X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/exim-config/blobdiff_plain/6aae076feb9b8fc05099dc68fc00100472004701..5013c11c5d2038f1eb3e70272cd4cc0e05fd25bc:/exchange.m4

diff --git a/exchange.m4 b/exchange.m4
index b0dab45..cf2a81b 100644
--- a/exchange.m4
+++ b/exchange.m4
@@ -52,16 +52,35 @@ mail_client_addr:
 			   {${if match_domain {$sender_address_domain} \
 					      {+public} \
 				 {+allnets}{! +allnets}}})}
-		 add_header = :after_received:X-Distorted-Warning: \
-			RCLNTLSNDR \
-			Apparently local sender, but received from remote \
-			server.\n\t\
-			sender=$sender_address \
-			host=$sender_host_address
+		  WARNING_HEADER(RCLNTLSNDR,
+				 <:Apparently local sender, but received from remote \
+				   server.\n\t\
+				   sender=$sender_address \
+				   host=$sender_host_address:>)
 
 	## OK.
 	accept
 
+DIVERT(null)
+###--------------------------------------------------------------------------
+### Rename locally-meaningful headers in mail from outside.
+
+m4_define(<:DISTORTED_HEADERS:>,
+<:X-CONF_header_token-SpamAssassin-Score,
+X-CONF_header_token-SpamAssassin-Status:>)
+
+SECTION(acl, data)m4_dnl
+	## If this message is coming from outside then rename headers which
+	## look like the ones we're likely to add.  This is most relevant for
+	## our spam-report headers, because I'm not sure I understand why
+	## someone would want to fake an X-Distorted-Warning header.
+	warn	!condition = ${if eq{$acl_c_mode}{submission}}
+		!hosts = +allnets
+		 set acl_m_hdradd = ${if def:acl_m_hdradd{$acl_m_hdradd}}\
+			RENAME_HEADERS_ADD(<:DISTORTED_HEADERS:>)
+		 set acl_m_hdrrm = ${if def:acl_m_hdrrm{$acl_m_hdrrm:}}\
+			RENAME_HEADERS_REMOVE(<:DISTORTED_HEADERS:>)
+
 DIVERT(null)
 ###--------------------------------------------------------------------------
 ### The obvious trivial router.
@@ -70,16 +89,28 @@ SECTION(routers, remote)m4_dnl
 ## Send mail on to a host in our own network.  We must apply extra security.
 local:
 	driver = dnslookup
-	domains = ! +known : *.CONF_master_domain
+	domains = ${if bool {${LOOKUP_DOMAIN($domain,
+			       {KV(service, {$value}{true})},
+			       {false})}} \
+		       {}{ ! +public : \
+			   CONF_master_domain : \
+			   *.CONF_master_domain }}
 	self = fail
+	same_domain_copy_routing = yes
+	ignore_target_hosts = +bogus
 	transport = smtp_local
 	no_more
 
 ## Send mail on to unknown hosts.
 remote:
 	driver = dnslookup
-	domains = ! +known
+	domains = ${if bool {${LOOKUP_DOMAIN($domain,
+			       {KV(service, {$value}{true})},
+			       {false})}} \
+		       {}{ ! +public }}
 	self = fail
+	same_domain_copy_routing = yes
+	ignore_target_hosts = +bogus_public
 	transport = smtp
 	no_more