chiark / gitweb /
9 months agoconfig.m4: Don't deploy the Lets Encrypt certificate on submission. master
Mark Wooding [Wed, 4 Jul 2018 17:42:53 +0000 (18:42 +0100)]
config.m4: Don't deploy the Lets Encrypt certificate on submission.

9 months agoconfig.m4: Present a LetsEncrypt certificate to external clients.
Mark Wooding [Tue, 26 Jun 2018 15:48:54 +0000 (16:48 +0100)]
config.m4: Present a LetsEncrypt certificate to external clients.

9 months agobase.m4, config.m4: Make the certificate list tweakable in config.
Mark Wooding [Tue, 26 Jun 2018 15:26:45 +0000 (16:26 +0100)]
base.m4, config.m4: Make the certificate list tweakable in config.

15 months agobase.m4: Neither accept nor transmit messages with long lines over SMTP.
Mark Wooding [Mon, 15 Jan 2018 09:37:01 +0000 (09:37 +0000)]
base.m4: Neither accept nor transmit messages with long lines over SMTP.

This is an upstream bug:

15 months agobase.m4: Fix indentation of some ACL configuration.
Mark Wooding [Mon, 15 Jan 2018 09:36:39 +0000 (09:36 +0000)]
base.m4: Fix indentation of some ACL configuration.

16 months agobase.m4: Explicitly disable the `CHUNKING' extension.
Mark Wooding [Sat, 25 Nov 2017 10:57:24 +0000 (10:57 +0000)]
base.m4: Explicitly disable the `CHUNKING' extension.


Debian disables this extension by default, but be explicit about it for

20 months agobase.m4: Re-enable RFC1413 (ident) requests.
Mark Wooding [Sun, 13 Aug 2017 23:55:45 +0000 (00:55 +0100)]
base.m4: Re-enable RFC1413 (ident) requests.

This got turned off in 4.86.  Turn it back on.

20 months agoconfig.m4: Fix the `acceptable' ciphers list.
Mark Wooding [Sat, 29 Jul 2017 20:02:39 +0000 (21:02 +0100)]
config.m4: Fix the `acceptable' ciphers list.

Replace `+NORMAL' with the explicit algorithm class wildcards (except
for compression, which I leave turned off).  This completely broke TLS
negotiation for outside senders. :-(

20 months agoconfig.m4: Fiddle with the ciphersuite settings.
Mark Wooding [Sat, 29 Jul 2017 01:55:08 +0000 (02:55 +0100)]
config.m4: Fiddle with the ciphersuite settings.

Enable the fancy elliptic curve toys, AEAD schemes, and general
djbishness.  Also, take an interest in the ordering of ciphers in the
`acceptable' list.

21 months agoconfig.m4: Use correct IPv6 address for national to permit relaying.
Mark Wooding [Fri, 21 Jul 2017 08:30:01 +0000 (09:30 +0100)]
config.m4: Use correct IPv6 address for national to permit relaying.

Bungled in 2f2fc64da4fd3e3edb06589a5e7dd0f3e958a40b :-(

21 months agolists.m4, exchange.m4: Check for bogus addresses when doing DNS lookups.
Mark Wooding [Wed, 19 Jul 2017 09:46:08 +0000 (10:46 +0100)]
lists.m4, exchange.m4: Check for bogus addresses when doing DNS lookups.

Inspired by Chris Siebenmann's `How not to set up your DNS' series; see

21 months agoconfig.m4: Include national as a valid relay host.
Mark Wooding [Fri, 30 Jun 2017 09:47:01 +0000 (10:47 +0100)]
config.m4: Include national as a valid relay host.

21 months agoconfig.m4: Use correct VPN address for chiark.
Mark Wooding [Fri, 30 Jun 2017 09:13:54 +0000 (10:13 +0100)]
config.m4: Use correct VPN address for chiark.

2 years agolists.m4: Preparation for switch to A&A.
Mark Wooding [Mon, 27 Jun 2016 10:05:03 +0000 (11:05 +0100)]
lists.m4: Preparation for switch to A&A.

2 years agovhost-local.m4: Fix missing newline.
Mark Wooding [Wed, 11 May 2016 00:17:19 +0000 (01:17 +0100)]
vhost-local.m4: Fix missing newline.

