($spam_bar)
- add_header = X-CONF_header_token-SpamAssassin-Status: \
+ ($spam_bar):>)
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Status: \
score=$spam_score, \
limit=$acl_m_spam_limit_presentation, \n\t\
score=$spam_score, \
limit=$acl_m_spam_limit_presentation, \n\t\
- tests=$acl_m_spam_tests
+ tests=$acl_m_spam_tests:>)