auth.m4, base.m4, lists.m4: Allow local submission to port 25.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 62b46ab8a4707243381f500d60d851b060360480..c9c04ffe8a3c79f8b059428f360627fe713e2f86 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -104,6 +104,11 @@ helo:
        ## Also, we're liable to get a subsequent HELO (e.g., after STARTTLS)
        ## and we should only care about the most recent one.
        warn     set acl_c_helo_warning = false
+               !condition = \
+                       ${if and {{match_ip {$sender_host_address} \
+                                           {<; 127.0.0.0/8 ; ::1}} \
+                                 {match_domain {$sender_helo_name} \
+                                               {localhost : +thishost}}}}
                !condition = \
                        ${if exists {CONF_sysconf_dir/helo.conf} \
                             {${lookup {$sender_helo_name} \
@@ -180,7 +185,7 @@ SECTION(acl, connect-tail)m4_dnl
 
 check_submission:
        ## See whether this message needs hacking on.
-       accept  !hosts = +localnet
+       accept  !hosts = +thishost
                !condition = ${if ={$received_port}{CONF_submission_port}}
                 set acl_c_mode = relay
 
@@ -241,13 +246,13 @@ mail_check_auth:
        ## loopback connection, then we can trust identd to tell us the right
        ## answer.  So we should stash the right name somewhere consistent.
        warn     set acl_c_user = $authenticated_id
-                hosts = +localnet
+                hosts = +thishost
                !authenticated = *
                 set acl_c_user = $sender_ident
 
        ## User must be authenticated.
        deny     message = Sender not authenticated
-               !hosts = +localnet
+               !hosts = +thishost
                !authenticated = *
 
        ## Make sure that the local part is one that the authenticated sender