I left a trap for myself: the extra-stuff argument to the
`USER_SPAMLIMIT_ROUTERS' macro wants a trailing newline (and tab);
otherwise the following material ends up following without a line break.

This went badly wrong: a `condition = ' line was extended with extra
material causing it to always match!  Fortunately little harm was
actually done.

2 years agovhost-local.m4: New hack for delivery to system users via vhosts.
Mark Wooding [Fri, 6 May 2016 17:55:29 +0000 (18:55 +0100)]
vhost-local.m4: New hack for delivery to system users via vhosts.

I decided that `final' is awful.  Now there is a new `sysusers' option
which uses a separate forward file (which can usefully be symlinked to
one's `forward.suffix' if one is careful).

2 years agouser-spam.m4: Fix indentation in the output.
Mark Wooding [Sat, 10 Oct 2015 13:53:08 +0000 (14:53 +0100)]
user-spam.m4: Fix indentation in the output.

2 years agoexim-spam-limit.userv: Include the recommended spam-limit service file.
Mark Wooding [Sat, 7 May 2016 01:14:09 +0000 (02:14 +0100)]
exim-spam-limit.userv: Include the recommended spam-limit service file.

2 years agospam.m4: Include a full path to the Userv client.
Mark Wooding [Sat, 7 May 2016 01:13:14 +0000 (02:13 +0100)]
spam.m4: Include a full path to the Userv client.

Exim clobbers its environment nowadays, so it can't find things with a
PATH search.

2 years agouser-spam.m4: Don't doubly-quote the Userv service-user name.
Mark Wooding [Sat, 7 May 2016 01:12:19 +0000 (02:12 +0100)]
user-spam.m4: Don't doubly-quote the Userv service-user name.

The `SPAMLIMIT_USERV' macro is going to do that for us.

3 years agobase.m4: Be slacker about DH lengths.
Mark Wooding [Wed, 20 Apr 2016 00:52:52 +0000 (01:52 +0100)]
base.m4: Be slacker about DH lengths.

Reduce the minimum size for general outbound SMTP to about 512 bits,
because (a) any DH is better than none, and (b) Exim will defer rather
than switching to plaintext if the receiving SMTP advertises STARTTLS.

Also introduce new transports with lower limits, and be consistent about
actually undershooting the advertised limit by four bits.

3 years agobase.m4: Add an `auth=...' note to the Received header if we're relaying.
Mark Wooding [Thu, 24 Mar 2016 11:01:03 +0000 (11:01 +0000)]
base.m4: Add an `auth=...' note to the Received header if we're relaying.

I'd previously resisted doing this, because the full `AUTH=...' notes
I'm passing around look a lot like email addresses and this might
subvert attempts to use extension addresses or the odin forwarder.  But
it seems a shame to lose this information.

Compromise: report the sender, as a bare user-name, only if the
domain-part is us.  This will, at worst, repeat the user name from the
sending MTA, which told us what it was either as the origin for a local
sender, or the authenticated user name from SMTP authentication or
identd (for submission to localhost).

3 years agobase.m4: Quote the `auth=...' name, in case it has bad characters.
Mark Wooding [Thu, 24 Mar 2016 11:03:18 +0000 (11:03 +0000)]
base.m4: Quote the `auth=...' name, in case it has bad characters.

As a matter of local policy, user names don't in fact contain bad
characters, but it seems good to be careful anyway.

3 years agobase.m4: Pass on authenticated sender properly in `smtp_local'.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
base.m4: Pass on authenticated sender properly in `smtp_local'.

  * Use the new `$acl_m_user' variable to identify the sender, if it's
    set; otherwise use the existing authenticated-sender.

  * Force setting `AUTH=...' to the next hop even though we haven't
    explicitly authenticated.  (Actually, we have, using a TLS client
    certificate, but that doesn't seem to count for pushing `AUTH=...'.)

3 years agoauth.m4: Report the message's authenticated sender at `DATA' time.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
auth.m4: Report the message's authenticated sender at `DATA' time.

This leaves a handy dropping in the log file which allows us to
associate message queue ids with authenticated users.

