{false}}:>)
m4_define(<:ALLOW_PLAINTEXT_AUTH_P:>,
-<:or {{match_ip {$sender_host_address}{+localnet}} \
+<:or {{match_ip {$sender_host_address}{+thishost}} \
{and {{def:tls_cipher} {eq{$acl_c_mode}{submission}}}}}:>)
SECTION(auth)m4_dnl
## and we should only care about the most recent one.
warn set acl_c_helo_warning = false
!condition = \
+ ${if and {{match_ip {$sender_host_address} \
+ {<; 127.0.0.0/8 ; ::1}} \
+ {match_domain {$sender_helo_name} \
+ {localhost : +thishost}}}}
+ !condition = \
${if exists {CONF_sysconf_dir/helo.conf} \
{${lookup {$sender_helo_name} \
partial0-lsearch \
check_submission:
## See whether this message needs hacking on.
- accept !hosts = +localnet
+ accept !hosts = +thishost
!condition = ${if ={$received_port}{CONF_submission_port}}
set acl_c_mode = relay
## loopback connection, then we can trust identd to tell us the right
## answer. So we should stash the right name somewhere consistent.
warn set acl_c_user = $authenticated_id
- hosts = +localnet
+ hosts = +thishost
!authenticated = *
set acl_c_user = $sender_ident
## User must be authenticated.
deny message = Sender not authenticated
- !hosts = +localnet
+ !hosts = +thishost
!authenticated = *
## Make sure that the local part is one that the authenticated sender
## Definitions for known networks.
hostlist localnet = <; \
127.0.0.0/8 ; ::1
+hostlist thishost = <; \
+ +localnet ; @[]
hostlist border = <; \
62.49.204.144/28 ; 2001:470:1f09:1b98::/64 ; \
212.13.198.64/28 ; 2001:ba8:0:1d9::/64