user-spam.m4: Fix indentation in the output.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 8f962bb4462f44f7bbe6d39ab24426938a65ed77..e78194a5645a484e2601c0a1a042a7340d76f38c 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -73,7 +73,13 @@ received_header_text = Received: \
        ${if def:sender_address \
             {(envelope-from $sender_address\
              ${if def:authenticated_id \
-                  {; auth=$authenticated_id}})\n\t}}\
+                  {; auth=${quote_local_part:$authenticated_id}} \
+                  {${if and {{def:authenticated_sender} \
+                             {match_address{$authenticated_sender} \
+                                           {*@CONF_master_domain}}} \
+                        {; auth=${quote_local_part:\
+                                   ${local_part:\
+                                     $authenticated_sender}}}}}})\n\t}}\
        id $message_exim_id\
        ${if def:received_for {\n\tfor $received_for}}
 
@@ -81,11 +87,16 @@ SECTION(global, smtp)m4_dnl
 smtp_return_error_details = true
 accept_8bitmime = true
 
+SECTION(global, env)m4_dnl
+keep_environment =
+
 SECTION(global, process)m4_dnl
 extract_addresses_remove_arguments = false
 headers_charset = utf-8
 qualify_domain = CONF_master_domain
 untrusted_set_sender = *
+local_from_check = false
+local_sender_retain = true
 
 SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
@@ -142,6 +153,7 @@ SECTION(acl, misc)m4_dnl
 not_smtp_start:
        ## Record the user's name.
        warn     set acl_c_user = $sender_ident
+                set acl_m_user = $sender_ident
 
        ## Done.
        accept
@@ -160,11 +172,10 @@ mail:
        warn     condition = $acl_c_helo_warning
                !condition = ${if eq{$acl_c_mode}{submission}}
                !hosts = +allnets
-                add_header = :after_received:X-Distorted-Warning: \
-                       BADHELO \
-                       Client's HELO doesn't match its IP address.\n\t\
-                       helo-name=$sender_helo_name \
-                       address=$sender_host_address
+                WARNING_HEADER(BADHELO,
+                               <:Client's HELO doesn't match its IP address.\n\t\
+                                 helo-name=$sender_helo_name \
+                                 address=$sender_host_address:>)
 
        ## Always allow the empty sender, so that we can receive bounces.
        accept   senders = :
@@ -308,6 +319,10 @@ mail_check_auth:
        deny     message = Sender not authenticated
                 condition = ${if !def:acl_c_user}
 
+       ## Set the per-message authentication flag, since we now know that
+       ## there's a sensible value.
+       warn     set acl_m_user = $acl_c_user
+
        ## All done.
        accept
 
@@ -382,6 +397,16 @@ m4_define(<:USER_DELIVERY:>,
        envelope_to_add = true
        return_path_add = true:>)
 
+m4_define(<:APPLY_HEADER_CHANGES:>,
+       <:headers_add = m4_ifelse(<:$1:>, <::>,
+               <:$acl_m_hdradd:>,
+               <:${if def:acl_m_hdradd{$acl_m_hdradd\n}}\
+               $1:>)
+       headers_remove = m4_ifelse(<:$2:>, <::>,
+               <:$acl_m_hdrrm:>,
+               <:${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
+               $2:>):>)
+
 SECTION(transports)m4_dnl
 ## A standard transport for remote delivery.  By default, try to do TLS, and
 ## don't worry too much if it's not very secure: the alternative is sending
@@ -391,12 +416,14 @@ SECTION(transports)m4_dnl
 ## it into the transport name.  This is very unpleasant, of course.
 smtp:
        driver = smtp
+       APPLY_HEADER_CHANGES
        tls_require_ciphers = CONF_acceptable_ciphers
-       tls_dh_min_bits = 1020
+       tls_dh_min_bits = 508
        tls_tempfail_tryclear = true
 
 m4_define(<:SMTP_TRANS_DHBITS:>,
        <:driver = smtp
+       APPLY_HEADER_CHANGES
        hosts_try_auth = *
        hosts_require_tls = DOMKV(tls-peer-ca, {*}{})
        hosts_require_auth = \
@@ -414,15 +441,20 @@ m4_define(<:SMTP_TRANS_DHBITS:>,
                      {CONF_acceptable_ciphers})
        tls_dh_min_bits = $1
        tls_tempfail_tryclear = true:>)m4_dnl
+smtp_dhbits_512:
+       SMTP_TRANS_DHBITS(508)
+smtp_dhbits_768:
+       SMTP_TRANS_DHBITS(764)
 smtp_dhbits_1024:
        SMTP_TRANS_DHBITS(1020)
 smtp_dhbits_2048:
-       SMTP_TRANS_DHBITS(2046)
+       SMTP_TRANS_DHBITS(2044)
 
 ## Transport to a local SMTP server; use TLS and perform client
 ## authentication.
 smtp_local:
        driver = smtp
+       APPLY_HEADER_CHANGES
        hosts_require_tls = *
        tls_certificate = CONF_sysconf_dir/client.certlist
        tls_privatekey = CONF_sysconf_dir/client.key
@@ -430,13 +462,16 @@ smtp_local:
        tls_require_ciphers = CONF_good_ciphers
        tls_dh_min_bits = 2046
        tls_tempfail_tryclear = false
-       authenticated_sender = ${if def:authenticated_id \
-                                   {$authenticated_id@CONF_master_domain} \
-                                   fail}
+       authenticated_sender_force = true
+       authenticated_sender = \
+               ${if def:acl_m_user {$acl_m_user@CONF_master_domain} \
+                    {${if def:authenticated_sender {$authenticated_sender} \
+                          fail}}}
 
 ## A standard transport for local delivery.
 deliver:
        driver = appendfile
+       APPLY_HEADER_CHANGES
        file = /var/mail/$local_part
        group = mail
        mode = 0600
@@ -446,17 +481,20 @@ deliver:
 ## Transports for user filters.
 mailbox:
        driver = appendfile
+       APPLY_HEADER_CHANGES
        initgroups = true
        USER_DELIVERY
 
 maildir:
        driver = appendfile
+       APPLY_HEADER_CHANGES
        maildir_format = true
        initgroups = true
        USER_DELIVERY
 
 pipe:
        driver = pipe
+       APPLY_HEADER_CHANGES
        path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
                /usr/local/bin:/usr/local/sbin:\
                /usr/bin:/usr/sbin:/bin:/sbin