3 years agobase.m4, auth.m4: Track a per-message authenticated user.
Mark Wooding [Thu, 24 Mar 2016 10:48:56 +0000 (10:48 +0000)]
base.m4, auth.m4: Track a per-message authenticated user.

If we're relaying mail, and believing `AUTH=...' notes on `MAIL' lines,
then (a) we might be given several messages during a session, and (b)
they will in general have different `AUTH=...' notes, or none at all.
If we want to report the authenticated sender of a message, then, it's
important to track this information separately for each message.

Therefore, introduce `$acl_m_user', as a per-message counterpart to
`$acl_c_user'.  It gets set the same as `$acl_c_user' for non-SMTP
messages (where there can only be one) and after we've just checked a
submitter, in `mail_auth_check'; but it also gets set from
`$authenticated_sender' in the `mailauth' ACL.

3 years agoauth.m4: Fix whitespace bogosity in `mailauth' ACL.
Mark Wooding [Thu, 24 Mar 2016 09:40:16 +0000 (09:40 +0000)]
auth.m4: Fix whitespace bogosity in `mailauth' ACL.

3 years agodivmap.m4, spam.m4: Rename `data-spam' diversion to `data-hooks'.
Mark Wooding [Thu, 24 Mar 2016 09:38:33 +0000 (09:38 +0000)]
divmap.m4, spam.m4: Rename `data-spam' diversion to `data-hooks'.

3 years agospam.m4, user-spam.m4: Log details about spam rejections for users.
Mark Wooding [Wed, 23 Mar 2016 22:33:05 +0000 (22:33 +0000)]
spam.m4, user-spam.m4: Log details about spam rejections for users.

  * When we notice a delivery to a user during recipient verification,
    take a note of the user's name in the `user' field of the

  * In the `rcpt_spam' ACL, pick the user name out of the address_data
    and remember it and the corresponding recipient address (in a rather
    unpleasantly escaped form) along with the others in the variable

  * Finally, in `data_spam', if we end up rejecting the message, log a
    message with the condensed SpamAssassin report, and the user names
    and matching recipient addresses.

This leaves, in the rejectlog, enough information for a service to tell
which rejection reports apply to a calling user, and tell them about the
message.  We should be able to pick the sender address and the headers
from the usual rejection report, but we don't want to leak the other
envelope recipient addresses.  (The user would have seen the /header/
recipients had we not rejected the message as being spam; but the
envelope may contain Bcc recipients or other interesting secrets.)

3 years agospam.m4: Hoist the spam-report formatting to before the rejection.
Mark Wooding [Wed, 23 Mar 2016 22:22:23 +0000 (22:22 +0000)]
spam.m4: Hoist the spam-report formatting to before the rejection.

We're going to want this report either way.

3 years agospam.m4: Capture extracting a field from `$address_data' in a macro.
Mark Wooding [Wed, 23 Mar 2016 22:19:16 +0000 (22:19 +0000)]
spam.m4: Capture extracting a field from `$address_data' in a macro.

This makes things a little easier to read anyway, and we're going to be
doing this more soon.

3 years agosatellite.m4: Fix newlines around the `alias' router options.
Mark Wooding [Fri, 18 Mar 2016 09:39:34 +0000 (09:39 +0000)]
satellite.m4: Fix newlines around the `alias' router options.

3 years agoMakefile: Set config options from mode-specific make variables.
Mark Wooding [Fri, 18 Mar 2016 09:38:59 +0000 (09:38 +0000)]
Makefile: Set config options from mode-specific make variables.

Use this to set `sysdomains' for the `srv' mode; now we don't need
`nosysdomains.m4' any more.

3 years agodefs.m4: Fix `generated' warnings.
Mark Wooding [Fri, 18 Mar 2016 08:55:20 +0000 (08:55 +0000)]
defs.m4: Fix `generated' warnings.

  * Refer to the correct sources.  Somehow they managed to be different
    between the top and tail warnings.

  * Mention which server mode the file was generated for.

3 years agoUpdates for CVE-2016-1531.
Mark Wooding [Wed, 16 Mar 2016 23:00:24 +0000 (23:00 +0000)]
Updates for CVE-2016-1531.

