From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 20 Dec 2014 13:40:23 +0000 (+0000)
Subject: Merge branch 'master' of git.distorted.org.uk:~mdw/publish/public-git/exim-config
X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/commitdiff_plain/8c55c5f23219896ff4531a6b5d63731e62da1b8a?hp=-c

Merge branch 'master' of git.distorted.org.uk:~mdw/publish/public-git/exim-config

* 'master' of git.distorted.org.uk:~mdw/publish/public-git/exim-config:
  base.m4: New `senders' entry in `domains.conf'.
  base.m4: Missing subsection name.
  spam.m4: No, we can't check domains in the DATA ACL.
  spam.m4: Allow virtual domains to opt out of spam checking.
---

8c55c5f23219896ff4531a6b5d63731e62da1b8a
diff --combined base.m4
index 73c454b,579e835..807c57a
--- a/base.m4
+++ b/base.m4
@@@ -89,7 -89,7 +89,7 @@@ SECTION(global, bounce)m4_dn
  delay_warning = 1h : 24h : 2d
  
  SECTION(global, tls)m4_dnl
 -tls_certificate = CONF_sysconf_dir/server.cert
 +tls_certificate = CONF_sysconf_dir/server.certlist
  tls_privatekey = CONF_sysconf_dir/server.key
  tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
  tls_dhparam = CONF_ca_dir/dh-param-2048.pem
@@@ -161,11 -161,8 +161,8 @@@ mail
  	## Always allow the empty sender, so that we can receive bounces.
  	accept	 senders = :
  
- 	## Ensure that the sender is routable.  This is important to prevent
- 	## undeliverable bounces.
- 	require	 message = Invalid sender; \
- 			($sender_verify_failure; $acl_verify_message)
- 		 verify = sender
+ 	## Ensure that the sender looks valid.
+ 	require	 acl = mail_check_sender
  
  	## If this is directly from a client then hack on it for a while.
  	warn	 condition = ${if eq{$acl_c_mode}{submission}}
@@@ -184,6 -181,23 +181,23 @@@ SECTION(acl, mail-tail)m4_dn
  	## And we're done.
  	accept
  
+ SECTION(acl, misc)m4_dnl
+ mail_check_sender:
+ 
+ 	## See whether there's a special exception for this sender domain.
+ 	accept	 senders = ${LOOKUP_DOMAIN($sender_address_domain,
+ 			     {KV(senders, {$value}{})},
+ 			     {})}
+ 
+ 	## Ensure that the sender is routable.  This is important to prevent
+ 	## undeliverable bounces.
+ 	require	 message = Invalid sender; \
+ 			($sender_verify_failure; $acl_verify_message)
+ 		 verify = sender
+ 
+ 	## We're good, then.
+ 	accept
+ 
  SECTION(global, acl)m4_dnl
  acl_smtp_connect = connect
  SECTION(acl, connect)m4_dnl
@@@ -258,7 -272,7 +272,7 @@@ SECTION(acl, data-tail)m4_dn
  SECTION(global, acl)m4_dnl
  acl_smtp_expn = expn_vrfy
  acl_smtp_vrfy = expn_vrfy
- SECTION(acl)m4_dnl
+ SECTION(acl, misc)m4_dnl
  expn_vrfy:
  	accept	 hosts = +trusted
  	deny	 message = Suck it and see
@@@ -414,7 -428,7 +428,7 @@@ smtp_dhbits_2048
  smtp_local:
  	driver = smtp
  	hosts_require_tls = *
 -	tls_certificate = CONF_sysconf_dir/client.cert
 +	tls_certificate = CONF_sysconf_dir/client.certlist
  	tls_privatekey = CONF_sysconf_dir/client.key
  	tls_verify_certificates = CONF_ca_dir/ca.cert
  	tls_require_ciphers = CONF_good_ciphers