### -*-m4-*- ### ### Transmission to remote hosts for distorted.org.uk Exim configuration. ### ### (c) 2012 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### This program is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with this program; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ###-------------------------------------------------------------------------- ### Listen for incoming connections. SECTION(global, daemon)m4_dnl daemon_smtp_ports = CONF_smtp_port : CONF_submission_port DIVERT(null) ###-------------------------------------------------------------------------- ### Check source addresses for apparently local senders. SECTION(acl, mail-hooks)m4_dnl ## Check that a submitted message's sender address is allowable. require acl = mail_client_addr SECTION(acl, misc)m4_dnl mail_client_addr: ## If this is a message submission then that's handled elsewhere. accept condition = ${if eq{$acl_c_mode}{submission}} ## Make sure that the sender matches the client address. I feel like ## I want to reject these, but that will break stuff. For example, ## if I send mail to an externally hosted address which is really a ## distribution list containing some local address, then we'll ## (approximately legitimately) receive mail with an apparently-local ## sender from a remote host. warn !hosts = ${LOOKUP_DOMAIN($sender_address_domain, {KV(hosts, {$value}{+allnets})}, {${if match_domain {$sender_address_domain} \ {+public} \ {+allnets}{! +allnets}}})} WARNING_HEADER(RCLNTLSNDR, <:Apparently local sender, but received from remote \ server.\n\t\ sender=$sender_address \ host=$sender_host_address:>) ## OK. accept DIVERT(null) ###-------------------------------------------------------------------------- ### Rename locally-meaningful headers in mail from outside. m4_define(<:DISTORTED_HEADERS:>, <:X-CONF_header_token-SpamAssassin-Score, X-CONF_header_token-SpamAssassin-Status:>) SECTION(acl, data)m4_dnl ## If this message is coming from outside then rename headers which ## look like the ones we're likely to add. This is most relevant for ## our spam-report headers, because I'm not sure I understand why ## someone would want to fake an X-Distorted-Warning header. warn !condition = ${if eq{$acl_c_mode}{submission}} !hosts = +allnets set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}}\ RENAME_HEADERS_ADD(<:DISTORTED_HEADERS:>) set acl_m_hdrrm = ${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\ RENAME_HEADERS_REMOVE(<:DISTORTED_HEADERS:>) DIVERT(null) ###-------------------------------------------------------------------------- ### The obvious trivial router. SECTION(routers, remote)m4_dnl ## Send mail on to a host in our own network. We must apply extra security. local: driver = dnslookup domains = ${if bool {${LOOKUP_DOMAIN($domain, {KV(service, {$value}{true})}, {false})}} \ {}{ ! +public : \ CONF_master_domain : \ *.CONF_master_domain }} self = fail transport = smtp_local no_more ## Send mail on to unknown hosts. remote: driver = dnslookup domains = ${if bool {${LOOKUP_DOMAIN($domain, {KV(service, {$value}{true})}, {false})}} \ {}{ ! +public }} self = fail transport = smtp no_more DIVERT(null) ###----- That's all, folks --------------------------------------------------