  * Leave the environment clear, but do this explicitly because
    otherwise Exim moans constantly.  I think that we don't need
    environment variables propagated from anywhere, so this is OK.

  * Use absolute paths when checking configuration files during the

3 years agouser-spam.m4: Look up spam limit for lots of recipient.
Mark Wooding [Mon, 28 Sep 2015 09:19:17 +0000 (10:19 +0100)]
user-spam.m4: Look up spam limit for lots of recipient.

If the envelope recipient has been changed by forwarding or aliasing
then look up a spam limit using all of the recipient addresses
available to us at the time.

This is particularly important for users of forwarding services such
as that provided by `'.

3 years agospam.m4, user-spam.m4 (COMPATIBILITY): Don't split out prefix/suffix.
Mark Wooding [Mon, 28 Sep 2015 09:14:02 +0000 (10:14 +0100)]
spam.m4, user-spam.m4 (COMPATIBILITY): Don't split out prefix/suffix.

Don't pass the local-part prefix and suffix as separate items to the
spam-limit lookups.  This doesn't affect the plain file lookup, but it
does change the userv interface, which nobody is currently using.

3 years agobase.m4: Slacken off local submission processing some more.
Mark Wooding [Sun, 27 Sep 2015 22:49:32 +0000 (23:49 +0100)]
base.m4: Slacken off local submission processing some more.

We're already allowing arbitrary envelope senders.  Now don't clobber
the `Sender' header.

3 years agolists.m4: Jaguar has a proper certificate now.
Mark Wooding [Thu, 24 Sep 2015 22:35:28 +0000 (23:35 +0100)]
lists.m4: Jaguar has a proper certificate now.

3 years agoAdd warning headers directly.
Mark Wooding [Thu, 16 Jul 2015 20:34:01 +0000 (21:34 +0100)]
Add warning headers directly.

This means we have to stop renaming them.  But if we don't do this then
we can't test the headers in the spam filter.

3 years agodefs.m4: Remove spurious initial space.
Mark Wooding [Thu, 16 Jul 2015 20:33:11 +0000 (21:33 +0100)]
defs.m4: Remove spurious initial space.

3 years agoconfig.m4: Allow relaying by chiark over the VPN.
Mark Wooding [Sat, 20 Jun 2015 16:54:00 +0000 (17:54 +0100)]
config.m4: Allow relaying by chiark over the VPN.

3 years agoexchange.m4: Rename X-Distorted-... headers in messages from outside.
Mark Wooding [Sun, 14 Jun 2015 12:54:40 +0000 (13:54 +0100)]
exchange.m4: Rename X-Distorted-... headers in messages from outside.

They're quite possibly misleading.  I don't think there's much harm
which can be done by adding extra X-Distorted-Warning headers, but
certainly we don't want anyone confusing things by adding their own
X-Distorted-SpamAssassin-... headers.  (That won't affect the server's
assessment of spamminess in any obvious way, but the purpose of the
header is to give user filters something to act on, so it's important
that they use the true header rather than the wrong one.)

3 years agoDelay ACL header edits until transport time.
Mark Wooding [Sun, 14 Jun 2015 12:51:55 +0000 (13:51 +0100)]
Delay ACL header edits until transport time.

Don't use the `add_header' ACL control any more.  Instead, just
accumulate the desired header additions and removals in variables, and
apply them at transport time.

This way, the headers we see in the message are the unmodified ones, as
the message was originally given to us.  We can therefore apply header
/removals/ (which aren't allowed in ACLs, so have to be delayed to
routing/transport time) coherently, without the risk of clobbering
the headers we've added ourselves.

3 years agodefs.m4: RENAME_HEADERS_ADD doesn't need separators.
Mark Wooding [Sun, 14 Jun 2015 12:46:06 +0000 (13:46 +0100)]
defs.m4: RENAME_HEADERS_ADD doesn't need separators.

Indeed, everything works much better if we agree to terminate header
lines with a newline rather than separate them.

3 years agoAdd config variable for the ...-Distorted-... token in headers.
Mark Wooding [Sat, 13 Jun 2015 23:55:41 +0000 (00:55 +0100)]
Add config variable for the ...-Distorted-... token in headers.

3 years agodefs.m4, local.m4: Abstract out machinery for header-renaming lists.
Mark Wooding [Sat, 13 Jun 2015 23:47:59 +0000 (00:47 +0100)]
defs.m4, local.m4: Abstract out machinery for header-renaming lists.

We're going to be renaming some more headers soon...

3 years agospam.m4: Rename X-SpamAssassin-* headers to X-Distorted-SpamAssassin-*.
Mark Wooding [Sat, 13 Jun 2015 10:16:33 +0000 (11:16 +0100)]
spam.m4: Rename X-SpamAssassin-* headers to X-Distorted-SpamAssassin-*.

This makes them less confusing because other mailservers attach their
own SpamAssassin reports.

3 years agobase.m4: Only get picky about HELO hostnames from external servers.
Mark Wooding [Mon, 1 Jun 2015 01:43:47 +0000 (02:43 +0100)]
base.m4: Only get picky about HELO hostnames from external servers.

3 years agobase.m4: Allow arbitrary claimed envelope and header senders.
Mark Wooding [Mon, 1 Jun 2015 01:24:55 +0000 (02:24 +0100)]
base.m4: Allow arbitrary claimed envelope and header senders.

3 years agoGive up on checking claimed sender addresses.
Mark Wooding [Sun, 31 May 2015 15:48:45 +0000 (16:48 +0100)]
Give up on checking claimed sender addresses.

I'm told that it's more hassle than its worth.  I can track down
forgeries sufficiently well by staring at Received headers and staring
at logs.

3 years agoAllow satellite hosts to do alias processing.
Mark Wooding [Fri, 10 Apr 2015 14:19:25 +0000 (15:19 +0100)]
Allow satellite hosts to do alias processing.

  * Do smarthost relaying after alias processing, by adding a new
    diversion for it, rather than reusing the `routers/remote'

  * Move alias processing to `base.m4', and include a new diversion for
    additional options.

  * Have `satellite.m4' attach a `domains' condition to the alias
    processing, so that we only do this for more-or-less local

3 years agolists.m4: Carve out the administratively anomalous hosts from +allnets.
Mark Wooding [Tue, 12 May 2015 08:37:56 +0000 (09:37 +0100)]
lists.m4: Carve out the administratively anomalous hosts from +allnets.

Now jaguar and richmond can send us mail without a complete disaster

3 years agolocal.m4: Rename headers with special significance to Dovecot.
Mark Wooding [Mon, 4 May 2015 10:01:14 +0000 (11:01 +0100)]
local.m4: Rename headers with special significance to Dovecot.

3 years agodefs.m4: New macros for inserting separators into lists.
Mark Wooding [Mon, 4 May 2015 10:00:46 +0000 (11:00 +0100)]
defs.m4: New macros for inserting separators into lists.

3 years agodefs.m4: Fix commentary, and add missing descriptions.
Mark Wooding [Mon, 4 May 2015 10:00:12 +0000 (11:00 +0100)]
defs.m4: Fix commentary, and add missing descriptions.

3 years agoMakefile: Include satellite rewrite rule in service-host configurations.
Mark Wooding [Sat, 2 May 2015 17:36:18 +0000 (18:36 +0100)]
Makefile: Include satellite rewrite rule in service-host configurations.

Locally-directed mail will need to go to the main hub, and we'll have to
trim off the local hostname to make that happen.

4 years agoexchange.m4, lists.m4: Standard routing for `service=no' domains.
Mark Wooding [Thu, 2 Apr 2015 01:35:19 +0000 (02:35 +0100)]
exchange.m4, lists.m4: Standard routing for `service=no' domains.

Domains listed in `domains.conf' with `service = false' or similar get
the standard routing arrangements, and aren't subject to virtual-host

4 years agoMakefile: New configuration flavour for service-only mailservers.
Mark Wooding [Thu, 2 Apr 2015 00:00:47 +0000 (01:00 +0100)]
Makefile: New configuration flavour for service-only mailservers.

4 years agobase.m4: Exim wants `::0' rather than `::' as the magic IPv6 wildcard.
Mark Wooding [Thu, 2 Apr 2015 00:00:26 +0000 (01:00 +0100)]
base.m4: Exim wants `::0' rather than `::' as the magic IPv6 wildcard.

4 years agoconfig.m4, exchange.m4, lists.m4: Allow optout from serving main domain.
Mark Wooding [Wed, 1 Apr 2015 18:16:07 +0000 (19:16 +0100)]
config.m4, exchange.m4, lists.m4: Allow optout from serving main domain.

This is useful for hosts which provide external mail service for
special subdomains, but don't provide service for local users.

4 years agoMakefile, spam.m4, user-spam.m4: Put user limit config in its own file.
Mark Wooding [Wed, 1 Apr 2015 18:14:40 +0000 (19:14 +0100)]
Makefile, spam.m4, user-spam.m4: Put user limit config in its own file.

4 years agobase.m4, config.m4: Define `trusted_users'.
Mark Wooding [Thu, 29 Jan 2015 16:52:17 +0000 (16:52 +0000)]
base.m4, config.m4: Define `trusted_users'.

4 years agoMerge branch 'master' of
Mark Wooding [Sat, 20 Dec 2014 19:57:25 +0000 (19:57 +0000)]
Merge branch 'master' of

* 'master' of
  README: Add a bunch of technical documentation.

4 years agoREADME: Add a bunch of technical documentation.
Mark Wooding [Sat, 20 Dec 2014 19:33:59 +0000 (19:33 +0000)]
README: Add a bunch of technical documentation.

4 years agoMerge branch 'master' of
Mark Wooding [Sat, 20 Dec 2014 13:40:23 +0000 (13:40 +0000)]
Merge branch 'master' of

* 'master' of
  base.m4: New `senders' entry in `domains.conf'.
  base.m4: Missing subsection name.
  spam.m4: No, we can't check domains in the DATA ACL.
  spam.m4: Allow virtual domains to opt out of spam checking.

4 years agobase.m4: Use certlists including the issuer, rather than bare certificates.
Mark Wooding [Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)]
base.m4: Use certlists including the issuer, rather than bare certificates.

These work better with DANE TLSA records, coming soon.  (Maybe.)

4 years agobase.m4: New `senders' entry in `domains.conf'.
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
base.m4: New `senders' entry in `domains.conf'.

This is a get-out-of-gaol card for sending domains too badly
misconfigured to manage a valid DNS A or MX record.

4 years agobase.m4: Missing subsection name.
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
base.m4: Missing subsection name.

4 years agospam.m4: No, we can't check domains in the DATA ACL.
Mark Wooding [Wed, 14 May 2014 08:54:56 +0000 (09:54 +0100)]
spam.m4: No, we can't check domains in the DATA ACL.

Whoops.  We've been deferring for a while.  This is quite bad.

4 years agospam.m4: Allow virtual domains to opt out of spam checking.
Mark Wooding [Mon, 12 May 2014 19:04:00 +0000 (20:04 +0100)]
spam.m4: Allow virtual domains to opt out of spam checking.

4 years agobase.m4: `helo.conf' entries are `;'-separated.
Mark Wooding [Sun, 4 May 2014 21:30:12 +0000 (22:30 +0100)]
base.m4: `helo.conf' entries are `;'-separated.

4 years agovhost.m4: Configurable spam limit in virtual hosts.
Mark Wooding [Sat, 3 May 2014 14:04:39 +0000 (15:04 +0100)]
vhost.m4: Configurable spam limit in virtual hosts.

4 years agospam.m4: Refactor routers with macros.
Mark Wooding [Sat, 3 May 2014 14:03:36 +0000 (15:03 +0100)]
spam.m4: Refactor routers with macros.

Split the big router into two separate ones.  Arrange that routers don't
set a spam limit if there's already one set (so the first one wins!).

4 years agoconfig.m4, spam.m4: Hack in configurable Userv options.
Mark Wooding [Sat, 3 May 2014 14:02:26 +0000 (15:02 +0100)]
config.m4, spam.m4: Hack in configurable Userv options.

Mainly useful so that you can say `--spoof-user Debian-exim' when

4 years agospam.m4: The ${run ...} expansion doesn't do PATH lookup.
Mark Wooding [Sat, 3 May 2014 12:24:32 +0000 (13:24 +0100)]
spam.m4: The ${run ...} expansion doesn't do PATH lookup.

So we must do this ourselves.

4 years agospam.m4: Quote the arguments to the Userv service properly.
Mark Wooding [Sat, 3 May 2014 12:23:20 +0000 (13:23 +0100)]
spam.m4: Quote the arguments to the Userv service properly.

The Exim specification lies about how ${run ...} works.  We have to fix
this in post-production.

5 years agobase.m4: Overhaul the relay-permission check.
Mark Wooding [Tue, 22 Apr 2014 17:18:03 +0000 (18:18 +0100)]
base.m4: Overhaul the relay-permission check.

Don't provide public service to all domains in `domains.conf': check the
`service' property to see whether it should be allowed.

5 years agoNew file `auth-sender.conf' lists extra allowed senders for users.
Mark Wooding [Sat, 5 Apr 2014 08:58:02 +0000 (09:58 +0100)]
New file `auth-sender.conf' lists extra allowed senders for users.

This is an escape hatch I'm not using yet.

5 years agobase.m4: Check that the ident daemon actually gave us an answer.
Mark Wooding [Fri, 4 Apr 2014 18:32:14 +0000 (19:32 +0100)]
base.m4: Check that the ident daemon actually gave us an answer.

5 years agobase.m4: Simplify the bare `smtp' router.
Mark Wooding [Tue, 25 Mar 2014 11:48:54 +0000 (11:48 +0000)]
base.m4: Simplify the bare `smtp' router.

It's no longer generated with the `SMTP_TRANS_DHBITS' macro.  Since it's
only used when the recipient domain is unknown, the various tunable
parameters are never actually tuned.

This has another happy effect: it bodges around Exim bug #1413.

5 years agobase.m4, vhost.m4: Very hacky DH field-size limitation.
Mark Wooding [Wed, 19 Mar 2014 16:18:12 +0000 (16:18 +0000)]
base.m4, vhost.m4: Very hacky DH field-size limitation.

We can't set `tls_dh_min_bits' from an expansion.  So set up multiple
transports for different thresholds.

5 years agoauth.m4, base.m4: Client authentication machinery.
Mark Wooding [Tue, 18 Mar 2014 16:32:42 +0000 (16:32 +0000)]
auth.m4, base.m4: Client authentication machinery.

If the server knows secrets for authenticating to a remote server, it
can use them.

5 years agobase.m4: Tweakable TLS parameters in `smtp' transport.
Mark Wooding [Mon, 17 Mar 2014 21:30:57 +0000 (21:30 +0000)]
base.m4: Tweakable TLS parameters in `smtp' transport.

Now we can designate particular hosts as requiring TLS, with proper
certificate checking and maybe client certification.  No SMTP client
authentication yet.

5 years agobase.m4, exchange.m4: Move TLS tweaks to `base.m4'.
Mark Wooding [Mon, 17 Mar 2014 21:25:54 +0000 (21:25 +0000)]
base.m4, exchange.m4: Move TLS tweaks to `base.m4'.

Non-hub hosts want this so that they can receive mail for local users.

5 years agovhost.m4: Use `;' to separate hostnames in `route' entries.
Mark Wooding [Mon, 17 Mar 2014 21:18:16 +0000 (21:18 +0000)]
vhost.m4: Use `;' to separate hostnames in `route' entries.

5 years agobase.m4, exchange.m4: Improve key/value syntax in warnings.
Mark Wooding [Mon, 17 Mar 2014 09:55:41 +0000 (09:55 +0000)]
base.m4, exchange.m4: Improve key/value syntax in warnings.

Only just noticed `HELO name=...' which is awful; change to
`helo-name=...'.  Also, kill the separating commas.

5 years agoauth.m4, base.m4, lists.m4: Allow local submission to port 25.
Mark Wooding [Sun, 16 Mar 2014 14:06:27 +0000 (14:06 +0000)]
auth.m4, base.m4, lists.m4: Allow local submission to port 25.

Extend the current rules for submission to localhost port 25 to all of
the host's local addresses.  The server won't try to talk to itself on
this port, so this is sensible, and there's probably crappy software out
there which assume that it works.

5 years agobase.m4: Don't report HELO host expicitly.
Mark Wooding [Sun, 16 Mar 2014 14:05:25 +0000 (14:05 +0000)]
base.m4: Don't report HELO host expicitly.

Exim will report it for us if it's anomalous.  (And we'll add a fearsome
warning banner about it.)

5 years agoauth.m4, base.m4, exchange.m4: Make sender-address checking universal.
Mark Wooding [Sun, 16 Mar 2014 14:04:00 +0000 (14:04 +0000)]
auth.m4, base.m4, exchange.m4: Make sender-address checking universal.

Previously, satellite hosts weren't doing this at all, and usersat hosts
were doing it half-heartedly.  Make sure that everyone does it.

5 years agosat-rewrite.m4: On satellite hosts, rewrite
Mark Wooding [Sun, 16 Mar 2014 12:54:46 +0000 (12:54 +0000)]
sat-rewrite.m4: On satellite hosts, rewrite

These addresses are simply wrong, but stamping out programs which try to
issue them one by one is too difficult.

5 years agodivmap.m4, lists.m4, vhost.m4: End-stop for required local parts.
Mark Wooding [Thu, 6 Mar 2014 01:59:29 +0000 (01:59 +0000)]
divmap.m4, lists.m4, vhost.m4: End-stop for required local parts.

We really want to support `postmaster' and `abuse' (any maybe other
local parts which every domain should have), so send them to the
domain owner if nobody has accepted them already.

This involves moving the end-stop for `final' domains into a separate
router, which is a little strange in its configuration, but it does
the job.

5 years agodivmap.m4: Move descriptions over by a tab stop.
Mark Wooding [Thu, 6 Mar 2014 01:52:39 +0000 (01:52 +0000)]
divmap.m4: Move descriptions over by a tab stop.

We have some longer names coming.

5 years agovhost.m4: Refactor virtual host routing some more.
Mark Wooding [Thu, 6 Mar 2014 01:54:33 +0000 (01:54 +0000)]
vhost.m4: Refactor virtual host routing some more.

Move the does-this-key-exist condition out of the `VHOST' macro and
into `VHOST_FILTER'.  Alas, this means we must repeat the logic for
the `virtual_route' router.  But we can take the opportunity to elide
the unnecessary existence checks for the domain keys we just tested in
the router conditions.

Also, switch the arguments to `VHOST_FILTER' around.  I think they
make more sense like this.

5 years agovhost.m4: Rename `route' to `virtual_route'.
Mark Wooding [Thu, 6 Mar 2014 02:03:28 +0000 (02:03 +0000)]
vhost.m4: Rename `route' to `virtual_route'.

The old name was just way too generic.

5 years agoChange how filtering routers work.
Mark Wooding [Wed, 5 Mar 2014 17:36:22 +0000 (17:36 +0000)]
Change how filtering routers work.

Commit e7b830e7... was overzealous.  In particular, it took the
`alias' router from working.  Take out `verify = false' from the
`FILTER_TRANSPORT' options, and replace this with a macro
`FILTER_ROUTER' which generates a verify/delivery router pair with the
right stuff in.

This change also introduces verification-time processing for
`~/.mail/forward' and `~/.forward' files, since that's easy and
possibly useful.

5 years agobase.m4: Remove spaces around `=' signs in BADHELO warning.
Mark Wooding [Sun, 2 Mar 2014 20:26:47 +0000 (20:26 +0000)]
base.m4: Remove spaces around `=' signs in BADHELO warning.

Makes things easier to parse.

5 years agobase.m4: Remove <...> from envelope sender address in Received lines.
Mark Wooding [Sun, 23 Feb 2014 13:56:02 +0000 (13:56 +0000)]
base.m4: Remove <...> from envelope sender address in Received lines.

5 years agovhost.m4: Add transports to the live filter routers.
Mark Wooding [Wed, 12 Feb 2014 12:52:41 +0000 (12:52 +0000)]
vhost.m4: Add transports to the live filter routers.

5 years agobase.m4 (FILTER_TRANSPORTS): Don't use these when verifying.
Mark Wooding [Wed, 12 Feb 2014 12:52:11 +0000 (12:52 +0000)]
base.m4 (FILTER_TRANSPORTS): Don't use these when verifying.

Exim gets very upset.